aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Barton <dougb@FreeBSD.org>2011-09-01 05:24:42 +0000
committerDoug Barton <dougb@FreeBSD.org>2011-09-01 05:24:42 +0000
commitec84331f94b7065559939a5aff7347596bedbccd (patch)
treef929ac955ed5ffe7020bc29e63139cb1c4d71c57
parent91c9e506e5675dfd27b76407ff9a999733b62de4 (diff)
downloadsrc-ec84331f94b7065559939a5aff7347596bedbccd.tar.gz
src-ec84331f94b7065559939a5aff7347596bedbccd.zip
Vendor import of BIND 9.8.1vendor/bind9/9.8.1
Notes
Notes: svn path=/vendor/bind9/dist/; revision=225305 svn path=/vendor/bind9/9.8.1/; revision=225306; tag=vendor/bind9/9.8.1
-rw-r--r--CHANGES354
-rw-r--r--COPYRIGHT492
-rw-r--r--Makefile.in7
-rw-r--r--README11
-rw-r--r--RELEASE-NOTES-BIND-9.8.1.html368
-rw-r--r--RELEASE-NOTES-BIND-9.8.1.pdfbin0 -> 62760 bytes
-rw-r--r--RELEASE-NOTES-BIND-9.8.1.txt268
-rw-r--r--bin/check/named-checkconf.c6
-rw-r--r--bin/confgen/ddns-confgen.c5
-rw-r--r--bin/confgen/rndc-confgen.c5
-rw-r--r--bin/dig/dig.c35
-rw-r--r--bin/dig/dighost.c59
-rw-r--r--bin/dig/host.c9
-rw-r--r--bin/dig/include/dig/dig.h7
-rw-r--r--bin/dig/nslookup.c34
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.82
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.c10
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.docbook2
-rw-r--r--bin/dnssec/dnssec-keyfromlabel.html2
-rw-r--r--bin/dnssec/dnssec-keygen.c22
-rw-r--r--bin/dnssec/dnssec-settime.88
-rw-r--r--bin/dnssec/dnssec-settime.c17
-rw-r--r--bin/dnssec/dnssec-settime.docbook9
-rw-r--r--bin/dnssec/dnssec-settime.html20
-rw-r--r--bin/dnssec/dnssec-signzone.c149
-rw-r--r--bin/named/Makefile.in8
-rw-r--r--bin/named/client.c10
-rw-r--r--bin/named/config.c2
-rw-r--r--bin/named/controlconf.c6
-rw-r--r--bin/named/include/dlz/dlz_dlopen_driver.h27
-rw-r--r--bin/named/include/named/globals.h6
-rw-r--r--bin/named/interfacemgr.c7
-rw-r--r--bin/named/logconf.c57
-rw-r--r--bin/named/main.c35
-rw-r--r--bin/named/query.c67
-rw-r--r--bin/named/server.c486
-rw-r--r--bin/named/statschannel.c6
-rw-r--r--bin/named/unix/Makefile.in9
-rw-r--r--bin/named/unix/dlz_dlopen_driver.c616
-rw-r--r--bin/named/unix/os.c11
-rw-r--r--bin/named/update.c9
-rw-r--r--bin/named/xfrout.c52
-rw-r--r--bin/named/zoneconf.c104
-rw-r--r--bin/nsupdate/nsupdate.c12
-rw-r--r--bin/rndc/rndc.c2
-rw-r--r--bin/tools/genrandom.88
-rw-r--r--bin/tools/genrandom.docbook7
-rw-r--r--bin/tools/genrandom.html14
-rw-r--r--config.h.in31
-rw-r--r--configure.in246
-rw-r--r--doc/arm/Bv9ARM-book.xml181
-rw-r--r--doc/arm/Bv9ARM.ch01.html4
-rw-r--r--doc/arm/Bv9ARM.ch03.html24
-rw-r--r--doc/arm/Bv9ARM.ch04.html162
-rw-r--r--doc/arm/Bv9ARM.ch05.html6
-rw-r--r--doc/arm/Bv9ARM.ch06.html334
-rw-r--r--doc/arm/Bv9ARM.ch07.html14
-rw-r--r--doc/arm/Bv9ARM.ch08.html18
-rw-r--r--doc/arm/Bv9ARM.ch09.html220
-rw-r--r--doc/arm/Bv9ARM.html162
-rw-r--r--doc/arm/Bv9ARM.pdf12304
-rw-r--r--doc/arm/man.arpaname.html8
-rw-r--r--doc/arm/man.ddns-confgen.html10
-rw-r--r--doc/arm/man.dig.html20
-rw-r--r--doc/arm/man.dnssec-dsfromkey.html16
-rw-r--r--doc/arm/man.dnssec-keyfromlabel.html14
-rw-r--r--doc/arm/man.dnssec-keygen.html16
-rw-r--r--doc/arm/man.dnssec-revoke.html10
-rw-r--r--doc/arm/man.dnssec-settime.html18
-rw-r--r--doc/arm/man.dnssec-signzone.html12
-rw-r--r--doc/arm/man.genrandom.html12
-rw-r--r--doc/arm/man.host.html10
-rw-r--r--doc/arm/man.isc-hmac-fixup.html10
-rw-r--r--doc/arm/man.named-checkconf.html12
-rw-r--r--doc/arm/man.named-checkzone.html12
-rw-r--r--doc/arm/man.named-journalprint.html8
-rw-r--r--doc/arm/man.named.html16
-rw-r--r--doc/arm/man.nsec3hash.html10
-rw-r--r--doc/arm/man.nsupdate.html14
-rw-r--r--doc/arm/man.rndc-confgen.html12
-rw-r--r--doc/arm/man.rndc.conf.html12
-rw-r--r--doc/arm/man.rndc.html12
-rw-r--r--doc/misc/options8
-rw-r--r--lib/bind9/api2
-rw-r--r--lib/bind9/check.c79
-rw-r--r--lib/dns/Makefile.in6
-rw-r--r--lib/dns/acl.c13
-rw-r--r--lib/dns/adb.c13
-rw-r--r--lib/dns/api6
-rw-r--r--lib/dns/cache.c101
-rw-r--r--lib/dns/client.c12
-rw-r--r--lib/dns/diff.c18
-rw-r--r--lib/dns/dispatch.c14
-rw-r--r--lib/dns/dlz.c9
-rw-r--r--lib/dns/dns64.c6
-rw-r--r--lib/dns/dnssec.c48
-rw-r--r--lib/dns/dst_api.c3
-rw-r--r--lib/dns/dst_openssl.h19
-rw-r--r--lib/dns/gssapi_link.c8
-rw-r--r--lib/dns/gssapictx.c20
-rw-r--r--lib/dns/include/dns/Makefile.in6
-rw-r--r--lib/dns/include/dns/acl.h21
-rw-r--r--lib/dns/include/dns/cache.h29
-rw-r--r--lib/dns/include/dns/db.h10
-rw-r--r--lib/dns/include/dns/dlz.h10
-rw-r--r--lib/dns/include/dns/dlz_dlopen.h160
-rw-r--r--lib/dns/include/dns/dnssec.h17
-rw-r--r--lib/dns/include/dns/masterdump.h2
-rw-r--r--lib/dns/include/dns/rdataset.h4
-rw-r--r--lib/dns/include/dns/resolver.h2
-rw-r--r--lib/dns/include/dns/sdlz.h36
-rw-r--r--lib/dns/include/dns/zone.h19
-rw-r--r--lib/dns/include/dst/dst.h5
-rw-r--r--lib/dns/journal.c7
-rw-r--r--lib/dns/master.c14
-rw-r--r--lib/dns/masterdump.c50
-rw-r--r--lib/dns/message.c4
-rw-r--r--lib/dns/name.c21
-rw-r--r--lib/dns/ncache.c2
-rw-r--r--lib/dns/nsec.c6
-rw-r--r--lib/dns/nsec3.c6
-rw-r--r--lib/dns/openssl_link.c18
-rw-r--r--lib/dns/openssldsa_link.c3
-rw-r--r--lib/dns/opensslrsa_link.c20
-rw-r--r--lib/dns/rbt.c9
-rw-r--r--lib/dns/rbtdb.c52
-rw-r--r--lib/dns/rbtdb.h17
-rw-r--r--lib/dns/rcode.c13
-rw-r--r--lib/dns/rdata.c12
-rw-r--r--lib/dns/rdatalist.c24
-rw-r--r--lib/dns/rdataset.c5
-rw-r--r--lib/dns/rdataslab.c2
-rw-r--r--lib/dns/request.c6
-rw-r--r--lib/dns/resolver.c21
-rw-r--r--lib/dns/sdb.c4
-rw-r--r--lib/dns/sdlz.c21
-rw-r--r--lib/dns/spnego.c68
-rw-r--r--lib/dns/ssu_external.c29
-rw-r--r--lib/dns/time.c46
-rw-r--r--lib/dns/tkey.c12
-rw-r--r--lib/dns/tsig.c4
-rw-r--r--lib/dns/ttl.c5
-rw-r--r--lib/dns/validator.c112
-rw-r--r--lib/dns/view.c11
-rw-r--r--lib/dns/xfrin.c6
-rw-r--r--lib/dns/zone.c696
-rw-r--r--lib/dns/zt.c4
-rw-r--r--lib/export/dns/Makefile.in6
-rw-r--r--lib/export/irs/Makefile.in6
-rw-r--r--lib/export/isccfg/Makefile.in6
-rw-r--r--lib/export/samples/nsprobe.c10
-rw-r--r--lib/irs/api2
-rw-r--r--lib/irs/getnameinfo.c10
-rw-r--r--lib/irs/resconf.c5
-rw-r--r--lib/isc/Makefile.in5
-rw-r--r--lib/isc/api4
-rw-r--r--lib/isc/heap.c9
-rw-r--r--lib/isc/httpd.c50
-rw-r--r--lib/isc/include/isc/file.h23
-rw-r--r--lib/isc/include/isc/task.h2
-rw-r--r--lib/isc/include/isc/taskpool.h51
-rw-r--r--lib/isc/include/isc/util.h9
-rw-r--r--lib/isc/log.c9
-rw-r--r--lib/isc/netaddr.c24
-rw-r--r--lib/isc/powerpc/include/isc/atomic.h22
-rw-r--r--lib/isc/radix.c6
-rw-r--r--lib/isc/rwlock.c5
-rw-r--r--lib/isc/sha1.c6
-rw-r--r--lib/isc/sha2.c25
-rw-r--r--lib/isc/sockaddr.c7
-rw-r--r--lib/isc/string.c11
-rw-r--r--lib/isc/task.c2
-rw-r--r--lib/isc/taskpool.c104
-rw-r--r--lib/isc/timer.c9
-rw-r--r--lib/isc/unix/dir.c6
-rw-r--r--lib/isc/unix/file.c19
-rw-r--r--lib/isc/unix/include/isc/stdtime.h8
-rw-r--r--lib/isc/unix/socket.c74
-rw-r--r--lib/isc/unix/stdio.c5
-rw-r--r--lib/isc/unix/time.c6
-rw-r--r--lib/isccc/Makefile.in2
-rw-r--r--lib/isccfg/Makefile.in4
-rw-r--r--lib/isccfg/aclconf.c83
-rw-r--r--lib/isccfg/api6
-rw-r--r--lib/isccfg/include/isccfg/aclconf.h22
-rw-r--r--lib/isccfg/namedconf.c30
-rw-r--r--lib/isccfg/parser.c13
-rw-r--r--lib/lwres/api2
-rw-r--r--lib/lwres/assert_p.h5
-rw-r--r--lib/lwres/herror.c6
-rw-r--r--lib/lwres/lwconfig.c5
-rw-r--r--lib/lwres/man/lwres.html14
-rw-r--r--lib/lwres/man/lwres_buffer.html6
-rw-r--r--lib/lwres/man/lwres_config.html12
-rw-r--r--lib/lwres/man/lwres_context.html10
-rw-r--r--lib/lwres/man/lwres_gabn.html10
-rw-r--r--lib/lwres/man/lwres_gai_strerror.html8
-rw-r--r--lib/lwres/man/lwres_getaddrinfo.html10
-rw-r--r--lib/lwres/man/lwres_gethostent.html12
-rw-r--r--lib/lwres/man/lwres_getipnode.html10
-rw-r--r--lib/lwres/man/lwres_getnameinfo.html12
-rw-r--r--lib/lwres/man/lwres_getrrsetbyname.html10
-rw-r--r--lib/lwres/man/lwres_gnba.html10
-rw-r--r--lib/lwres/man/lwres_hstrerror.html10
-rw-r--r--lib/lwres/man/lwres_inetntop.html10
-rw-r--r--lib/lwres/man/lwres_noop.html10
-rw-r--r--lib/lwres/man/lwres_packet.html8
-rw-r--r--lib/lwres/man/lwres_resutil.html10
-rw-r--r--lib/lwres/print.c5
-rw-r--r--make/rules.in20
-rw-r--r--release-notes.css60
-rw-r--r--version8
212 files changed, 12063 insertions, 8394 deletions
diff --git a/CHANGES b/CHANGES
index 80ac38a8b27e..3e48dd639434 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,28 +1,60 @@
- --- 9.8.0-P4 released ---
+ --- 9.8.1 released ---
-3124. [bug] Use an rdataset attribute flag to indicate
- negative-cache records rather than using rrtype 0;
- this will prevent problems when that rrtype is
- used in actual DNS packets. [RT #24777]
+ --- 9.8.1rc1 released ---
+
+3141. [bug] Silence spurious "zone serial (0) unchanged" messages
+ associated with empty zones. [RT #25079]
+
+3138. [bug] Address memory leaks and out-of-order operations when
+ shutting named down. [RT #25210]
+
+3136. [func] Add RFC 1918 reverse zones to the list of built-in
+ empty zones switched on by the 'empty-zones-enable'
+ option. [RT #24990]
+
+ Note: empty-zones-enable must be "yes;" or a empty
+ zone needs to be disabled in named.conf for RFC 1918
+ zones to be activated. This requirement may be
+ removed in future releases.
+
+3135. [port] FreeBSD: workaround broken IPV6_USE_MIN_MTU processing.
+ See http://www.freebsd.org/cgi/query-pr.cgi?pr=158307
+ [RT #24950]
+
+3134. [bug] Improve the accuracy of dnssec-signzone's signing
+ statistics. [RT #16030]
+
+ --- 9.8.1b3 released ---
+
+3133. [bug] Change #3114 was incomplete. [RT #24577]
+
+3131. [tuning] Improve scalability by allocating one zone task
+ per 100 zones at startup time, rather than using a
+ fixed-size task table. [RT #24406]
+
+3129. [bug] Named could crash on 'rndc reconfig' when
+ allow-new-zones was set to yes and named ACLs
+ were used. [RT #22739]
- --- 9.8.0-P3 released (withdrawn) ---
+ --- 9.8.1b2 released ---
3126. [security] Using DNAME record to generate replacements caused
- RPZ to exit with a assertion failure. [RT #23766]
+ RPZ to exit with a assertion failure. [RT #24766]
3125. [security] Using wildcard CNAME records as a replacement with
RPZ caused named to exit with a assertion failure.
[RT #24715]
+3124. [bug] Use an rdataset attribute flag to indicate
+ negative-cache records rather than using rrtype 0;
+ this will prevent problems when that rrtype is
+ used in actual DNS packets. [RT #24777]
+
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
-3115. [bug] Named could fail to return requested data when
- following a CNAME that points into the same zone.
- [RT #2445]
-
- --- 9.8.0-P2 released ---
+3122. [cleanup] dnssec-settime: corrected usage message. [RT #24664]
3121. [security] An authoritative name server sending a negative
response containing a very large RRset could
@@ -33,12 +65,256 @@
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
- --- 9.8.0-P1 released ---
+3119. [bug] When rolling to a new DNSSEC key, a private-type
+ record could be created and never marked complete.
+ [RT #23253]
+
+3118. [bug] nsupdate could dump core on shutdown when using
+ SIG(0) keys. [RT #24604]
+
+3117. [cleanup] Remove doc and parser references to the
+ never-implemented 'auto-dnssec create' option.
+ [RT #24533]
+
+3115. [bug] Named could fail to return requested data when
+ following a CNAME that points into the same zone.
+ [RT #24455]
+
+3114. [bug] Retain expired RRSIGs in dynamic zones if key is
+ inactive and there is no replacement key. [RT #23136]
+
+3113. [doc] Document the relationship between serial-query-rate
+ and NOTIFY messages.
+
+ --- 9.8.1b1 released ---
+
+3112. [doc] Add missing descriptions of the update policy name
+ types "ms-self", "ms-subdomain", "krb5-self" and
+ "krb5-subdomain", which allow machines to update
+ their own records, to the BIND 9 ARM.
+
+3111. [bug] Improved consistency checks for dnssec-enable and
+ dnssec-validation, added test cases to the
+ checkconf system test. [RT #24398]
+
+3110. [bug] dnssec-signzone: Wrong error message could appear
+ when attempting to sign with no KSK. [RT #24369]
+
+3107. [bug] dnssec-signzone: Report the correct number of ZSKs
+ when using -x. [RT #20852]
+
+3105. [bug] GOST support can be suppressed by "configure
+ --without-gost" [RT #24367]
+
+3104. [bug] Better support for cross-compiling. [RT #24367]
+
+3103. [bug] Configuring 'dnssec-validation auto' in a view
+ instead of in the options statement could trigger
+ an assertion failure in named-checkconf. [RT #24382]
+
+3101. [bug] Zones using automatic key maintenance could fail
+ to check the key repository for updates. [RT #23744]
3100. [security] Certain response policy zone configurations could
trigger an INSIST when receiving a query of type
RRSIG. [RT #24280]
+3099. [test] "dlz" system test now runs but gives R:SKIPPED if
+ not compiled with --with-dlz-filesystem. [RT #24146]
+
+3098. [bug] DLZ zones were answering without setting the AA bit.
+ [RT #24146]
+
+3097. [test] Add a tool to test handling of malformed packets.
+ [RT #24096]
+
+3096. [bug] Set KRB5_KTNAME before calling log_cred() in
+ dst_gssapi_acceptctx(). [RT #24004]
+
+3095. [bug] Handle isolated reserved ports in the port range.
+ [RT #23957]
+
+3094. [doc] Expand dns64 documentation.
+
+3093. [bug] Fix gssapi/kerberos dependencies [RT #23836]
+
+3092. [bug] Signatures for records at the zone apex could go
+ stale due to an incorrect timer setting. [RT #23769]
+
+3091. [bug] Fixed a bug in which zone keys that were published
+ and then subsequently activated could fail to trigger
+ automatic signing. [RT #22911]
+
+3090. [func] Make --with-gssapi default [RT #23738]
+
+3088. [bug] Remove bin/tests/system/logfileconfig/ns1/named.conf
+ and add setup.sh in order to resolve changing
+ named.conf issue. [RT #23687]
+
+3087. [bug] DDNS updates using SIG(0) with update-policy match
+ type "external" could cause a crash. [RT #23735]
+
+3086. [bug] Running dnssec-settime -f on an old-style key will
+ now force an update to the new key format even if no
+ other change has been specified, using "-P now -A now"
+ as default values. [RT #22474]
+
+3083. [bug] NOTIFY messages were not being sent when generating
+ a NSEC3 chain incrementally. [RT #23702]
+
+3082. [port] strtok_r is threads only. [RT #23747]
+
+3081. [bug] Failure of DNAME substitution did not return
+ YXDOMAIN. [RT #23591]
+
+3080. [cleanup] Replaced compile time constant by STDTIME_ON_32BITS.
+ [RT #23587]
+
+3079. [bug] Handle isc_event_allocate failures in t_tasks.
+ [RT #23572]
+
+3078. [func] Added a new include file with function typedefs
+ for the DLZ "dlopen" driver. [RT #23629]
+
+3077. [bug] zone.c:zone_refreshkeys() incorrectly called
+ dns_zone_attach(), use zone->irefs instead. [RT #23303]
+
+3075. [bug] dns_dnssec_findzonekeys{2} used a inconsistant
+ timestamp when determining which keys are active.
+ [RT #23642]
+
+3074. [bug] Make the adb cache read through for zone data and
+ glue learn for zone named is authoritative for.
+ [RT #22842]
+
+3073. [bug] managed-keys changes were not properly being recorded.
+ [RT #20256]
+
+3072. [bug] dns_dns64_aaaaok() potential NULL pointer dereference.
+ [RT #20256]
+
+3071. [bug] has_nsec could be used unintialised in
+ update.c:next_active. [RT #20256]
+
+3070. [bug] dnssec-signzone potential NULL pointer dereference.
+ [RT #20256]
+
+3069. [cleanup] Silence warnings messages from clang static analysis.
+ [RT #20256]
+
+3068. [bug] Named failed to build with a OpenSSL without engine
+ support. [RT #23473]
+
+3067. [bug] ixfr-from-differences {master|slave}; failed to
+ select the master/slave zones. [RT #23580]
+
+3066. [func] The DLZ "dlopen" driver is now built by default,
+ no longer requiring a configure option. To
+ disable it, use "configure --without-dlopen".
+ (Note: driver not supported on win32.) [RT #23467]
+
+3065. [bug] RRSIG could have time stamps too far in the future.
+ [RT #23356]
+
+3064. [bug] powerpc: add sync instructions to the end of atomic
+ operations. [RT #23469]
+
+3063. [contrib] More verbose error reporting from DLZ LDAP. [RT #23402]
+
+3059. [test] Added a regression test for change #3023.
+
+3058. [bug] Cause named to terminate at startup or rndc reconfig/
+ reload to fail, if a log file specified in the conf
+ file isn't a plain file. [RT #22771]
+
+3057. [bug] "rndc secroots" would abort after the first error
+ and so could miss some views. [RT #23488]
+
+3054. [bug] Added elliptic curve support check in
+ GOST OpenSSL engine detection. [RT #23485]
+
+3053. [bug] Under a sustained high query load with a finite
+ max-cache-size, it was possible for cache memory
+ to be exhausted and not recovered. [RT #23371]
+
+3052. [test] Fixed last autosign test report. [RT #23256]
+
+3051. [bug] NS records obsure DNAME records at the bottom of the
+ zone if both are present. [RT #23035]
+
+3050. [bug] The autosign system test was timing dependent.
+ Wait for the initial autosigning to complete
+ before running the rest of the test. [RT #23035]
+
+3049. [bug] Save and restore the gid when creating creating
+ named.pid at startup. [RT #23290]
+
+3048. [bug] Fully separate view key mangement. [RT #23419]
+
+3047. [bug] DNSKEY NODATA responses not cached fixed in
+ validator.c. Tests added to dnssec system test.
+ [RT #22908]
+
+3046. [bug] Use RRSIG original TTL to compute validated RRset
+ and RRSIG TTL. [RT #23332]
+
+3044. [bug] Hold the socket manager lock while freeing the socket.
+ [RT #23333]
+
+3043. [test] Merged in the NetBSD ATF test framework (currently
+ version 0.12) for development of future unit tests.
+ Use configure --with-atf to build ATF internally
+ or configure --with-atf=prefix to use an external
+ copy. [RT #23209]
+
+3042. [bug] dig +trace could fail attempting to use IPv6
+ addresses on systems with only IPv4 connectivity.
+ [RT #23297]
+
+3041. [bug] dnssec-signzone failed to generate new signatures on
+ ttl changes. [RT #23330]
+
+3040. [bug] Named failed to validate insecure zones where a node
+ with a CNAME existed between the trust anchor and the
+ top of the zone. [RT #23338]
+
+3038. [bug] Install <dns/rpz.h>. [RT #23342]
+
+3037. [doc] Update COPYRIGHT to contain all the individual
+ copyright notices that cover various parts.
+
+3036. [bug] Check built-in zone arguments to see if the zone
+ is re-usable or not. [RT #21914]
+
+3035. [cleanup] Simplify by using strlcpy. [RT #22521]
+
+3034. [cleanup] nslookup: use strlcpy instead of safecopy. [RT #22521]
+
+3033. [cleanup] Add two INSIST(bucket != DNS_ADB_INVALIDBUCKET).
+ [RT #22521]
+
+3032. [bug] rdatalist.c: add missing REQUIREs. [RT #22521]
+
+3031. [bug] dns_rdataclass_format() handle a zero sized buffer.
+ [RT #22521]
+
+3030. [bug] dns_rdatatype_format() handle a zero sized buffer.
+ [RT #22521]
+
+3029. [bug] isc_netaddr_format() handle a zero sized buffer.
+ [RT #22521]
+
+3028. [bug] isc_sockaddr_format() handle a zero sized buffer.
+ [RT #22521]
+
+3027. [bug] Add documented REQUIREs to cfg_obj_asnetprefix() to
+ catch NULL pointer dereferences before they happen.
+ [RT #22521]
+
+3026. [bug] lib/isc/httpd.c: check that we have enough space
+ after calling grow_headerspace() and if not
+ re-call grow_headerspace() until we do. [RT #22521]
+
--- 9.8.0 released ---
3025. [bug] Fixed a possible deadlock due to zone resigning.
@@ -51,8 +327,8 @@
receiving multiple AXFR response messages that were
not all TSIG-signed. [RT #23254]
-3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
- [RT #23246]
+3022. [bug] Fixed rpz SERVFAILs after failed zone transfers
+ [RT #23246]
3021. [bug] Change #3010 was incomplete. [RT #22296]
@@ -86,7 +362,7 @@
'resolver-query-timeout' option, which specifies a max
time in seconds. 0 means 'default' and anything longer
than 30 will be silently set to 30. [RT #22852]
-
+
3010. [bug] Fixed a bug where "rndc reconfig" stopped the timer
for refreshing managed-keys. [RT #22296]
@@ -436,7 +712,7 @@
2927. [placeholder]
2926. [placeholder]
-h
+
2925. [bug] Named failed to accept uncachable negative responses
from insecure zones. [RT# 21555]
@@ -495,7 +771,7 @@ h
2905. [port] aix: set use_atomic=yes with native compiler.
[RT #21402]
-2904. [bug] When using DLV, sub-zones of the zones in the DLV,
+2904. [bug] When using DLV, sub-zones of the zones in the DLV,
could be incorrectly marked as insecure instead of
secure leading to negative proofs failing. This was
a unintended outcome from change 2890. [RT# 21392]
@@ -783,7 +1059,7 @@ h
[RT #20710]
2812. [bug] Make sure updates can't result in a zone with
- NSEC-only keys and NSEC3 records. [RT 20748]
+ NSEC-only keys and NSEC3 records. [RT #20748]
2811. [cleanup] Add "rndc sign" to list of commands in rndc usage
output. [RT #20733]
@@ -864,7 +1140,7 @@ h
2790. [bug] Handle DS queries to stub zones. [RT #20440]
-2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
+2789. [bug] Fixed an INSIST in dispatch.c [RT #20576]
2788. [bug] dnssec-signzone could sign with keys that were
not requested [RT #20625]
@@ -1760,7 +2036,7 @@ h
2529. [cleanup] Upgrade libtool to silence complaints from recent
version of autoconf. [RT #18657]
-2528. [cleanup] Silence spurious configure warning about
+2528. [cleanup] Silence spurious configure warning about
--datarootdir [RT #19096]
2527. [placeholder]
@@ -2045,13 +2321,13 @@ h
2441. [bug] isc_radix_insert() could copy radix tree nodes
incompletely. [RT #18573]
-2440. [bug] named-checkconf used an incorrect test to determine
+2440. [bug] named-checkconf used an incorrect test to determine
if an ACL was set to none.
-2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
+2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
[RT #18559]
-2438. [bug] Timeouts could be logged incorrectly under win32.
+2438. [bug] Timeouts could be logged incorrectly under win32.
2437. [bug] Sockets could be closed too early, leading to
inconsistent states in the socket module. [RT #18298]
@@ -2065,7 +2341,7 @@ h
2433. [tuning] Set initial timeout to 800ms.
-2432. [bug] More Windows socket handling improvements. Stop
+2432. [bug] More Windows socket handling improvements. Stop
using I/O events and use IO Completion Ports
throughout. Rewrite the receive path logic to make
it easier to support multiple simultaneous
@@ -2100,7 +2376,7 @@ h
epoll and /dev/poll to be selected at compile
time. [RT #18277]
-2423. [security] Randomize server selection on queries, so as to
+2423. [security] Randomize server selection on queries, so as to
make forgery a little more difficult. Instead of
always preferring the server with the lowest RTT,
pick a server with RTT within the same 128
@@ -2114,7 +2390,7 @@ h
Use caution: this option may not work for some
operating systems without rebuilding named.
-2420. [bug] Windows socket handling cleanup. Let the io
+2420. [bug] Windows socket handling cleanup. Let the io
completion event send out canceled read/write
done events, which keeps us from writing to memory
we no longer have ownership of. Add debugging
@@ -2436,8 +2712,8 @@ h
2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
[RT #17513]
-2315. [bug] Used incorrect address family for mapped IPv4
- addresses in acl.c. [RT #17519]
+2315. [bug] Used incorrect address family for mapped IPv4
+ addresses in acl.c. [RT #17519]
2314. [bug] Uninitialized memory use on error path in
bin/named/lwdnoop.c. [RT #17476]
@@ -2448,14 +2724,14 @@ h
2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
[RT #17458]
-2311. [bug] IPv6 addresses could match IPv4 ACL entries and
- vice versa. [RT #17462]
+2311. [bug] IPv6 addresses could match IPv4 ACL entries and
+ vice versa. [RT #17462]
2310. [bug] dig, host, nslookup: flush stdout before emitting
debug/fatal messages. [RT #17501]
-2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
- [RT #17455]
+2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
+ [RT #17455]
2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
[RT #17495]
@@ -2507,7 +2783,7 @@ h
2292. [bug] Log if the working directory is not writable.
[RT #17312]
-2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
failure to set PR_SET_DUMPABLE. [RT #17312]
2290. [bug] Let AD in the query signal that the client wants AD
@@ -2545,7 +2821,7 @@ h
2280. [func] Allow the experimental http server to be reached
over IPv6 as well as IPv4. [RT #17332]
-2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
to protect applications from receiving spurious
SIGPIPE signals when using the resolver.
@@ -2580,9 +2856,9 @@ h
--- 9.5.0b1 released ---
-2267. [bug] Radix tree node_num value could be set incorrectly,
- causing positive ACL matches to look like negative
- ones. [RT #17311]
+2267. [bug] Radix tree node_num value could be set incorrectly,
+ causing positive ACL matches to look like negative
+ ones. [RT #17311]
2266. [bug] client.c:get_clientmctx() returned the same mctx
once the pool of mctx's was filled. [RT #17218]
@@ -2598,7 +2874,7 @@ h
2262. [bug] Error status from all but the last view could be
lost. [RT #17292]
-2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
+2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
2260. [bug] Reported wrong clients-per-query when increasing the
value. [RT #17236]
diff --git a/COPYRIGHT b/COPYRIGHT
index 8721ceca8462..6f94496d4ba5 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -13,9 +13,15 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.17 2011-01-04 23:47:13 tbox Exp $
+$Id: COPYRIGHT,v 1.17.14.1 2011-02-22 06:34:47 marka Exp $
-Portions Copyright (C) 1996-2001 Nominum, Inc.
+ Portions of this code release fall under one or more of the
+ following Copyright notices. Please see individual source
+ files for details.
+
+ For binary releases also see: OpenSSL-LICENSE.
+
+Copyright (C) 1996-2001 Nominum, Inc.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
@@ -28,3 +34,485 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (C) 1995-2000 by Network Associates, Inc.
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
+FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all
+copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
+DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
+
+The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
+conceived and contributed by Rob Butler.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the
+above copyright notice and this permission notice appear in all
+copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
+DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
+OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
+USE OR PERFORMANCE OF THIS SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1987, 1990, 1993, 1994
+ The Regents of the University of California. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. All advertising materials mentioning features or use of this software
+ must display the following acknowledgement:
+ This product includes software developed by the University of
+ California, Berkeley and its contributors.
+4. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (C) The Internet Society 2005. This version of
+this module is part of RFC 4178; see the RFC itself for
+full legal notices.
+
+(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 2004 Masarykova universita
+(Masaryk University, Brno, Czech Republic)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the University nor the names of its contributors may
+ be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1997 - 2003 Kungliga Tekniska Hgskolan
+(Royal Institute of Technology, Stockholm, Sweden).
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the Institute nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1998 Doug Rabson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright ((c)) 2002, Rice University
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following
+ disclaimer in the documentation and/or other materials provided
+ with the distribution.
+
+ * Neither the name of Rice University (RICE) nor the names of its
+ contributors may be used to endorse or promote products derived
+ from this software without specific prior written permission.
+
+
+This software is provided by RICE and the contributors on an "as is"
+basis, without any representations or warranties of any kind, express
+or implied including, but not limited to, representations or
+warranties of non-infringement, merchantability or fitness for a
+particular purpose. In no event shall RICE or contributors be liable
+for any direct, indirect, incidental, special, exemplary, or
+consequential damages (including, but not limited to, procurement of
+substitute goods or services; loss of use, data, or profits; or
+business interruption) however caused and on any theory of liability,
+whether in contract, strict liability, or tort (including negligence
+or otherwise) arising in any way out of the use of this software, even
+if advised of the possibility of such damage.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1993 by Digital Equipment Corporation.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies, and that
+the name of Digital Equipment Corporation not be used in advertising or
+publicity pertaining to distribution of the document or software without
+specific, written prior permission.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
+WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
+CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Copyright 2000 Aaron D. Gifford. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1998 Doug Rabson.
+Copyright (c) 2001 Jake Burkholder.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. Neither the name of the project nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1999-2000 by Nortel Networks Corporation
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
+BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
+OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
+ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 2000-2002 Japan Network Information Center. All rights reserved.
+
+By using this file, you agree to the terms and conditions set forth bellow.
+
+ LICENSE TERMS AND CONDITIONS
+
+The following License Terms and Conditions apply, unless a different
+license is obtained from Japan Network Information Center ("JPNIC"),
+a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
+Chiyoda-ku, Tokyo 101-0047, Japan.
+
+1. Use, Modification and Redistribution (including distribution of any
+ modified or derived work) in source and/or binary forms is permitted
+ under this License Terms and Conditions.
+
+2. Redistribution of source code must retain the copyright notices as they
+ appear in each source code file, this License Terms and Conditions.
+
+3. Redistribution in binary form must reproduce the Copyright Notice,
+ this License Terms and Conditions, in the documentation and/or other
+ materials provided with the distribution. For the purposes of binary
+ distribution the "Copyright Notice" refers to the following language:
+ "Copyright (c) 2000-2002 Japan Network Information Center. All rights
+ reserved."
+
+4. The name of JPNIC may not be used to endorse or promote products
+ derived from this Software without specific prior written approval of
+ JPNIC.
+
+5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JPNIC BE LIABLE
+ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+ -----------------------------------------------------------------------------
+
+Copyright (C) 2004 Nominet, Ltd.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+ -----------------------------------------------------------------------------
+
+Portions Copyright RSA Security Inc.
+
+License to copy and use this software is granted provided that it is
+identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+(Cryptoki)" in all material mentioning or referencing this software.
+
+License is also granted to make and use derivative works provided that
+such works are identified as "derived from the RSA Security Inc. PKCS #11
+Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+referencing the derived work.
+
+RSA Security Inc. makes no representations concerning either the
+merchantability of this software or the suitability of this software for
+any particular purpose. It is provided "as is" without express or implied
+warranty of any kind.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1996, David Mazieres <dm@uun.org>
+Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+-----------------------------------------------------------------------------
+
+Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+
+3. All advertising materials mentioning features or use of this
+ software must display the following acknowledgment:
+ "This product includes software developed by the OpenSSL Project
+ for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+
+4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ endorse or promote products derived from this software without
+ prior written permission. For written permission, please contact
+ licensing@OpenSSL.org.
+
+5. Products derived from this software may not be called "OpenSSL"
+ nor may "OpenSSL" appear in their names without prior written
+ permission of the OpenSSL Project.
+
+6. Redistributions of any form whatsoever must retain the following
+ acknowledgment:
+ "This product includes software developed by the OpenSSL Project
+ for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+
+THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/Makefile.in b/Makefile.in
index 95944d9fa4ff..f0edc926ba78 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.58 2009-11-26 20:52:44 marka Exp $
+# $Id: Makefile.in,v 1.58.250.2 2011-02-28 01:19:57 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -21,7 +21,7 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
-SUBDIRS = make lib bin doc @LIBEXPORT@
+SUBDIRS = make unit lib bin doc @LIBEXPORT@
TARGETS =
MANPAGES = isc-config.sh.1
@@ -65,6 +65,7 @@ check: test
test:
(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
+ (test -f unit/unittest.sh && $(SHELL) unit/unittest.sh)
FAQ: FAQ.xml
${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
diff --git a/README b/README
index 00010c3983f3..708def9dd3ee 100644
--- a/README
+++ b/README
@@ -48,6 +48,17 @@ BIND 9
For a detailed list of user-visible changes from
previous releases, see the CHANGES file.
+BIND 9.8.1
+
+ BIND 9.8.1 includes a number of bug fixes and enhancements from
+ BIND 9.8 and earlier releases. New features include:
+
+ - The DLZ "dlopen" driver is now built by default.
+ - Added a new include file with function typedefs
+ for the DLZ "dlopen" driver.
+ - Made "--with-gssapi" default.
+ - More verbose error reporting from DLZ LDAP.
+
BIND 9.8.0
BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
diff --git a/RELEASE-NOTES-BIND-9.8.1.html b/RELEASE-NOTES-BIND-9.8.1.html
new file mode 100644
index 000000000000..c4deae43a9cf
--- /dev/null
+++ b/RELEASE-NOTES-BIND-9.8.1.html
@@ -0,0 +1,368 @@
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title></title><link rel="stylesheet" href="release-notes.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" lang="en"><div class="titlepage"><hr></div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359008"></a>Introduction</h2></div></div></div>
+
+ <p>
+ BIND 9.8.1 is the current production release of BIND 9.8.
+ </p>
+ <p>
+ This document summarizes changes from BIND 9.8.0 to BIND 9.8.1.
+ Please see the CHANGES file in the source code release for a
+ complete list of all changes.
+ </p>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359050"></a>Download</h2></div></div></div>
+
+ <p>
+ The latest versions of BIND 9 software can always be found
+ on our web site at
+ <a href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
+ There you will find additional information about each
+ release, source code, and some pre-compiled versions for certain operating systems.
+ </p>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2545549"></a>Support</h2></div></div></div>
+
+ <p>Product support information is available on
+ <a href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
+ for paid support options. Free support is provided by our user
+ community via a mailing list. Information on all public email
+ lists is available at
+ <a href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
+ </p>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358108"></a>New Features</h2></div></div></div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358149"></a>9.8.1</h3></div></div></div>
+
+ <div class="itemizedlist"><ul type="disc"><li>
+Added a new include file with function typedefs
+for the DLZ "dlopen" driver. [RT #23629]
+</li><li>
+Added a tool able to generate malformed packets to allow testing
+of how named handles them.
+[RT #24096]
+</li><li>
+The root key is now provided in the file bind.keys allowing DNSSEC validation to be switched on at start up by adding "dnssec-validation auto;" to named.conf. If the root key provided has expired, named will log the expiration and validation will not work. More information and the most current copy of bind.keys can be found at http://www.isc.org/bind-keys. *Please note this feature was actually added in 9.8.0 but was not included in the 9.8.0 release notes. [RT #21727]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358206"></a>Security Fixes</h2></div></div></div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358226"></a>9.8.1</h3></div></div></div>
+
+ <div class="itemizedlist"><ul type="disc"><li>
+If named is configured with a response policy zone (RPZ) and a query
+of type RRSIG is received for a name configured for RRset replacement
+in that RPZ, it will trigger an INSIST and crash the server.
+RRSIG. [RT #24280]
+</li><li>
+named, set up to be a caching resolver, is vulnerable to a
+user querying a domain with very large resource record sets (RRSets)
+when trying to negatively cache the response. Due to an off-by-one
+error, caching the response could cause named to crash. [RT #24650]
+[CVE-2011-1910]
+</li><li>
+Using Response Policy Zone (RPZ) to query a wildcard CNAME label with
+QUERY type SIG/RRSIG, it can cause named to crash. Fix is query type
+independant.
+[RT #24715]
+</li><li>
+Using Response Policy Zone (RPZ) with DNAME records and querying the
+subdomain of that label can cause named to crash. Now logs that DNAME
+is not supported.
+[RT #24766]
+</li><li>
+Change #2912 populated the message section in replies to UPDATE requests,
+which some Windows clients wanted. This exposed a latent bug that allowed
+the response message to crash named. With this fix, change 2912 has been
+reduced to copy only the zone section to the reply. A more complete fix
+for the latent bug will be released later.
+[RT #24777]
+</li></ul></div>
+ </div>
+ </div>
+
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358283"></a>Feature Changes</h2></div></div></div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358291"></a>9.8.1</h3></div></div></div>
+
+ <div class="itemizedlist"><ul type="disc"><li>
+Merged in the NetBSD ATF test framework (currently
+version 0.12) for development of future unit tests.
+Use configure --with-atf to build ATF internally
+or configure --with-atf=prefix to use an external
+copy. [RT #23209]
+</li><li>
+Added more verbose error reporting from DLZ LDAP. [RT #23402]
+</li><li>
+The DLZ "dlopen" driver is now built by default,
+no longer requiring a configure option. To
+disable it, use "configure --without-dlopen".
+(Note: driver not supported on win32.) [RT #23467]
+</li><li>
+Replaced compile time constant with STDTIME_ON_32BITS.
+[RT #23587]
+</li><li>
+Make --with-gssapi default for ./configure. [RT #23738]
+</li><li>
+Improved the startup time for an authoritative server with a large
+number of zones by making the zone task table of variable size
+rather than fixed size. This means that authoritative servers with
+lots of zones will be serving that zone data much sooner. [RT #24406]
+</li><li>
+Per RFC 6303, RFC 1918 reverse zones are now part of the built-in list of empty zones. [RT #24990]
+</li></ul></div>
+ </div>
+ </div>
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3358460"></a>Bug Fixes</h2></div></div></div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id3358468"></a>9.8.1</h3></div></div></div>
+
+ <div class="itemizedlist"><ul type="disc"><li>
+During RFC5011 processing some journal write errors were not detected.
+This could lead to managed-keys changes being committed but not
+recorded in the journal files, causing potential inconsistencies
+during later processing. [RT #20256]
+</li><li>
+A potential NULL pointer deference in the DNS64 code could cause
+named to terminate unexpectedly. [RT #20256]
+</li><li>
+A state variable relating to DNSSEC could fail to be set during
+some infrequently-executed code paths, allowing it to be used whilst
+in an unitialized state during cache updates, with unpredictable results.
+[RT #20256]
+</li><li>
+A potential NULL pointer deference in DNSSEC signing code could
+cause named to terminate unexpectedly [RT #20256]
+</li><li>
+Several cosmetic code changes were made to silence warnings
+generated by a static code analysis tool. [RT #20256]
+</li><li>
+When using the -x (sign with only KSK) option on dnssec-signzone,
+it could incorrectly count the number of ZSKs in the zone. (And in 9.9.0,
+some code cleanup and improved warning messages). [RT #20852]
+</li><li>
+When using _builtin in named.conf, named.conf changes were not found
+when reloading the config file. Now checks _builtin zone arguments
+to see if the zone is re-usable or not. [RT #21914]
+</li><li>
+Running dnssec-settime -f on an old-style key will
+now force the key to be rewritten to the new key format even if no
+other change has been specified, using "-P now -A now"
+as default values. [RT #22474]
+</li><li>
+After an external code review, a code cleanup was done. [RT #22521]
+</li><li>
+Cause named to terminate at startup or rndc reconfig
+reload to fail, if a log file specified in the
+conf file isn't a plain file. (RT #22771]
+</li><li>
+named now forces the ADB cache time for glue related data to zero
+instead of relying on TTL. This corrects problematic behavior in cases
+where a server was authoritative for the A record of a nameserver for a
+delegated zone and was queried to recursively resolve records within
+that zone. [RT #22842]
+</li><li>
+When a validating resolver got a NODATA response for DNSKEY, it was
+not caching the NODATA. Fixed and test added. [RT #22908]
+</li><li>
+Fixed a bug in which zone keys that were published
+and but not immediately activated, automatic signing could fail to trigger.
+[RT #22911]
+</li><li>
+Fixed precedence order bug with NS and DNAME records if both are present.
+(Also fixed timing of autosign test in 9.7+) [RT #23035]
+</li><li>
+When a DNSSEC signed dynamic zone's signatures need to be refreshed,
+named would first delete the old signatures in the zone. If a private
+key of the same algorithm isn't available to named, the signing would
+fail but the old signatures would already be deleted. named now checks
+if it can access the private key before deleting the old signatures and
+leaves the old signature if no private key is found. [RT #23136]
+</li><li>
+When using "auto-dnssec maintain" and rolling to a new key, a
+private-type record (only used internally by named) could be created
+and not marked as complete. [RT #23253]
+</li><li>
+Fixed last autosign test report. [RT #23256]
+</li><li>
+named didn't save gid at startup and later assumed gid 0.
+named now saves/restores the gid when creating creating
+named.pid at startup. [RT #23290]
+</li><li>
+If the server has an IPv6 address but does not have IPv6 connectivity
+to the internet, dig +trace could fail attempting to use IPv6
+addresses. [RT #23297]
+</li><li>
+If named is configured with managed zones, the managed key maint timer
+can exercise a race condition that can crash the server.
+[RT #23303]
+</li><li>
+Changing TTL did not cause dnssec-signzone to generate new signatures.
+[RT #23330]
+</li><li>
+Have the validating resolver use RRSIG original TTL to compute
+validated RRset and RRSIG TTL. [RT #23332]
+</li><li>
+In "make test" bin/tests/resolver, hold the socket manager lock
+while freeing the socket.
+[RT #23333]
+</li><li>
+If named encountered a CNAME instead of a DS record when walking
+the chain of trust down from the trust anchor, it incorrectly stopped
+validating. [RT #23338]
+</li><li>
+dns/view.h needed dns/rpz.h but it wasn't in the Makfile.in
+HEADERS variable. [RT #23342]
+</li><li>
+RRSIG records could have time stamps too far in the future.
+[RT #23356]
+</li><li>
+named stores cached data in an in-memory database and keeps track of
+how recently the data is used with a heap. The heap is stored within the
+cache's memory space. Under a sustained high query load and with a small
+cache size, this could lead to the heap exhausting the cache space. This
+would result in cache misses and SERVFAILs, with named never releasing
+the cache memory the heap used up and never recovering.
+
+This fix removes the heap into its own memory space, preventing the heap
+from exhausting the cache space and allowing named to recover gracefully
+when the high query load abates. [RT #23371]
+</li><li>
+Fully separated key management on a per view basis. [RT #23419]
+</li><li>
+If running on a powerpc CPU and with atomic operations enabled,
+named could lock up. Added sync instructions to the end of atomic
+operations. [RT #23469]
+</li><li>
+If OpenSSL was built without engine support, named would have
+compile errors and fail to build.
+[RT #23473]
+</li><li>
+If ./configure finds GOST but not elliptic curve, named fails to
+build. Added elliptic curve support check in GOST OpenSSL engine
+detection. [RT #23485]
+</li><li>
+"rndc secroots" would abort on the first error
+and so could miss remaining views. [RT #23488]
+</li><li>
+Handle isc_event_allocate failures in t_tasks test.
+[RT #23572]
+</li><li>
+ixfr-from-differences {master|slave};
+failed to select the master/slave zones, resulting in on diff/journal
+file being created.
+[RT #23580]
+</li><li>
+If a DNAME substitution failed, named returned NOERROR. The correct
+response should be YXDOMAIN.
+[RT #23591]
+</li><li>
+dns_dnssec_findzonekeys{2} used a inconsistant
+timestamp when determining which keys are active. This could result in
+some RRsets not being signed/re-signed.
+[RT #23642]
+</li><li>
+Remove bin/tests/system/logfileconfig/ns1/named.conf and
+add setup.sh in order to resolve changing named.conf issue. [RT #23687]
+</li><li>
+NOTIFY messages were not being sent when generating
+a NSEC3 chain incrementally. [RT #23702]
+</li><li>
+DDNS updates using SIG(0) with update-policy match
+type "external" could cause a crash. Also fixed nsupdate core
+dump on shutdown when using a SIG(0) key, due to the key
+not being freed. [RT #23735]
+</li><li>
+Zones using automatic key maintenance could fail to check the key
+repository for updates. named now checks once per hour and the
+automatic check bug has been fixed. [RT #23744]
+</li><li>
+named now uses the correct strtok/strtok_r/strtok_s based on OS.
+[RT #23747]
+</li><li>
+Signatures for records at the zone apex could go
+stale due to an incorrect timer setting. [RT #23769]
+</li><li>
+The autosign tests attempted to open ports within reserved ranges. Test
+now avoids those ports.
+[RT #23957]
+</li><li>
+GSS TGIS test was failing, since log_cred() caused KRB5_KTNAME to
+be cached. Now sets KRB5_KTNAME before calling log_cred() in
+dst_gssapi_acceptctx(). [RT #24004]
+</li><li>
+named, acting as authoritative server for DLZ zones, was not correctly
+setting the authoritative (AA) bit.
+[RT #24146]
+</li><li>
+Clean up some cross-compiling issues and added two undocumented
+configure options, --with-gost and --with-rlimtype, to allow over-riding
+default settings (gost=no and rlimtype="long int") when cross-compiling.
+[RT #24367]
+</li><li>
+When trying sign with NSEC3, if dnssec-signzone couldn't find the
+KSK, it would give an incorrect error "NSEC3 iterations too big for
+weakest DNSKEY strength" rather than the correct "failed to find
+keys at the zone apex: not found" [RT #24369]
+</li><li>
+Configuring 'dnssec-validation auto' in a view instead of in the
+options statement could trigger an assertion failure in named-checkconf.
+[RT #24382]
+</li><li>
+Improved consistency checks for dnssec-enable and
+dnssec-validation, added test cases to the
+checkconf system test. [RT #24398]
+</li><li>
+If named is configured to be both authoritative and recursive and receives
+a recursive query for a CNAME in a zone that it is authoritative for, if that
+CNAME also points to a zone the server is authoritative for, the recursive part of name will not follow the CNAME change and the response will not be a
+complete CNAME chain. [RT #24455]
+</li><li>
+nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]
+</li><li>
+Named could fail to validate zones list in a DLV that validated insecure
+without using DLV and had DS records in the parent zone. [RT #24631]
+</li><li>
+dnssec-signzone now records timestamps just before and just after signing, improving the accuracy of signing statistics. [RT #16030]
+</li><li>
+If allow-new-zones was set to yes and name-based ACLs were used, named could crash when "rndc reconfig" was issued. [RT #22739]
+</li><li>
+RT #23136 fixed a problem where named would delete old signatures even
+when the private key wasn't available to re-sign the zone, resulting in
+a zone with missing signatures. This fix (CHANGES 3114) did not
+completely fix all issues. [RT #24577]
+</li><li>
+A bug in FreeBSD kernels causes IPv6 UDP responses greater than
+1280 bytes to not fragment as they should. Until there is a kernel
+fix, named will work around this by setting IPV6_USE_MIN_MTU on a
+per packet basis. [RT #24950]
+</li></ul></div>
+ </div>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359134"></a>Known issues in this release</h2></div></div></div>
+
+ <div class="itemizedlist"><ul type="disc"><li>
+ <p>
+ None.
+ </p>
+ </li></ul></div>
+ </div>
+
+ <div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id3359152"></a>Thank You</h2></div></div></div>
+
+ <p>
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to make
+ quality open source software, please visit our donations page at
+ <a href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
+ </p>
+ </div>
+</div></body></html>
diff --git a/RELEASE-NOTES-BIND-9.8.1.pdf b/RELEASE-NOTES-BIND-9.8.1.pdf
new file mode 100644
index 000000000000..b2b5de5df5bd
--- /dev/null
+++ b/RELEASE-NOTES-BIND-9.8.1.pdf
Binary files differ
diff --git a/RELEASE-NOTES-BIND-9.8.1.txt b/RELEASE-NOTES-BIND-9.8.1.txt
new file mode 100644
index 000000000000..3fdb9b0ac6e7
--- /dev/null
+++ b/RELEASE-NOTES-BIND-9.8.1.txt
@@ -0,0 +1,268 @@
+ __________________________________________________________________
+
+Introduction
+
+ BIND 9.8.1 is the current production release of BIND 9.8.
+
+ This document summarizes changes from BIND 9.8.0 to BIND 9.8.1. Please
+ see the CHANGES file in the source code release for a complete list of
+ all changes.
+
+Download
+
+ The latest versions of BIND 9 software can always be found on our web
+ site at http://www.isc.org/downloads/all. There you will find
+ additional information about each release, source code, and some
+ pre-compiled versions for certain operating systems.
+
+Support
+
+ Product support information is available on
+ http://www.isc.org/services/support for paid support options. Free
+ support is provided by our user community via a mailing list.
+ Information on all public email lists is available at
+ https://lists.isc.org/mailman/listinfo.
+
+New Features
+
+9.8.1
+
+ * Added a new include file with function typedefs for the DLZ
+ "dlopen" driver. [RT #23629]
+ * Added a tool able to generate malformed packets to allow testing of
+ how named handles them. [RT #24096]
+ * The root key is now provided in the file bind.keys allowing DNSSEC
+ validation to be switched on at start up by adding
+ "dnssec-validation auto;" to named.conf. If the root key provided
+ has expired, named will log the expiration and validation will not
+ work. More information and the most current copy of bind.keys can
+ be found at http://www.isc.org/bind-keys. *Please note this feature
+ was actually added in 9.8.0 but was not included in the 9.8.0
+ release notes. [RT #21727]
+
+Security Fixes
+
+9.8.1
+
+ * If named is configured with a response policy zone (RPZ) and a
+ query of type RRSIG is received for a name configured for RRset
+ replacement in that RPZ, it will trigger an INSIST and crash the
+ server. RRSIG. [RT #24280]
+ * named, set up to be a caching resolver, is vulnerable to a user
+ querying a domain with very large resource record sets (RRSets)
+ when trying to negatively cache the response. Due to an off-by-one
+ error, caching the response could cause named to crash. [RT #24650]
+ [CVE-2011-1910]
+ * Using Response Policy Zone (RPZ) to query a wildcard CNAME label
+ with QUERY type SIG/RRSIG, it can cause named to crash. Fix is
+ query type independant. [RT #24715]
+ * Using Response Policy Zone (RPZ) with DNAME records and querying
+ the subdomain of that label can cause named to crash. Now logs that
+ DNAME is not supported. [RT #24766]
+ * Change #2912 populated the message section in replies to UPDATE
+ requests, which some Windows clients wanted. This exposed a latent
+ bug that allowed the response message to crash named. With this
+ fix, change 2912 has been reduced to copy only the zone section to
+ the reply. A more complete fix for the latent bug will be released
+ later. [RT #24777]
+
+Feature Changes
+
+9.8.1
+
+ * Merged in the NetBSD ATF test framework (currently version 0.12)
+ for development of future unit tests. Use configure --with-atf to
+ build ATF internally or configure --with-atf=prefix to use an
+ external copy. [RT #23209]
+ * Added more verbose error reporting from DLZ LDAP. [RT #23402]
+ * The DLZ "dlopen" driver is now built by default, no longer
+ requiring a configure option. To disable it, use "configure
+ --without-dlopen". (Note: driver not supported on win32.) [RT
+ #23467]
+ * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
+ * Make --with-gssapi default for ./configure. [RT #23738]
+ * Improved the startup time for an authoritative server with a large
+ number of zones by making the zone task table of variable size
+ rather than fixed size. This means that authoritative servers with
+ lots of zones will be serving that zone data much sooner. [RT
+ #24406]
+ * Per RFC 6303, RFC 1918 reverse zones are now part of the built-in
+ list of empty zones. [RT #24990]
+
+Bug Fixes
+
+9.8.1
+
+ * During RFC5011 processing some journal write errors were not
+ detected. This could lead to managed-keys changes being committed
+ but not recorded in the journal files, causing potential
+ inconsistencies during later processing. [RT #20256]
+ * A potential NULL pointer deference in the DNS64 code could cause
+ named to terminate unexpectedly. [RT #20256]
+ * A state variable relating to DNSSEC could fail to be set during
+ some infrequently-executed code paths, allowing it to be used
+ whilst in an unitialized state during cache updates, with
+ unpredictable results. [RT #20256]
+ * A potential NULL pointer deference in DNSSEC signing code could
+ cause named to terminate unexpectedly [RT #20256]
+ * Several cosmetic code changes were made to silence warnings
+ generated by a static code analysis tool. [RT #20256]
+ * When using the -x (sign with only KSK) option on dnssec-signzone,
+ it could incorrectly count the number of ZSKs in the zone. (And in
+ 9.9.0, some code cleanup and improved warning messages). [RT
+ #20852]
+ * When using _builtin in named.conf, named.conf changes were not
+ found when reloading the config file. Now checks _builtin zone
+ arguments to see if the zone is re-usable or not. [RT #21914]
+ * Running dnssec-settime -f on an old-style key will now force the
+ key to be rewritten to the new key format even if no other change
+ has been specified, using "-P now -A now" as default values. [RT
+ #22474]
+ * After an external code review, a code cleanup was done. [RT #22521]
+ * Cause named to terminate at startup or rndc reconfig reload to
+ fail, if a log file specified in the conf file isn't a plain file.
+ (RT #22771]
+ * named now forces the ADB cache time for glue related data to zero
+ instead of relying on TTL. This corrects problematic behavior in
+ cases where a server was authoritative for the A record of a
+ nameserver for a delegated zone and was queried to recursively
+ resolve records within that zone. [RT #22842]
+ * When a validating resolver got a NODATA response for DNSKEY, it was
+ not caching the NODATA. Fixed and test added. [RT #22908]
+ * Fixed a bug in which zone keys that were published and but not
+ immediately activated, automatic signing could fail to trigger. [RT
+ #22911]
+ * Fixed precedence order bug with NS and DNAME records if both are
+ present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
+ * When a DNSSEC signed dynamic zone's signatures need to be
+ refreshed, named would first delete the old signatures in the zone.
+ If a private key of the same algorithm isn't available to named,
+ the signing would fail but the old signatures would already be
+ deleted. named now checks if it can access the private key before
+ deleting the old signatures and leaves the old signature if no
+ private key is found. [RT #23136]
+ * When using "auto-dnssec maintain" and rolling to a new key, a
+ private-type record (only used internally by named) could be
+ created and not marked as complete. [RT #23253]
+ * Fixed last autosign test report. [RT #23256]
+ * named didn't save gid at startup and later assumed gid 0. named now
+ saves/restores the gid when creating creating named.pid at startup.
+ [RT #23290]
+ * If the server has an IPv6 address but does not have IPv6
+ connectivity to the internet, dig +trace could fail attempting to
+ use IPv6 addresses. [RT #23297]
+ * If named is configured with managed zones, the managed key maint
+ timer can exercise a race condition that can crash the server. [RT
+ #23303]
+ * Changing TTL did not cause dnssec-signzone to generate new
+ signatures. [RT #23330]
+ * Have the validating resolver use RRSIG original TTL to compute
+ validated RRset and RRSIG TTL. [RT #23332]
+ * In "make test" bin/tests/resolver, hold the socket manager lock
+ while freeing the socket. [RT #23333]
+ * If named encountered a CNAME instead of a DS record when walking
+ the chain of trust down from the trust anchor, it incorrectly
+ stopped validating. [RT #23338]
+ * dns/view.h needed dns/rpz.h but it wasn't in the Makfile.in HEADERS
+ variable. [RT #23342]
+ * RRSIG records could have time stamps too far in the future. [RT
+ #23356]
+ * named stores cached data in an in-memory database and keeps track
+ of how recently the data is used with a heap. The heap is stored
+ within the cache's memory space. Under a sustained high query load
+ and with a small cache size, this could lead to the heap exhausting
+ the cache space. This would result in cache misses and SERVFAILs,
+ with named never releasing the cache memory the heap used up and
+ never recovering. This fix removes the heap into its own memory
+ space, preventing the heap from exhausting the cache space and
+ allowing named to recover gracefully when the high query load
+ abates. [RT #23371]
+ * Fully separated key management on a per view basis. [RT #23419]
+ * If running on a powerpc CPU and with atomic operations enabled,
+ named could lock up. Added sync instructions to the end of atomic
+ operations. [RT #23469]
+ * If OpenSSL was built without engine support, named would have
+ compile errors and fail to build. [RT #23473]
+ * If ./configure finds GOST but not elliptic curve, named fails to
+ build. Added elliptic curve support check in GOST OpenSSL engine
+ detection. [RT #23485]
+ * "rndc secroots" would abort on the first error and so could miss
+ remaining views. [RT #23488]
+ * Handle isc_event_allocate failures in t_tasks test. [RT #23572]
+ * ixfr-from-differences {master|slave}; failed to select the
+ master/slave zones, resulting in on diff/journal file being
+ created. [RT #23580]
+ * If a DNAME substitution failed, named returned NOERROR. The correct
+ response should be YXDOMAIN. [RT #23591]
+ * dns_dnssec_findzonekeys{2} used a inconsistant timestamp when
+ determining which keys are active. This could result in some RRsets
+ not being signed/re-signed. [RT #23642]
+ * Remove bin/tests/system/logfileconfig/ns1/named.conf and add
+ setup.sh in order to resolve changing named.conf issue. [RT #23687]
+ * NOTIFY messages were not being sent when generating a NSEC3 chain
+ incrementally. [RT #23702]
+ * DDNS updates using SIG(0) with update-policy match type "external"
+ could cause a crash. Also fixed nsupdate core dump on shutdown when
+ using a SIG(0) key, due to the key not being freed. [RT #23735]
+ * Zones using automatic key maintenance could fail to check the key
+ repository for updates. named now checks once per hour and the
+ automatic check bug has been fixed. [RT #23744]
+ * named now uses the correct strtok/strtok_r/strtok_s based on OS.
+ [RT #23747]
+ * Signatures for records at the zone apex could go stale due to an
+ incorrect timer setting. [RT #23769]
+ * The autosign tests attempted to open ports within reserved ranges.
+ Test now avoids those ports. [RT #23957]
+ * GSS TGIS test was failing, since log_cred() caused KRB5_KTNAME to
+ be cached. Now sets KRB5_KTNAME before calling log_cred() in
+ dst_gssapi_acceptctx(). [RT #24004]
+ * named, acting as authoritative server for DLZ zones, was not
+ correctly setting the authoritative (AA) bit. [RT #24146]
+ * Clean up some cross-compiling issues and added two undocumented
+ configure options, --with-gost and --with-rlimtype, to allow
+ over-riding default settings (gost=no and rlimtype="long int") when
+ cross-compiling. [RT #24367]
+ * When trying sign with NSEC3, if dnssec-signzone couldn't find the
+ KSK, it would give an incorrect error "NSEC3 iterations too big for
+ weakest DNSKEY strength" rather than the correct "failed to find
+ keys at the zone apex: not found" [RT #24369]
+ * Configuring 'dnssec-validation auto' in a view instead of in the
+ options statement could trigger an assertion failure in
+ named-checkconf. [RT #24382]
+ * Improved consistency checks for dnssec-enable and
+ dnssec-validation, added test cases to the checkconf system test.
+ [RT #24398]
+ * If named is configured to be both authoritative and recursive and
+ receives a recursive query for a CNAME in a zone that it is
+ authoritative for, if that CNAME also points to a zone the server
+ is authoritative for, the recursive part of name will not follow
+ the CNAME change and the response will not be a complete CNAME
+ chain. [RT #24455]
+ * nsupdate could dump core on shutdown when using SIG(0) keys. [RT
+ #24604]
+ * Named could fail to validate zones list in a DLV that validated
+ insecure without using DLV and had DS records in the parent zone.
+ [RT #24631]
+ * dnssec-signzone now records timestamps just before and just after
+ signing, improving the accuracy of signing statistics. [RT #16030]
+ * If allow-new-zones was set to yes and name-based ACLs were used,
+ named could crash when "rndc reconfig" was issued. [RT #22739]
+ * RT #23136 fixed a problem where named would delete old signatures
+ even when the private key wasn't available to re-sign the zone,
+ resulting in a zone with missing signatures. This fix (CHANGES
+ 3114) did not completely fix all issues. [RT #24577]
+ * A bug in FreeBSD kernels causes IPv6 UDP responses greater than
+ 1280 bytes to not fragment as they should. Until there is a kernel
+ fix, named will work around this by setting IPV6_USE_MIN_MTU on a
+ per packet basis. [RT #24950]
+
+Known issues in this release
+
+ * None.
+
+Thank You
+
+ Thank you to everyone who assisted us in making this release possible.
+ If you would like to contribute to ISC to assist us in continuing to
+ make quality open source software, please visit our donations page at
+ http://www.isc.org/supportisc.
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index 521ed31916c5..11a429c649cd 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.54 2010-09-07 01:49:08 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.54.62.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@@ -190,7 +190,7 @@ configure_zone(const char *vclass, const char *view,
if (obj != NULL)
maps[i++] = obj;
}
- maps[i++] = NULL;
+ maps[i] = NULL;
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c
index 814a5657bb4d..3fdf4d47417f 100644
--- a/bin/confgen/ddns-confgen.c
+++ b/bin/confgen/ddns-confgen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ddns-confgen.c,v 1.9 2009-09-29 15:06:05 fdupont Exp $ */
+/* $Id: ddns-confgen.c,v 1.9.308.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@@ -160,6 +160,7 @@ main(int argc, char **argv) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
+ POST(argv);
if (self_domain != NULL && zone != NULL)
usage(1); /* -s and -z cannot coexist */
diff --git a/bin/confgen/rndc-confgen.c b/bin/confgen/rndc-confgen.c
index 766e3b49444e..0eac35fefac6 100644
--- a/bin/confgen/rndc-confgen.c
+++ b/bin/confgen/rndc-confgen.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc-confgen.c,v 1.5 2009-09-29 15:06:05 fdupont Exp $ */
+/* $Id: rndc-confgen.c,v 1.5.308.2 2011-03-12 04:59:13 tbox Exp $ */
/*! \file */
@@ -200,6 +200,7 @@ main(int argc, char **argv) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
+ POST(argv);
if (argc > 0)
usage(1);
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index a3143c93d273..728838721275 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.237 2010-05-13 00:40:46 marka Exp $ */
+/* $Id: dig.c,v 1.237.124.3 2011-03-11 06:46:58 marka Exp $ */
/*! \file */
@@ -44,8 +44,6 @@
#include <dns/result.h>
#include <dns/tsig.h>
-#include <bind9/getaddresses.h>
-
#include <dig/dig.h>
#define ADD_STRING(b, s) { \
@@ -479,8 +477,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if (!query->lookup->comments)
flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
- result = ISC_R_SUCCESS;
-
result = isc_buffer_allocate(mctx, &buf, len);
check_result(result, "isc_buffer_allocate");
@@ -1438,30 +1434,6 @@ preparse_args(int argc, char **argv) {
}
static void
-getaddresses(dig_lookup_t *lookup, const char *host) {
- isc_result_t result;
- isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
- isc_netaddr_t netaddr;
- int count, i;
- dig_server_t *srv;
- char tmp[ISC_NETADDR_FORMATSIZE];
-
- result = bind9_getaddresses(host, 0, sockaddrs,
- DIG_MAX_ADDRESSES, &count);
- if (result != ISC_R_SUCCESS)
- fatal("couldn't get address for '%s': %s",
- host, isc_result_totext(result));
-
- for (i = 0; i < count; i++) {
- isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
- isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
- srv = make_server(tmp, host);
- ISC_LIST_APPEND(lookup->my_server_list, srv, link);
- }
- addresscount = count;
-}
-
-static void
parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
int argc, char **argv) {
isc_result_t result;
@@ -1555,7 +1527,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (strncmp(rv[0], "%", 1) == 0)
break;
if (strncmp(rv[0], "@", 1) == 0) {
- getaddresses(lookup, &rv[0][1]);
+ addresscount = getaddresses(lookup, &rv[0][1]);
} else if (rv[0][0] == '+') {
plus_option(&rv[0][1], is_batchfile,
lookup);
@@ -1592,7 +1564,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
(isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
- result = DNS_R_UNKNOWN;
fprintf(stderr, ";; Warning, "
"ixfr requires a "
"serial number\n");
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index e92bc6edceec..319ba3e74727 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.336 2010-12-09 00:54:33 marka Exp $ */
+/* $Id: dighost.c,v 1.336.22.4 2011-03-11 06:46:58 marka Exp $ */
/*! \file
* \note
@@ -566,10 +566,8 @@ make_server(const char *servname, const char *userarg) {
if (srv == NULL)
fatal("memory allocation failure in %s:%d",
__FILE__, __LINE__);
- strncpy(srv->servername, servname, MXNAME);
- strncpy(srv->userarg, userarg, MXNAME);
- srv->servername[MXNAME-1] = 0;
- srv->userarg[MXNAME-1] = 0;
+ strlcpy(srv->servername, servname, MXNAME);
+ strlcpy(srv->userarg, userarg, MXNAME);
ISC_LINK_INIT(srv, link);
return (srv);
}
@@ -1767,8 +1765,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
dns_rdata_freestruct(&ns);
/* Initialize lookup if we've not yet */
- debug("found NS %d %s", numLookups, namestr);
- numLookups++;
+ debug("found NS %s", namestr);
if (!success) {
success = ISC_TRUE;
lookup_counter++;
@@ -1790,9 +1787,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain, NULL);
}
- srv = make_server(namestr, namestr);
- debug("adding server %s", srv->servername);
- ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+ debug("adding server %s", namestr);
+ numLookups += getaddresses(lookup, namestr);
dns_rdata_reset(&rdata);
}
}
@@ -1808,17 +1804,25 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
if (numLookups > 1) {
isc_uint32_t i, j;
dig_serverlist_t my_server_list;
+ dig_server_t *next;
ISC_LIST_INIT(my_server_list);
- for (i = numLookups; i > 0; i--) {
+ i = numLookups;
+ for (srv = ISC_LIST_HEAD(lookup->my_server_list);
+ srv != NULL;
+ srv = ISC_LIST_HEAD(lookup->my_server_list)) {
+ INSIST(i > 0);
isc_random_get(&j);
j %= i;
- srv = ISC_LIST_HEAD(lookup->my_server_list);
- while (j-- > 0)
- srv = ISC_LIST_NEXT(srv, link);
+ next = ISC_LIST_NEXT(srv, link);
+ while (j-- > 0 && next != NULL) {
+ srv = next;
+ next = ISC_LIST_NEXT(srv, link);
+ }
ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);
ISC_LIST_APPEND(my_server_list, srv, link);
+ i--;
}
ISC_LIST_APPENDLIST(lookup->my_server_list,
my_server_list, link);
@@ -3541,6 +3545,31 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
return (ISC_R_SUCCESS);
}
+int
+getaddresses(dig_lookup_t *lookup, const char *host) {
+ isc_result_t result;
+ isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+ isc_netaddr_t netaddr;
+ int count, i;
+ dig_server_t *srv;
+ char tmp[ISC_NETADDR_FORMATSIZE];
+
+ result = bind9_getaddresses(host, 0, sockaddrs,
+ DIG_MAX_ADDRESSES, &count);
+ if (result != ISC_R_SUCCESS)
+ fatal("couldn't get address for '%s': %s",
+ host, isc_result_totext(result));
+
+ for (i = 0; i < count; i++) {
+ isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+ isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+ srv = make_server(tmp, host);
+ ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+ }
+
+ return count;
+}
+
/*%
* Initiate either a TCP or UDP lookup
*/
diff --git a/bin/dig/host.c b/bin/dig/host.c
index 13569f63ac98..c7a8e0eb575f 100644
--- a/bin/dig/host.c
+++ b/bin/dig/host.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: host.c,v 1.124 2010-11-16 05:38:30 marka Exp $ */
+/* $Id: host.c,v 1.124.40.3 2011-03-11 06:46:59 marka Exp $ */
/*! \file */
@@ -521,6 +521,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
printf("%scd", did_flag ? " " : "");
did_flag = ISC_TRUE;
+ POST(did_flag);
}
printf("; QUERY: %u, ANSWER: %u, "
"AUTHORITY: %u, ADDITIONAL: %u\n",
@@ -824,8 +825,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
if (isc_commandline_index >= argc)
show_usage();
- strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
- hostname[sizeof(hostname)-1]=0;
+ strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
+
if (argc > isc_commandline_index + 1) {
set_nameserver(argv[isc_commandline_index+1]);
debug("server is %s", argv[isc_commandline_index+1]);
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index c0f778b5f142..2db5de552fc3 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.h,v 1.111 2009-09-29 15:06:06 fdupont Exp $ */
+/* $Id: dig.h,v 1.111.306.2 2011-02-28 01:19:58 tbox Exp $ */
#ifndef DIG_H
#define DIG_H
@@ -288,6 +288,9 @@ extern int idnoptions;
isc_result_t
get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
+int
+getaddresses(dig_lookup_t *lookup, const char *host);
+
isc_result_t
get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
isc_boolean_t strict);
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 0d368b15c800..e327c0f7fce4 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nslookup.c,v 1.127 2010-11-17 23:47:08 tbox Exp $ */
+/* $Id: nslookup.c,v 1.127.38.2 2011-02-28 01:19:58 tbox Exp $ */
#include <config.h>
@@ -536,12 +536,6 @@ testclass(char *typetext) {
}
static void
-safecpy(char *dest, char *src, int size) {
- strncpy(dest, src, size);
- dest[size-1] = 0;
-}
-
-static void
set_port(const char *value) {
isc_uint32_t n;
isc_result_t result = parse_uint(&n, value, 65535, "port");
@@ -571,34 +565,34 @@ setoption(char *opt) {
show_settings(ISC_TRUE, ISC_FALSE);
} else if (strncasecmp(opt, "class=", 6) == 0) {
if (testclass(&opt[6]))
- safecpy(defclass, &opt[6], sizeof(defclass));
+ strlcpy(defclass, &opt[6], sizeof(defclass));
} else if (strncasecmp(opt, "cl=", 3) == 0) {
if (testclass(&opt[3]))
- safecpy(defclass, &opt[3], sizeof(defclass));
+ strlcpy(defclass, &opt[3], sizeof(defclass));
} else if (strncasecmp(opt, "type=", 5) == 0) {
if (testtype(&opt[5]))
- safecpy(deftype, &opt[5], sizeof(deftype));
+ strlcpy(deftype, &opt[5], sizeof(deftype));
} else if (strncasecmp(opt, "ty=", 3) == 0) {
if (testtype(&opt[3]))
- safecpy(deftype, &opt[3], sizeof(deftype));
+ strlcpy(deftype, &opt[3], sizeof(deftype));
} else if (strncasecmp(opt, "querytype=", 10) == 0) {
if (testtype(&opt[10]))
- safecpy(deftype, &opt[10], sizeof(deftype));
+ strlcpy(deftype, &opt[10], sizeof(deftype));
} else if (strncasecmp(opt, "query=", 6) == 0) {
if (testtype(&opt[6]))
- safecpy(deftype, &opt[6], sizeof(deftype));
+ strlcpy(deftype, &opt[6], sizeof(deftype));
} else if (strncasecmp(opt, "qu=", 3) == 0) {
if (testtype(&opt[3]))
- safecpy(deftype, &opt[3], sizeof(deftype));
+ strlcpy(deftype, &opt[3], sizeof(deftype));
} else if (strncasecmp(opt, "q=", 2) == 0) {
if (testtype(&opt[2]))
- safecpy(deftype, &opt[2], sizeof(deftype));
+ strlcpy(deftype, &opt[2], sizeof(deftype));
} else if (strncasecmp(opt, "domain=", 7) == 0) {
- safecpy(domainopt, &opt[7], sizeof(domainopt));
+ strlcpy(domainopt, &opt[7], sizeof(domainopt));
set_search_domain(domainopt);
usesearch = ISC_TRUE;
} else if (strncasecmp(opt, "do=", 3) == 0) {
- safecpy(domainopt, &opt[3], sizeof(domainopt));
+ strlcpy(domainopt, &opt[3], sizeof(domainopt));
set_search_domain(domainopt);
usesearch = ISC_TRUE;
} else if (strncasecmp(opt, "port=", 5) == 0) {
@@ -677,11 +671,11 @@ addlookup(char *opt) {
lookup = make_empty_lookup();
if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
== ISC_R_SUCCESS) {
- safecpy(lookup->textname, store, sizeof(lookup->textname));
+ strlcpy(lookup->textname, store, sizeof(lookup->textname));
lookup->rdtype = dns_rdatatype_ptr;
lookup->rdtypeset = ISC_TRUE;
} else {
- safecpy(lookup->textname, opt, sizeof(lookup->textname));
+ strlcpy(lookup->textname, opt, sizeof(lookup->textname));
lookup->rdtype = rdtype;
lookup->rdtypeset = ISC_TRUE;
}
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
index d8c19f2e527a..a0fd69351bdc 100644
--- a/bin/dnssec/dnssec-keyfromlabel.8
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.1.2.1 2011-06-09 03:41:05 tbox Exp $
+.\" $Id: dnssec-keyfromlabel.8,v 1.18.14.2 2011-02-28 02:37:42 tbox Exp $
.\"
.hy 0
.ad l
diff --git a/bin/dnssec/dnssec-keyfromlabel.c b/bin/dnssec/dnssec-keyfromlabel.c
index 323f9187c64a..1323ed718691 100644
--- a/bin/dnssec/dnssec-keyfromlabel.c
+++ b/bin/dnssec/dnssec-keyfromlabel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keyfromlabel.c,v 1.32 2010-12-23 04:07:59 marka Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.32.14.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@@ -518,6 +518,9 @@ main(int argc, char **argv) {
{
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, directory, &buf);
+ if (ret != ISC_R_SUCCESS)
+ fatal("dst_key_buildfilename returned: %s\n",
+ isc_result_totext(ret));
if (exact)
fatal("%s: %s already exists\n", program, filename);
@@ -542,6 +545,9 @@ main(int argc, char **argv) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ if (ret != ISC_R_SUCCESS)
+ fatal("dst_key_buildfilename returned: %s\n",
+ isc_result_totext(ret));
printf("%s\n", filename);
dst_key_free(&key);
diff --git a/bin/dnssec/dnssec-keyfromlabel.docbook b/bin/dnssec/dnssec-keyfromlabel.docbook
index be38a2465785..c731e6eab606 100644
--- a/bin/dnssec/dnssec-keyfromlabel.docbook
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.1.2.1 2011-06-02 23:47:27 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.docbook,v 1.18.14.2 2011-02-28 01:19:58 tbox Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
index 2b1b23690bb1..c939ed68d75c 100644
--- a/bin/dnssec/dnssec-keyfromlabel.html
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.1.2.1 2011-06-09 03:41:05 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.html,v 1.17.14.2 2011-02-28 02:37:42 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/bin/dnssec/dnssec-keygen.c b/bin/dnssec/dnssec-keygen.c
index f369326aaf82..9a93ee3c9418 100644
--- a/bin/dnssec/dnssec-keygen.c
+++ b/bin/dnssec/dnssec-keygen.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-keygen.c,v 1.115 2010-12-23 04:07:59 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.115.14.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@@ -975,12 +975,15 @@ main(int argc, char **argv) {
if (verbose > 0) {
isc_buffer_clear(&buf);
- dst_key_buildfilename(key, 0, directory, &buf);
- fprintf(stderr,
- "%s: %s already exists, or might "
- "collide with another key upon "
- "revokation. Generating a new key\n",
- program, filename);
+ ret = dst_key_buildfilename(key, 0,
+ directory, &buf);
+ if (ret == ISC_R_SUCCESS)
+ fprintf(stderr,
+ "%s: %s already exists, or "
+ "might collide with another "
+ "key upon revokation. "
+ "Generating a new key\n",
+ program, filename);
}
dst_key_free(&key);
@@ -1001,6 +1004,9 @@ main(int argc, char **argv) {
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, NULL, &buf);
+ if (ret != ISC_R_SUCCESS)
+ fatal("dst_key_buildfilename returned: %s\n",
+ isc_result_totext(ret));
printf("%s\n", filename);
dst_key_free(&key);
if (prevkey != NULL)
diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8
index 4390494474ce..cbe4092e52a1 100644
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-settime.8,v 1.14 2010-08-17 01:15:26 tbox Exp $
+.\" $Id: dnssec-settime.8,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $
.\"
.hy 0
.ad l
@@ -59,7 +59,7 @@ and
.RS 4
Force an update of an old\-format key with no metadata fields. Without this option,
\fBdnssec\-settime\fR
-will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time.
+will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time. If no other values are specified, then the key's publication and activation dates will also be set to the present time.
.RE
.PP
\-K \fIdirectory\fR
@@ -162,5 +162,5 @@ RFC 5011.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index 364e2ab59268..a1258ef30cda 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-settime.c,v 1.28 2010-12-19 07:29:36 each Exp $ */
+/* $Id: dnssec-settime.c,v 1.28.16.3 2011-06-02 20:24:11 each Exp $ */
/*! \file */
@@ -81,8 +81,7 @@ usage(void) {
"deletion date\n");
fprintf(stderr, "Printing options:\n");
fprintf(stderr, " -p C/P/A/R/I/D/all: print a particular time "
- "value or values "
- "[default: all]\n");
+ "value or values\n");
fprintf(stderr, " -u: print times in unix epoch "
"format\n");
fprintf(stderr, "Output:\n");
@@ -514,6 +513,16 @@ main(int argc, char **argv) {
dst_key_unsettime(key, DST_TIME_DELETE);
/*
+ * No metadata changes were made but we're forcing an upgrade
+ * to the new format anyway: use "-P now -A now" as the default
+ */
+ if (force && !changed) {
+ dst_key_settime(key, DST_TIME_PUBLISH, now);
+ dst_key_settime(key, DST_TIME_ACTIVATE, now);
+ changed = ISC_TRUE;
+ }
+
+ /*
* Print out time values, if -p was used.
*/
if (printcreate)
diff --git a/bin/dnssec/dnssec-settime.docbook b/bin/dnssec/dnssec-settime.docbook
index 1096cb7ec5ae..daf720ba9362 100644
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-settime.docbook,v 1.11 2010-08-16 22:21:06 marka Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.11.70.2 2011-03-21 23:46:58 tbox Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
@@ -38,6 +38,7 @@
<copyright>
<year>2009</year>
<year>2010</year>
+ <year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -98,7 +99,9 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time.
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
+ be set to the present time.
</para>
</listitem>
</varlistentry>
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index 84c8dde49a1d..baca8f56ece5 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-settime.html,v 1.14 2010-08-17 01:15:26 tbox Exp $ -->
+<!-- $Id: dnssec-settime.html,v 1.14.70.1 2011-03-22 02:37:44 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543419"></a><h2>DESCRIPTION</h2>
+<a name="id2543422"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-settime</strong></span>
reads a DNSSEC private key file and sets the key timing metadata
as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -56,7 +56,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543467"></a><h2>OPTIONS</h2>
+<a name="id2543470"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-f</span></dt>
<dd><p>
@@ -65,7 +65,9 @@
fail when attempting to update a legacy key. With this option,
the key will be recreated in the new format, but with the
original key data retained. The key's creation date will be
- set to the present time.
+ set to the present time. If no other values are specified,
+ then the key's publication and activation dates will also
+ be set to the present time.
</p></dd>
<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
<dd><p>
@@ -87,7 +89,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543559"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543562"></a><h2>TIMING OPTIONS</h2>
<p>
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
If the argument begins with a '+' or '-', it is interpreted as
@@ -166,7 +168,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543698"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2543701"></a><h2>PRINTING OPTIONS</h2>
<p>
<span><strong class="command">dnssec-settime</strong></span> can also be used to print the
timing metadata associated with a key.
@@ -192,7 +194,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543912"></a><h2>SEE ALSO</h2>
+<a name="id2543915"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -200,7 +202,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543945"></a><h2>AUTHOR</h2>
+<a name="id2543948"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 3997a135b465..fe02d2e6bcec 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.262 2010-06-03 23:51:04 tbox Exp $ */
+/* $Id: dnssec-signzone.c,v 1.262.110.9 2011-07-19 23:47:12 tbox Exp $ */
/*! \file */
@@ -338,7 +338,7 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) {
} else {
dns_dnsseckey_create(mctx, &pubkey, &key);
}
- key->force_publish = ISC_TRUE;
+ key->force_publish = ISC_FALSE;
key->force_sign = ISC_FALSE;
ISC_LIST_APPEND(keylist, key, link);
@@ -486,32 +486,32 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
if (!expired)
keep = ISC_TRUE;
} else if (issigningkey(key)) {
- if (!expired && setverifies(name, set, key->key,
- &sigrdata)) {
+ if (!expired && rrsig.originalttl == set->ttl &&
+ setverifies(name, set, key->key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->index] = ISC_TRUE;
nowsignedby[key->index] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
- sigstr,
- expired ? "expired" :
- "failed to verify");
+ sigstr, expired ? "expired" :
+ rrsig.originalttl != set->ttl ?
+ "ttl change" : "failed to verify");
wassignedby[key->index] = ISC_TRUE;
resign = ISC_TRUE;
}
} else if (iszonekey(key)) {
- if (!expired && setverifies(name, set, key->key,
- &sigrdata)) {
+ if (!expired && rrsig.originalttl == set->ttl &&
+ setverifies(name, set, key->key, &sigrdata)) {
vbprintf(2, "\trrsig by %s retained\n", sigstr);
keep = ISC_TRUE;
wassignedby[key->index] = ISC_TRUE;
nowsignedby[key->index] = ISC_TRUE;
} else {
vbprintf(2, "\trrsig by %s dropped - %s\n",
- sigstr,
- expired ? "expired" :
- "failed to verify");
+ sigstr, expired ? "expired" :
+ rrsig.originalttl != set->ttl ?
+ "ttl change" : "failed to verify");
wassignedby[key->index] = ISC_TRUE;
}
} else if (!expired) {
@@ -522,7 +522,8 @@ signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
}
if (keep) {
- nowsignedby[key->index] = ISC_TRUE;
+ if (key != NULL)
+ nowsignedby[key->index] = ISC_TRUE;
INCSTAT(nretained);
if (sigset.ttl != ttl) {
vbprintf(2, "\tfixing ttl %s\n", sigstr);
@@ -1387,6 +1388,13 @@ verifyset(dns_rdataset_t *rdataset, dns_name_t *name, dns_dbnode_t *node,
dns_rdataset_current(&sigrdataset, &rdata);
dns_rdata_tostruct(&rdata, &sig, NULL);
+ if (rdataset->ttl != sig.originalttl) {
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ type_format(rdataset->type, typebuf, sizeof(typebuf));
+ fprintf(stderr, "TTL mismatch for %s %s keytag %u\n",
+ namebuf, typebuf, sig.keyid);
+ continue;
+ }
if ((set_algorithms[sig.algorithm] != 0) ||
(ksk_algorithms[sig.algorithm] == 0))
continue;
@@ -1443,14 +1451,14 @@ verifynode(dns_name_t *name, dns_dbnode_t *node, isc_boolean_t delegation,
/*%
* Verify that certain things are sane:
*
- * The apex has a DNSKEY record with at least one KSK, and at least
+ * The apex has a DNSKEY RRset with at least one KSK, and at least
* one ZSK if the -x flag was not used.
*
- * The DNSKEY record was signed with at least one of the KSKs in this
- * set.
+ * The DNSKEY record was signed with at least one of the KSKs in
+ * the DNSKEY RRset.
*
* The rest of the zone was signed with at least one of the ZSKs
- * present in the DNSKEY RRSET.
+ * present in the DNSKEY RRset.
*/
static void
verifyzone(void) {
@@ -1461,13 +1469,12 @@ verifyzone(void) {
dns_name_t *name, *nextname, *zonecut;
dns_rdata_dnskey_t dnskey;
dns_rdata_t rdata = DNS_RDATA_INIT;
- dns_rdataset_t rdataset;
- dns_rdataset_t sigrdataset;
+ dns_rdataset_t keyset, soaset;
+ dns_rdataset_t keysigs, soasigs;
int i;
isc_boolean_t done = ISC_FALSE;
isc_boolean_t first = ISC_TRUE;
isc_boolean_t goodksk = ISC_FALSE;
- isc_boolean_t goodzsk = ISC_FALSE;
isc_result_t result;
unsigned char revoked_ksk[256];
unsigned char revoked_zsk[256];
@@ -1489,18 +1496,30 @@ verifyzone(void) {
fatal("failed to find the zone's origin: %s",
isc_result_totext(result));
- dns_rdataset_init(&rdataset);
- dns_rdataset_init(&sigrdataset);
+ dns_rdataset_init(&keyset);
+ dns_rdataset_init(&keysigs);
+ dns_rdataset_init(&soaset);
+ dns_rdataset_init(&soasigs);
+
result = dns_db_findrdataset(gdb, node, gversion,
dns_rdatatype_dnskey,
- 0, 0, &rdataset, &sigrdataset);
- dns_db_detachnode(gdb, &node);
+ 0, 0, &keyset, &keysigs);
if (result != ISC_R_SUCCESS)
fatal("cannot find DNSKEY rrset\n");
- if (!dns_rdataset_isassociated(&sigrdataset))
+ result = dns_db_findrdataset(gdb, node, gversion,
+ dns_rdatatype_soa,
+ 0, 0, &soaset, &soasigs);
+ dns_db_detachnode(gdb, &node);
+ if (result != ISC_R_SUCCESS)
+ fatal("cannot find SOA rrset\n");
+
+ if (!dns_rdataset_isassociated(&keysigs))
fatal("cannot find DNSKEY RRSIGs\n");
+ if (!dns_rdataset_isassociated(&soasigs))
+ fatal("cannot find SOA RRSIGs\n");
+
memset(revoked_ksk, 0, sizeof(revoked_ksk));
memset(revoked_zsk, 0, sizeof(revoked_zsk));
memset(standby_ksk, 0, sizeof(standby_ksk));
@@ -1517,10 +1536,10 @@ verifyzone(void) {
* and one ZSK per algorithm in it (or, if -x was used, one
* self-signing KSK).
*/
- for (result = dns_rdataset_first(&rdataset);
+ for (result = dns_rdataset_first(&keyset);
result == ISC_R_SUCCESS;
- result = dns_rdataset_next(&rdataset)) {
- dns_rdataset_current(&rdataset, &rdata);
+ result = dns_rdataset_next(&keyset)) {
+ dns_rdataset_current(&keyset, &rdata);
result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
check_result(result, "dns_rdata_tostruct");
@@ -1528,8 +1547,8 @@ verifyzone(void) {
;
else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
- !dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
- &sigrdataset, ISC_FALSE,
+ !dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
+ &keysigs, ISC_FALSE,
mctx)) {
char namebuf[DNS_NAME_FORMATSIZE];
char buffer[1024];
@@ -1551,8 +1570,8 @@ verifyzone(void) {
revoked_zsk[dnskey.algorithm] != 255)
revoked_zsk[dnskey.algorithm]++;
} else if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0) {
- if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
- &sigrdataset, ISC_FALSE, mctx)) {
+ if (dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
+ &keysigs, ISC_FALSE, mctx)) {
if (ksk_algorithms[dnskey.algorithm] != 255)
ksk_algorithms[dnskey.algorithm]++;
goodksk = ISC_TRUE;
@@ -1560,8 +1579,8 @@ verifyzone(void) {
if (standby_ksk[dnskey.algorithm] != 255)
standby_ksk[dnskey.algorithm]++;
}
- } else if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
- &sigrdataset, ISC_FALSE,
+ } else if (dns_dnssec_selfsigns(&rdata, gorigin, &keyset,
+ &keysigs, ISC_FALSE,
mctx)) {
#ifdef ALLOW_KSKLESS_ZONES
if (self_algorithms[dnskey.algorithm] != 255)
@@ -1569,7 +1588,10 @@ verifyzone(void) {
#endif
if (zsk_algorithms[dnskey.algorithm] != 255)
zsk_algorithms[dnskey.algorithm]++;
- goodzsk = ISC_TRUE;
+ } else if (dns_dnssec_signs(&rdata, gorigin, &soaset,
+ &soasigs, ISC_FALSE, mctx)) {
+ if (zsk_algorithms[dnskey.algorithm] != 255)
+ zsk_algorithms[dnskey.algorithm]++;
} else {
if (standby_zsk[dnskey.algorithm] != 255)
standby_zsk[dnskey.algorithm]++;
@@ -1580,7 +1602,9 @@ verifyzone(void) {
dns_rdata_freestruct(&dnskey);
dns_rdata_reset(&rdata);
}
- dns_rdataset_disassociate(&sigrdataset);
+ dns_rdataset_disassociate(&keysigs);
+ dns_rdataset_disassociate(&soaset);
+ dns_rdataset_disassociate(&soasigs);
#ifdef ALLOW_KSKLESS_ZONES
if (!goodksk) {
@@ -1595,7 +1619,7 @@ verifyzone(void) {
}
#else
if (!goodksk) {
- fatal("no self signed KSK's found");
+ fatal("No self signed KSK's found");
}
#endif
@@ -1669,7 +1693,7 @@ verifyzone(void) {
dns_name_copy(name, zonecut, NULL);
isdelegation = ISC_TRUE;
}
- verifynode(name, node, isdelegation, &rdataset,
+ verifynode(name, node, isdelegation, &keyset,
ksk_algorithms, bad_algorithms);
result = dns_dbiterator_next(dbiter);
nextnode = NULL;
@@ -1706,13 +1730,13 @@ verifyzone(void) {
result = dns_dbiterator_next(dbiter) ) {
result = dns_dbiterator_current(dbiter, &node, name);
check_dns_dbiterator_current(result);
- verifynode(name, node, ISC_FALSE, &rdataset,
+ verifynode(name, node, ISC_FALSE, &keyset,
ksk_algorithms, bad_algorithms);
dns_db_detachnode(gdb, &node);
}
dns_dbiterator_destroy(&dbiter);
- dns_rdataset_disassociate(&rdataset);
+ dns_rdataset_disassociate(&keyset);
/*
* If we made it this far, we have what we consider a properly signed
@@ -2192,6 +2216,7 @@ addnsec3param(const unsigned char *salt, size_t salt_length,
result = dns_rdata_fromstruct(&rdata, gclass,
dns_rdatatype_nsec3param,
&nsec3param, &b);
+ check_result(result, "dns_rdata_fromstruct()");
rdatalist.rdclass = rdata.rdclass;
rdatalist.type = rdata.type;
rdatalist.covers = 0;
@@ -2801,7 +2826,7 @@ loadzonekeys(isc_boolean_t preserve_keys, isc_boolean_t load_public) {
}
keyttl = rdataset.ttl;
- /* Load keys corresponding to the existing DNSKEY RRset */
+ /* Load keys corresponding to the existing DNSKEY RRset. */
result = dns_dnssec_keylistfromrdataset(gorigin, directory, mctx,
&rdataset, &keysigs, &soasigs,
preserve_keys, load_public,
@@ -3320,28 +3345,36 @@ removetempfile(void) {
}
static void
-print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
- isc_uint64_t runtime_us; /* Runtime in microseconds */
- isc_uint64_t runtime_ms; /* Runtime in milliseconds */
+print_stats(isc_time_t *timer_start, isc_time_t *timer_finish,
+ isc_time_t *sign_start, isc_time_t *sign_finish)
+{
+ isc_uint64_t time_us; /* Time in microseconds */
+ isc_uint64_t time_ms; /* Time in milliseconds */
isc_uint64_t sig_ms; /* Signatures per millisecond */
- runtime_us = isc_time_microdiff(timer_finish, timer_start);
-
printf("Signatures generated: %10d\n", nsigned);
printf("Signatures retained: %10d\n", nretained);
printf("Signatures dropped: %10d\n", ndropped);
printf("Signatures successfully verified: %10d\n", nverified);
printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
- runtime_ms = runtime_us / 1000;
- printf("Runtime in seconds: %7u.%03u\n",
- (unsigned int) (runtime_ms / 1000),
- (unsigned int) (runtime_ms % 1000));
- if (runtime_us > 0) {
- sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
+
+ time_us = isc_time_microdiff(sign_finish, sign_start);
+ time_ms = time_us / 1000;
+ printf("Signing time in seconds: %7u.%03u\n",
+ (unsigned int) (time_ms / 1000),
+ (unsigned int) (time_ms % 1000));
+ if (time_us > 0) {
+ sig_ms = ((isc_uint64_t)nsigned * 1000000000) / time_us;
printf("Signatures per second: %7u.%03u\n",
(unsigned int) sig_ms / 1000,
(unsigned int) sig_ms % 1000);
}
+
+ time_us = isc_time_microdiff(timer_finish, timer_start);
+ time_ms = time_us / 1000;
+ printf("Runtime in seconds: %7u.%03u\n",
+ (unsigned int) (time_ms / 1000),
+ (unsigned int) (time_ms % 1000));
}
int
@@ -3355,6 +3388,7 @@ main(int argc, char *argv[]) {
int ndskeys = 0;
char *endp;
isc_time_t timer_start, timer_finish;
+ isc_time_t sign_start, sign_finish;
dns_dnsseckey_t *key;
isc_result_t result;
isc_log_t *log = NULL;
@@ -3805,6 +3839,8 @@ main(int argc, char *argv[]) {
nokeys = ISC_TRUE;
}
+ warnifallksk(gdb);
+
if (IS_NSEC3) {
unsigned int max;
result = dns_nsec3_maxiterations(gdb, NULL, mctx, &max);
@@ -3814,8 +3850,6 @@ main(int argc, char *argv[]) {
"strength. Maximum iterations allowed %u.", max);
}
- warnifallksk(gdb);
-
gversion = NULL;
result = dns_db_newversion(gdb, &gversion);
check_result(result, "dns_db_newversion()");
@@ -3895,6 +3929,7 @@ main(int argc, char *argv[]) {
RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS);
presign();
+ TIME_NOW(&sign_start);
signapex();
if (!finished) {
/*
@@ -3919,6 +3954,7 @@ main(int argc, char *argv[]) {
isc_taskmgr_destroy(&taskmgr);
isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
postsign();
+ TIME_NOW(&sign_finish);
verifyzone();
if (outputformat != dns_masterformat_text) {
@@ -3972,7 +4008,8 @@ main(int argc, char *argv[]) {
if (printstats) {
TIME_NOW(&timer_finish);
- print_stats(&timer_start, &timer_finish);
+ print_stats(&timer_start, &timer_finish,
+ &sign_start, &sign_finish);
}
return (0);
diff --git a/bin/named/Makefile.in b/bin/named/Makefile.in
index a3dbb3802dc9..86400c47f026 100644
--- a/bin/named/Makefile.in
+++ b/bin/named/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1998-2002 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.114 2010-12-22 09:00:40 marka Exp $
+# $Id: Makefile.in,v 1.114.14.2 2011-03-10 23:47:25 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -45,7 +45,7 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
-CDEFINES = @USE_DLZ@ @USE_PKCS11@ @USE_OPENSSL@
+CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @USE_OPENSSL@
CWARNINGS =
@@ -89,7 +89,7 @@ OBJS = builtin.@O@ client.@O@ config.@O@ control.@O@ \
lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
-UOBJS = unix/os.@O@
+UOBJS = unix/os.@O@ unix/dlz_dlopen_driver.@O@
SYMOBJS = symtbl.@O@
diff --git a/bin/named/client.c b/bin/named/client.c
index bc9cc878adbc..2115ac101bcf 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.271 2011-01-11 23:47:12 tbox Exp $ */
+/* $Id: client.c,v 1.271.10.2 2011-07-28 04:30:54 marka Exp $ */
#include <config.h>
@@ -633,6 +633,7 @@ ns_client_endrequest(ns_client_t *client) {
dns_message_puttemprdataset(client->message, &client->opt);
}
+ client->signer = NULL;
client->udpsize = 512;
client->extflags = 0;
client->ednsversion = -1;
@@ -1312,6 +1313,12 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
UNUSED(arg);
+ /*
+ * ns_g_server->interfacemgr is task exclusive locked.
+ */
+ if (ns_g_server->interfacemgr == NULL)
+ return (ISC_TRUE);
+
if (!ns_interfacemgr_listeningon(ns_g_server->interfacemgr, dstaddr))
return (ISC_FALSE);
@@ -2095,6 +2102,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->next = NULL;
client->shutdown = NULL;
client->shutdown_arg = NULL;
+ client->signer = NULL;
dns_name_init(&client->signername, NULL);
client->mortal = ISC_FALSE;
client->tcpquota = NULL;
diff --git a/bin/named/config.c b/bin/named/config.c
index 704d7ecc55ef..e34e5c4e63bf 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.c,v 1.113.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
+/* $Id: config.c,v 1.113.16.2 2011-02-28 01:19:58 tbox Exp $ */
/*! \file */
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 16d375b0083a..bd269e519b3e 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.60 2008-07-23 23:27:54 marka Exp $ */
+/* $Id: controlconf.c,v 1.60.544.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on command channel: %s",
keyid->keyname, isc_result_totext(result));
- CHECK(result);
+ goto cleanup;
}
keyid->secret.length = isc_buffer_usedlength(&b);
diff --git a/bin/named/include/dlz/dlz_dlopen_driver.h b/bin/named/include/dlz/dlz_dlopen_driver.h
new file mode 100644
index 000000000000..fc51c49da767
--- /dev/null
+++ b/bin/named/include/dlz/dlz_dlopen_driver.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dlz_dlopen_driver.h,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */
+
+#ifndef DLZ_DLOPEN_DRIVER_H
+#define DLZ_DLOPEN_DRIVER_H
+
+isc_result_t
+dlz_dlopen_init(isc_mem_t *mctx);
+
+void
+dlz_dlopen_clear(void);
+#endif
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index f155c7f05ed5..7bea32d52b55 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: globals.h,v 1.89 2010-09-15 12:07:55 marka Exp $ */
+/* $Id: globals.h,v 1.89.54.2 2011-06-17 23:47:10 tbox Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@@ -26,6 +26,7 @@
#include <isc/log.h>
#include <isc/net.h>
+#include <isccfg/aclconf.h>
#include <isccfg/cfg.h>
#include <dns/zone.h>
@@ -102,6 +103,7 @@ EXTERN const char * lwresd_g_resolvconffile INIT("/etc"
EXTERN isc_boolean_t ns_g_conffileset INIT(ISC_FALSE);
EXTERN isc_boolean_t lwresd_g_useresolvconf INIT(ISC_FALSE);
EXTERN isc_uint16_t ns_g_udpsize INIT(4096);
+EXTERN cfg_aclconfctx_t * ns_g_aclconfctx INIT(NULL);
/*
* Initial resource limits.
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index e99d3b9cfe38..513fb2491094 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.c,v 1.95 2009-01-17 23:47:42 tbox Exp $ */
+/* $Id: interfacemgr.c,v 1.95.426.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@@ -379,7 +379,7 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
}
}
*ifpret = ifp;
- return (ISC_R_SUCCESS);
+ return (result);
cleanup_interface:
ISC_LIST_UNLINK(ifp->mgr->interfaces, ifp, link);
@@ -964,7 +964,6 @@ isc_boolean_t
ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr) {
isc_sockaddr_t *old;
- old = ISC_LIST_HEAD(mgr->listenon);
for (old = ISC_LIST_HEAD(mgr->listenon);
old != NULL;
old = ISC_LIST_NEXT(old, link))
diff --git a/bin/named/logconf.c b/bin/named/logconf.c
index 8ae55ff7c54e..4fcb4e8dcaed 100644
--- a/bin/named/logconf.c
+++ b/bin/named/logconf.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2001 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,12 +15,13 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: logconf.c,v 1.42 2007-06-19 23:46:59 tbox Exp $ */
+/* $Id: logconf.c,v 1.42.816.3 2011-03-05 23:52:06 tbox Exp $ */
/*! \file */
#include <config.h>
+#include <isc/file.h>
#include <isc/offset.h>
#include <isc/result.h>
#include <isc/stdio.h>
@@ -130,7 +131,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
}
type = ISC_LOG_TONULL;
-
+
if (fileobj != NULL) {
const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
@@ -140,7 +141,7 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_offset_t size = 0;
type = ISC_LOG_TOFILE;
-
+
if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
versions = cfg_obj_asuint32(versionsobj);
if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&
@@ -219,26 +220,38 @@ channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
FILE *fp;
-
- /*
- * Test that the file can be opened, since isc_log_open()
- * can't effectively report failures when called in
- * isc_log_doit().
- */
- result = isc_stdio_open(dest.file.name, "a", &fp);
- if (result != ISC_R_SUCCESS)
- isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
- "logging channel '%s' file '%s': %s",
- channelname, dest.file.name,
- isc_result_totext(result));
- else
- (void)isc_stdio_close(fp);
/*
- * Allow named to continue by returning success.
- */
- result = ISC_R_SUCCESS;
+ * Test to make sure that file is a plain file.
+ * Fix defect #22771
+ */
+ result = isc_file_isplainfile(dest.file.name);
+ if (result == ISC_R_SUCCESS ||
+ result == ISC_R_FILENOTFOUND) {
+ /*
+ * Test that the file can be opened, since
+ * isc_log_open() can't effectively report
+ * failures when called in
+ * isc_log_doit().
+ */
+ result = isc_stdio_open(dest.file.name, "a", &fp);
+ if (result != ISC_R_SUCCESS) {
+ syslog(LOG_ERR,
+ "isc_stdio_open '%s' failed: %s",
+ dest.file.name,
+ isc_result_totext(result));
+ fprintf(stderr,
+ "isc_stdio_open '%s' failed: %s",
+ dest.file.name,
+ isc_result_totext(result));
+ } else
+ (void)isc_stdio_close(fp);
+ } else {
+ syslog(LOG_ERR, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
+ fprintf(stderr, "isc_file_isplainfile '%s' failed: %s",
+ dest.file.name, isc_result_totext(result));
+ }
}
return (result);
diff --git a/bin/named/main.c b/bin/named/main.c
index 84d86b146f4c..d22611360120 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.180 2010-12-22 03:59:02 marka Exp $ */
+/* $Id: main.c,v 1.180.14.3 2011-03-11 06:47:00 marka Exp $ */
/*! \file */
@@ -51,6 +51,8 @@
#include <dst/result.h>
+#include <dlz/dlz_dlopen_driver.h>
+
/*
* Defining NS_MAIN provides storage declarations (rather than extern)
* for variables in named/globals.h.
@@ -81,10 +83,10 @@
*/
/* #include "xxdb.h" */
+#ifdef CONTRIB_DLZ
/*
- * Include DLZ drivers if appropriate.
+ * Include contributed DLZ drivers if appropriate.
*/
-#ifdef DLZ
#include <dlz/dlz_drivers.h>
#endif
@@ -560,6 +562,7 @@ parse_command_line(int argc, char *argv[]) {
argc -= isc_commandline_index;
argv += isc_commandline_index;
+ POST(argv);
if (argc > 0) {
usage();
@@ -856,9 +859,19 @@ setup(void) {
*/
/* xxdb_init(); */
-#ifdef DLZ
+#ifdef ISC_DLZ_DLOPEN
+ /*
+ * Register the DLZ "dlopen" driver.
+ */
+ result = dlz_dlopen_init(ns_g_mctx);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlyfatal("dlz_dlopen_init() failed: %s",
+ isc_result_totext(result));
+#endif
+
+#if CONTRIB_DLZ
/*
- * Register any DLZ drivers.
+ * Register any other contributed DLZ drivers.
*/
result = dlz_drivers_init();
if (result != ISC_R_SUCCESS)
@@ -882,12 +895,18 @@ cleanup(void) {
*/
/* xxdb_clear(); */
-#ifdef DLZ
+#ifdef CONTRIB_DLZ
/*
- * Unregister any DLZ drivers.
+ * Unregister contributed DLZ drivers.
*/
dlz_drivers_clear();
#endif
+#ifdef ISC_DLZ_DLOPEN
+ /*
+ * Unregister "dlopen" DLZ driver.
+ */
+ dlz_dlopen_clear();
+#endif
dns_name_destroy();
diff --git a/bin/named/query.c b/bin/named/query.c
index 1950257dca2c..9be178beddb0 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.353.8.2.2.5 2011-06-09 03:17:10 marka Exp $ */
+/* $Id: query.c,v 1.353.8.11 2011-06-09 03:14:03 marka Exp $ */
/*! \file */
@@ -31,9 +31,7 @@
#include <dns/adb.h>
#include <dns/byaddr.h>
#include <dns/db.h>
-#ifdef DLZ
#include <dns/dlz.h>
-#endif
#include <dns/dns64.h>
#include <dns/dnssec.h>
#include <dns/events.h>
@@ -1027,7 +1025,6 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
{
isc_result_t result;
-#ifdef DLZ
isc_result_t tresult;
unsigned int namelabels;
unsigned int zonelabels;
@@ -1093,16 +1090,10 @@ query_getdb(ns_client_t *client, dns_name_t *name, dns_rdatatype_t qtype,
result = tresult;
}
}
-#else
- result = query_getzonedb(client, name, qtype, options,
- zonep, dbp, versionp);
-#endif
/* If successful, Transfer ownership of zone. */
if (result == ISC_R_SUCCESS) {
-#ifdef DLZ
*zonep = zone;
-#endif
/*
* If neither attempt above succeeded, return the cache instead
*/
@@ -1633,6 +1624,7 @@ query_addadditional2(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
need_addname = ISC_FALSE;
zone = NULL;
needadditionalcache = ISC_FALSE;
+ POST(needadditionalcache);
additionaltype = dns_rdatasetadditional_fromauth;
dns_name_init(&cfname, NULL);
@@ -4305,11 +4297,12 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype,
* Check rules for the name if this it the first time,
* i.e. we've not been recursing.
*/
- result = DNS_R_SERVFAIL;
st->state &= ~(DNS_RPZ_HAVE_IP | DNS_RPZ_HAVE_NSIPv4 |
DNS_RPZ_HAVE_NSIPv6 | DNS_RPZ_HAD_NSDNAME);
result = rpz_rewrite_name(client, qtype, client->query.qname,
DNS_RPZ_TYPE_QNAME, &rdataset);
+ if (result != ISC_R_SUCCESS)
+ goto cleanup;
if (st->m.policy != DNS_RPZ_POLICY_MISS)
goto cleanup;
if ((st->state & (DNS_RPZ_HAVE_NSIPv4 | DNS_RPZ_HAVE_NSIPv6 |
@@ -4415,9 +4408,10 @@ rpz_rewrite(ns_client_t *client, dns_rdatatype_t qtype,
(st->state & DNS_RPZ_HAVE_NSIPv6) != 0 &&
st->m.type != DNS_RPZ_TYPE_NSDNAME) {
result = rpz_rewrite_nsip(client,
- dns_rdatatype_aaaa,
- &ns.name, &ipdb, version,
- &rdataset, resuming);
+ dns_rdatatype_aaaa,
+ &ns.name, &ipdb,
+ version, &rdataset,
+ resuming);
}
dns_rdata_freestruct(&ns);
if (ipdb != NULL)
@@ -4932,12 +4926,14 @@ dns64_aaaaok(ns_client_t *client, dns_rdataset_t *rdataset,
break;
}
}
- if (i == count)
+ if (i == count && aaaaok != NULL)
isc_mem_put(client->mctx, aaaaok,
sizeof(isc_boolean_t) * count);
return (ISC_TRUE);
}
- isc_mem_put(client->mctx, aaaaok, sizeof(isc_boolean_t) * count);
+ if (aaaaok != NULL)
+ isc_mem_put(client->mctx, aaaaok,
+ sizeof(isc_boolean_t) * count);
return (ISC_FALSE);
}
@@ -5198,25 +5194,22 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
is_staticstub_zone = ISC_FALSE;
- if (is_zone && zone != NULL) {
+ if (is_zone) {
authoritative = ISC_TRUE;
- if (dns_zone_gettype(zone) == dns_zone_staticstub)
+ if (zone != NULL &&
+ dns_zone_gettype(zone) == dns_zone_staticstub)
is_staticstub_zone = ISC_TRUE;
}
if (event == NULL && client->query.restarts == 0) {
if (is_zone) {
-#ifdef DLZ
if (zone != NULL) {
/*
* if is_zone = true, zone = NULL then this is
* a DLZ zone. Don't attempt to attach zone.
*/
-#endif
dns_zone_attach(zone, &client->query.authzone);
-#ifdef DLZ
}
-#endif
dns_db_attach(db, &client->query.authdb);
}
client->query.authdbset = ISC_TRUE;
@@ -5290,7 +5283,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
dns_name_copy(fname, rpz_st->fname, NULL);
rpz_st->q.result = result;
client->query.attributes |= NS_QUERYATTR_RECURSING;
- result = ISC_R_SUCCESS;
goto cleanup;
default:
RECURSE_ERROR(rresult);
@@ -5743,8 +5735,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
goto db_find;
}
- result = DNS_R_NXRRSET;
-
/*
* Look for a NSEC3 record if we don't have a NSEC record.
*/
@@ -5880,9 +5870,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* resolver and not have it cached.
*/
if (qtype == dns_rdatatype_soa &&
-#ifdef DLZ
zone != NULL &&
-#endif
dns_zone_getzeronosoattl(zone))
result = query_addsoa(client, db, version, 0,
dns_rdataset_isassociated(rdataset));
@@ -6161,17 +6149,17 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
result = dns_name_concatenate(prefix, tname, fname, NULL);
dns_message_puttempname(client->message, &tname);
- if (result != ISC_R_SUCCESS) {
- if (result == ISC_R_NOSPACE) {
- /*
- * RFC2672, section 4.1, subsection 3c says
- * we should return YXDOMAIN if the constructed
- * name would be too long.
- */
- client->message->rcode = dns_rcode_yxdomain;
- }
+
+ /*
+ * RFC2672, section 4.1, subsection 3c says
+ * we should return YXDOMAIN if the constructed
+ * name would be too long.
+ */
+ if (result == DNS_R_NAMETOOLONG)
+ client->message->rcode = dns_rcode_yxdomain;
+ if (result != ISC_R_SUCCESS)
goto cleanup;
- }
+
query_keepname(client, fname, dbuf);
/*
* Synthesize a CNAME consisting of
@@ -6642,9 +6630,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
/*
* Add a fake SOA record.
*/
- result = query_addsoa(client, db,
- version, 600,
- ISC_FALSE);
+ (void)query_addsoa(client, db, version,
+ 600, ISC_FALSE);
goto cleanup;
}
#endif
diff --git a/bin/named/server.c b/bin/named/server.c
index 5bbf94b9b604..f19a0bbb9371 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.599.8.4 2011-02-16 19:46:12 each Exp $ */
+/* $Id: server.c,v 1.599.8.12 2011-08-02 04:58:45 each Exp $ */
/*! \file */
@@ -60,9 +60,7 @@
#include <dns/cache.h>
#include <dns/db.h>
#include <dns/dispatch.h>
-#ifdef DLZ
#include <dns/dlz.h>
-#endif
#include <dns/dns64.h>
#include <dns/forward.h>
#include <dns/journal.h>
@@ -206,13 +204,15 @@ struct zonelistentry {
/*%
* Configuration context to retain for each view that allows
- * new zones to be added at runtime
+ * new zones to be added at runtime.
*/
struct cfg_context {
isc_mem_t * mctx;
- cfg_obj_t * config;
cfg_parser_t * parser;
- cfg_aclconfctx_t actx;
+ cfg_obj_t * config;
+ cfg_parser_t * nzparser;
+ cfg_obj_t * nzconfig;
+ cfg_aclconfctx_t * actx;
};
/*
@@ -222,7 +222,6 @@ static const struct {
const char *zone;
isc_boolean_t rfc1918;
} empty_zones[] = {
-#ifdef notyet
/* RFC 1918 */
{ "10.IN-ADDR.ARPA", ISC_TRUE },
{ "16.172.IN-ADDR.ARPA", ISC_TRUE },
@@ -242,7 +241,6 @@ static const struct {
{ "30.172.IN-ADDR.ARPA", ISC_TRUE },
{ "31.172.IN-ADDR.ARPA", ISC_TRUE },
{ "168.192.IN-ADDR.ARPA", ISC_TRUE },
-#endif
/* RFC 5735 and RFC 5737 */
{ "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
@@ -304,7 +302,7 @@ static void
end_reserved_dispatches(ns_server_t *server, isc_boolean_t all);
static void
-cfgctx_destroy(void **cfgp);
+newzone_cfgctx_destroy(void **cfgp);
/*%
* Configure a single view ACL at '*aclp'. Get its configuration from
@@ -847,18 +845,13 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
int af, dns_dispatch_t **dispatchp,
isc_boolean_t is_firstview)
{
- isc_result_t result;
+ isc_result_t result = ISC_R_FAILURE;
dns_dispatch_t *disp;
isc_sockaddr_t sa;
unsigned int attrs, attrmask;
const cfg_obj_t *obj = NULL;
unsigned int maxdispatchbuffers;
- /*
- * Make compiler happy.
- */
- result = ISC_R_FAILURE;
-
switch (af) {
case AF_INET:
result = ns_config_get(maps, "query-source", &obj);
@@ -1340,7 +1333,6 @@ cache_sharable(dns_view_t *originview, dns_view_t *view,
return (ISC_TRUE);
}
-#ifdef DLZ
/*
* Callback from DLZ configure when the driver sets up a writeable zone
*/
@@ -1358,7 +1350,6 @@ dlzconfigure_callback(dns_view_t *view, dns_zone_t *zone) {
return ns_zone_configure_writeable_dlz(view->dlzdatabase,
zone, zclass, origin);
}
-#endif
static isc_result_t
dns64_reverse(dns_view_t *view, isc_mem_t *mctx, isc_netaddr_t *na,
@@ -1554,8 +1545,7 @@ configure_rpz(dns_view_t *view, const cfg_listelt_t *element) {
* global defaults in 'config' used exclusively.
*/
static isc_result_t
-configure_view(dns_view_t *view, cfg_parser_t* parser,
- cfg_obj_t *config, cfg_obj_t *vconfig,
+configure_view(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
ns_cachelist_t *cachelist, const cfg_obj_t *bindkeys,
isc_mem_t *mctx, cfg_aclconfctx_t *actx,
isc_boolean_t need_hints)
@@ -1569,11 +1559,9 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
const cfg_obj_t *forwarders;
const cfg_obj_t *alternates;
const cfg_obj_t *zonelist;
-#ifdef DLZ
const cfg_obj_t *dlz;
unsigned int dlzargc;
char **dlzargv;
-#endif
const cfg_obj_t *disabled;
const cfg_obj_t *obj;
const cfg_listelt_t *element;
@@ -1587,7 +1575,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
isc_uint32_t lame_ttl;
dns_tsig_keyring_t *ring = NULL;
dns_view_t *pview = NULL; /* Production view */
- isc_mem_t *cmctx;
+ isc_mem_t *cmctx = NULL, *hmctx = NULL;
dns_dispatch_t *dispatch4 = NULL;
dns_dispatch_t *dispatch6 = NULL;
isc_boolean_t reused_cache = ISC_FALSE;
@@ -1612,15 +1600,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
isc_boolean_t auto_root = ISC_FALSE;
ns_cache_t *nsc;
isc_boolean_t zero_no_soattl;
- cfg_parser_t *newzones_parser = NULL;
- cfg_obj_t *nzfconf = NULL;
dns_acl_t *clients = NULL, *mapped = NULL, *excluded = NULL;
unsigned int query_timeout;
+ struct cfg_context *nzctx;
REQUIRE(DNS_VIEW_VALID(view));
- cmctx = NULL;
-
if (config != NULL)
(void)cfg_map_get(config, "options", &options);
@@ -1651,6 +1636,7 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
sep = "";
viewname = "";
forview = "";
+ POST(forview);
}
/*
@@ -1722,6 +1708,10 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
(void)cfg_map_get(voptions, "zone", &zonelist);
else
(void)cfg_map_get(config, "zone", &zonelist);
+
+ /*
+ * Load zone configuration
+ */
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element))
@@ -1732,61 +1722,31 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
}
/*
- * Are we allowing zones to be added and deleted dynamically?
- */
- obj = NULL;
- result = ns_config_get(maps, "allow-new-zones", &obj);
- if (result == ISC_R_SUCCESS) {
- isc_boolean_t allow = cfg_obj_asboolean(obj);
- struct cfg_context *cfg = NULL;
- if (allow) {
- cfg = isc_mem_get(view->mctx, sizeof(*cfg));
- if (cfg == NULL) {
- result = ISC_R_NOMEMORY;
- goto cleanup;
- }
- memset(cfg, 0, sizeof(*cfg));
- isc_mem_attach(view->mctx, &cfg->mctx);
- if (config != NULL)
- cfg_obj_attach(config, &cfg->config);
- cfg_parser_attach(parser, &cfg->parser);
- cfg_aclconfctx_clone(actx, &cfg->actx);
- }
- dns_view_setnewzones(view, allow, cfg, cfgctx_destroy);
- }
-
- /*
* If we're allowing added zones, then load zone configuration
* from the newzone file for zones that were added during previous
* runs.
*/
- if (view->new_zone_file != NULL) {
+ nzctx = view->new_zone_config;
+ if (nzctx != NULL && nzctx->nzconfig != NULL) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"loading additional zones for view '%s'",
view->name);
- CHECK(cfg_parser_create(view->mctx, ns_g_lctx,
- &newzones_parser));
- result = cfg_parse_file(newzones_parser, view->new_zone_file,
- &cfg_type_newzones, &nzfconf);
- if (result == ISC_R_SUCCESS) {
- zonelist = NULL;
- cfg_map_get(nzfconf, "zone", &zonelist);
- for (element = cfg_list_first(zonelist);
- element != NULL;
- element = cfg_list_next(element))
- {
- const cfg_obj_t *zconfig =
- cfg_listelt_value(element);
- CHECK(configure_zone(config, zconfig, vconfig,
- mctx, view, actx,
- ISC_TRUE));
- }
+ zonelist = NULL;
+ cfg_map_get(nzctx->nzconfig, "zone", &zonelist);
+
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ const cfg_obj_t *zconfig = cfg_listelt_value(element);
+ CHECK(configure_zone(config, zconfig, vconfig,
+ mctx, view, actx,
+ ISC_TRUE));
}
}
-#ifdef DLZ
/*
* Create Dynamically Loadable Zone driver.
*/
@@ -1831,7 +1791,6 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
goto cleanup;
}
}
-#endif
/*
* Obtain configuration parameters that affect the decision of whether
@@ -2103,13 +2062,21 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
* view but is not yet configured. If it is not the
* view name but not a forward reference either, then it
* is simply a named cache that is not shared.
+ *
+ * We use two separate memory contexts for the
+ * cache, for the main cache memory and the heap
+ * memory.
*/
CHECK(isc_mem_create(0, 0, &cmctx));
isc_mem_setname(cmctx, "cache", NULL);
- CHECK(dns_cache_create2(cmctx, ns_g_taskmgr,
+ CHECK(isc_mem_create(0, 0, &hmctx));
+ isc_mem_setname(hmctx, "cache_heap", NULL);
+ CHECK(dns_cache_create3(cmctx, hmctx, ns_g_taskmgr,
ns_g_timermgr, view->rdclass,
cachename, "rbt", 0, NULL,
&cache));
+ isc_mem_detach(&cmctx);
+ isc_mem_detach(&hmctx);
}
nsc = isc_mem_get(mctx, sizeof(*nsc));
if (nsc == NULL) {
@@ -2910,8 +2877,8 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
if (result == ISC_R_SUCCESS)
cfg_map_get(obj, "zone", &zonelist);
}
- if (zonelist != NULL) {
+ if (zonelist != NULL) {
for (element = cfg_list_first(zonelist);
element != NULL;
element = cfg_list_next(element)) {
@@ -2947,16 +2914,12 @@ configure_view(dns_view_t *view, cfg_parser_t* parser,
dns_order_detach(&order);
if (cmctx != NULL)
isc_mem_detach(&cmctx);
+ if (hmctx != NULL)
+ isc_mem_detach(&hmctx);
if (cache != NULL)
dns_cache_detach(&cache);
- if (newzones_parser != NULL) {
- if (nzfconf != NULL)
- cfg_obj_destroy(newzones_parser, &nzfconf);
- cfg_parser_destroy(&newzones_parser);
- }
-
return (result);
}
@@ -3161,21 +3124,16 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
return (result);
}
-/*
- * Create a new view and add it to the list.
- *
- * If 'vconfig' is NULL, create the default view.
- *
- * The view created is attached to '*viewp'.
- */
static isc_result_t
-create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
- dns_view_t **viewp)
+get_viewinfo(const cfg_obj_t *vconfig, const char **namep,
+ dns_rdataclass_t *classp)
{
- isc_result_t result;
+ isc_result_t result = ISC_R_SUCCESS;
const char *viewname;
dns_rdataclass_t viewclass;
- dns_view_t *view = NULL;
+
+ REQUIRE(namep != NULL && *namep == NULL);
+ REQUIRE(classp != NULL);
if (vconfig != NULL) {
const cfg_obj_t *classobj = NULL;
@@ -3188,6 +3146,59 @@ create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
viewname = "_default";
viewclass = dns_rdataclass_in;
}
+
+ *namep = viewname;
+ *classp = viewclass;
+
+ return (result);
+}
+
+/*
+ * Find a view based on its configuration info and attach to it.
+ *
+ * If 'vconfig' is NULL, attach to the default view.
+ */
+static isc_result_t
+find_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
+ dns_view_t **viewp)
+{
+ isc_result_t result;
+ const char *viewname = NULL;
+ dns_rdataclass_t viewclass;
+ dns_view_t *view = NULL;
+
+ result = get_viewinfo(vconfig, &viewname, &viewclass);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ *viewp = view;
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Create a new view and add it to the list.
+ *
+ * If 'vconfig' is NULL, create the default view.
+ *
+ * The view created is attached to '*viewp'.
+ */
+static isc_result_t
+create_view(const cfg_obj_t *vconfig, dns_viewlist_t *viewlist,
+ dns_view_t **viewp)
+{
+ isc_result_t result;
+ const char *viewname = NULL;
+ dns_rdataclass_t viewclass;
+ dns_view_t *view = NULL;
+
+ result = get_viewinfo(vconfig, &viewname, &viewclass);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
result = dns_viewlist_find(viewlist, viewname, viewclass, &view);
if (result == ISC_R_SUCCESS)
return (ISC_R_EXISTS);
@@ -4146,10 +4157,98 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
}
static isc_result_t
+setup_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
+ cfg_parser_t *parser, cfg_aclconfctx_t *actx)
+{
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_boolean_t allow = ISC_FALSE;
+ struct cfg_context *nzcfg = NULL;
+ cfg_parser_t *nzparser = NULL;
+ cfg_obj_t *nzconfig = NULL;
+ const cfg_obj_t *maps[4];
+ const cfg_obj_t *options = NULL, *voptions = NULL;
+ const cfg_obj_t *nz = NULL;
+ int i = 0;
+
+ REQUIRE (config != NULL);
+
+ if (vconfig != NULL)
+ voptions = cfg_tuple_get(vconfig, "options");
+ if (voptions != NULL)
+ maps[i++] = voptions;
+ result = cfg_map_get(config, "options", &options);
+ if (result == ISC_R_SUCCESS)
+ maps[i++] = options;
+ maps[i++] = ns_g_defaults;
+ maps[i] = NULL;
+
+ result = ns_config_get(maps, "allow-new-zones", &nz);
+ if (result == ISC_R_SUCCESS)
+ allow = cfg_obj_asboolean(nz);
+
+ if (!allow) {
+ dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
+ return (ISC_R_SUCCESS);
+ }
+
+ nzcfg = isc_mem_get(view->mctx, sizeof(*nzcfg));
+ if (nzcfg == NULL) {
+ dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
+ return (ISC_R_NOMEMORY);
+ }
+
+ dns_view_setnewzones(view, allow, nzcfg, newzone_cfgctx_destroy);
+
+ memset(nzcfg, 0, sizeof(*nzcfg));
+ isc_mem_attach(view->mctx, &nzcfg->mctx);
+ cfg_obj_attach(config, &nzcfg->config);
+ cfg_parser_attach(parser, &nzcfg->parser);
+ cfg_aclconfctx_attach(actx, &nzcfg->actx);
+
+ /*
+ * Attempt to create a parser and parse the newzones
+ * file. If successful, preserve both; otherwise leave
+ * them NULL.
+ */
+ result = cfg_parser_create(view->mctx, ns_g_lctx, &nzparser);
+ if (result == ISC_R_SUCCESS)
+ result = cfg_parse_file(nzparser, view->new_zone_file,
+ &cfg_type_newzones, &nzconfig);
+ if (result == ISC_R_SUCCESS) {
+ cfg_parser_attach(nzparser, &nzcfg->nzparser);
+ cfg_obj_attach(nzconfig, &nzcfg->nzconfig);
+ }
+
+ if (nzparser != NULL) {
+ if (nzconfig != NULL)
+ cfg_obj_destroy(nzparser, &nzconfig);
+ cfg_parser_destroy(&nzparser);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static int
+count_zones(const cfg_obj_t *conf) {
+ const cfg_obj_t *zonelist = NULL;
+ const cfg_listelt_t *element;
+ int n = 0;
+
+ REQUIRE(conf != NULL);
+
+ cfg_map_get(conf, "zone", &zonelist);
+ for (element = cfg_list_first(zonelist);
+ element != NULL;
+ element = cfg_list_next(element))
+ n++;
+
+ return (n);
+}
+
+static isc_result_t
load_configuration(const char *filename, ns_server_t *server,
isc_boolean_t first_time)
{
- cfg_aclconfctx_t aclconfctx;
cfg_obj_t *config = NULL, *bindkeys = NULL;
cfg_parser_t *conf_parser = NULL, *bindkeys_parser = NULL;
const cfg_listelt_t *element;
@@ -4177,8 +4276,9 @@ load_configuration(const char *filename, ns_server_t *server,
ns_cachelist_t cachelist, tmpcachelist;
unsigned int maxsocks;
ns_cache_t *nsc;
+ struct cfg_context *nzctx;
+ int num_zones = 0;
- cfg_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(builtin_viewlist);
ISC_LIST_INIT(cachelist);
@@ -4187,6 +4287,11 @@ load_configuration(const char *filename, ns_server_t *server,
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ /* Create the ACL configuration context */
+ if (ns_g_aclconfctx != NULL)
+ cfg_aclconfctx_detach(&ns_g_aclconfctx);
+ CHECK(cfg_aclconfctx_create(ns_g_mctx, &ns_g_aclconfctx));
+
/*
* Parse the global default pseudo-config file.
*/
@@ -4250,7 +4355,7 @@ load_configuration(const char *filename, ns_server_t *server,
if (result == ISC_R_SUCCESS)
maps[i++] = options;
maps[i++] = ns_g_defaults;
- maps[i++] = NULL;
+ maps[i] = NULL;
/*
* If bind.keys exists, load it. If "dnssec-lookaside auto"
@@ -4337,8 +4442,9 @@ load_configuration(const char *filename, ns_server_t *server,
else
isc_quota_soft(&server->recursionquota, 0);
- CHECK(configure_view_acl(NULL, config, "blackhole", NULL, &aclconfctx,
- ns_g_mctx, &server->blackholeacl));
+ CHECK(configure_view_acl(NULL, config, "blackhole", NULL,
+ ns_g_aclconfctx, ns_g_mctx,
+ &server->blackholeacl));
if (server->blackholeacl != NULL)
dns_dispatchmgr_setblackhole(ns_g_dispatchmgr,
server->blackholeacl);
@@ -4348,7 +4454,7 @@ load_configuration(const char *filename, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
- CHECKM(ns_statschannels_configure(ns_g_server, config, &aclconfctx),
+ CHECKM(ns_statschannels_configure(ns_g_server, config, ns_g_aclconfctx),
"configuring statistics server(s)");
/*
@@ -4476,11 +4582,10 @@ load_configuration(const char *filename, ns_server_t *server,
if (options != NULL)
(void)cfg_map_get(options, "listen-on", &clistenon);
if (clistenon != NULL) {
- result = ns_listenlist_fromconfig(clistenon,
- config,
- &aclconfctx,
- ns_g_mctx,
- &listenon);
+ /* check return code? */
+ (void)ns_listenlist_fromconfig(clistenon, config,
+ ns_g_aclconfctx,
+ ns_g_mctx, &listenon);
} else if (!ns_g_lwresdonly) {
/*
* Not specified, use default.
@@ -4504,11 +4609,10 @@ load_configuration(const char *filename, ns_server_t *server,
if (options != NULL)
(void)cfg_map_get(options, "listen-on-v6", &clistenon);
if (clistenon != NULL) {
- result = ns_listenlist_fromconfig(clistenon,
- config,
- &aclconfctx,
- ns_g_mctx,
- &listenon);
+ /* check return code? */
+ (void)ns_listenlist_fromconfig(clistenon, config,
+ ns_g_aclconfctx,
+ ns_g_mctx, &listenon);
} else if (!ns_g_lwresdonly) {
isc_boolean_t enable;
/*
@@ -4601,25 +4705,87 @@ load_configuration(const char *filename, ns_server_t *server,
*/
(void)configure_session_key(maps, server, ns_g_mctx);
- /*
- * Configure and freeze all explicit views. Explicit
- * views that have zones were already created at parsing
- * time, but views with no zones must be created here.
- */
views = NULL;
(void)cfg_map_get(config, "view", &views);
+
+ /*
+ * Create the views and count all the configured zones in
+ * order to correctly size the zone manager's task table.
+ * (We only count zones for configured views; the built-in
+ * "bind" view can be ignored as it only adds a negligible
+ * number of zones.)
+ *
+ * If we're allowing new zones, we need to be able to find the
+ * new zone file and count those as well. So we setup the new
+ * zone configuration context, but otherwise view configuration
+ * waits until after the zone manager's task list has been sized.
+ */
for (element = cfg_list_first(views);
element != NULL;
element = cfg_list_next(element))
{
cfg_obj_t *vconfig = cfg_listelt_value(element);
+ const cfg_obj_t *voptions = cfg_tuple_get(vconfig, "options");
view = NULL;
CHECK(create_view(vconfig, &viewlist, &view));
INSIST(view != NULL);
- CHECK(configure_view(view, conf_parser, config, vconfig,
- &cachelist, bindkeys,
- ns_g_mctx, &aclconfctx, ISC_TRUE));
+
+ num_zones += count_zones(voptions);
+ CHECK(setup_newzones(view, config, vconfig, conf_parser,
+ ns_g_aclconfctx));
+
+ nzctx = view->new_zone_config;
+ if (nzctx != NULL && nzctx->nzconfig != NULL)
+ num_zones += count_zones(nzctx->nzconfig);
+
+ dns_view_detach(&view);
+ }
+
+ /*
+ * If there were no explicit views then we do the default
+ * view here.
+ */
+ if (views == NULL) {
+ CHECK(create_view(NULL, &viewlist, &view));
+ INSIST(view != NULL);
+
+ num_zones = count_zones(config);
+
+ CHECK(setup_newzones(view, config, NULL, conf_parser,
+ ns_g_aclconfctx));
+
+ nzctx = view->new_zone_config;
+ if (nzctx != NULL && nzctx->nzconfig != NULL)
+ num_zones += count_zones(nzctx->nzconfig);
+
+ dns_view_detach(&view);
+ }
+
+ /*
+ * Zones have been counted; set the zone manager task pool size.
+ */
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "sizing zone task pool based on %d zones", num_zones);
+ CHECK(dns_zonemgr_setsize(ns_g_server->zonemgr, num_zones));
+
+ /*
+ * Configure and freeze all explicit views. Explicit
+ * views that have zones were already created at parsing
+ * time, but views with no zones must be created here.
+ */
+ for (element = cfg_list_first(views);
+ element != NULL;
+ element = cfg_list_next(element))
+ {
+ cfg_obj_t *vconfig = cfg_listelt_value(element);
+
+ view = NULL;
+ CHECK(find_view(vconfig, &viewlist, &view));
+ CHECK(configure_view(view, config, vconfig,
+ &cachelist, bindkeys, ns_g_mctx,
+ ns_g_aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
@@ -4629,16 +4795,11 @@ load_configuration(const char *filename, ns_server_t *server,
* were no explicit views.
*/
if (views == NULL) {
- /*
- * No explicit views; there ought to be a default view.
- * There may already be one created as a side effect
- * of zone statements, or we may have to create one.
- * In either case, we need to configure and freeze it.
- */
- CHECK(create_view(NULL, &viewlist, &view));
- CHECK(configure_view(view, conf_parser, config, NULL,
+ view = NULL;
+ CHECK(find_view(NULL, &viewlist, &view));
+ CHECK(configure_view(view, config, NULL,
&cachelist, bindkeys,
- ns_g_mctx, &aclconfctx, ISC_TRUE));
+ ns_g_mctx, ns_g_aclconfctx, ISC_TRUE));
dns_view_freeze(view);
dns_view_detach(&view);
}
@@ -4656,9 +4817,9 @@ load_configuration(const char *filename, ns_server_t *server,
cfg_obj_t *vconfig = cfg_listelt_value(element);
CHECK(create_view(vconfig, &builtin_viewlist, &view));
- CHECK(configure_view(view, conf_parser, config, vconfig,
+ CHECK(configure_view(view, config, vconfig,
&cachelist, bindkeys,
- ns_g_mctx, &aclconfctx, ISC_FALSE));
+ ns_g_mctx, ns_g_aclconfctx, ISC_FALSE));
dns_view_freeze(view);
dns_view_detach(&view);
view = NULL;
@@ -4699,7 +4860,7 @@ load_configuration(const char *filename, ns_server_t *server,
* Bind the control port(s).
*/
CHECKM(ns_controls_configure(ns_g_server->controls, config,
- &aclconfctx),
+ ns_g_aclconfctx),
"binding control channel(s)");
/*
@@ -4941,8 +5102,6 @@ load_configuration(const char *filename, ns_server_t *server,
if (v6portset != NULL)
isc_portset_destroy(ns_g_mctx, &v6portset);
- cfg_aclconfctx_clear(&aclconfctx);
-
if (conf_parser != NULL) {
if (config != NULL)
cfg_obj_destroy(conf_parser, &config);
@@ -5149,6 +5308,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
end_reserved_dispatches(server, ISC_TRUE);
cleanup_session_key(server, server->mctx);
+ if (ns_g_aclconfctx != NULL)
+ cfg_aclconfctx_detach(&ns_g_aclconfctx);
+
cfg_obj_destroy(ns_g_parser, &ns_g_config);
cfg_parser_destroy(&ns_g_parser);
@@ -5200,8 +5362,8 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
void
ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
isc_result_t result;
-
ns_server_t *server = isc_mem_get(mctx, sizeof(*server));
+
if (server == NULL)
fatal("allocating server object", ISC_R_NOMEMORY);
@@ -5274,6 +5436,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
CHECKFATAL(dns_zonemgr_create(ns_g_mctx, ns_g_taskmgr, ns_g_timermgr,
ns_g_socketmgr, &server->zonemgr),
"dns_zonemgr_create");
+ CHECKFATAL(dns_zonemgr_setsize(server->zonemgr, 1000),
+ "dns_zonemgr_setsize");
server->statsfile = isc_mem_strdup(server->mctx, "named.stats");
CHECKFATAL(server->statsfile == NULL ? ISC_R_NOMEMORY : ISC_R_SUCCESS,
@@ -5383,7 +5547,8 @@ ns_server_destroy(ns_server_t **serverp) {
if (server->server_id != NULL)
isc_mem_free(server->mctx, server->server_id);
- dns_zonemgr_detach(&server->zonemgr);
+ if (server->zonemgr != NULL)
+ dns_zonemgr_detach(&server->zonemgr);
if (server->tkeyctx != NULL)
dns_tkeyctx_destroy(&server->tkeyctx);
@@ -5947,7 +6112,6 @@ ns_server_dumpstats(ns_server_t *server) {
"could not open statistics dump file", server->statsfile);
result = ns_stats_dump(server, fp);
- CHECK(result);
cleanup:
if (fp != NULL)
@@ -6135,6 +6299,7 @@ dumpdone(void *arg, isc_result_t result) {
fprintf(dctx->fp, "; %s\n",
dns_result_totext(result));
result = ISC_R_SUCCESS;
+ POST(result);
goto nextzone;
}
if (result != ISC_R_SUCCESS)
@@ -6260,28 +6425,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
fprintf(fp, "%s\n", tbuf);
- nextview:
- for (view = ISC_LIST_HEAD(server->viewlist);
- view != NULL;
- view = ISC_LIST_NEXT(view, link))
- {
- if (ptr != NULL && strcmp(view->name, ptr) != 0)
- continue;
- if (secroots != NULL)
- dns_keytable_detach(&secroots);
- result = dns_view_getsecroots(view, &secroots);
- if (result == ISC_R_NOTFOUND) {
- result = ISC_R_SUCCESS;
- continue;
+ do {
+ for (view = ISC_LIST_HEAD(server->viewlist);
+ view != NULL;
+ view = ISC_LIST_NEXT(view, link))
+ {
+ if (ptr != NULL && strcmp(view->name, ptr) != 0)
+ continue;
+ if (secroots != NULL)
+ dns_keytable_detach(&secroots);
+ result = dns_view_getsecroots(view, &secroots);
+ if (result == ISC_R_NOTFOUND) {
+ result = ISC_R_SUCCESS;
+ continue;
+ }
+ fprintf(fp, "\n Start view %s\n\n", view->name);
+ result = dns_keytable_dump(secroots, fp);
+ if (result != ISC_R_SUCCESS)
+ fprintf(fp, " dumpsecroots failed: %s\n",
+ isc_result_totext(result));
}
- fprintf(fp, "\n Start view %s\n\n", view->name);
- CHECK(dns_keytable_dump(secroots, fp));
- }
- if (ptr != NULL) {
- ptr = next_token(&args, " \t");
if (ptr != NULL)
- goto nextview;
- }
+ ptr = next_token(&args, " \t");
+ } while (ptr != NULL);
cleanup:
if (secroots != NULL)
@@ -7188,7 +7354,7 @@ ns_server_add_zone(ns_server_t *server, char *args) {
/* Mark view unfrozen so that zone can be added */
dns_view_thaw(view);
result = configure_zone(cfg->config, parms, vconfig,
- server->mctx, view, &cfg->actx, ISC_FALSE);
+ server->mctx, view, cfg->actx, ISC_FALSE);
dns_view_freeze(view);
if (result != ISC_R_SUCCESS) {
goto cleanup;
@@ -7437,23 +7603,27 @@ ns_server_del_zone(ns_server_t *server, char *args) {
}
static void
-cfgctx_destroy(void **cfgp) {
+newzone_cfgctx_destroy(void **cfgp) {
struct cfg_context *cfg;
- isc_mem_t *mctx;
REQUIRE(cfgp != NULL && *cfgp != NULL);
+
cfg = *cfgp;
- mctx = cfg->mctx;
- cfg->mctx = NULL;
+
+ if (cfg->actx != NULL)
+ cfg_aclconfctx_detach(&cfg->actx);
if (cfg->parser != NULL) {
if (cfg->config != NULL)
cfg_obj_destroy(cfg->parser, &cfg->config);
cfg_parser_destroy(&cfg->parser);
}
- cfg_aclconfctx_clear(&cfg->actx);
+ if (cfg->nzparser != NULL) {
+ if (cfg->nzconfig != NULL)
+ cfg_obj_destroy(cfg->nzparser, &cfg->nzconfig);
+ cfg_parser_destroy(&cfg->nzparser);
+ }
- isc_mem_put(mctx, cfg, sizeof(*cfg));
- isc_mem_detach(&mctx);
+ isc_mem_putanddetach(&cfg->mctx, cfg, sizeof(*cfg));
*cfgp = NULL;
}
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 6dce8e0a77c5..1f726941a004 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: statschannel.c,v 1.26 2010-02-04 23:49:13 tbox Exp $ */
+/* $Id: statschannel.c,v 1.26.150.2 2011-03-12 04:59:14 tbox Exp $ */
/*! \file */
@@ -638,7 +638,7 @@ rdatasetstats_dump(dns_rdatastatstype_t type, isc_uint64_t val, void *arg) {
static void
opcodestat_dump(dns_opcode_t code, isc_uint64_t val, void *arg) {
- FILE *fp = arg;
+ FILE *fp;
isc_buffer_t b;
char codebuf[64];
stats_dumparg_t *dumparg = arg;
diff --git a/bin/named/unix/Makefile.in b/bin/named/unix/Makefile.in
index ca92c49b5c78..a7155a0e358a 100644
--- a/bin/named/unix/Makefile.in
+++ b/bin/named/unix/Makefile.in
@@ -1,4 +1,4 @@
-# Copyright (C) 2004, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 1999-2001 Internet Software Consortium.
#
# Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.13 2009-12-05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.13.244.2 2011-03-10 23:47:26 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -22,14 +22,15 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
+ ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${DNS_INCLUDES} ${ISC_INCLUDES}
CDEFINES =
CWARNINGS =
-OBJS = os.@O@
+OBJS = os.@O@ dlz_dlopen_driver.@O@
-SRCS = os.c
+SRCS = os.c dlz_dlopen_driver.c
TARGETS = ${OBJS}
diff --git a/bin/named/unix/dlz_dlopen_driver.c b/bin/named/unix/dlz_dlopen_driver.c
new file mode 100644
index 000000000000..35dbcab65c01
--- /dev/null
+++ b/bin/named/unix/dlz_dlopen_driver.c
@@ -0,0 +1,616 @@
+/*
+ * Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dlz_dlopen_driver.c,v 1.1.4.4 2011-03-17 09:41:06 fdupont Exp $ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <dlfcn.h>
+
+#include <dns/log.h>
+#include <dns/result.h>
+#include <dns/dlz_dlopen.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/result.h>
+#include <isc/util.h>
+
+#include <named/globals.h>
+
+#include <dlz/dlz_dlopen_driver.h>
+
+#ifdef ISC_DLZ_DLOPEN
+static dns_sdlzimplementation_t *dlz_dlopen = NULL;
+
+
+typedef struct dlopen_data {
+ isc_mem_t *mctx;
+ char *dl_path;
+ char *dlzname;
+ void *dl_handle;
+ void *dbdata;
+ unsigned int flags;
+ isc_mutex_t lock;
+ int version;
+ isc_boolean_t in_configure;
+
+ dlz_dlopen_version_t *dlz_version;
+ dlz_dlopen_create_t *dlz_create;
+ dlz_dlopen_findzonedb_t *dlz_findzonedb;
+ dlz_dlopen_lookup_t *dlz_lookup;
+ dlz_dlopen_authority_t *dlz_authority;
+ dlz_dlopen_allnodes_t *dlz_allnodes;
+ dlz_dlopen_allowzonexfr_t *dlz_allowzonexfr;
+ dlz_dlopen_newversion_t *dlz_newversion;
+ dlz_dlopen_closeversion_t *dlz_closeversion;
+ dlz_dlopen_configure_t *dlz_configure;
+ dlz_dlopen_ssumatch_t *dlz_ssumatch;
+ dlz_dlopen_addrdataset_t *dlz_addrdataset;
+ dlz_dlopen_subrdataset_t *dlz_subrdataset;
+ dlz_dlopen_delrdataset_t *dlz_delrdataset;
+ dlz_dlopen_destroy_t *dlz_destroy;
+} dlopen_data_t;
+
+/* Modules can choose whether they are lock-safe or not. */
+#define MAYBE_LOCK(cd) \
+ do { \
+ if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \
+ cd->in_configure == ISC_FALSE) \
+ LOCK(&cd->lock); \
+ } while (0)
+
+#define MAYBE_UNLOCK(cd) \
+ do { \
+ if ((cd->flags & DNS_SDLZFLAG_THREADSAFE) == 0 && \
+ cd->in_configure == ISC_FALSE) \
+ UNLOCK(&cd->lock); \
+ } while (0)
+
+/*
+ * Log a message at the given level.
+ */
+static void dlopen_log(int level, const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ isc_log_vwrite(dns_lctx, DNS_LOGCATEGORY_DATABASE,
+ DNS_LOGMODULE_DLZ, ISC_LOG_DEBUG(level),
+ fmt, ap);
+ va_end(ap);
+}
+
+/*
+ * SDLZ methods
+ */
+
+static isc_result_t
+dlopen_dlz_allnodes(const char *zone, void *driverarg, void *dbdata,
+ dns_sdlzallnodes_t *allnodes)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_allnodes == NULL) {
+ return (ISC_R_NOPERM);
+ }
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_allnodes(zone, cd->dbdata, allnodes);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+
+static isc_result_t
+dlopen_dlz_allowzonexfr(void *driverarg, void *dbdata, const char *name,
+ const char *client)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+
+ if (cd->dlz_allowzonexfr == NULL) {
+ return (ISC_R_NOPERM);
+ }
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_allowzonexfr(cd->dbdata, name, client);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+static isc_result_t
+dlopen_dlz_authority(const char *zone, void *driverarg, void *dbdata,
+ dns_sdlzlookup_t *lookup)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_authority == NULL) {
+ return (ISC_R_NOTIMPLEMENTED);
+ }
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_authority(zone, cd->dbdata, lookup);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+static isc_result_t
+dlopen_dlz_findzonedb(void *driverarg, void *dbdata, const char *name)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_findzonedb(cd->dbdata, name);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+
+static isc_result_t
+dlopen_dlz_lookup(const char *zone, const char *name, void *driverarg,
+ void *dbdata, dns_sdlzlookup_t *lookup)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_lookup(zone, name, cd->dbdata, lookup);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+/*
+ * Load a symbol from the library
+ */
+static void *
+dl_load_symbol(dlopen_data_t *cd, const char *symbol, isc_boolean_t mandatory) {
+ void *ptr = dlsym(cd->dl_handle, symbol);
+ if (ptr == NULL && mandatory) {
+ dlopen_log(ISC_LOG_ERROR,
+ "dlz_dlopen: library '%s' is missing "
+ "required symbol '%s'", cd->dl_path, symbol);
+ }
+ return (ptr);
+}
+
+/*
+ * Called at startup for each dlopen zone in named.conf
+ */
+static isc_result_t
+dlopen_dlz_create(const char *dlzname, unsigned int argc, char *argv[],
+ void *driverarg, void **dbdata)
+{
+ dlopen_data_t *cd;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result = ISC_R_FAILURE;
+ int dlopen_flags = 0;
+
+ UNUSED(driverarg);
+
+ if (argc < 2) {
+ dlopen_log(ISC_LOG_ERROR,
+ "dlz_dlopen driver for '%s' needs a path to "
+ "the shared library", dlzname);
+ return (ISC_R_FAILURE);
+ }
+
+ isc_mem_create(0, 0, &mctx);
+
+ cd = isc_mem_get(mctx, sizeof(*cd));
+ if (cd == NULL) {
+ isc_mem_destroy(&mctx);
+ return (ISC_R_NOMEMORY);
+ }
+ memset(cd, 0, sizeof(*cd));
+
+ cd->mctx = mctx;
+
+ cd->dl_path = isc_mem_strdup(cd->mctx, argv[1]);
+ if (cd->dl_path == NULL) {
+ goto failed;
+ }
+
+ cd->dlzname = isc_mem_strdup(cd->mctx, dlzname);
+ if (cd->dlzname == NULL) {
+ goto failed;
+ }
+
+ /* Initialize the lock */
+ isc_mutex_init(&cd->lock);
+
+ /* Open the library */
+ dlopen_flags = RTLD_NOW;
+
+#ifdef RTLD_DEEPBIND
+ /*
+ * If RTLD_DEEPBIND is available then use it. This can avoid
+ * issues with a module using a different version of a system
+ * library than one that bind9 uses. For example, bind9 may link
+ * to MIT kerberos, but the module may use Heimdal. If we don't
+ * use RTLD_DEEPBIND then we could end up with Heimdal functions
+ * calling MIT functions, which leads to bizarre results (usually
+ * a segfault).
+ */
+ dlopen_flags |= RTLD_DEEPBIND;
+#endif
+
+ cd->dl_handle = dlopen(cd->dl_path, dlopen_flags);
+ if (cd->dl_handle == NULL) {
+ dlopen_log(ISC_LOG_ERROR,
+ "dlz_dlopen failed to open library '%s' - %s",
+ cd->dl_path, dlerror());
+ goto failed;
+ }
+
+ /* Find the symbols */
+ cd->dlz_version = (dlz_dlopen_version_t *)
+ dl_load_symbol(cd, "dlz_version", ISC_TRUE);
+ cd->dlz_create = (dlz_dlopen_create_t *)
+ dl_load_symbol(cd, "dlz_create", ISC_TRUE);
+ cd->dlz_lookup = (dlz_dlopen_lookup_t *)
+ dl_load_symbol(cd, "dlz_lookup", ISC_TRUE);
+ cd->dlz_findzonedb = (dlz_dlopen_findzonedb_t *)
+ dl_load_symbol(cd, "dlz_findzonedb", ISC_TRUE);
+
+ if (cd->dlz_create == NULL ||
+ cd->dlz_lookup == NULL ||
+ cd->dlz_findzonedb == NULL)
+ {
+ /* We're missing a required symbol */
+ goto failed;
+ }
+
+ cd->dlz_allowzonexfr = (dlz_dlopen_allowzonexfr_t *)
+ dl_load_symbol(cd, "dlz_allowzonexfr", ISC_FALSE);
+ cd->dlz_allnodes = (dlz_dlopen_allnodes_t *)
+ dl_load_symbol(cd, "dlz_allnodes",
+ ISC_TF(cd->dlz_allowzonexfr != NULL));
+ cd->dlz_authority = (dlz_dlopen_authority_t *)
+ dl_load_symbol(cd, "dlz_authority", ISC_FALSE);
+ cd->dlz_newversion = (dlz_dlopen_newversion_t *)
+ dl_load_symbol(cd, "dlz_newversion", ISC_FALSE);
+ cd->dlz_closeversion = (dlz_dlopen_closeversion_t *)
+ dl_load_symbol(cd, "dlz_closeversion",
+ ISC_TF(cd->dlz_newversion != NULL));
+ cd->dlz_configure = (dlz_dlopen_configure_t *)
+ dl_load_symbol(cd, "dlz_configure", ISC_FALSE);
+ cd->dlz_ssumatch = (dlz_dlopen_ssumatch_t *)
+ dl_load_symbol(cd, "dlz_ssumatch", ISC_FALSE);
+ cd->dlz_addrdataset = (dlz_dlopen_addrdataset_t *)
+ dl_load_symbol(cd, "dlz_addrdataset", ISC_FALSE);
+ cd->dlz_subrdataset = (dlz_dlopen_subrdataset_t *)
+ dl_load_symbol(cd, "dlz_subrdataset", ISC_FALSE);
+ cd->dlz_delrdataset = (dlz_dlopen_delrdataset_t *)
+ dl_load_symbol(cd, "dlz_delrdataset", ISC_FALSE);
+
+ /* Check the version of the API is the same */
+ cd->version = cd->dlz_version(&cd->flags);
+ if (cd->version != DLZ_DLOPEN_VERSION) {
+ dlopen_log(ISC_LOG_ERROR,
+ "dlz_dlopen: incorrect version %d "
+ "should be %d in '%s'",
+ cd->version, DLZ_DLOPEN_VERSION, cd->dl_path);
+ goto failed;
+ }
+
+ /*
+ * Call the library's create function. Note that this is an
+ * extended version of dlz create, with the addition of
+ * named function pointers for helper functions that the
+ * driver will need. This avoids the need for the backend to
+ * link the BIND9 libraries
+ */
+ MAYBE_LOCK(cd);
+ result = cd->dlz_create(dlzname, argc-1, argv+1,
+ &cd->dbdata,
+ "log", dlopen_log,
+ "putrr", dns_sdlz_putrr,
+ "putnamedrr", dns_sdlz_putnamedrr,
+ "writeable_zone", dns_dlz_writeablezone,
+ NULL);
+ MAYBE_UNLOCK(cd);
+ if (result != ISC_R_SUCCESS)
+ goto failed;
+
+ *dbdata = cd;
+
+ return (ISC_R_SUCCESS);
+
+failed:
+ dlopen_log(ISC_LOG_ERROR, "dlz_dlopen of '%s' failed", dlzname);
+ if (cd->dl_path)
+ isc_mem_free(mctx, cd->dl_path);
+ if (cd->dlzname)
+ isc_mem_free(mctx, cd->dlzname);
+ if (dlopen_flags)
+ (void) isc_mutex_destroy(&cd->lock);
+#ifdef HAVE_DLCLOSE
+ if (cd->dl_handle)
+ dlclose(cd->dl_handle);
+#endif
+ isc_mem_put(mctx, cd, sizeof(*cd));
+ isc_mem_destroy(&mctx);
+ return (result);
+}
+
+
+/*
+ * Called when bind is shutting down
+ */
+static void
+dlopen_dlz_destroy(void *driverarg, void *dbdata) {
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_mem_t *mctx;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_destroy) {
+ MAYBE_LOCK(cd);
+ cd->dlz_destroy(cd->dbdata);
+ MAYBE_UNLOCK(cd);
+ }
+
+ if (cd->dl_path)
+ isc_mem_free(cd->mctx, cd->dl_path);
+ if (cd->dlzname)
+ isc_mem_free(cd->mctx, cd->dlzname);
+
+#ifdef HAVE_DLCLOSE
+ if (cd->dl_handle)
+ dlclose(cd->dl_handle);
+#endif
+
+ (void) isc_mutex_destroy(&cd->lock);
+
+ mctx = cd->mctx;
+ isc_mem_put(mctx, cd, sizeof(*cd));
+ isc_mem_destroy(&mctx);
+}
+
+/*
+ * Called to start a transaction
+ */
+static isc_result_t
+dlopen_dlz_newversion(const char *zone, void *driverarg, void *dbdata,
+ void **versionp)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_newversion == NULL)
+ return (ISC_R_NOTIMPLEMENTED);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_newversion(zone, cd->dbdata, versionp);
+ MAYBE_UNLOCK(cd);
+ return (result);
+}
+
+/*
+ * Called to end a transaction
+ */
+static void
+dlopen_dlz_closeversion(const char *zone, isc_boolean_t commit,
+ void *driverarg, void *dbdata, void **versionp)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_newversion == NULL) {
+ *versionp = NULL;
+ return;
+ }
+
+ MAYBE_LOCK(cd);
+ cd->dlz_closeversion(zone, commit, cd->dbdata, versionp);
+ MAYBE_UNLOCK(cd);
+}
+
+/*
+ * Called on startup to configure any writeable zones
+ */
+static isc_result_t
+dlopen_dlz_configure(dns_view_t *view, void *driverarg, void *dbdata) {
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_configure == NULL)
+ return (ISC_R_SUCCESS);
+
+ MAYBE_LOCK(cd);
+ cd->in_configure = ISC_TRUE;
+ result = cd->dlz_configure(view, cd->dbdata);
+ cd->in_configure = ISC_FALSE;
+ MAYBE_UNLOCK(cd);
+
+ return (result);
+}
+
+
+/*
+ * Check for authority to change a name
+ */
+static isc_boolean_t
+dlopen_dlz_ssumatch(const char *signer, const char *name, const char *tcpaddr,
+ const char *type, const char *key, isc_uint32_t keydatalen,
+ unsigned char *keydata, void *driverarg, void *dbdata)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_boolean_t ret;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_ssumatch == NULL)
+ return (ISC_FALSE);
+
+ MAYBE_LOCK(cd);
+ ret = cd->dlz_ssumatch(signer, name, tcpaddr, type, key, keydatalen,
+ keydata, cd->dbdata);
+ MAYBE_UNLOCK(cd);
+
+ return (ret);
+}
+
+
+/*
+ * Add an rdataset
+ */
+static isc_result_t
+dlopen_dlz_addrdataset(const char *name, const char *rdatastr,
+ void *driverarg, void *dbdata, void *version)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_addrdataset == NULL)
+ return (ISC_R_NOTIMPLEMENTED);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_addrdataset(name, rdatastr, cd->dbdata, version);
+ MAYBE_UNLOCK(cd);
+
+ return (result);
+}
+
+/*
+ * Subtract an rdataset
+ */
+static isc_result_t
+dlopen_dlz_subrdataset(const char *name, const char *rdatastr,
+ void *driverarg, void *dbdata, void *version)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_subrdataset == NULL)
+ return (ISC_R_NOTIMPLEMENTED);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_subrdataset(name, rdatastr, cd->dbdata, version);
+ MAYBE_UNLOCK(cd);
+
+ return (result);
+}
+
+/*
+ delete a rdataset
+ */
+static isc_result_t
+dlopen_dlz_delrdataset(const char *name, const char *type,
+ void *driverarg, void *dbdata, void *version)
+{
+ dlopen_data_t *cd = (dlopen_data_t *) dbdata;
+ isc_result_t result;
+
+ UNUSED(driverarg);
+
+ if (cd->dlz_delrdataset == NULL)
+ return (ISC_R_NOTIMPLEMENTED);
+
+ MAYBE_LOCK(cd);
+ result = cd->dlz_delrdataset(name, type, cd->dbdata, version);
+ MAYBE_UNLOCK(cd);
+
+ return (result);
+}
+
+
+static dns_sdlzmethods_t dlz_dlopen_methods = {
+ dlopen_dlz_create,
+ dlopen_dlz_destroy,
+ dlopen_dlz_findzonedb,
+ dlopen_dlz_lookup,
+ dlopen_dlz_authority,
+ dlopen_dlz_allnodes,
+ dlopen_dlz_allowzonexfr,
+ dlopen_dlz_newversion,
+ dlopen_dlz_closeversion,
+ dlopen_dlz_configure,
+ dlopen_dlz_ssumatch,
+ dlopen_dlz_addrdataset,
+ dlopen_dlz_subrdataset,
+ dlopen_dlz_delrdataset
+};
+#endif
+
+/*
+ * Register driver with BIND
+ */
+isc_result_t
+dlz_dlopen_init(isc_mem_t *mctx) {
+#ifndef ISC_DLZ_DLOPEN
+ UNUSED(mctx);
+ return (ISC_R_NOTIMPLEMENTED);
+#else
+ isc_result_t result;
+
+ dlopen_log(2, "Registering DLZ_dlopen driver");
+
+ result = dns_sdlzregister("dlopen", &dlz_dlopen_methods, NULL,
+ DNS_SDLZFLAG_RELATIVEOWNER |
+ DNS_SDLZFLAG_THREADSAFE,
+ mctx, &dlz_dlopen);
+
+ if (result != ISC_R_SUCCESS) {
+ UNEXPECTED_ERROR(__FILE__, __LINE__,
+ "dns_sdlzregister() failed: %s",
+ isc_result_totext(result));
+ result = ISC_R_UNEXPECTED;
+ }
+
+ return (result);
+#endif
+}
+
+
+/*
+ * Unregister the driver
+ */
+void
+dlz_dlopen_clear(void) {
+#ifdef ISC_DLZ_DLOPEN
+ dlopen_log(2, "Unregistering DLZ_dlopen driver");
+ if (dlz_dlopen != NULL)
+ dns_sdlzunregister(&dlz_dlopen);
+#endif
+}
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 53e9e4501249..5fd654738600 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.104 2010-11-17 23:47:08 tbox Exp $ */
+/* $Id: os.c,v 1.104.38.3 2011-03-02 00:04:01 marka Exp $ */
/*! \file */
@@ -790,6 +790,9 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) {
free(f);
if (switch_user && runas_pw != NULL) {
+#ifndef HAVE_LINUXTHREADS
+ gid_t oldgid = getgid();
+#endif
/* Set UID/GID to the one we'll be running with eventually */
setperms(runas_pw->pw_uid, runas_pw->pw_gid);
@@ -797,7 +800,7 @@ ns_os_openfile(const char *filename, mode_t mode, isc_boolean_t switch_user) {
#ifndef HAVE_LINUXTHREADS
/* Restore UID/GID to root */
- setperms(0, 0);
+ setperms(0, oldgid);
#endif /* HAVE_LINUXTHREADS */
if (fd == -1) {
@@ -950,7 +953,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
isc_buffer_availablelength(text),
"pid: %ld", (long)pid);
/* Only send a message if it is complete. */
- if (n < isc_buffer_availablelength(text))
+ if (n > 0 && n < isc_buffer_availablelength(text))
isc_buffer_add(text, n);
}
diff --git a/bin/named/update.c b/bin/named/update.c
index eb1ed1d64ef9..c99db5f8c46c 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.186.16.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
+/* $Id: update.c,v 1.186.16.5 2011-03-25 23:53:52 each Exp $ */
#include <config.h>
@@ -1692,7 +1692,7 @@ next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
{
isc_result_t result;
dns_dbiterator_t *dbit = NULL;
- isc_boolean_t has_nsec;
+ isc_boolean_t has_nsec = ISC_FALSE;
unsigned int wraps = 0;
isc_boolean_t secure = dns_db_issecure(db);
@@ -2395,7 +2395,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
name, diff));
}
CHECK(add_exposed_sigs(client, zone, db, newver, name,
- cut, diff, zone_keys, nkeys,
+ cut, &sig_diff, zone_keys, nkeys,
inception, expire, check_ksk,
keyset_kskonly));
}
@@ -2554,7 +2554,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
privatetype, &nsec_diff));
} else {
CHECK(add_exposed_sigs(client, zone, db, newver, name,
- cut, diff, zone_keys, nkeys,
+ cut, &sig_diff, zone_keys, nkeys,
inception, expire, check_ksk,
keyset_kskonly));
CHECK(dns_nsec3_addnsec3sx(db, newver, name, nsecttl,
@@ -3734,7 +3734,6 @@ update_action(isc_task_t *task, isc_event_t *event) {
* Check Requestor's Permissions. It seems a bit silly to do this
* only after prerequisite testing, but that is what RFC2136 says.
*/
- result = ISC_R_SUCCESS;
if (ssutable == NULL)
CHECK(checkupdateacl(client, dns_zone_getupdateacl(zone),
"update", zonename, ISC_FALSE, ISC_FALSE));
diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
index b036ed14d57f..83c64f27954e 100644
--- a/bin/named/xfrout.c
+++ b/bin/named/xfrout.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: xfrout.c,v 1.139 2010-12-18 01:56:19 each Exp $ */
+/* $Id: xfrout.c,v 1.139.16.3 2011-07-28 04:30:54 marka Exp $ */
#include <config.h>
@@ -28,9 +28,7 @@
#include <dns/db.h>
#include <dns/dbiterator.h>
-#ifdef DLZ
#include <dns/dlz.h>
-#endif
#include <dns/fixedname.h>
#include <dns/journal.h>
#include <dns/message.h>
@@ -752,9 +750,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
char keyname[DNS_NAME_FORMATSIZE];
isc_boolean_t is_poll = ISC_FALSE;
-#ifdef DLZ
isc_boolean_t is_dlz = ISC_FALSE;
-#endif
switch (reqtype) {
case dns_rdatatype_axfr:
@@ -806,9 +802,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
&zone);
- if (result != ISC_R_SUCCESS)
-#ifdef DLZ
- {
+ if (result != ISC_R_SUCCESS) {
/*
* Normal zone table does not have a match.
* Try the DLZ database
@@ -836,10 +830,8 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
goto failure;
}
if (result != ISC_R_SUCCESS)
-#endif
- FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
- question_name, question_class);
-#ifdef DLZ
+ FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
+ question_name, question_class);
is_dlz = ISC_TRUE;
/*
* DLZ only support full zone transfer, not incremental
@@ -859,7 +851,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
}
} else {
/* zone table has a match */
-#endif
switch(dns_zone_gettype(zone)) {
case dns_zone_master:
case dns_zone_slave:
@@ -870,9 +861,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
}
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &ver);
-#ifdef DLZ
}
-#endif
xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
"%s question section OK", mnemonic);
@@ -926,22 +915,15 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
"%s authority section OK", mnemonic);
/*
- * Decide whether to allow this transfer.
- */
-#ifdef DLZ
- /*
- * if not a DLZ zone decide whether to allow this transfer.
+ * If not a DLZ zone, decide whether to allow this transfer.
*/
if (!is_dlz) {
-#endif
ns_client_aclmsg("zone transfer", question_name, reqtype,
client->view->rdclass, msg, sizeof(msg));
CHECK(ns_client_checkacl(client, NULL, msg,
dns_zone_getxfracl(zone),
ISC_TRUE, ISC_LOG_ERROR));
-#ifdef DLZ
}
-#endif
/*
* AXFR over UDP is not possible.
@@ -965,10 +947,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
/*
* Get a dynamically allocated copy of the current SOA.
*/
-#ifdef DLZ
if (is_dlz)
dns_db_currentversion(db, &ver);
-#endif
+
CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
&current_soa_tuple));
@@ -1054,7 +1035,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
-#ifdef DLZ
if (is_dlz)
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
@@ -1067,7 +1047,6 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
ISC_TRUE : ISC_FALSE,
&xfr));
else
-#endif
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
@@ -1085,9 +1064,9 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
CHECK(xfr->stream->methods->first(xfr->stream));
- if (xfr->tsigkey != NULL) {
+ if (xfr->tsigkey != NULL)
dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
- } else
+ else
keyname[0] = '\0';
if (is_poll)
xfrout_log1(client, question_name, question_class,
@@ -1157,7 +1136,8 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
xfr = isc_mem_get(mctx, sizeof(*xfr));
if (xfr == NULL)
return (ISC_R_NOMEMORY);
- xfr->mctx = mctx;
+ xfr->mctx = NULL;
+ isc_mem_attach(mctx, &xfr->mctx);
xfr->client = NULL;
ns_client_attach(client, &xfr->client);
xfr->id = id;
@@ -1531,6 +1511,7 @@ sendstream(xfrout_ctx_t *xfr) {
static void
xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
xfrout_ctx_t *xfr = *xfrp;
+ ns_client_t *client = NULL;
INSIST(xfr->sends == 0);
@@ -1554,9 +1535,14 @@ xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
if (xfr->db != NULL)
dns_db_detach(&xfr->db);
+ /*
+ * We want to detch the client after we have released the memory
+ * context as ns_client_detach checks the memory reference count.
+ */
+ ns_client_attach(xfr->client, &client);
ns_client_detach(&xfr->client);
-
- isc_mem_put(xfr->mctx, xfr, sizeof(*xfr));
+ isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr));
+ ns_client_detach(&client);
*xfrp = NULL;
}
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index eb93f1bbe45b..a3e713b4e94d 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zoneconf.c,v 1.170 2011-01-06 23:47:00 tbox Exp $ */
+/* $Id: zoneconf.c,v 1.170.14.4 2011-05-23 20:56:10 each Exp $ */
/*% */
@@ -127,7 +127,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
/* First check to see if ACL is defined within the zone */
if (zconfig != NULL) {
maps[0] = cfg_tuple_get(zconfig, "options");
- ns_config_get(maps, aclname, &aclobj);
+ (void)ns_config_get(maps, aclname, &aclobj);
if (aclobj != NULL) {
aclp = NULL;
goto parse_acl;
@@ -155,7 +155,7 @@ configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
maps[i++] = ns_g_defaults;
maps[i] = NULL;
- result = ns_config_get(maps, aclname, &aclobj);
+ (void)ns_config_get(maps, aclname, &aclobj);
if (aclobj == NULL) {
(*clearzacl)(zone);
return (ISC_R_SUCCESS);
@@ -605,7 +605,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
/* Prepare zone RRs from the configuration */
obj = NULL;
result = cfg_map_get(zconfig, "server-addresses", &obj);
- if (obj != NULL) {
+ if (result == ISC_R_SUCCESS) {
+ INSIST(obj != NULL);
result = configure_staticstub_serveraddrs(obj, zone,
&rdatalist_ns,
&rdatalist_a,
@@ -616,7 +617,8 @@ configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
obj = NULL;
result = cfg_map_get(zconfig, "server-names", &obj);
- if (obj != NULL) {
+ if (result == ISC_R_SUCCESS) {
+ INSIST(obj != NULL);
result = configure_staticstub_servernames(obj, zone,
&rdatalist_ns,
zname);
@@ -714,7 +716,7 @@ zonetype_fromconfig(const cfg_obj_t *map) {
isc_result_t result;
result = cfg_map_get(map, "type", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
return (ns_config_getzonetype(obj));
}
@@ -778,7 +780,7 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
INSIST(0);
}
result = ns_checknames_get(maps, zone, objp);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
}
isc_result_t
@@ -832,7 +834,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
maps[i++] = options;
}
maps[i++] = ns_g_defaults;
- maps[i++] = NULL;
+ maps[i] = NULL;
if (vconfig != NULL)
RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),
@@ -934,7 +936,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "dialup", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
dialup = dns_dialuptype_yes;
@@ -957,7 +959,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "zone-statistics", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
zonestats_on = cfg_obj_asboolean(obj);
zoneqrystats = NULL;
if (zonestats_on) {
@@ -976,7 +978,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (ztype != dns_zone_stub && ztype != dns_zone_staticstub) {
obj = NULL;
result = ns_config_get(maps, "notify", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj))
notifytype = dns_notifytype_yes;
@@ -1012,19 +1014,19 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "notify-source", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "notify-source-v6", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "notify-to-soa", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
cfg_obj_asboolean(obj));
@@ -1037,17 +1039,17 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "max-transfer-time-out", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-transfer-idle-out", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-journal-size", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setjournalsize(zone, -1);
if (cfg_obj_isstring(obj)) {
const char *str = cfg_obj_asstring(obj);
@@ -1071,13 +1073,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "ixfr-from-differences", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (cfg_obj_isboolean(obj))
ixfrdiff = cfg_obj_asboolean(obj);
- else if (strcasecmp(cfg_obj_asstring(obj), "master") &&
+ else if (!strcasecmp(cfg_obj_asstring(obj), "master") &&
ztype == dns_zone_master)
ixfrdiff = ISC_TRUE;
- else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&
+ else if (!strcasecmp(cfg_obj_asstring(obj), "slave") &&
ztype == dns_zone_slave)
ixfrdiff = ISC_TRUE;
else
@@ -1100,23 +1102,23 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "notify-delay", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "check-sibling", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "nsec3-test-zone", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_NSEC3TESTZONE,
cfg_obj_asboolean(obj));
}
@@ -1145,7 +1147,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "sig-validity-interval", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
{
const cfg_obj_t *validity, *resign;
@@ -1176,28 +1178,28 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "sig-signing-signatures", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setsignatures(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "sig-signing-nodes", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setnodes(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "sig-signing-type", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setprivatetype(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "update-check-ksk", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "dnssec-dnskey-kskonly", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY,
cfg_obj_asboolean(obj));
} else if (ztype == dns_zone_slave) {
@@ -1212,7 +1214,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
*/
if (ztype == dns_zone_master) {
isc_boolean_t allow = ISC_FALSE, maint = ISC_FALSE;
- isc_boolean_t create = ISC_FALSE;
obj = NULL;
result = ns_config_get(maps, "check-wildcard", &obj);
@@ -1224,7 +1225,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-dup-records", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
@@ -1239,7 +1240,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-mx", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
fail = ISC_FALSE;
check = ISC_TRUE;
@@ -1254,13 +1255,13 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-integrity", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
cfg_obj_asboolean(obj));
obj = NULL;
result = ns_config_get(maps, "check-mx-cname", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
@@ -1275,7 +1276,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "check-srv-cname", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
warn = ISC_TRUE;
ignore = ISC_FALSE;
@@ -1290,7 +1291,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
obj = NULL;
result = ns_config_get(maps, "dnssec-secure-to-insecure", &obj);
- INSIST(obj != NULL);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setoption(zone, DNS_ZONEOPT_SECURETOINSECURE,
cfg_obj_asboolean(obj));
@@ -1302,15 +1303,12 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
allow = ISC_TRUE;
else if (strcasecmp(arg, "maintain") == 0)
allow = maint = ISC_TRUE;
- else if (strcasecmp(arg, "create") == 0)
- allow = maint = create = ISC_TRUE;
else if (strcasecmp(arg, "off") == 0)
;
else
INSIST(0);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow);
dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint);
- dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, create);
}
}
@@ -1322,7 +1320,7 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
case dns_zone_stub:
count = 0;
obj = NULL;
- result = cfg_map_get(zoptions, "masters", &obj);
+ (void)cfg_map_get(zoptions, "masters", &obj);
if (obj != NULL) {
addrs = NULL;
keynames = NULL;
@@ -1341,61 +1339,61 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
if (count > 1) {
obj = NULL;
result = ns_config_get(maps, "multi-master", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
multi = cfg_obj_asboolean(obj);
}
dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
obj = NULL;
result = ns_config_get(maps, "max-transfer-time-in", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-transfer-idle-in", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
obj = NULL;
result = ns_config_get(maps, "max-refresh-time", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-refresh-time", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "max-retry-time", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "min-retry-time", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "transfer-source-v6", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
- INSIST(result == ISC_R_SUCCESS);
+ INSIST(result == ISC_R_SUCCESS && obj != NULL);
RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
obj = NULL;
@@ -1433,7 +1431,6 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
}
-#ifdef DLZ
/*
* Set up a DLZ zone as writeable
*/
@@ -1455,7 +1452,6 @@ ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
dns_db_detach(&db);
return result;
}
-#endif
isc_boolean_t
ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 9bbea4bc937c..058088c8996e 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.193 2011-01-10 05:32:03 marka Exp $ */
+/* $Id: nsupdate.c,v 1.193.12.3 2011-05-23 22:12:14 each Exp $ */
/*! \file */
@@ -145,7 +145,7 @@ static dns_name_t tmpzonename;
static dns_name_t restart_master;
static dns_tsig_keyring_t *gssring = NULL;
static dns_tsigkey_t *tsigkey = NULL;
-static dst_key_t *sig0key;
+static dst_key_t *sig0key = NULL;
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;
static isc_sockaddr_t *servers;
@@ -695,8 +695,10 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
keyfile, isc_result_totext(result));
return;
}
- } else
+ } else {
dst_key_attach(dstkey, &sig0key);
+ dst_key_free(&dstkey);
+ }
}
static void
@@ -2260,6 +2262,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
}
check_result(result, "dns_request_getresponse");
section = DNS_SECTION_ANSWER;
+ POST(section);
if (debugging)
show_message(stderr, rcvmsg, "Reply from SOA query:");
@@ -2879,6 +2882,9 @@ cleanup(void) {
}
#endif
+ if (sig0key != NULL)
+ dst_key_free(&sig0key);
+
ddebug("Shutting down task manager");
isc_taskmgr_destroy(&taskmgr);
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 1976d9ce3322..1e9c3b064a8d 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc.c,v 1.131.20.1.2.1 2011-06-02 23:47:28 tbox Exp $ */
+/* $Id: rndc.c,v 1.131.20.2 2011-02-28 01:19:59 tbox Exp $ */
/*! \file */
diff --git a/bin/tools/genrandom.8 b/bin/tools/genrandom.8
index 32a4ff02efb6..5005658c9a14 100644
--- a/bin/tools/genrandom.8
+++ b/bin/tools/genrandom.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and/or distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: genrandom.8,v 1.8 2010-05-19 01:14:14 tbox Exp $
+.\" $Id: genrandom.8,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $
.\"
.hy 0
.ad l
@@ -53,7 +53,7 @@ size
The size of the file, in kilobytes, to generate.
.RE
.PP
-domain
+filename
.RS 4
The file name into which random data should be written.
.RE
@@ -65,5 +65,5 @@ The file name into which random data should be written.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/tools/genrandom.docbook b/bin/tools/genrandom.docbook
index 84e45534a822..b52ab4932a19 100644
--- a/bin/tools/genrandom.docbook
+++ b/bin/tools/genrandom.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: genrandom.docbook,v 1.6 2010-05-17 23:51:05 tbox Exp $ -->
+<!-- $Id: genrandom.docbook,v 1.6.124.2 2011-08-08 23:45:44 tbox Exp $ -->
<refentry id="man.genrandom">
<refentryinfo>
<date>Feb 19, 2009</date>
@@ -38,6 +38,7 @@
<copyright>
<year>2009</year>
<year>2010</year>
+ <year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
@@ -84,7 +85,7 @@
</varlistentry>
<varlistentry>
- <term>domain</term>
+ <term>filename</term>
<listitem>
<para>
The file name into which random data should be written.
diff --git a/bin/tools/genrandom.html b/bin/tools/genrandom.html
index c14af9bbd0e0..c3b2993a05cc 100644
--- a/bin/tools/genrandom.html
+++ b/bin/tools/genrandom.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: genrandom.html,v 1.8 2010-05-19 01:14:14 tbox Exp $ -->
+<!-- $Id: genrandom.html,v 1.8.124.1 2011-08-09 01:52:58 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">genrandom</code> [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543363"></a><h2>DESCRIPTION</h2>
+<a name="id2543366"></a><h2>DESCRIPTION</h2>
<p>
<span><strong class="command">genrandom</strong></span>
generates a file or a set of files containing a specified quantity
@@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543376"></a><h2>ARGUMENTS</h2>
+<a name="id2543379"></a><h2>ARGUMENTS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
<dd><p>
@@ -51,21 +51,21 @@
<dd><p>
The size of the file, in kilobytes, to generate.
</p></dd>
-<dt><span class="term">domain</span></dt>
+<dt><span class="term">filename</span></dt>
<dd><p>
The file name into which random data should be written.
</p></dd>
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543436"></a><h2>SEE ALSO</h2>
+<a name="id2543440"></a><h2>SEE ALSO</h2>
<p>
<span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543463"></a><h2>AUTHOR</h2>
+<a name="id2543466"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/config.h.in b/config.h.in
index 01f8b166acb2..477291da29fc 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.h.in,v 1.143.8.1 2011-02-03 05:52:35 marka Exp $ */
+/* $Id: config.h.in,v 1.143.8.4 2011-03-10 04:29:14 each Exp $ */
/*! \file */
@@ -144,12 +144,12 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
-/* Define if building universal (internal helper macro) */
-#undef AC_APPLE_UNIVERSAL_BUILD
-
/* Define to enable the "filter-aaaa-on-v4" option. */
#undef ALLOW_FILTER_AAAA_ON_V4
+/* define if ATF unit tests are to be built. */
+#undef ATF_TEST
+
/* Define if recvmsg() does not meet all of the BSD socket API specifications.
*/
#undef BROKEN_RECVMSG
@@ -241,9 +241,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the `c_r' library (-lc_r). */
#undef HAVE_LIBC_R
-/* Define to 1 if you have the `dl' library (-ldl). */
-#undef HAVE_LIBDL
-
/* Define to 1 if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
@@ -361,6 +358,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the flags type used by getnameinfo(3). */
#undef IRS_GETNAMEINFO_FLAGS_T
+/* Define to allow building of objects for dlopen(). */
+#undef ISC_DLZ_DLOPEN
+
/* Defined if extern char *optarg is not declared. */
#undef NEED_OPTARG
@@ -380,9 +380,6 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME
-/* Define to the home page for this package. */
-#undef PACKAGE_URL
-
/* Define to the version of this package. */
#undef PACKAGE_VERSION
@@ -403,17 +400,9 @@ int sigwait(const unsigned int *set, int *sig);
/* define if idnkit support is to be included. */
#undef WITH_IDN
-/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
- significant byte first (like Motorola and SPARC, unlike Intel). */
-#if defined AC_APPLE_UNIVERSAL_BUILD
-# if defined __BIG_ENDIAN__
-# define WORDS_BIGENDIAN 1
-# endif
-#else
-# ifndef WORDS_BIGENDIAN
-# undef WORDS_BIGENDIAN
-# endif
-#endif
+/* Define to 1 if your processor stores words with the most significant byte
+ first (like Motorola and SPARC, unlike Intel and VAX). */
+#undef WORDS_BIGENDIAN
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
diff --git a/configure.in b/configure.in
index d5fb15cfb909..ff41067bdae2 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
-AC_REVISION($Revision: 1.512.8.1 $)
+AC_REVISION($Revision: 1.512.8.12 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@@ -267,6 +267,14 @@ case "$host" in
STD_CDEFINES="$STD_CDEFINES -D_GNU_SOURCE"
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
;;
+ #
+ # Starting with OSX 10.7 (Lion) we must choose which IPv6 API to use.
+ # Setting this is sufficient to select the correct behavior for BIND 9.
+ #
+ *-darwin*)
+ STD_CDEFINES="$STD_CDEFINES -D__APPLE_USE_RFC_3542"
+ CPPFLAGS="$CPPFLAGS -D__APPLE_USE_RFC_3542"
+ ;;
esac
AC_HEADER_STDC
@@ -682,7 +690,9 @@ esac
int main() {
#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
ENGINE *e;
+ EC_KEY *ek;
+ ek = NULL;
OPENSSL_config(NULL);
e = ENGINE_by_id("gost");
@@ -699,7 +709,25 @@ int main() {
[AC_MSG_RESULT(yes)
have_gost="yes"],
[AC_MSG_RESULT(no)
- have_gost="no"])
+ have_gost="no"],
+ [AC_MSG_RESULT(using --with-gost)])
+ AC_ARG_WITH(gost, , with_gost="$withval", with_gost="auto")
+ case "$with_gost" in
+ yes)
+ case "$have_gost" in
+ no) AC_MSG_ERROR([gost not supported]) ;;
+ *) have_gost=yes ;;
+ esac
+ ;;
+ no)
+ have_gost=no ;;
+ *)
+ case "$have_gost" in
+ yes|no) ;;
+ *) AC_MSG_ERROR([need --with-gost=[[yes or no]]]) ;;
+ esac
+ ;;
+ esac
case $have_gost in
yes)
OPENSSL_GOST="yes"
@@ -795,20 +823,42 @@ AC_SUBST(PKCS11_PROVIDER)
AC_MSG_CHECKING(for GSSAPI library)
AC_ARG_WITH(gssapi,
-[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
- use_gssapi="$withval", use_gssapi="no")
-
-gssapidirs="/usr/local /usr/pkg /usr/kerberos /usr"
+[ --with-gssapi=PATH Specify path for system-supplied GSSAPI [[default=yes]]],
+ use_gssapi="$withval", use_gssapi="yes")
+
+# gssapi is just the framework, we really require kerberos v5, so
+# look for those headers (the gssapi headers must be there, too)
+# The problem with this implementation is that it doesn't allow
+# for the specification of gssapi and krb5 headers in different locations,
+# which probably ought to be fixed although fixing might raise the issue of
+# trying to build with incompatible versions of gssapi and krb5.
if test "$use_gssapi" = "yes"
then
- for d in $gssapidirs
- do
- if test -f $d/include/gssapi/gssapi.h -o -f $d/include/gssapi.h
+ # first, deal with the obvious
+ if test \( -f /usr/include/kerberosv5/krb5.h -o \
+ -f /usr/include/krb5/krb5.h -o \
+ -f /usr/include/krb5.h \) -a \
+ \( -f /usr/include/gssapi.h -o \
+ -f /usr/include/gssapi/gssapi.h \)
+ then
+ use_gssapi=/usr
+ else
+ krb5dirs="/usr/local /usr/local/krb5 /usr/local/kerberosv5 /usr/local/kerberos /usr/pkg /usr/krb5 /usr/kerberosv5 /usr/kerberos /usr"
+ for d in $krb5dirs
+ do
+ if test -f $d/include/gssapi/gssapi_krb5.h -o \
+ -f $d/include/krb5.h
then
- use_gssapi=$d
- break
+ if test -f $d/include/gssapi/gssapi.h -o \
+ -f $d/include/gssapi.h
+ then
+ use_gssapi=$d
+ break
+ fi
fi
- done
+ use_gssapi="no"
+ done
+ fi
fi
case "$use_gssapi" in
@@ -1821,10 +1871,8 @@ char a[16],b[64]; return(inet_ntop(AF_INET6, a, b, sizeof(b)) == (char*)0);}],
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c"
ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"],
- [AC_MSG_RESULT(assuming inet_ntop needed)
- ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_ntop.$O"
- ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_ntop.c"
- ISC_PLATFORM_NEEDNTOP="#define ISC_PLATFORM_NEEDNTOP 1"])
+ [AC_MSG_RESULT(assuming inet_ntop not needed)
+ ISC_PLATFORM_NEEDNTOP="#undef ISC_PLATFORM_NEEDNTOP"])
# On NetBSD 1.4.2 and maybe others, inet_pton() incorrectly accepts
@@ -1846,14 +1894,10 @@ main() { char a[16]; return (inet_pton(AF_INET, "1.2.3", a) == 1 ? 1 :
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c"
ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"],
- [AC_MSG_RESULT(assuming target platform has working inet_pton)
- ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"],
[AC_MSG_RESULT(assuming inet_pton needed)
ISC_EXTRA_OBJS="$ISC_EXTRA_OBJS inet_pton.$O"
ISC_EXTRA_SRCS="$ISC_EXTRA_SRCS inet_pton.c"
- ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"],
- [AC_MSG_RESULT(assuming target platform has working inet_pton)
- ISC_PLATFORM_NEEDPTON="#undef ISC_PLATFORM_NEEDPTON"])
+ ISC_PLATFORM_NEEDPTON="#define ISC_PLATFORM_NEEDPTON 1"])
AC_SUBST(ISC_PLATFORM_NEEDNTOP)
AC_SUBST(ISC_PLATFORM_NEEDPTON)
@@ -2357,8 +2401,9 @@ ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int"],
],[AC_MSG_ERROR(this cannot happen)])
],[AC_MSG_ERROR(this cannot happen)])
],[
-ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE long long int"
-AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming long long int)])
+AC_ARG_WITH(rlimtype, , rlimtype="$withval", rlimtype="long long int")
+ISC_PLATFORM_RLIMITTYPE="#define ISC_PLATFORM_RLIMITTYPE $rlimtype"
+AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming $rlimtype)])
])
AC_SUBST(ISC_PLATFORM_RLIMITTYPE)
@@ -2567,27 +2612,22 @@ if test "$use_atomic" = "yes"; then
[i[3456]86-*])
# XXX: some old x86 architectures actually do not support
# (some of) these operations. Do we need stricter checks?
-AC_TRY_RUN([
-main() {
- exit((sizeof(void *) == 8) ? 0 : 1);
-}
-],
- [arch=x86_64
- have_xaddq=yes],
- [arch=x86_32],
- [arch=x86_32])
+ AC_CHECK_SIZEOF([void *])
+ if test $ac_cv_sizeof_void_p = 8; then
+ arch=x86_64
+ have_xaddq=yes
+ else
+ arch=x86_32
+ fi
;;
x86_64-*|amd64-*)
-AC_TRY_RUN([
-main() {
- exit((sizeof(void *) == 8) ? 0 : 1);
-}
-],
- [arch=x86_64
- have_xaddq=yes],
- [arch=x86_32],
- [arch=x86_64
- have_xaddq=yes])
+ AC_CHECK_SIZEOF([void *])
+ if test $ac_cv_sizeof_void_p = 8; then
+ arch=x86_64
+ have_xaddq=yes
+ else
+ arch=x86_32
+ fi
;;
alpha*-*)
arch=alpha
@@ -3033,6 +3073,34 @@ if test "$use_idn" != no; then
fi
AC_SUBST(IDNLIBS)
+#
+# Check whether to build Automated Test Framework unit tests
+#
+AC_ARG_WITH(atf,
+ [ --with-atf=ARG Automated Test Framework support],
+ atf="$withval", atf="no")
+if test "$atf" = yes; then
+ atf=`pwd`/unit/atf
+ ATFBUILD=atf-src
+ AC_SUBST(ATFBUILD)
+ AC_CONFIG_COMMANDS([atf-config],
+ [cd unit/atf-src; ${SHELL} ./configure MISSING=: --prefix $atfdir; cd ../..],
+ [atfdir=`pwd`/unit/atf])
+ AC_MSG_RESULT(building ATF from bind9/unit/atf-src)
+fi
+
+ATFLIBS=
+if test "$atf" != no; then
+ AC_DEFINE(ATF_TEST, 1, [define if ATF unit tests are to be built.])
+ STD_CINCLUDES="$STD_CINCLUDES -I$atf/include"
+ ATFBIN="$atf/bin"
+ ATFLIBS="-L$atf/lib -latf-c"
+ UNITTESTS=tests
+fi
+AC_SUBST(ATFBIN)
+AC_SUBST(ATFLIBS)
+AC_SUBST(UNITTESTS)
+
AC_CHECK_HEADERS(locale.h)
AC_CHECK_FUNCS(setlocale)
@@ -3111,28 +3179,98 @@ LIBIRS_API=$srcdir/lib/irs/api
# Configure any DLZ drivers.
#
# If config.dlz.in selects one or more DLZ drivers, it will set
-# USE_DLZ to a non-empty value, which will be our clue to
-# enable the DLZ core functions.
+# CONTRIB_DLZ to a non-empty value, which will be our clue to
+# build DLZ drivers in contrib.
#
# This section has to come after the libtool stuff because it needs to
# know how to name the driver object files.
#
-USE_DLZ=""
+CONTRIB_DLZ=""
DLZ_DRIVER_INCLUDES=""
DLZ_DRIVER_LIBS=""
DLZ_DRIVER_SRCS=""
DLZ_DRIVER_OBJS=""
DLZ_SYSTEM_TEST=""
-sinclude(contrib/dlz/config.dlz.in)
+#
+# Configure support for building a shared library object
+#
+# Even when libtool is available it can't always be relied upon
+# to build an object that can be dlopen()'ed, but this is necessary
+# for building the dlzexternal system test, so we'll try it the
+# old-fashioned way.
+#
+SO="so"
+SO_CFLAGS=""
+SO_LD=""
+SO_TARGETS=""
+
+AC_ARG_WITH(dlopen,
+ [ --with-dlopen=ARG Support dynamically loadable DLZ drivers],
+ dlopen="$withval", dlopen="yes")
+
+if test "$dlopen" = "yes"; then
+ AC_CHECK_LIB(dl, dlopen, have_dl=yes, have_dl=no)
+ if test "$have_dl" = "yes"; then
+ LIBS="-ldl $LIBS"
+ fi
+ AC_CHECK_FUNCS(dlopen dlclose dlsym,,dlopen=no)
+fi
+
+if test "$dlopen" = "yes"; then
+ case $host in
+ *-linux*)
+ SO_CFLAGS="-fPIC"
+ if test "$have_dl" = "yes"
+ then
+ SO_LD="${CC} -shared"
+ else
+ SO_LD="ld -shared"
+ fi
+ ;;
+ *-freebsd*|*-openbsd*|*-netbsd*)
+ SO_CFLAGS="-fpic"
+ SO_LD="ld -Bshareable -x"
+ ;;
+ *-solaris*)
+ SO_CFLAGS="-KPIC"
+ SO_LD="ld -G -z text"
+ ;;
+ *-hp-hpux*)
+ SO=sl
+ SO_CFLAGS="+z"
+ SO_LD="ld -b"
+ ;;
+ *)
+ SO_CFLAGS="-fPIC"
+ ;;
+ esac
-AC_MSG_CHECKING(for DLZ)
+ if test "X$GCC" = "Xyes"; then
+ SO_CFLAGS="-fPIC"
+ test -n "$SO_LD" || SO_LD="${CC} -shared"
+ fi
+
+ # If we still don't know how to make shared objects, don't make any.
+ if test -n "$SO_LD"; then
+ SO_TARGETS="\${SO_TARGETS}"
+ AC_DEFINE(ISC_DLZ_DLOPEN, 1,
+ [Define to allow building of objects for dlopen().])
+ fi
+fi
+
+AC_SUBST(SO)
+AC_SUBST(SO_CFLAGS)
+AC_SUBST(SO_LD)
+AC_SUBST(SO_TARGETS)
+
+sinclude(contrib/dlz/config.dlz.in)
+AC_MSG_CHECKING(contributed DLZ drivers)
-if test -n "$USE_DLZ"
+if test -n "$CONTRIB_DLZ"
then
AC_MSG_RESULT(yes)
- USE_DLZ="-DDLZ $USE_DLZ"
DLZ_DRIVER_RULES=contrib/dlz/drivers/rules
AC_CONFIG_FILES([$DLZ_DRIVER_RULES])
else
@@ -3140,7 +3278,7 @@ else
DLZ_DRIVER_RULES=/dev/null
fi
-AC_SUBST(USE_DLZ)
+AC_SUBST(CONTRIB_DLZ)
AC_SUBST(DLZ_DRIVER_INCLUDES)
AC_SUBST(DLZ_DRIVER_LIBS)
AC_SUBST(DLZ_DRIVER_SRCS)
@@ -3303,11 +3441,15 @@ AC_CONFIG_FILES([
bin/tests/sockaddr/Makefile
bin/tests/system/Makefile
bin/tests/system/conf.sh
+ bin/tests/system/dlz/prereq.sh
+ bin/tests/system/dlzexternal/Makefile
+ bin/tests/system/dlzexternal/ns1/named.conf
bin/tests/system/filter-aaaa/Makefile
bin/tests/system/gost/prereq.sh
bin/tests/system/lwresd/Makefile
bin/tests/system/rpz/Makefile
bin/tests/system/tkey/Makefile
+ bin/tests/system/tsiggss/Makefile
bin/tests/tasks/Makefile
bin/tests/timers/Makefile
bin/tests/virtual-time/Makefile
@@ -3335,6 +3477,7 @@ AC_CONFIG_FILES([
lib/dns/include/Makefile
lib/dns/include/dns/Makefile
lib/dns/include/dst/Makefile
+ lib/dns/tests/Makefile
lib/export/Makefile
lib/export/dns/Makefile
lib/export/dns/include/Makefile
@@ -3373,6 +3516,7 @@ AC_CONFIG_FILES([
lib/isc/include/Makefile
lib/isc/include/isc/Makefile
lib/isc/include/isc/platform.h
+ lib/isc/tests/Makefile
lib/isc/nls/Makefile
lib/isc/unix/Makefile
lib/isc/unix/include/Makefile
@@ -3395,6 +3539,8 @@ AC_CONFIG_FILES([
lib/tests/Makefile
lib/tests/include/Makefile
lib/tests/include/tests/Makefile
+ unit/Makefile
+ unit/unittest.sh
])
#
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index c3517843175d..b899c8b40596 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.478.8.2.2.1 2011-06-09 03:17:11 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.478.8.11 2011-08-02 04:58:46 each Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@@ -70,7 +70,7 @@
</para>
<para>
- This version of the manual corresponds to BIND version 9.7.
+ This version of the manual corresponds to BIND version 9.8.
</para>
</sect1>
@@ -1188,11 +1188,11 @@ zone "eng.example.com" {
</para>
<para>
This command requires that the
- <command>auto-dnssec</command> zone option to be set
- to <literal>allow</literal>,
- <literal>maintain</literal>, or
- <literal>create</literal>, and also requires
- the zone to be configured to allow dynamic DNS.
+ <command>auto-dnssec</command> zone option be set
+ to <literal>allow</literal> or
+ <literal>maintain</literal>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
See <xref linkend="dynamic_update_policies"/> for
more details.
</para>
@@ -1217,10 +1217,10 @@ zone "eng.example.com" {
</para>
<para>
This command requires that the
- <command>auto-dnssec</command> zone option to
- be set to <literal>maintain</literal> or
- <literal>create</literal>, and also requires
- the zone to be configured to allow dynamic DNS.
+ <command>auto-dnssec</command> zone option
+ be set to <literal>maintain</literal>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
See <xref linkend="dynamic_update_policies"/> for
more details.
</para>
@@ -5791,12 +5791,15 @@ options {
<userinput>any;</userinput>.
</para>
<para>
- Each <command>dns64</command> supports an optional
- <command>exclude</command> ACL that selects which
- IPv6 addresses will be ignored for the purposes
- of determining whether dns64 is to be applied.
- Any non-matching address will prevent further
- DNS64 processing from occurring for this client.
+ Normally, DNS64 won't apply to a domain name that
+ owns one or more AAAA records; these records will
+ simply be returned. The optional
+ <command>exclude</command> ACL allows specification
+ of a list of IPv6 addresses that will be ignored
+ if they appear in a domain name's AAAA records, and
+ DNS64 will be applied to any A records the domain
+ name owns. If not defined, <command>exclude</command>
+ defaults to none.
</para>
<para>
A optional <command>suffix</command> can also
@@ -5806,6 +5809,21 @@ options {
matching the prefix and mapped IPv4 address
must be zero.
</para>
+ <para>
+ If <command>recursive-only</command> is set to
+ <command>yes</command> the DNS64 synthesis will
+ only happen for recursive queries. The default
+ is <command>no</command>.
+ </para>
+ <para>
+ If <command>break-dnssec</command> is set to
+ <command>yes</command> the DNS64 synthesis will
+ happen even if the result, if validated, would
+ cause a DNSSEC validation failure. If this option
+ is set to <command>no</command> (the default), the DO
+ is set on the incoming query, and there are RRSIGs on
+ the applicable records, then synthesis will not happen.
+ </para>
<programlisting>
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
@@ -7570,22 +7588,27 @@ avoid-v6-udp-ports {};
<varlistentry>
<term><command>serial-query-rate</command></term>
- <listitem>
- <para>
- Slave servers will periodically query master servers
- to find out if zone serial numbers have changed. Each such
- query uses
- a minute amount of the slave server's network bandwidth. To
- limit the
- amount of bandwidth used, BIND 9 limits the rate at which
- queries are
- sent. The value of the <command>serial-query-rate</command> option,
- an integer, is the maximum number of queries sent per
- second.
- The default is 20.
- </para>
- </listitem>
- </varlistentry>
+ <listitem>
+ <para>
+ Slave servers will periodically query master
+ servers to find out if zone serial numbers have
+ changed. Each such query uses a minute amount of
+ the slave server's network bandwidth. To limit
+ the amount of bandwidth used, BIND 9 limits the
+ rate at which queries are sent. The value of the
+ <command>serial-query-rate</command> option, an
+ integer, is the maximum number of queries sent
+ per second. The default is 20.
+ </para>
+ <para>
+ In addition to controlling the rate SOA refresh
+ queries are issued at
+ <command>serial-query-rate</command> also controls
+ the rate at which NOTIFY messages are sent from
+ both master and slave zones.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><command>serial-queries</command></term>
@@ -8618,7 +8641,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
Sets the advertised EDNS UDP buffer size in bytes
to control the size of packets received.
- Valid values are 1024 to 4096 (values outside this range
+ Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
<command>edns-udp-size</command> to a non-default
@@ -8731,6 +8754,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The delay, in seconds, between sending sets of notify
messages for a zone. The default is five (5) seconds.
</para>
+ <para>
+ The overall rate that NOTIFY messages are sent for all
+ zones is controlled by <command>serial-query-rate</command>.
+ </para>
</listitem>
</varlistentry>
</variablelist>
@@ -8839,7 +8866,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<para>
The current list of empty zones is:
<itemizedlist>
-<!-- XXX: The RFC1918 addresses are #defined out in sources currently.
<listitem>10.IN-ADDR.ARPA</listitem>
<listitem>16.172.IN-ADDR.ARPA</listitem>
<listitem>17.172.IN-ADDR.ARPA</listitem>
@@ -8858,7 +8884,6 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<listitem>30.172.IN-ADDR.ARPA</listitem>
<listitem>31.172.IN-ADDR.ARPA</listitem>
<listitem>168.192.IN-ADDR.ARPA</listitem>
-XXX: end of RFC1918 addresses #defined out -->
<listitem>0.IN-ADDR.ARPA</listitem>
<listitem>127.IN-ADDR.ARPA</listitem>
<listitem>254.169.IN-ADDR.ARPA</listitem>
@@ -9986,7 +10011,7 @@ view "external" {
<optional> min-retry-time <replaceable>number</replaceable> ; </optional>
<optional> max-retry-time <replaceable>number</replaceable> ; </optional>
<optional> key-directory <replaceable>path_name</replaceable>; </optional>
- <optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>create</constant>|<constant>off</constant>; </optional>
+ <optional> auto-dnssec <constant>allow</constant>|<constant>maintain</constant>|<constant>off</constant>; </optional>
<optional> zero-no-soa-ttl <replaceable>yes_or_no</replaceable> ; </optional>
};
@@ -9998,6 +10023,7 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> }; </optional>
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
+ <optional> dnssec-update-mode ( <replaceable>maintain</replaceable> | <replaceable>no-resign</replaceable> ); </optional>
<optional> dnssec-dnskey-kskonly <replaceable>yes_or_no</replaceable>; </optional>
<optional> dnssec-secure-to-insecure <replaceable>yes_or_no</replaceable> ; </optional>
<optional> try-tcp-refresh <replaceable>yes_or_no</replaceable>; </optional>
@@ -11043,7 +11069,7 @@ example.com. NS ns2.example.net.
<para>
Zones configured for dynamic DNS may also use this
option to allow varying levels of automatic DNSSEC key
- management. There are four possible settings:
+ management. There are three possible settings:
</para>
<para>
<command>auto-dnssec allow;</command> permits
@@ -11067,7 +11093,12 @@ example.com. NS ns2.example.net.
<command>named</command> to load keys from the key
repository and schedule key maintenance events to occur
in the future, but it does not sign the full zone
- immediately.
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ <command>rndc loadkeys</command> is used. The recheck
+ interval is hard-coded to
+ one hour.
</para>
<para>
<command>auto-dnssec create;</command> includes the
@@ -11220,7 +11251,13 @@ example.com. NS ns2.example.net.
The <replaceable>identity</replaceable> field must
contain a fully-qualified domain name.
</para>
-
+ <para>
+ For nametypes <varname>krb5-self</varname>,
+ <varname>ms-self</varname>, <varname>krb5-subdomain</varname>,
+ and <varname>ms-subdomain</varname> the
+ <replaceable>identity</replaceable> field specifies
+ the Windows or Kerberos realm of the machine belongs to.
+ </para>
<para>
The <replaceable>nametype</replaceable> field has 13
values:
@@ -11355,6 +11392,70 @@ example.com. NS ns2.example.net.
<row rowsep="0">
<entry colname="1">
<para>
+ <varname>ms-self</varname>
+ </para>
+ </entry> <entry colname="2">
+ <para>
+ This rule takes a Windows machine principal
+ (machine$@REALM) for machine in REALM and
+ and converts it machine.realm allowing the machine
+ to update machine.realm. The REALM to be matched
+ is specified in the <replacable>identity</replacable>
+ field.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>ms-subdomain</varname>
+ </para>
+ </entry> <entry colname="2">
+ <para>
+ This rule takes a Windows machine principal
+ (machine$@REALM) for machine in REALM and
+ converts it to machine.realm allowing the machine
+ to update subdomains of machine.realm. The REALM
+ to be matched is specified in the
+ <replacable>identity</replacable> field.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>krb5-self</varname>
+ </para>
+ </entry> <entry colname="2">
+ <para>
+ This rule takes a Kerberos machine principal
+ (host/machine@REALM) for machine in REALM and
+ and converts it machine.realm allowing the machine
+ to update machine.realm. The REALM to be matched
+ is specified in the <replacable>identity</replacable>
+ field.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
+ <varname>krb5-subdomain</varname>
+ </para>
+ </entry> <entry colname="2">
+ <para>
+ This rule takes a Kerberos machine principal
+ (host/machine@REALM) for machine in REALM and
+ converts it to machine.realm allowing the machine
+ to update subdomains of machine.realm. The REALM
+ to be matched is specified in the
+ <replacable>identity</replacable> field.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
<varname>tcp-self</varname>
</para>
</entry> <entry colname="2">
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index ff2c5ceec6e4..f0ec1299e5ab 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.49 2011-01-05 01:14:07 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch01.html,v 1.49.14.1 2011-06-22 02:37:19 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -82,7 +82,7 @@
system administrators.
</p>
<p>
- This version of the manual corresponds to BIND version 9.7.
+ This version of the manual corresponds to BIND version 9.8.
</p>
</div>
<div class="sect1" lang="en">
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index e01d69ec2992..aaaa96a52b71 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.83 2011-01-21 01:14:13 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.83.8.1 2011-05-24 02:37:17 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -54,7 +54,7 @@
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568364">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570385">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570378">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -490,11 +490,11 @@ zone "eng.example.com" {
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option to be set
- to <code class="literal">allow</code>,
- <code class="literal">maintain</code>, or
- <code class="literal">create</code>, and also requires
- the zone to be configured to allow dynamic DNS.
+ <span><strong class="command">auto-dnssec</strong></span> zone option be set
+ to <code class="literal">allow</code> or
+ <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
more details.
</p>
@@ -518,10 +518,10 @@ zone "eng.example.com" {
</p>
<p>
This command requires that the
- <span><strong class="command">auto-dnssec</strong></span> zone option to
- be set to <code class="literal">maintain</code> or
- <code class="literal">create</code>, and also requires
- the zone to be configured to allow dynamic DNS.
+ <span><strong class="command">auto-dnssec</strong></span> zone option
+ be set to <code class="literal">maintain</code>,
+ and also requires the zone to be configured to
+ allow dynamic DNS.
See <a href="Bv9ARM.ch06.html#dynamic_update_policies" title="Dynamic Update Policies">the section called &#8220;Dynamic Update Policies&#8221;</a> for
more details.
</p>
@@ -873,7 +873,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570385"></a>Signals</h3></div></div></div>
+<a name="id2570378"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 77b74cb43ad2..f1d0a6ccf13a 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.125.8.1.2.1 2011-06-09 03:41:07 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.125.8.9 2011-08-03 02:35:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -49,59 +49,59 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570823">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570841">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570885">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570903">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571342">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571553">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571563">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571600">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571657">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571706">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571336">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571478">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571489">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571525">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571651">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571700">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571720">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563987">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571714">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563980">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564055">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572189">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572270">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564117">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572183">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572264">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607351">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563529">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563611">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563649">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563661">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563763">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563789">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563799">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563809">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563859">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563868">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563484">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563522">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563626">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563777">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563814">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563827">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563860">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563896">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563906">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563918">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571816">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607271">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607293">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571869">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571892">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609524">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607678">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607842">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607873">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609709">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609755">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609757">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607912">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608144">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608174">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610353">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610467">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572490">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572484">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572757">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572846">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572819">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572840">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -256,7 +256,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570823"></a>Split DNS</h2></div></div></div>
+<a name="id2570885"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -286,7 +286,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570841"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570903"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@@ -543,7 +543,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571342"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2571336"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -551,7 +551,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571360"></a>Automatic Generation</h4></div></div></div>
+<a name="id2571353"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-SHA256
key as described above. Longer keys are better, but shorter keys
@@ -575,7 +575,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571398"></a>Manual Generation</h4></div></div></div>
+<a name="id2571392"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -590,7 +590,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571553"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2571478"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -598,7 +598,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571563"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2571489"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@@ -625,7 +625,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571600"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2571525"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@@ -657,7 +657,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571657"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2571651"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@@ -684,7 +684,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571706"></a>Errors</h3></div></div></div>
+<a name="id2571700"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -710,7 +710,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571720"></a>TKEY</h2></div></div></div>
+<a name="id2571714"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -746,7 +746,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563987"></a>SIG(0)</h2></div></div></div>
+<a name="id2563980"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -807,7 +807,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564055"></a>Generating Keys</h3></div></div></div>
+<a name="id2564117"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@@ -863,7 +863,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572189"></a>Signing the Zone</h3></div></div></div>
+<a name="id2572183"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to sign a zone.
@@ -905,7 +905,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572270"></a>Configuring Servers</h3></div></div></div>
+<a name="id2572264"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -1065,7 +1065,7 @@ options {
from insecure to signed and back again. A secure zone can use
either NSEC or NSEC3 chains.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2607351"></a>Converting from insecure to secure</h3></div></div></div></div>
+<a name="id2563484"></a>Converting from insecure to secure</h3></div></div></div></div>
<p>Changing a zone from insecure to secure can be done in two
ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1091,7 +1091,7 @@ options {
well. An NSEC chain will be generated as part of the initial
signing process.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563493"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563522"></a>Dynamic DNS update method</h3></div></div></div></div>
<p>To insert the keys via dynamic update:</p>
<pre class="screen">
% nsupdate
@@ -1127,7 +1127,7 @@ options {
<p>While the initial signing and NSEC/NSEC3 chain generation
is happening, other updates are possible as well.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563529"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563626"></a>Fully automatic zone signing</h3></div></div></div></div>
<p>To enable automatic signing, add the
<span><strong class="command">auto-dnssec</strong></span> option to the zone statement in
<code class="filename">named.conf</code>.
@@ -1162,7 +1162,7 @@ options {
configuration. If this has not been done, the configuration will
fail.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563611"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563777"></a>Private-type records</h3></div></div></div></div>
<p>The state of the signing process is signaled by
private-type records (with a default type value of 65534). When
signing is complete, these records will have a nonzero value for
@@ -1203,12 +1203,12 @@ options {
<p>
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563649"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2563814"></a>DNSKEY rollovers</h3></div></div></div></div>
<p>As with insecure-to-secure conversions, rolling DNSSEC
keys can be done in two ways: using a dynamic DNS update, or the
<span><strong class="command">auto-dnssec</strong></span> zone option.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563661"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563827"></a>Dynamic DNS update method</h3></div></div></div></div>
<p> To perform key rollovers via dynamic update, you need to add
the <code class="filename">K*</code> files for the new keys so that
<span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1230,7 +1230,7 @@ options {
<span><strong class="command">named</strong></span> will clean out any signatures generated
by the old key after the update completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563763"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2563860"></a>Automatic key rollovers</h3></div></div></div></div>
<p>When a new key reaches its activation date (as set by
<span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to
@@ -1245,27 +1245,27 @@ options {
completes in 30 days, after which it will be safe to remove the
old key from the DNSKEY RRset.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563789"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2563886"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
<p>Add the new NSEC3PARAM record via dynamic update. When the
new NSEC3 chain has been generated, the NSEC3PARAM flag field
will be zero. At this point you can remove the old NSEC3PARAM
record. The old chain will be removed after the update request
completes.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563799"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2563896"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
<p>To do this, you just need to add an NSEC3PARAM record. When
the conversion is complete, the NSEC chain will have been removed
and the NSEC3PARAM record will have a zero flag field. The NSEC3
chain will be generated before the NSEC chain is
destroyed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563809"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2563906"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
<p>To do this, use <span><strong class="command">nsupdate</strong></span> to
remove all NSEC3PARAM records with a zero flag
field. The NSEC chain will be generated before the NSEC3 chain is
removed.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563821"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2563918"></a>Converting from secure to insecure</h3></div></div></div></div>
<p>To convert a signed zone to unsigned using dynamic DNS,
delete all the DNSKEY records from the zone apex using
<span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1280,14 +1280,14 @@ options {
<span><strong class="command">allow</strong></span> instead (or it will re-sign).
</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563859"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2563956"></a>Periodic re-signing</h3></div></div></div></div>
<p>In any secure zone which supports dynamic updates, named
will periodically re-sign RRsets which have not been re-signed as
a result of some update action. The signature lifetimes will be
adjusted so as to spread the re-sign load over time rather than
all at once.</p>
<div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563868"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2571816"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
<p>
<span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
where all the NSEC3 records in the zone have the same OPTOUT
@@ -1309,7 +1309,7 @@ options {
configuration files.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607271"></a>Validating Resolver</h3></div></div></div>
+<a name="id2571869"></a>Validating Resolver</h3></div></div></div>
<p>To configure a validating resolver to use RFC 5011 to
maintain a trust anchor, configure the trust anchor using a
<span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1320,7 +1320,7 @@ options {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607293"></a>Authoritative Server</h3></div></div></div>
+<a name="id2571892"></a>Authoritative Server</h3></div></div></div>
<p>To set up an authoritative zone for RFC 5011 trust anchor
maintenance, generate two (or more) key signing keys (KSKs) for
the zone. Sign the zone with one of them; this is the "active"
@@ -1394,7 +1394,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
Debian Linux, Solaris x86 and Windows Server 2003.</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609524"></a>Prerequisites</h3></div></div></div>
+<a name="id2609757"></a>Prerequisites</h3></div></div></div>
<p>See the HSM vendor documentation for information about
installing, initializing, testing and troubleshooting the
HSM.</p>
@@ -1468,7 +1468,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8l \
when we configure BIND 9.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607504"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2607669"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
<p>The AEP Keyper is a highly secure key storage device,
but does not provide hardware cryptographic acceleration. It
can carry out cryptographic operations, but it is probably
@@ -1500,7 +1500,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607573"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2607806"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
<p>The SCA-6000 PKCS #11 provider is installed as a system
library, libpkcs11. It is a true crypto accelerator, up to 4
times faster than any CPU, so the flavor shall be
@@ -1544,12 +1544,12 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607678"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
+<a name="id2607912"></a>Building BIND 9 with PKCS#11</h3></div></div></div>
<p>When building BIND 9, the location of the custom-built
OpenSSL library must be specified via configure.</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607687"></a>Configuring BIND 9 for Linux</h4></div></div></div>
+<a name="id2607921"></a>Configuring BIND 9 for Linux</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<p>The PKCS #11 library for the AEP Keyper is currently
@@ -1565,7 +1565,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2607786"></a>Configuring BIND 9 for Solaris</h4></div></div></div>
+<a name="id2608020"></a>Configuring BIND 9 for Solaris</h4></div></div></div>
<p>To link with the PKCS #11 provider, threads must be
enabled in the BIND 9 build.</p>
<pre class="screen">
@@ -1588,7 +1588,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607842"></a>PKCS #11 Tools</h3></div></div></div>
+<a name="id2608144"></a>PKCS #11 Tools</h3></div></div></div>
<p>BIND 9 includes a minimal set of tools to operate the
HSM, including
<span><strong class="command">pkcs11-keygen</strong></span> to generate a new key pair
@@ -1606,7 +1606,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2607873"></a>Using the HSM</h3></div></div></div>
+<a name="id2608174"></a>Using the HSM</h3></div></div></div>
<p>First, we must set up the runtime environment so the
OpenSSL and PKCS #11 libraries can be loaded:</p>
<pre class="screen">
@@ -1694,7 +1694,7 @@ example.net.signed
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609709"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2610353"></a>Specifying the engine on the command line</h3></div></div></div>
<p>The OpenSSL engine can be specified in
<span><strong class="command">named</strong></span> and all of the BIND
<span><strong class="command">dnssec-*</strong></span> tools by using the "-E
@@ -1715,7 +1715,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609755"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2610467"></a>Running named with automatic zone re-signing</h3></div></div></div>
<p>If you want
<span><strong class="command">named</strong></span> to dynamically re-sign zones using HSM
keys, and/or to to sign new records inserted via nsupdate, then
@@ -1751,7 +1751,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572490"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2572484"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6 name to address and address to name
@@ -1789,7 +1789,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572757"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2572819"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -1808,7 +1808,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572846"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2572840"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 3b60755fe0f9..99e2a9db6617 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.93 2011-01-05 01:14:08 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.93.14.1 2011-05-24 02:37:16 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572880">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572873">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572880"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2572873"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 35243484d128..24338616ed00 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.275.8.1.2.1 2011-06-09 03:41:07 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.275.8.10 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,58 +48,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574290">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574283">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574944"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574937"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575133"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575127"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575425"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575442"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575418"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575504"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575465"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575648"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575842"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575527"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575550"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575709"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575835"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577841"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577982"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578046"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578090"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577834"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577908"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578040"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578084"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578105"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578099"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589239"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589395"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589379"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589494"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589581"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589851"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590007"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591396"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591558"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2594660">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595030">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596822">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597260">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597574">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597701">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597974"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597876">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598003">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598276"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -477,7 +477,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574056"></a>Syntax</h4></div></div></div>
+<a name="id2574050"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -486,7 +486,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574084"></a>Definition and Usage</h4></div></div></div>
+<a name="id2574077"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -570,7 +570,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574290"></a>Comment Syntax</h3></div></div></div>
+<a name="id2574283"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -580,7 +580,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574305"></a>Syntax</h4></div></div></div>
+<a name="id2574298"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -596,7 +596,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2574334"></a>Definition and Usage</h4></div></div></div>
+<a name="id2574328"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -848,7 +848,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574944"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574937"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -930,7 +930,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575133"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575127"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ]
allow { <em class="replaceable"><code> address_match_list </code></em> }
@@ -1054,12 +1054,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575425"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575418"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575442"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2575504"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -1074,7 +1074,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575465"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575527"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
@@ -1083,7 +1083,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575489"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2575550"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@@ -1130,7 +1130,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575648"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2575709"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path_name</code></em>
@@ -1154,7 +1154,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575842"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2575835"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1188,7 +1188,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575894"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2575888"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1753,7 +1753,7 @@ category notify { null; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2577253"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
+<a name="id2577315"></a>The <span><strong class="command">query-errors</strong></span> Category</h4></div></div></div>
<p>
The <span><strong class="command">query-errors</strong></span> category is
specifically intended for debugging purposes: To identify
@@ -1981,7 +1981,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577841"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577834"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -1997,7 +1997,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2577982"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2577908"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -2048,7 +2048,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578046"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2578040"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
<em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
@@ -2056,7 +2056,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578090"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2578084"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -2065,7 +2065,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2578105"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2578099"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -2737,12 +2737,15 @@ options {
<strong class="userinput"><code>any;</code></strong>.
</p>
<p>
- Each <span><strong class="command">dns64</strong></span> supports an optional
- <span><strong class="command">exclude</strong></span> ACL that selects which
- IPv6 addresses will be ignored for the purposes
- of determining whether dns64 is to be applied.
- Any non-matching address will prevent further
- DNS64 processing from occurring for this client.
+ Normally, DNS64 won't apply to a domain name that
+ owns one or more AAAA records; these records will
+ simply be returned. The optional
+ <span><strong class="command">exclude</strong></span> ACL allows specification
+ of a list of IPv6 addresses that will be ignored
+ if they appear in a domain name's AAAA records, and
+ DNS64 will be applied to any A records the domain
+ name owns. If not defined, <span><strong class="command">exclude</strong></span>
+ defaults to none.
</p>
<p>
A optional <span><strong class="command">suffix</strong></span> can also
@@ -2752,6 +2755,21 @@ options {
matching the prefix and mapped IPv4 address
must be zero.
</p>
+<p>
+ If <span><strong class="command">recursive-only</strong></span> is set to
+ <span><strong class="command">yes</strong></span> the DNS64 synthesis will
+ only happen for recursive queries. The default
+ is <span><strong class="command">no</strong></span>.
+ </p>
+<p>
+ If <span><strong class="command">break-dnssec</strong></span> is set to
+ <span><strong class="command">yes</strong></span> the DNS64 synthesis will
+ happen even if the result, if validated, would
+ cause a DNSSEC validation failure. If this option
+ is set to <span><strong class="command">no</strong></span> (the default), the DO
+ is set on the incoming query, and there are RRSIGs on
+ the applicable records, then synthesis will not happen.
+ </p>
<pre class="programlisting">
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
@@ -3631,7 +3649,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583480"></a>Forwarding</h4></div></div></div>
+<a name="id2583636"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -3675,7 +3693,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2583607"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2583763"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -3886,7 +3904,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2584227"></a>Interfaces</h4></div></div></div>
+<a name="id2584382"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -4160,19 +4178,26 @@ avoid-v6-udp-ports {};
hour). The maximum value is 28 days (40320 minutes).
</p></dd>
<dt><span class="term"><span><strong class="command">serial-query-rate</strong></span></span></dt>
-<dd><p>
- Slave servers will periodically query master servers
- to find out if zone serial numbers have changed. Each such
- query uses
- a minute amount of the slave server's network bandwidth. To
- limit the
- amount of bandwidth used, BIND 9 limits the rate at which
- queries are
- sent. The value of the <span><strong class="command">serial-query-rate</strong></span> option,
- an integer, is the maximum number of queries sent per
- second.
- The default is 20.
- </p></dd>
+<dd>
+<p>
+ Slave servers will periodically query master
+ servers to find out if zone serial numbers have
+ changed. Each such query uses a minute amount of
+ the slave server's network bandwidth. To limit
+ the amount of bandwidth used, BIND 9 limits the
+ rate at which queries are sent. The value of the
+ <span><strong class="command">serial-query-rate</strong></span> option, an
+ integer, is the maximum number of queries sent
+ per second. The default is 20.
+ </p>
+<p>
+ In addition to controlling the rate SOA refresh
+ queries are issued at
+ <span><strong class="command">serial-query-rate</strong></span> also controls
+ the rate at which NOTIFY messages are sent from
+ both master and slave zones.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">serial-queries</strong></span></span></dt>
<dd><p>
In BIND 8, the <span><strong class="command">serial-queries</strong></span>
@@ -4338,7 +4363,7 @@ avoid-v6-udp-ports {};
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585362"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2585456"></a>UDP Port Lists</h4></div></div></div>
<p>
<span><strong class="command">use-v4-udp-ports</strong></span>,
<span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -4380,7 +4405,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585421"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2585584"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -4542,7 +4567,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2585912"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2585869"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -5007,7 +5032,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
<p>
Sets the advertised EDNS UDP buffer size in bytes
to control the size of packets received.
- Valid values are 1024 to 4096 (values outside this range
+ Valid values are 512 to 4096 (values outside this range
will be silently adjusted). The default value
is 4096. The usual reason for setting
<span><strong class="command">edns-udp-size</strong></span> to a non-default
@@ -5102,10 +5127,16 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</p>
</dd>
<dt><span class="term"><span><strong class="command">notify-delay</strong></span></span></dt>
-<dd><p>
+<dd>
+<p>
The delay, in seconds, between sending sets of notify
messages for a zone. The default is five (5) seconds.
- </p></dd>
+ </p>
+<p>
+ The overall rate that NOTIFY messages are sent for all
+ zones is controlled by <span><strong class="command">serial-query-rate</strong></span>.
+ </p>
+</dd>
</dl></div>
</div>
<div class="sect3" lang="en">
@@ -5193,6 +5224,24 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
The current list of empty zones is:
</p>
<div class="itemizedlist"><ul type="disc">
+<li>10.IN-ADDR.ARPA</li>
+<li>16.172.IN-ADDR.ARPA</li>
+<li>17.172.IN-ADDR.ARPA</li>
+<li>18.172.IN-ADDR.ARPA</li>
+<li>19.172.IN-ADDR.ARPA</li>
+<li>20.172.IN-ADDR.ARPA</li>
+<li>21.172.IN-ADDR.ARPA</li>
+<li>22.172.IN-ADDR.ARPA</li>
+<li>23.172.IN-ADDR.ARPA</li>
+<li>24.172.IN-ADDR.ARPA</li>
+<li>25.172.IN-ADDR.ARPA</li>
+<li>26.172.IN-ADDR.ARPA</li>
+<li>27.172.IN-ADDR.ARPA</li>
+<li>28.172.IN-ADDR.ARPA</li>
+<li>29.172.IN-ADDR.ARPA</li>
+<li>30.172.IN-ADDR.ARPA</li>
+<li>31.172.IN-ADDR.ARPA</li>
+<li>168.192.IN-ADDR.ARPA</li>
<li>0.IN-ADDR.ARPA</li>
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
@@ -5357,7 +5406,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588025"></a>Content Filtering</h4></div></div></div>
+<a name="id2588113"></a>Content Filtering</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 provides the ability to filter
out DNS responses from external DNS servers containing
@@ -5480,7 +5529,7 @@ deny-answer-aliases { "example.net"; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2588148"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2588372"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 includes an intentionally limited
mechanism to modify DNS responses for recursive requests
@@ -5818,7 +5867,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589239"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2589395"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">statistics-channels</strong></span> statement
@@ -5878,7 +5927,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589379"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2589534"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -5918,7 +5967,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589494"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2589581"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
<em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> initial-key <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
@@ -6053,7 +6102,7 @@ ns.domain.com.rpz-nsdname CNAME .
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2589851"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2590007"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -6219,7 +6268,7 @@ view "external" {
[<span class="optional"> min-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> max-retry-time <em class="replaceable"><code>number</code></em> ; </span>]
[<span class="optional"> key-directory <em class="replaceable"><code>path_name</code></em>; </span>]
- [<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">create</code>|<code class="constant">off</code>; </span>]
+ [<span class="optional"> auto-dnssec <code class="constant">allow</code>|<code class="constant">maintain</code>|<code class="constant">off</code>; </span>]
[<span class="optional"> zero-no-soa-ttl <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
};
@@ -6231,6 +6280,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-update-forwarding { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
+ [<span class="optional"> dnssec-update-mode ( <em class="replaceable"><code>maintain</code></em> | <em class="replaceable"><code>no-resign</code></em> ); </span>]
[<span class="optional"> dnssec-dnskey-kskonly <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> dnssec-secure-to-insecure <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> try-tcp-refresh <em class="replaceable"><code>yes_or_no</code></em>; </span>]
@@ -6341,10 +6391,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591396"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2591558"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591403"></a>Zone Types</h4></div></div></div>
+<a name="id2591565"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -6604,7 +6654,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592085"></a>Class</h4></div></div></div>
+<a name="id2592179"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -6626,7 +6676,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592118"></a>Zone Options</h4></div></div></div>
+<a name="id2592212"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -7025,7 +7075,7 @@ example.com. NS ns2.example.net.
<p>
Zones configured for dynamic DNS may also use this
option to allow varying levels of automatic DNSSEC key
- management. There are four possible settings:
+ management. There are three possible settings:
</p>
<p>
<span><strong class="command">auto-dnssec allow;</strong></span> permits
@@ -7049,7 +7099,12 @@ example.com. NS ns2.example.net.
<span><strong class="command">named</strong></span> to load keys from the key
repository and schedule key maintenance events to occur
in the future, but it does not sign the full zone
- immediately.
+ immediately. Note: once keys have been loaded for a
+ zone the first time, the repository will be searched
+ for changes periodically, regardless of whether
+ <span><strong class="command">rndc loadkeys</strong></span> is used. The recheck
+ interval is hard-coded to
+ one hour.
</p>
<p>
<span><strong class="command">auto-dnssec create;</strong></span> includes the
@@ -7181,6 +7236,13 @@ example.com. NS ns2.example.net.
contain a fully-qualified domain name.
</p>
<p>
+ For nametypes <code class="varname">krb5-self</code>,
+ <code class="varname">ms-self</code>, <code class="varname">krb5-subdomain</code>,
+ and <code class="varname">ms-subdomain</code> the
+ <em class="replaceable"><code>identity</code></em> field specifies
+ the Windows or Kerberos realm of the machine belongs to.
+ </p>
+<p>
The <em class="replaceable"><code>nametype</code></em> field has 13
values:
<code class="varname">name</code>, <code class="varname">subdomain</code>,
@@ -7321,6 +7383,74 @@ example.com. NS ns2.example.net.
<tr>
<td>
<p>
+ <code class="varname">ms-self</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This rule takes a Windows machine principal
+ (machine$@REALM) for machine in REALM and
+ and converts it machine.realm allowing the machine
+ to update machine.realm. The REALM to be matched
+ is specified in the <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font>
+ field.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="varname">ms-subdomain</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This rule takes a Windows machine principal
+ (machine$@REALM) for machine in REALM and
+ converts it to machine.realm allowing the machine
+ to update subdomains of machine.realm. The REALM
+ to be matched is specified in the
+ <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font> field.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="varname">krb5-self</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This rule takes a Kerberos machine principal
+ (host/machine@REALM) for machine in REALM and
+ and converts it machine.realm allowing the machine
+ to update machine.realm. The REALM to be matched
+ is specified in the <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font>
+ field.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
+ <code class="varname">krb5-subdomain</code>
+ </p>
+ </td>
+<td>
+ <p>
+ This rule takes a Kerberos machine principal
+ (host/machine@REALM) for machine in REALM and
+ converts it to machine.realm allowing the machine
+ to update subdomains of machine.realm. The REALM
+ to be matched is specified in the
+ <font color="red">&lt;replacable&gt;identity&lt;/replacable&gt;</font> field.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
<code class="varname">tcp-self</code>
</p>
</td>
@@ -7423,7 +7553,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2594660"></a>Zone File</h2></div></div></div>
+<a name="id2595030"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -7436,7 +7566,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2594678"></a>Resource Records</h4></div></div></div>
+<a name="id2595048"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -8173,7 +8303,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2596301"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2596603"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -8376,7 +8506,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2596822"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2597260"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -8632,7 +8762,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2597574"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2597876"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -8693,7 +8823,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2597701"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2598003"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -8708,7 +8838,7 @@ example.com. NS ns2.example.net.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597723"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2598093"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
<p>
When used in the label (or name) field, the asperand or
at-sign (@) symbol represents the current origin.
@@ -8719,7 +8849,7 @@ example.com. NS ns2.example.net.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597739"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2598109"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -8748,7 +8878,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597868"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2598170"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -8784,7 +8914,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2597938"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2598240"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -8803,7 +8933,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2597974"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2598276"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -9227,7 +9357,7 @@ HOST-127.EXAMPLE. MX 0 .
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2598928"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2599229"></a>Name Server Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -9784,7 +9914,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600401"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2600702"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -9938,7 +10068,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2600852"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2601154"></a>Resolver Statistics Counters</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -10321,7 +10451,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2601942"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2602312"></a>Socket I/O Statistics Counters</h4></div></div></div>
<p>
Socket I/O statistics counters are defined per socket
types, which are
@@ -10476,7 +10606,7 @@ HOST-127.EXAMPLE. MX 0 .
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2602384"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2602685"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
<p>
Most statistics counters that were available
in <span><strong class="command">BIND</strong></span> 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 371f4a94eca5..f2c50e286562 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.242.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.242.8.7 2011-08-03 02:35:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602626"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602996"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602707">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602766">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603077">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603137">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -122,7 +122,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2602626"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2602996"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -148,7 +148,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2602707"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2603077"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -176,7 +176,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2602766"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2603137"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 0681e47ce1e5..faa3a0434c0b 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.242.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.242.8.7 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602915">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2602920">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602932">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602949">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603285">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603302">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603319">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2602915"></a>Common Problems</h2></div></div></div>
+<a name="id2603285"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2602920"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2603290"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2602932"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2603302"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2602949"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2603319"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index fd532377bad5..cda5f6c30d3a 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.246.8.1.2.1 2011-06-09 03:41:08 tbox Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.246.8.9 2011-08-03 02:35:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,31 +45,31 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603147">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603449">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603319">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603553">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606462">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606901">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608789">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608798">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608004">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608035">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608112">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608138">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609111">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608203">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608213">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608237">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608268">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608413">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608440">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609345">Library References</a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603147"></a>Acknowledgments</h2></div></div></div>
+<a name="id2603449"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@@ -172,7 +172,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2603319"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2603553"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@@ -260,17 +260,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2603507"></a>Bibliography</h4></div></div></div>
+<a name="id2603809"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2603517"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2603819"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603541"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2603843"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603564"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2603866"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -278,42 +278,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2603601"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2603902"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603627"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2603929"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603653"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2603955"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603677"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2603979"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603701"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2604003"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603756"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2604058"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603783"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2604085"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603810"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2604112"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603872"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2604173"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603901"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2604203"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603931"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2604233"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2603958"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2604260"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -322,19 +322,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2604040"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2604342"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604067"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2604369"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604103"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2604405"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604168"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2604470"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604233"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2604603"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -342,146 +342,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2604375"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2604677"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604401"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2604702"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604469"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2604771"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604504"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2604806"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2604550"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2604852"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604608"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2604909"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604645"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2604947"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604680"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2604982"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604734"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2605036"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604773"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2605075"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604798"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2605100"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604824"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605126"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604851"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605153"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604877"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605179"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604917"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605219"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604947"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2605249"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2604977"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2605278"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605019"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605321"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605052"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2605354"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605079"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2605381"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605102"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2605473"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605160"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2605530"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2605192"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2605562"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605218"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2605588"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605240"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2605610"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605264"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2605634"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605309"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2605680"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605333"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2605703"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2605390"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2605761"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605414"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2605784"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605441"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2605811"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605467"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2605837"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605504"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2605874"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2605549"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2605920"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605581"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2605952"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605627"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2605997"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605662"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2606033"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -497,47 +497,47 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2605707"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2606077"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605730"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2606100"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605755"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2606125"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605781"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2606151"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605804"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2606174"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605850"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2606220"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605874"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2606244"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605900"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2606270"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2605926"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2606296"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2605970"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2606340"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606027"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2606397"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606054"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2606424"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -551,39 +551,39 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2606102"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2606472"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606141"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2606512"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606168"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2606538"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606198"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2606568"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606224"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2606594"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606250"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2606620"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606286"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2606657"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606323"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2606693"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606349"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2606720"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606376"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2606746"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2606421"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2606791"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -604,14 +604,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2606462"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2606901"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2606472"></a>Bibliography</h4></div></div></div>
+<a name="id2606910"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2606474"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2606913"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
@@ -648,7 +648,7 @@
</ul></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608789"></a>Prerequisite</h3></div></div></div>
+<a name="id2608203"></a>Prerequisite</h3></div></div></div>
<p>GNU make is required to build the export libraries (other
part of BIND 9 can still be built with other types of make). In
the reminder of this document, "make" means GNU make. Note that
@@ -657,7 +657,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608798"></a>Compilation</h3></div></div></div>
+<a name="id2608213"></a>Compilation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
$ <strong class="userinput"><code>make</code></strong>
@@ -672,7 +672,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608004"></a>Installation</h3></div></div></div>
+<a name="id2608237"></a>Installation</h3></div></div></div>
<pre class="screen">
$ <strong class="userinput"><code>cd lib/export</code></strong>
$ <strong class="userinput"><code>make install</code></strong>
@@ -694,7 +694,7 @@ $ <strong class="userinput"><code>make install</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608035"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2608268"></a>Known Defects/Restrictions</h3></div></div></div>
<div class="itemizedlist"><ul type="disc">
<li><p>Currently, win32 is not supported for the export
library. (Normal BIND 9 application can be built as
@@ -734,7 +734,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608112"></a>The dns.conf File</h3></div></div></div>
+<a name="id2608413"></a>The dns.conf File</h3></div></div></div>
<p>The IRS library supports an "advanced" configuration file
related to the DNS library for configuration parameters that
would be beyond the capability of the
@@ -752,14 +752,14 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2608138"></a>Sample Applications</h3></div></div></div>
+<a name="id2608440"></a>Sample Applications</h3></div></div></div>
<p>Some sample application programs using this API are
provided for reference. The following is a brief description of
these applications.
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608147"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2608449"></a>sample: a simple stub resolver utility</h4></div></div></div>
<p>
It sends a query of a given name (of a given optional RR type) to a
specified recursive server, and prints the result as a list of
@@ -823,7 +823,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608237"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2608608"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
<p>
Similar to "sample", but accepts a list
of (query) domain names as a separate file and resolves the names
@@ -864,7 +864,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608291"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2608661"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
<p>
It sends a query to a specified server, and
prints the response with minimal processing. It doesn't act as a
@@ -905,7 +905,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608355"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2608725"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
<p>
This is a test program
to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -922,7 +922,7 @@ $ <strong class="userinput"><code>make</code></strong>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2608370"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2608740"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
<p>
It accepts a single update command as a
command-line argument, sends an update request message to the
@@ -1017,7 +1017,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2609047"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2609281"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
<p>
It checks a set
of domains to see the name servers of the domains behave
@@ -1074,7 +1074,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2609111"></a>Library References</h3></div></div></div>
+<a name="id2609345"></a>Library References</h3></div></div></div>
<p>As of this writing, there is no formal "manual" of the
libraries, except this document, header files (some of them
provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 7341705aaad1..7751cfaf4f8d 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.263.8.1.2.1 2011-06-09 03:41:09 tbox Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.263.8.9 2011-08-03 02:35:13 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -83,7 +83,7 @@
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568364">Name Server Operations</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568370">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570385">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570378">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@@ -92,64 +92,64 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570823">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570841">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570885">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570903">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571342">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571553">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571563">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571600">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571657">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571706">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571336">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571478">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571489">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571525">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571651">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571700">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571720">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563987">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571714">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2563980">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564055">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572189">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572270">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564117">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572183">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572264">Configuring Servers</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607351">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563493">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563529">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563611">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563649">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563661">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563763">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563789">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563799">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563809">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563821">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563859">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563868">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563484">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563522">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563626">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563777">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563814">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563827">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563860">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563886">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563896">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563906">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563918">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563956">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571816">NSEC3 and OPTOUT</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607271">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607293">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571869">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571892">Authoritative Server</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS #11 (Cryptoki) support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609524">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607678">Building BIND 9 with PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607842">PKCS #11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607873">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609709">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609755">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2609757">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2607912">Building BIND 9 with PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608144">PKCS #11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2608174">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610353">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2610467">Running named with automatic zone re-signing</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572490">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572484">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572757">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572846">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572819">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572840">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572880">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572873">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -157,58 +157,58 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574290">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574283">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574944"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574937"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575133"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575127"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575425"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575442"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575418"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575504"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575465"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575489"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575648"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575842"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575527"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575550"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575709"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575835"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577841"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577982"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578046"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578090"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577834"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577908"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578040"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578084"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578105"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2578099"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589239"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589395"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589379"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589534"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589494"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589581"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2589851"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2590007"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591396"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591558"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2594660">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2595030">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596822">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597260">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597574">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597701">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597974"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2597876">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598003">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2598276"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -217,41 +217,41 @@
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602626"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2602996"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602707">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2602766">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603077">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2603137">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602915">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2602920">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602932">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2602949">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603285">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2603290">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603302">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2603319">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603147">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603449">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603319">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2603553">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606462">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2606901">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608789">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608798">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608004">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608035">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608112">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608138">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609111">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608203">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608213">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608237">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608268">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608413">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2608440">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2609345">Library References</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index a8a88dc38c7c..6a1cb97f0a2b 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
@@ -3307,22 +3307,21 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1078 0 obj <<
-/Length 3422
+/Length 3423
/Filter /FlateDecode
>>
stream
-xYSIzxPm>m 8vchbH~VwUeCulXLGYGU
-'I(S{ Û]OR#Ns=8>j-ӣ7~?q4~(t̨?Ͻ_3=Jj\I%BL?4EDYn2߄sMF9믢 ~BO/;yK,5%IѪ:/o.$%چXPROthNYJ- / mn~diopŁzOHCf#ϟZ,e eVo~HGKM/'!Ŝ
-y-b@&F =Q1H"5b#5Ms#O2
-9.&bA 12q`#Aڹf E}>Rb.KI)Rrq )KAS62΂g1TSR\Obs1XYG<whe|ԭLe1%jT?'80PPq V+H!}?ϧըmKrtGBa
-B& {ـl<j^̧uCD/!qX
-`Qѥ/F=R׷4T2U /FBEL\)#韇@',,%Tw 5P/rUc!Zb*2A`H`,,h ZVIzu.'r~PUrRbz\1CL[`LL$҄qӭBQ?MWb!F
-Muۨli4 +b4XwN)9t 1am95=--uK^[^_vH(`X1*bx@'&!O|t2m7ɻ_,T+?/&MeZ20œwJ. .S, 7<=(d#`qE\GD JP8ڼںm(<Ō 1^bdx(@mŃ0Y&p|1ͪinWUD*64B-8X0*d.{dDXo d*Bq-(c!fhQa!=`4Q:ACrU ݀[; )-%a
-
-n~~;_s c/gpg#'uFi!$g! C"P#L ""E}J7^ F
-}oVd$h&d$B;!a,^#!|]]S7륔I3(&Ɋl;b@!FT@0FPi* a2
-bPAUQ2`PTSdP~x{rM/4TCvA=CBy/P0L / #*ErG~$E0\l_wRYL
-0HRdHA'R(#\ H%Tng&VJR5 ).&bA ? #uGy*vPa19*>fu~D*3ڃ6^9:yVNs͓<*d<?} Lr
+xKSI|
+
+[2F>V&䲘`aRL(8Z̾jԊ{p[9 % !]0
+x |V5P9͖׃
+e1qX@C0Pݡ6T@vh 'U|j-b⊩Hv@_!NDhKE\ěj1Z'媺h^WպCWIMaK 1ma1q3q`ޓJM
+E &7 jޒ_^B
+ uy`J%5a}
+٫/X z&y*
+,&b@PR2`).Rl*D+]%F5 ).&bA u #uGy*vPh?̘g]|YUlO?"ftwōAUaOu\<
+OO!S
+wz!ܱTx1-I\_'T_8cӜ9䯔 `a8@wX#~~ٮ-k/G@k6ߥ%3#%-7BQ|;bs=}S鎵=SxA cv{2 o̔fendstream
endobj
1077 0 obj <<
/Type /Page
@@ -3489,7 +3488,7 @@ endobj
1102 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 495.1172 539.579 504.0735]
+/Rect [527.6238 495.2168 539.579 504.0735]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.15) >>
>> endobj
@@ -3510,7 +3509,7 @@ endobj
1105 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 459.2045 539.579 468.1608]
+/Rect [527.6238 459.2045 539.579 468.3103]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.18) >>
>> endobj
@@ -3531,7 +3530,7 @@ endobj
1108 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 423.2919 539.579 432.2481]
+/Rect [527.6238 423.2919 539.579 432.3976]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.17) >>
>> endobj
@@ -3608,14 +3607,14 @@ endobj
1119 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 291.6121 539.579 300.7179]
+/Rect [527.6238 291.6121 539.579 300.5684]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.28) >>
>> endobj
1120 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 279.6413 539.579 288.747]
+/Rect [527.6238 279.6413 539.579 288.5975]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.28.1) >>
>> endobj
@@ -3629,7 +3628,7 @@ endobj
1122 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 255.6995 539.579 264.6558]
+/Rect [527.6238 255.6995 539.579 264.8052]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.28.3) >>
>> endobj
@@ -3643,21 +3642,21 @@ endobj
1124 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 231.7577 539.579 240.714]
+/Rect [522.6425 231.7577 539.579 240.8635]
/Subtype /Link
/A << /S /GoTo /D (section.6.3) >>
>> endobj
1125 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 219.7868 539.579 228.7431]
+/Rect [522.6425 219.7868 539.579 228.8926]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.1) >>
>> endobj
1126 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 207.8159 539.579 216.7722]
+/Rect [522.6425 207.8159 539.579 216.9217]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.1.1) >>
>> endobj
@@ -3753,24 +3752,32 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1141 0 obj <<
-/Length 3413
+/Length 3414
/Filter /FlateDecode
>>
stream
xmsS]{Ƶ/:J'LӼHBM4AZ~R<lt[6ɐ'tt$Q6Ȍx~oQw̩?uv}%#Cbjt};R&7'Itt=W߼:oYgo~5Ml
-eNHKCg|Qu}rJ̎ʓSf\UծqٿSeۋ0@Ma)$l/s  vp_wLa`t 4t,lf]ʥ)g'''3`ŢY>LJ$rpI+r*t˷2^F ?HbBLBGFof\Q 4sB?.q[j->a9YQ`)
-SJ33h$LQVQJ T;E/˶===(G;&7>ȭ!B-Wu굽xo2ӑ*6Cɦ4:4{+t},|aEf]}낳cs.Mɔ ;ūQ;AhwL ܺ( K&!a lŠs8Ml_>Ƴ
-EIGQ/ͬl+HC gx` (^C6ւ2a?/y3wųk4?jy70InT!ͩ
-"jGFH D{weRh`(t/Vrqm]k7vѿ'tϕfpW޻>oP0(I<&8>T ! +\ոǽd]>t꺑j?krWӝ_
-7j='T
-!iJ
-%.P {
-c&uKM} r}((2>
- u:
-v>-w8Yn-'-v's*u;{b) CL"#ʆ7/$Bᄩ(ws7SZ--~xg&)OL!aE@C}o)҉]E$nonI_,cy*[r5s,Y~fftON3@4+zspS!ҺNT,[~ $ 1`(~BP,L'V(I(J9֥4iEU?3Z]9~jߪvw'ȴHkP'AuN0Q o鄺w &1l/_m,lIי<l4ә
-0XrDXsۨ#<}?sz.)_;X?v64@kDESU\칍c2{!bge)n'愂-b-R  ui&'qOikp܂ AC)wPTuY[ݶtvxhD'c 1b`FZL97?5㳛0؁Q14>(1Zsǎ|δmy} |iMPO*0M@0P&aHnIm6WID} |ΓQPS*.R$(} kS;DjUuSYp O b8AAՎᄺ81I4w8#.NմBH Ou2H Ji0H@0P$ʉƃdzf"m$; 9N&bA ~fm, } (D*03BnBC$'# 1Tߴ Cu  Q@y3^TTR$
-.ԷKk"2 V6e]˪[JIޓ>z̰<JG~ O'~E;dZCjq(E}ӟO~{&Cj?=W)2C<}JqB}ӆ,ӣ{zİ9
-endstream
+eNHKCg|Qu}rJ̎ʓSf\UծqٿSeۋ0@Ma)$l/s  vp_w,+ u"H m_3hX`>ͺ^KSONOf2)#E33LJ$rpI+r*t˷2^F ?HbBLBGFof\Q 4sB?.q[j->a9YQ`)
+SJi6h$LQVQJ T;E/˶===(G;&7>ȭ!B-Wu굽xo2ӑ*6CɦJQ:ľluNfTjWZu19&dНՋ n;&Än]A%0bPʆ9 c
+R/|Y[
+Oxr{XEpBDF'&1bn-f\L0wTQO"gp;\IL9B%^db!F,dR1Ll$XԽQ,'\P =>rZ*sXkGv~[irſ8|2V
+*b 
+uﱢŊ9~nz_FWQ´"ձiYi/XUWz2RC
+" C
+uh-Su^y5y1)VޭsL 0ĈDsܢ$#(ĎȏfVw3<v Nd!wkARn񰟗`缙ϻ5 ͼ q$7F F##
+O$ "ԽKP40:?sݸfڶ?5q`_elހJwg+i]r7[i ($Yp` s
+ ukgj\^O:uH5+N_ϯVGyt *4%C
+acYMFb@(^z!P%2G՝VAx~&}a+c\%
+4D
+"`=i(=1
+%㦾QP>dd! T25L$ ԽG""zdbyX̪1T
+uX}@Ob2!# #uT7n7oڑt/'܎ڢӮ7;^ܽR'j2,40ĄF
+Ief;Bz,ٓݹ}ͺhd!&eÛb`DpT
+9
+)wEc?Ȏdzjsib`0"Q ڡ\ĮtӢrMUB^շM/glGż?b-O l?
+L3V3e' mgM BkpoiE_b~rw-?IEJ0S ?4,~+$c
+Pu{e4󢪟Q-xF?ToUyyFdZ5 :CL'(ʆtBݻn/ݏ6v]v٤L6YLfb@PV"`칏mfu9E{ ٯ_ w|:|X.1=UͲ7ǓjexxrsBA F)цQƸ5]Rn8nATܠ!ێ;AprEp:,}uŭnr|:ioui;<4n|1FPHʇ
+Jv, '}I{wq6OU@z_|AHPJ[LA QN0$ӃMON7n#%فMq2A#jH3kc`A%RuwrHG'9!`!ErX B{Pne 0 ǟTw"Q t=\Z~7e:Y/bXV:POM֓`}V:o< pL7H-c>1OoobH퇰T*SfHGOO77n`Rhobez}/Vo6G>{endstream
endobj
1140 0 obj <<
/Type /Page
@@ -3818,7 +3825,7 @@ endobj
1148 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [494.296 698.0664 511.2325 707.1721]
+/Rect [494.296 698.1661 511.2325 707.1721]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.4.1.4) >>
>> endobj
@@ -4264,12 +4271,13 @@ xYo6_GX%>(c kK> 9C[6Ep7|/M2iR
n+ 7z[3kiP1ɰEΕ8д(m7oA#4dhh+F
UEJYR8/)A$F~2XuRPe(Vuq
4jo`wjf|SH~"ٜ?ZEsJ Bb%b
-<|߬o`&͵K޺85NBpso?||O
-Fuܹ;<Y6<GB
-D8^ø &*SϚ|SXuY)ڄѳoSSiSwUeg(sOg7b%W^;NNTۻCHᙁQ
-/e`,d'0&Td#_㬨ǨPc5#KV܇3Ejf
-Q+O(߅٤
-5༚c3͡vH-
+<|߬o`&͵K޺85NBpso?||O
+|, ʓd?|˔ȆzR笸`P7
+ "$DN=JsN %=%h qrrͅ`Z6 F| 'XIvf?9h)z&fj6lpQzy/L\&q%I{I0Tu
+NWAy) gM>)ڔTmBqٷ׻ʲ3q 'u1H\’Px@'`'j͡@(x_ٲ\ JktX*BIhđvqVcT(\
+ͷͮWSo %Sf} I i8eIdF[k}Z_@p^Mݿ
+nܱP;ajo"PƘ
+p[KωR0$P_=x^)_]endstream
endobj
1218 0 obj <<
/Type /Page
@@ -4772,29 +4780,19 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1307 0 obj <<
-/Length 3388
+/Length 3508
/Filter /FlateDecode
>>
stream
-x[s۸_3$з]rM;]m_;\hHNs.>E 4Lb؏.h2Gf"Cj+&b^=8'Z g
-fuDXJ2]3%pwrA߼bO1?eo~wsȱ[Oq?{_|.?mx+~zSR̞#m/`Hpay49.0قq$aɐbqErIa eA/ JY-ˁ"@|eyNF #O䩴Hu-WCl"x~?߽Njd%}%eTG鹦xԳ\WR KTd&X҇ѢO5`DgzIPfgy,SL$-QdrIy[rDf$rahkDžmW7馴u&+p+Ǩ
-ϗ9Lq,2PuL
-Ĥ̿Fq Ts1I'/܎.7E&* \4 ~L@asv.1& 1GS)sa %o:+oXnΥ&$.1"f}BR:)˺6 jy7C{WPD9
- M^KqlRT KSi~.f @t:SiŹfɔCN#"!P%d)8=V
-U/KKw?ڑB*`%gvfߵN>
-+mxP]O.ثbj+ټn:'݅rezSe
-Oe|(XfUq1kkel_!%ZJq( CkF W-USцv)P{0uxQ>Xi "MbZ
-Tg%jT"XWK*lDQ$ʕ}g,Xv!/ɑRNO9rԮ~dTJ PXpEE^H'BRIh"8҅T=h8Qߴr.hqͲ9~ޒy0]9m}*k2aʘ{i
-f[4&V4ԣP(F^%
- .ƠS9ꅣl_<VSJe,ʧuʌJXNp_=qCŌ{*k5M*۩Mңe0DApfds
-)(.*Mc*wli\Fu+#ə@}#ְ1b1}̢ x73;Z5t:J@ :'ƀ?VNj;4_ЕqUjoݦZwٕY]P[-I/ic%ln`<wfSڮt@,ߖ-;<SJCyPZB;]9>p_j91N,$2ZškνNUBrI!s/<FZ\e~?8r$C_QfwZ'q ۶L5DDHjM`cJU(E &}$4T'&W F-ZЊssMLU!Bh/.u'
-OPO5lGb&&E6
-mDM3P P
-Gq` 8x `Xy/%}s%#NYq&&㺕bl!flp$Z
-Ɲ6~ Uh b@@4f
-ٯtWUT
- Ѩ<[7.Z+|ҍ } Ɍ X
- T2V-Ve
+x[sܶ_qo=
+/2)z~IE![}W+³իw/?ϯ޽ly槷W+)//y|o~sNjWaÕ%vCU/!Y.3Jy5939eH)*#Es rcI)A/1JE-ʑ"@bL\%" XXR$OE]YuS^,[_}|;-799-3 h.PdIi9C9Qz)I<j[jA~I<p<U(F|!ϐ#Z SsS6S l^@ E.bb"iB8)&! o`ߚesw(v W[.Ϯh`ۿfٖ}۸;1j궂%x@/8C2P=KADcR{o߇N"z[m
+oHp>&9P'r[T[
+Om<]d.rlL
+HdyC>Suk)z=&K9RB \()ձχ!t( T? c22iyUB(¡@HjWm (_vM"2 OȚEހ4+˖xj۷v/zB'.f_v_+ˍa"C$pqZyvd:VÀҠ; f+2zn Mif}:sӌg g6 j`torSpmGY䴵Z)pX8~]' iyƖg`
+QOe/ZfSqQ7f5s[:\1%,H~4c@>.OJ[u~[<ENh2Qm)ZmTR!y"_ YLIlI" XLI*lL:)Jz.QJOd{&;H#g9꣔|XT @y`EgBRJ@Bh#J<M@(!~;ƭQ6ΪOoLR5v0vOdl6fA,H=7i ;`pw,r4;z<pZ
+%`[4 &|Ռ<U#0B> *9,Op17Ɵ|LQjF ~e` TceqN %qʺ=C gx@5Ǟ-
+u%`5@4Rf{@=SiF
+y`z |endstream
endobj
1306 0 obj <<
/Type /Page
@@ -4802,40 +4800,33 @@ endobj
/Resources 1305 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1277 0 R
-/Annots [ 1312 0 R 1313 0 R 1314 0 R 1315 0 R 1316 0 R ]
+/Annots [ 1312 0 R 1313 0 R 1314 0 R 1315 0 R ]
>> endobj
1312 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [219.3839 329.5541 281.1025 341.6138]
+/Rect [219.3839 342.7466 281.1025 354.8062]
/Subtype /Link
/A << /S /GoTo /D (options) >>
>> endobj
1313 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [491.4967 274.4996 511.2325 286.5592]
+/Rect [401.2123 288.8914 470.1877 300.951]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
1314 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [102.5211 265.1945 156.7673 274.6041]
-/Subtype /Link
-/A << /S /GoTo /D (dynamic_update_policies) >>
->> endobj
-1315 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [243.8464 219.4451 306.1963 231.5047]
+/Rect [243.8464 235.0361 306.1963 247.0958]
/Subtype /Link
/A << /S /GoTo /D (options) >>
>> endobj
-1316 0 obj <<
+1315 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [425.9845 164.3905 495.353 176.4501]
+/Rect [368.2917 181.1809 436.8984 193.2405]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
@@ -4846,152 +4837,152 @@ endobj
/Font << /F37 1018 0 R /F21 930 0 R /F41 1208 0 R /F53 1303 0 R /F22 953 0 R /F14 956 0 R /F48 1228 0 R /F55 1311 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1321 0 obj <<
-/Length 3086
+1320 0 obj <<
+/Length 2924
/Filter /FlateDecode
>>
stream
-xZKsFW- O]{(U+'U GC*Cd4[˖˥&6hk
-l"6A(l}9
-W ڷ~H/7!cqůkDj fy/z
-qd4:0Q:mT4}Y<e220=ӧ>PkdӆklS!"=tߨ.Ox}z%uZY%z/y.O "^m%Z|VjO}EM\= .AƁZX_[`7G$iQFx+h_>X MN
-)rCUH-|H5LV6H=$nmyx.U ~?}FMd, 6} ⴾϙ
-myY[.=v`0]ppY:ۿLĦA$?F@1k(F֜9?UN;{i|H*/P"1]{.nbݏD(pIي!C0
-YUg};GWjE,8}J,Mx!Cm@[|աW84 '\]
-]u /yг=?x}A0rB9)Qߓ=D fzj<ٮ~.`jg@"ʝ=3evDHwn+g#l)BTuRW#pSJ sKA.a z15Ǡ۽1ݐw|:(7_.\oi^tO#ѓ}{iĺG<"Upd@ #X4zAl1UI(.rDq1϶Y}Qnk7ŗ 4F'7 Re#0EslZ_ 9<='ZS|1+hiEX obH|t&7u煘`1) 0uSshYqW6 ժ+%A,bK0k,`OГmD_V qu-rrʄ>i* ՙ9G#̜VB}D"<X//]|\(sw:<\6>l?/y2jiSJDn"h8J-%JJ;[ ս^nq8TDw_ft@B1t3 dY%3\>k*T"+~9SmP>֥9Z8J(i첝˅Ա,?l82_:G WpW/cD<_T+ x'*]3x·օ;.d]AGԯv M1N
-/nRe>E fq,<(+0ȓ z@2w,!ׇ쒯m`oOxȝ/4pNZLSEdz1O"!s4@vտDX+(vDG&BTrȖ"qI*y,XN ,Bx
-Y݆֧ca PKW
- XtfpsٜlӳyMj$wc|UPzoYJqt@B`.y5\=޺C"ƨ<Xc}nҺk[ׇCR>-5\j9+Ewf֤A${Eu5S}+!BteBz8r@ɝ(8fyEKm.y4\i0qMG
-p傂k`߆X4}FWRXbTŶ_io Br.ی=%9Iv^Ƃ q_۬z<6jرOb>eSMڽڏ4)h*H0+i矚RŌ|.+v|?`L𐘸vI8!$?WW82S>y݊˹nķen2Yb;L^ms=@?+w;0Yn
-'mӍm2Ϫ!&V&6=e {a%b7%K-/&yswĶ:.?~.@@b+Dl@(0׏,(τV@c4N.Z뛛wohZâ#Ԛñ+*ݺ_Mbń\EQw͹S7/ş2%Fptn{w 4k~w:';_?9 ,D)|qcM'[Cendstream
+xڭZr8}Wm+/OĞT3{o-Qw)#Rvn4
+o>^.c*~:~ww{?L98?.>}f5L 4ыx`!OS](-Ct=o~[LBxtBtL%H&Xa$4˪R
+/y˼ʼ>_lWpxZg-Ai=mN}eٱ`UʼhX3rvvA1`F.9Sڪ+‡,UG퇜T7,!g
+,ẸP8G-0cstmΠ`F-6(͵R XƀzC4L8O0Ve4H
+竺#:(:'ڡƢ0ez?BF
+&A!{H ܳDmC.<Z̿
+2V])O,fM$$z׼,#l\NZNK'4HsbLƣ3'-Pb9X;#at<hևr1|ZfeuV}1J(e'hIp"T1,1s%XΣhn3c`X
+tgaKZnƆ#r`2ߙf|:!iz~mig$yc}Tk"!n?G¦ łM(Df7A3G.j6wlRi
+<X{^v<ʆѾag?f6/Oyȣ3]DGs՟T=Dtk&~╞bBָP_`Dž9={8
+8XAn cs,<0 =8!:^asj陎K =u:q,] G;0{d
+L~O
+|i/h ]!
+uUYR5gobǤpvS[MMDyQa싿$ =G5Xя7QMԡ8$<l% @Tw=hKC:tctܤe%lc<bp
+
+t 29>['Tr}j$wJ|SQz [9كf+"-EΘ ;m:n4Hߡv4Ugsv}',ջfҮ> rY*R8+sVI(qڅXݡդ AHvEug8_e3vLYta3vs(T~S@}$w:{Qp 3ŌӦᩆ:[uaMQ4S(IMG
+,J3
+:X -@i>t `TN>^{CϢs[N5cm r"XRh$u rwľ/2 i#Z&:YslSmW6k]v+2 E*k*c~2<ƨUj$n7qz'BjD.̔Ky۷"U\^
+2t{rOqǫa3LᅃQg6eLeHѫ',_[T%a5i+s=uኳMN/
+$%BsA^2,F؜kPXYdKRσFḠVioW檐j.cۻw>Zð#֚kҹºj|em51ࢀ5wֿ[z{͛iQ#p|n[Մ 4wA?rXGoݿ;K&ɉ^/Rh·ݍU/ݗendstream
endobj
-1320 0 obj <<
+1319 0 obj <<
/Type /Page
-/Contents 1321 0 R
-/Resources 1319 0 R
+/Contents 1320 0 R
+/Resources 1318 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1277 0 R
>> endobj
-1322 0 obj <<
-/D [1320 0 R /XYZ 85.0394 794.5015 null]
+1321 0 obj <<
+/D [1319 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1319 0 obj <<
-/Font << /F37 1018 0 R /F48 1228 0 R /F55 1311 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R >>
+1318 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F48 1228 0 R /F55 1311 0 R /F21 930 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1325 0 obj <<
-/Length 3852
+1324 0 obj <<
+/Length 3901
/Filter /FlateDecode
>>
stream
-xZݏ6߿(U~JdpI/ٶZ[k %g- $,zo?"G$3LYnVeq=[.l c.YŘϾf6v4ɘ1|vi.3] lſ^^.fw/^j=o^}qY՛.j?^|s(>>Ǘo^ua_xysʙD~6[__LZg2n.VRŻ GՔ`8˹$I"G 3<Wx ϴzPj{Tg_i="WEf+` &s
-SXOSb٢=r[v]b3kOC]ݧ6#3!_~ILËJav^e_ͱ
-&یayyc}ݬahZ?3&*j;Cn|Sɘ,
-S%sc3-lp$؜= )O MK $֖9(aE&0Q`ܳ?z_m%i raJUS(Vߺݵ;z"jZѐsVف4~S5 ' ˊܘe$es>N/g#Aؾ[j9a-W!7NML۱ZGv-ӤwǝA bf8:˲]Γ=iפY<sQErwM9_`iMD_-d{
-!0Y 'E _`X;7P{ھ=ZbUݖm?Ă`9S -&`߬Eٸ]ǧpIvezN.bѫOOSAe矙f۾:;\z𨝮ՋemItMRS)t#2X#uQ@X(S
-]Uk09
-^7"dTQiE 7=<"{3Vx)bݔaRHe@oIݦ%=.e}p0 t":zqGCo"4Һö)!|yB?!
-"쉽C2mj `Й$xcj:ЮD4E&uϪ~.v Ih."@u 5*VvSCSQH@w8rD*$6ׂeJDزHɋQR6&?Ԑ`;b}PÎ&gv*sJ*D$S ?Đڶ{j%Be:D難t\ H{NNtmKC沪)*0g |_v4BY6ḵZ䪠YH9cYķwAp!AWDž\)9:ggr5.>N,th Ło/^@Âp
-yi7$
-
-A4_Ϩv4bL3NfUf8e> ؉TlA犧; 2.ž> p\Qhr_o")G*Ο^zd[XB:/Kqy{k(Qid_
-|:O">VOÝ^W*u6ml
-<fƒ0hW\QYPdHIh6X_JTL>5@u40iG}@֦^nHs<쪲ӇIoʡ֣5BUP1Ҥ@
-ҦQ_?"δx\XySmaTT~ZP6i@zh=Gv
-S? 4nT6OЭ
-ˬ{Nv~ 
-RMZ8䶅i,焂e e,SIXB%nTF_b\(}V
-ܠΟS!\
-!eGԆB!3\I 0ŗ I)7hqx
-Ν 3ʏ3뤮TcP"%rUڟYg
-g
-y,~O
-_<u=-uwbj| ]W|G`ڤ @賅3NTΈPdc]Mx kG(4n|~6I5>iJW^8>!^7]#lݺޥ>a 5.l4K J?`
-z\T0erer3<q¢(/·#|RKMι89gHl7endstream
+x[o6_a*?%m{ᶽݴEpPl֖RK4- $zo<"G$3*|tVYaU׳0{E Z>KYlfsϮoGsg׫2%_Bh6ͥ=7/. 5E\ׯz0/_]\9L" ^ .X&ѳ{x`VvJL+)Cſ℣QjJr0ReO9hhR(^eF5<YBmS!|\%n )lfLa=Oitf"mui'NSE/$Ef0a;ms[XRX +%Hu*|!Jɉ_V ټ'dv~ujOf!&Jقj-Z|Gە
+ry롦'5K$uTno  _əhi8,5&Cr-RmW8uC˱L<?gGmа&}ݬahZ?3&*j;Cn|Sɘ,
+<r΁+!ӲD_{ g
+"쉽C2mj `Й$xcj:ЮD4E&uO~ .v Ih."@u 5*<r  8"p䦉 xU(;Hl˔eo,1#lxu;L~&!v8M,LMԸ)UfaOCbk۶凞L
+ҙsb,D i{89z%rH
+/u˪ާ\-}
+e8֪jgW\,P;
+gJ F"&]r蜝f
+]޿!"ioS.LU?bGȧ鷰:s\c_v^Q.H j{X0ğ*fWqrBվ.x$$ XYlVSi3ec
+ h5H‘R`)1
+H /?C)6rC@@aW>Lz ],
+HwJٴ-_ZbP4V> k{\J "+$>}^_(֍ܗK
+XݵbSnrj9CN=NrV4B:W5.iw 8]<2#ԣUXS@˝xMY<s=ugLcLƽY1nG7UA2F3QfR'> %,AKsSdZȰx.- h_~%" Oj㺛pcX@`L~_ܖ@tT~s\g]<E!aœ+L&ɊQ
+enG>FKEEe$*fcI?dРP=BpY@MLUhZ 2&P{B#cĈ
++j]#PԾT{"mʿD [_!uZnPϩo.2#^g]€? bV5\I 0,}g^38b<5΅aGxuRQ*1(L|*,3fO3X.z0U"(v&uOYPͶ!&5U*.@Ĩ,8Ú6ySJ]Syw*l&0Bzc|#A8xT1_<~g|2_/ͮ\.v+z̛f_ԀďqQ9BE'ejKyG ͗2>#,dI@sH7l.u@H6dy)B#-"~$r戚X-;YϘv ý@J%ļLcA.ǁKvPN-WVF!Uo%< ?'BS w
+`1gp~ &X̼κQGP܎ZnCpe@q:b#q풮Mlj*|sq!P=z_-$7HnJ_i.
+F"LC<2# ysU $.,оO} /u_'nX
+#|WSzMM!\윳LHmTendstream
endobj
-1324 0 obj <<
+1323 0 obj <<
/Type /Page
-/Contents 1325 0 R
-/Resources 1323 0 R
+/Contents 1324 0 R
+/Resources 1322 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
-/Annots [ 1327 0 R ]
+/Parent 1327 0 R
+/Annots [ 1326 0 R ]
>> endobj
-1327 0 obj <<
+1326 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [91.7912 473.8206 148.0099 483.036]
+/Rect [91.7912 492.2833 148.0099 501.4987]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1326 0 obj <<
-/D [1324 0 R /XYZ 56.6929 794.5015 null]
+1325 0 obj <<
+/D [1323 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1323 0 obj <<
+1322 0 obj <<
/Font << /F37 1018 0 R /F48 1228 0 R /F55 1311 0 R /F22 953 0 R /F21 930 0 R /F53 1303 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1332 0 obj <<
-/Length 1516
+1331 0 obj <<
+/Length 1440
/Filter /FlateDecode
>>
stream
-xX[oF~_>Jx2KyJQ (YJUv^;];ׁB3g;D~$afx G.aقRGO 2h}1Х֚D7
-dh g/O9, x鳷oW/קV†ί}d|~bqzJ0.xG8b3ZD70C g)_{Uu94(@G0<s)ad9֛1-G~P\i3?LSNFz12NQަG*KQZW^~dfHjIx8.Cʲ&i&U1ൖ2j d8ؚ%]^I6ci6kk0I 0nP0^ջ `E؟\7yؽ U OMw+V &/!e& AF<&馨7?Ώv+ EO~Piƺ 6fj8v^JXm;[/
-Sp`Wi?c~ی,IN;$V)FC|kMo#}2@p\$j(dIb# $(L(2Z J~F1" QKYuq@sJq4Yi6<Xh
-*^%q*iO9!ʐG SLjy;mv9 ('3&*(i<UH3@(i>5!l&yB
-pΊۙ4dZC}`Q^4iҎzzrLS!ff2FYˡ!7M
-7Y=;?5a? h_{a>Vv;cz0$mjyYޤoRWFeӪPh(7ynj€վ8\7}9ψX8hsLakдJ@΁DHsz\{,&vu `혔ީ+( w#)Aq
-aڷϞ}=bHYP٫1sx@3}"
-e-ÄAF2BuMĔ,HrRDV6߳~ ^a 0P^%yPt~C;M̻ӎebph&8 l}7dVΓl`1b(ŠHF5tu Y2A!4gs_pԽowF蠙t 0DЕ.׉ Aendstream
+xXo6~_=@SVm
+,wj)PY$Y0QdV aEx;JQAd$܊H[A$7 ]ڋdJR߯>:*Ė!Vˣ7˄IsL~ $>}~ۣ2
+Լ_x5F1(w!xFjA FF78ef!$'Rp>̔ŏj:H t&g"--Qo\(h&XwM4nN3/D>
+ hb93^W#`Z뺪u$0M(&XCZeA?n}tڼ7ƛ% N`KuIYE@$
+)%m.CȆ\18c( f7ߎ緷6WD " r"fV0mD<hҍ(ݱXh9
+<֯}!ytxPJL!ΙO"ZAJY;X8;g~9-Cƹ"Mh9 ,Oo*s" cU[q;Nov~OOUyLm'f`#voN-F.]TiW|
+ )o 8`cy
+o&_KJCcC ﯐r|;=zm轆6 puHX, |}=;yݛ}Œؾ&7'0;n>s9niH4P(lNJ WTlo{d)&EPR<"-iθ}WIx'ԆHlJ,|49⩟ḟ96ԁE=Zs)Np4#hvreƲ7Y6u`٣_aXDPBިw|wV{mxѽ}W9Dsc<!8w|gbl9:
endobj
-1331 0 obj <<
+1330 0 obj <<
/Type /Page
-/Contents 1332 0 R
-/Resources 1330 0 R
+/Contents 1331 0 R
+/Resources 1329 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
+/Parent 1327 0 R
>> endobj
-1333 0 obj <<
-/D [1331 0 R /XYZ 85.0394 794.5015 null]
+1332 0 obj <<
+/D [1330 0 R /XYZ 85.0394 794.5015 null]
>> endobj
126 0 obj <<
-/D [1331 0 R /XYZ 85.0394 556.3324 null]
+/D [1330 0 R /XYZ 85.0394 574.2651 null]
+>> endobj
+1333 0 obj <<
+/D [1330 0 R /XYZ 85.0394 546.9607 null]
>> endobj
1334 0 obj <<
-/D [1331 0 R /XYZ 85.0394 529.0279 null]
+/D [1330 0 R /XYZ 85.0394 517.4433 null]
>> endobj
1335 0 obj <<
-/D [1331 0 R /XYZ 85.0394 499.5106 null]
->> endobj
-1336 0 obj <<
-/D [1331 0 R /XYZ 85.0394 487.5554 null]
+/D [1330 0 R /XYZ 85.0394 505.4881 null]
>> endobj
-1330 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F41 1208 0 R /F48 1228 0 R /F21 930 0 R >>
+1329 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F48 1228 0 R /F22 953 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1339 0 obj <<
+1338 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
x3T0
endobj
-1338 0 obj <<
+1337 0 obj <<
/Type /Page
-/Contents 1339 0 R
-/Resources 1337 0 R
+/Contents 1338 0 R
+/Resources 1336 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
+/Parent 1327 0 R
>> endobj
-1340 0 obj <<
-/D [1338 0 R /XYZ 56.6929 794.5015 null]
+1339 0 obj <<
+/D [1337 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1337 0 obj <<
+1336 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-1344 0 obj <<
+1343 0 obj <<
/Length 2407
/Filter /FlateDecode
>>
@@ -5010,29 +5001,29 @@ SD@x'w+ "1f,03>5wK`.&0** {v֜
΄M|HA-08I@t98M혽B `p"qo^sM^ |U1Xی<rG{-mh|J_4ϟ>~xE뷰z)AK,p׶&Td9Ղw:|ddZK&ȪV*_KS=5m8#<,J#DI-`cݝ|ė:K s
1ֺ@Typ.aG؅~IIL>znvF¦BE D3S>^^endstream
endobj
-1343 0 obj <<
+1342 0 obj <<
/Type /Page
-/Contents 1344 0 R
-/Resources 1342 0 R
+/Contents 1343 0 R
+/Resources 1341 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
-/Annots [ 1348 0 R 1349 0 R 1357 0 R ]
+/Parent 1327 0 R
+/Annots [ 1347 0 R 1348 0 R 1356 0 R ]
>> endobj
-1341 0 obj <<
+1340 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
/PTEX.FileName (/usr/local/share/db2latex/xsl/figures/note.pdf)
/PTEX.PageNumber 1
-/PTEX.InfoDict 1358 0 R
+/PTEX.InfoDict 1357 0 R
/Matrix [1.00000000 0.00000000 0.00000000 1.00000000 0.00000000 0.00000000]
/BBox [0.00000000 0.00000000 27.00000000 27.00000000]
/Resources <<
/ProcSet [ /PDF ]
/ExtGState <<
-/R4 1359 0 R
+/R4 1358 0 R
>>>>
-/Length 1360 0 R
+/Length 1359 0 R
/Filter /FlateDecode
>>
stream
@@ -5045,12 +5036,12 @@ qѫ^>> .13ׅӃ!3SAՔihŨ^(<m䦽lL7
n*1xƈp&XîÜ\D0}#X>#^V|2i9΁r)`Xh&hbHe"
rGX58ժOt$yBқ5/vpo`kAr 4N.4
endobj
-1358 0 obj
+1357 0 obj
<<
/Producer (AFPL Ghostscript 6.50)
>>
endobj
-1359 0 obj
+1358 0 obj
<<
/Type /ExtGState
/Name /R4
@@ -5060,57 +5051,57 @@ endobj
/SA true
>>
endobj
-1360 0 obj
+1359 0 obj
1049
endobj
-1348 0 obj <<
+1347 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [470.3398 467.2776 539.579 479.3373]
/Subtype /Link
/A << /S /GoTo /D (boolean_options) >>
>> endobj
-1349 0 obj <<
+1348 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [316.7164 455.3224 385.3363 467.3821]
/Subtype /Link
/A << /S /GoTo /D (zone_transfers) >>
>> endobj
-1357 0 obj <<
+1356 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [304.6433 163.6578 373.3153 175.7175]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1345 0 obj <<
-/D [1343 0 R /XYZ 85.0394 794.5015 null]
+1344 0 obj <<
+/D [1342 0 R /XYZ 85.0394 794.5015 null]
>> endobj
130 0 obj <<
-/D [1343 0 R /XYZ 85.0394 769.5949 null]
+/D [1342 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1346 0 obj <<
-/D [1343 0 R /XYZ 85.0394 576.3463 null]
+1345 0 obj <<
+/D [1342 0 R /XYZ 85.0394 576.3463 null]
>> endobj
134 0 obj <<
-/D [1343 0 R /XYZ 85.0394 576.3463 null]
+/D [1342 0 R /XYZ 85.0394 576.3463 null]
>> endobj
-1347 0 obj <<
-/D [1343 0 R /XYZ 85.0394 533.5444 null]
+1346 0 obj <<
+/D [1342 0 R /XYZ 85.0394 533.5444 null]
>> endobj
138 0 obj <<
-/D [1343 0 R /XYZ 85.0394 299.6823 null]
+/D [1342 0 R /XYZ 85.0394 299.6823 null]
>> endobj
-1356 0 obj <<
-/D [1343 0 R /XYZ 85.0394 263.0631 null]
+1355 0 obj <<
+/D [1342 0 R /XYZ 85.0394 263.0631 null]
>> endobj
-1342 0 obj <<
-/Font << /F21 930 0 R /F22 953 0 R /F62 1352 0 R /F63 1355 0 R /F48 1228 0 R /F41 1208 0 R >>
-/XObject << /Im2 1341 0 R >>
+1341 0 obj <<
+/Font << /F21 930 0 R /F22 953 0 R /F62 1351 0 R /F63 1354 0 R /F48 1228 0 R /F41 1208 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1365 0 obj <<
+1364 0 obj <<
/Length 3579
/Filter /FlateDecode
>>
@@ -5128,54 +5119,54 @@ j=qIkn5 . 'J4Am\y0SS:5R*5O!O .d, ֠ hc
l8 <fX (qzxȦO^9 'G?j %&*W]Gj]$cD" FoHa2i+1/=Ӓ |ꊞWI| )%6N+qxf(wF$ pbr'M
Gg\ 8"`xblgCd.)hKcDߣɑb ÃЯT*%$` qgyl;
endobj
-1364 0 obj <<
+1363 0 obj <<
/Type /Page
-/Contents 1365 0 R
-/Resources 1363 0 R
+/Contents 1364 0 R
+/Resources 1362 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
-/Annots [ 1369 0 R 1370 0 R ]
+/Parent 1327 0 R
+/Annots [ 1368 0 R 1369 0 R ]
>> endobj
-1369 0 obj <<
+1368 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [464.1993 393.2115 511.2325 405.2711]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-1370 0 obj <<
+1369 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 382.2725 105.4 393.3159]
/Subtype /Link
/A << /S /GoTo /D (proposed_standards) >>
>> endobj
-1366 0 obj <<
-/D [1364 0 R /XYZ 56.6929 794.5015 null]
+1365 0 obj <<
+/D [1363 0 R /XYZ 56.6929 794.5015 null]
>> endobj
142 0 obj <<
-/D [1364 0 R /XYZ 56.6929 769.5949 null]
+/D [1363 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1367 0 obj <<
-/D [1364 0 R /XYZ 56.6929 749.4437 null]
+1366 0 obj <<
+/D [1363 0 R /XYZ 56.6929 749.4437 null]
>> endobj
146 0 obj <<
-/D [1364 0 R /XYZ 56.6929 458.7525 null]
+/D [1363 0 R /XYZ 56.6929 458.7525 null]
>> endobj
-1368 0 obj <<
-/D [1364 0 R /XYZ 56.6929 425.4132 null]
+1367 0 obj <<
+/D [1363 0 R /XYZ 56.6929 425.4132 null]
>> endobj
150 0 obj <<
-/D [1364 0 R /XYZ 56.6929 270.5184 null]
+/D [1363 0 R /XYZ 56.6929 270.5184 null]
>> endobj
-1371 0 obj <<
-/D [1364 0 R /XYZ 56.6929 234.9696 null]
+1370 0 obj <<
+/D [1363 0 R /XYZ 56.6929 234.9696 null]
>> endobj
-1363 0 obj <<
+1362 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R /F55 1311 0 R /F48 1228 0 R /F39 1151 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1375 0 obj <<
+1374 0 obj <<
/Length 3172
/Filter /FlateDecode
>>
@@ -5192,35 +5183,35 @@ x]sݿBo3'vL9Lr6$3%ޙ=TD:XKfу
CE02EϦD1΍NSNv+3&-thY6[N3ԩ6Lefj.̂Ng51 Jf"g4A`:ST# Nk0&~ ό}F#-Q"# Pyj)yEdw>B8*+<IYPeCIjDj)Mjox8igcKдΘ1!G>*cYۓB 7?1gtAQ:ST#M(&Z¯ęb P5xj)y d2(}t^ZeOҢyvT/XJ<\D!S˔NKE4+SVb|nKvp.ծ3M_A=i2*0
L1NlyG<EFocwPdN-Z|lwçAQQ_[SV]p1'm>,hcd=2~и _ɔp>3sp9WҲTkko4ǂ?Qqw3|?o֊y HfR+,0g<tjwp~endstream
endobj
-1374 0 obj <<
+1373 0 obj <<
/Type /Page
-/Contents 1375 0 R
-/Resources 1373 0 R
+/Contents 1374 0 R
+/Resources 1372 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1328 0 R
-/Annots [ 1378 0 R ]
+/Parent 1327 0 R
+/Annots [ 1377 0 R ]
>> endobj
-1378 0 obj <<
+1377 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [417.8476 110.3446 466.5943 122.4042]
/Subtype /Link
/A << /S /GoTo /D (sample_configuration) >>
>> endobj
-1376 0 obj <<
-/D [1374 0 R /XYZ 85.0394 794.5015 null]
+1375 0 obj <<
+/D [1373 0 R /XYZ 85.0394 794.5015 null]
>> endobj
154 0 obj <<
-/D [1374 0 R /XYZ 85.0394 769.5949 null]
+/D [1373 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1377 0 obj <<
-/D [1374 0 R /XYZ 85.0394 749.3028 null]
+1376 0 obj <<
+/D [1373 0 R /XYZ 85.0394 749.3028 null]
>> endobj
-1373 0 obj <<
+1372 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F39 1151 0 R /F41 1208 0 R /F14 956 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1381 0 obj <<
+1380 0 obj <<
/Length 735
/Filter /FlateDecode
>>
@@ -5230,21 +5221,21 @@ xWMs0+ Ya|rmIcKr G@ ܤNL{omH`tv
Ư/t-lvWo{݂Zr*4'z")Q7ѪX2.c?V%֑ۺr%YQ$.M_q
-kl ̴g.F8x!>d[z!@c4̈́Y B ]:^#d:lmGsnݩvQV92$ <*k(We@ڧmeg@-Vy[mZ-4R]u /uy抺ԟLQ5"=6eD_o ^7MɻKŻ d MM5j.c+R'홐홌}"ɦs:Ww~Uendstream
endobj
-1380 0 obj <<
+1379 0 obj <<
/Type /Page
-/Contents 1381 0 R
-/Resources 1379 0 R
+/Contents 1380 0 R
+/Resources 1378 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
+/Parent 1382 0 R
>> endobj
-1382 0 obj <<
-/D [1380 0 R /XYZ 56.6929 794.5015 null]
+1381 0 obj <<
+/D [1379 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1379 0 obj <<
+1378 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1386 0 obj <<
+1385 0 obj <<
/Length 1364
/Filter /FlateDecode
>>
@@ -5256,27 +5247,27 @@ R/J@2/@r]#jحP}6ش&?AFNvDm1|I渁 @c";1c!
KL ģө
l.ٴC]ڦ7n\}f'كz䒣4>UJ9$i}5 Ɛ9'+eF z{qW8&' nu'vreD-Dv &^K,Byv6Eendstream
endobj
-1385 0 obj <<
+1384 0 obj <<
/Type /Page
-/Contents 1386 0 R
-/Resources 1384 0 R
+/Contents 1385 0 R
+/Resources 1383 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
+/Parent 1382 0 R
>> endobj
-1387 0 obj <<
-/D [1385 0 R /XYZ 85.0394 794.5015 null]
+1386 0 obj <<
+/D [1384 0 R /XYZ 85.0394 794.5015 null]
>> endobj
158 0 obj <<
-/D [1385 0 R /XYZ 85.0394 223.4026 null]
+/D [1384 0 R /XYZ 85.0394 223.4026 null]
>> endobj
-1388 0 obj <<
-/D [1385 0 R /XYZ 85.0394 185.2496 null]
+1387 0 obj <<
+/D [1384 0 R /XYZ 85.0394 185.2496 null]
>> endobj
-1384 0 obj <<
+1383 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F41 1208 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1391 0 obj <<
+1390 0 obj <<
/Length 2265
/Filter /FlateDecode
>>
@@ -5288,51 +5279,51 @@ Nƽ2:`
u}1
/ 3sdiendstream
endobj
-1390 0 obj <<
+1389 0 obj <<
/Type /Page
-/Contents 1391 0 R
-/Resources 1389 0 R
+/Contents 1390 0 R
+/Resources 1388 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
+/Parent 1382 0 R
>> endobj
-1392 0 obj <<
-/D [1390 0 R /XYZ 56.6929 794.5015 null]
+1391 0 obj <<
+/D [1389 0 R /XYZ 56.6929 794.5015 null]
>> endobj
162 0 obj <<
-/D [1390 0 R /XYZ 56.6929 726.8027 null]
+/D [1389 0 R /XYZ 56.6929 726.8027 null]
>> endobj
-1393 0 obj <<
-/D [1390 0 R /XYZ 56.6929 697.6944 null]
+1392 0 obj <<
+/D [1389 0 R /XYZ 56.6929 697.6944 null]
>> endobj
166 0 obj <<
-/D [1390 0 R /XYZ 56.6929 648.8841 null]
+/D [1389 0 R /XYZ 56.6929 648.8841 null]
>> endobj
-1394 0 obj <<
-/D [1390 0 R /XYZ 56.6929 624.769 null]
+1393 0 obj <<
+/D [1389 0 R /XYZ 56.6929 624.769 null]
>> endobj
170 0 obj <<
-/D [1390 0 R /XYZ 56.6929 472.4047 null]
+/D [1389 0 R /XYZ 56.6929 472.4047 null]
>> endobj
-1395 0 obj <<
-/D [1390 0 R /XYZ 56.6929 448.2896 null]
+1394 0 obj <<
+/D [1389 0 R /XYZ 56.6929 448.2896 null]
>> endobj
174 0 obj <<
-/D [1390 0 R /XYZ 56.6929 356.0575 null]
+/D [1389 0 R /XYZ 56.6929 356.0575 null]
>> endobj
-1396 0 obj <<
-/D [1390 0 R /XYZ 56.6929 324.2991 null]
+1395 0 obj <<
+/D [1389 0 R /XYZ 56.6929 324.2991 null]
>> endobj
178 0 obj <<
-/D [1390 0 R /XYZ 56.6929 275.4888 null]
+/D [1389 0 R /XYZ 56.6929 275.4888 null]
>> endobj
-1397 0 obj <<
-/D [1390 0 R /XYZ 56.6929 246.3805 null]
+1396 0 obj <<
+/D [1389 0 R /XYZ 56.6929 246.3805 null]
>> endobj
-1389 0 obj <<
+1388 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R /F39 1151 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1400 0 obj <<
+1399 0 obj <<
/Length 2935
/Filter /FlateDecode
>>
@@ -5353,53 +5344,53 @@ u?ɓL(ѾaG8|3{.c¢xz^>A_{=oj$
-?Co _ivTdu|Hy1 K$HRhc|B=Wo89}Aie:l5J"eg 1O/ݩt'ɎLo*ػe{Ljefle]
_/CysI/6W}wɶ6U?J@>㿇 +n Uܿ ,$NG!MypK#e<l2)c·(?Gendstream
endobj
-1399 0 obj <<
+1398 0 obj <<
/Type /Page
-/Contents 1400 0 R
-/Resources 1398 0 R
+/Contents 1399 0 R
+/Resources 1397 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
-/Annots [ 1404 0 R ]
+/Parent 1382 0 R
+/Annots [ 1403 0 R ]
>> endobj
-1404 0 obj <<
+1403 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [101.3082 379.428 169.9802 391.3282]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1401 0 obj <<
-/D [1399 0 R /XYZ 85.0394 794.5015 null]
+1400 0 obj <<
+/D [1398 0 R /XYZ 85.0394 794.5015 null]
>> endobj
182 0 obj <<
-/D [1399 0 R /XYZ 85.0394 769.5949 null]
+/D [1398 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1402 0 obj <<
-/D [1399 0 R /XYZ 85.0394 749.2913 null]
+1401 0 obj <<
+/D [1398 0 R /XYZ 85.0394 749.2913 null]
>> endobj
186 0 obj <<
-/D [1399 0 R /XYZ 85.0394 546.785 null]
+/D [1398 0 R /XYZ 85.0394 546.785 null]
>> endobj
-1403 0 obj <<
-/D [1399 0 R /XYZ 85.0394 519.0032 null]
+1402 0 obj <<
+/D [1398 0 R /XYZ 85.0394 519.0032 null]
>> endobj
190 0 obj <<
-/D [1399 0 R /XYZ 85.0394 364.477 null]
+/D [1398 0 R /XYZ 85.0394 364.477 null]
>> endobj
-1405 0 obj <<
-/D [1399 0 R /XYZ 85.0394 339.5007 null]
+1404 0 obj <<
+/D [1398 0 R /XYZ 85.0394 339.5007 null]
>> endobj
194 0 obj <<
-/D [1399 0 R /XYZ 85.0394 175.6792 null]
+/D [1398 0 R /XYZ 85.0394 175.6792 null]
>> endobj
-1406 0 obj <<
-/D [1399 0 R /XYZ 85.0394 143.0963 null]
+1405 0 obj <<
+/D [1398 0 R /XYZ 85.0394 143.0963 null]
>> endobj
-1398 0 obj <<
+1397 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R /F39 1151 0 R /F14 956 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1409 0 obj <<
+1408 0 obj <<
/Length 3227
/Filter /FlateDecode
>>
@@ -5418,39 +5409,39 @@ vDwE&,
/\8j(,=8XЙvs \}6 i@Ȼ%;V A.Tf4$N井QqfWCd
<^"X=DS+(}7IL`yZ+/a~EJG:3&<vaPNr9M|zv!}3-%e3>e~fCdt0?ϟ,|(̯;'+!}qK85 >g<'w=endstream
endobj
-1408 0 obj <<
+1407 0 obj <<
/Type /Page
-/Contents 1409 0 R
-/Resources 1407 0 R
+/Contents 1408 0 R
+/Resources 1406 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
+/Parent 1382 0 R
>> endobj
-1410 0 obj <<
-/D [1408 0 R /XYZ 56.6929 794.5015 null]
+1409 0 obj <<
+/D [1407 0 R /XYZ 56.6929 794.5015 null]
>> endobj
198 0 obj <<
-/D [1408 0 R /XYZ 56.6929 678.9507 null]
+/D [1407 0 R /XYZ 56.6929 678.9507 null]
>> endobj
-1411 0 obj <<
-/D [1408 0 R /XYZ 56.6929 644.5195 null]
+1410 0 obj <<
+/D [1407 0 R /XYZ 56.6929 644.5195 null]
>> endobj
202 0 obj <<
-/D [1408 0 R /XYZ 56.6929 514.5361 null]
+/D [1407 0 R /XYZ 56.6929 514.5361 null]
>> endobj
-1412 0 obj <<
-/D [1408 0 R /XYZ 56.6929 481.3387 null]
+1411 0 obj <<
+/D [1407 0 R /XYZ 56.6929 481.3387 null]
>> endobj
206 0 obj <<
-/D [1408 0 R /XYZ 56.6929 279.5586 null]
+/D [1407 0 R /XYZ 56.6929 279.5586 null]
>> endobj
-1413 0 obj <<
-/D [1408 0 R /XYZ 56.6929 251.1623 null]
+1412 0 obj <<
+/D [1407 0 R /XYZ 56.6929 251.1623 null]
>> endobj
-1407 0 obj <<
+1406 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F39 1151 0 R /F41 1208 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1416 0 obj <<
+1415 0 obj <<
/Length 3255
/Filter /FlateDecode
>>
@@ -5467,33 +5458,33 @@ dlVU93
u$ZrږGbB0sae(T=(W>hKVvU_ /21NPfiŶU O~X0;탍[%8zjt=&JEʓFXiH#M? 'ĭ-7džضv;{<- >⪩*8<>{TsOvrH7zU.gO?ҷ UBY{Hc54#
SIݳZendstream
endobj
-1415 0 obj <<
+1414 0 obj <<
/Type /Page
-/Contents 1416 0 R
-/Resources 1414 0 R
+/Contents 1415 0 R
+/Resources 1413 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1383 0 R
+/Parent 1382 0 R
>> endobj
-1417 0 obj <<
-/D [1415 0 R /XYZ 85.0394 794.5015 null]
+1416 0 obj <<
+/D [1414 0 R /XYZ 85.0394 794.5015 null]
>> endobj
210 0 obj <<
-/D [1415 0 R /XYZ 85.0394 671.4386 null]
+/D [1414 0 R /XYZ 85.0394 671.4386 null]
>> endobj
-1418 0 obj <<
-/D [1415 0 R /XYZ 85.0394 641.1061 null]
+1417 0 obj <<
+/D [1414 0 R /XYZ 85.0394 641.1061 null]
>> endobj
214 0 obj <<
-/D [1415 0 R /XYZ 85.0394 444.8166 null]
+/D [1414 0 R /XYZ 85.0394 444.8166 null]
>> endobj
-1419 0 obj <<
-/D [1415 0 R /XYZ 85.0394 417.1342 null]
+1418 0 obj <<
+/D [1414 0 R /XYZ 85.0394 417.1342 null]
>> endobj
-1414 0 obj <<
+1413 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1422 0 obj <<
+1421 0 obj <<
/Length 1913
/Filter /FlateDecode
>>
@@ -5505,22 +5496,22 @@ xڭW[H~_a:B](.qbPl.
8cbE裋ёG
i!D.ups)1#.e#0l);ǐ u_Cu Tb 3mj$3~}mPICkNe ECFGm>!A*GۯX>ymswnY91q*$'YCSRA|+ڃ1G0[F@]Gί_@Qtʷ^<<P _~9$Jb%~.nK$K#ktw|9"y[=;L\"m>NT=ts
endobj
-1421 0 obj <<
+1420 0 obj <<
/Type /Page
-/Contents 1422 0 R
-/Resources 1420 0 R
+/Contents 1421 0 R
+/Resources 1419 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
+/Parent 1423 0 R
>> endobj
-1423 0 obj <<
-/D [1421 0 R /XYZ 56.6929 794.5015 null]
+1422 0 obj <<
+/D [1420 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1420 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F62 1352 0 R >>
-/XObject << /Im2 1341 0 R >>
+1419 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F62 1351 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1427 0 obj <<
+1426 0 obj <<
/Length 2465
/Filter /FlateDecode
>>
@@ -5538,40 +5529,40 @@ BB'TZӬ@ۢ0 ʍTcavlr ׳hkFS|(Zw۩ߊ
cT/.v;8[#'um:_4S5ɸ|~u;ޭ/½j*Mǽ!-_4D?u[g
&~fir Y-d*kHæSd2(Fqt,섛H&@¿O=yׅ#x
endobj
-1426 0 obj <<
+1425 0 obj <<
/Type /Page
-/Contents 1427 0 R
-/Resources 1425 0 R
+/Contents 1426 0 R
+/Resources 1424 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
+/Parent 1423 0 R
>> endobj
-1428 0 obj <<
-/D [1426 0 R /XYZ 85.0394 794.5015 null]
+1427 0 obj <<
+/D [1425 0 R /XYZ 85.0394 794.5015 null]
>> endobj
218 0 obj <<
-/D [1426 0 R /XYZ 85.0394 486.5796 null]
+/D [1425 0 R /XYZ 85.0394 486.5796 null]
>> endobj
-1432 0 obj <<
-/D [1426 0 R /XYZ 85.0394 454.3582 null]
+1431 0 obj <<
+/D [1425 0 R /XYZ 85.0394 454.3582 null]
>> endobj
222 0 obj <<
-/D [1426 0 R /XYZ 85.0394 412.0822 null]
+/D [1425 0 R /XYZ 85.0394 412.0822 null]
>> endobj
-1433 0 obj <<
-/D [1426 0 R /XYZ 85.0394 381.7503 null]
+1432 0 obj <<
+/D [1425 0 R /XYZ 85.0394 381.7503 null]
>> endobj
226 0 obj <<
-/D [1426 0 R /XYZ 85.0394 150.1125 null]
+/D [1425 0 R /XYZ 85.0394 150.1125 null]
>> endobj
-1434 0 obj <<
-/D [1426 0 R /XYZ 85.0394 122.4306 null]
+1433 0 obj <<
+/D [1425 0 R /XYZ 85.0394 122.4306 null]
>> endobj
-1425 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F62 1352 0 R /F65 1431 0 R /F21 930 0 R /F41 1208 0 R >>
-/XObject << /Im2 1341 0 R >>
+1424 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F62 1351 0 R /F65 1430 0 R /F21 930 0 R /F41 1208 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1437 0 obj <<
+1436 0 obj <<
/Length 3008
/Filter /FlateDecode
>>
@@ -5594,48 +5585,48 @@ cι#zp]aP(6'V"ºJ#;ɥ76YQY%>:aDbi s"Sw
>RÛ-N AzKd״wICj"@z/(\!℁w
p`۠1`>) AæOl(GJ%0g#S.@@ym>x跰˧~6sB]v ^]= زmz\
endobj
-1436 0 obj <<
+1435 0 obj <<
/Type /Page
-/Contents 1437 0 R
-/Resources 1435 0 R
+/Contents 1436 0 R
+/Resources 1434 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
-/Annots [ 1443 0 R 1444 0 R ]
+/Parent 1423 0 R
+/Annots [ 1442 0 R 1443 0 R ]
>> endobj
-1443 0 obj <<
+1442 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [411.5778 307.0154 489.9929 319.075]
/Subtype /Link
/A << /S /GoTo /D (man.dnssec-keygen) >>
>> endobj
-1444 0 obj <<
+1443 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 295.0602 134.1116 307.1199]
/Subtype /Link
/A << /S /GoTo /D (man.dnssec-settime) >>
>> endobj
-1438 0 obj <<
-/D [1436 0 R /XYZ 56.6929 794.5015 null]
+1437 0 obj <<
+/D [1435 0 R /XYZ 56.6929 794.5015 null]
>> endobj
230 0 obj <<
-/D [1436 0 R /XYZ 56.6929 439.2963 null]
+/D [1435 0 R /XYZ 56.6929 439.2963 null]
>> endobj
-1439 0 obj <<
-/D [1436 0 R /XYZ 56.6929 409.315 null]
+1438 0 obj <<
+/D [1435 0 R /XYZ 56.6929 409.315 null]
>> endobj
234 0 obj <<
-/D [1436 0 R /XYZ 56.6929 215.0565 null]
+/D [1435 0 R /XYZ 56.6929 215.0565 null]
>> endobj
-1445 0 obj <<
-/D [1436 0 R /XYZ 56.6929 187.7252 null]
+1444 0 obj <<
+/D [1435 0 R /XYZ 56.6929 187.7252 null]
>> endobj
-1435 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F11 1442 0 R >>
+1434 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F11 1441 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1450 0 obj <<
+1449 0 obj <<
/Length 2621
/Filter /FlateDecode
>>
@@ -5652,45 +5643,45 @@ $1(fHq77 G!9ʜ(ds*0RV6
*k+\~:("8lu٦sMsDekF3
s0X>Ýd5X`nkJE LS6 ΀ çUe܉p=;n>vT]*B3X|K~";#'Am#c)ZvF#Ќ>!Ǒ:D9P!~h}+PV
endobj
-1449 0 obj <<
+1448 0 obj <<
/Type /Page
-/Contents 1450 0 R
-/Resources 1448 0 R
+/Contents 1449 0 R
+/Resources 1447 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
+/Parent 1423 0 R
>> endobj
-1451 0 obj <<
-/D [1449 0 R /XYZ 85.0394 794.5015 null]
+1450 0 obj <<
+/D [1448 0 R /XYZ 85.0394 794.5015 null]
>> endobj
238 0 obj <<
-/D [1449 0 R /XYZ 85.0394 544.6974 null]
+/D [1448 0 R /XYZ 85.0394 544.6974 null]
>> endobj
-1452 0 obj <<
-/D [1449 0 R /XYZ 85.0394 516.8643 null]
+1451 0 obj <<
+/D [1448 0 R /XYZ 85.0394 516.8643 null]
>> endobj
242 0 obj <<
-/D [1449 0 R /XYZ 85.0394 467.6389 null]
+/D [1448 0 R /XYZ 85.0394 467.6389 null]
>> endobj
-1453 0 obj <<
-/D [1449 0 R /XYZ 85.0394 439.6503 null]
+1452 0 obj <<
+/D [1448 0 R /XYZ 85.0394 439.6503 null]
>> endobj
246 0 obj <<
-/D [1449 0 R /XYZ 85.0394 266.4633 null]
+/D [1448 0 R /XYZ 85.0394 266.4633 null]
>> endobj
-1454 0 obj <<
-/D [1449 0 R /XYZ 85.0394 238.4748 null]
+1453 0 obj <<
+/D [1448 0 R /XYZ 85.0394 238.4748 null]
>> endobj
250 0 obj <<
-/D [1449 0 R /XYZ 85.0394 132.4384 null]
+/D [1448 0 R /XYZ 85.0394 132.4384 null]
>> endobj
-1455 0 obj <<
-/D [1449 0 R /XYZ 85.0394 107.4147 null]
+1454 0 obj <<
+/D [1448 0 R /XYZ 85.0394 107.4147 null]
>> endobj
-1448 0 obj <<
+1447 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1458 0 obj <<
+1457 0 obj <<
/Length 2222
/Filter /FlateDecode
>>
@@ -5704,71 +5695,71 @@ xڥYKs6WHUEX<<*&lRI4 IܑHEq~}
h!jQpCkٮ E6
ҡ̀Ҡa̠wQl${>QU:3[W'WP?PbHQ/'a 'Ř֎ O-O_w.NIhεȈ5I2}] Ym8^ [oЇƱ\F1cbBe|Qyrendstream
endobj
-1457 0 obj <<
+1456 0 obj <<
/Type /Page
-/Contents 1458 0 R
-/Resources 1456 0 R
+/Contents 1457 0 R
+/Resources 1455 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
-/Annots [ 1467 0 R ]
+/Parent 1423 0 R
+/Annots [ 1466 0 R ]
>> endobj
-1467 0 obj <<
+1466 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [379.778 61.5153 440.978 73.5749]
/Subtype /Link
/A << /S /GoTo /D (managed-keys) >>
>> endobj
-1459 0 obj <<
-/D [1457 0 R /XYZ 56.6929 794.5015 null]
+1458 0 obj <<
+/D [1456 0 R /XYZ 56.6929 794.5015 null]
>> endobj
254 0 obj <<
-/D [1457 0 R /XYZ 56.6929 769.5949 null]
+/D [1456 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1460 0 obj <<
-/D [1457 0 R /XYZ 56.6929 748.2119 null]
+1459 0 obj <<
+/D [1456 0 R /XYZ 56.6929 748.2119 null]
>> endobj
258 0 obj <<
-/D [1457 0 R /XYZ 56.6929 682.7685 null]
+/D [1456 0 R /XYZ 56.6929 682.7685 null]
>> endobj
-1461 0 obj <<
-/D [1457 0 R /XYZ 56.6929 651.6058 null]
+1460 0 obj <<
+/D [1456 0 R /XYZ 56.6929 651.6058 null]
>> endobj
262 0 obj <<
-/D [1457 0 R /XYZ 56.6929 598.1176 null]
+/D [1456 0 R /XYZ 56.6929 598.1176 null]
>> endobj
-1462 0 obj <<
-/D [1457 0 R /XYZ 56.6929 566.9549 null]
+1461 0 obj <<
+/D [1456 0 R /XYZ 56.6929 566.9549 null]
>> endobj
266 0 obj <<
-/D [1457 0 R /XYZ 56.6929 448.4378 null]
+/D [1456 0 R /XYZ 56.6929 448.4378 null]
>> endobj
-1463 0 obj <<
-/D [1457 0 R /XYZ 56.6929 417.2751 null]
+1462 0 obj <<
+/D [1456 0 R /XYZ 56.6929 417.2751 null]
>> endobj
270 0 obj <<
-/D [1457 0 R /XYZ 56.6929 351.8318 null]
+/D [1456 0 R /XYZ 56.6929 351.8318 null]
>> endobj
-1464 0 obj <<
-/D [1457 0 R /XYZ 56.6929 323.6339 null]
+1463 0 obj <<
+/D [1456 0 R /XYZ 56.6929 323.6339 null]
>> endobj
274 0 obj <<
-/D [1457 0 R /XYZ 56.6929 230.1472 null]
+/D [1456 0 R /XYZ 56.6929 230.1472 null]
>> endobj
-1465 0 obj <<
-/D [1457 0 R /XYZ 56.6929 190.6255 null]
+1464 0 obj <<
+/D [1456 0 R /XYZ 56.6929 190.6255 null]
>> endobj
278 0 obj <<
-/D [1457 0 R /XYZ 56.6929 125.8181 null]
+/D [1456 0 R /XYZ 56.6929 125.8181 null]
>> endobj
-1466 0 obj <<
-/D [1457 0 R /XYZ 56.6929 94.6554 null]
+1465 0 obj <<
+/D [1456 0 R /XYZ 56.6929 94.6554 null]
>> endobj
-1456 0 obj <<
+1455 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1471 0 obj <<
+1470 0 obj <<
/Length 3064
/Filter /FlateDecode
>>
@@ -5785,33 +5776,33 @@ AՑ/=4TE1oXJ~z׼iA3vfr%%C_(ooe|ydCYc=ڷ"\G^
FX:N:!G'[;懪7@v|!A~HR~-b(eSӗ9!90ƾ}B6WPr>Լj1V_:g),i32MѢg$5Iʲf"Jׇ|k0wT-`L;K.:uvX/=`e&DEx(]mϮX7v 1KCō?e?S߿ 1|
'??g?endstream
endobj
-1470 0 obj <<
+1469 0 obj <<
/Type /Page
-/Contents 1471 0 R
-/Resources 1469 0 R
+/Contents 1470 0 R
+/Resources 1468 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1424 0 R
+/Parent 1423 0 R
>> endobj
-1472 0 obj <<
-/D [1470 0 R /XYZ 85.0394 794.5015 null]
+1471 0 obj <<
+/D [1469 0 R /XYZ 85.0394 794.5015 null]
>> endobj
282 0 obj <<
-/D [1470 0 R /XYZ 85.0394 769.5949 null]
+/D [1469 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1473 0 obj <<
-/D [1470 0 R /XYZ 85.0394 750.8067 null]
+1472 0 obj <<
+/D [1469 0 R /XYZ 85.0394 750.8067 null]
>> endobj
286 0 obj <<
-/D [1470 0 R /XYZ 85.0394 180.7476 null]
+/D [1469 0 R /XYZ 85.0394 180.7476 null]
>> endobj
-1474 0 obj <<
-/D [1470 0 R /XYZ 85.0394 140.0669 null]
+1473 0 obj <<
+/D [1469 0 R /XYZ 85.0394 140.0669 null]
>> endobj
-1469 0 obj <<
+1468 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1477 0 obj <<
+1476 0 obj <<
/Length 2492
/Filter /FlateDecode
>>
@@ -5825,28 +5816,28 @@ FYK4
@f1CExq7jմCd,V )pꁾױ;.c~r qX7\=dL6s-}P`OkU[mx: l೘ 9\ .B0O9aEU;5:2h*P-l3pyUM<J?Lldzq\*a [M}>Wߟ 6&~ \xya%L">!wIO_U䗉:*50]Б 8[j8Nb
։ i.3@k5p>:8B U'0DM*SQcomկ ٶ]57bԂ I'{}vwkv+:^2K mM)u]S'}@ӊ<tQPTθ;qS>.j@6> ׾^fDlۖ+
endobj
-1476 0 obj <<
+1475 0 obj <<
/Type /Page
-/Contents 1477 0 R
-/Resources 1475 0 R
+/Contents 1476 0 R
+/Resources 1474 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
+/Parent 1479 0 R
>> endobj
-1478 0 obj <<
-/D [1476 0 R /XYZ 56.6929 794.5015 null]
+1477 0 obj <<
+/D [1475 0 R /XYZ 56.6929 794.5015 null]
>> endobj
290 0 obj <<
-/D [1476 0 R /XYZ 56.6929 769.5949 null]
+/D [1475 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1479 0 obj <<
-/D [1476 0 R /XYZ 56.6929 749.1192 null]
+1478 0 obj <<
+/D [1475 0 R /XYZ 56.6929 749.1192 null]
>> endobj
-1475 0 obj <<
-/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F14 956 0 R /F62 1352 0 R /F41 1208 0 R >>
-/XObject << /Im2 1341 0 R >>
+1474 0 obj <<
+/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F14 956 0 R /F62 1351 0 R /F41 1208 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1483 0 obj <<
+1482 0 obj <<
/Length 2317
/Filter /FlateDecode
>>
@@ -5861,34 +5852,34 @@ d2 <6b*Rm0Rˇ
JM+V_fJK&DgW^ ~~RQPܪ4fȮWb5/̀}RS?
e8<ezQ$8BԳ[_Ȅd8!
endobj
-1482 0 obj <<
+1481 0 obj <<
/Type /Page
-/Contents 1483 0 R
-/Resources 1481 0 R
+/Contents 1482 0 R
+/Resources 1480 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
+/Parent 1479 0 R
>> endobj
-1484 0 obj <<
-/D [1482 0 R /XYZ 85.0394 794.5015 null]
+1483 0 obj <<
+/D [1481 0 R /XYZ 85.0394 794.5015 null]
>> endobj
294 0 obj <<
-/D [1482 0 R /XYZ 85.0394 629.0401 null]
+/D [1481 0 R /XYZ 85.0394 629.0401 null]
>> endobj
-1485 0 obj <<
-/D [1482 0 R /XYZ 85.0394 603.8306 null]
+1484 0 obj <<
+/D [1481 0 R /XYZ 85.0394 603.8306 null]
>> endobj
298 0 obj <<
-/D [1482 0 R /XYZ 85.0394 304.8197 null]
+/D [1481 0 R /XYZ 85.0394 304.8197 null]
>> endobj
-1486 0 obj <<
-/D [1482 0 R /XYZ 85.0394 279.6102 null]
+1485 0 obj <<
+/D [1481 0 R /XYZ 85.0394 279.6102 null]
>> endobj
-1481 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F62 1352 0 R /F21 930 0 R /F41 1208 0 R >>
-/XObject << /Im2 1341 0 R >>
+1480 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F62 1351 0 R /F21 930 0 R /F41 1208 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1489 0 obj <<
+1488 0 obj <<
/Length 1904
/Filter /FlateDecode
>>
@@ -5905,45 +5896,45 @@ vɣќGɥ`-5nÕ,F%!oˤKwlj |ZVCn>m} E5}WsT¬
:֬z9zy* %X$xpfW#~,NRgy"M^3cSo8 XEZ&$,E\&ڬ#)QiSiAfZ s:M']#s=<0 b&s""v쉞]
ʽ&sKrsC.R QL`M, .IAP#фmԛ
endobj
-1488 0 obj <<
+1487 0 obj <<
/Type /Page
-/Contents 1489 0 R
-/Resources 1487 0 R
+/Contents 1488 0 R
+/Resources 1486 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
+/Parent 1479 0 R
>> endobj
-1490 0 obj <<
-/D [1488 0 R /XYZ 56.6929 794.5015 null]
+1489 0 obj <<
+/D [1487 0 R /XYZ 56.6929 794.5015 null]
>> endobj
302 0 obj <<
-/D [1488 0 R /XYZ 56.6929 596.0056 null]
+/D [1487 0 R /XYZ 56.6929 596.0056 null]
>> endobj
-1491 0 obj <<
-/D [1488 0 R /XYZ 56.6929 566.6651 null]
+1490 0 obj <<
+/D [1487 0 R /XYZ 56.6929 566.6651 null]
>> endobj
306 0 obj <<
-/D [1488 0 R /XYZ 56.6929 532.1171 null]
+/D [1487 0 R /XYZ 56.6929 532.1171 null]
>> endobj
-1492 0 obj <<
-/D [1488 0 R /XYZ 56.6929 506.5445 null]
+1491 0 obj <<
+/D [1487 0 R /XYZ 56.6929 506.5445 null]
>> endobj
310 0 obj <<
-/D [1488 0 R /XYZ 56.6929 353.6477 null]
+/D [1487 0 R /XYZ 56.6929 353.6477 null]
>> endobj
-1493 0 obj <<
-/D [1488 0 R /XYZ 56.6929 325.2657 null]
+1492 0 obj <<
+/D [1487 0 R /XYZ 56.6929 325.2657 null]
>> endobj
314 0 obj <<
-/D [1488 0 R /XYZ 56.6929 132.6175 null]
+/D [1487 0 R /XYZ 56.6929 132.6175 null]
>> endobj
-1494 0 obj <<
-/D [1488 0 R /XYZ 56.6929 107.4872 null]
+1493 0 obj <<
+/D [1487 0 R /XYZ 56.6929 107.4872 null]
>> endobj
-1487 0 obj <<
+1486 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1497 0 obj <<
+1496 0 obj <<
/Length 2294
/Filter /FlateDecode
>>
@@ -5956,27 +5947,27 @@ IL/t
}sB[x`}whN@'+KSV[?N[rx]Po]!SaX"\GT@ ԇ)g8B9F]8z5}YEya=Z[Imi0{h{dC D6)$VcoS0_DZhgԾF E 0''
#Xn"RV)5oS8T/nendstream
endobj
-1496 0 obj <<
+1495 0 obj <<
/Type /Page
-/Contents 1497 0 R
-/Resources 1495 0 R
+/Contents 1496 0 R
+/Resources 1494 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
+/Parent 1479 0 R
>> endobj
-1498 0 obj <<
-/D [1496 0 R /XYZ 85.0394 794.5015 null]
+1497 0 obj <<
+/D [1495 0 R /XYZ 85.0394 794.5015 null]
>> endobj
318 0 obj <<
-/D [1496 0 R /XYZ 85.0394 704.2027 null]
+/D [1495 0 R /XYZ 85.0394 704.2027 null]
>> endobj
-1499 0 obj <<
-/D [1496 0 R /XYZ 85.0394 675.9152 null]
+1498 0 obj <<
+/D [1495 0 R /XYZ 85.0394 675.9152 null]
>> endobj
-1495 0 obj <<
+1494 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1503 0 obj <<
+1502 0 obj <<
/Length 2284
/Filter /FlateDecode
>>
@@ -5992,33 +5983,33 @@ xڥko\iܻ8]K JZYQ‡\wfg?h8;;yĂ?9|Gv4 "Wx
¦(N˼C"9<Bh:MM<4E>(,7(
Oe4"E=y5i놕+HEay}o7x>jXfӵ4hoN^OȻ +{"NY.RfǽмyT?,{Cendstream
endobj
-1502 0 obj <<
+1501 0 obj <<
/Type /Page
-/Contents 1503 0 R
-/Resources 1501 0 R
+/Contents 1502 0 R
+/Resources 1500 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
+/Parent 1479 0 R
>> endobj
-1504 0 obj <<
-/D [1502 0 R /XYZ 56.6929 794.5015 null]
+1503 0 obj <<
+/D [1501 0 R /XYZ 56.6929 794.5015 null]
>> endobj
322 0 obj <<
-/D [1502 0 R /XYZ 56.6929 519.9229 null]
+/D [1501 0 R /XYZ 56.6929 519.9229 null]
>> endobj
-1505 0 obj <<
-/D [1502 0 R /XYZ 56.6929 488.8874 null]
+1504 0 obj <<
+/D [1501 0 R /XYZ 56.6929 488.8874 null]
>> endobj
326 0 obj <<
-/D [1502 0 R /XYZ 56.6929 326.6298 null]
+/D [1501 0 R /XYZ 56.6929 326.6298 null]
>> endobj
-1506 0 obj <<
-/D [1502 0 R /XYZ 56.6929 298.4037 null]
+1505 0 obj <<
+/D [1501 0 R /XYZ 56.6929 298.4037 null]
>> endobj
-1501 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F11 1442 0 R >>
+1500 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F11 1441 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1509 0 obj <<
+1508 0 obj <<
/Length 2429
/Filter /FlateDecode
>>
@@ -6034,15 +6025,15 @@ Awu
I5_ +"c}1yPRDl`!B,:NgH ~]ۢծTёdb(}}~# _Tr bqeqc@/1>aps$ڭ#oבɄ,
Ua#]8oXp=Ɏ\y~!"
endobj
-1508 0 obj <<
+1507 0 obj <<
/Type /Page
-/Contents 1509 0 R
-/Resources 1507 0 R
+/Contents 1508 0 R
+/Resources 1506 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1480 0 R
-/Annots [ 1512 0 R ]
+/Parent 1479 0 R
+/Annots [ 1511 0 R ]
>> endobj
-1500 0 obj <<
+1499 0 obj <<
/Type /XObject
/Subtype /Form
/FormType 1
@@ -6062,60 +6053,60 @@ xmIn1 EOPwu$Ig0ľ6V5 oʯsO #h8:5?
6\>RgbWj[
WϢ{6;F])/ԬMu;pk;̩dh<EAw𬱱NtD²](;厰rL T͡誋tw_ =]=uS"yl-kHsreOڳvg<7t,e;Э/IB&(󻉨Yٹ,kRԚ'^ m" ^hW9AVy©/f"Fy-Sng \dƥ}B$w1.&COVX9gE{< P)!ZşLު~'UXLcXsЖӒ~BLƹONZ_[.*]3Q!-endstream
endobj
-1512 0 obj <<
+1511 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [377.8384 431.1147 436.8266 441.8991]
/Subtype /Link
/A << /S /GoTo /D (ipv6addresses) >>
>> endobj
-1510 0 obj <<
-/D [1508 0 R /XYZ 85.0394 794.5015 null]
+1509 0 obj <<
+/D [1507 0 R /XYZ 85.0394 794.5015 null]
>> endobj
330 0 obj <<
-/D [1508 0 R /XYZ 85.0394 640.7425 null]
+/D [1507 0 R /XYZ 85.0394 640.7425 null]
>> endobj
-1511 0 obj <<
-/D [1508 0 R /XYZ 85.0394 609.2714 null]
+1510 0 obj <<
+/D [1507 0 R /XYZ 85.0394 609.2714 null]
>> endobj
334 0 obj <<
-/D [1508 0 R /XYZ 85.0394 416.9256 null]
+/D [1507 0 R /XYZ 85.0394 416.9256 null]
>> endobj
-1513 0 obj <<
-/D [1508 0 R /XYZ 85.0394 388.3459 null]
+1512 0 obj <<
+/D [1507 0 R /XYZ 85.0394 388.3459 null]
>> endobj
338 0 obj <<
-/D [1508 0 R /XYZ 85.0394 261.2322 null]
+/D [1507 0 R /XYZ 85.0394 261.2322 null]
>> endobj
-1514 0 obj <<
-/D [1508 0 R /XYZ 85.0394 232.6525 null]
+1513 0 obj <<
+/D [1507 0 R /XYZ 85.0394 232.6525 null]
>> endobj
-1507 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F62 1352 0 R /F21 930 0 R /F39 1151 0 R /F41 1208 0 R >>
-/XObject << /Im3 1500 0 R >>
+1506 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F62 1351 0 R /F21 930 0 R /F39 1151 0 R /F41 1208 0 R >>
+/XObject << /Im3 1499 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1518 0 obj <<
+1517 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
x3T0
endobj
-1517 0 obj <<
+1516 0 obj <<
/Type /Page
-/Contents 1518 0 R
-/Resources 1516 0 R
+/Contents 1517 0 R
+/Resources 1515 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
+/Parent 1519 0 R
>> endobj
-1519 0 obj <<
-/D [1517 0 R /XYZ 56.6929 794.5015 null]
+1518 0 obj <<
+/D [1516 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1516 0 obj <<
+1515 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-1523 0 obj <<
+1522 0 obj <<
/Length 1913
/Filter /FlateDecode
>>
@@ -6127,59 +6118,59 @@ xڍXQ8~ȣh\K-[tqW,O{Ple"Զ=Ggn )H#e6Uf7"c
`
HgEJk.{-Tzm"'3V+JZ?Փۦt ,(TʢU4K_EƵQd{O
endobj
-1522 0 obj <<
+1521 0 obj <<
/Type /Page
-/Contents 1523 0 R
-/Resources 1521 0 R
+/Contents 1522 0 R
+/Resources 1520 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
+/Parent 1519 0 R
>> endobj
-1524 0 obj <<
-/D [1522 0 R /XYZ 85.0394 794.5015 null]
+1523 0 obj <<
+/D [1521 0 R /XYZ 85.0394 794.5015 null]
>> endobj
342 0 obj <<
-/D [1522 0 R /XYZ 85.0394 769.5949 null]
+/D [1521 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1525 0 obj <<
-/D [1522 0 R /XYZ 85.0394 576.7004 null]
+1524 0 obj <<
+/D [1521 0 R /XYZ 85.0394 576.7004 null]
>> endobj
346 0 obj <<
-/D [1522 0 R /XYZ 85.0394 576.7004 null]
+/D [1521 0 R /XYZ 85.0394 576.7004 null]
>> endobj
-1526 0 obj <<
-/D [1522 0 R /XYZ 85.0394 544.8207 null]
+1525 0 obj <<
+/D [1521 0 R /XYZ 85.0394 544.8207 null]
>> endobj
350 0 obj <<
-/D [1522 0 R /XYZ 85.0394 403.9445 null]
+/D [1521 0 R /XYZ 85.0394 403.9445 null]
>> endobj
-1527 0 obj <<
-/D [1522 0 R /XYZ 85.0394 368.2811 null]
+1526 0 obj <<
+/D [1521 0 R /XYZ 85.0394 368.2811 null]
>> endobj
-1521 0 obj <<
+1520 0 obj <<
/Font << /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1530 0 obj <<
+1529 0 obj <<
/Length 69
/Filter /FlateDecode
>>
stream
x3T0
endobj
-1529 0 obj <<
+1528 0 obj <<
/Type /Page
-/Contents 1530 0 R
-/Resources 1528 0 R
+/Contents 1529 0 R
+/Resources 1527 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
+/Parent 1519 0 R
>> endobj
-1531 0 obj <<
-/D [1529 0 R /XYZ 56.6929 794.5015 null]
+1530 0 obj <<
+/D [1528 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1528 0 obj <<
+1527 0 obj <<
/ProcSet [ /PDF ]
>> endobj
-1534 0 obj <<
+1533 0 obj <<
/Length 3198
/Filter /FlateDecode
>>
@@ -6192,47 +6183,47 @@ q@
gM q^Pב"*J}99uMabPs dKF2dwCF:PBF!C(9p@@q6FxTTD_ZȜW8Gz<i=԰BN=s/ߍ0^pw$Vz];6q)^i' asڅ`16 /Rb:#.k @;*kk7V
*3k
endobj
-1533 0 obj <<
+1532 0 obj <<
/Type /Page
-/Contents 1534 0 R
-/Resources 1532 0 R
+/Contents 1533 0 R
+/Resources 1531 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
-/Annots [ 1540 0 R ]
+/Parent 1519 0 R
+/Annots [ 1539 0 R ]
>> endobj
-1540 0 obj <<
+1539 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [356.2946 363.7923 412.5133 376.6291]
/Subtype /Link
/A << /S /GoTo /D (address_match_lists) >>
>> endobj
-1535 0 obj <<
-/D [1533 0 R /XYZ 85.0394 794.5015 null]
+1534 0 obj <<
+/D [1532 0 R /XYZ 85.0394 794.5015 null]
>> endobj
354 0 obj <<
-/D [1533 0 R /XYZ 85.0394 769.5949 null]
+/D [1532 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1536 0 obj <<
-/D [1533 0 R /XYZ 85.0394 576.7004 null]
+1535 0 obj <<
+/D [1532 0 R /XYZ 85.0394 576.7004 null]
>> endobj
358 0 obj <<
-/D [1533 0 R /XYZ 85.0394 479.565 null]
+/D [1532 0 R /XYZ 85.0394 479.565 null]
+>> endobj
+1536 0 obj <<
+/D [1532 0 R /XYZ 85.0394 441.8891 null]
>> endobj
1537 0 obj <<
-/D [1533 0 R /XYZ 85.0394 441.8891 null]
+/D [1532 0 R /XYZ 85.0394 424.9629 null]
>> endobj
1538 0 obj <<
-/D [1533 0 R /XYZ 85.0394 424.9629 null]
->> endobj
-1539 0 obj <<
-/D [1533 0 R /XYZ 85.0394 413.0077 null]
+/D [1532 0 R /XYZ 85.0394 413.0077 null]
>> endobj
-1532 0 obj <<
+1531 0 obj <<
/Font << /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1544 0 obj <<
+1543 0 obj <<
/Length 4062
/Filter /FlateDecode
>>
@@ -6266,33 +6257,33 @@ s*hm≵
Ӂ
s짼h "I)%F*<z'j͔x҇Bv
endobj
-1543 0 obj <<
+1542 0 obj <<
/Type /Page
-/Contents 1544 0 R
-/Resources 1542 0 R
+/Contents 1543 0 R
+/Resources 1541 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
+/Parent 1519 0 R
>> endobj
-1545 0 obj <<
-/D [1543 0 R /XYZ 56.6929 794.5015 null]
+1544 0 obj <<
+/D [1542 0 R /XYZ 56.6929 794.5015 null]
>> endobj
362 0 obj <<
-/D [1543 0 R /XYZ 56.6929 165.9801 null]
+/D [1542 0 R /XYZ 56.6929 165.9801 null]
>> endobj
-1541 0 obj <<
-/D [1543 0 R /XYZ 56.6929 136.242 null]
+1540 0 obj <<
+/D [1542 0 R /XYZ 56.6929 136.242 null]
>> endobj
366 0 obj <<
-/D [1543 0 R /XYZ 56.6929 136.242 null]
+/D [1542 0 R /XYZ 56.6929 136.242 null]
>> endobj
-1546 0 obj <<
-/D [1543 0 R /XYZ 56.6929 106.2766 null]
+1545 0 obj <<
+/D [1542 0 R /XYZ 56.6929 106.2766 null]
>> endobj
-1542 0 obj <<
+1541 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1549 0 obj <<
+1548 0 obj <<
/Length 3065
/Filter /FlateDecode
>>
@@ -6308,39 +6299,39 @@ xڥZs6_>En, ^Rii\=4`cTHʎwb(
_պnԧX;LjRaXB}Y~EqX|$\tcՃZN
覷=v/P>Ql'^r) \3KU=Eque=q!CPS;bH4.(|:bkw_(BQAΟ\o. ҡ92L
endobj
-1548 0 obj <<
+1547 0 obj <<
/Type /Page
-/Contents 1549 0 R
-/Resources 1547 0 R
+/Contents 1548 0 R
+/Resources 1546 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1520 0 R
+/Parent 1519 0 R
>> endobj
-1550 0 obj <<
-/D [1548 0 R /XYZ 85.0394 794.5015 null]
+1549 0 obj <<
+/D [1547 0 R /XYZ 85.0394 794.5015 null]
>> endobj
370 0 obj <<
-/D [1548 0 R /XYZ 85.0394 730.0812 null]
+/D [1547 0 R /XYZ 85.0394 730.0812 null]
>> endobj
-1551 0 obj <<
-/D [1548 0 R /XYZ 85.0394 700.9798 null]
+1550 0 obj <<
+/D [1547 0 R /XYZ 85.0394 700.9798 null]
>> endobj
374 0 obj <<
-/D [1548 0 R /XYZ 85.0394 216.5924 null]
+/D [1547 0 R /XYZ 85.0394 216.5924 null]
>> endobj
-1552 0 obj <<
-/D [1548 0 R /XYZ 85.0394 187.7778 null]
+1551 0 obj <<
+/D [1547 0 R /XYZ 85.0394 187.7778 null]
>> endobj
378 0 obj <<
-/D [1548 0 R /XYZ 85.0394 127.6814 null]
+/D [1547 0 R /XYZ 85.0394 127.6814 null]
>> endobj
-1553 0 obj <<
-/D [1548 0 R /XYZ 85.0394 101.3894 null]
+1552 0 obj <<
+/D [1547 0 R /XYZ 85.0394 101.3894 null]
>> endobj
-1547 0 obj <<
+1546 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F14 956 0 R /F39 1151 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1556 0 obj <<
+1555 0 obj <<
/Length 2310
/Filter /FlateDecode
>>
@@ -6352,40 +6343,40 @@ LHE({Cl֜dCD
[,6g۸qQj%ć*[ V~l$4t KYv)Hrk9AǦRVh4ەvSssqώ%( z9JwAQ<#2qhM5[^ZhVnaZXAfw-oL-RŇˣ2!*ՎvmQL1}\w^P DC!%@L
s.cglt^ w "nˠݬDo 7h{ϮB:`[ *bIY}} Dgq‚!.dU JNH Q>endstream
endobj
-1555 0 obj <<
+1554 0 obj <<
/Type /Page
-/Contents 1556 0 R
-/Resources 1554 0 R
+/Contents 1555 0 R
+/Resources 1553 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
+/Parent 1561 0 R
>> endobj
-1557 0 obj <<
-/D [1555 0 R /XYZ 56.6929 794.5015 null]
+1556 0 obj <<
+/D [1554 0 R /XYZ 56.6929 794.5015 null]
>> endobj
382 0 obj <<
-/D [1555 0 R /XYZ 56.6929 730.9277 null]
+/D [1554 0 R /XYZ 56.6929 730.9277 null]
>> endobj
-1558 0 obj <<
-/D [1555 0 R /XYZ 56.6929 704.9004 null]
+1557 0 obj <<
+/D [1554 0 R /XYZ 56.6929 704.9004 null]
>> endobj
386 0 obj <<
-/D [1555 0 R /XYZ 56.6929 236.9993 null]
+/D [1554 0 R /XYZ 56.6929 236.9993 null]
+>> endobj
+1558 0 obj <<
+/D [1554 0 R /XYZ 56.6929 205.1553 null]
>> endobj
1559 0 obj <<
-/D [1555 0 R /XYZ 56.6929 205.1553 null]
+/D [1554 0 R /XYZ 56.6929 146.386 null]
>> endobj
1560 0 obj <<
-/D [1555 0 R /XYZ 56.6929 146.386 null]
->> endobj
-1561 0 obj <<
-/D [1555 0 R /XYZ 56.6929 134.4308 null]
+/D [1554 0 R /XYZ 56.6929 134.4308 null]
>> endobj
-1554 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F62 1352 0 R >>
-/XObject << /Im3 1500 0 R >>
+1553 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F62 1351 0 R >>
+/XObject << /Im3 1499 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1565 0 obj <<
+1564 0 obj <<
/Length 2383
/Filter /FlateDecode
>>
@@ -6400,45 +6391,45 @@ w26m
α.߻VJ4N?/GL !ND!OmeLCJG㇡ <'( $%ݼ|4Ư`4`G'JµP~cԲuסVO|J=*Bie* g8P dq9Ɔ-|-AV9xur&K)ͤn۬mTLI&)B >>7n*N"!ݜxSw.!}C] _V'E l QCaɤ.uq)m̞>oCx:(@pZƀ ]zč񴕞$HP3@u?U?=#imE*vf^I"]4
 6k jE_1 qjt7[غ˶P J E.z{Pet^_G+]Sc_ᣃsНrnJQ(<V_\eH|[moendstream
endobj
-1564 0 obj <<
+1563 0 obj <<
/Type /Page
-/Contents 1565 0 R
-/Resources 1563 0 R
+/Contents 1564 0 R
+/Resources 1562 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
+/Parent 1561 0 R
>> endobj
-1566 0 obj <<
-/D [1564 0 R /XYZ 85.0394 794.5015 null]
+1565 0 obj <<
+/D [1563 0 R /XYZ 85.0394 794.5015 null]
>> endobj
390 0 obj <<
-/D [1564 0 R /XYZ 85.0394 513.3136 null]
+/D [1563 0 R /XYZ 85.0394 513.3136 null]
>> endobj
-1567 0 obj <<
-/D [1564 0 R /XYZ 85.0394 488.974 null]
+1566 0 obj <<
+/D [1563 0 R /XYZ 85.0394 488.974 null]
>> endobj
394 0 obj <<
-/D [1564 0 R /XYZ 85.0394 420.2055 null]
+/D [1563 0 R /XYZ 85.0394 420.2055 null]
+>> endobj
+1567 0 obj <<
+/D [1563 0 R /XYZ 85.0394 390.0916 null]
>> endobj
1568 0 obj <<
-/D [1564 0 R /XYZ 85.0394 390.0916 null]
+/D [1563 0 R /XYZ 85.0394 312.7536 null]
>> endobj
1569 0 obj <<
-/D [1564 0 R /XYZ 85.0394 312.7536 null]
->> endobj
-1570 0 obj <<
-/D [1564 0 R /XYZ 85.0394 300.7984 null]
+/D [1563 0 R /XYZ 85.0394 300.7984 null]
>> endobj
398 0 obj <<
-/D [1564 0 R /XYZ 85.0394 159.3 null]
+/D [1563 0 R /XYZ 85.0394 159.3 null]
>> endobj
-1571 0 obj <<
-/D [1564 0 R /XYZ 85.0394 131.3824 null]
+1570 0 obj <<
+/D [1563 0 R /XYZ 85.0394 131.3824 null]
>> endobj
-1563 0 obj <<
+1562 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1574 0 obj <<
+1573 0 obj <<
/Length 4330
/Filter /FlateDecode
>>
@@ -6462,48 +6453,48 @@ epc .ѯsYGpr:q#"Or't-"JVr笨΀|bE i=k z+ ?l
9ѽ1W.UQ^^ltsiz`XxQ;x!Wpǀ~1\M$ Kqx/L6I4d"޿N+8?aRXT~o?b@"JCw
k%A\uWo*>OuHLՐxB8i5EA Lj:<G1nIendstream
endobj
-1573 0 obj <<
+1572 0 obj <<
/Type /Page
-/Contents 1574 0 R
-/Resources 1572 0 R
+/Contents 1573 0 R
+/Resources 1571 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
-/Annots [ 1576 0 R 1577 0 R ]
+/Parent 1561 0 R
+/Annots [ 1575 0 R 1576 0 R ]
>> endobj
-1576 0 obj <<
+1575 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 387.5149 256.3816 399.5745]
/Subtype /Link
/A << /S /GoTo /D (rndc) >>
>> endobj
-1577 0 obj <<
+1576 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [268.5158 387.5149 332.4306 399.5745]
/Subtype /Link
/A << /S /GoTo /D (admin_tools) >>
>> endobj
-1575 0 obj <<
-/D [1573 0 R /XYZ 56.6929 794.5015 null]
+1574 0 obj <<
+/D [1572 0 R /XYZ 56.6929 794.5015 null]
>> endobj
402 0 obj <<
-/D [1573 0 R /XYZ 56.6929 692.9565 null]
+/D [1572 0 R /XYZ 56.6929 692.9565 null]
>> endobj
-1329 0 obj <<
-/D [1573 0 R /XYZ 56.6929 660.5438 null]
+1328 0 obj <<
+/D [1572 0 R /XYZ 56.6929 660.5438 null]
>> endobj
406 0 obj <<
-/D [1573 0 R /XYZ 56.6929 112.3379 null]
+/D [1572 0 R /XYZ 56.6929 112.3379 null]
>> endobj
-1578 0 obj <<
-/D [1573 0 R /XYZ 56.6929 85.6994 null]
+1577 0 obj <<
+/D [1572 0 R /XYZ 56.6929 85.6994 null]
>> endobj
-1572 0 obj <<
+1571 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R /F14 956 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1582 0 obj <<
+1581 0 obj <<
/Length 2372
/Filter /FlateDecode
>>
@@ -6518,67 +6509,67 @@ gRLC)g~. Rz\DQQy($-ͮ2x{{ U?3:N)"BNi
qc!l4+׬oToF'|7bz EF ],mܖTm`aUr.~q\ , cWa ؽ!OdF1LC 4ѶbD6"GVy,3.B`` ryoCӐ%lK0fz0fQf+b%-Y٘: n7}?vr.mﷸmbm_JIc(āmf"֦X[CE-iahaLAjCa?#F0 b6 <$EǼ]}8. G{ZZl"/sw!e.{Mo3 wrS]_}oz7]mf69+C>ؼ ƖanӤ) Nj{I6Uo54ݔ=,yXea y|u9BPġǍ]Ǵ^ܝV)fJlJ;w8Eeޢ|c)Odæ
|AXuLYIs_0endstream
endobj
-1581 0 obj <<
+1580 0 obj <<
/Type /Page
-/Contents 1582 0 R
-/Resources 1580 0 R
+/Contents 1581 0 R
+/Resources 1579 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
-/Annots [ 1587 0 R 1588 0 R 1589 0 R ]
+/Parent 1561 0 R
+/Annots [ 1586 0 R 1587 0 R 1588 0 R ]
>> endobj
-1587 0 obj <<
+1586 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [406.6264 524.1437 456.8481 536.2033]
/Subtype /Link
/A << /S /GoTo /D (tsig) >>
>> endobj
-1588 0 obj <<
+1587 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [140.5805 512.856 196.7992 524.2481]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1589 0 obj <<
+1588 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [103.6195 470.0794 159.8382 482.1391]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1583 0 obj <<
-/D [1581 0 R /XYZ 85.0394 794.5015 null]
+1582 0 obj <<
+/D [1580 0 R /XYZ 85.0394 794.5015 null]
>> endobj
410 0 obj <<
-/D [1581 0 R /XYZ 85.0394 769.5949 null]
+/D [1580 0 R /XYZ 85.0394 769.5949 null]
>> endobj
-1584 0 obj <<
-/D [1581 0 R /XYZ 85.0394 749.3189 null]
+1583 0 obj <<
+/D [1580 0 R /XYZ 85.0394 749.3189 null]
>> endobj
414 0 obj <<
-/D [1581 0 R /XYZ 85.0394 679.8163 null]
+/D [1580 0 R /XYZ 85.0394 679.8163 null]
>> endobj
-1585 0 obj <<
-/D [1581 0 R /XYZ 85.0394 652.1211 null]
+1584 0 obj <<
+/D [1580 0 R /XYZ 85.0394 652.1211 null]
>> endobj
418 0 obj <<
-/D [1581 0 R /XYZ 85.0394 573.4726 null]
+/D [1580 0 R /XYZ 85.0394 573.4726 null]
>> endobj
-1586 0 obj <<
-/D [1581 0 R /XYZ 85.0394 542.9681 null]
+1585 0 obj <<
+/D [1580 0 R /XYZ 85.0394 542.9681 null]
>> endobj
422 0 obj <<
-/D [1581 0 R /XYZ 85.0394 335.1831 null]
+/D [1580 0 R /XYZ 85.0394 335.1831 null]
>> endobj
-1590 0 obj <<
-/D [1581 0 R /XYZ 85.0394 307.4879 null]
+1589 0 obj <<
+/D [1580 0 R /XYZ 85.0394 307.4879 null]
>> endobj
-1580 0 obj <<
+1579 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R /F53 1303 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1593 0 obj <<
+1592 0 obj <<
/Length 3489
/Filter /FlateDecode
>>
@@ -6603,33 +6594,33 @@ vk^)Da%KVYH13 mG+4tM9\k
l75'}"Hcdڼ~?j=U}#͛ sQqw2E<\{l$a@Z)ĉ+&9bk$0L#p2
kc0C8_P;v!(3S|@x"B_ IJ,xc$֕' н.' &
endobj
-1592 0 obj <<
+1591 0 obj <<
/Type /Page
-/Contents 1593 0 R
-/Resources 1591 0 R
+/Contents 1592 0 R
+/Resources 1590 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
+/Parent 1561 0 R
>> endobj
-1594 0 obj <<
-/D [1592 0 R /XYZ 56.6929 794.5015 null]
+1593 0 obj <<
+/D [1591 0 R /XYZ 56.6929 794.5015 null]
>> endobj
426 0 obj <<
-/D [1592 0 R /XYZ 56.6929 769.5949 null]
+/D [1591 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1595 0 obj <<
-/D [1592 0 R /XYZ 56.6929 749.2381 null]
+1594 0 obj <<
+/D [1591 0 R /XYZ 56.6929 749.2381 null]
>> endobj
430 0 obj <<
-/D [1592 0 R /XYZ 56.6929 540.3599 null]
+/D [1591 0 R /XYZ 56.6929 540.3599 null]
>> endobj
-1596 0 obj <<
-/D [1592 0 R /XYZ 56.6929 517.4049 null]
+1595 0 obj <<
+/D [1591 0 R /XYZ 56.6929 517.4049 null]
>> endobj
-1591 0 obj <<
+1590 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R /F39 1151 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1599 0 obj <<
+1598 0 obj <<
/Length 3318
/Filter /FlateDecode
>>
@@ -6644,29 +6635,29 @@ S&t&b_G)MJHBe^0CX ld0Aڢ#h-Jʯ4^0FB*YC gױ
"{'BEcLEi3Y=&D6u;iX֎p5w/g:sNjYR0I|ˢ9\y B^|ء敜/PP,5Wgh yI@F՜RjFdp Ci"= 7wol8ǫ6]jw]bE_
auz(S:[)endstream
endobj
-1598 0 obj <<
+1597 0 obj <<
/Type /Page
-/Contents 1599 0 R
-/Resources 1597 0 R
+/Contents 1598 0 R
+/Resources 1596 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1562 0 R
-/Annots [ 1601 0 R ]
+/Parent 1561 0 R
+/Annots [ 1600 0 R ]
>> endobj
-1601 0 obj <<
+1600 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [173.6261 273.4719 242.2981 282.8815]
/Subtype /Link
/A << /S /GoTo /D (the_category_phrase) >>
>> endobj
-1600 0 obj <<
-/D [1598 0 R /XYZ 85.0394 794.5015 null]
+1599 0 obj <<
+/D [1597 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1597 0 obj <<
+1596 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1605 0 obj <<
+1604 0 obj <<
/Length 2400
/Filter /FlateDecode
>>
@@ -6682,33 +6673,33 @@ k"YSͷ <&=b*M*PTJ`y[P!GrU.G& ^_LƮoq4˓~
.k} sg'<_^G4Ξ+8y5! 򽚪.;O =4­zfKe b<5LzD/H~B) '2ğ[/< S] A4rb=E4r5ȊAv0B,/.pm(,
;zmc?Â@6OB3"?H;^juй
endobj
-1604 0 obj <<
+1603 0 obj <<
/Type /Page
-/Contents 1605 0 R
-/Resources 1603 0 R
+/Contents 1604 0 R
+/Resources 1602 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
+/Parent 1608 0 R
>> endobj
-1606 0 obj <<
-/D [1604 0 R /XYZ 56.6929 794.5015 null]
+1605 0 obj <<
+/D [1603 0 R /XYZ 56.6929 794.5015 null]
>> endobj
434 0 obj <<
-/D [1604 0 R /XYZ 56.6929 520.4669 null]
+/D [1603 0 R /XYZ 56.6929 520.4669 null]
>> endobj
-1602 0 obj <<
-/D [1604 0 R /XYZ 56.6929 495.6849 null]
+1601 0 obj <<
+/D [1603 0 R /XYZ 56.6929 495.6849 null]
>> endobj
-1607 0 obj <<
-/D [1604 0 R /XYZ 56.6929 178.7136 null]
+1606 0 obj <<
+/D [1603 0 R /XYZ 56.6929 178.7136 null]
>> endobj
-1608 0 obj <<
-/D [1604 0 R /XYZ 56.6929 166.7584 null]
+1607 0 obj <<
+/D [1603 0 R /XYZ 56.6929 166.7584 null]
>> endobj
-1603 0 obj <<
+1602 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1612 0 obj <<
+1611 0 obj <<
/Length 2418
/Filter /FlateDecode
>>
@@ -6724,21 +6715,21 @@ P>9($d#727M=Ln|}|ԅBFV8v }~Ѵ;Wg"-'n,fl
"|' L*
{l ]@DZRY7kM/̊pendstream
endobj
-1611 0 obj <<
+1610 0 obj <<
/Type /Page
-/Contents 1612 0 R
-/Resources 1610 0 R
+/Contents 1611 0 R
+/Resources 1609 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
+/Parent 1608 0 R
>> endobj
-1613 0 obj <<
-/D [1611 0 R /XYZ 85.0394 794.5015 null]
+1612 0 obj <<
+/D [1610 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1610 0 obj <<
+1609 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1616 0 obj <<
+1615 0 obj <<
/Length 2956
/Filter /FlateDecode
>>
@@ -6756,33 +6747,33 @@ JK2o=.EVxR)FG 20zMz,CI$2FL>hF ӓMȓTǓwɘqj
*^ev Ը6
:)rP3uV1wrTevN(cw_^ xȜgLq6h&n63P8Lx<j-AmFy ٽ1> !f>њP ?Qr׾JjC^4=..i*:nXy۬Q~JR"vACr}p4dc l6A /f
endobj
-1615 0 obj <<
+1614 0 obj <<
/Type /Page
-/Contents 1616 0 R
-/Resources 1614 0 R
+/Contents 1615 0 R
+/Resources 1613 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
+/Parent 1608 0 R
>> endobj
-1617 0 obj <<
-/D [1615 0 R /XYZ 56.6929 794.5015 null]
+1616 0 obj <<
+/D [1614 0 R /XYZ 56.6929 794.5015 null]
>> endobj
438 0 obj <<
-/D [1615 0 R /XYZ 56.6929 510.1455 null]
+/D [1614 0 R /XYZ 56.6929 510.1455 null]
+>> endobj
+1617 0 obj <<
+/D [1614 0 R /XYZ 56.6929 482.5541 null]
>> endobj
1618 0 obj <<
-/D [1615 0 R /XYZ 56.6929 482.5541 null]
+/D [1614 0 R /XYZ 56.6929 117.762 null]
>> endobj
1619 0 obj <<
-/D [1615 0 R /XYZ 56.6929 117.762 null]
+/D [1614 0 R /XYZ 56.6929 105.8069 null]
>> endobj
-1620 0 obj <<
-/D [1615 0 R /XYZ 56.6929 105.8069 null]
->> endobj
-1614 0 obj <<
+1613 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1623 0 obj <<
+1622 0 obj <<
/Length 2444
/Filter /FlateDecode
>>
@@ -6801,27 +6792,27 @@ gveUD/)VtϏ'V1τ>_=QdbeEoj4)*S"wp
Sm8o[W䉽l**c4I>?.>x$N{_#nkb|IUaSb ,KD@8 4`>$W3}$J@Awj3'آ- HQS |S1ćo4X 44<n<ey4X]z>wU L\SKG\|Rfp|~: FR*n=|'/GPxWP5?޼wtz М&sg=
=G<@x`a?hIX%,u'a=.a
endobj
-1622 0 obj <<
+1621 0 obj <<
/Type /Page
-/Contents 1623 0 R
-/Resources 1621 0 R
+/Contents 1622 0 R
+/Resources 1620 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
+/Parent 1608 0 R
>> endobj
-1624 0 obj <<
-/D [1622 0 R /XYZ 85.0394 794.5015 null]
+1623 0 obj <<
+/D [1621 0 R /XYZ 85.0394 794.5015 null]
>> endobj
442 0 obj <<
-/D [1622 0 R /XYZ 85.0394 220.329 null]
+/D [1621 0 R /XYZ 85.0394 220.329 null]
>> endobj
-1625 0 obj <<
-/D [1622 0 R /XYZ 85.0394 191.1908 null]
+1624 0 obj <<
+/D [1621 0 R /XYZ 85.0394 191.1908 null]
>> endobj
-1621 0 obj <<
+1620 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1628 0 obj <<
+1627 0 obj <<
/Length 2008
/Filter /FlateDecode
>>
@@ -6839,60 +6830,60 @@ nWzƻ\nUX}`#D
T` <)K.Nme1go,vCg/P2]:ɜ '!ԟ|҇"pz#lmvCޣ 79^wMK^P g4]2'}{Y"?݃hu708O mO|<̍| jwa\x=ưt[}8:V^EBVlT_mJcDo[Y֧ ʀ*JljO:lpS,
Ef;YwM{_7'X|EN;Ow}7yؠ2}̀ÇrGQF ;
endobj
-1627 0 obj <<
+1626 0 obj <<
/Type /Page
-/Contents 1628 0 R
-/Resources 1626 0 R
+/Contents 1627 0 R
+/Resources 1625 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
-/Annots [ 1631 0 R 1632 0 R ]
+/Parent 1608 0 R
+/Annots [ 1630 0 R 1631 0 R ]
>> endobj
-1631 0 obj <<
+1630 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [491.4967 730.5319 511.2325 742.5915]
/Subtype /Link
/A << /S /GoTo /D (lwresd) >>
>> endobj
-1632 0 obj <<
+1631 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [55.6967 718.5767 89.457 730.6364]
/Subtype /Link
/A << /S /GoTo /D (lwresd) >>
>> endobj
-1629 0 obj <<
-/D [1627 0 R /XYZ 56.6929 794.5015 null]
+1628 0 obj <<
+/D [1626 0 R /XYZ 56.6929 794.5015 null]
>> endobj
446 0 obj <<
-/D [1627 0 R /XYZ 56.6929 769.5949 null]
+/D [1626 0 R /XYZ 56.6929 769.5949 null]
>> endobj
-1630 0 obj <<
-/D [1627 0 R /XYZ 56.6929 749.3309 null]
+1629 0 obj <<
+/D [1626 0 R /XYZ 56.6929 749.3309 null]
>> endobj
450 0 obj <<
-/D [1627 0 R /XYZ 56.6929 523.534 null]
+/D [1626 0 R /XYZ 56.6929 523.534 null]
>> endobj
-1633 0 obj <<
-/D [1627 0 R /XYZ 56.6929 498.8411 null]
+1632 0 obj <<
+/D [1626 0 R /XYZ 56.6929 498.8411 null]
>> endobj
454 0 obj <<
-/D [1627 0 R /XYZ 56.6929 429.268 null]
+/D [1626 0 R /XYZ 56.6929 429.268 null]
>> endobj
-1634 0 obj <<
-/D [1627 0 R /XYZ 56.6929 398.8008 null]
+1633 0 obj <<
+/D [1626 0 R /XYZ 56.6929 398.8008 null]
>> endobj
458 0 obj <<
-/D [1627 0 R /XYZ 56.6929 365.2487 null]
+/D [1626 0 R /XYZ 56.6929 365.2487 null]
>> endobj
-1635 0 obj <<
-/D [1627 0 R /XYZ 56.6929 337.6865 null]
+1634 0 obj <<
+/D [1626 0 R /XYZ 56.6929 337.6865 null]
>> endobj
-1626 0 obj <<
+1625 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1638 0 obj <<
+1637 0 obj <<
/Length 1135
/Filter /FlateDecode
>>
@@ -6906,21 +6897,21 @@ eSe՞<b4^.OPhVrMɱ95GC.z)\g:Fqe.U(2 h
Z1U`X$P Ks>VôO`rgl jn;nQCrHE\b>z/{y%TU|;
:Z/źGe9ġQzH^;ʇsdtYu=+$Kʴ#ːl3YjtM S{D|^IV˹U>E;1&Nu@82LʠrΞ{yu:
endobj
-1637 0 obj <<
+1636 0 obj <<
/Type /Page
-/Contents 1638 0 R
-/Resources 1636 0 R
+/Contents 1637 0 R
+/Resources 1635 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1609 0 R
+/Parent 1608 0 R
>> endobj
-1639 0 obj <<
-/D [1637 0 R /XYZ 85.0394 794.5015 null]
+1638 0 obj <<
+/D [1636 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1636 0 obj <<
+1635 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1642 0 obj <<
+1641 0 obj <<
/Length 1187
/Filter /FlateDecode
>>
@@ -6929,21 +6920,21 @@ xX[6~T]٧ֻLi\xȻj08 o&Y vwnA@ fA!2
mccφ$p7#@2M߽
+  gk
endobj
-1641 0 obj <<
+1640 0 obj <<
/Type /Page
-/Contents 1642 0 R
-/Resources 1640 0 R
+/Contents 1641 0 R
+/Resources 1639 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
+/Parent 1643 0 R
>> endobj
-1643 0 obj <<
-/D [1641 0 R /XYZ 56.6929 794.5015 null]
+1642 0 obj <<
+/D [1640 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1640 0 obj <<
+1639 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1647 0 obj <<
+1646 0 obj <<
/Length 1337
/Filter /FlateDecode
>>
@@ -6954,27 +6945,27 @@ i:&i<" ɨ\RZygp -RXUl&2Кf "8>q"=Ov-buz~
U;Mq>L6{5fQ;VɬW 7 2%ʵ)u63*˷U)BJ r92ٰ9kZQ@OFxn{~
 l)V'bSJ{zi>,٣;}6vM*
endobj
-1646 0 obj <<
+1645 0 obj <<
/Type /Page
-/Contents 1647 0 R
-/Resources 1645 0 R
+/Contents 1646 0 R
+/Resources 1644 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
+/Parent 1643 0 R
>> endobj
-1648 0 obj <<
-/D [1646 0 R /XYZ 85.0394 794.5015 null]
+1647 0 obj <<
+/D [1645 0 R /XYZ 85.0394 794.5015 null]
>> endobj
462 0 obj <<
-/D [1646 0 R /XYZ 85.0394 122.4687 null]
+/D [1645 0 R /XYZ 85.0394 122.4687 null]
>> endobj
-1317 0 obj <<
-/D [1646 0 R /XYZ 85.0394 92.1609 null]
+1316 0 obj <<
+/D [1645 0 R /XYZ 85.0394 92.1609 null]
>> endobj
-1645 0 obj <<
+1644 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1651 0 obj <<
+1650 0 obj <<
/Length 3032
/Filter /FlateDecode
>>
@@ -6994,21 +6985,21 @@ _ ^?mM59Vt]}\˳7r>|\(
K/(1[+(& ⑞f_Ei*IT
D,SIe))o#endstream
endobj
-1650 0 obj <<
+1649 0 obj <<
/Type /Page
-/Contents 1651 0 R
-/Resources 1649 0 R
+/Contents 1650 0 R
+/Resources 1648 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
+/Parent 1643 0 R
>> endobj
-1652 0 obj <<
-/D [1650 0 R /XYZ 56.6929 794.5015 null]
+1651 0 obj <<
+/D [1649 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1649 0 obj <<
+1648 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F53 1303 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1655 0 obj <<
+1654 0 obj <<
/Length 3894
/Filter /FlateDecode
>>
@@ -7033,29 +7024,29 @@ Yg2xԘP \_
fbpe2Iomff /=
8]^[}"D_y}CW,<m/nه 'Og6nMOX&mBM:<~.
endobj
-1654 0 obj <<
+1653 0 obj <<
/Type /Page
-/Contents 1655 0 R
-/Resources 1653 0 R
+/Contents 1654 0 R
+/Resources 1652 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
-/Annots [ 1657 0 R ]
+/Parent 1643 0 R
+/Annots [ 1656 0 R ]
>> endobj
-1657 0 obj <<
+1656 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [250.9056 106.0844 314.5963 115.494]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
-1656 0 obj <<
-/D [1654 0 R /XYZ 85.0394 794.5015 null]
+1655 0 obj <<
+/D [1653 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1653 0 obj <<
+1652 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F41 1208 0 R /F21 930 0 R /F39 1151 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1661 0 obj <<
+1660 0 obj <<
/Length 3489
/Filter /FlateDecode
>>
@@ -7076,2780 +7067,2769 @@ m/M O=И7D2<q!6)9L%/Qɾ6%,exnw(QH0
ً~Ҽ\A?>?$inu{ӑܴ]xrtya>s9V XM-'a^B֚M]v6]^$qoM81p1 %Eo-WOiӻ_2;Zz|r0<A&T.s c}o W'>8j-J&=сL Bc{ϧӂv n>ah_~!~yyOӗOآ |ihKjYJyH|W@pO*7?^!W~(H?EP
*:-Ghendstream
endobj
-1660 0 obj <<
+1659 0 obj <<
/Type /Page
-/Contents 1661 0 R
-/Resources 1659 0 R
+/Contents 1660 0 R
+/Resources 1658 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
-/Annots [ 1663 0 R ]
+/Parent 1643 0 R
+/Annots [ 1662 0 R ]
>> endobj
-1663 0 obj <<
+1662 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
/Rect [80.6033 659.1254 149.9876 671.185]
/Subtype /Link
/A << /S /GoTo /D (dynamic_update_policies) >>
>> endobj
-1662 0 obj <<
-/D [1660 0 R /XYZ 56.6929 794.5015 null]
+1661 0 obj <<
+/D [1659 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1659 0 obj <<
+1658 0 obj <<
/Font << /F37 1018 0 R /F41 1208 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1666 0 obj <<
-/Length 3661
+1665 0 obj <<
+/Length 3757
/Filter /FlateDecode
>>
stream
-xڥ]sܶ]&O NgYNIJ+t<PGJb#/G]_IJk?X,…ª@DI0I(zs$0Q8+b}suCdIhW7Z6ֆ_N>_]Ko/HB?.>˓c/?]ه˳ӳUhU%S8g}{yW]ug7ף ݑĪ| L*
-TE~<r׎`-l43Á
-,}|yv^M&ir$fϪ#XN*2Q ̊&.UZֻ4SB# ϲfXË1*0Fco:^w6_? !f_|rvJv\ou^/QMvE|ܗm*jav"Pa s"k@i6Uې.s(y,b)"Ӊ
-| wF;Vnw>!4]Dߴ4%}rߴy;"hBMj}G2UK:2"
-:lW`\Hsd.|!E@~.c ws3i=M6C%y,2pX)3޹2<4i:WRH&cU;$Iw@zb@&lf0 ?dXzyBc(r
-LlMP-?DXPMÈ4,} oR]k( SW$2TC{U
-=xoS08V|@'>-qͶ SCn+,|$QpDܡ$cyI=6˼|,\1zN҅
-k8Y›5@zotj]CyNF& K[!,EVzTLjvv +*8\X8CN߀#I(j HEHbm,
-̵cVse`K{rzj#WygI0=t|
-mq_&9f=A+aw=yu02Lbˀ x޹+ 2O.?l$
-_4fv 7.?3f'B%QXE[kZMPؑtx 4WPkdR5i! NRH=bco*ÄM<V@)~w'(u$9swBԢQWe:(cVn!dQaEr7HO$]:|j茧,\l
-Dwۚð?tT& N:qc]5fz᪮V]u#w2v7w=on=IG5P4Kt(ܬOfwz
-KթsfR"o07۵=4<v +
-'ph%U?pW~6)OW*Y~]*h=}-Cd@CR
-6&ςSS^WEN-i/j| :@%Sλ?:}}endstream
+xڥZs_K䙈u:R'9I@K͆"tw(Z `o3rfu T$
+z\}w"g}oO^W, mo.kz_>]_.B-&8]h#^\~~|߮Nh~}񒚯ߟ__=?]H%y#_xNwWg>]ru~PN~EVODg{xLp>
+to)N>NV66'0(LV&ta3n
+N :t|۪jRe/*3VWo,ZrWzWgb4HcР@ҤZ1ӢN%jrᒫNolw6oXO&D V exG2h;BM"V +bɊj܌eXć] jzGg*M a p4n&[geSSi?l"J1iG@!ےyQu'l';b`\agTy.w*e]gEQUu(ܨ%h&Db3Y :kHQ((xkZWiSmqzATEmKP|uW+`6P9W4Z+4I4Ҳr+`l):D!ߔ~JgWGQj<aͣ۟zDdʲM~xs7D n.&wV,:-n]0}Bh"mve=]d+^FB79RϿH=iZuVЪrEA
+:%G.C@v U
+ zfkb^Be-[ dSJMAE܀Ne%!D&ij2I1^ɇ:"200'$7덗ڗL`ݚHFxyfFM_zqsA^/2ʻWuU\jU<8r> `$ϟ8gQBFFי~8E W@A<8qqLa`Ƴh*4LF-CS* 5{5AJݷWxjWl
+줐ǧE]1odj(mINQ
+F:K^C0zʪ@md}࡬k5Gxa5fo7acb\r ÑQnQ x~g[*.-q/Dir@')zzng6BQݕ4Y8C9 HȄ^)]pJez))aȴ/f+`
+o@eqJYmM.ywf
+1P(,^y)(pnն~aEWʹ9z7
+Id
+ :` y#6< !KYVvWHw@qIoЊ)D eb0qgJ: w0:a*0#9Kѿ3Nq/6ӼY◡yIuoVߧWd]sTs3',0e'^ʓm<lzN
+Zxh@mk.\\|2'DgB("uå%G@T*!vp:Uo ԎSidяJ\B zSXI5bqorE+$wﮎO[oهs# !NEUeO$Б}+[ 72fJ a?PLw b_GPAg{q4v~R,C+gS:xZgMF6\!Db_->d3 9p7Cv"~=iGf:_4mBfSm[y8UoK˦FR XeM]eksB]~V)p ݻGqU~M
endobj
-1665 0 obj <<
+1664 0 obj <<
/Type /Page
-/Contents 1666 0 R
-/Resources 1664 0 R
+/Contents 1665 0 R
+/Resources 1663 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1644 0 R
-/Annots [ 1668 0 R ]
+/Parent 1643 0 R
+/Annots [ 1667 0 R ]
>> endobj
-1668 0 obj <<
+1667 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[0 1 1]
-/Rect [278.4002 485.7209 280.3928 497.7806]
+/Rect [278.4002 489.1367 280.3928 501.1963]
/Subtype/Link/A<</Type/Action/S/URI/URI()>>
>> endobj
-1667 0 obj <<
-/D [1665 0 R /XYZ 85.0394 794.5015 null]
+1666 0 obj <<
+/D [1664 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1664 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R /F11 1442 0 R >>
+1663 0 obj <<
+/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R /F11 1441 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1671 0 obj <<
-/Length 3076
+1670 0 obj <<
+/Length 3189
/Filter /FlateDecode
>>
stream
-xZs۸_><""
-1-Xm,V|YD&.tI&{)L8Rph P)e{?WWWٛW^f&3@'$B,M7[EmZ9!sj7/"jɯ^-?_d\fX\bIFM_^%`i+9)V0ozU
-\#>U@ v}V^YH}qeJ<QNLLR3 NgyEmA|>GyrK͹m.hC8Z覚Z=qF!y*Q`PF"rVfDxD,ȁȩ, B޼XՖnf,_. z("qc03{ &vT:/K1vjp!~\͘UO+[r$ Hm#$..:YnK7x@7Ŗ+w]͹pӢT4A傮bӮ*`ҺY7A* =;8z
- p
-ofH*)>Žre
-:\#J %Nf ,YMcq<2<
-TG,ȢoW!
-ϖW-0K-ءX5.|<ǔ!.򮪃[@4O^]`}q<h2<N!rұX7[Ͷ-β˷\#
-%t_VN]4Y>$ҦL)gBB!wuAr!,6m哹PKc8 mA׽ (ń5J~l懲xDLp
-y}+y1e-F?Ympc p]7D5*÷cs6CnTEl}4w|-eRbOC[ҼՋP ~R]Ԃ
-skSÍ\w$Cq,j8 V-FG'7GMiRnI;iu{qvh4ee*=͔Rv]̼lasXXƿ5EЍH[Y(GE ~YQ^= +qPT@~eD*zxs_&%#\*{ųh+sݤf4Vw. rUkdO9PB?@oǡ vDAԨ:(Bi=c<)5Ury:=~o-S+6IS+F`uZ==bkq 7kqpL= '$5үX1
-uVf$#xS뵔/FL6'R~(3B~gSS[/2)"lWEc_Aendstream
+xڥZs۸_><!A0yʇiw=eH(Q;߻]PDɗin뷐((¦*%q$tyۧ 4@4Rx}Q*R~D~[%p>^|ݻČo>^NTo~ѧw?r"],/Ww27i& wWWwW.Kw2Ҹ/~-`?^DB.=K$dZF0S^|k˰/<? 8@:褈4%q*V
+ (K5sl/帢yR1 >3߷A$5HÑMi+,grC>Q44Zi-6)&ɋc T+wTpK=dV5M>$3)p0l&#@;oDD: ̄#oE鸘F٪~xbm?r&S`$(_LmV8ÇC5\})fWϳܒpYxjOOs >|<SefW\(9{WɸsWHAMph$"v}w.i,Ggݥr&jF`Bgݗ/7Pgժ,CΚW-9/Mܺ G^%©NS<0T!-S%u  NcH1|P5H`͛7S
+R+,jɪݑ%|['ۗ8P(ߦvXtoߛ +l[XK$mI'
+<b &Ze^Z!x
+u]{gQ)"Ҏ|uL#ytѤKES@;SYϓ*#R2=@K5A/TH=BE0_ e%d L#Nr؎iC0!aV4xfw~ҍզXȆ@E
+UTi,{j
+_~&0, JmeWaี= 짉I<PtC>=[X/.~{E:ȍ 2Pzq"bR}ˬ<XYageD+ItT$=s:ޫZ\(rP,$%޽ƛ@3+0_Ya? / +H3ӓvuz[i_*q9*Kmvvנjܓ:7Au6 $<3zLYȹ?zI_͂Z}WoG *e*FOJ|I E.
+ow4̫=.6_Xz
+rs9člY?Q"vHBbv pHs֗1'$b1el|SDpFhWO0~֧/MҘBm0OHŔGArε8mi;䅿 @X,> i!j|;(f4DU(OyKSBցD :@h!mlZaafNctOGມYꀿ6.6fS?娶Lt[tc0xbdt:<u#Se@^I 8z0%־+tIlrIMrmSb qM l'ޗXf| f}دzkHg@$_xկJf<}MO )\L>g d_UjM7ZqL/$yɉB^ WEobӃeYkzbFxds[] p=󩍺|R߸ J.C^(
+kU[(ϑ60噻DiDZm.wF||q,K*=$Fh m2;5E֎C@2N[cga X %Fs?,ՕI VI]J
endobj
-1670 0 obj <<
+1669 0 obj <<
/Type /Page
-/Contents 1671 0 R
-/Resources 1669 0 R
+/Contents 1670 0 R
+/Resources 1668 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
+/Parent 1674 0 R
>> endobj
-1672 0 obj <<
-/D [1670 0 R /XYZ 56.6929 794.5015 null]
+1671 0 obj <<
+/D [1669 0 R /XYZ 56.6929 794.5015 null]
>> endobj
466 0 obj <<
-/D [1670 0 R /XYZ 56.6929 636.8504 null]
+/D [1669 0 R /XYZ 56.6929 565.1194 null]
>> endobj
-1361 0 obj <<
-/D [1670 0 R /XYZ 56.6929 609.3387 null]
+1360 0 obj <<
+/D [1669 0 R /XYZ 56.6929 537.6077 null]
>> endobj
-1673 0 obj <<
-/D [1670 0 R /XYZ 56.6929 172.736 null]
+1672 0 obj <<
+/D [1669 0 R /XYZ 56.6929 101.005 null]
>> endobj
-1674 0 obj <<
-/D [1670 0 R /XYZ 56.6929 160.7808 null]
+1673 0 obj <<
+/D [1669 0 R /XYZ 56.6929 89.0498 null]
>> endobj
-1669 0 obj <<
-/Font << /F37 1018 0 R /F41 1208 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R >>
+1668 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F41 1208 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1678 0 obj <<
-/Length 3726
+1677 0 obj <<
+/Length 3321
/Filter /FlateDecode
>>
stream
-xڭZs_3' L.՝9I<eq":w @Dɴ%5?qm4&יMB_+~ cǫWٵe6raqeooxp3Rv3)}wXy݇d=u?ܾ}w{3F /
-g&-><o}gWp+Δ5z k*ъDS_}1.8uSO
-ˤ\%̤ƀZ!QpڲTIo[m $TInK:{j5vԾxgjo7ڢ캪y s|D˲<3bL4Kl E׻2--3Yf<;g\ddD2h>SpeWB&R##$ -ƻ5pF7̼_X髶Ѳɟjw0U]$*xW%QO][Ngj!Ew?7B *N+Z:k%Xדz906geee;:/Hd[j\Sr{GGU ox$lUH_<@$f2*28<|R85129E1UWnIozAt;J@73ʎux̜/)vŨhΪEhUOٯʆZEtvz
-ƭi%gv"B,B,. #S%w5m \VF ,|) .erro~Ӻ*N232irH5(AiYp2CttPz<_ ƻ]AQ~gpDv~% M<8%E`,
-hYۼ
-N7D?[w]9U8
-HlWФVV2I:D&L /ۀ*gsUSzYƩẁCėYT<o bwˉ˳3MBrtƠCngбm(FtWuD}xVXk6 A&GlH廹=R8 r0%",*Ŏab:d@+׼d峫8W
-] ԣM!]/1Pk!'.RG^ϼG=(C24W!yTDy'R_f RMp0:l2)3fKjxЦaCCuxI?:*Y7Їꉎ@~%c(A u"}ZQ(&*4Bf5 DXu>m kl+Jpl#uGtTq~5`/@-#i,,^fG )HY}ET9Pu7믐,Z]7RMl<6֌6M;O 
-]4}P.~>0!uϡ%LTٚ7չ@
-y
-Չ"XIMԑcs[0RI()& `PZLnǒb4\k "7w_W7<lC<N
-C
-GH1aWt(τop 6uUTIƌٟ2&#J't#R{MiR]3Q@TI6ȎMRb czz\hXoELȠ^#ɔTdgΨq1e8(D~]1Z80m\XB24JNR^,*wدbE, v N $$siJ31eJuow>2][/rzgl [p6~
-Uam/ͬ0}ŝ#C*y: D(JItHuvEv޵iA_ssyH5l@2b`z \:6|%o@XlZq0VAdnCW4;TDb"6\Ld~ބK,__'DAt,0pzy>.cpc4=~o6oim HٗTtOTJJ=*aJv:ǸPӳvjO}ON3Qӱ Kxt';lFExU-
-!m&4
+xZs_R3}8L-724L"&dtwƣpXoiJf+Sgtv]HDI껻v7VK㳻/7{DtneM:{tyn__Z5pCӷWonn\]&i‘^Fn_׻.S_Eʤwz 7)ދÅҒi%e;xc`ixuJ~f7D* JOoΙZ^
+kap O%~ DŽuL=*xYd# Z旉tJjmhz{<_ѥ^E|g&g*nQUS^
+FɤH?'V-5g2MPe> 1<R;2_eMC~(%/j+$N:`+@U($ƸsI-U
+b,AVVRMKƷln@875n"$ZG;) :)'્߰:'T2dB?`a'ܱ7YqyF^sAY]O KWoپf^~N^2b;}a?oIp4A@G)͌@o&'lҬ(e~n>]ƏTtX\QwȆ
+Vɗ4}+J3Mf!@JֺHF8e=
+J
+&Ėn24۬ nwn{2r$,"p8j@0"{u|*LJ1sqlXy%
+(z9" fZ8KD*m@on^"g*I 66v8!;!OEE<dQ0AF@V.FS:q9lm]c[POrUnR}H.㧪YC;6_i׮YdEV#?bYfSNr!wTY};j wL<eɬ!8\j.`ތd6R=jt
+L up/Y 7; U Sn5~D3'&2Zv57M'Sp3ӵTgx2SXK(*,%荏uS*"D% &hEJz2$ϋɥTm{QuQ
+?0Y褌5t`1@>٦?
endobj
-1677 0 obj <<
+1676 0 obj <<
/Type /Page
-/Contents 1678 0 R
-/Resources 1676 0 R
+/Contents 1677 0 R
+/Resources 1675 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
-/Annots [ 1680 0 R ]
+/Parent 1674 0 R
+/Annots [ 1679 0 R ]
>> endobj
-1680 0 obj <<
+1679 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [182.6146 300.8791 231.8861 312.9387]
+/Rect [182.6146 171.9458 231.8861 184.0055]
/Subtype /Link
/A << /S /GoTo /D (notify) >>
>> endobj
-1679 0 obj <<
-/D [1677 0 R /XYZ 85.0394 794.5015 null]
+1678 0 obj <<
+/D [1676 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1676 0 obj <<
+1675 0 obj <<
/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R /F39 1151 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1683 0 obj <<
-/Length 3742
+1682 0 obj <<
+/Length 3852
/Filter /FlateDecode
>>
stream
-xڭ]sݿBogA|tԝi:Ih9GHYq}w
-o]"^Sϟ/Cnb|տiH9D=)'&x}?. # _ċ=4"T,*,VRQ,xĄbB h84^$qʴ20aI2%7;lYQ^E~<ؖE >fKY?:{JەUfݖz֕5 AR@[l_ 87MYwŶ*j5bueSv7r8v-[[nj]ppUB>`!ךF(@VE`V)nׂ͞M䅳sH8+sb (B9PvʅLؽm
-~E\{rO=&:+"2J`w̠Kt; WE [I lKA%!e[K=PI7\iV5}ٽ&N/W6
-aȅf\%XW͖$.Ax_z{|qbe;+JԋW'y{0[4yk0\]sb<U uę 9 V-a kb!1]݀Vr#bUeyE01lB)^,Ri* hPk=v|wO h1\8lǪ$B+BAE5( .EQ7U],]GMsfPK'[tʄIb?_6Bƒs$0$<9oD(yC!Gd24M5aIċS衦e:DP\5Y6U͹`IUɳpM7~r}+kĚ
-dIHwe
-/eB߹ X<P6dM
-I{I
-n68"n $7G)S2έXɼ0Ms$؛!ޡc:lL譶J 8$CӦ]kܜG쁦G6I>FLV&ilv`ND[
-5ԬC,J=4ngTl-ʶ4aktl&<G ʨ8)"Ǒc:;/unk<ձ:M/DЬbALnfyp?#dz`S#uGL$zljp6,V7ɼ(&'8@WzwhvRclPgq >A? N#
-oA$*˪3-&[ `ouNX#Cm7Iǻ۟oph[/YѽB(CPP빨d.;s#viP~@R* n!|j0+5G%N?O(_?S[ү;IؕA)d(:\.B2pGLJWesYǹ</6e7nMi[
-[::cK=[.K$)նYٮ{_rlj1DP3$O2|LOFdL¤eYRL d=1G+*Ql klhF(Ho+YwU֐
-\Ӈ<0oQj;{A76 .mOŜ`XVQ;$5.7j|> /<RHUhj7ξA{i`-/俠mn-]č>1M]vî`b&&Hz
-q#g
-^k³Ihwۖ>d){(iQŀeHp>k<mM4`bVqCf'&DKq,hxU^ B,Sփ~:RLtēg33'
-<U& pendstream
+xڭ]o6=o
+'/E%LNjH(glųՅ6JTh.\G8CO+LBia*KJ @q"QW9Sp+]hpRHj~</5阁{P+R
+
+l2VhJ^M ZqDGOb#"6juFP8Mo7-l!e焊<
+=fqk'bLͥڮ%(j`L1594dG"X;j
+FqQ;,d;!53qҤ<QgjTcwi@4x=&U~`K拳:DdJ1xNP7.%:!?30wT0!0(0FhqۇX
+
+bK:8pA# 
+~Ywn61nl BMpCkϔE(ls^fh]b8`ºᥠ8D<
+͐^dH
+y>:m{0#ўYۺ=%DŽ٪}igb&. e#ʘ"B 5/P.6RW?wgT 6_xh@0Ny2j)ц6"HU1f ȮxMT.{u`)M/GRN(_Ь
+*;p<E༄8/QC00ϘvUX8LgP7|3ҖJCӶre,e~Ӭٶ{|_]3ResCM8>ŗcCRi^>em1!SO?L%j/a C"2r-lu |cwVސ`&K y">O~@ԃ9M<&+{4o;(2;ònEe*xJl.E\"%`}s<եL#Bn8"R.(=:)N!HSү'챥d`qy>쒤dދ,2ΰcF%pec/fwY^ GDяGoQ\6s
+:&_yVQQ,I}SȭP6r4{KC fŽmm7z~q߶`VMXUo?Rfؾ0Lj*o6||h'ĘQEמbbdg$v} .~жj~gآEMB*{
+oǟ}x,V!Whk>]5}k}K@QILi'c]-w:b#\w1M'(ZCAQ+Qve[G78PYũ=+?}_BY>j H)?>V $endstream
endobj
-1682 0 obj <<
+1681 0 obj <<
/Type /Page
-/Contents 1683 0 R
-/Resources 1681 0 R
+/Contents 1682 0 R
+/Resources 1680 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
-/Annots [ 1685 0 R 1686 0 R 1687 0 R 1688 0 R 1689 0 R ]
+/Parent 1674 0 R
+/Annots [ 1684 0 R 1685 0 R 1686 0 R 1687 0 R 1688 0 R ]
>> endobj
-1685 0 obj <<
+1684 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [180.4479 508.2615 244.1386 517.691]
+/Rect [180.4479 381.0878 244.1386 390.5173]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
-1686 0 obj <<
+1685 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [265.4578 462.9269 326.6578 474.9865]
+/Rect [265.4578 335.5966 326.6578 347.6562]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-1687 0 obj <<
+1686 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [367.5441 462.9269 416.2908 474.9865]
+/Rect [367.5441 335.5966 416.2908 347.6562]
/Subtype /Link
/A << /S /GoTo /D (incremental_zone_transfers) >>
>> endobj
-1688 0 obj <<
+1687 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [280.9692 432.1776 342.1692 444.2372]
+/Rect [280.9692 304.6906 342.1692 316.7503]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-1689 0 obj <<
+1688 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [277.6219 401.4283 338.8219 413.4879]
+/Rect [277.6219 273.7847 338.8219 285.8444]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-1684 0 obj <<
-/D [1682 0 R /XYZ 56.6929 794.5015 null]
+1683 0 obj <<
+/D [1681 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1681 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R /F62 1352 0 R /F39 1151 0 R /F14 956 0 R /F41 1208 0 R >>
-/XObject << /Im2 1341 0 R >>
+1680 0 obj <<
+/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R /F62 1351 0 R /F39 1151 0 R /F14 956 0 R >>
+/XObject << /Im2 1340 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1693 0 obj <<
-/Length 3806
+1692 0 obj <<
+/Length 3822
/Filter /FlateDecode
>>
stream
-xڥr6m媈K
-Bㅁ1R]}ϰd/4&:^a*AtmEe7[g? C14چ[罭y1ʌ=2ts/[*eza0myQBgesɵ[G*aYSe]lME PNs6Fޜwm[6%V2l3װU
-:P%@a R O`S2` 
-UCщ
-3#`{2KS';?"m Ǜ.ܟ!xfx vJ sȺ|=dǣ- 1'.aA}/Jm:BЋ)۱Lɔf/ @ [:KN%PbkH؍s D@HP|/-Dnza*ێosekwZnUJZC"#qԕ Ζ RH>gM<7'FgqoZ02<Sm+%cd~I9rQ|
- &fX8G)Q>pY.H(cXm+&5 gTmRX 80ffA
-QWM6!
-%3+/H`%h3 czd )`lI j: h4-̸S/H#gȷ[[n]ڲ4F{iߊK ӥ}ِBC^0x-=G88ddܠS5DHw +d'ỷqr$g)'; q :;oސKM)Z<73<H4_'Jp?2/l e<Y:vޚ {r`/A@G
-(W4HEl&paKI4*
-hϺΫbB xn_ne'Îil(d;S1B!Na+Kv&z,d*|4Z;wlq*q$kftLhT,25+"q\fOۢ˝i!Ë\T?eغ7~cg7d )D"ARV`_~&wmGvnZ/|79H]Jj `=vLSB`LQc/K=X{ @ 7&o*)QȎc8s
-Nޭ%!9toZ`}V-!5-'s4}mـ(525ІN[nॢ 3IEKYYdK_k5=HI
-mиx!ҁO`Te @!zt@;
-=+KR6Of+̖TNu㴿i_d'sL ȷ@EӐ  XIt`sŴ\u@_QC xVI'YI -$C, v2Ђ4.utOE}P[)]S- ]$fp#(iQ[U+%jzIMC+ ʥŐ1p)hUoWWj6ݽy,MNp%NK۹bGYԶNoFVz峻rT'H Z1 ٓ˚},~EˀtI,j_ψex$)͛VsJHfd|
-2s(KUL4G2`?P"!U( Ƒ L~B[aDoJ0.'W{*DTLqrX8)R3ю}.AxHI\ʀ*+ЖjgvQ."fsȚCĭ2W A*p $6eqwmyA
-_3
-\Ρ:GS͹n<n"Ĭ]drB$"Ac">[ʅo8V媃鉠m \g)dm2g4\r;+)!hpf?4m.\0N}ydžh9+e2)O?
-@Ѓ0!lO h" &hZW: >ܽxNgn Ek~ K5")&\̨*7dJ:2ӶHYWJD "f7{i˿,򰍒HhHᡬK8(pʽ%G%ao:pp<`BIW$]k=Sv*(T,'+yKt^ȝ^cÒ2\] eۘa3c%Hi,XʆayJ 4&NrJ$Wk7WЁU"%Al`ZTOU>Ki<y \xzj^Rn(J dfZ3IX 7:m؜ح$
-cwƸ,:6ivHJfTN5jQ(!`r;m4Ƌ$ysrY$^jP~`iY)B ^q ZxcztXtТG `ܯxb;2|ސү ,!14URJ}2g+v3*2| C:"eؽwŘ_<rCX;KS܄@|v3G lEh ȭ[5qO
-!D!YR><tendstream
+xڥr-T&
+#GRR_=\-85SԏR0P E
+B 8pCumC^^t'T #[@ [^
+eD0539Q9skJyd"CrwJ]$ @=K0}-A}wzc[!^y unFT ] H= UD3Łez\(^wEc cVLH_IۭIBTPʪϷia_[*"ɟG\M^ϚĝbO#;ZK`Ux2r6ˑ Ҳ,!2Z@߼_Ύ.!9
+`c0V#R)5;"Sn`ЍS 8VC>Tg0LzC!bIb"HPfY;Wvts2›o ]
+B?Q}P~
+<׽j 4u<tŴQ'ps"7-l€
+XRd^5iT6!yɏ-t0^~*e~;vͦ sPq"E,}̋D&gLT6j b4bdH]3dA&4|qgBIaUOԡ((/%y'"a*O UUzv*^3&H
+[i}#Uo=PaPڜ0hγxMtlua=g}V݋sLA98ؾN+ט͢JV2 s;h,/BH1MPaXmFSHw>k5I5Uځf8A.6P{B/0IiI
+3#`{c7Fsk0ẏ> G
+0E !ouv/x5agM;,-biALj
+/ɐAiOZ!dD(B`3~ljP:O]D2HLtuRc\CJn!bFr9RF }TWJI r
+y`
+Qª5ZB.<KHѼXrBOW
+iKw|&twq$ϳ>[vF*ggZcU"
+a", Xu5ݥE~춅Uę`;bLOȔ?q#cg8Q0 ̅(l]@S!}FV4\&L#)LTdPx
+tO-MʼcsY>d\˫,Ĭdؽ3ŕ߬y,P ]p5,޼a!4]}w3Qd9B t0!eei{!(RMJ'AE mP-W79A9K"DwpHd `0;_ɑ?& @3%إ[\VFsz/X @ZI.- L2?bk7n]\p5KI?"VΊTe޻egdB.
+)ſ8h(˅N]S@ s^zY^ׇnT#9c4=ۙ-B,z xCA1
+i.:<
+'|"@Gh߉TlJ*VW
+SKz6%}*(
+&XnS 9 j~2}bGbLou)bFIę:
+9j${B!2(02l[Ou#(:N/H8
+t}Ҽ40X
+Ioٽ=u>(=MG&/DbHzLm."C.Wu&'sΌSl(+UAhPMJiڬ KU@Q86׃4q\WއϿ
+-CtALZ'~44mPN'votTiUj<^tm*Mx8SX?Lՙ(uߟ^Sendstream
endobj
-1692 0 obj <<
+1691 0 obj <<
/Type /Page
-/Contents 1693 0 R
-/Resources 1691 0 R
+/Contents 1692 0 R
+/Resources 1690 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
+/Parent 1674 0 R
>> endobj
-1694 0 obj <<
-/D [1692 0 R /XYZ 85.0394 794.5015 null]
+1693 0 obj <<
+/D [1691 0 R /XYZ 85.0394 794.5015 null]
>> endobj
-1691 0 obj <<
-/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R >>
+1690 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F41 1208 0 R /F21 930 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1697 0 obj <<
-/Length 3567
+1696 0 obj <<
+/Length 3843
/Filter /FlateDecode
>>
stream
-xZs6_Gy&BMM;'gwiHD"o Cxz3τb],~ß87\Yœg~:gC~xV`.Ǹs~2.`>yO^^dzrb* ~b*tuK]6;80۫W|vu߭e^.ϳsXgܙgxL<_iJE_݄^?4e?m3R[bi# <,s72 H9rUӔiYWeb0$%JȗB挒cHT:9ywsww޴P`V'u9lC<As;ZM$AJ[pía* )\(MBWTRT1ǥ\kT,sϠUS%%LM`1
-B
-2sWBђ-r1VkQULr4ˇhbz~,+Znt H ĤղC^{U<AM\ʶ!JG@U?T,ȡt0shb[x̺ӕv:BvUPIf|Z/^m1D
--7/aWp1k\~\pdJ'j#wO !yaI*'=Юy9uش弛%UI ELS>\mei'eF 31W+l=rAYi `iH9$F%f
-L?>KK c$1t
-ǫ?5T84B8+~n4B(Ւygݓ
-NFpDYnvjf>I
-r&UKE@o>>ߕx+ФݽVqL2+L>dtk!>:;#z]Vm
-|*7`[*Nu1'쇭^KUo~>?Bw-D GXg8x\ g]aP%*1L|Jf:" x/I7b 829; UT[mI#d$(-0 -}:G=d.s?u0uU_(LÞyxv1 V =hE_oi$ҶIBK 0euU䉽ΰ~rU?aq(aC'TELG"_W
- {dh\w1q%}C`<P
+xڭ]s6ݿL G7qz\t-Q'.v暙\,~CVKiwHXl}!/` 8Ӏ4cp{\:b_>,zkB|>Wp_ﯯhpj ~JLJ{yoȢ7oo\C~4.~S^a?_Ha\j/_E
+圾\_D OiOG姤&#Ժ'T 뜽L Y'=)<ۺJzwU2zQsV7Wn&bq"#/ԤTk!@R7}~rXT@4SV}>/hCnRo$f+Fl*~.
+v8D.!MXuHjЀj1D'E NSoF4D t@L<OvĚae4zv3 *ԄD
+~ZG׎ϱΙ'z_xw~SDGjr$l κFmpjr ҡ6:j4*4ތyaTHI*gUDyIc((njSc05e% Rǔ,Om`Fa6GDˬf|XkxZile5vBB9n`V:m Cf$}%hlJ1M;IE:$>4c+RkMJ'>}yKz,sptܩJIZN#O~-YҐF/l~KyKesRbbOx^ 4Br0Z 3,[8qqH)2حPG+VqEH=E~V<\@M JS[C;@ (1I8_&l5|dI̹$ԁ'¶ SҊb^Ӱa#ћOj "D6k-~fS
+(G# á#(JJT5_U;_+}\缨}mR2
+ef'mkx"7ι:)1lklɮnY9[b pm"kʒpDq)/&^@"qn\@&}|8ҠP{78"ى83y5$ [d*WzURes|
+F:"|> "Bd2$ fO'ֶK@\$@@T[-y4pD>3u<tX=H4)}>:=F5`1%jȵ
+B\8:"= šlvrvƑTOΤ2ն$pzYlﵝ ƶ)\`^b!ĚS`t?/ l_`<x]]uլ{(=@֘b|3ZYp,5uBΗ>{:C>{#O'օ>1aC0Og2f30Ԑ&8%i0_&Bx|dWkI)-h6 tE?T<A9 B*GY `PKos~̉!/jF f_iΑ,ͳ] 7|'GӠD
+ Wؕv^6 Ɣ%BXBGm?g@iET38P $.IiCl[':#{"YY`HO*o.z~^V4vBݼe=s28-XNMfİGȪQ8ahUeұ*cEc'8ز6p>].V"WKU xr6;is/C$Պj^LfXR;~en#Л͊GM {
+n0.zC_ˈ3{sVp~w{7~^\rګAn/Mt Tx::{6-0י8-H ;V$ >o4KM`A ԂJܡ,Zx?r`tXlkgv;B0Q#i<T:_geZ@ZI;pn
+u%5!_ ϡI xlksa=pFۏ]g >ϐ Wf\7jj?zXZyBcSH4: FVWaUT+l@XgcIuv9=Qp< 3L I1^gxȌ )=oK[djI2ũQ9'T6>m޺/oB45ЃM=!Vt5nצ:] yPuàcX{E\LY0S4Ȧ{!mf=ib1LXܮBHMQJGu,"In:
+ )!rJ(K7X;v'=a2BE08m=:-&}=4^+CB21߂lVIt^9PG4EAV
+ᩱ
+~l}fPb@5j.ݍ&J ~6N#?=X*RM$v6ՆT=L''.NwXE%#R"sY匛)#.AWYr@f̘_wQBf鑟$m"̔{0&_/?Jendstream
endobj
-1696 0 obj <<
+1695 0 obj <<
/Type /Page
-/Contents 1697 0 R
-/Resources 1695 0 R
+/Contents 1696 0 R
+/Resources 1694 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
+/Parent 1674 0 R
>> endobj
-1698 0 obj <<
-/D [1696 0 R /XYZ 56.6929 794.5015 null]
+1697 0 obj <<
+/D [1695 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1695 0 obj <<
-/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F48 1228 0 R >>
+1694 0 obj <<
+/Font << /F37 1018 0 R /F22 953 0 R /F21 930 0 R /F48 1228 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1701 0 obj <<
-/Length 3339
+1700 0 obj <<
+/Length 3293
/Filter /FlateDecode
>>
stream
-xڭ]sݿBog"
-oOmuhbuBQl_j@heF! ~5\m\ٖ]ѕQOk-o?^⏝ݖ4[1#/xwa5!xDRPQ. VD;mlsE
-t<eLYӓ@]vezdpV!~ʮ]-274I$Q!bz,(OT4 ugJ4Jܼx}ӊ&o,p±Mg&9K1dOY(QD᎚o}M#207ģ '~t0<'k 5⽬TE"T<JEmLI_D
-w=.@OOOS  Ӛ82@W%v@pv7.5"7Di崞{`~O}̮=%= _n7emIe4cb9tZ~:=6=Zz݂a8CK!yvd8ؚ:;
- G:/39G7 -= ޷ -)q4yMV4ZT%>nh|ZAbDBڂi
-w 9w7) A7bI0u7^tٓD|@$e2IB%e`B[䜁!@{MrqMWeP
-\Mߧdl"Ku#wRpq.NC]#i,Ε8IazG@1G0~AW!%Ub"L_d=N^.-p/\A(Sv({f~201ig/$go8+S!O]om8ծS
-  :%­KPC>9xA|U\)߽
-)4=eH8'#e-P75T*j"GSie(W5OuZ#Ug`m](kǜXDY T-4񈗋ւ9J[9Ŧ\@Pݶےv57,x Pb)#عraS5`W%ߣbgFe#͚96\ڌz-&R%Qݠ}R\e_eqʱ W<b3 4d[EFX~*\,K_lR4@fHQU*f9G O'B,3-w{縘;Zy$TBr*!C<[^yO7|VdzZ15pȶrm z) چ0]ڶ-^tQ4y.7?Ҡr|ࣣJ",vGL#]qDxYYP_$L_oR)Ʈ: ^eT fL'kƗ% ]sgA;]7puo(Aa+S-neSa*SweDKEyQ LPܠ0[oqdػoSÖOgviO?!YD.
-*|֭J
-v"Fo&v{FZ+5ܚz
-rd;Ñ6ֻF\@}%!3
-iCLd'
+xZs6_Gg։$Rקtݦf{{xPl:֬-e-9?
+3O9-xvUԼ<J[-RYdRQ):[Y]uK/N}x@U3JCH&RPt/7gSu;U>AjD2}xJt%^] {U{*Wy<{^n/tOj<t-`kfr-&kB/J(3 p,Uy.J(ILvr t8yϧR(2{dG] *zw"lbD96I%\6m)Kņm ܽ-AlyhCg>/H<QUJ0LWؑ:aE/3aM]Lv}`~.iԈ}SBxJU`[
+GmBL%[U - 7_ē>7߭y6r>\nKj9l؊~$N$7;I
+yR  c*,sʊ~I/y[U jt<X9t<HC%qO;^WǛ 8s
+\M
+= ߺFbh-laqoG{!6$ype.vV8Q&iz"Jj}!{wNXKጻE)%CXBdhFTVǑ@2Rl!Rgd8K!>.' fHޑ2NWΝr6$&ӑSODܗ<ZS>ڗ ZL\FJ uM,>ȍ"Ѫޭ9jsq"5P[8.Fcw{wҡ-r!VWR zŚeUl˅sC&TB~Әr8b:%A m/0k/{Ͳ`@[%wk`@\C!9bDe1!
+5E6-
+##L4mʼlh8A>1]\HIp!/&.$dPUxm:8LJd5-MxoYk[9
+lQ*j-Wj)4Q1]2 e sh#/)DL 3'-pv54v2^mp6-$^kX|
+OL|M~ڱo`*W!z0PKGLu%R(yTvJuC 9~lX!eLAjDޙu2=P86(
+=u3ןHXˬV!QjKJA"4~c/1tS;s
++%ٛ@(m?ˌpU/xxKIGc}+P7.T.h5YWܣ,Df^J ՍXdi[Oˊ&2*AjD޷8d<rƫ%rRrN<A'6ۢjJ'7ڽ8+- 馌lfZ_#4NwIro XZw~?B+%EX Jǿ(\c,?а ϰ
+W|4`
+R
+z.Y"Ոi PmߦETrU66Mo[-iz4O\^Fo ;=r|ೣ"5/vx!$ " ctTWc-I.~~eTf fᚎ֌%]Np.wmhmbˈh2aMp
+zx 
endobj
-1700 0 obj <<
+1699 0 obj <<
/Type /Page
-/Contents 1701 0 R
-/Resources 1699 0 R
+/Contents 1700 0 R
+/Resources 1698 0 R
/MediaBox [0 0 595.2756 841.8898]
-/Parent 1675 0 R
+/Parent 1674 0 R
>> endobj
-1702 0 obj <<
-/D [1700 0 R /XYZ 85.0394 794.5015 null]
+1701 0 obj <<
+/D [1699 0 R /XYZ 85.0394 794.5015 null]
>> endobj
470 0 obj <<
-/D [1700 0 R /XYZ 85.0394 227.0652 null]
+/D [1699 0 R /XYZ 85.0394 121.8848 null]
>> endobj
-1703 0 obj <<
-/D [1700 0 R /XYZ 85.0394 197.3345 null]
+1702 0 obj <<
+/D [1699 0 R /XYZ 85.0394 93.334 null]
>> endobj
-1699 0 obj <<
+1698 0 obj <<
/Font << /F37 1018 0 R /F21 930 0 R /F22 953 0 R /F41 1208 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1706 0 obj <<
-/Length 2753
+1705 0 obj <<
+/Length 3128
/Filter /FlateDecode
>>
stream
-xZKs6WrC<Ɍ'ff=l%9m"Qk4@%;IR2Fht
-jDYLmX?T *^y6r&{*6kiynlߠ#n6l4&މ~þl֏jꢡV/b+7԰f=c+ gn5L|ʟ[F8oLg-Lywr}[r~"[NQBڥ :b>N9H$"A@B/xx