aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES642
-rw-r--r--COPYRIGHT2
-rw-r--r--FAQ126
-rw-r--r--FAQ.xml253
-rw-r--r--README33
-rw-r--r--bin/check/check-tool.c31
-rw-r--r--bin/check/named-checkconf.c9
-rw-r--r--bin/check/named-checkzone.c11
-rw-r--r--bin/dig/dig.120
-rw-r--r--bin/dig/dig.c59
-rw-r--r--bin/dig/dig.docbook20
-rw-r--r--bin/dig/dig.html36
-rw-r--r--bin/dig/dighost.c235
-rw-r--r--bin/dig/host.18
-rw-r--r--bin/dig/host.docbook7
-rw-r--r--bin/dig/host.html14
-rw-r--r--bin/dnssec/dnssec-keygen.810
-rw-r--r--bin/dnssec/dnssec-keygen.docbook9
-rw-r--r--bin/dnssec/dnssec-keygen.html20
-rw-r--r--bin/dnssec/dnssec-signzone.88
-rw-r--r--bin/dnssec/dnssec-signzone.c49
-rw-r--r--bin/dnssec/dnssec-signzone.docbook7
-rw-r--r--bin/dnssec/dnssec-signzone.html16
-rw-r--r--bin/named/client.c52
-rw-r--r--bin/named/config.c10
-rw-r--r--bin/named/controlconf.c88
-rw-r--r--bin/named/include/named/globals.h7
-rw-r--r--bin/named/interfacemgr.c18
-rw-r--r--bin/named/lwaddr.c8
-rw-r--r--bin/named/lwdgnba.c8
-rw-r--r--bin/named/lwdnoop.c23
-rw-r--r--bin/named/lwresd.814
-rw-r--r--bin/named/lwresd.c6
-rw-r--r--bin/named/lwresd.docbook9
-rw-r--r--bin/named/lwresd.html18
-rw-r--r--bin/named/main.c61
-rw-r--r--bin/named/named.823
-rw-r--r--bin/named/named.conf.57
-rw-r--r--bin/named/named.conf.docbook2
-rw-r--r--bin/named/named.conf.html33
-rw-r--r--bin/named/named.docbook33
-rw-r--r--bin/named/named.html45
-rw-r--r--bin/named/query.c70
-rw-r--r--bin/named/server.c338
-rw-r--r--bin/named/unix/include/named/os.h10
-rw-r--r--bin/named/unix/os.c64
-rw-r--r--bin/named/update.c66
-rw-r--r--bin/nsupdate/Makefile.in12
-rw-r--r--bin/nsupdate/nsupdate.1 (renamed from bin/nsupdate/nsupdate.8)8
-rw-r--r--bin/nsupdate/nsupdate.c29
-rw-r--r--bin/nsupdate/nsupdate.docbook7
-rw-r--r--bin/nsupdate/nsupdate.html16
-rw-r--r--bin/rndc/rndc-confgen.c12
-rw-r--r--bin/rndc/rndc.83
-rw-r--r--bin/rndc/rndc.c22
-rw-r--r--bin/rndc/rndc.docbook5
-rw-r--r--bin/rndc/rndc.html5
-rw-r--r--configure.in161
-rw-r--r--doc/arm/Bv9ARM-book.xml302
-rw-r--r--doc/arm/Bv9ARM.ch01.html52
-rw-r--r--doc/arm/Bv9ARM.ch02.html36
-rw-r--r--doc/arm/Bv9ARM.ch03.html28
-rw-r--r--doc/arm/Bv9ARM.ch04.html72
-rw-r--r--doc/arm/Bv9ARM.ch05.html8
-rw-r--r--doc/arm/Bv9ARM.ch06.html433
-rw-r--r--doc/arm/Bv9ARM.ch07.html16
-rw-r--r--doc/arm/Bv9ARM.ch08.html20
-rw-r--r--doc/arm/Bv9ARM.ch09.html182
-rw-r--r--doc/arm/Bv9ARM.ch10.html4
-rw-r--r--doc/arm/Bv9ARM.html150
-rw-r--r--doc/arm/Bv9ARM.pdf9321
-rw-r--r--doc/arm/man.dig.html36
-rw-r--r--doc/arm/man.dnssec-keygen.html20
-rw-r--r--doc/arm/man.dnssec-signzone.html16
-rw-r--r--doc/arm/man.host.html14
-rw-r--r--doc/arm/man.named-checkconf.html14
-rw-r--r--doc/arm/man.named-checkzone.html14
-rw-r--r--doc/arm/man.named.html45
-rw-r--r--doc/arm/man.rndc-confgen.html14
-rw-r--r--doc/arm/man.rndc.conf.html14
-rw-r--r--doc/arm/man.rndc.html15
-rw-r--r--doc/misc/Makefile.in3
-rw-r--r--doc/misc/format-options.pl29
-rw-r--r--doc/misc/migration14
-rw-r--r--doc/misc/options706
-rwxr-xr-xdoc/misc/sort-options.pl50
-rw-r--r--doc/rfc/index13
-rw-r--r--doc/rfc/rfc4648.txt1011
-rw-r--r--doc/rfc/rfc4701.txt675
-rw-r--r--doc/rfc/rfc5155.txt2915
-rw-r--r--lib/bind/api6
-rw-r--r--lib/bind/bsd/Makefile.in8
-rw-r--r--lib/bind/bsd/strerror.c6
-rw-r--r--lib/bind/bsd/strtoul.c10
-rw-r--r--lib/bind/configure.in217
-rw-r--r--lib/bind/dst/Makefile.in8
-rw-r--r--lib/bind/dst/dst_api.c2
-rw-r--r--lib/bind/dst/hmac_link.c2
-rw-r--r--lib/bind/dst/support.c2
-rw-r--r--lib/bind/include/Makefile.in8
-rw-r--r--lib/bind/include/arpa/nameser.h5
-rw-r--r--lib/bind/include/isc/assertions.h7
-rw-r--r--lib/bind/include/isc/eventlib.h4
-rw-r--r--lib/bind/include/isc/misc.h3
-rw-r--r--lib/bind/include/isc/platform.h.in36
-rw-r--r--lib/bind/include/netdb.h4
-rw-r--r--lib/bind/include/resolv.h6
-rw-r--r--lib/bind/inet/Makefile.in8
-rw-r--r--lib/bind/inet/inet_net_pton.c6
-rw-r--r--lib/bind/inet/inet_network.c4
-rw-r--r--lib/bind/irs/Makefile.in8
-rw-r--r--lib/bind/irs/dns_ho.c11
-rw-r--r--lib/bind/irs/getnetgrent.c6
-rw-r--r--lib/bind/irs/getnetgrent_r.c81
-rw-r--r--lib/bind/irs/irp.c5
-rw-r--r--lib/bind/isc/Makefile.in8
-rw-r--r--lib/bind/isc/assertions.c3
-rw-r--r--lib/bind/isc/bitncmp.c4
-rw-r--r--lib/bind/isc/ctl_clnt.c5
-rw-r--r--lib/bind/isc/ctl_srvr.c5
-rw-r--r--lib/bind/isc/logging.c12
-rw-r--r--lib/bind/nameser/Makefile.in8
-rw-r--r--lib/bind/port_after.h.in114
-rw-r--r--lib/bind/port_before.h.in13
-rw-r--r--lib/bind/resolv/Makefile.in8
-rw-r--r--lib/bind/resolv/res_debug.c55
-rw-r--r--lib/bind/resolv/res_mkquery.c66
-rw-r--r--lib/bind/resolv/res_query.c14
-rw-r--r--lib/bind/resolv/res_send.c28
-rw-r--r--lib/bind9/api2
-rw-r--r--lib/bind9/check.c124
-rw-r--r--lib/dns/acache.c50
-rw-r--r--lib/dns/adb.c64
-rw-r--r--lib/dns/api2
-rw-r--r--lib/dns/cache.c37
-rw-r--r--lib/dns/dispatch.c1330
-rw-r--r--lib/dns/dst_parse.c8
-rw-r--r--lib/dns/dst_parse.h8
-rw-r--r--lib/dns/include/dns/dispatch.h64
-rw-r--r--lib/dns/journal.c30
-rw-r--r--lib/dns/master.c34
-rw-r--r--lib/dns/masterdump.c23
-rw-r--r--lib/dns/message.c13
-rw-r--r--lib/dns/rbt.c40
-rw-r--r--lib/dns/rbtdb.c78
-rw-r--r--lib/dns/rdata/generic/nsec_47.c10
-rw-r--r--lib/dns/rdata/generic/nsec_47.h8
-rw-r--r--lib/dns/rdata/generic/txt_16.c8
-rw-r--r--lib/dns/rdata/in_1/apl_42.c67
-rw-r--r--lib/dns/rdata/in_1/naptr_35.c14
-rw-r--r--lib/dns/request.c94
-rw-r--r--lib/dns/resolver.c335
-rw-r--r--lib/dns/rootns.c48
-rw-r--r--lib/dns/sdb.c16
-rw-r--r--lib/dns/tkey.c14
-rw-r--r--lib/dns/tsig.c76
-rw-r--r--lib/dns/validator.c110
-rw-r--r--lib/dns/view.c21
-rw-r--r--lib/dns/xfrin.c26
-rw-r--r--lib/dns/zone.c62
-rw-r--r--lib/isc/Makefile.in8
-rw-r--r--lib/isc/api4
-rw-r--r--lib/isc/assertions.c7
-rw-r--r--lib/isc/include/isc/assertions.h11
-rw-r--r--lib/isc/include/isc/lex.h8
-rw-r--r--lib/isc/include/isc/mem.h86
-rw-r--r--lib/isc/include/isc/msgs.h13
-rw-r--r--lib/isc/include/isc/platform.h.in25
-rw-r--r--lib/isc/include/isc/portset.h141
-rw-r--r--lib/isc/include/isc/resource.h15
-rw-r--r--lib/isc/include/isc/socket.h77
-rw-r--r--lib/isc/include/isc/timer.h2
-rw-r--r--lib/isc/include/isc/types.h7
-rw-r--r--lib/isc/mem.c46
-rw-r--r--lib/isc/portset.c143
-rw-r--r--lib/isc/print.c95
-rw-r--r--lib/isc/pthreads/mutex.c78
-rw-r--r--lib/isc/timer.c4
-rw-r--r--lib/isc/unix/app.c37
-rw-r--r--lib/isc/unix/include/isc/net.h27
-rw-r--r--lib/isc/unix/net.c161
-rw-r--r--lib/isc/unix/resource.c61
-rw-r--r--lib/isc/unix/socket.c1674
-rw-r--r--lib/isc/unix/socket_p.h15
-rw-r--r--lib/isc/unix/time.c10
-rw-r--r--lib/isccfg/api2
-rw-r--r--lib/isccfg/namedconf.c170
-rw-r--r--lib/lwres/api2
-rw-r--r--make/rules.in6
-rw-r--r--version8
190 files changed, 17679 insertions, 8046 deletions
diff --git a/CHANGES b/CHANGES
index a8d3857a8c96..65980ea4aa4b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,14 +1,158 @@
- --- 9.4.2-P2 released ---
-
-2406. [bug] Some operating systems have FD_SETSIZE set to a
- low value by default, which can cause resource
- exhaustion when many simultaneous connections are
- open. Linux in particular makes it difficult to
- increase this value. To use more sockets with
- select(), set ISC_SOCKET_FDSETSIZE. Example:
- STD_CDEFINES="-DISC_SOCKET_FDSETSIZE=4096" ./configure
- (This should not be necessary in most cases, and
- never for an authoritative-only server.) [RT #18328]
+
+ --- 9.4.3 released ---
+
+2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
+ is cleared when IPV6_V6ONLY is set. [RT #18785]
+
+2489. [port] solaris: Workaround Solaris's kernel bug about
+ /dev/poll:
+ http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
+ Define ISC_SOCKET_USE_POLLWATCH at build time to enable
+ this workaround. [RT #18870]
+
+ --- 9.4.3rc1 released ---
+
+2473. [port] linux: raise the limit on open files to the possible
+ maximum value before spawning threads; 'files'
+ specified in named.conf doesn't seem to work with
+ threads as expected. [RT #18784]
+
+2472. [port] linux: check the number of available cpu's before
+ calling chroot as it depends on "/proc". [RT #16923]
+
+2471. [bug] named-checkzone was not reporting missing manditory
+ glue when sibling checks were disabled. [RT #18768]
+
+2469. [port] solaris: Work around Solaris's select() limitations.
+ [RT #18769]
+
+2468. [bug] Resolver could try unreachable servers multiple times.
+ [RT #18739]
+
+2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
+
+2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
+ [RT #18302]
+
+2465. [bug] Adb's handling of lame addresses was different
+ for IPv4 and IPv6. [RT #18738]
+
+2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
+ API and glibc hides parts of the IPv6 Advanced Socket
+ API as a result. This is stupid as it breaks how the
+ two halves (Basic and Advanced) of the IPv6 Socket API were designed to be used but we have to live with it.
+ Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
+ API. [RT #18388]
+
+2462. [doc] Document -m (enable memory usage debugging)
+ option for dig. [RT #18757]
+
+2461. [port] sunos: Change #2363 was not complete. [RT #17513]
+
+2458. [doc] ARM: update and correction for max-cache-size.
+ [RT #18294]
+
+2455. [bug] Stop metadata being transfered via axfr/ixfr.
+ [RT #18639]
+
+2453. [bug] Remove NULL pointer dereference in dns_journal_print().
+ [RT #18316]
+
+2449. [bug] libbind: Out of bounds reference in dns_ho.c:addrsort.
+ [RT #18044]
+
+2445. [doc] ARM out-of-date on empty reverse zones (list includes
+ RFC1918 address, but these are not yet compiled in).
+ [RT #18578]
+
+2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
+ (clear DF) for UDP responses and requests.
+
+ --- 9.4.3b3 released ---
+
+2443. [bug] win32: UDP connect() would not generate an event,
+ and so connected UDP sockets would never clean up.
+ Fix this by doing an immediate WSAConnect() rather
+ than an io completion port type for UDP.
+
+2438. [bug] Timeouts could be logged incorrectly under win32.
+ [RT #18617]
+
+2437. [bug] Sockets could be closed too early, leading to
+ inconsistent states in the socket module. [RT #18298]
+
+2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
+
+2433. [tuning] Set initial timeout to 800ms.
+
+2432. [bug] More Windows socket handling improvements. Stop
+ using I/O events and use IO Completion Ports
+ throughout. Rewrite the receive path logic to make
+ it easier to support multiple simultaneous
+ requestrs in the future. Add stricter consistency
+ checking as a compile-time option (define
+ ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
+
+2430. [bug] win32: isc_interval_set() could round down to
+ zero if the input was less than NS_INTERVAL
+ nanoseconds. Round up instead. [RT #18549]
+
+2429. [doc] nsupdate should be in section 1 of the man pages.
+ [RT #18283]
+
+2426. [bug] libbind: inet_net_pton() can sometimes return the
+ wrong value if excessively large netmasks are
+ supplied. [RT #18512]
+
+2425. [bug] named didn't detect unavailable query source addresses
+ at load time. [RT #18536]
+
+2424. [port] configure now probes for a working epoll
+ implementation. Allow the use of kqueue,
+ epoll and /dev/poll to be selected at compile
+ time. [RT #18277]
+
+2422. [bug] Handle the special return value of a empty node as
+ if it was a NXRRSET in the validator. [RT #18447]
+
+2421. [func] Add new command line option '-S' for named to specify
+ the max number of sockets. [RT #18493]
+ Use caution: this option may not work for some
+ operating systems without rebuilding named.
+
+2420. [bug] Windows socket handling cleanup. Let the io
+ completion event send out cancelled read/write
+ done events, which keeps us from writing to memeory
+ we no longer have ownership of. Add debugging
+ socket_log() function. Rework TCP socket handling
+ to not leak sockets.
+
+2417. [bug] Connecting UDP sockets for outgoing queries could
+ unexpectedly fail with an 'address already in use'
+ error. [RT #18411]
+
+2416. [func] Log file descriptors that cause exceeding the
+ internal maximum. [RT #18460]
+
+2414. [bug] A masterdump context held the database lock too long,
+ causing various troubles such as dead lock and
+ recursive lock acquisition. [RT #18311, #18456]
+
+2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
+
+2412. [bug] win32: address a resourse leak. [RT #18374]
+
+2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
+ for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
+ at compilation time. [RT #18433]
+
+2410. [bug] Correctly delete m_versionInfo. [RT #18432]
+
+2408. [bug] A duplicate TCP dispatch event could be sent, which
+ could then trigger an assertion failure in
+ resquery_response(). [RT #18275]
+
+2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
2404. [port] hpux: files unlimited support.
@@ -39,15 +183,271 @@
2392. [bug] remove 'grep -q' from acl test script, some platforms
don't support it. [RT #18253]
+2391 [port] hpux: cover additional recvmsg() error codes.
+ [RT #18301]
+
+2390 [bug] dispatch.c could make a false warning on 'odd socket'.
+ [RT #18301].
+
+2389 [bug] Move the "working directory writable" check to after
+ the ns_os_changeuser() call. [RT #18326]
+
+2386. [func] Add warning about too small 'open files' limit.
+ [RT #18269]
+
+ --- 9.4.3b2 released ---
+
+2385. [bug] A condition variable in socket.c could leak in
+ rare error handling [RT #17968].
+
+2384. [security] Additional support for query port randomization (change
+ #2375) including performance improvement and port range
+ specification. [RT #17949, #18098]
+
+2383. [bug] named could double queries when they resulted in
+ SERVFAIL due to overkilling EDNS0 failure detection.
+ [RT #18182]
+
+2382. [doc] Add descriptions of IPSECKEY, SPF and SSHFP to ARM.
+
+2381. [port] dlz/mysql: support multiple install layouts for
+ mysql. <prefix>/include/{,mysql/}mysql.h and
+ <prefix>/lib/{,mysql/}. [RT #18152]
+
+2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
+ proofs which, in turn, caused validation failures
+ for insecure zones immediately below a secure zone
+ the server was authoritative for. [RT #18112]
+
+2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
+ TLDs and supported RRs with TTLs [RT #17972]
+
+2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
+
+2376. [bug] Change #2144 was not complete.
+
+2375. [security] Fully randomize UDP query ports to improve
+ forgery resilience. [RT #17949]
+
+2372. [bug] fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
+
+2369. [bug] libbind: Array bounds overrun on read in bitncmp().
+ [RT #18054]
+
+2364. [bug] named could trigger a assertion when serving a
+ malformed signed zone. [RT #17828]
+
+2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
+ [RT #17513]
+
+2361. [bug] "recursion" statistics counter could be counted
+ multiple times for a single query. [RT #17990]
+
+ --- 9.4.3b1 released ---
+
+2358. [doc] Update host's default query description. [RT #17934]
+
+2356. [bug] Built in mutex profiler was not scalable enough.
+ [RT #17436]
+
+2353. [func] libbind: nsid support. [RT #17091]
+
+2350. [port] win32: IPv6 support. [RT #17797]
+
+2347. [bug] Delete now traverses the RB tree in the canonical
+ order. [RT #17451]
+
+2345. [bug] named-checkconf failed to detect when forwarders
+ were set at both the options/view level and in
+ a root zone. [RT #17671]
+
+2344. [bug] Improve "logging{ file ...; };" documentation.
+ [RT #17888]
+
+2343. [bug] (Seemingly) duplicate IPv6 entries could be
+ created in ADB. [RT #17837]
+
+2341. [bug] libbind: add missing -I../include for off source
+ tree builds. [RT #17606]
+
+2340. [port] openbsd: interface configuration. [RT #17700]
+
+2339. [port] tru64: support for libbind. [RT #17589]
+
+2338. [bug] check_ds() could be called with a non DS rdataset.
+ [RT #17598]
+
+2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
+
+2335. [port] sunos: libbind and *printf() support for long long.
+ [RT #17513]
+
+2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
+ bug in fromstruct_txt(). [RT #17609]
+
+2333. [bug] Fix off by one error in isc_time_nowplusinterval().
+ [RT #17608]
+
+2332. [contrib] query-loc-0.4.0. [RT #17602]
+
+2331. [bug] Failure to regenerate any signatures was not being
+ reported nor being past back to the UPDATE client.
+ [RT #17570]
+
+2330. [bug] Remove potential race condition when handling
+ over memory events. [RT #17572]
+
+ WARNING: API CHANGE: over memory callback
+ function now needs to call isc_mem_waterack().
+ See <isc/mem.h> for details.
+
+2329. [bug] Clearer help text for dig's '-x' and '-i' options.
+
+2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
+ F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
+ J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
+ M.ROOT-SERVERS.NET.
+
+2326. [bug] It was possible to trigger a INSIST in the acache
+ processing.
+
+2325. [port] Linux: use capset() function if available. [RT #17557]
+
+2323. [port] tru64: namespace clash. [RT #17547]
+
2322. [port] MacOS: work around the limitation of setrlimit()
for RLIMIT_NOFILE. [RT #17526]
- --- 9.4.2-P1 released ---
+2319. [bug] Silence Coverity warnings in
+ lib/dns/rdata/in_1/apl_42.c. [RT #17469]
-2375. [security] Fully randomize UDP query ports to improve
- forgery resilience. [RT #17949]
+2318. [port] sunos fixes for libbind. [RT #17514]
+
+2314. [bug] Uninitialized memory use on error path in
+ bin/named/lwdnoop.c. [RT #17476]
+
+2313. [cleanup] Silence Coverity warnings. Handle private stacks.
+ [RT #17447] [RT #17478]
+
+2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
+ [RT #17458]
+
+2311. [func] Update ACL regression test. [RT #17462]
+
+2310. [bug] dig, host, nslookup: flush stdout before emitting
+ debug/fatal messages. [RT #17501]
+
+2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
+ [RT #17495]
+
+2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
+
+2306. [bug] Remove potential race from lib/dns/resolver.c.
+ [RT #17470]
+
+2305. [security] inet_network() buffer overflow. CVE-2008-0122.
+
+2304. [bug] Check returns from all dns_rdata_tostruct() calls.
+ [RT #17460]
+
+2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
+ [RT #17471]
+
+2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
+
+2301. [bug] Remove resource leak and fix error messages in
+ bin/tests/system/lwresd/lwtest.c. [RT #17474]
+
+2300. [bug] Fixed failure to close open file in
+ bin/tests/names/t_names.c. [RT #17473]
+
+2299. [bug] Remove unnecessary NULL check in
+ bin/nsupdate/nsupdate.c. [RT #17475]
+
+2298. [bug] isc_mutex_lock() failure not caught in
+ bin/tests/timers/t_timers.c. [RT #17468]
+
+2297. [bug] isc_entropy_createfilesource() failure not caught in
+ bin/tests/dst/t_dst.c. [RT #17467]
+
+2296. [port] Allow docbook stylesheet location to be specified to
+ configure. [RT #17457]
+
+2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
+ [RT #17459]
+
+2293. [func] Add ACL regression test. [RT #17375]
+
+2292. [bug] Log if the working directory is not writable.
+ [RT #17312]
+
+2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
+ failure to set PR_SET_DUMPABLE. [RT #17312]
+
+2290. [bug] Let AD in the query signal that the client wants AD
+ set in the response. [RT #17301]
+
+2288. [port] win32: mark service as running when we have finished
+ loading. [RT #17441]
+
+2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
+
+2284. [bug] Memory leak in UPDATE prerequisite processing.
+ [RT #17377]
+
+2283. [bug] TSIG keys were not attaching to the memory
+ context. TSIG keys should use the rings
+ memory context rather than the clients memory
+ context. [RT #17377]
+
+2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
+ to protect applications from receiving spurious
+ SIGPIPE signals when using the resolver.
+
+2278. [bug] win32: handle the case where Windows returns no
+ search list or DNS suffix. [RT #17354]
+
+2277. [bug] Empty zone names were not correctly being caught at
+ in the post parse checks. [RT #17357]
+
+2273. [bug] Adjust log level to WARNING when saving inconsistent
+ stub/slave master and journal files. [RT# 17279]
+
+2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
+ [RT #17262]
+
+2270. [bug] dns_db_closeversion() version->writer could be reset
+ before it is tested. [RT #17290]
+
+2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
+
+2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
+ list.
+
+2266. [bug] client.c:get_clientmctx() returned the same mctx
+ once the pool of mctx's was filled. [RT #17218]
+
+2265. [bug] Test that the memory context's basic_table is non NULL
+ before freeing. [RT #17265]
+
+2264. [bug] Server prefix length was being ignored. [RT #17308]
+
+2263. [bug] "named-checkconf -z" failed to set default value
+ for "check-integrity". [RT #17306]
+
+2262. [bug] Error status from all but the last view could be
+ lost. [RT #17292]
+
+2260. [bug] Reported wrong clients-per-query when increasing the
+ value. [RT #17236]
+
+2247. [doc] Sort doc/misc/options. [RT #17067]
+
+2246. [bug] Make the startup of test servers (ans.pl) more
+ robust. [RT #17147]
--- 9.4.2 released ---
+
--- 9.4.2rc2 released ---
2259. [bug] Reverse incorrect LIBINTERFACE bump of libisc
@@ -63,7 +463,7 @@
2256. [bug] win32: Correctly register the installation location of
bindevt.dll. [RT #17159]
-2255. [bug] L.ROOT-SERVERS.NET is now 199.7.83.42.
+2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
2254. [bug] timer.c:dispatch() failed to lock timer->lock
when reading timer->idle allowing it to see
@@ -76,16 +476,16 @@
reality. Note there is behaviour change for BIND 9.5.
[RT #17113]
-2249. [bug] Only set Authentic Data bit if client requested
+2249. [bug] Only set Authentic Data bit if client requested
DNSSEC, per RFC 3655 [RT #17175]
-2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
+2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2238. [bug] It was possible to trigger a REQUIRE when a
- validation was cancelled. [RT #17106]
+ validation was canceled. [RT #17106]
2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
@@ -94,8 +494,8 @@
2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
-2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
-
+2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
+
2232. [bug] dns_adb_findaddrinfo() could fail and return
ISC_R_SUCCESS. [RT #17137]
@@ -110,7 +510,7 @@
2227. [cleanup] Tidied up the FAQ. [RT #17121]
2225. [bug] More support for systems with no IPv4 addresses.
- [RT #17111]
+ [RT #17111]
2224. [bug] Defer journal compaction if a xfrin is in progress.
[RT #17119]
@@ -124,15 +524,15 @@
2220. [bug] win32: Address a race condition in final shutdown of
the Windows socket code. [RT #17028]
-
-2219. [bug] Apply zone consistancy checks to additions, not
+
+2219. [bug] Apply zone consistency checks to additions, not
removals, when updating. [RT #17049]
2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
[RT #16976]
2216. [cleanup] Fix a number of errors reported by Coverity.
- [RT #17094]
+ [RT #17094]
2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
@@ -175,13 +575,13 @@
localhost;) is used.
[RT #16987]
-
+
2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
2203. [security] Query id generation was cryptographically weak.
[RT # 16915]
-2202. [security] The default acls for allow-query-cache and
+2202. [security] The default acls for allow-query-cache and
allow-recursion were not being applied. [RT #16960]
2200. [bug] The search for cached NSEC records was stopping to
@@ -216,7 +616,7 @@
2187. [bug] query_addds(), query_addwildcardproof() and
query_addnxrrsetnsec() should take a version
- arguement. [RT #16368]
+ argument. [RT #16368]
2186. [port] cygwin: libbind: check for struct sockaddr_storage
independently of IPv6. [RT #16482]
@@ -243,7 +643,7 @@
debug level 10+. [RT #16798]
2176. [contrib] dbus update to handle race condition during
- initialisation (Bugzilla 235809). [RT #16842]
+ initialization (Bugzilla 235809). [RT #16842]
2175. [bug] win32: windows broadcast condition variable support
was broken. [RT #16592]
@@ -274,7 +674,7 @@
a server address as a name to be looked up, causing
unexpected output. [RT #16743]
-2164. [bug] The code to determine how named-checkzone /
+2164. [bug] The code to determine how named-checkzone /
named-compilezone was called failed under windows.
[RT #16764]
@@ -288,7 +688,7 @@
2159. [bug] Array bounds overrun in acache processing. [RT #16710]
-2158. [bug] ns_client_isself() failed to initialise key
+2158. [bug] ns_client_isself() failed to initialize key
leading to a REQUIRE failure. [RT #16688]
2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
@@ -363,7 +763,7 @@
2136. [bug] nslookup/host looped if there was no search list
and the host didn't exist. [RT #16657]
-2135. [bug] Uninitialised rdataset in sdlz.c. [RT# 16656]
+2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
2133. [port] powerpc: Support both IBM and MacOS Power PC
assembler syntaxes. [RT #16647]
@@ -379,7 +779,7 @@
2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
-2126. [security] Serialise validation of type ANY responses. [RT #16555]
+2126. [security] Serialize validation of type ANY responses. [RT #16555]
2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
was defined. [RT #16574]
@@ -419,7 +819,7 @@
2111. [bug] Fix a number of errors reported by Coverity.
[RT #16507]
-2110. [bug] "minimal-response yes;" interacted badly with BIND 8
+2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
priming queries. [RT #16491]
2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
@@ -431,7 +831,7 @@
2103. [port] Add /usr/sfw to list of locations for OpenSSL
under Solaris.
-2102. [port] Silence solaris 10 warnings.
+2102. [port] Silence Solaris 10 warnings.
--- 9.4.0b4 released ---
@@ -441,7 +841,7 @@
2100. [port] win32: copy libeay32.dll to Build\Debug.
Copy Debug\named-checkzone to Debug\named-compilezone.
-2099. [port] win32: more manifiest issues.
+2099. [port] win32: more manifest issues.
2098. [bug] Race in rbtdb.c:no_references(), which occasionally
triggered an INSIST failure about the node lock
@@ -457,14 +857,14 @@
2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
net_cidr_ntop_ipv6(). [RT #16388]
-
+
2094. [contrib] Update named-bootconf. [RT# 16404]
2093. [bug] named-checkzone -s was broken.
2092. [bug] win32: dig, host, nslookup. Use registry config
if resolv.conf does not exist or no nameservers
- listed. [RT #15877]
+ listed. [RT #15877]
2091. [port] dighost.c: race condition on cleanup. [RT #16417]
@@ -507,7 +907,7 @@
2078. [bug] dnssec-checkzone output style "default" was badly
named. It is now called "relative". [RT #16326]
-2077. [bug] 'dnssec-signzone -O raw' wasn't outputing the
+2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
complete signed zone. [RT #16326]
2076. [bug] Several files were missing #include <config.h>
@@ -592,7 +992,7 @@
[RT #16287]
2049. [bug] Restore SOA before AXFR when falling back from
- a attempted IXFR when transfering in a zone.
+ a attempted IXFR when transferring in a zone.
Allow a initial SOA query before attempting
a AXFR to be requested. [RT #16156]
@@ -601,7 +1001,7 @@
the OS always returned the same local port.
[RT #16182]
-2047. [bug] Failed to initialise the interface flags to zero.
+2047. [bug] Failed to initialize the interface flags to zero.
[RT #16245]
2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
@@ -641,7 +1041,7 @@
2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
-2033. [bug] We wern't creating multiple client memory contexts
+2033. [bug] We weren't creating multiple client memory contexts
on demand as expected. [RT #16095]
--- 9.4.0a6 released ---
@@ -657,7 +1057,7 @@
2029. [bug] host printed out the server multiple times when
specified on the command line. [RT #15992]
-2028. [port] linux: socket.c compatability for old systems.
+2028. [port] linux: socket.c compatibility for old systems.
[RT #16015]
2027. [port] libbind: Solaris x86 support. [RT #16020]
@@ -667,7 +1067,7 @@
2025. [func] Update "zone serial unchanged" message. [RT #16026]
-2024. [bug] named emited spurious "zone serial unchanged"
+2024. [bug] named emitted spurious "zone serial unchanged"
messages on reload. [RT #16027]
2023. [bug] "make install" should create ${localstatedir}/run and
@@ -695,7 +1095,7 @@
--- 9.4.0a5 released ---
2015. [cleanup] use-additional-cache is now acache-enable for
- consistancy. Default acache-enable off in BIND 9.4
+ consistency. Default acache-enable off in BIND 9.4
as it requires memory usage to be configured.
It may be enabled by default in BIND 9.5 once we
have more experience with it.
@@ -715,9 +1115,9 @@
--- 9.4.0a4 released ---
-2009. [bug] libbind: coverity fixes. [RT #15808]
+2009. [bug] libbind: Coverity fixes. [RT #15808]
-2008. [func] It is now posssible to enable/disable DNSSEC
+2008. [func] It is now possible to enable/disable DNSSEC
validation from rndc. This is useful for the
mobile hosts where the current connection point
breaks DNSSEC (firewall/proxy). [RT #15592]
@@ -729,7 +1129,7 @@
be changed to yes in 9.5.0. [RT #15674]
2006. [security] Allow-query-cache and allow-recursion now default
- to the builtin acls "localnets" and "localhost".
+ to the built in acls "localnets" and "localhost".
This is being done to make caching servers less
attractive as reflective amplifying targets for
@@ -777,7 +1177,7 @@
1994. [port] OpenSSL 0.9.8 support. [RT #15694]
-1993. [bug] Log messsage, via syslog, were missing the space
+1993. [bug] Log messages, via syslog, were missing the space
after the timestamp if "print-time yes" was specified.
[RT #15844]
@@ -785,11 +1185,11 @@
view. [RT #15825]
1991. [cleanup] The configuration data, once read, should be treated
- as readonly. Expand the use of const to enforce this
+ as read only. Expand the use of const to enforce this
at compile time. [RT #15813]
1990. [bug] libbind: isc's override of broken gettimeofday()
- implementions was not always effective.
+ implementations was not always effective.
[RT #15709]
1989. [bug] win32: don't check the service password when
@@ -811,7 +1211,7 @@
server for the zone. Also any zones that contain
DLV records should be removed when upgrading a slave
zone. You do not however have to upgrade all
- servers for a zone with DLV records simultaniously.
+ servers for a zone with DLV records simultaneously.
1984. [func] dig, nslookup and host now advertise a 4096 byte
EDNS UDP buffer size by default. [RT #15855]
@@ -848,7 +1248,7 @@
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606]
-1972. [contrib] DBUS dynamic forwarders integation from
+1972. [contrib] DBUS dynamic forwarders integration from
Jason Vas Dias <jvdias@redhat.com>.
1971. [port] linux: make detection of missing IF_NAMESIZE more
@@ -872,7 +1272,7 @@
1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
-1963. [port] Tru64 4.0E doesn't support send() and recv().
+1963. [port] Tru64 4.0E doesn't support send() and recv().
[RT #15586]
1962. [bug] Named failed to clear old update-policy when it
@@ -898,7 +1298,7 @@
by native compiler. See README for additional
cross compile support information. [RT #15148]
-1955. [bug] Pre-allocate the cache cleaning interator. [RT #14998]
+1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
1954. [func] Named now falls back to advertising EDNS with a
512 byte receive buffer if the initial EDNS queries
@@ -915,7 +1315,7 @@
1951. [security] Drop queries from particular well known ports.
Don't return FORMERR to queries from particular
well known ports. [RT #15636]
-
+
1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
a TCP socket. This prevents the source address being
set for TCP connections. [RT #15628]
@@ -934,10 +1334,10 @@
1946. [bug] resume_dslookup() could trigger a REQUIRE failure
when using forwarders. [RT #15549]
-1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is nolonger recommended.
+1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
To generate a RSAMD5 key you must explicitly request
RSAMD5. [RT #13780]
-
+
1944. [cleanup] isc_hash_create() does not need a read/write lock.
[RT #15522]
@@ -1028,15 +1428,15 @@
1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
when generating man pages. [RT #15385]
-1916. [func] Integrate contibuted IDN code from JPNIC. [RT #15383]
+1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
1915. [bug] dig +ndots was broken. [RT #15215]
1914. [protocol] DS is required to accept mnemonic algorithms
(RFC 4034). Still emit numeric algorithms for
- compatability with RFC 3658. [RT #15354]
+ compatibility with RFC 3658. [RT #15354]
-1913. [func] Integrate contibuted DLZ code into named. [RT #11382]
+1913. [func] Integrate contributed DLZ code into named. [RT #11382]
1912. [port] aix: atomic locking for powerpc. [RT #15020]
@@ -1059,7 +1459,7 @@
[RT #15034]
1905. [bug] Strings returned from cfg_obj_asstring() should be
- treated as read-only. The prototype for
+ treated as read-only. The prototype for
cfg_obj_asstring() has been updated to reflect this.
[RT #15256]
@@ -1108,7 +1508,7 @@
1891. [port] freebsd: pthread_mutex_init can fail if it runs out
of memory. [RT #14995]
-1890. [func] Raise the UDP recieve buffer size to 32k if it is
+1890. [func] Raise the UDP receive buffer size to 32k if it is
less than 32k. [RT #14953]
1889. [port] sunos: non blocking i/o support. [RT #14951]
@@ -1148,7 +1548,7 @@
[RT #2471]
1877. [bug] Fix unreasonably low quantum on call to
- dns_rbt_destroy2(). Remove unnecessay unhash_node()
+ dns_rbt_destroy2(). Remove unnecessary unhash_node()
call. [RT #14919]
1876. [func] Additional memory debugging support to track size
@@ -1189,10 +1589,10 @@
1863. [bug] rrset-order "fixed" error messages not complete.
1862. [func] Add additional zone data constancy checks.
- named-checkzone has extended checking of NS, MX and
+ named-checkzone has extended checking of NS, MX and
SRV record and the hosts they reference.
named has extended post zone load checks.
- New zone options: check-mx and integrity-check.
+ New zone options: check-mx and integrity-check.
[RT #4940]
1861. [bug] dig could trigger a INSIST on certain malformed
@@ -1230,24 +1630,24 @@
1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
1849. [doc] All forms of the man pages (docbook, man, html) should
- have consistant copyright dates.
+ have consistent copyright dates.
1848. [bug] Improve SMF integration. [RT #13238]
1847. [bug] isc_ondestroy_init() is called too late in
- dns_rbtdb_create()/dns_rbtdb64_create().
+ dns_rbtdb_create()/dns_rbtdb64_create().
[RT #13661]
-
+
1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
<bortzmeyer@nic.fr>.
-1845. [bug] Improve error reporting to distingish between
+1845. [bug] Improve error reporting to distinguish between
accept()/fcntl() and socket()/fcntl() errors.
[RT #13745]
1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
for each 16 bit piece of the IPv6 address. The text
- representation of a IPv6 address has been tighted
+ representation of a IPv6 address has been tightened
to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
[RT #5662]
@@ -1475,7 +1875,7 @@
1765. [bug] configure --with-openssl=auto failed. [RT #12937]
1764. [bug] dns_zone_replacedb failed to emit a error message
- if there was no SOA record in the replacment db.
+ if there was no SOA record in the replacement db.
[RT #13016]
1763. [func] Perform sanity checks on NS records which refer to
@@ -1503,7 +1903,7 @@
1755. [func] allow-update is now settable at the options / view
level. [RT #6636]
-1754. [bug] We wern't always attempting to query the parent
+1754. [bug] We weren't always attempting to query the parent
server for the DS records at the zone cut.
[RT #12774]
@@ -1523,8 +1923,8 @@
[RT #12866]
1748. [func] dig now returns the byte count for axfr/ixfr.
-
-1747. [bug] BIND 8 compatability: named/named-checkconf failed
+
+1747. [bug] BIND 8 compatibility: named/named-checkconf failed
to parse "host-statistics-max" in named.conf.
1746. [func] Make public the function to read a key file,
@@ -1541,7 +1941,7 @@
requested number of worker threads then destruction
of the manager would trigger an INSIST() failure.
[RT #12790]
-
+
1742. [bug] Deleting all records at a node then adding a
previously existing record, in a single UPDATE
transaction, failed to leave / regenerate the
@@ -1552,7 +1952,7 @@
1740. [bug] Replace rbt's hash algorithm as it performed badly
with certain zones. [RT #12729]
-
+
NOTE: a hash context now needs to be established
via isc_hash_create() if the application was not
already doing this.
@@ -1567,7 +1967,7 @@
1736. [bug] dst_key_fromnamedfile() could fail to read a
public key. [RT #12687]
-
+
1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
[RE #12688]
@@ -1607,7 +2007,7 @@
[RT #12519]
1721. [bug] Error message from the journal processing were not
- always identifing the relevent journal. [RT #12519]
+ always identifying the relevant journal. [RT #12519]
1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
negative response. [RT #12506]
@@ -1664,7 +2064,7 @@
1703. [bug] named would loop sending NOTIFY messages when it
failed to receive a response. [RT #12322]
-1702. [bug] also-notify should not be applied to builtin zones.
+1702. [bug] also-notify should not be applied to built in zones.
[RT #12323]
1701. [doc] A minimal named.conf man page.
@@ -1744,7 +2144,7 @@
1675. [bug] named would sometimes add extra NSEC records to
the authority section.
-
+
1674. [port] linux: increase buffer size used to scan
/proc/net/if_inet6.
@@ -1816,7 +2216,7 @@
1648. [func] Update dnssec-lookaside named.conf syntax to support
multiple dnssec-lookaside namespaces (not yet
- implemented).
+ implemented).
1647. [bug] It was possible trigger a INSIST when chasing a DS
record that required walking back over a empty node.
@@ -1829,7 +2229,7 @@
masters with keys are specified.
1644. [bug] Update the journal modification time after a
- sucessfull refresh query. [RT #11436]
+ successful refresh query. [RT #11436]
1643. [bug] dns_db_closeversion() could leak memory / node
references. [RT #11163]
@@ -1846,11 +2246,11 @@
1638. [bug] "ixfr-from-differences" could generate a REQUIRE
failure if the journal open failed. [RT #11347]
-
+
1637. [bug] Node reference leak on error in addnoqname().
1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
- a error had occured. The database version no longer
+ a error had occurred. The database version no longer
matched the version of the database that was dumped.
1635. [bug] Memory leak on error in query_addds().
@@ -1940,21 +2340,21 @@
1607. [bug] dig, host and nslookup were still using random()
to generate query ids. [RT# 11013]
-1606. [bug] DLV insecurity proof was failing.
+1606. [bug] DLV insecurity proof was failing.
1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
1604. [bug] A xfrout_ctx_create() failure would result in
xfrout_ctx_destroy() being called with a
partially initialized structure.
-
+
1603. [bug] nsupdate: set interactive based on isatty().
[RT# 10929]
1602. [bug] Logging to a file failed unless a size was specified.
[RT# 10925]
-1601. [bug] Silence spurious warning 'both "recursion no;" and
+1601. [bug] Silence spurious warning 'both "recursion no;" and
"allow-recursion" active' warning from view "_bind".
[RT# 10920]
@@ -2045,7 +2445,7 @@
1568. [bug] nsupdate now reports that the update failed in
interactive mode. [RT# 10236]
-1567. [bug] B.ROOT-SERVERS.NET is now 192.228.79.201.
+1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
1566. [port] Support for the cmsg framework on Solaris and HP/UX.
This also solved the problem that match-destinations
@@ -2214,7 +2614,7 @@
type, class and responding nameserver.
1511. [bug] delegation-only was generating false positives
- on negative answers from subzones.
+ on negative answers from sub-zones.
1510. [func] New view option "root-delegation-only". Apply
delegation-only check to all TLDs and root.
@@ -2548,7 +2948,7 @@
1398. [doc] ARM: notify-also should have been also-notify.
[RT #4345]
-1397. [bug] J.ROOT-SERVERS.NET is now 192.58.128.30.
+1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
1396. [func] dnssec-signzone: adjust the default signing time by
1 hour to allow for clock skew.
@@ -3895,7 +4295,7 @@
954. [bug] When requesting AXFRs or IXFRs using dig, host, or
nslookup, the RD bit should not be set as zone
- transfers are inherently nonrecursive. [RT #1575]
+ transfers are inherently non-recursive. [RT #1575]
953. [func] The /var/run/named.key file from change #843
has been replaced by /etc/rndc.key. Both
@@ -4210,7 +4610,7 @@
860. [func] Drop cross class glue in zone transfers.
859. [bug] Cache cleaning now won't swamp the CPU if there
- is a persistent overlimit condition.
+ is a persistent over limit condition.
858. [func] isc_mem_setwater() no longer requires that when the
callback function is non-NULL then its hi_water
@@ -4386,7 +4786,7 @@
811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
810. [bug] The signer name in SIG records was not properly
- downcased when signing/verifying records. [RT #1186]
+ down-cased when signing/verifying records. [RT #1186]
809. [bug] Configuring a non-local address as a transfer-source
could cause an assertion failure during load.
@@ -4398,9 +4798,9 @@
ignored like it should be.
806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
- the calling stack to the zone maintence level, causing
- zones to not reload when an included file was touched
- but the top-level zone file was not.
+ the calling stack to the zone maintenance level,
+ causing zones to not reload when an included file was
+ touched but the top-level zone file was not.
805. [bug] When using "forward only", missing root hints should
not cause queries to fail. [RT #1143]
@@ -4440,7 +4840,7 @@
in rndc.conf.
793. [cleanup] The DNSSEC tools could create filenames that were
- illegal or contained shell metacharacters. They
+ illegal or contained shell meta-characters. They
now use a different text encoding of names that
doesn't have these problems. [RT #1101]
@@ -4464,7 +4864,7 @@
names when mapping them into file names.
786. [bug] When DNSSEC signing/verifying data, owner names were
- not properly downcased.
+ not properly down-cased.
785. [bug] A race condition in the resolver could cause
an assertion failure. [RT #673, #872, #1048]
@@ -4483,7 +4883,7 @@
780. [bug] Error handling code dealing with out of memory or
other rare errors could lead to assertion failures
- by calling functions on unitialized names. [RT #1065]
+ by calling functions on uninitialized names. [RT #1065]
779. [func] Added the "minimal-responses" option.
@@ -4626,7 +5026,7 @@
735. [doc] Add BIND 4 migration notes.
734. [bug] An attempt to re-lock the zone lock could occur if
- the server was shutdown during a zone tranfer.
+ the server was shutdown during a zone transfer.
[RT #830]
733. [bug] Reference counts of dns_acl_t objects need to be
@@ -4766,7 +5166,7 @@
688. [func] "make tags" now works on systems with the
"Exuberant Ctags" etags.
- 687. [bug] Only say we have IPv6, with sufficent functionality,
+ 687. [bug] Only say we have IPv6, with sufficient functionality,
if it has actually been tested. [RT #586]
686. [bug] dig and nslookup can now be properly aborted during
@@ -5084,7 +5484,7 @@
--- 9.1.0b1 released ---
591. [bug] Work around non-reentrancy in openssl by disabling
- precomputation in keys.
+ pre-computation in keys.
590. [doc] There are now man pages for the lwres library in
doc/man/lwres.
@@ -5133,7 +5533,7 @@
source address for notify messages.
577. [func] Log illegal RDATA combinations. e.g. multiple
- singlton types, cname and other data.
+ singleton types, cname and other data.
576. [doc] isc_log_create() description did not match reality.
@@ -5144,7 +5544,7 @@
have their responses validated and would leak memory.
573. [bug] The journal files of IXFRed slave zones were
- inadvertantly discarded on server reload, causing
+ inadvertently discarded on server reload, causing
"journal out of sync with zone" errors on subsequent
reloads. [RT #482]
@@ -5313,7 +5713,7 @@
others).
519. [bug] dns_name_split() would improperly split some bitstring
- labels, zeroing a few of the least signficant bits in
+ labels, zeroing a few of the least significant bits in
the prefix part. When such an improperly created
prefix was returned to the RBT database, the bogus
label was dutifully stored, corrupting the tree.
@@ -5341,7 +5741,7 @@
513. [func] New functionality added to rdnc and server to allow
individual zones to be refreshed or reloaded.
- 512. [bug] The zone transfer code could throw an execption with
+ 512. [bug] The zone transfer code could throw an exception with
an invalid IXFR stream.
511. [bug] The message code could throw an assertion on an
@@ -5532,7 +5932,7 @@
452. [bug] Warn if the unimplemented option "statistics-file"
is specified in named.conf. [RT #301]
- 451. [func] Update forwarding implememted.
+ 451. [func] Update forwarding implemented.
450. [func] New function ns_client_sendraw().
@@ -5633,7 +6033,7 @@
e.g. due to corrupt zones with multiple SOA records.
[RT #279]
- 423. [bug] When responding to a recusive query, errors that occur
+ 423. [bug] When responding to a recursive query, errors that occur
after following a CNAME should cause the query to fail.
[RT #274]
@@ -5678,7 +6078,7 @@
409. [bug] If named was shut down early in the startup
process, ns_omapi_shutdown() would attempt to lock
- an unintialized mutex. [RT #262]
+ an uninitialized mutex. [RT #262]
408. [bug] stub zones could leak memory and reference counts if
all the masters were unreachable.
@@ -5745,7 +6145,7 @@
making the functions dns_zone_adddbarg()
and dns_zone_cleardbargs() unnecessary.
- 389. [bug] Attempting to send a reqeust over IPv6 using
+ 389. [bug] Attempting to send a request over IPv6 using
dns_request_create() on a system without IPv6
support caused an assertion failure [RT #235].
@@ -5802,7 +6202,7 @@
of a very large RRset could cause an assertion failure
during logging.
- 370. [bug] The error messages for rollforward failures were
+ 370. [bug] The error messages for roll-forward failures were
overly terse.
369. [func] Support new named.conf options, view and zone
@@ -5945,7 +6345,7 @@
328. [func] Added isc_base64_decodestring().
- 327. [bug] rndc.conf parser wasn't correctly recognising an IP
+ 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
address where a host specification was required.
326. [func] 'keys' in an 'inet' control statement is now
@@ -5975,7 +6375,7 @@
where they previously didn't.
321. [bug] When synthesizing a CNAME RR for a DNAME
- response, query_addcname() failed to intitialize
+ response, query_addcname() failed to initialize
the type and class of the CNAME dns_rdata_t,
causing random failures.
@@ -6251,7 +6651,7 @@
--- 9.0.0b4 released ---
- 253. [func] resolv.conf parser now recognises ';' and '#' as
+ 253. [func] resolv.conf parser now recognizes ';' and '#' as
comments (anywhere in line, not just as the beginning).
252. [bug] resolv.conf parser mishandled masks on sortlists.
@@ -6321,7 +6721,7 @@
requiring a quoted string.
233. [cleanup] Convert all config structure integer values to unsigned
- integer (isc_uint32_t) to match grammer.
+ integer (isc_uint32_t) to match grammar.
232. [bug] Allow slave zones to not have a file.
@@ -6358,7 +6758,7 @@
from confparser.c, because of yacc's code, are
unfortunately to be expected.)
- 223. [func] Several functions were reprototyped to qualify one
+ 223. [func] Several functions were re-prototyped to qualify one
or more of their arguments with "const". Similarly,
several functions that return pointers now have
those pointers qualified with const.
@@ -6523,7 +6923,7 @@
183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
for logging the program name or other identifier.
- 182. [cleanup] New commandline parameters for dnssec tools
+ 182. [cleanup] New command-line parameters for dnssec tools
181. [func] Added dst_key_buildfilename and dst_key_parsefilename
@@ -6568,7 +6968,7 @@
--with-mit-pthreads option is no longer needed
and has been removed.
- 170. [cleanup] Remove inter server consistancy checks from zone,
+ 170. [cleanup] Remove inter server consistency checks from zone,
these should return as a separate module in 9.1.
dns_zone_checkservers(), dns_zone_checkparents(),
dns_zone_checkchildren(), dns_zone_checkglue().
@@ -6661,7 +7061,7 @@
than continuing to itemize every header which changed,
this changelog entry just notes that if a header file
did not need another header file that it was including
- in order to provide its advertized functionality, the
+ in order to provide its advertised functionality, the
inclusion of the other header file was removed. See
util/check-includes for how this was tested.
@@ -7053,7 +7453,7 @@
31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
- 30. [func] config file grammer change to support optional
+ 30. [func] config file grammar change to support optional
class type for a view.
29. [func] support new config file view options:
@@ -7117,7 +7517,7 @@
13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
out-of-zone data.
- 12. [bug] Fixed possible unitialized variable error.
+ 12. [bug] Fixed possible uninitialized variable error.
11. [bug] axfr_rrstream_first() didn't check the result code of
db_rr_iterator_first(), possibly causing an assertion
diff --git a/COPYRIGHT b/COPYRIGHT
index 2eaecb296f7d..8d6a0cef1378 100644
--- a/COPYRIGHT
+++ b/COPYRIGHT
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
-$Id: COPYRIGHT,v 1.9.18.4.10.1 2008/07/23 07:28:54 tbox Exp $
+$Id: COPYRIGHT,v 1.9.18.5 2008/01/02 23:46:02 tbox Exp $
Portions Copyright (C) 1996-2001 Nominum, Inc.
diff --git a/FAQ b/FAQ
index 90b3ca045388..2c333bef3b24 100644
--- a/FAQ
+++ b/FAQ
@@ -1,6 +1,6 @@
Frequently Asked Questions about BIND 9
-Copyright 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright 2004-2008 Internet Systems Consortium, Inc. ("ISC")
Copyright 2000-2003 Internet Software Consortium.
@@ -205,6 +205,8 @@ A: These indicate a malformed master zone. You can identify the exact
Q: I get error messages like "named.conf:99: unexpected end of input"
where 99 is the last line of named.conf.
+A: There are unbalanced quotes in named.conf.
+
A: Some text editors (notepad and wordpad) fail to put a line title
indication (e.g. CR/LF) on the last line of a text file. This can be
fixed by "adding" a blank line to the end of the file. Named expects to
@@ -375,7 +377,60 @@ A: When reloading a zone named my have multiple copies of the zone in
other errors in the master file as it still has an in-core copy of the
old contents.
-3. General Questions
+Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
+ External lookups are slow.
+
+A: You can use server clauses to stop named making external lookups over
+ IPv6.
+
+ server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
+ server ::/0 { bogus yes; };
+
+3. Operations Questions
+
+Q: How to change the nameservers for a zone?
+
+A: Step 1: Ensure all nameservers, new and old, are serving the same zone
+ content.
+
+ Step 2: Work out the maximum TTL of the NS RRset in the parent and
+ child zones. This is the time it will take caches to be clear of a
+ particular version of the NS RRset. If you are just removing
+ nameservers you can skip to Step 6.
+
+ Step 3: Add new nameservers to the NS RRset for the zone and wait until
+ all the servers for the zone are answering with this new NS RRset.
+
+ Step 4: Inform the parent zone of the new NS RRset then wait for all
+ the parent servers to be answering with the new NS RRset.
+
+ Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
+ how long. If you are just adding nameservers you are done.
+
+ Step 6: Remove any old nameservers from the zones NS RRset and wait for
+ all the servers for the zone to be serving the new NS RRset.
+
+ Step 7: Inform the parent zone of the new NS RRset then wait for all
+ the parent servers to be answering with the new NS RRset.
+
+ Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
+ how long.
+
+ Step 9: Turn off the old nameservers or remove the zone entry from the
+ configuration of the old nameservers.
+
+ Step 10: Increment the serial number and wait for the change to be
+ visible in all nameservers for the zone. This ensures that zone
+ transfers are still working after the old servers are decommissioned.
+
+ Note: the above procedure is designed to be transparent to dns clients.
+ Decommissioning the old servers too early will result in some clients
+ not being able to look up answers in the zone.
+
+ Note: while it is possible to run the addition and removal stages
+ together it is not recommended.
+
+4. General Questions
Q: I keep getting log messages like the following. Why?
@@ -396,8 +451,8 @@ A: Someone is trying to update your DNS data using the RFC2136 Dynamic
Update protocol. Windows 2000 machines have a habit of sending dynamic
update requests to DNS servers without being specifically configured to
do so. If the update requests are coming from a Windows 2000 machine,
- see http://support.microsoft.com/support/kb/articles/q246/8/04.asp for
- information about how to turn them off.
+ see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
+ for information about how to turn them off.
Q: When I do a "dig . ns", many of the A records for the root servers are
missing. Why?
@@ -468,7 +523,7 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you
are using then you have failed to follow RFC 1918 usage rules and are
leaking queries to the Internet. You should establish your own zones
for these addresses to prevent you querying the Internet's name servers
- for these addresses. Please see http://as112.net/ for details of the
+ for these addresses. Please see <http://as112.net/> for details of the
problems you are causing and the counter measures that have had to be
deployed.
@@ -541,9 +596,16 @@ A: No. The BIND 9 bug database is kept closed for a number of reasons.
that have been fixed post release. That is as close as we can get to
providing a bug database.
-4. Operating-System Specific Questions
+Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
+
+A: NSEC3 records are strictly meta data and can only be returned in the
+ authority section. This is done so that signing the zone using NSEC3
+ records does not bring names into existance that do not exist in the
+ unsigned version of the zone.
-4.1. HPUX
+5. Operating-System Specific Questions
+
+5.1. HPUX
Q: I get the following error trying to configure BIND:
@@ -559,7 +621,7 @@ A: You have attempted to configure BIND with the bundled C compiler. This
./configure CC=<compiler> ...
-4.2. Linux
+5.2. Linux
Q: Why do I get the following errors:
@@ -569,7 +631,20 @@ Q: Why do I get the following errors:
A: This is the result of a Linux kernel bug.
- See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+ See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
+ 2>
+
+Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
+
+A: This is due to a kernel bug where the fact that a socket is marked
+ non-blocking is ignored. It is reported that setting xfrm_larval_drop
+ to 1 helps but this may have negative side effects. See: <https://
+ bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
+ 2007/12/4/260>.
+
+ xfrm_larval_drop can be set to 1 by the following procedure:
+
+ echo "1" > proc/sys/net/core/xfrm_larval_drop
Q: Why do I see 5 (or more) copies of named on Linux?
@@ -594,7 +669,12 @@ Q: I get the error message "named: capset failed: Operation not permitted"
when starting named.
A: The capability module, part of "Linux Security Modules/LSM", has not
- been loaded into the kernel. See insmod(8).
+ been loaded into the kernel. See insmod(8), modprobe(8).
+
+ The relevant modules can be loaded by running:
+
+ modprobe commoncap
+ modprobe capability
Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
@@ -608,7 +688,7 @@ Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
Red Hat have adopted the National Security Agency's SELinux security
- policy ( see http://www.nsa.gov/selinux ) and recommendations for BIND
+ policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
security , which are more secure than running named in a chroot and
make use of the bind-chroot environment unnecessary .
@@ -699,7 +779,19 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
See these man-pages for more information : selinux(8), named_selinux
(8), chcon(1), setsebool(8)
-4.3. Windows
+Q: Listening on individual IPv6 interfaces does not work.
+
+A: This is usually due to "/proc/net/if_inet6" not being available in the
+ chroot file system. Mount another instance of "proc" in the chroot file
+ system.
+
+ This can be be made permanent by adding a second instance to /etc/
+ fstab.
+
+ proc /proc proc defaults 0 0
+ proc /var/named/proc proc defaults 0 0
+
+5.3. Windows
Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
Why?
@@ -725,7 +817,7 @@ A: This is the service manager saying that named exited. You need to
Directory "C:\windows\dns\etc";
};
-4.4. FreeBSD
+5.4. FreeBSD
Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
@@ -736,17 +828,17 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
/etc/rc.conf
rand_irqs="3 14 15"
- See also http://people.freebsd.org/~dougb/randomness.html
+ See also <http://people.freebsd.org/~dougb/randomness.html>.
-4.5. Solaris
+5.5. Solaris
Q: How do I integrate BIND 9 and Solaris SMF
A: Sun has a blog entry describing how to do this.
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
-4.6. Apple Mac OS X
+5.6. Apple Mac OS X
Q: How do I run BIND 9 on Apple Mac OS X?
diff --git a/FAQ.xml b/FAQ.xml
index 0f864ef753a2..b624d06d5341 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -1,7 +1,7 @@
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: FAQ.xml,v 1.4.4.16 2007/10/31 02:14:07 marka Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.4.24 2008/09/10 01:32:25 tbox Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
@@ -27,6 +27,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -392,6 +393,11 @@ named-checkzone example.com tmp</programlisting>
</question>
<answer>
<para>
+ There are unbalanced quotes in named.conf.
+ </para>
+ </answer>
+ <answer>
+ <para>
Some text editors (notepad and wordpad) fail to put a line
title indication (e.g. CR/LF) on the last line of a
text file. This can be fixed by "adding" a blank line to
@@ -660,9 +666,98 @@ zone "list.dsbl.org" {
</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ I want to use IPv6 locally but I don't have a external IPv6
+ connection. External lookups are slow.
+ </para>
+ </question>
+ <answer>
+ <para>
+ You can use server clauses to stop named making external lookups
+ over IPv6.
+ </para>
+ <programlisting>
+server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
+server ::/0 { bogus yes; };
+</programlisting>
+ </answer>
+ </qandaentry>
</qandadiv> <!-- Configuration and Setup Questions -->
+ <qandadiv><title>Operations Questions</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ How to change the nameservers for a zone?
+ </para>
+ </question>
+ <answer>
+ <para>
+ Step 1: Ensure all nameservers, new and old, are serving the
+ same zone content.
+ </para>
+ <para>
+ Step 2: Work out the maximum TTL of the NS RRset in the parent and child
+ zones. This is the time it will take caches to be clear of a
+ particular version of the NS RRset.
+ If you are just removing nameservers you can skip to Step 6.
+ </para>
+ <para>
+ Step 3: Add new nameservers to the NS RRset for the zone and
+ wait until all the servers for the zone are answering with this
+ new NS RRset.
+ </para>
+ <para>
+ Step 4: Inform the parent zone of the new NS RRset then wait for all the
+ parent servers to be answering with the new NS RRset.
+ </para>
+ <para>
+ Step 5: Wait for cache to be clear of the old NS RRset.
+ See Step 2 for how long.
+ If you are just adding nameservers you are done.
+ </para>
+ <para>
+ Step 6: Remove any old nameservers from the zones NS RRset and
+ wait for all the servers for the zone to be serving the new NS RRset.
+ </para>
+ <para>
+ Step 7: Inform the parent zone of the new NS RRset then wait for all the
+ parent servers to be answering with the new NS RRset.
+ </para>
+ <para>
+ Step 8: Wait for cache to be clear of the old NS RRset.
+ See Step 2 for how long.
+ </para>
+ <para>
+ Step 9: Turn off the old nameservers or remove the zone entry from
+ the configuration of the old nameservers.
+ </para>
+ <para>
+ Step 10: Increment the serial number and wait for the change to
+ be visible in all nameservers for the zone. This ensures that
+ zone transfers are still working after the old servers are
+ decommissioned.
+ </para>
+ <para>
+ Note: the above procedure is designed to be transparent
+ to dns clients. Decommissioning the old servers too early
+ will result in some clients not being able to look up
+ answers in the zone.
+ </para>
+ <para>
+ Note: while it is possible to run the addition and removal
+ stages together it is not recommended.
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv> <!-- Operations Questions -->
+
<qandadiv><title>General Questions</title>
<qandaentry>
@@ -705,8 +800,7 @@ zone "list.dsbl.org" {
requests are coming from a Windows 2000 machine, see
<ulink
url="http://support.microsoft.com/support/kb/articles/q246/8/04.asp">
- http://support.microsoft.com/support/kb/articles/q246/8/04.asp
- </ulink>
+ &lt;http://support.microsoft.com/support/kb/articles/q246/8/04.asp&gt;</ulink>
for information about how to turn them off.
</para>
</answer>
@@ -856,7 +950,7 @@ serial-query-rate 5; // default 20</programlisting>
usage rules and are leaking queries to the Internet. You
should establish your own zones for these addresses to prevent
you querying the Internet's name servers for these addresses.
- Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
+ Please see <ulink url="http://as112.net/">&lt;http://as112.net/&gt;</ulink>
for details of the problems you are causing and the counter
measures that have had to be deployed.
</para>
@@ -962,6 +1056,23 @@ empty:
</answer>
</qandaentry>
+ <qandaentry>
+ <question>
+ <para>
+ Why do queries for NSEC3 records fail to return the NSEC3 record?
+ </para>
+ </question>
+ <answer>
+ <para>
+ NSEC3 records are strictly meta data and can only be
+ returned in the authority section. This is done so that
+ signing the zone using NSEC3 records does not bring names
+ into existance that do not exist in the unsigned version
+ of the zone.
+ </para>
+ </answer>
+ </qandaentry>
+
</qandadiv> <!-- General Questions -->
<qandadiv><title>Operating-System Specific Questions</title>
@@ -1009,7 +1120,31 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
</para>
<para>
See:
- <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2</ulink>
+ <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">&lt;http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2&gt;</ulink>
+ </para>
+ </answer>
+ </qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Why does named lock up when it attempts to connect over IPSEC tunnels?
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is due to a kernel bug where the fact that a socket is marked
+ non-blocking is ignored. It is reported that setting
+ xfrm_larval_drop to 1 helps but this may have negative side effects.
+ See:
+<ulink url="https://bugzilla.redhat.com/show_bug.cgi?id=427629">&lt;https://bugzilla.redhat.com/show_bug.cgi?id=427629&gt;</ulink>
+ and
+<ulink url="http://lkml.org/lkml/2007/12/4/260">&lt;http://lkml.org/lkml/2007/12/4/260&gt;</ulink>.
+ </para>
+ <para>
+ xfrm_larval_drop can be set to 1 by the following procedure:
+<programlisting>
+echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
</para>
</answer>
</qandaentry>
@@ -1064,7 +1199,13 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
<answer>
<para>
The capability module, part of "Linux Security Modules/LSM",
- has not been loaded into the kernel. See insmod(8).
+ has not been loaded into the kernel. See insmod(8), modprobe(8).
+ </para>
+ <para>
+ The relevant modules can be loaded by running:
+<programlisting>
+modprobe commoncap
+modprobe capability</programlisting>
</para>
</answer>
</qandaentry>
@@ -1094,8 +1235,9 @@ client: UDP client handler shutting down due to fatal receive error: unexpected
<para>
Red Hat have adopted the National Security Agency's
- SELinux security policy ( see http://www.nsa.gov/selinux
- ) and recommendations for BIND security , which are more
+ SELinux security policy (see <ulink
+ url="http://www.nsa.gov/selinux">&lt;http://www.nsa.gov/selinux&gt;</ulink>)
+ and recommendations for BIND security , which are more
secure than running named in a chroot and make use of
the bind-chroot environment unnecessary .
</para>
@@ -1233,6 +1375,30 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
</para>
</answer>
</qandaentry>
+
+ <qandaentry>
+ <question>
+ <para>
+ Listening on individual IPv6 interfaces does not work.
+ </para>
+ </question>
+ <answer>
+ <para>
+ This is usually due to "/proc/net/if_inet6" not being available
+ in the chroot file system. Mount another instance of "proc"
+ in the chroot file system.
+ </para>
+ <para>
+ This can be be made permanent by adding a second instance to
+ /etc/fstab.
+ <informalexample>
+ <programlisting>
+proc /proc proc defaults 0 0
+proc /var/named/proc proc defaults 0 0</programlisting>
+ </informalexample>
+ </para>
+ </answer>
+ </qandaentry>
</qandadiv> <!-- Linux -->
@@ -1310,8 +1476,7 @@ rand_irqs="3 14 15"</programlisting>
<para>
See also
<ulink url="http://people.freebsd.org/~dougb/randomness.html">
- http://people.freebsd.org/~dougb/randomness.html
- </ulink>
+ &lt;http://people.freebsd.org/~dougb/randomness.html&gt;</ulink>.
</para>
</answer>
</qandaentry>
@@ -1333,13 +1498,77 @@ rand_irqs="3 14 15"</programlisting>
<para>
<ulink
url="http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris">
- http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+ &lt;http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris&gt;
</ulink>
</para>
</answer>
</qandaentry>
</qandadiv>
+
+ <qandadiv><title>Apple Mac OS X</title>
+
+ <qandaentry>
+ <question>
+ <para>
+ How do I run BIND 9 on Apple Mac OS X?
+ </para>
+ </question>
+ <answer>
+ <para>
+ If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo rndc-confgen > /etc/rndc.conf</programlisting>
+ </informalexample>
+ <para>
+ Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
+ </para>
+ <informalexample>
+ <programlisting>
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "uvceheVuqf17ZwIcTydddw==";
+};</programlisting>
+ </informalexample>
+ <para>
+ Then start the relevant service:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo service org.isc.named start</programlisting>
+ </informalexample>
+ <para>
+ This is persistent upon a reboot, so you will have to do it only once.
+ </para>
+ </answer>
+
+ <answer>
+ <para>
+ Alternatively you can just generate /etc/rndc.key by running:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo rndc-confgen -a</programlisting>
+ </informalexample>
+ <para>
+ Then start the relevant service:
+ </para>
+ <informalexample>
+ <programlisting>
+% sudo service org.isc.named start</programlisting>
+ </informalexample>
+ <para>
+ Named will look for /etc/rndc.key when it starts if it
+ doesn't have a controls section or the existing controls are
+ missing keys sub-clauses. This is persistent upon a
+ reboot, so you will have to do it only once.
+ </para>
+ </answer>
+ </qandaentry>
+
+ </qandadiv>
</qandadiv> <!-- Operating-System Specific Questions -->
diff --git a/README b/README
index 20fd84a13e44..0a0bc9e86f6d 100644
--- a/README
+++ b/README
@@ -42,6 +42,9 @@ BIND 9
Stichting NLnet - NLnet Foundation
Nominum, Inc.
+BIND 9.4.3
+
+ BIND 9.4.3 is a maintenance release, fixing bugs in 9.4.2.
BIND 9.4.2
@@ -355,7 +358,7 @@ BIND 9.2.0
This does not apply to the use of TSIG, which does not
require OpenSSL.
- - The source distribution now builds on Windows NT/2000.
+ - The source distribution now builds on Windows.
See win32utils/readme1.txt and win32utils/win32-build.txt
for details.
@@ -404,11 +407,8 @@ BIND 9.2.0
--with-libtool does not work on AIX.
- --with-libtool does not work on SunOS 4. configure
- requires "printf" which is not available.
-
- A bug in the Windows 2000 DNS server can cause zone transfers
- from a BIND 9 server to a W2K server to fail. For details,
+ A bug in some versions of the Microsoft DNS server can cause zone
+ transfers from a BIND 9 server to a W2K server to fail. For details,
see the "Zone Transfers" section in doc/misc/migration.
For a detailed list of user-visible changes from
@@ -428,7 +428,11 @@ Building
NetBSD 1.5
Slackware Linux 8.1
Solaris 8, 9, 9 (x86)
- Windows NT/2000/XP/2003
+ Windows XP/2003/2008
+
+ NOTE: As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
+ Windows, including Windows NT and Windows 2000, are no longer
+ supported.
Additionally, we have unverified reports of success building
previous versions of BIND 9 from users of the following systems:
@@ -482,6 +486,14 @@ Building
-DNS_CLIENT_DROPPORT=0
Disable support for "rrset-order fixed".
-DDNS_RDATASET_FIXED=0
+ Sibling glue checking in named-checkzone is enabled by default.
+ To disable the default check set. -DCHECK_SIBLING=0
+ named-checkzone checks out-of-zone addresses by default.
+ To disable this default set. -DCHECK_LOCAL=0
+ Enable workaround for Solaris kernel bug about /dev/poll
+ -DISC_SOCKET_USE_POLLWATCH=1
+ The watch timeout is also configurable, e.g.,
+ -DISC_SOCKET_POLLWATCH_TIMEOUT=20
LDFLAGS
Linker flags. Defaults to empty string.
@@ -510,6 +522,10 @@ Building
To build libbind (the BIND 8 resolver library), specify
"--enable-libbind" on the configure command line.
+ On some platforms it is necessary to explictly request large
+ file support to handle files bigger than 2GB. This can be
+ done by "--enable-largefile" on the configure command line.
+
On some platforms, BIND 9 can be built with multithreading
support, allowing it to take advantage of multiple CPUs.
You can specify whether to build a multithreaded BIND 9
@@ -559,6 +575,9 @@ Building
on your system, and some require Perl; see bin/tests/system/README
for details.
+ SunOS 4 requires "printf" to be installed to make the shared
+ libraries. sh-utils-1.16 provides a "printf" which compiles
+ on SunOS 4.
Documentation
diff --git a/bin/check/check-tool.c b/bin/check/check-tool.c
index 1f5f1cdc985b..2136a63a7588 100644
--- a/bin/check/check-tool.c
+++ b/bin/check/check-tool.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check-tool.c,v 1.10.18.18 2007/09/13 05:04:01 each Exp $ */
+/* $Id: check-tool.c,v 1.10.18.20 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@@ -46,6 +46,14 @@
#include <isccfg/log.h>
+#ifndef CHECK_SIBLING
+#define CHECK_SIBLING 1
+#endif
+
+#ifndef CHECK_LOCAL
+#define CHECK_LOCAL 1
+#endif
+
#ifdef HAVE_ADDRINFO
#ifdef HAVE_GETADDRINFO
#ifdef HAVE_GAISTRERROR
@@ -59,20 +67,29 @@
result = (r); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
- } while (0)
+ } while (0)
static const char *dbtype[] = { "rbt" };
int debug = 0;
isc_boolean_t nomerge = ISC_TRUE;
+#if CHECK_LOCAL
isc_boolean_t docheckmx = ISC_TRUE;
isc_boolean_t dochecksrv = ISC_TRUE;
isc_boolean_t docheckns = ISC_TRUE;
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
+#else
+isc_boolean_t docheckmx = ISC_FALSE;
+isc_boolean_t dochecksrv = ISC_FALSE;
+isc_boolean_t docheckns = ISC_FALSE;
+#endif
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_CHECKMX |
DNS_ZONEOPT_MANYERRORS |
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKINTEGRITY |
+#if CHECK_SIBLING
+ DNS_ZONEOPT_CHECKSIBLING |
+#endif
DNS_ZONEOPT_CHECKWILDCARD |
DNS_ZONEOPT_WARNMXCNAME |
DNS_ZONEOPT_WARNSRVCNAME;
@@ -125,7 +142,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
@@ -297,7 +314,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
@@ -370,7 +387,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
if (dns_name_countlabels(name) > 1U)
strcat(namebuf, ".");
dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+
result = getaddrinfo(namebuf, NULL, &hints, &ai);
dns_name_format(name, namebuf, sizeof(namebuf) - 1);
switch (result) {
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index cc63153e941a..96efd794661c 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.28.18.16 2007/11/26 23:46:18 tbox Exp $ */
/*! \file */
@@ -224,7 +224,8 @@ configure_zone(const char *vclass, const char *view,
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
else
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
- }
+ } else
+ zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
obj = NULL;
if (get_maps(maps, "check-mx-cname", &obj)) {
diff --git a/bin/check/named-checkzone.c b/bin/check/named-checkzone.c
index 08e958eae49c..f16053bcbb11 100644
--- a/bin/check/named-checkzone.c
+++ b/bin/check/named-checkzone.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named-checkzone.c,v 1.29.18.19 2007/08/28 07:19:55 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.29.18.21 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@@ -77,8 +77,9 @@ usage(void) {
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
- "[-i (full|local|none)] [-M (ignore|warn|fail)] "
- "[-S (ignore|warn|fail)] [-W (ignore|warn)] "
+ "[-i (full|full-sibling|local|local-sibling|none)] "
+ "[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
+ "[-W (ignore|warn)] "
"zonename filename\n", prog_name);
exit(1);
}
@@ -227,7 +228,7 @@ main(int argc, char **argv) {
zone_options &= ~DNS_ZONEOPT_FATALNS;
} else if (ARGCMP("fail")) {
zone_options |= DNS_ZONEOPT_CHECKNS|
- DNS_ZONEOPT_FATALNS;
+ DNS_ZONEOPT_FATALNS;
} else {
fprintf(stderr, "invalid argument to -n: %s\n",
isc_commandline_argument);
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index bf532807dcbe..c9df21eaf4b0 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dig.1,v 1.23.18.22 2007/05/16 06:11:27 marka Exp $
+.\" $Id: dig.1,v 1.23.18.24 2008/10/14 01:30:11 tbox Exp $
.\"
.hy 0
.ad l
@@ -33,7 +33,7 @@
dig \- DNS lookup utility
.SH "SYNOPSIS"
.HP 4
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
.HP 4
\fBdig\fR [\fB\-h\fR]
.HP 4
@@ -59,7 +59,9 @@ Unless it is told to query a specific name server,
will try each of the servers listed in
\fI/etc/resolv.conf\fR.
.PP
-When no command line arguments or options are given, will perform an NS query for "." (the root).
+When no command line arguments or options are given,
+\fBdig\fR
+will perform an NS query for "." (the root).
.PP
It is possible to set per\-user defaults for
\fBdig\fR
@@ -70,9 +72,9 @@ The IN and CH class names overlap with the IN and CH top level domains names. Ei
\fB\-t\fR
and
\fB\-c\fR
-options to specify the type and class or use the
+options to specify the type and class, use the
\fB\-q\fR
-the specify the domain name or use "IN." and "CH." when looking up these top level domains.
+the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
.SH "SIMPLE USAGE"
.PP
A typical invocation of
@@ -139,6 +141,10 @@ operate in batch mode by reading a list of lookup requests to process from the f
\fBdig\fR
using the command\-line interface.
.PP
+The
+\fB\-m\fR
+option enables memory usage debugging.
+.PP
If a non\-standard port number is to be queried, the
\fB\-p\fR
option is used.
@@ -551,7 +557,7 @@ RFC1035.
.PP
There are probably too many query options.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index ba5d87b24e98..5cde9c430e60 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dig.c,v 1.186.18.29 2007/08/28 07:19:55 tbox Exp $ */
+/* $Id: dig.c,v 1.186.18.33 2008/10/15 02:19:18 marka Exp $ */
/*! \file */
@@ -50,7 +50,7 @@
#define ADD_STRING(b, s) { \
if (strlen(s) >= isc_buffer_availablelength(b)) \
- return (ISC_R_NOSPACE); \
+ return (ISC_R_NOSPACE); \
else \
isc_buffer_putstr(b, s); \
}
@@ -71,7 +71,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
/*% opcode text */
-static const char *opcodetext[] = {
+static const char * const opcodetext[] = {
"QUERY",
"IQUERY",
"STATUS",
@@ -91,7 +91,7 @@ static const char *opcodetext[] = {
};
/*% return code text */
-static const char *rcodetext[] = {
+static const char * const rcodetext[] = {
"NOERROR",
"FORMERR",
"SERVFAIL",
@@ -144,8 +144,8 @@ help(void) {
" q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
" (Use ixfr=version for type ixfr)\n"
" q-opt is one of:\n"
-" -x dot-notation (shortcut for in-addr lookups)\n"
-" -i (IP6.INT reverse IPv6 lookups)\n"
+" -x dot-notation (shortcut for reverse lookups)\n"
+" -i (use IP6.INT for IPv6 reverse lookups)\n"
" -f filename (batch mode)\n"
" -b address[#port] (bind to source address/port)\n"
" -p port (specify port number)\n"
@@ -156,6 +156,7 @@ help(void) {
" -y [hmac:]name:key (specify named base64 tsig key)\n"
" -4 (use IPv4 query transport only)\n"
" -6 (use IPv6 query transport only)\n"
+" -m (enable memory usage debugging)\n"
" d-opt is of the form +keyword[=value], where keyword is:\n"
" +[no]vc (TCP mode)\n"
" +[no]tcp (TCP mode, alternate syntax)\n"
@@ -383,7 +384,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
- else
+ else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
check_result(result, "dns_master_stylecreate");
@@ -392,7 +393,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
if (style != NULL)
dns_master_styledestroy(&style, mctx);
-
+
return(result);
}
#endif
@@ -429,7 +430,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
else if (nottl || noclass)
result = dns_master_stylecreate(&style, styleflags,
24, 24, 32, 40, 80, 8, mctx);
- else
+ else
result = dns_master_stylecreate(&style, styleflags,
24, 32, 40, 48, 80, 8, mctx);
check_result(result, "dns_master_stylecreate");
@@ -638,7 +639,7 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
strncat(lookup->cmdline, append, remaining);
}
if (first) {
- snprintf(append, sizeof(append),
+ snprintf(append, sizeof(append),
";; global options: %s %s\n",
short_form ? "short_form" : "",
printcmd ? "printcmd" : "");
@@ -716,7 +717,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
FULLCHECK2("aaonly", "aaflag");
lookup->aaonly = state;
break;
- case 'd':
+ case 'd':
switch (cmd[2]) {
case 'd': /* additional */
FULLCHECK("additional");
@@ -801,13 +802,13 @@ plus_option(char *option, isc_boolean_t is_batchfile,
FULLCHECK("defname");
usesearch = state;
break;
- case 'n': /* dnssec */
+ case 'n': /* dnssec */
FULLCHECK("dnssec");
if (state && lookup->edns == -1)
lookup->edns = 0;
lookup->dnssec = state;
break;
- case 'o': /* domain */
+ case 'o': /* domain */
FULLCHECK("domain");
if (value == NULL)
goto need_value;
@@ -881,7 +882,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
goto invalid_option;
}
break;
- case 'q':
+ case 'q':
switch (cmd[1]) {
case 'r': /* qr */
FULLCHECK("qr");
@@ -957,11 +958,11 @@ plus_option(char *option, isc_boolean_t is_batchfile,
break;
#ifdef DIG_SIGCHASE
case 'i': /* sigchase */
- FULLCHECK("sigchase");
+ FULLCHECK("sigchase");
lookup->sigchase = state;
if (lookup->sigchase)
lookup->dnssec = ISC_TRUE;
- break;
+ break;
#endif
case 't': /* stats */
FULLCHECK("stats");
@@ -989,7 +990,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
timeout = 1;
break;
#if DIG_SIGCHASE_TD
- case 'o': /* topdown */
+ case 'o': /* topdown */
FULLCHECK("topdown");
lookup->do_topdown = state;
break;
@@ -1024,7 +1025,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
#ifdef DIG_SIGCHASE
case 'u': /* trusted-key */
FULLCHECK("trusted-key");
- if (value == NULL)
+ if (value == NULL)
goto need_value;
if (!state)
goto invalid_option;
@@ -1158,7 +1159,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
hash = strchr(value, '#');
if (hash != NULL) {
srcport = (in_port_t)
- parse_uint(hash + 1,
+ parse_uint(hash + 1,
"port number", MAXPORT);
*hash = '\0';
} else
@@ -1211,7 +1212,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
(*lookup) = clone_lookup(default_lookup,
ISC_TRUE);
*need_clone = ISC_TRUE;
- strncpy((*lookup)->textname, value,
+ strncpy((*lookup)->textname, value,
sizeof((*lookup)->textname));
(*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
(*lookup)->trace_root = ISC_TF((*lookup)->trace ||
@@ -1250,7 +1251,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
(*lookup)->rdtypeset = ISC_TRUE;
(*lookup)->ixfr_serial =
parse_uint(&value[5], "serial number",
- MAXSERIAL);
+ MAXSERIAL);
(*lookup)->section_question = plusquest;
(*lookup)->comments = pluscomm;
} else {
@@ -1276,7 +1277,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
if (ptr2 == NULL)
usage();
ptr3 = next_token(&value,":"); /* secret or NULL */
- if (ptr3 != NULL) {
+ if (ptr3 != NULL) {
if (strcasecmp(ptr, "hmac-md5") == 0) {
hmacname = DNS_TSIG_HMACMD5_NAME;
digestbits = 0;
@@ -1425,7 +1426,7 @@ getaddresses(dig_lookup_t *lookup, const char *host) {
char tmp[ISC_NETADDR_FORMATSIZE];
result = bind9_getaddresses(host, 0, sockaddrs,
- DIG_MAX_ADDRESSES, &count);
+ DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
host, isc_result_totext(result));
@@ -1487,7 +1488,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
if (homedir != NULL) {
unsigned int n;
n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc",
- homedir);
+ homedir);
if (n < sizeof(rcfile))
batchfp = fopen(rcfile, "r");
}
@@ -1567,7 +1568,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
tr.base = rv[0];
tr.length = strlen(rv[0]);
result = dns_rdatatype_fromtext(&rdtype,
- (isc_textregion_t *)&tr);
+ (isc_textregion_t *)&tr);
if (result == ISC_R_SUCCESS &&
rdtype == dns_rdatatype_ixfr) {
result = DNS_R_UNKNOWN;
@@ -1588,8 +1589,8 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
lookup->rdtypeset = ISC_TRUE;
lookup->ixfr_serial =
parse_uint(&rv[0][5],
- "serial number",
- MAXSERIAL);
+ "serial number",
+ MAXSERIAL);
lookup->section_question =
plusquest;
lookup->comments = pluscomm;
@@ -1624,7 +1625,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
lookup = clone_lookup(default_lookup,
ISC_TRUE);
need_clone = ISC_TRUE;
- strncpy(lookup->textname, rv[0],
+ strncpy(lookup->textname, rv[0],
sizeof(lookup->textname));
lookup->textname[sizeof(lookup->textname)-1]=0;
lookup->trace_root = ISC_TF(lookup->trace ||
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 6a28b8851a07..92be18050cf0 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.docbook,v 1.17.18.21 2007/08/28 07:19:55 tbox Exp $ -->
+<!-- $Id: dig.docbook,v 1.17.18.24 2008/10/14 00:54:40 marka Exp $ -->
<refentry id="man.dig">
<refentryinfo>
@@ -42,6 +42,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -61,6 +62,7 @@
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
+ <arg><option>-m</option></arg>
<arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
<arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@@ -118,8 +120,8 @@
</para>
<para>
- When no command line arguments or options are given, will perform an
- NS query for "." (the root).
+ When no command line arguments or options are given,
+ <command>dig</command> will perform an NS query for "." (the root).
</para>
<para>
@@ -132,8 +134,8 @@
<para>
The IN and CH class names overlap with the IN and CH top level
domains names. Either use the <option>-t</option> and
- <option>-c</option> options to specify the type and class or
- use the <option>-q</option> the specify the domain name or
+ <option>-c</option> options to specify the type and class,
+ use the <option>-q</option> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</para>
@@ -231,6 +233,12 @@
</para>
<para>
+ The <option>-m</option> option enables memory usage debugging.
+ <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
+ documented in include/isc/mem.h -->
+ </para>
+
+ <para>
If a non-standard port number is to be queried, the
<option>-p</option> option is used. <parameter>port#</parameter> is
the port number that <command>dig</command> will send its
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index afdaa4f92e97..a8c459447f12 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dig.html,v 1.13.18.28 2007/05/16 06:11:27 marka Exp $ -->
+<!-- $Id: dig.html,v 1.13.18.30 2008/10/14 01:30:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,12 +29,12 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code> [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [<code class="option">-h</code>]</p></div>
<div class="cmdsynopsis"><p><code class="command">dig</code> [global-queryopt...] [query...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543508"></a><h2>DESCRIPTION</h2>
+<a name="id2543515"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dig</strong></span>
(domain information groper) is a flexible tool
for interrogating DNS name servers. It performs DNS lookups and
@@ -62,8 +62,8 @@
<code class="filename">/etc/resolv.conf</code>.
</p>
<p>
- When no command line arguments or options are given, will perform an
- NS query for "." (the root).
+ When no command line arguments or options are given,
+ <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
</p>
<p>
It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
@@ -74,13 +74,13 @@
<p>
The IN and CH class names overlap with the IN and CH top level
domains names. Either use the <code class="option">-t</code> and
- <code class="option">-c</code> options to specify the type and class or
- use the <code class="option">-q</code> the specify the domain name or
+ <code class="option">-c</code> options to specify the type and class,
+ use the <code class="option">-q</code> the specify the domain name, or
use "IN." and "CH." when looking up these top level domains.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543577"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543589"></a><h2>SIMPLE USAGE</h2>
<p>
A typical invocation of <span><strong class="command">dig</strong></span> looks like:
</p>
@@ -126,7 +126,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543668"></a><h2>OPTIONS</h2>
+<a name="id2543680"></a><h2>OPTIONS</h2>
<p>
The <code class="option">-b</code> option sets the source IP address of the query
to <em class="parameter"><code>address</code></em>. This must be a valid
@@ -152,6 +152,10 @@
<span><strong class="command">dig</strong></span> using the command-line interface.
</p>
<p>
+ The <code class="option">-m</code> option enables memory usage debugging.
+
+ </p>
+<p>
If a non-standard port number is to be queried, the
<code class="option">-p</code> option is used. <em class="parameter"><code>port#</code></em> is
the port number that <span><strong class="command">dig</strong></span> will send its
@@ -226,7 +230,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543939"></a><h2>QUERY OPTIONS</h2>
+<a name="id2544028"></a><h2>QUERY OPTIONS</h2>
<p><span><strong class="command">dig</strong></span>
provides a number of query options which affect
the way in which lookups are made and the results displayed. Some of
@@ -545,7 +549,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545128"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2545149"></a><h2>MULTIPLE QUERIES</h2>
<p>
The BIND 9 implementation of <span><strong class="command">dig </strong></span>
supports
@@ -591,7 +595,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545258"></a><h2>IDN SUPPORT</h2>
+<a name="id2545211"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -605,14 +609,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545281"></a><h2>FILES</h2>
+<a name="id2545234"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
<p><code class="filename">${HOME}/.digrc</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545298"></a><h2>SEE ALSO</h2>
+<a name="id2545251"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -620,7 +624,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545335"></a><h2>BUGS</h2>
+<a name="id2545356"></a><h2>BUGS</h2>
<p>
There are probably too many query options.
</p>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 9e7e79659a69..8736c0cc75c5 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.259.18.43.10.3 2008/07/23 23:16:43 marka Exp $ */
+/* $Id: dighost.c,v 1.259.18.49 2008/07/23 23:33:02 marka Exp $ */
/*! \file
* \note
@@ -277,7 +277,7 @@ dns_name_t chase_name; /* the query name */
/*
* the current name is the parent name when we follow delegation
*/
-dns_name_t chase_current_name;
+dns_name_t chase_current_name;
/*
* the child name is used for delegation (NS DS responses in AUTHORITY section)
*/
@@ -493,6 +493,7 @@ void
fatal(const char *format, ...) {
va_list args;
+ fflush(stdout);
fprintf(stderr, "%s: ", progname);
va_start(args, format);
vfprintf(stderr, format, args);
@@ -510,6 +511,7 @@ debug(const char *format, ...) {
va_list args;
if (debugging) {
+ fflush(stdout);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
@@ -616,13 +618,13 @@ set_nameserver(char *opt) {
return;
result = bind9_getaddresses(opt, 0, sockaddrs,
- DIG_MAX_ADDRESSES, &count);
+ DIG_MAX_ADDRESSES, &count);
if (result != ISC_R_SUCCESS)
fatal("couldn't get address for '%s': %s",
opt, isc_result_totext(result));
flush_server_list();
-
+
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
@@ -891,7 +893,7 @@ setup_text_key(void) {
result = isc_base64_decodestring(keysecret, &secretbuf);
if (result != ISC_R_SUCCESS)
goto failure;
-
+
secretsize = isc_buffer_usedlength(&secretbuf);
result = dns_name_fromtext(&keyname, namebuf,
@@ -1025,7 +1027,7 @@ setup_system(void) {
domain = NULL;
}
}
-
+
if (ndots == -1) {
ndots = lwconf->ndots;
debug("ndots is %d.", ndots);
@@ -1088,7 +1090,7 @@ clear_searchlist(void) {
void
set_search_domain(char *domain) {
dig_searchlist_t *search;
-
+
clear_searchlist();
search = make_searchlist_entry(domain);
ISC_LIST_APPEND(search_list, search, link);
@@ -1409,7 +1411,7 @@ start_lookup(void) {
current_lookup->qrdtype_sigchase
= current_lookup->qrdtype;
current_lookup->qrdtype = dns_rdatatype_ns;
-
+
current_lookup->rdclass_sigchase
= current_lookup->rdclass;
current_lookup->rdclass_sigchaseset
@@ -1490,7 +1492,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
INSIST(!free_now);
debug("following up %s", query->lookup->textname);
-
+
for (result = dns_message_firstname(msg, section);
result == ISC_R_SUCCESS;
result = dns_message_nextname(msg, section)) {
@@ -1545,7 +1547,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
dns_rdataset_current(rdataset, &rdata);
query->lookup->nsfound++;
- (void)dns_rdata_tostruct(&rdata, &ns, NULL);
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
dns_name_format(&ns.name, namestr, sizeof(namestr));
dns_rdata_freestruct(&ns);
@@ -1845,7 +1848,7 @@ setup_lookup(dig_lookup_t *lookup) {
&lookup->name);
dns_message_puttempname(lookup->sendmsg,
&lookup->oname);
- fatal("'%s' is not in legal name syntax (%s)",
+ fatal("Origin '%s' is not in legal name syntax (%s)",
lookup->origin->origin,
isc_result_totext(result));
}
@@ -2089,7 +2092,7 @@ send_done(isc_task_t *_task, isc_event_t *event) {
for (b = ISC_LIST_HEAD(sevent->bufferlist);
b != NULL;
- b = ISC_LIST_HEAD(sevent->bufferlist))
+ b = ISC_LIST_HEAD(sevent->bufferlist))
ISC_LIST_DEQUEUE(sevent->bufferlist, b, link);
query = event->ev_arg;
@@ -2169,7 +2172,7 @@ bringup_timer(dig_query_t *query, unsigned int default_timeout) {
&l->interval, global_task, connect_timeout,
l, &l->timer);
check_result(result, "isc_timer_create");
-}
+}
static void
connect_done(isc_task_t *task, isc_event_t *event);
@@ -2191,7 +2194,7 @@ send_tcp_connect(dig_query_t *query) {
query->waiting_connect = ISC_TRUE;
query->lookup->current_query = query;
get_address(query->servname, port, &query->sockaddr);
-
+
if (specified_source &&
(isc_sockaddr_pf(&query->sockaddr) !=
isc_sockaddr_pf(&bind_address))) {
@@ -2663,7 +2666,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
goto next_rdata;
/* Now we have an SOA. Work with it. */
debug("got an SOA");
- (void)dns_rdata_tostruct(&rdata, &soa, NULL);
+ result = dns_rdata_tostruct(&rdata, &soa, NULL);
+ check_result(result, "dns_rdata_tostruct");
serial = soa.serial;
dns_rdata_freestruct(&soa);
if (!query->first_soa_rcvd) {
@@ -2826,13 +2830,13 @@ recv_done(isc_task_t *task, isc_event_t *event) {
char buf2[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t any;
- if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
+ if (isc_sockaddr_pf(&query->sockaddr) == AF_INET)
isc_sockaddr_any(&any);
else
isc_sockaddr_any6(&any);
/*
- * We don't expect a match when the packet is
+ * We don't expect a match when the packet is
* sent to 0.0.0.0, :: or to a multicast addresses.
* XXXMPA broadcast needs to be handled here as well.
*/
@@ -2850,7 +2854,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
}
- result = dns_message_peekheader(b, &id, &msgflags);
+ result = dns_message_peekheader(b, &id, &msgflags);
if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
match = ISC_FALSE;
if (l->tcp_mode) {
@@ -2955,7 +2959,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
return;
}
if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 &&
- !l->ignore && !l->tcp_mode) {
+ !l->ignore && !l->tcp_mode) {
printf(";; Truncated, retrying in TCP mode.\n");
n = requeue_lookup(l, ISC_TRUE);
n->tcp_mode = ISC_TRUE;
@@ -2967,7 +2971,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
check_next_lookup(l);
UNLOCK_LOOKUP;
return;
- }
+ }
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
(check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
{
@@ -3093,7 +3097,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (l->trace_root) {
/*
- * This is the initial NS query.
+ * This is the initial NS query.
*/
int n;
@@ -3108,7 +3112,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
if (!do_sigchase)
#endif
printmessage(query, msg, ISC_TRUE);
- }
+ }
#ifdef DIG_SIGCHASE
if (do_sigchase) {
chase_msg = isc_mem_allocate(mctx,
@@ -3127,13 +3131,13 @@ recv_done(isc_task_t *task, isc_event_t *event) {
isc_buffer_usedregion(b, &r);
result = isc_buffer_allocate(mctx, &buf, r.length);
-
+
check_result(result, "isc_buffer_allocate");
result = isc_buffer_copyregion(buf, &r);
check_result(result, "isc_buffer_copyregion");
-
+
result = dns_message_parse(msg_temp, buf, 0);
-
+
isc_buffer_free(&buf);
chase_msg->msg = msg_temp;
@@ -3149,9 +3153,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
}
#endif
}
-
+
#ifdef DIG_SIGCHASE
- if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
+ if (l->sigchase && ISC_LIST_EMPTY(lookup_list)) {
sigchase(msg_temp);
}
#endif
@@ -3308,7 +3312,7 @@ cancel_all(void) {
*/
void
destroy_libs(void) {
-#ifdef DIG_SIGCHASE
+#ifdef DIG_SIGCHASE
void * ptr;
dig_message_t *chase_msg;
#endif
@@ -3348,8 +3352,8 @@ destroy_libs(void) {
clear_searchlist();
#ifdef WITH_IDN
- result = dns_name_settotextfilter(NULL);
- check_result(result, "dns_name_settotextfilter");
+ result = dns_name_settotextfilter(NULL);
+ check_result(result, "dns_name_settotextfilter");
#endif
dns_name_destroy();
@@ -3421,7 +3425,7 @@ destroy_libs(void) {
#endif
debug("Destroy memory");
-
+
#endif
if (memdebugging != 0)
isc_mem_stats(mctx, stderr);
@@ -3518,7 +3522,7 @@ append_textname(char *name, const char *origin, size_t namesize) {
(void)strcpy(name + namelen, origin);
return idn_success;
}
-
+
static void
idn_check_result(idn_result_t r, const char *msg) {
if (r != idn_success) {
@@ -3554,14 +3558,14 @@ void
dump_database_section(dns_message_t *msg, int section)
{
dns_name_t *msg_name=NULL;
-
+
dns_rdataset_t *rdataset;
do {
dns_message_currentname(msg, section, &msg_name);
-
+
for (rdataset = ISC_LIST_HEAD(msg_name->list); rdataset != NULL;
- rdataset = ISC_LIST_NEXT(rdataset, link)) {
+ rdataset = ISC_LIST_NEXT(rdataset, link)) {
dns_name_print(msg_name, stdout);
printf("\n");
print_rdataset(msg_name, rdataset, mctx);
@@ -3578,15 +3582,15 @@ dump_database(void) {
for (msg = ISC_LIST_HEAD(chase_message_list); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ANSWER);
-
+
if (dns_message_firstname(msg->msg, DNS_SECTION_AUTHORITY)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_AUTHORITY);
-
+
if (dns_message_firstname(msg->msg, DNS_SECTION_ADDITIONAL)
- == ISC_R_SUCCESS)
+ == ISC_R_SUCCESS)
dump_database_section(msg->msg, DNS_SECTION_ADDITIONAL);
}
}
@@ -3616,7 +3620,7 @@ search_type(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers) {
if ((siginfo.covered == covers) ||
(covers == dns_rdatatype_any)) {
dns_rdata_reset(&sigrdata);
- dns_rdata_freestruct(&siginfo);
+ dns_rdata_freestruct(&siginfo);
return (rdataset);
}
dns_rdata_reset(&sigrdata);
@@ -3654,7 +3658,7 @@ chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers)
{
dns_rdataset_t *rdataset = NULL;
dig_message_t * msg;
-
+
for (msg = ISC_LIST_HEAD(chase_message_list2); msg != NULL;
msg = ISC_LIST_NEXT(msg, link)) {
if (dns_message_firstname(msg->msg, DNS_SECTION_ANSWER)
@@ -3747,7 +3751,7 @@ insert_trustedkey(dst_key_t * key)
return;
tk_list.key[tk_list.nb_tk++] = key;
- return;
+ return;
}
void
@@ -3770,7 +3774,7 @@ char alphnum[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
isc_result_t
-removetmpkey(isc_mem_t *mctx, const char *file)
+removetmpkey(isc_mem_t *mctx, const char *file)
{
char *tempnamekey = NULL;
int tempnamekeylen;
@@ -3783,7 +3787,7 @@ removetmpkey(isc_mem_t *mctx, const char *file)
return (ISC_R_NOMEMORY);
memset(tempnamekey, 0, tempnamekeylen);
-
+
strcat(tempnamekey, file);
strcat(tempnamekey,".key");
isc_file_remove(tempnamekey);
@@ -3823,24 +3827,24 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
isc_mem_free(mctx, tempname);
return (ISC_R_FAILURE);
}
-
+
x = cp--;
while (cp >= tempname && *cp == 'X') {
isc_random_get(&which);
*cp = alphnum[which % (sizeof(alphnum) - 1)];
x = cp--;
}
-
+
tempnamekeylen = tempnamelen+5;
tempnamekey = isc_mem_allocate(mctx, tempnamekeylen);
if (tempnamekey == NULL)
return (ISC_R_NOMEMORY);
-
+
memset(tempnamekey, 0, tempnamekeylen);
strncpy(tempnamekey, tempname, tempnamelen);
strcat(tempnamekey ,".key");
-
+
if (isc_file_exists(tempnamekey)) {
isc_mem_free(mctx, tempnamekey);
isc_mem_free(mctx, tempname);
@@ -3861,7 +3865,7 @@ opentmpkey(isc_mem_t *mctx, const char *file, char **tempp, FILE **fp) {
cleanup:
isc_mem_free(mctx, tempname);
-
+
return (result);
}
@@ -3875,7 +3879,7 @@ get_trusted_key(isc_mem_t *mctx)
char buf[1500];
FILE *fp, *fptemp;
dst_key_t *key = NULL;
-
+
result = isc_file_exists(trustedkey);
if (result != ISC_TRUE) {
result = isc_file_exists("/etc/trusted-key.key");
@@ -3953,11 +3957,11 @@ nameFromString(const char *str, dns_name_t *p_ret) {
result = dns_name_dup(dns_fixedname_name(&fixedname), mctx, p_ret);
check_result(result, "nameFromString");
-}
+}
#if DIG_SIGCHASE_TD
-isc_result_t
+isc_result_t
prepare_lookup(dns_name_t *name)
{
isc_result_t result;
@@ -3975,7 +3979,7 @@ prepare_lookup(dns_name_t *name)
lookup->rdtype = lookup->rdtype_sigchase;
lookup->rdtypeset = ISC_TRUE;
lookup->qrdtype = lookup->qrdtype_sigchase;
-
+
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p",
@@ -4008,12 +4012,11 @@ prepare_lookup(dns_name_t *name)
dns_rdataset_current(chase_nsrdataset, &rdata);
- (void)dns_rdata_tostruct(&rdata, &ns, NULL);
-
-
-
+ result = dns_rdata_tostruct(&rdata, &ns, NULL);
+ check_result(result, "dns_rdata_tostruct");
+
#ifdef __FOLLOW_GLUE__
-
+
result = advanced_rrsearch(&rdataset, &ns.name,
dns_rdatatype_aaaa,
dns_rdatatype_any, &true);
@@ -4037,12 +4040,12 @@ prepare_lookup(dns_name_t *name)
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
-
+
rdataset = NULL;
result = advanced_rrsearch(&rdataset, &ns.name, dns_rdatatype_a,
dns_rdatatype_any, &true);
@@ -4064,28 +4067,28 @@ prepare_lookup(dns_name_t *name)
isc_buffer_free(&b);
dns_rdata_reset(&a);
printf("ns name: %s\n", namestr);
-
+
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list,
srv, link);
}
}
#else
-
+
dns_name_format(&ns.name, namestr, sizeof(namestr));
printf("ns name: ");
dns_name_print(&ns.name, stdout);
printf("\n");
srv = make_server(namestr, namestr);
-
+
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
-#endif
+#endif
dns_rdata_freestruct(&ns);
dns_rdata_reset(&rdata);
-
+
}
ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -4139,10 +4142,10 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
do {
dns_rdataset_current(sigrdataset, &sigrdata);
-
+
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
-
+
if (dns_name_compare(&siginfo.signer, zone_name) == 0) {
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
@@ -4150,7 +4153,7 @@ grandfather_pb_test(dns_name_t *zone_name, dns_rdataset_t *sigrdataset)
}
dns_rdata_freestruct(&siginfo);
-
+
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
@@ -4180,7 +4183,7 @@ initialization(dns_name_t *name)
return (ISC_R_SUCCESS);
}
-#endif
+#endif
void
print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
@@ -4204,10 +4207,10 @@ print_rdataset(dns_name_t *name, dns_rdataset_t *rdataset, isc_mem_t *mctx)
}
-void
+void
dup_name(dns_name_t *source, dns_name_t *target, isc_mem_t *mctx) {
- isc_result_t result;
-
+ isc_result_t result;
+
if (dns_name_dynamic(target))
free_name(target, mctx);
result = dns_name_dup(source, mctx, target);
@@ -4226,7 +4229,7 @@ free_name(dns_name_t *name, isc_mem_t *mctx) {
* return ISC_R_SUCCESS if the DNSKEY RRset contains a trusted_key
* and the RRset is valid
* return ISC_R_NOTFOUND if not contains trusted key
- or if the RRset isn't valid
+ or if the RRset isn't valid
* return ISC_R_FAILURE if problem
*
*/
@@ -4251,17 +4254,17 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(rdataset, &rdata);
INSIST(rdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &rdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
-
+
for (i = 0; i < tk_list.nb_tk; i++) {
if (dst_key_compare(tk_list.key[i], dnsseckey)
== ISC_TRUE) {
dns_rdata_reset(&rdata);
-
+
printf(";; Ok, find a Trusted Key in the "
"DNSKEY RRset: %d\n",
dst_key_id(dnsseckey));
@@ -4276,7 +4279,7 @@ contains_trusted_key(dns_name_t *name, dns_rdataset_t *rdataset,
}
}
}
-
+
dns_rdata_reset(&rdata);
if (dnsseckey != NULL)
dst_key_free(&dnsseckey);
@@ -4306,7 +4309,7 @@ sigchase_verify_sig(dns_name_t *name, dns_rdataset_t *rdataset,
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4338,22 +4341,22 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
result = dns_rdataset_first(sigrdataset);
check_result(result, "empty RRSIG dataset");
dns_rdata_init(&sigrdata);
-
+
do {
dns_rdataset_current(sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &siginfo, NULL);
check_result(result, "sigrdata tostruct siginfo");
-
+
/*
* Test if the id of the DNSKEY is
* the id of the DNSKEY signer's
*/
if (siginfo.keyid == dst_key_id(dnsseckey)) {
-
+
result = dns_rdataset_first(rdataset);
check_result(result, "empty DS dataset");
-
+
result = dns_dnssec_verify(name, rdataset, dnsseckey,
ISC_FALSE, mctx, &sigrdata);
@@ -4370,7 +4373,7 @@ sigchase_verify_sig_key(dns_name_t *name, dns_rdataset_t *rdataset,
}
}
dns_rdata_freestruct(&siginfo);
-
+
} while (dns_rdataset_next(chase_sigkeyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&sigrdata);
@@ -4396,18 +4399,18 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_init(&dsrdata);
do {
dns_rdataset_current(dsrdataset, &dsrdata);
-
+
result = dns_rdata_tostruct(&dsrdata, &dsinfo, NULL);
check_result(result, "dns_rdata_tostruct for DS");
-
+
result = dns_rdataset_first(keyrdataset);
check_result(result, "empty KEY dataset");
- dns_rdata_init(&keyrdata);
+ dns_rdata_init(&keyrdata);
do {
dns_rdataset_current(keyrdataset, &keyrdata);
INSIST(keyrdata.type == dns_rdatatype_dnskey);
-
+
result = dns_dnssec_keyfromrdata(name, &keyrdata,
mctx, &dnsseckey);
check_result(result, "dns_dnssec_keyfromrdata");
@@ -4422,20 +4425,20 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
result = dns_ds_buildrdata(name, &keyrdata,
dsinfo.digest_type,
dsbuf, &newdsrdata);
- dns_rdata_freestruct(&dsinfo);
+ dns_rdata_freestruct(&dsinfo);
if (result != ISC_R_SUCCESS) {
dns_rdata_reset(&keyrdata);
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
- dns_rdata_freestruct(&dsinfo);
+ dns_rdata_freestruct(&dsinfo);
printf("Oops: impossible to build"
" new DS rdata\n");
return (result);
}
-
-
+
+
if (dns_rdata_compare(&dsrdata,
&newdsrdata) == 0) {
printf(";; OK a DS valids a DNSKEY"
@@ -4443,7 +4446,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
printf(";; Now verify that this"
" DNSKEY validates the "
"DNSKEY RRset\n");
-
+
result = sigchase_verify_sig_key(name,
keyrdataset,
dnsseckey,
@@ -4454,7 +4457,7 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dns_rdata_reset(&newdsrdata);
dns_rdata_reset(&dsrdata);
dst_key_free(&dnsseckey);
-
+
return (result);
}
} else {
@@ -4468,12 +4471,12 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
dnsseckey = NULL;
} while (dns_rdataset_next(chase_keyrdataset) == ISC_R_SUCCESS);
dns_rdata_reset(&keyrdata);
-
+
} while (dns_rdataset_next(chase_dsrdataset) == ISC_R_SUCCESS);
#if 0
dns_rdata_reset(&dsrdata); WARNING
#endif
-
+
return (ISC_R_NOTFOUND);
}
@@ -4486,13 +4489,13 @@ sigchase_verify_ds(dns_name_t *name, dns_rdataset_t *keyrdataset,
* ISC_R_SUCCESS: if we found the rrset
* ISC_R_NOTFOUND: we do not found the rrset in cache
* and we do a query on the net
- * ISC_R_FAILURE: rrset not found
+ * ISC_R_FAILURE: rrset not found
*/
isc_result_t
advanced_rrsearch(dns_rdataset_t **rdataset, dns_name_t *name,
dns_rdatatype_t type, dns_rdatatype_t covers,
isc_boolean_t *lookedup)
-{
+{
isc_boolean_t tmplookedup;
INSIST(rdataset != NULL);
@@ -4567,7 +4570,7 @@ sigchase_td(dns_message_t *msg)
}
}
-
+
if (have_answer) {
chase_rdataset
= chase_scanname_section(msg, &chase_name,
@@ -4627,7 +4630,7 @@ sigchase_td(dns_message_t *msg)
chase_dsrdataset,
mctx);
}
-
+
if (result != ISC_R_SUCCESS) {
printf("\n;; chain of trust can't be validated:"
" FAILED\n\n");
@@ -4679,7 +4682,7 @@ sigchase_td(dns_message_t *msg)
chase_sigrdataset = NULL;
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
-
+
dns_name_init(&tmp_name, NULL);
result = child_of_zone(&chase_name, &chase_current_name,
&tmp_name);
@@ -4758,10 +4761,10 @@ sigchase_td(dns_message_t *msg)
}
chase_keyrdataset = NULL;
chase_sigkeyrdataset = NULL;
-
-
+
+
prepare_lookup(&chase_authority_name);
-
+
have_response = ISC_FALSE;
have_delegation_ns = ISC_FALSE;
delegation_follow = ISC_TRUE;
@@ -4855,7 +4858,7 @@ sigchase_td(dns_message_t *msg)
}
}
-#endif
+#endif
#if DIG_SIGCHASE_BU
@@ -4872,7 +4875,7 @@ getneededrr(dns_message_t *msg)
if ((result = dns_message_firstname(msg, DNS_SECTION_ANSWER))
!= ISC_R_SUCCESS) {
printf(";; NO ANSWERS: %s\n", isc_result_totext(result));
-
+
if (chase_name.ndata == NULL)
return (ISC_R_ADDRNOTAVAIL);
} else {
@@ -4915,7 +4918,7 @@ getneededrr(dns_message_t *msg)
}
INSIST(chase_sigrdataset != NULL);
-
+
/* first find the DNSKEY name */
result = dns_rdataset_first(chase_sigrdataset);
check_result(result, "empty RRSIG dataset");
@@ -4926,7 +4929,7 @@ getneededrr(dns_message_t *msg)
dup_name(&siginfo.signer, &chase_signame, mctx);
dns_rdata_freestruct(&siginfo);
dns_rdata_reset(&sigrdata);
-
+
/* Do we have a key? */
if (chase_keyrdataset == NULL) {
result = advanced_rrsearch(&chase_keyrdataset,
@@ -4995,7 +4998,7 @@ getneededrr(dns_message_t *msg)
print_rdataset(&chase_signame, chase_dsrdataset, mctx);
}
}
-
+
if (chase_dsrdataset != NULL) {
/*
* if there is no RRSIG of DS,
@@ -5054,7 +5057,7 @@ sigchase_bu(dns_message_t *msg)
dns_name_init(&query_name, NULL);
dns_name_init(&rdata_name, NULL);
nameFromString(current_lookup->textname, &query_name);
-
+
result = prove_nx(msg, &query_name, current_lookup->rdclass,
current_lookup->rdtype, &rdata_name,
&rdataset, &sigrdataset);
@@ -5076,7 +5079,7 @@ sigchase_bu(dns_message_t *msg)
}
printf(";; An NSEC prove the non-existence of a answers,"
" Now we want validate this NSEC\n");
-
+
dup_name(&rdata_name, &chase_name, mctx);
free_name(&rdata_name, mctx);
chase_rdataset = rdataset;
@@ -5157,7 +5160,7 @@ sigchase_bu(dns_message_t *msg)
chase_sigdsrdataset = NULL;
chase_siglookedup = chase_keylookedup = ISC_FALSE;
chase_dslookedup = chase_sigdslookedup = ISC_FALSE;
-
+
printf(";; Now, we want to validate the DS : recursive call\n");
sigchase(msg);
return;
@@ -5250,7 +5253,7 @@ prove_nx_domain(dns_message_t *msg,
" validate the non-existence : FAILED\n");
return (ISC_R_FAILURE);
}
-
+
do {
nsecname = NULL;
dns_message_currentname(msg, DNS_SECTION_AUTHORITY, &nsecname);
@@ -5328,7 +5331,7 @@ prove_nx_type(dns_message_t *msg, dns_name_t *name, dns_rdataset_t *nsecset,
ret = dns_rdataset_first(nsecset);
check_result(ret,"dns_rdataset_first");
-
+
dns_rdataset_current(nsecset, &nsec);
ret = dns_nsec_typepresent(&nsec, type);
@@ -5396,6 +5399,6 @@ prove_nx(dns_message_t *msg, dns_name_t *name, dns_rdataclass_t class,
rdataset, sigrdataset);
return (ret);
}
- /* Never get here */
+ /* Never get here */
}
#endif
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index ee537bd47fa2..9993c0eac8da 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2002 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: host.1,v 1.14.18.14 2007/05/09 03:33:12 marka Exp $
+.\" $Id: host.1,v 1.14.18.16 2008/04/06 01:31:04 tbox Exp $
.\"
.hy 0
.ad l
@@ -154,7 +154,7 @@ option is used to select the query type.
\fItype\fR
can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
\fBhost\fR
-automatically selects an appropriate query type. By default it looks for A records, but if the
+automatically selects an appropriate query type. By default it looks for A, AAAA, and MX records, but if the
\fB\-C\fR
option was given, queries will be made for SOA records, and if
\fIname\fR
@@ -213,7 +213,7 @@ runs.
\fBdig\fR(1),
\fBnamed\fR(8).
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2002 Internet Software Consortium.
.br
diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
index 8ab767902a5c..2c0ad3d7962f 100644
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.docbook,v 1.5.18.11 2007/08/28 07:19:55 tbox Exp $ -->
+<!-- $Id: host.docbook,v 1.5.18.13 2008/04/05 23:46:04 tbox Exp $ -->
<refentry id="man.host">
<refentryinfo>
@@ -41,6 +41,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -199,7 +200,7 @@
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<command>host</command> automatically selects an appropriate
query
- type. By default it looks for A records, but if the
+ type. By default it looks for A, AAAA, and MX records, but if the
<option>-C</option> option was given, queries will be made for SOA
records, and if <parameter>name</parameter> is a
dotted-decimal IPv4
diff --git a/bin/dig/host.html b/bin/dig/host.html
index adc9883a66fc..88cd830f033b 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2002 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: host.html,v 1.7.18.20 2007/05/09 03:33:12 marka Exp $ -->
+<!-- $Id: host.html,v 1.7.18.22 2008/04/06 01:31:04 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">host</code> [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543428"></a><h2>DESCRIPTION</h2>
+<a name="id2543431"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">host</strong></span>
is a simple utility for performing DNS lookups.
It is normally used to convert names to IP addresses and vice versa.
@@ -148,7 +148,7 @@
NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
<span><strong class="command">host</strong></span> automatically selects an appropriate
query
- type. By default it looks for A records, but if the
+ type. By default it looks for A, AAAA, and MX records, but if the
<code class="option">-C</code> option was given, queries will be made for SOA
records, and if <em class="parameter"><code>name</code></em> is a
dotted-decimal IPv4
@@ -184,7 +184,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543725"></a><h2>IDN SUPPORT</h2>
+<a name="id2543797"></a><h2>IDN SUPPORT</h2>
<p>
If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
@@ -198,12 +198,12 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543748"></a><h2>FILES</h2>
+<a name="id2543819"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543828"></a><h2>SEE ALSO</h2>
+<a name="id2543831"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
</p>
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index 542190b9b665..e667ba9b08e6 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-keygen.8,v 1.23.18.14 2007/05/09 03:33:12 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.23.18.16 2008/10/16 01:29:40 tbox Exp $
.\"
.hy 0
.ad l
@@ -187,14 +187,14 @@ and
.PP
\fBdnssec\-signzone\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 2535,
+RFC 2539,
RFC 2845,
-RFC 2539.
+RFC 4033.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
index 8e81cb4f6ee6..ec7b69be2f42 100644
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.docbook,v 1.7.18.11 2007/08/28 07:20:00 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.13 2008/10/15 23:46:06 tbox Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
@@ -40,6 +40,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -340,9 +341,9 @@
<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
- <citetitle>RFC 2535</citetitle>,
+ <citetitle>RFC 2539</citetitle>,
<citetitle>RFC 2845</citetitle>,
- <citetitle>RFC 2539</citetitle>.
+ <citetitle>RFC 4033</citetitle>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 7ad747f2b031..e0b0bfe059aa 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.9.18.20 2007/05/09 03:33:12 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.9.18.22 2008/10/16 01:29:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543474"></a><h2>DESCRIPTION</h2>
+<a name="id2543477"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-keygen</strong></span>
generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
and RFC 4034. It can also generate keys for use with
@@ -40,7 +40,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543485"></a><h2>OPTIONS</h2>
+<a name="id2543489"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
<dd>
@@ -148,7 +148,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543820"></a><h2>GENERATED KEYS</h2>
+<a name="id2543824"></a><h2>GENERATED KEYS</h2>
<p>
When <span><strong class="command">dnssec-keygen</strong></span> completes
successfully,
@@ -194,7 +194,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543902"></a><h2>EXAMPLE</h2>
+<a name="id2543906"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -215,16 +215,16 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543946"></a><h2>SEE ALSO</h2>
+<a name="id2543949"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 2535</em>,
+ <em class="citetitle">RFC 2539</em>,
<em class="citetitle">RFC 2845</em>,
- <em class="citetitle">RFC 2539</em>.
+ <em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544045"></a><h2>AUTHOR</h2>
+<a name="id2544049"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index d150c3fc15fe..680960ae8928 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: dnssec-signzone.8,v 1.28.18.17 2007/05/09 03:33:12 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.28.18.19 2008/10/16 01:29:40 tbox Exp $
.\"
.hy 0
.ad l
@@ -261,12 +261,12 @@ db.example.com.signed
.PP
\fBdnssec\-keygen\fR(8),
BIND 9 Administrator Reference Manual,
-RFC 2535.
+RFC 4033.
.SH "AUTHOR"
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 46cd4a74dfe2..9b4916910440 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -1,5 +1,5 @@
/*
- * Portions Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 1999-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dnssec-signzone.c,v 1.177.18.24 2007/08/28 07:20:00 tbox Exp $ */
+/* $Id: dnssec-signzone.c,v 1.177.18.26 2008/06/02 23:46:01 tbox Exp $ */
/*! \file */
@@ -128,7 +128,6 @@ static dns_name_t *gorigin; /* The database origin */
static isc_task_t *master = NULL;
static unsigned int ntasks = 0;
static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
-static unsigned int assigned = 0, completed = 0;
static isc_boolean_t nokeys = ISC_FALSE;
static isc_boolean_t removefile = ISC_FALSE;
static isc_boolean_t generateds = ISC_FALSE;
@@ -969,7 +968,7 @@ active_node(dns_dbnode_t *node) {
fatal("rdataset iteration failed: %s",
isc_result_totext(result));
} else {
- /*
+ /*
* Delete RRSIGs for types that no longer exist.
*/
result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
@@ -1194,7 +1193,7 @@ signapex(void) {
dns_fixedname_t fixed;
dns_name_t *name;
isc_result_t result;
-
+
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_dbiterator_current(gdbiter, &node, name);
@@ -1224,16 +1223,19 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
dns_rdataset_t nsec;
isc_boolean_t found;
isc_result_t result;
+ static unsigned int ended = 0; /* Protected by namelock. */
if (shuttingdown)
return;
+ LOCK(&namelock);
if (finished) {
- if (assigned == completed) {
+ ended++;
+ if (ended == ntasks) {
isc_task_detach(&task);
isc_app_shutdown();
}
- return;
+ goto unlock;
}
fname = isc_mem_get(mctx, sizeof(dns_fixedname_t));
@@ -1243,7 +1245,6 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
name = dns_fixedname_name(fname);
node = NULL;
found = ISC_FALSE;
- LOCK(&namelock);
while (!found) {
result = dns_dbiterator_current(gdbiter, &node, name);
if (result != ISC_R_SUCCESS)
@@ -1270,14 +1271,14 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
fatal("failure iterating database: %s",
isc_result_totext(result));
}
- UNLOCK(&namelock);
if (!found) {
- if (assigned == completed) {
+ ended++;
+ if (ended == ntasks) {
isc_task_detach(&task);
isc_app_shutdown();
}
isc_mem_put(mctx, fname, sizeof(dns_fixedname_t));
- return;
+ goto unlock;
}
sevent = (sevent_t *)
isc_event_allocate(mctx, task, SIGNER_EVENT_WORK,
@@ -1288,7 +1289,8 @@ assignwork(isc_task_t *task, isc_task_t *worker) {
sevent->node = node;
sevent->fname = fname;
isc_task_send(worker, ISC_EVENT_PTR(&sevent));
- assigned++;
+ unlock:
+ UNLOCK(&namelock);
}
/*%
@@ -1311,7 +1313,6 @@ writenode(isc_task_t *task, isc_event_t *event) {
isc_task_t *worker;
sevent_t *sevent = (sevent_t *)event;
- completed++;
worker = (isc_task_t *)event->ev_sender;
dumpnode(dns_fixedname_name(sevent->fname), sevent->node);
cleannode(gdb, gversion, sevent->node);
@@ -1605,7 +1606,7 @@ writeset(const char *prefix, dns_rdatatype_t type) {
unsigned char dsbuf[DNS_DS_BUFFERSIZE];
unsigned char keybuf[DST_KEY_MAXSIZE];
unsigned int filenamelen;
- const dns_master_style_t *style =
+ const dns_master_style_t *style =
(type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
isc_buffer_init(&namebuf, namestr, sizeof(namestr));
@@ -1818,13 +1819,13 @@ print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
printf("Signatures successfully verified: %10d\n", nverified);
printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
runtime_ms = runtime_us / 1000;
- printf("Runtime in seconds: %7u.%03u\n",
- (unsigned int) (runtime_ms / 1000),
+ printf("Runtime in seconds: %7u.%03u\n",
+ (unsigned int) (runtime_ms / 1000),
(unsigned int) (runtime_ms % 1000));
if (runtime_us > 0) {
sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
printf("Signatures per second: %7u.%03u\n",
- (unsigned int) sig_ms / 1000,
+ (unsigned int) sig_ms / 1000,
(unsigned int) sig_ms % 1000);
}
}
@@ -1914,7 +1915,7 @@ main(int argc, char *argv[]) {
fatal("jitter must be numeric and positive");
break;
- case 'l':
+ case 'l':
dns_fixedname_init(&dlv_fixed);
len = strlen(isc_commandline_argument);
isc_buffer_init(&b, isc_commandline_argument, len);
@@ -2080,7 +2081,7 @@ main(int argc, char *argv[]) {
result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
0, 24, 0, 0, 0, 8, mctx);
check_result(result, "dns_master_stylecreate");
-
+
gdb = NULL;
TIME_NOW(&timer_start);
@@ -2102,8 +2103,8 @@ main(int argc, char *argv[]) {
DST_TYPE_PRIVATE,
mctx, &newkey);
if (result != ISC_R_SUCCESS)
- fatal("cannot load dnskey %s: %s", argv[i],
- isc_result_totext(result));
+ fatal("cannot load dnskey %s: %s", argv[i],
+ isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@@ -2111,7 +2112,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
+ dst_key_name(newkey)))
{
if (!dst_key_isprivate(dkey))
fatal("cannot sign zone with "
@@ -2140,7 +2141,7 @@ main(int argc, char *argv[]) {
mctx, &newkey);
if (result != ISC_R_SUCCESS)
fatal("cannot load dnskey %s: %s", dskeyfile[i],
- isc_result_totext(result));
+ isc_result_totext(result));
key = ISC_LIST_HEAD(keylist);
while (key != NULL) {
@@ -2148,7 +2149,7 @@ main(int argc, char *argv[]) {
if (dst_key_id(dkey) == dst_key_id(newkey) &&
dst_key_alg(dkey) == dst_key_alg(newkey) &&
dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
+ dst_key_name(newkey)))
{
/* Override key flags. */
key->issigningkey = ISC_TRUE;
diff --git a/bin/dnssec/dnssec-signzone.docbook b/bin/dnssec/dnssec-signzone.docbook
index 8d928318ac27..67eacc143272 100644
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.docbook,v 1.10.18.17 2007/08/28 07:20:00 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.10.18.19 2008/10/15 23:46:06 tbox Exp $ -->
<refentry id="man.dnssec-signzone">
<refentryinfo>
<date>June 30, 2000</date>
@@ -41,6 +41,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -459,7 +460,7 @@ db.example.com.signed
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
- <citetitle>RFC 2535</citetitle>.
+ <citetitle>RFC 4033</citetitle>.
</para>
</refsect1>
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index e794d4c66a37..18d851d1fcd3 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-signzone.html,v 1.8.18.23 2007/05/09 03:33:12 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.8.18.25 2008/10/16 01:29:40 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543526"></a><h2>DESCRIPTION</h2>
+<a name="id2543529"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">dnssec-signzone</strong></span>
signs a zone. It generates
NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543541"></a><h2>OPTIONS</h2>
+<a name="id2543544"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-a</span></dt>
<dd><p>
@@ -241,7 +241,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544327"></a><h2>EXAMPLE</h2>
+<a name="id2544330"></a><h2>EXAMPLE</h2>
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -270,14 +270,14 @@ db.example.com.signed
%</pre>
</div>
<div class="refsect1" lang="en">
-<a name="id2544378"></a><h2>SEE ALSO</h2>
+<a name="id2544381"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
<em class="citetitle">BIND 9 Administrator Reference Manual</em>,
- <em class="citetitle">RFC 2535</em>.
+ <em class="citetitle">RFC 4033</em>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544403"></a><h2>AUTHOR</h2>
+<a name="id2544406"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/named/client.c b/bin/named/client.c
index 3b87d2648c0e..03cfdb6a714e 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.219.18.28.10.2 2008/07/23 07:28:54 tbox Exp $ */
+/* $Id: client.c,v 1.219.18.31 2008/05/22 23:46:03 tbox Exp $ */
#include <config.h>
@@ -132,7 +132,7 @@ struct ns_clientmgr {
#define MANAGER_MAGIC ISC_MAGIC('N', 'S', 'C', 'm')
#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, MANAGER_MAGIC)
-/*!
+/*!
* Client object states. Ordering is significant: higher-numbered
* states are generally "more active", meaning that the client can
* have more dynamically allocated data, outstanding events, etc.
@@ -286,7 +286,7 @@ exit_check(ns_client_t *client) {
*
* Keep the view attached until any outstanding updates complete.
*/
- if (client->nupdates == 0 &&
+ if (client->nupdates == 0 &&
client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
dns_view_detach(&client->view);
@@ -817,7 +817,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
if (ns_g_server->blackholeacl != NULL &&
dns_acl_match(&netaddr, NULL,
- ns_g_server->blackholeacl,
+ ns_g_server->blackholeacl,
&ns_g_server->aclenv,
&match, NULL) == ISC_R_SUCCESS &&
match > 0)
@@ -834,7 +834,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
isc_buffer_usedregion(buffer, &r);
CTRACE("sendto");
-
+
result = isc_socket_sendto2(socket, &r, client->task,
address, pktinfo,
client->sendevent, sockflags);
@@ -1108,8 +1108,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
/*
* FORMERR loop avoidance: If we sent a FORMERR message
* with the same ID to the same client less than two
- * seconds ago, assume that we are in an infinite error
- * packet dialog with a server for some protocol whose
+ * seconds ago, assume that we are in an infinite error
+ * packet dialog with a server for some protocol whose
* error responses look enough like DNS queries to
* elicit a FORMERR response. Drop a packet to break
* the loop.
@@ -1534,7 +1534,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
* For IPv6 UDP queries, we get this from the pktinfo structure (if
* supported).
* If all the attempts fail (this can happen due to memory shortage,
- * etc), we regard this as an error for safety.
+ * etc), we regard this as an error for safety.
*/
if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
@@ -1595,7 +1595,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
view);
if (sigresult == ISC_R_SUCCESS)
tsig = client->message->tsigname;
-
+
if (allowed(&netaddr, tsig, view->matchclients) &&
allowed(&destaddr, tsig, view->matchdestinations) &&
!((client->message->flags & DNS_MESSAGEFLAG_RD)
@@ -1726,7 +1726,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
ISC_LOG_DEBUG(3), ra ? "recursion available" :
- "recursion not available");
+ "recursion not available");
/*
* Adjust maximum UDP response size for this client.
@@ -1820,10 +1820,10 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
return (result);
manager->mctxpool[manager->nextmctx] = clientmctx;
- manager->nextmctx++;
- if (manager->nextmctx == NMCTXS)
- manager->nextmctx = 0;
}
+ manager->nextmctx++;
+ if (manager->nextmctx == NMCTXS)
+ manager->nextmctx = 0;
#else
clientmctx = manager->mctx;
#endif
@@ -2093,7 +2093,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
if (ns_g_server->blackholeacl != NULL &&
dns_acl_match(&netaddr, NULL,
- ns_g_server->blackholeacl,
+ ns_g_server->blackholeacl,
&ns_g_server->aclenv,
&match, NULL) == ISC_R_SUCCESS &&
match > 0)
@@ -2482,7 +2482,7 @@ ns_client_checkacl(ns_client_t *client,
isc_result_t result =
ns_client_checkaclsilent(client, acl, default_allow);
- if (result == ISC_R_SUCCESS)
+ if (result == ISC_R_SUCCESS)
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
"%s approved", opname);
@@ -2538,16 +2538,16 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
void
ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
- dns_rdataclass_t rdclass, char *buf, size_t len)
+ dns_rdataclass_t rdclass, char *buf, size_t len)
{
- char namebuf[DNS_NAME_FORMATSIZE];
- char typebuf[DNS_RDATATYPE_FORMATSIZE];
- char classbuf[DNS_RDATACLASS_FORMATSIZE];
-
- dns_name_format(name, namebuf, sizeof(namebuf));
- dns_rdatatype_format(type, typebuf, sizeof(typebuf));
- dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
- (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
+ char namebuf[DNS_NAME_FORMATSIZE];
+ char typebuf[DNS_RDATATYPE_FORMATSIZE];
+ char classbuf[DNS_RDATACLASS_FORMATSIZE];
+
+ dns_name_format(name, namebuf, sizeof(namebuf));
+ dns_rdatatype_format(type, typebuf, sizeof(typebuf));
+ dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
+ (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
classbuf);
}
@@ -2575,7 +2575,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) {
isc_mem_put(client->mctx, buf, len);
len += 1024;
} else if (result == ISC_R_SUCCESS)
- ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
+ ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
"%s\n%.*s", reason,
(int)isc_buffer_usedlength(&buffer),
@@ -2595,7 +2595,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
const char *sep;
REQUIRE(VALID_MANAGER(manager));
-
+
LOCK(&manager->lock);
client = ISC_LIST_HEAD(manager->recursing);
while (client != NULL) {
diff --git a/bin/named/config.c b/bin/named/config.c
index 632960c15c37..233d9e097f26 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: config.c,v 1.47.18.32.10.3 2008/07/23 23:48:17 tbox Exp $ */
+/* $Id: config.c,v 1.47.18.35 2008/09/04 08:03:07 marka Exp $ */
/*! \file */
@@ -403,7 +403,7 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
static isc_result_t
get_masters_def(const cfg_obj_t *cctx, const char *name,
- const cfg_obj_t **ret)
+ const cfg_obj_t **ret)
{
isc_result_t result;
const cfg_obj_t *masters = NULL;
@@ -521,7 +521,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
tresult = get_masters_def(config, listname, &list);
if (tresult == ISC_R_NOTFOUND) {
cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
- "masters \"%s\" not found", listname);
+ "masters \"%s\" not found", listname);
result = tresult;
goto cleanup;
@@ -599,7 +599,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
if (keys[i] == NULL)
goto cleanup;
dns_name_init(keys[i], NULL);
-
+
keystr = cfg_obj_asstring(key);
isc_buffer_init(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
@@ -655,7 +655,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
-
+
INSIST(keycount == addrcount);
*addrsp = addrs;
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index f0703cb06505..e8e36f3e5e52 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: controlconf.c,v 1.40.18.10.40.3 2008/07/23 23:16:43 marka Exp $ */
+/* $Id: controlconf.c,v 1.40.18.14 2008/07/23 23:33:02 marka Exp $ */
/*! \file */
@@ -345,9 +345,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
listener = conn->listener;
secret.rstart = NULL;
- /* Is the server shutting down? */
- if (listener->controls->shuttingdown)
- goto cleanup;
+ /* Is the server shutting down? */
+ if (listener->controls->shuttingdown)
+ goto cleanup;
if (conn->ccmsg.result != ISC_R_SUCCESS) {
if (conn->ccmsg.result != ISC_R_CANCELED &&
@@ -364,9 +364,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
{
ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
if (secret.rstart == NULL)
goto cleanup;
@@ -375,7 +372,8 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_fromwire(&ccregion, &request, &secret);
if (result == ISC_R_SUCCESS)
break;
- else if (result == ISCCC_R_BADAUTH) {
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ if (result == ISCCC_R_BADAUTH) {
/*
* For some reason, request is non-NULL when
* isccc_cc_fromwire returns ISCCC_R_BADAUTH.
@@ -396,7 +394,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
/* We shouldn't be getting a reply. */
if (isccc_cc_isreply(request)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
isc_stdtime_get(&now);
@@ -407,17 +405,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
_ctrl = isccc_alist_lookup(request, "_ctrl");
if (_ctrl == NULL) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
- goto cleanup;
+ goto cleanup_request;
}
} else {
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -426,7 +424,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
now > exp) {
log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -436,16 +434,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_checkdup(listener->controls->symtab, request, now);
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_EXISTS)
- result = ISCCC_R_DUPLICATE;
+ result = ISCCC_R_DUPLICATE;
log_invalid(&conn->ccmsg, result);
- goto cleanup;
+ goto cleanup_request;
}
if (conn->nonce != 0 &&
(isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
conn->nonce != nonce)) {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
- goto cleanup;
+ goto cleanup_request;
}
/*
@@ -459,7 +457,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_request;
if (eresult != ISC_R_SUCCESS) {
isccc_sexpr_t *data;
@@ -467,7 +465,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
const char *estr = isc_result_totext(eresult);
if (isccc_cc_definestring(data, "err", estr) == NULL)
- goto cleanup;
+ goto cleanup_response;
}
}
@@ -478,20 +476,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
if (data != NULL) {
char *str = (char *)isc_buffer_base(&text);
if (isccc_cc_definestring(data, "text", str) == NULL)
- goto cleanup;
+ goto cleanup_response;
}
}
_ctrl = isccc_alist_lookup(response, "_ctrl");
if (_ctrl == NULL ||
isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
- goto cleanup;
+ goto cleanup_response;
ccregion.rstart = conn->buffer + 4;
ccregion.rend = conn->buffer + sizeof(conn->buffer);
result = isccc_cc_towire(response, &ccregion, &secret);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_response;
isc_buffer_init(&b, conn->buffer, 4);
len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
isc_buffer_putuint32(&b, len - 4);
@@ -500,31 +498,27 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
if (result != ISC_R_SUCCESS)
- goto cleanup;
+ goto cleanup_response;
conn->sending = ISC_TRUE;
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
- if (request != NULL)
- isccc_sexpr_free(&request);
- if (response != NULL)
- isccc_sexpr_free(&response);
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+ isccc_sexpr_free(&request);
+ isccc_sexpr_free(&response);
return;
+ cleanup_response:
+ isccc_sexpr_free(&response);
+
+ cleanup_request:
+ isccc_sexpr_free(&request);
+ isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
+
cleanup:
- if (secret.rstart != NULL)
- isc_mem_put(listener->mctx, secret.rstart,
- REGION_SIZE(secret));
isc_socket_detach(&conn->sock);
isccc_ccmsg_invalidate(&conn->ccmsg);
conn->ccmsg_valid = ISC_FALSE;
maybe_free_connection(conn);
maybe_free_listener(listener);
- if (request != NULL)
- isccc_sexpr_free(&request);
- if (response != NULL)
- isccc_sexpr_free(&response);
}
static void
@@ -548,7 +542,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
conn = isc_mem_get(listener->mctx, sizeof(*conn));
if (conn == NULL)
return (ISC_R_NOMEMORY);
-
+
conn->sock = sock;
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
conn->ccmsg_valid = ISC_TRUE;
@@ -660,7 +654,7 @@ ns_controls_shutdown(ns_controls_t *controls) {
static isc_result_t
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
- const cfg_obj_t **objp)
+ const cfg_obj_t **objp)
{
const cfg_listelt_t *element;
const char *str;
@@ -808,7 +802,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
-
+
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
@@ -828,14 +822,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
- if (keyid == NULL)
+ if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
ISC_LINK_INIT(keyid, link);
- if (keyid->keyname == NULL)
+ if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
@@ -891,7 +885,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
cfg_parser_destroy(&pctx);
return (result);
}
-
+
/*
* Ensures that both '*global_keylistp' and '*control_keylistp' are
* valid or both are NULL.
@@ -925,7 +919,7 @@ static void
update_listener(ns_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
- const char *socktext, isc_sockettype_t type)
+ const char *socktext, isc_sockettype_t type)
{
controllistener_t *listener;
const cfg_obj_t *allow;
@@ -945,7 +939,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
*listenerp = NULL;
return;
}
-
+
/*
* There is already a listener for this sockaddr.
* Update the access list and key information.
@@ -1339,7 +1333,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
- cfg_obj_asstring(path),
+ cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
@@ -1385,10 +1379,10 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
-
+
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
- isc_sockettype_tcp);
+ isc_sockettype_tcp);
if (listener != NULL)
/*
diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h
index 11f3989460e9..9c86afd46d5f 100644
--- a/bin/named/include/named/globals.h
+++ b/bin/named/include/named/globals.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: globals.h,v 1.64.18.4 2006/03/02 00:37:21 marka Exp $ */
+/* $Id: globals.h,v 1.64.18.6 2008/10/24 01:43:17 tbox Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
@@ -48,6 +48,7 @@ EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL);
EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL);
EXTERN isc_entropy_t * ns_g_entropy INIT(NULL);
EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL);
+EXTERN unsigned int ns_g_cpus_detected INIT(1);
/*
* XXXRTH We're going to want multiple timer managers eventually. One
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 2a82c9874764..08d33d9912c5 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: interfacemgr.c,v 1.76.18.8.44.3 2008/07/23 23:16:43 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.76.18.11 2008/07/23 23:33:02 marka Exp $ */
/*! \file */
@@ -90,7 +90,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
mgr->generation = 1;
mgr->listenon4 = NULL;
mgr->listenon6 = NULL;
-
+
ISC_LIST_INIT(mgr->interfaces);
ISC_LIST_INIT(mgr->listenon);
@@ -323,7 +323,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
goto tcp_listen_failure;
}
- /*
+ /*
* If/when there a multiple filters listen to the
* result.
*/
@@ -510,7 +510,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
unsigned int prefixlen;
family = interface->address.family;
-
+
elt.type = dns_aclelementtype_ipprefix;
elt.negative = ISC_FALSE;
elt.u.ip_prefix.address = interface->address;
@@ -550,7 +550,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
static void
setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
in_port_t port)
-{
+{
isc_sockaddr_t *addr;
isc_sockaddr_t *old;
@@ -564,7 +564,7 @@ setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
old != NULL;
old = ISC_LIST_NEXT(old, link))
if (isc_sockaddr_equal(addr, old))
- break;
+ break;
if (old != NULL)
isc_mem_put(mgr->mctx, addr, sizeof(*addr));
@@ -700,7 +700,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
{
isc_interface_t interface;
ns_listenlist_t *ll;
- unsigned int family;
+ unsigned int family;
result = isc_interfaceiter_current(iter, &interface);
if (result != ISC_R_SUCCESS)
@@ -882,7 +882,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
UNEXPECTED_ERROR(__FILE__, __LINE__,
"interface iteration failed: %s",
isc_result_totext(result));
- else
+ else
result = ISC_R_SUCCESS;
cleanup_iter:
isc_interfaceiter_destroy(&iter);
@@ -913,7 +913,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
/*
* Warn if we are not listening on any interface, unless
- * we're in lwresd-only mode, in which case that is to
+ * we're in lwresd-only mode, in which case that is to
* be expected.
*/
if (ext_listen == NULL &&
diff --git a/bin/named/lwaddr.c b/bin/named/lwaddr.c
index 78c2b0b85184..02e8f4de3be5 100644
--- a/bin/named/lwaddr.c
+++ b/bin/named/lwaddr.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwaddr.c,v 1.4.18.2 2005/04/29 00:15:23 marka Exp $ */
+/* $Id: lwaddr.c,v 1.4.18.4 2008/01/11 23:45:59 tbox Exp $ */
/*! \file */
@@ -81,7 +81,7 @@ lwaddr_lwresaddr_fromnetaddr(lwres_addr_t *la, isc_netaddr_t *na) {
} else {
la->family = LWRES_ADDRTYPE_V6;
la->length = 16;
- memcpy(la->address, &na->type.in, 16);
+ memcpy(la->address, &na->type.in6, 16);
}
return (ISC_R_SUCCESS);
}
diff --git a/bin/named/lwdgnba.c b/bin/named/lwdgnba.c
index a500d278896e..a54d44375124 100644
--- a/bin/named/lwdgnba.c
+++ b/bin/named/lwdgnba.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2002 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdgnba.c,v 1.16.18.2 2005/04/29 00:15:24 marka Exp $ */
+/* $Id: lwdgnba.c,v 1.16.18.4 2008/01/14 23:45:59 tbox Exp $ */
/*! \file */
@@ -220,8 +220,6 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) {
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
goto out;
- if (req->addr.address == NULL)
- goto out;
client->options = 0;
if (req->addr.family == LWRES_ADDRTYPE_V4) {
diff --git a/bin/named/lwdnoop.c b/bin/named/lwdnoop.c
index fa591b41a245..69cc957e261c 100644
--- a/bin/named/lwdnoop.c
+++ b/bin/named/lwdnoop.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwdnoop.c,v 1.7.18.2 2005/04/29 00:15:25 marka Exp $ */
+/* $Id: lwdnoop.c,v 1.7.18.4 2008/01/22 23:27:05 tbox Exp $ */
/*! \file */
@@ -44,7 +44,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
result = lwres_nooprequest_parse(client->clientmgr->lwctx,
b, &client->pkt, &req);
if (result != LWRES_R_SUCCESS)
- goto out;
+ goto send_error;
client->pkt.recvlength = LWRES_RECVLENGTH;
client->pkt.authtype = 0; /* XXXMLG */
@@ -57,7 +57,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
&client->pkt, &lwb);
if (lwres != LWRES_R_SUCCESS)
- goto out;
+ goto cleanup_req;
r.base = lwb.base;
r.length = lwb.used;
@@ -65,7 +65,7 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
client->sendlength = r.length;
result = ns_lwdclient_sendreply(client, &r);
if (result != ISC_R_SUCCESS)
- goto out;
+ goto cleanup_lwb;
/*
* We can now destroy request.
@@ -76,13 +76,12 @@ ns_lwdclient_processnoop(ns_lwdclient_t *client, lwres_buffer_t *b) {
return;
- out:
- if (req != NULL)
- lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+ cleanup_lwb:
+ lwres_context_freemem(client->clientmgr->lwctx, lwb.base, lwb.length);
- if (lwb.base != NULL)
- lwres_context_freemem(client->clientmgr->lwctx,
- lwb.base, lwb.length);
+ cleanup_req:
+ lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+ send_error:
ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
}
diff --git a/bin/named/lwresd.8 b/bin/named/lwresd.8
index 825645aa1eaa..827edcd65737 100644
--- a/bin/named/lwresd.8
+++ b/bin/named/lwresd.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: lwresd.8,v 1.15.18.12 2007/05/16 06:11:27 marka Exp $
+.\" $Id: lwresd.8,v 1.15.18.13 2008/10/17 01:29:23 tbox Exp $
.\"
.hy 0
.ad l
@@ -85,9 +85,9 @@ Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/lwresd.conf\fR.
-<term>\-c</term>
+\fB\-c\fR
can not be used with
-<term>\-C</term>.
+\fB\-C\fR.
.RE
.PP
\-C \fIconfig\-file\fR
@@ -96,9 +96,9 @@ Use
\fIconfig\-file\fR
as the configuration file instead of the default,
\fI/etc/resolv.conf\fR.
-<term>\-C</term>
+\fB\-C\fR
can not be used with
-<term>\-c</term>.
+\fB\-c\fR.
.RE
.PP
\-d \fIdebug\-level\fR
@@ -217,7 +217,7 @@ The default process\-id file.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001 Internet Software Consortium.
.br
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index 1f7184e72dcc..8a89b1c764ce 100644
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -15,9 +15,9 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: lwresd.c,v 1.46.18.7.52.3 2008/07/23 23:16:43 marka Exp $ */
+/* $Id: lwresd.c,v 1.46.18.10 2008/07/23 23:33:02 marka Exp $ */
-/*! \file
+/*! \file
* \brief
* Main program for the Lightweight Resolver Daemon.
*
@@ -224,7 +224,7 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
for (i = 0; i < lwc->searchnxt; i++) {
CHECK(buffer_putstr(&b, "\t\t\""));
CHECK(buffer_putstr(&b, lwc->search[i]));
- CHECK(buffer_putstr(&b, "\";\n"));
+ CHECK(buffer_putstr(&b, "\";\n"));
}
CHECK(buffer_putstr(&b, "\t};\n"));
}
diff --git a/bin/named/lwresd.docbook b/bin/named/lwresd.docbook
index 5b3143e6e5b4..6dd2c40adf61 100644
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.docbook,v 1.7.18.8 2007/08/28 07:20:01 tbox Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.7.18.10 2008/10/16 23:46:00 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>June 30, 2000</date>
@@ -40,6 +40,7 @@
<year>2004</year>
<year>2005</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -145,7 +146,7 @@
configuration file instead of the default,
<filename>/etc/lwresd.conf</filename>.
<!-- Should this be an absolute path name? -->
- <term>-c</term> can not be used with <term>-C</term>.
+ <option>-c</option> can not be used with <option>-C</option>.
</para>
</listitem>
</varlistentry>
@@ -157,7 +158,7 @@
Use <replaceable class="parameter">config-file</replaceable> as the
configuration file instead of the default,
<filename>/etc/resolv.conf</filename>.
- <term>-C</term> can not be used with <term>-c</term>.
+ <option>-C</option> can not be used with <option>-c</option>.
</para>
</listitem>
</varlistentry>
diff --git a/bin/named/lwresd.html b/bin/named/lwresd.html
index b59a7cc72581..463e6b0ee3cf 100644
--- a/bin/named/lwresd.html
+++ b/bin/named/lwresd.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: lwresd.html,v 1.5.18.18 2007/05/16 06:11:27 marka Exp $ -->
+<!-- $Id: lwresd.html,v 1.5.18.19 2008/10/17 01:29:23 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">lwresd</code> [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543461"></a><h2>DESCRIPTION</h2>
+<a name="id2543464"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">lwresd</strong></span>
is the daemon providing name lookup
services to clients that use the BIND 9 lightweight resolver
@@ -67,7 +67,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543508"></a><h2>OPTIONS</h2>
+<a name="id2543511"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -87,14 +87,14 @@
configuration file instead of the default,
<code class="filename">/etc/lwresd.conf</code>.
- <font color="red">&lt;term&gt;-c&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-C&lt;/term&gt;</font>.
+ <code class="option">-c</code> can not be used with <code class="option">-C</code>.
</p></dd>
<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
<dd><p>
Use <em class="replaceable"><code>config-file</code></em> as the
configuration file instead of the default,
<code class="filename">/etc/resolv.conf</code>.
- <font color="red">&lt;term&gt;-C&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-c&lt;/term&gt;</font>.
+ <code class="option">-C</code> can not be used with <code class="option">-c</code>.
</p></dd>
<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
<dd><p>
@@ -197,7 +197,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543925"></a><h2>FILES</h2>
+<a name="id2543928"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -210,14 +210,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543964"></a><h2>SEE ALSO</h2>
+<a name="id2543968"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543998"></a><h2>AUTHOR</h2>
+<a name="id2544002"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/named/main.c b/bin/named/main.c
index 6b9b67e13550..d8b0a3345138 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.136.18.17 2006/11/10 18:51:14 marka Exp $ */
+/* $Id: main.c,v 1.136.18.21 2008/10/24 01:28:08 marka Exp $ */
/*! \file */
@@ -33,6 +33,7 @@
#include <isc/hash.h>
#include <isc/os.h>
#include <isc/platform.h>
+#include <isc/print.h>
#include <isc/resource.h>
#include <isc/stdio.h>
#include <isc/string.h>
@@ -85,6 +86,7 @@ static char program_name[ISC_DIR_NAMEMAX] = "named";
static char absolute_conffile[ISC_DIR_PATHMAX];
static char saved_command_line[512];
static char version[512];
+static unsigned int maxsocks = 0;
void
ns_main_earlywarning(const char *format, ...) {
@@ -356,7 +358,8 @@ parse_command_line(int argc, char *argv[]) {
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
- "46c:C:d:fgi:lm:n:N:p:P:st:u:vx:")) != -1) {
+ "46c:C:d:fgi:lm:n:N:p:P:"
+ "sS:t:u:vx:")) != -1) {
switch (ch) {
case '4':
if (disable4)
@@ -435,6 +438,10 @@ parse_command_line(int argc, char *argv[]) {
/* XXXRTH temporary syntax */
want_stats = ISC_TRUE;
break;
+ case 'S':
+ maxsocks = parse_int(isc_commandline_argument,
+ "max number of sockets");
+ break;
case 't':
/* XXXJAB should we make a copy? */
ns_g_chrootdir = isc_commandline_argument;
@@ -466,17 +473,14 @@ parse_command_line(int argc, char *argv[]) {
static isc_result_t
create_managers(void) {
isc_result_t result;
-#ifdef ISC_PLATFORM_USETHREADS
- unsigned int cpus_detected;
-#endif
+ unsigned int socks;
#ifdef ISC_PLATFORM_USETHREADS
- cpus_detected = isc_os_ncpus();
if (ns_g_cpus == 0)
- ns_g_cpus = cpus_detected;
+ ns_g_cpus = ns_g_cpus_detected;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
ISC_LOG_INFO, "found %u CPU%s, using %u worker thread%s",
- cpus_detected, cpus_detected == 1 ? "" : "s",
+ ns_g_cpus_detected, ns_g_cpus_detected == 1 ? "" : "s",
ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
#else
ns_g_cpus = 1;
@@ -497,13 +501,19 @@ create_managers(void) {
return (ISC_R_UNEXPECTED);
}
- result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr);
+ result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_socketmgr_create() failed: %s",
isc_result_totext(result));
return (ISC_R_UNEXPECTED);
}
+ result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
+ if (result == ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER,
+ ISC_LOG_INFO, "using up to %u sockets", socks);
+ }
result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
if (result != ISC_R_SUCCESS) {
@@ -550,6 +560,7 @@ destroy_managers(void) {
static void
setup(void) {
isc_result_t result;
+ isc_resourcevalue_t old_openfiles;
#ifdef HAVE_LIBSCF
char *instance = NULL;
#endif
@@ -603,6 +614,13 @@ setup(void) {
}
#endif
+#ifdef ISC_PLATFORM_USETHREADS
+ /*
+ * Check for the number of cpu's before ns_os_chroot().
+ */
+ ns_g_cpus_detected = isc_os_ncpus();
+#endif
+
ns_os_chroot(ns_g_chrootdir);
/*
@@ -656,6 +674,23 @@ setup(void) {
&ns_g_initopenfiles);
/*
+ * System resources cannot effectively be tuned on some systems.
+ * Raise the limit in such cases for safety.
+ */
+ old_openfiles = ns_g_initopenfiles;
+ ns_os_adjustnofile();
+ (void)isc_resource_getlimit(isc_resource_openfiles,
+ &ns_g_initopenfiles);
+ if (old_openfiles != ns_g_initopenfiles) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_MAIN, ISC_LOG_NOTICE,
+ "adjusted limit on open files from "
+ "%" ISC_PRINT_QUADFORMAT "u to "
+ "%" ISC_PRINT_QUADFORMAT "u",
+ old_openfiles, ns_g_initopenfiles);
+ }
+
+ /*
* If the named configuration filename is relative, prepend the current
* directory's name before possibly changing to another directory.
*/
@@ -665,7 +700,7 @@ setup(void) {
sizeof(absolute_conffile));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("could not construct absolute path of "
- "configuration file: %s",
+ "configuration file: %s",
isc_result_totext(result));
ns_g_conffile = absolute_conffile;
}
@@ -757,7 +792,7 @@ ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) {
if (debug)
UNEXPECTED_ERROR(__FILE__, __LINE__,
"scf_handle_create() failed: %s",
- scf_strerror(scf_error()));
+ scf_strerror(scf_error()));
return (ISC_R_FAILURE);
}
diff --git a/bin/named/named.8 b/bin/named/named.8
index f5e82303024d..9487dac2e178 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.8,v 1.20.18.15 2007/06/20 02:26:58 marka Exp $
+.\" $Id: named.8,v 1.20.18.16 2008/09/01 02:29:00 tbox Exp $
.\"
.hy 0
.ad l
@@ -33,7 +33,7 @@
named \- Internet domain name server
.SH "SYNOPSIS"
.HP 6
-\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
.SH "DESCRIPTION"
.PP
\fBnamed\fR
@@ -131,6 +131,21 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha
.RE
.RE
.PP
+\-S \fI#max\-socks\fR
+.RS 4
+Allow
+\fBnamed\fR
+to use up to
+\fI#max\-socks\fR
+sockets.
+.RS
+.B "Warning:"
+This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because
+\fBnamed\fR
+reserves some file descriptors for its internal use.
+.RE
+.RE
+.PP
\-t \fIdirectory\fR
.RS 4
Chroot to
@@ -230,7 +245,7 @@ BIND 9 Administrator Reference Manual.
.PP
Internet Systems Consortium
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
.br
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 00c92a69c13a..a2ccbe07fb33 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: named.conf.5,v 1.1.2.26 2007/08/19 23:26:13 marka Exp $
+.\" $Id: named.conf.5,v 1.1.2.27 2008/09/05 01:32:08 tbox Exp $
.\"
.hy 0
.ad l
@@ -174,6 +174,7 @@ options {
port \fIinteger\fR;
querylog \fIboolean\fR;
recursing\-file \fIquoted_string\fR;
+ reserved\-sockets \fIinteger\fR;
random\-device \fIquoted_string\fR;
recursive\-clients \fIinteger\fR;
serial\-query\-rate \fIinteger\fR;
@@ -516,5 +517,5 @@ zone \fIstring\fR \fIoptional_class\fR {
\fBrndc\fR(8),
BIND 9 Administrator Reference Manual.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index 8635f9754fd6..32aa53742488 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.docbook,v 1.1.2.29.12.2 2008/07/23 23:48:17 tbox Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.1.2.31 2008/09/04 23:46:08 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>Aug 13, 2004</date>
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 09e71a324cdd..f729988d4da1 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.conf.html,v 1.1.2.35 2007/08/19 23:26:13 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.2.36 2008/09/05 01:32:08 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2542042"></a><h2>DESCRIPTION</h2>
+<a name="id2543342"></a><h2>DESCRIPTION</h2>
<p><code class="filename">named.conf</code> is the configuration file
for
<span><strong class="command">named</strong></span>. Statements are enclosed
@@ -50,14 +50,14 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543367"></a><h2>ACL</h2>
+<a name="id2543370"></a><h2>ACL</h2>
<div class="literallayout"><p><br>
acl<em class="replaceable"><code>string</code></em>{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>KEY</h2>
+<a name="id2543386"></a><h2>KEY</h2>
<div class="literallayout"><p><br>
key<em class="replaceable"><code>domain_name</code></em>{<br>
algorithm<em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@ key<em class="replaceable"><code>domain_name</code></em>{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543402"></a><h2>MASTERS</h2>
+<a name="id2543405"></a><h2>MASTERS</h2>
<div class="literallayout"><p><br>
masters<em class="replaceable"><code>string</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
(<em class="replaceable"><code>masters</code></em>|<em class="replaceable"><code>ipv4_address</code></em>[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]|<br>
@@ -75,7 +75,7 @@ masters<em class="replaceable"><code>string</code></em>[<span class="optional"
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543448"></a><h2>SERVER</h2>
+<a name="id2543451"></a><h2>SERVER</h2>
<div class="literallayout"><p><br>
server(<em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em>|<em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em>){<br>
bogus<em class="replaceable"><code>boolean</code></em>;<br>
@@ -97,7 +97,7 @@ server(<em class="replaceable"><code>ipv4_address[<span class="optional">/pref
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543516"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2543520"></a><h2>TRUSTED-KEYS</h2>
<div class="literallayout"><p><br>
trusted-keys{<br>
<em class="replaceable"><code>domain_name</code></em><em class="replaceable"><code>flags</code></em><em class="replaceable"><code>protocol</code></em><em class="replaceable"><code>algorithm</code></em><em class="replaceable"><code>key</code></em>;...<br>
@@ -105,7 +105,7 @@ trusted-keys{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543542"></a><h2>CONTROLS</h2>
+<a name="id2543545"></a><h2>CONTROLS</h2>
<div class="literallayout"><p><br>
controls{<br>
inet(<em class="replaceable"><code>ipv4_address</code></em>|<em class="replaceable"><code>ipv6_address</code></em>|*)<br>
@@ -117,7 +117,7 @@ controls{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543577"></a><h2>LOGGING</h2>
+<a name="id2543580"></a><h2>LOGGING</h2>
<div class="literallayout"><p><br>
logging{<br>
channel<em class="replaceable"><code>string</code></em>{<br>
@@ -135,7 +135,7 @@ logging{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543616"></a><h2>LWRES</h2>
+<a name="id2543619"></a><h2>LWRES</h2>
<div class="literallayout"><p><br>
lwres{<br>
listen-on[<span class="optional">port<em class="replaceable"><code>integer</code></em></span>]{<br>
@@ -148,7 +148,7 @@ lwres{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543657"></a><h2>OPTIONS</h2>
+<a name="id2543660"></a><h2>OPTIONS</h2>
<div class="literallayout"><p><br>
options{<br>
avoid-v4-udp-ports{<em class="replaceable"><code>port</code></em>;...};<br>
@@ -172,6 +172,7 @@ options{<br>
port<em class="replaceable"><code>integer</code></em>;<br>
querylog<em class="replaceable"><code>boolean</code></em>;<br>
recursing-file<em class="replaceable"><code>quoted_string</code></em>;<br>
+ reserved-sockets<em class="replaceable"><code>integer</code></em>;<br>
random-device<em class="replaceable"><code>quoted_string</code></em>;<br>
recursive-clients<em class="replaceable"><code>integer</code></em>;<br>
serial-query-rate<em class="replaceable"><code>integer</code></em>;<br>
@@ -313,7 +314,7 @@ options{<br>
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544401"></a><h2>VIEW</h2>
+<a name="id2544407"></a><h2>VIEW</h2>
<div class="literallayout"><p><br>
view<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
match-clients{<em class="replaceable"><code>address_match_element</code></em>;...};<br>
@@ -453,7 +454,7 @@ view<em class="replaceable"><code>string</code></em><em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544966"></a><h2>ZONE</h2>
+<a name="id2544972"></a><h2>ZONE</h2>
<div class="literallayout"><p><br>
zone<em class="replaceable"><code>string</code></em><em class="replaceable"><code>optional_class</code></em>{<br>
type(master|slave|stub|hint|<br>
@@ -538,12 +539,12 @@ zone<em class="replaceable"><code>string</code></em><em class="replaceable"><c
</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2545319"></a><h2>FILES</h2>
+<a name="id2545325"></a><h2>FILES</h2>
<p><code class="filename">/etc/named.conf</code>
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2545331"></a><h2>SEE ALSO</h2>
+<a name="id2545337"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index 74b41f5031b6..15d554c07f27 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.docbook,v 1.7.18.12 2007/08/28 07:20:01 tbox Exp $ -->
+<!-- $Id: named.docbook,v 1.7.18.14 2008/08/21 23:46:01 tbox Exp $ -->
<refentry id="man.named">
<refentryinfo>
<date>June 30, 2000</date>
@@ -41,6 +41,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
@@ -64,6 +65,7 @@
<arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
<arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg><option>-s</option></arg>
+ <arg><option>-S <replaceable class="parameter">#max-socks</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
<arg><option>-v</option></arg>
@@ -215,6 +217,33 @@
</varlistentry>
<varlistentry>
+ <term>-S <replaceable class="parameter">#max-socks</replaceable></term>
+ <listitem>
+ <para>
+ Allow <command>named</command> to use up to
+ <replaceable class="parameter">#max-socks</replaceable> sockets.
+ </para>
+ <warning>
+ <para>
+ This option should be unnecessary for the vast majority
+ of users.
+ The use of this option could even be harmful because the
+ specified value may exceed the limitation of the
+ underlying system API.
+ It is therefore set only when the default configuration
+ causes exhaustion of file descriptors and the
+ operational environment is known to support the
+ specified number of sockets.
+ Note also that the actual maximum number is normally a little
+ fewer than the specified value because
+ <command>named</command> reserves some file descriptors
+ for its internal use.
+ </para>
+ </warning>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>Chroot
diff --git a/bin/named/named.html b/bin/named/named.html
index 294ecce406a0..ed4f16a3e218 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: named.html,v 1.6.18.21 2007/06/20 02:26:58 marka Exp $ -->
+<!-- $Id: named.html,v 1.6.18.22 2008/09/01 02:29:00 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named</code> [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543452"></a><h2>DESCRIPTION</h2>
+<a name="id2543464"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named</strong></span>
is a Domain Name System (DNS) server,
part of the BIND 9 distribution from ISC. For more
@@ -47,7 +47,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543477"></a><h2>OPTIONS</h2>
+<a name="id2543489"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-4</span></dt>
<dd><p>
@@ -126,6 +126,31 @@
</p>
</div>
</dd>
+<dt><span class="term">-S <em class="replaceable"><code>#max-socks</code></em></span></dt>
+<dd>
+<p>
+ Allow <span><strong class="command">named</strong></span> to use up to
+ <em class="replaceable"><code>#max-socks</code></em> sockets.
+ </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+ This option should be unnecessary for the vast majority
+ of users.
+ The use of this option could even be harmful because the
+ specified value may exceed the limitation of the
+ underlying system API.
+ It is therefore set only when the default configuration
+ causes exhaustion of file descriptors and the
+ operational environment is known to support the
+ specified number of sockets.
+ Note also that the actual maximum number is normally a little
+ fewer than the specified value because
+ <span><strong class="command">named</strong></span> reserves some file descriptors
+ for its internal use.
+ </p>
+</div>
+</dd>
<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
<dd>
<p>Chroot
@@ -191,7 +216,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543864"></a><h2>SIGNALS</h2>
+<a name="id2543911"></a><h2>SIGNALS</h2>
<p>
In routine operation, signals should not be used to control
the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -212,7 +237,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543912"></a><h2>CONFIGURATION</h2>
+<a name="id2543959"></a><h2>CONFIGURATION</h2>
<p>
The <span><strong class="command">named</strong></span> configuration file is too complex
to describe in detail here. A complete description is provided
@@ -221,7 +246,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543929"></a><h2>FILES</h2>
+<a name="id2543976"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
<dd><p>
@@ -234,7 +259,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543969"></a><h2>SEE ALSO</h2>
+<a name="id2544016"></a><h2>SEE ALSO</h2>
<p><em class="citetitle">RFC 1033</em>,
<em class="citetitle">RFC 1034</em>,
<em class="citetitle">RFC 1035</em>,
@@ -247,7 +272,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544039"></a><h2>AUTHOR</h2>
+<a name="id2544086"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/bin/named/query.c b/bin/named/query.c
index 38eb9a13c15b..5cafbc9e45a8 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.257.18.40 2007/09/26 03:08:14 each Exp $ */
+/* $Id: query.c,v 1.257.18.46 2008/10/15 22:33:01 marka Exp $ */
/*! \file */
@@ -2298,7 +2298,7 @@ mark_secure(ns_client_t *client, dns_db_t *db, dns_name_t *name,
static isc_boolean_t
get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
dns_rdataset_t *keyrdataset, dst_key_t **keyp)
-{
+{
isc_result_t result;
dns_dbnode_t *node = NULL;
isc_boolean_t secure = ISC_FALSE;
@@ -2331,12 +2331,12 @@ get_key(ns_client_t *client, dns_db_t *db, dns_rdata_rrsig_t *rrsig,
isc_buffer_init(&b, rdata.data, rdata.length);
isc_buffer_add(&b, rdata.length);
result = dst_key_fromdns(&rrsig->signer, rdata.rdclass, &b,
- client->mctx, keyp);
+ client->mctx, keyp);
if (result != ISC_R_SUCCESS)
continue;
if (rrsig->algorithm == (dns_secalg_t)dst_key_alg(*keyp) &&
- rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) &&
- dst_key_iszonekey(*keyp)) {
+ rrsig->keyid == (dns_keytag_t)dst_key_id(*keyp) &&
+ dst_key_iszonekey(*keyp)) {
secure = ISC_TRUE;
break;
}
@@ -2354,7 +2354,7 @@ verify(dst_key_t *key, dns_name_t *name, dns_rdataset_t *rdataset,
isc_boolean_t ignore = ISC_FALSE;
dns_fixedname_init(&fixed);
-
+
again:
result = dns_dnssec_verify2(name, rdataset, key, ignore, mctx,
rdata, NULL);
@@ -2382,7 +2382,7 @@ validate(ns_client_t *client, dns_db_t *db, dns_name_t *name,
if (sigrdataset == NULL || !dns_rdataset_isassociated(sigrdataset))
return (ISC_FALSE);
-
+
for (result = dns_rdataset_first(sigrdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(sigrdataset)) {
@@ -2757,6 +2757,13 @@ query_addwildcardproof(ns_client_t *client, dns_db_t *db,
&olabels);
(void)dns_name_fullcompare(name, &nsec.next, &order,
&nlabels);
+ /*
+ * Check for a pathological condition created when
+ * serving some malformed signed zones and bail out.
+ */
+ if (dns_name_countlabels(name) == nlabels)
+ goto cleanup;
+
if (olabels > nlabels)
dns_name_split(name, olabels, NULL, wname);
else
@@ -2924,13 +2931,14 @@ query_resume(isc_task_t *task, isc_event_t *event) {
static isc_result_t
query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
- dns_rdataset_t *nameservers)
+ dns_rdataset_t *nameservers, isc_boolean_t resuming)
{
isc_result_t result;
dns_rdataset_t *rdataset, *sigrdataset;
isc_sockaddr_t *peeraddr;
- inc_stats(client, dns_statscounter_recursion);
+ if (!resuming)
+ inc_stats(client, dns_statscounter_recursion);
/*
* We are about to recurse, which means that this client will
@@ -3162,11 +3170,11 @@ query_addnoqnameproof(ns_client_t *client, dns_rdataset_t *rdataset) {
cleanup:
if (nsec != NULL)
- query_putrdataset(client, &nsec);
- if (nsecsig != NULL)
- query_putrdataset(client, &nsecsig);
- if (fname != NULL)
- query_releasename(client, &fname);
+ query_putrdataset(client, &nsec);
+ if (nsecsig != NULL)
+ query_putrdataset(client, &nsecsig);
+ if (fname != NULL)
+ query_releasename(client, &fname);
}
static inline void
@@ -3269,12 +3277,12 @@ warn_rfc1918(ns_client_t *client, dns_name_t *fname, dns_rdataset_t *rdataset) {
dns_rdata_soa_t soa;
dns_rdataset_t found;
isc_result_t result;
-
+
for (i = 0; i < (sizeof(rfc1918names)/sizeof(*rfc1918names)); i++) {
if (dns_name_issubdomain(fname, &rfc1918names[i])) {
dns_rdataset_init(&found);
result = dns_ncache_getrdataset(rdataset,
- &rfc1918names[i],
+ &rfc1918names[i],
dns_rdatatype_soa,
&found);
if (result != ISC_R_SUCCESS)
@@ -3335,6 +3343,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
unsigned int options;
isc_boolean_t empty_wild;
dns_rdataset_t *noqname;
+ isc_boolean_t resuming;
CTRACE("query_find");
@@ -3360,6 +3369,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
need_wildcardproof = ISC_FALSE;
empty_wild = ISC_FALSE;
options = 0;
+ resuming = ISC_FALSE;
+ is_zone = ISC_FALSE;
if (event != NULL) {
/*
@@ -3369,7 +3380,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
want_restart = ISC_FALSE;
authoritative = ISC_FALSE;
- is_zone = ISC_FALSE;
qtype = event->qtype;
if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
@@ -3402,6 +3412,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
}
result = event->result;
+ resuming = ISC_TRUE;
goto resume;
}
@@ -3602,7 +3613,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (RECURSIONOK(client)) {
result = query_recurse(client, qtype,
- NULL, NULL);
+ NULL, NULL, resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@@ -3773,10 +3784,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
*/
if (dns_rdatatype_atparent(type))
result = query_recurse(client, qtype,
- NULL, NULL);
+ NULL, NULL,
+ resuming);
else
result = query_recurse(client, qtype,
- fname, rdataset);
+ fname, rdataset,
+ resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@@ -4220,7 +4233,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
result = query_recurse(client,
qtype,
NULL,
- NULL);
+ NULL,
+ resuming);
if (result == ISC_R_SUCCESS)
client->query.attributes |=
NS_QUERYATTR_RECURSING;
@@ -4437,6 +4451,7 @@ ns_query_start(ns_client_t *client) {
dns_rdataset_t *rdataset;
ns_client_t *qclient;
dns_rdatatype_t qtype;
+ isc_boolean_t want_ad;
CTRACE("ns_query_start");
@@ -4576,6 +4591,15 @@ ns_query_start(ns_client_t *client) {
client->query.attributes &= ~NS_QUERYATTR_SECURE;
/*
+ * Set 'want_ad' if the client has set AD in the query.
+ * This allows AD to be returned on queries without DO set.
+ */
+ if ((message->flags & DNS_MESSAGEFLAG_AD) != 0)
+ want_ad = ISC_TRUE;
+ else
+ want_ad = ISC_FALSE;
+
+ /*
* This is an ordinary query.
*/
result = dns_message_reply(message, ISC_TRUE);
@@ -4594,7 +4618,7 @@ ns_query_start(ns_client_t *client) {
* Set AD. We must clear it if we add non-validated data to a
* response.
*/
- if (WANTDNSSEC(client))
+ if (WANTDNSSEC(client) || want_ad)
message->flags |= DNS_MESSAGEFLAG_AD;
qclient = NULL;
diff --git a/bin/named/server.c b/bin/named/server.c
index 79bd125c5498..784ff94d3414 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,13 +15,14 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.419.18.57.10.3 2008/07/23 12:04:32 marka Exp $ */
+/* $Id: server.c,v 1.419.18.68 2008/09/04 23:46:08 tbox Exp $ */
/*! \file */
#include <config.h>
#include <stdlib.h>
+#include <unistd.h>
#include <isc/app.h>
#include <isc/base64.h>
@@ -31,8 +32,10 @@
#include <isc/hash.h>
#include <isc/lex.h>
#include <isc/parseint.h>
+#include <isc/portset.h>
#include <isc/print.h>
#include <isc/resource.h>
+#include <isc/socket.h>
#include <isc/stdio.h>
#include <isc/string.h>
#include <isc/task.h>
@@ -197,6 +200,7 @@ static const struct {
#endif
/* RFC 3330 */
+ { "0.IN-ADDR.ARPA", ISC_FALSE }, /* THIS NETWORK */
{ "127.IN-ADDR.ARPA", ISC_FALSE }, /* LOOPBACK */
{ "254.169.IN-ADDR.ARPA", ISC_FALSE }, /* LINK LOCAL */
{ "2.0.192.IN-ADDR.ARPA", ISC_FALSE }, /* TEST NET */
@@ -438,7 +442,7 @@ configure_view_dnsseckeys(const cfg_obj_t *vconfig, const cfg_obj_t *config,
*target = keytable; /* Transfer ownership. */
keytable = NULL;
result = ISC_R_SUCCESS;
-
+
cleanup:
return (result);
}
@@ -454,7 +458,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
isc_boolean_t value;
isc_result_t result;
isc_buffer_t b;
-
+
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
for (element = cfg_list_first(mbs);
@@ -472,7 +476,7 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
}
result = ISC_R_SUCCESS;
-
+
cleanup:
return (result);
}
@@ -482,13 +486,15 @@ mustbesecure(const cfg_obj_t *mbs, dns_resolver_t *resolver)
*/
static isc_result_t
get_view_querysource_dispatch(const cfg_obj_t **maps,
- int af, dns_dispatch_t **dispatchp)
+ int af, dns_dispatch_t **dispatchp,
+ isc_boolean_t is_firstview)
{
isc_result_t result;
dns_dispatch_t *disp;
isc_sockaddr_t sa;
unsigned int attrs, attrmask;
const cfg_obj_t *obj = NULL;
+ unsigned int maxdispatchbuffers;
/*
* Make compiler happy.
@@ -540,12 +546,18 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
attrs |= DNS_DISPATCHATTR_IPV6;
break;
}
-
- if (isc_sockaddr_getport(&sa) != 0) {
+ if (isc_sockaddr_getport(&sa) == 0) {
+ attrs |= DNS_DISPATCHATTR_EXCLUSIVE;
+ maxdispatchbuffers = 4096;
+ } else {
INSIST(obj != NULL);
- cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
- "using specific query-source port suppresses port "
- "randomization and can be insecure.");
+ if (is_firstview) {
+ cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
+ "using specific query-source port "
+ "suppresses port randomization and can be "
+ "insecure.");
+ }
+ maxdispatchbuffers = 1000;
}
attrmask = 0;
@@ -557,7 +569,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps,
disp = NULL;
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &sa, 4096,
- 1024, 32768, 16411, 16433,
+ maxdispatchbuffers, 32768, 16411, 16433,
attrs, attrmask, &disp);
if (result != ISC_R_SUCCESS) {
isc_sockaddr_t any;
@@ -609,7 +621,7 @@ configure_order(dns_order_t *order, const cfg_obj_t *ent) {
return (result);
obj = cfg_tuple_get(ent, "name");
- if (cfg_obj_isstring(obj))
+ if (cfg_obj_isstring(obj))
str = cfg_obj_asstring(obj);
else
str = "*";
@@ -662,7 +674,7 @@ configure_peer(const cfg_obj_t *cpeer, isc_mem_t *mctx, dns_peer_t **peerp) {
cfg_obj_asnetprefix(cfg_map_getname(cpeer), &na, &prefixlen);
peer = NULL;
- result = dns_peer_new(mctx, &na, &peer);
+ result = dns_peer_newprefix(mctx, &na, prefixlen, &peer);
if (result != ISC_R_SUCCESS)
return (result);
@@ -840,7 +852,7 @@ on_disable_list(const cfg_obj_t *disablelist, dns_name_t *zonename) {
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
-
+
for (element = cfg_list_first(disablelist);
element != NULL;
element = cfg_list_next(element))
@@ -911,9 +923,9 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
const cfg_obj_t *alternates;
const cfg_obj_t *zonelist;
#ifdef DLZ
- const cfg_obj_t *dlz;
- unsigned int dlzargc;
- char **dlzargv;
+ const cfg_obj_t *dlz;
+ unsigned int dlzargc;
+ char **dlzargv;
#endif
const cfg_obj_t *disabled;
const cfg_obj_t *obj;
@@ -1064,7 +1076,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
result = ISC_R_NOMEMORY;
goto cleanup;
}
-
+
result = dns_dlzstrtoargv(mctx, s, &dlzargc, &dlzargv);
if (result != ISC_R_SUCCESS) {
isc_mem_free(mctx, s);
@@ -1183,8 +1195,12 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
*
* XXXRTH Hardwired number of tasks.
*/
- CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4));
- CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6));
+ CHECK(get_view_querysource_dispatch(maps, AF_INET, &dispatch4,
+ ISC_TF(ISC_LIST_PREV(view, link)
+ == NULL)));
+ CHECK(get_view_querysource_dispatch(maps, AF_INET6, &dispatch6,
+ ISC_TF(ISC_LIST_PREV(view, link)
+ == NULL)));
if (dispatch4 == NULL && dispatch6 == NULL) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"unable to obtain neither an IPv4 nor"
@@ -1223,7 +1239,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
result = ns_config_get(maps, "zero-no-soa-ttl-cache", &obj);
INSIST(result == ISC_R_SUCCESS);
dns_resolver_setzeronosoattl(view->resolver, cfg_obj_asboolean(obj));
-
+
/*
* Set the resolver's EDNS UDP size.
*/
@@ -1236,7 +1252,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (udpsize > 4096)
udpsize = 4096;
dns_resolver_setudpsize(view->resolver, (isc_uint16_t)udpsize);
-
+
/*
* Set the maximum UDP response size.
*/
@@ -1273,7 +1289,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
(void)ns_config_get(maps, "forward", &forwardtype);
(void)ns_config_get(maps, "forwarders", &forwarders);
if (forwarders != NULL)
- CHECK(configure_forward(config, view, dns_rootname,
+ CHECK(configure_forward(config, view, dns_rootname,
forwarders, forwardtype));
/*
@@ -1293,7 +1309,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
/*
* If we still have no hints, this is a non-IN view with no
* "hints zone" configured. Issue a warning, except if this
- * is a root server. Root servers never need to consult
+ * is a root server. Root servers never need to consult
* their hints, so it's no point requiring users to configure
* them.
*/
@@ -1416,7 +1432,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
view->transfer_format = dns_one_answer;
else
INSIST(0);
-
+
/*
* Set sources where additional data and CNAME/DNAME
* targets for authoritative answers may be found.
@@ -1516,7 +1532,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_resolver_setclientsperquery(view->resolver,
cfg_obj_asuint32(obj),
max_clients_per_query);
-
+
obj = NULL;
result = ns_config_get(maps, "dnssec-enable", &obj);
INSIST(result == ISC_R_SUCCESS);
@@ -1745,14 +1761,14 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
if (result == ISC_R_SUCCESS &&
forwarders->fwdpolicy == dns_fwdpolicy_only)
continue;
-
+
if (!rfc1918 && empty_zones[empty_zone].rfc1918) {
if (logit) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_WARNING,
- "Warning%s%s: "
+ "Warning%s%s: "
"'empty-zones-enable/"
"disable-empty-zone' "
"not set: disabling "
@@ -1794,7 +1810,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_zone_setclass(zone, view->rdclass);
dns_zone_settype(zone, dns_zone_master);
CHECK(dns_zone_setdbtype(zone, empty_dbtypec,
- empty_dbtype));
+ empty_dbtype));
if (view->queryacl != NULL)
dns_zone_setqueryacl(zone, view->queryacl);
dns_zone_setdialup(zone, dns_dialuptype_no);
@@ -1809,7 +1825,7 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
dns_zone_detach(&zone);
}
}
-
+
result = ISC_R_SUCCESS;
cleanup:
@@ -2125,7 +2141,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
"name"));
else
vname = "<default view>";
-
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"zone '%s': wrong class for view '%s'",
@@ -2499,7 +2515,7 @@ adjust_interfaces(ns_server_t *server, isc_mem_t *mctx) {
}
ns_interfacemgr_adjust(server->interfacemgr, list, ISC_TRUE);
-
+
clean:
ns_listenlist_detach(&list);
return;
@@ -2588,7 +2604,7 @@ setstring(ns_server_t *server, char **field, const char *value) {
*field = copy;
return (ISC_R_SUCCESS);
-}
+}
/*
* Replace the current value of '*field', a dynamically allocated
@@ -2630,7 +2646,7 @@ set_limit(const cfg_obj_t **maps, const char *configname,
result = isc_resource_setlimit(resourceid, value);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
result == ISC_R_SUCCESS ?
- ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
+ ISC_LOG_DEBUG(3) : ISC_LOG_WARNING,
"set maximum %s to %" ISC_PRINT_QUADFORMAT "d: %s",
description, value, isc_result_totext(result));
}
@@ -2647,31 +2663,48 @@ set_limits(const cfg_obj_t **maps) {
SETLIMIT("files", openfiles, "open files");
}
-static isc_result_t
-portlist_fromconf(dns_portlist_t *portlist, unsigned int family,
- const cfg_obj_t *ports)
+static void
+portset_fromconf(isc_portset_t *portset, const cfg_obj_t *ports,
+ isc_boolean_t positive)
{
const cfg_listelt_t *element;
- isc_result_t result = ISC_R_SUCCESS;
for (element = cfg_list_first(ports);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *obj = cfg_listelt_value(element);
- in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
-
- result = dns_portlist_add(portlist, family, port);
- if (result != ISC_R_SUCCESS)
- break;
+
+ if (cfg_obj_isuint32(obj)) {
+ in_port_t port = (in_port_t)cfg_obj_asuint32(obj);
+
+ if (positive)
+ isc_portset_add(portset, port);
+ else
+ isc_portset_remove(portset, port);
+ } else {
+ const cfg_obj_t *obj_loport, *obj_hiport;
+ in_port_t loport, hiport;
+
+ obj_loport = cfg_tuple_get(obj, "loport");
+ loport = (in_port_t)cfg_obj_asuint32(obj_loport);
+ obj_hiport = cfg_tuple_get(obj, "hiport");
+ hiport = (in_port_t)cfg_obj_asuint32(obj_hiport);
+
+ if (positive)
+ isc_portset_addrange(portset, loport, hiport);
+ else {
+ isc_portset_removerange(portset, loport,
+ hiport);
+ }
+ }
}
- return (result);
}
static isc_result_t
removed(dns_zone_t *zone, void *uap) {
const char *type;
- if (dns_zone_getview(zone) != uap)
+ if (dns_zone_getview(zone) != uap)
return (ISC_R_SUCCESS);
switch (dns_zone_gettype(zone)) {
@@ -2704,28 +2737,31 @@ load_configuration(const char *filename, ns_server_t *server,
const cfg_obj_t *maps[3];
const cfg_obj_t *obj;
const cfg_obj_t *options;
- const cfg_obj_t *v4ports, *v6ports;
+ const cfg_obj_t *usev4ports, *avoidv4ports, *usev6ports, *avoidv6ports;
const cfg_obj_t *views;
dns_view_t *view = NULL;
dns_view_t *view_next;
dns_viewlist_t tmpviewlist;
dns_viewlist_t viewlist;
- in_port_t listen_port;
+ in_port_t listen_port, udpport_low, udpport_high;
int i;
isc_interval_t interval;
- isc_resourcevalue_t files;
+ isc_portset_t *v4portset = NULL;
+ isc_portset_t *v6portset = NULL;
+ isc_resourcevalue_t nfiles;
isc_result_t result;
isc_uint32_t heartbeat_interval;
isc_uint32_t interface_interval;
isc_uint32_t reserved;
isc_uint32_t udpsize;
+ unsigned int maxsocks;
cfg_aclconfctx_init(&aclconfctx);
ISC_LIST_INIT(viewlist);
/* Ensure exclusive access to configuration data. */
result = isc_task_beginexclusive(server->task);
- RUNTIME_CHECK(result == ISC_R_SUCCESS);
+ RUNTIME_CHECK(result == ISC_R_SUCCESS);
/*
* Parse the global default pseudo-config file.
@@ -2799,20 +2835,22 @@ load_configuration(const char *filename, ns_server_t *server,
set_limits(maps);
/*
- * Sanity check on "files" limit.
+ * Check if max number of open sockets that the system allows is
+ * sufficiently large. Failing this condition is not necessarily fatal,
+ * but may cause subsequent runtime failures for a busy recursive
+ * server.
*/
- result = isc_resource_curlimit(isc_resource_openfiles, &files);
- if (result == ISC_R_SUCCESS && files < FD_SETSIZE) {
+ result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
+ if (result != ISC_R_SUCCESS)
+ maxsocks = 0;
+ result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles);
+ if (result == ISC_R_SUCCESS && (isc_resourcevalue_t)maxsocks > nfiles) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
- "the 'files' limit (%" ISC_PRINT_QUADFORMAT "u) "
- "is less than FD_SETSIZE (%d), increase "
- "'files' in named.conf or recompile with a "
- "smaller FD_SETSIZE.", files, FD_SETSIZE);
- if (files > FD_SETSIZE)
- files = FD_SETSIZE;
- } else
- files = FD_SETSIZE;
+ "max open files (%" ISC_PRINT_QUADFORMAT "u)"
+ " is smaller than max sockets (%u)",
+ nfiles, maxsocks);
+ }
/*
* Set the number of socket reserved for TCP, stdio etc.
@@ -2821,20 +2859,23 @@ load_configuration(const char *filename, ns_server_t *server,
result = ns_config_get(maps, "reserved-sockets", &obj);
INSIST(result == ISC_R_SUCCESS);
reserved = cfg_obj_asuint32(obj);
- if (files < 128U) /* Prevent underflow. */
- reserved = 0;
- else if (reserved > files - 128U) /* Mimimum UDP space. */
- reserved = files - 128;
- if (reserved < 128U) /* Mimimum TCP/stdio space. */
+ if (maxsocks != 0) {
+ if (maxsocks < 128U) /* Prevent underflow. */
+ reserved = 0;
+ else if (reserved > maxsocks - 128U) /* Minimum UDP space. */
+ reserved = maxsocks - 128;
+ }
+ /* Minimum TCP/stdio space. */
+ if (reserved < 128U)
reserved = 128;
- if (reserved + 128U > files) {
+ if (reserved + 128U > maxsocks && maxsocks != 0) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+ NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"less than 128 UDP sockets available after "
- "applying 'reserved-sockets' and 'files'");
+ "applying 'reserved-sockets' and 'maxsockets'");
}
isc__socketmgr_setreserved(ns_g_socketmgr, reserved);
-
+
/*
* Configure various server options.
*/
@@ -2859,24 +2900,64 @@ load_configuration(const char *filename, ns_server_t *server,
INSIST(result == ISC_R_SUCCESS);
server->aclenv.match_mapped = cfg_obj_asboolean(obj);
- v4ports = NULL;
- v6ports = NULL;
- (void)ns_config_get(maps, "avoid-v4-udp-ports", &v4ports);
- (void)ns_config_get(maps, "avoid-v6-udp-ports", &v6ports);
- if (v4ports != NULL || v6ports != NULL) {
- dns_portlist_t *portlist = NULL;
- result = dns_portlist_create(ns_g_mctx, &portlist);
- if (result == ISC_R_SUCCESS && v4ports != NULL)
- result = portlist_fromconf(portlist, AF_INET, v4ports);
- if (result == ISC_R_SUCCESS && v6ports != NULL)
- portlist_fromconf(portlist, AF_INET6, v6ports);
- if (result == ISC_R_SUCCESS)
- dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, portlist);
- if (portlist != NULL)
- dns_portlist_detach(&portlist);
- CHECK(result);
- } else
- dns_dispatchmgr_setblackportlist(ns_g_dispatchmgr, NULL);
+ /*
+ * Configure sets of UDP query source ports.
+ */
+ CHECKM(isc_portset_create(ns_g_mctx, &v4portset),
+ "creating UDP port set");
+ CHECKM(isc_portset_create(ns_g_mctx, &v6portset),
+ "creating UDP port set");
+
+ usev4ports = NULL;
+ usev6ports = NULL;
+ avoidv4ports = NULL;
+ avoidv6ports = NULL;
+
+ (void)ns_config_get(maps, "use-v4-udp-ports", &usev4ports);
+ if (usev4ports != NULL)
+ portset_fromconf(v4portset, usev4ports, ISC_TRUE);
+ else {
+ CHECKM(isc_net_getudpportrange(AF_INET, &udpport_low,
+ &udpport_high),
+ "get the default UDP/IPv4 port range");
+ if (udpport_low == udpport_high)
+ isc_portset_add(v4portset, udpport_low);
+ else {
+ isc_portset_addrange(v4portset, udpport_low,
+ udpport_high);
+ }
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "using default UDP/IPv4 port range: [%d, %d]",
+ udpport_low, udpport_high);
+ }
+ (void)ns_config_get(maps, "avoid-v4-udp-ports", &avoidv4ports);
+ if (avoidv4ports != NULL)
+ portset_fromconf(v4portset, avoidv4ports, ISC_FALSE);
+
+ (void)ns_config_get(maps, "use-v6-udp-ports", &usev6ports);
+ if (usev6ports != NULL)
+ portset_fromconf(v6portset, usev6ports, ISC_TRUE);
+ else {
+ CHECKM(isc_net_getudpportrange(AF_INET6, &udpport_low,
+ &udpport_high),
+ "get the default UDP/IPv6 port range");
+ if (udpport_low == udpport_high)
+ isc_portset_add(v6portset, udpport_low);
+ else {
+ isc_portset_addrange(v6portset, udpport_low,
+ udpport_high);
+ }
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_INFO,
+ "using default UDP/IPv6 port range: [%d, %d]",
+ udpport_low, udpport_high);
+ }
+ (void)ns_config_get(maps, "avoid-v6-udp-ports", &avoidv6ports);
+ if (avoidv6ports != NULL)
+ portset_fromconf(v6portset, avoidv6ports, ISC_FALSE);
+
+ dns_dispatchmgr_setavailports(ns_g_dispatchmgr, v4portset, v6portset);
/*
* Set the EDNS UDP size when we don't match a view.
@@ -3037,7 +3118,7 @@ load_configuration(const char *filename, ns_server_t *server,
NULL, &interval, ISC_FALSE));
}
server->heartbeat_interval = heartbeat_interval;
-
+
isc_interval_set(&interval, 1200, 0);
CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL,
&interval, ISC_FALSE));
@@ -3185,6 +3266,15 @@ load_configuration(const char *filename, ns_server_t *server,
ns_os_changeuser();
/*
+ * Check that the working directory is writable.
+ */
+ if (access(".", W_OK) != 0) {
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+ "the working directory is not writable");
+ }
+
+ /*
* Configure the logging system.
*
* Do this after changing UID to make sure that any log
@@ -3277,7 +3367,7 @@ load_configuration(const char *filename, ns_server_t *server,
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
-
+
obj = NULL;
if (options != NULL &&
cfg_map_get(options, "memstatistics-file", &obj) == ISC_R_SUCCESS)
@@ -3344,6 +3434,12 @@ load_configuration(const char *filename, ns_server_t *server,
result = ISC_R_SUCCESS;
cleanup:
+ if (v4portset != NULL)
+ isc_portset_destroy(ns_g_mctx, &v4portset);
+
+ if (v6portset != NULL)
+ isc_portset_destroy(ns_g_mctx, &v6portset);
+
cfg_aclconfctx_destroy(&aclconfctx);
if (parser != NULL) {
@@ -3414,7 +3510,7 @@ load_zones(ns_server_t *server, isc_boolean_t stop) {
*/
CHECK(dns_zonemgr_forcemaint(server->zonemgr));
cleanup:
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -3442,7 +3538,7 @@ load_new_zones(ns_server_t *server, isc_boolean_t stop) {
*/
dns_zonemgr_resumexfrs(server->zonemgr);
cleanup:
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -3501,7 +3597,7 @@ run_server(isc_task_t *task, isc_event_t *event) {
ISC_LOG_NOTICE, "running");
}
-void
+void
ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush) {
REQUIRE(NS_SERVER_VALID(server));
@@ -3635,7 +3731,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->interface_timer = NULL;
server->heartbeat_timer = NULL;
server->pps_timer = NULL;
-
+
server->interface_interval = 0;
server->heartbeat_interval = 0;
@@ -3658,7 +3754,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
server->hostname_set = ISC_FALSE;
server->hostname = NULL;
- server->version_set = ISC_FALSE;
+ server->version_set = ISC_FALSE;
server->version = NULL;
server->server_usehostname = ISC_FALSE;
server->server_id = NULL;
@@ -3814,7 +3910,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
ns_g_taskmgr, &dispatch->addr, 4096,
1000, 32768, 16411, 16433,
- attrs, attrmask, &dispatch->dispatch);
+ attrs, attrmask, &dispatch->dispatch);
if (result != ISC_R_SUCCESS)
goto cleanup;
@@ -3917,7 +4013,7 @@ next_token(char **stringp, const char *delim) {
break;
} while (*res == '\0');
return (res);
-}
+}
/*
* Find the zone specified in the control channel command 'args',
@@ -3975,14 +4071,14 @@ zone_from_args(ns_server_t *server, char *args, dns_zone_t **zonep) {
} else {
rdclass = dns_rdataclass_in;
}
-
+
if (viewtxt == NULL)
viewtxt = "_default";
result = dns_viewlist_find(&server->viewlist, viewtxt,
rdclass, &view);
if (result != ISC_R_SUCCESS)
goto fail1;
-
+
result = dns_zt_find(view->zonetable, dns_fixedname_name(&name),
0, NULL, zonep);
/* Partial match? */
@@ -4001,7 +4097,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
isc_result_t result;
dns_zone_t *zone = NULL;
dns_zonetype_t type;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@@ -4014,7 +4110,7 @@ ns_server_retransfercommand(ns_server_t *server, char *args) {
result = ISC_R_NOTFOUND;
dns_zone_detach(&zone);
return (result);
-}
+}
/*
* Act on a "reload" command from the command channel.
@@ -4025,7 +4121,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_zone_t *zone = NULL;
dns_zonetype_t type;
const char *msg = NULL;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@@ -4042,7 +4138,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
} else {
result = dns_zone_load(zone);
dns_zone_detach(&zone);
- switch (result) {
+ switch (result) {
case ISC_R_SUCCESS:
msg = "zone reload successful";
break;
@@ -4064,7 +4160,7 @@ ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, (const unsigned char *)msg,
strlen(msg) + 1);
return (result);
-}
+}
/*
* Act on a "reconfig" command from the command channel.
@@ -4091,14 +4187,14 @@ ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text) {
return (result);
if (zone == NULL)
return (ISC_R_UNEXPECTEDEND);
-
+
dns_zone_notify(zone);
dns_zone_detach(&zone);
if (sizeof(msg) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg, sizeof(msg));
return (ISC_R_SUCCESS);
-}
+}
/*
* Act on a "refresh" command from the command channel.
@@ -4125,17 +4221,17 @@ ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text) {
isc_buffer_putmem(text, msg1, sizeof(msg1));
return (ISC_R_SUCCESS);
}
-
+
dns_zone_detach(&zone);
if (sizeof(msg2) <= isc_buffer_availablelength(text))
isc_buffer_putmem(text, msg2, sizeof(msg2));
return (ISC_R_FAILURE);
-}
+}
isc_result_t
ns_server_togglequerylog(ns_server_t *server) {
server->log_queries = server->log_queries ? ISC_FALSE : ISC_TRUE;
-
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_INFO,
"query logging is now %s",
@@ -4239,15 +4335,15 @@ ns_server_dumpstats(ns_server_t *server) {
CHECKMF(isc_stdio_open(server->statsfile, "a", &fp),
"could not open statistics dump file", server->statsfile);
-
+
ncounters = DNS_STATS_NCOUNTERS;
fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
-
+
for (i = 0; i < ncounters; i++)
fprintf(fp, "%s %" ISC_PRINT_QUADFORMAT "u\n",
dns_statscounter_names[i],
server->querystats[i]);
-
+
zone = NULL;
for (result = dns_zone_first(server->zonemgr, &zone);
result == ISC_R_SUCCESS;
@@ -4258,7 +4354,7 @@ ns_server_dumpstats(ns_server_t *server) {
char zonename[DNS_NAME_FORMATSIZE];
dns_view_t *view;
char *viewname;
-
+
dns_name_format(dns_zone_getorigin(zone),
zonename, sizeof(zonename));
view = dns_zone_getview(zone);
@@ -4278,7 +4374,7 @@ ns_server_dumpstats(ns_server_t *server) {
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
CHECK(result);
-
+
fprintf(fp, "--- Statistics Dump --- (%lu)\n", (unsigned long)now);
cleanup:
@@ -4306,7 +4402,7 @@ static isc_result_t
add_view_tolist(struct dumpcontext *dctx, dns_view_t *view) {
struct viewlistentry *vle;
isc_result_t result = ISC_R_SUCCESS;
-
+
/*
* Prevent duplicate views.
*/
@@ -4369,7 +4465,7 @@ dumpdone(void *arg, isc_result_t result) {
struct dumpcontext *dctx = arg;
char buf[1024+32];
const dns_master_style_t *style;
-
+
if (result != ISC_R_SUCCESS)
goto cleanup;
if (dctx->mdctx != NULL)
@@ -4526,7 +4622,7 @@ ns_server_dumpdb(ns_server_t *server, char *args) {
dctx->dumpzones = ISC_TRUE;
dctx->dumpcache = ISC_FALSE;
ptr = next_token(&args, " \t");
- }
+ }
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
@@ -4646,7 +4742,7 @@ ns_server_validation(ns_server_t *server, char *args) {
else
result = ISC_R_FAILURE;
out:
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -4689,7 +4785,7 @@ ns_server_flushcache(ns_server_t *server, char *args) {
else
result = ISC_R_FAILURE;
}
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -4746,7 +4842,7 @@ ns_server_flushname(ns_server_t *server, char *args) {
result = ISC_R_NOTFOUND;
else
result = ISC_R_FAILURE;
- isc_task_endexclusive(server->task);
+ isc_task_endexclusive(server->task);
return (result);
}
@@ -4798,7 +4894,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
char *journal;
const char *vname, *sep;
isc_boolean_t frozen;
-
+
result = zone_from_args(server, args, &zone);
if (result != ISC_R_SUCCESS)
return (result);
@@ -4806,7 +4902,7 @@ ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args) {
result = isc_task_beginexclusive(server->task);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
tresult = ISC_R_SUCCESS;
- for (view = ISC_LIST_HEAD(server->viewlist);
+ for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link)) {
result = dns_view_freezezones(view, freeze);
diff --git a/bin/named/unix/include/named/os.h b/bin/named/unix/include/named/os.h
index 24afdcbbcc4a..6c603dcc2a22 100644
--- a/bin/named/unix/include/named/os.h
+++ b/bin/named/unix/include/named/os.h
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.h,v 1.22.18.3 2005/04/29 00:15:39 marka Exp $ */
+/* $Id: os.h,v 1.22.18.5 2008/10/24 01:43:17 tbox Exp $ */
#ifndef NS_OS_H
#define NS_OS_H 1
@@ -46,11 +46,13 @@ void
ns_os_changeuser(void);
void
+ns_os_adjustnofile(void);
+
+void
ns_os_minprivs(void);
void
ns_os_writepidfile(const char *filename, isc_boolean_t first_time);
-
void
ns_os_shutdown(void);
diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index 386461238fe5..ad26a8e9b0e9 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2002 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: os.c,v 1.66.18.11 2006/02/03 23:51:38 marka Exp $ */
+/* $Id: os.c,v 1.66.18.17 2008/10/24 01:43:17 tbox Exp $ */
/*! \file */
@@ -42,6 +42,7 @@
#include <isc/buffer.h>
#include <isc/file.h>
#include <isc/print.h>
+#include <isc/resource.h>
#include <isc/result.h>
#include <isc/strerror.h>
#include <isc/string.h>
@@ -116,6 +117,16 @@ static int dfd[2] = { -1, -1 };
static isc_boolean_t non_root = ISC_FALSE;
static isc_boolean_t non_root_caps = ISC_FALSE;
+#if defined(HAVE_CAPSET)
+#undef _POSIX_SOURCE
+#ifdef HAVE_SYS_CAPABILITY_H
+#include <sys/capability.h>
+#else
+#include <linux/capability.h>
+int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
+#endif
+#include <sys/prctl.h>
+#else
/*%
* We define _LINUX_FS_H to prevent it from being included. We don't need
* anything from it, and the files it includes cause warnings with 2.2
@@ -148,6 +159,7 @@ static isc_boolean_t non_root_caps = ISC_FALSE;
#endif
#define SYS_capset __NR_capset
#endif
+#endif
static void
linux_setcaps(unsigned int caps) {
@@ -165,13 +177,23 @@ linux_setcaps(unsigned int caps) {
cap.effective = caps;
cap.permitted = caps;
cap.inheritable = 0;
- if (syscall(SYS_capset, &caphead, &cap) < 0) {
+#ifdef HAVE_CAPSET
+ if (capset(&caphead, &cap) < 0 ) {
isc__strerror(errno, strbuf, sizeof(strbuf));
ns_main_earlyfatal("capset failed: %s:"
" please ensure that the capset kernel"
" module is loaded. see insmod(8)",
strbuf);
}
+#else
+ if (syscall(SYS_capset, &caphead, &cap) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlyfatal("syscall(capset) failed: %s:"
+ " please ensure that the capset kernel"
+ " module is loaded. see insmod(8)",
+ strbuf);
+ }
+#endif
}
static void
@@ -326,7 +348,7 @@ ns_os_daemonize(void) {
/*
* Wait for the child to finish loading for the first time.
* This would be so much simpler if fork() worked once we
- * were multi-threaded.
+ * were multi-threaded.
*/
(void)close(dfd[1]);
do {
@@ -496,15 +518,37 @@ ns_os_changeuser(void) {
ns_main_earlyfatal("setuid(): %s", strbuf);
}
-#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
- linux_minprivs();
-#endif
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
/*
* Restore the ability of named to drop core after the setuid()
* call has disabled it.
*/
- prctl(PR_SET_DUMPABLE,1,0,0,0);
+ if (prctl(PR_SET_DUMPABLE,1,0,0,0) < 0) {
+ isc__strerror(errno, strbuf, sizeof(strbuf));
+ ns_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s",
+ strbuf);
+ }
+#endif
+#if defined(HAVE_LINUX_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
+ linux_minprivs();
+#endif
+}
+
+void
+ns_os_adjustnofile() {
+#ifdef HAVE_LINUXTHREADS
+ isc_result_t result;
+ isc_resourcevalue_t newvalue;
+
+ /*
+ * Linux: max number of open files specified by one thread doesn't seem
+ * to apply to other threads on Linux.
+ */
+ newvalue = ISC_RESOURCE_UNLIMITED;
+
+ result = isc_resource_setlimit(isc_resource_openfiles, newvalue);
+ if (result != ISC_R_SUCCESS)
+ ns_main_earlywarning("couldn't adjust limit on open files");
#endif
}
@@ -665,7 +709,7 @@ ns_os_shutdownmsg(char *command, isc_buffer_t *text) {
ptr = next_token(&input, " \t");
if (ptr == NULL)
return;
-
+
if (strcmp(ptr, "-p") != 0)
return;
diff --git a/bin/named/update.c b/bin/named/update.c
index 98054f8b3ceb..fb6dec2f11e0 100644
--- a/bin/named/update.c
+++ b/bin/named/update.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 1999-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: update.c,v 1.109.18.23 2007/08/28 07:20:01 tbox Exp $ */
+/* $Id: update.c,v 1.109.18.27 2008/02/07 03:16:08 marka Exp $ */
#include <config.h>
@@ -114,7 +114,7 @@
} \
update_log(client, zone, LOGLEVEL_PROTOCOL, \
"update %s: %s (%s)", _what, \
- msg, isc_result_totext(result)); \
+ msg, isc_result_totext(result)); \
if (result != ISC_R_SUCCESS) goto failure; \
} while (0)
@@ -403,7 +403,7 @@ foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) {
result = dns_rdataset_next(rdataset))
{
rr_t rr = { 0, DNS_RDATA_INIT };
-
+
dns_rdataset_current(rdataset, &rr.rdata);
rr.ttl = rdataset->ttl;
result = (*ctx->rr_action)(ctx->rr_action_data, &rr);
@@ -843,10 +843,14 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
/* A new unique name begins here. */
node = NULL;
result = dns_db_findnode(db, name, ISC_FALSE, &node);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND) {
+ dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
- if (result != ISC_R_SUCCESS)
+ }
+ if (result != ISC_R_SUCCESS) {
+ dns_diff_clear(&trash);
return (result);
+ }
/* A new unique type begins here. */
while (t != NULL && dns_name_equal(&t->name, name)) {
@@ -854,7 +858,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
dns_rdataset_t rdataset;
dns_diff_t d_rrs; /* Database RRs with
this name and type */
- dns_diff_t u_rrs; /* Update RRs with
+ dns_diff_t u_rrs; /* Update RRs with
this name and type */
*typep = type = t->rdata.type;
@@ -874,6 +878,7 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
&rdataset, NULL);
if (result != ISC_R_SUCCESS) {
dns_db_detachnode(db, &node);
+ dns_diff_clear(&trash);
return (DNS_R_NXRRSET);
}
@@ -1119,7 +1124,7 @@ typedef struct {
static isc_result_t
add_rr_prepare_action(void *data, rr_t *rr) {
- isc_result_t result = ISC_R_SUCCESS;
+ isc_result_t result = ISC_R_SUCCESS;
add_rr_prepare_ctx_t *ctx = data;
dns_difftuple_t *tuple = NULL;
isc_boolean_t equal;
@@ -1647,10 +1652,11 @@ ksk_sanity(dns_db_t *db, dns_dbversion_t *ver) {
* Add RRSIG records for an RRset, recording the change in "diff".
*/
static isc_result_t
-add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
- dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys,
- unsigned int nkeys, isc_mem_t *mctx, isc_stdtime_t inception,
- isc_stdtime_t expire, isc_boolean_t check_ksk)
+add_sigs(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
+ dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type,
+ dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys,
+ isc_mem_t *mctx, isc_stdtime_t inception, isc_stdtime_t expire,
+ isc_boolean_t check_ksk)
{
isc_result_t result;
dns_dbnode_t *node = NULL;
@@ -1659,6 +1665,7 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
isc_buffer_t buffer;
unsigned char data[1024]; /* XXX */
unsigned int i;
+ isc_boolean_t added_sig = ISC_FALSE;
dns_rdataset_init(&rdataset);
isc_buffer_init(&buffer, data, sizeof(data));
@@ -1671,14 +1678,14 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
dns_db_detachnode(db, &node);
for (i = 0; i < nkeys; i++) {
-
+
if (check_ksk && type != dns_rdatatype_dnskey &&
(dst_key_flags(keys[i]) & DNS_KEYFLAG_KSK) != 0)
continue;
if (!dst_key_isprivate(keys[i]))
continue;
-
+
/* Calculate the signature, creating a RRSIG RDATA. */
CHECK(dns_dnssec_sign(name, &rdataset, keys[i],
&inception, &expire,
@@ -1689,6 +1696,13 @@ add_sigs(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
CHECK(update_one_rr(db, ver, diff, DNS_DIFFOP_ADD, name,
rdataset.ttl, &sig_rdata));
dns_rdata_reset(&sig_rdata);
+ added_sig = ISC_TRUE;
+ }
+ if (!added_sig) {
+ update_log(client, zone, ISC_LOG_ERROR,
+ "found no private keys, "
+ "unable to generate any signatures");
+ result = ISC_R_NOTFOUND;
}
failure:
@@ -1770,7 +1784,7 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
dns_rdataset_init(&rdataset);
CHECK(dns_db_findrdataset(db, node, newver, dns_rdatatype_soa, 0,
- (isc_stdtime_t) 0, &rdataset, NULL));
+ (isc_stdtime_t) 0, &rdataset, NULL));
CHECK(dns_rdataset_first(&rdataset));
dns_rdataset_current(&rdataset, &rdata);
CHECK(dns_rdata_tostruct(&rdata, &soa, NULL));
@@ -1820,9 +1834,9 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
*/
CHECK(rrset_exists(db, newver, name, type, 0, &flag));
if (flag) {
- CHECK(add_sigs(db, newver, name, type,
- &sig_diff, zone_keys, nkeys,
- client->mctx, inception,
+ CHECK(add_sigs(client, zone, db, newver, name,
+ type, &sig_diff, zone_keys,
+ nkeys, client->mctx, inception,
expire, check_ksk));
}
skip:
@@ -2006,10 +2020,10 @@ update_signatures(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
dns_rdatatype_rrsig, dns_rdatatype_nsec,
NULL, &sig_diff));
} else if (t->op == DNS_DIFFOP_ADD) {
- CHECK(add_sigs(db, newver, &t->name, dns_rdatatype_nsec,
- &sig_diff, zone_keys, nkeys,
- client->mctx, inception, expire,
- check_ksk));
+ CHECK(add_sigs(client, zone, db, newver, &t->name,
+ dns_rdatatype_nsec, &sig_diff,
+ zone_keys, nkeys, client->mctx,
+ inception, expire, check_ksk));
} else {
INSIST(0);
}
@@ -2274,7 +2288,7 @@ check_mx(ns_client_t *client, dns_zone_t *zone,
ownerbuf, namebuf,
dns_result_totext(DNS_R_MXISADDRESS));
}
-
+
/*
* Check zone integrity checks.
*/
@@ -2474,7 +2488,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
else if (client->signer == NULL)
CHECK(checkupdateacl(client, NULL, "update", zonename,
ISC_FALSE));
-
+
if (dns_zone_getupdatedisabled(zone))
FAILC(DNS_R_REFUSED, "dynamic update temporarily disabled");
@@ -2881,7 +2895,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
* The reason for failure should have been logged at this point.
*/
if (ver != NULL) {
- update_log(client, zone, LOGLEVEL_DEBUG,
+ update_log(client, zone, LOGLEVEL_DEBUG,
"rolling back");
dns_db_closeversion(db, &ver, ISC_FALSE);
}
@@ -2933,7 +2947,7 @@ updatedone_action(isc_task_t *task, isc_event_t *event) {
static void
forward_fail(isc_task_t *task, isc_event_t *event) {
- ns_client_t *client = (ns_client_t *)event->ev_arg;
+ ns_client_t *client = (ns_client_t *)event->ev_arg;
UNUSED(task);
diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in
index 6bb22f846ca2..713ec30b60f7 100644
--- a/bin/nsupdate/Makefile.in
+++ b/bin/nsupdate/Makefile.in
@@ -1,7 +1,7 @@
-# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2008 Internet Systems Consortium, Inc. ("ISC")
# Copyright (C) 2000-2002 Internet Software Consortium.
#
-# Permission to use, copy, modify, and distribute this software for any
+# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
@@ -13,7 +13,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.22.18.1 2004/07/20 07:03:20 marka Exp $
+# $Id: Makefile.in,v 1.22.18.3 2008/08/29 23:46:16 tbox Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -55,7 +55,7 @@ UOBJS =
SRCS = nsupdate.c
-MANPAGES = nsupdate.8
+MANPAGES = nsupdate.1
HTMLPAGES = nsupdate.html
@@ -76,8 +76,8 @@ clean distclean::
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
- $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+ $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
install:: nsupdate@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir}
- ${INSTALL_DATA} ${srcdir}/nsupdate.8 ${DESTDIR}${mandir}/man8
+ ${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1
diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.1
index 8e3963acc3de..454f50560f20 100644
--- a/bin/nsupdate/nsupdate.8
+++ b/bin/nsupdate/nsupdate.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
.\" Copyright (C) 2000-2003 Internet Software Consortium.
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: nsupdate.8,v 1.30.18.14 2007/05/09 03:33:13 marka Exp $
+.\" $Id: nsupdate.1,v 1.1.4.2 2008/09/01 02:29:00 tbox Exp $
.\"
.hy 0
.ad l
@@ -24,7 +24,7 @@
.\" Manual: BIND9
.\" Source: BIND9
.\"
-.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9"
+.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9"
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
@@ -342,7 +342,7 @@ base\-64 encoding of HMAC\-MD5 key created by
.PP
The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
.SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
.br
Copyright \(co 2000\-2003 Internet Software Consortium.
.br
diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
index 7f101744d9dd..88749e64f957 100644
--- a/bin/nsupdate/nsupdate.c
+++ b/bin/nsupdate/nsupdate.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.130.18.19 2007/08/28 07:20:01 tbox Exp $ */
+/* $Id: nsupdate.c,v 1.130.18.22 2008/01/17 23:45:58 tbox Exp $ */
/*! \file */
@@ -311,7 +311,7 @@ parse_hmac(dns_name_t **hmac, const char *hmacstr, size_t len) {
strncpy(buf, hmacstr, len);
buf[len] = 0;
-
+
if (strcasecmp(buf, "hmac-md5") == 0) {
*hmac = DNS_TSIG_HMACMD5_NAME;
} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
@@ -1155,7 +1155,7 @@ evaluate_key(char *cmdline) {
secret = isc_mem_allocate(mctx, secretlen);
if (secret == NULL)
fatal("out of memory");
-
+
isc_buffer_init(&secretbuf, secret, secretlen);
result = isc_base64_decodestring(secretstr, &secretbuf);
if (result != ISC_R_SUCCESS) {
@@ -1222,8 +1222,8 @@ evaluate_class(char *cmdline) {
}
r.base = word;
- r.length = strlen(word);
- result = dns_rdataclass_fromtext(&rdclass, &r);
+ r.length = strlen(word);
+ result = dns_rdataclass_fromtext(&rdclass, &r);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "could not parse class name: %s\n", word);
return (STATUS_SYNTAX);
@@ -1407,8 +1407,7 @@ update_addordelete(char *cmdline, isc_boolean_t isdelete) {
failure:
if (name != NULL)
dns_message_puttempname(updatemsg, &name);
- if (rdata != NULL)
- dns_message_puttemprdata(updatemsg, &rdata);
+ dns_message_puttemprdata(updatemsg, &rdata);
return (STATUS_SYNTAX);
}
@@ -1480,7 +1479,7 @@ show_message(dns_message_t *msg) {
setzone(userzone);
bufsz = INITTEXT;
- do {
+ do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large enough "
"buffer to display message\n");
@@ -1662,7 +1661,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
char buf[64];
isc_buffer_t b;
dns_rdataset_t *rds;
-
+
isc_buffer_init(&b, buf, sizeof(buf) - 1);
result = dns_rcode_totext(answer->rcode, &b);
check_result(result, "dns_rcode_totext");
@@ -1678,7 +1677,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
int bufsz;
bufsz = INITTEXT;
- do {
+ do {
if (bufsz > MAXTEXT) {
fprintf(stderr, "could not allocate large "
"enough buffer to display message\n");
@@ -1766,7 +1765,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
ddebug("recvsoa()");
requests--;
-
+
REQUIRE(event->ev_type == DNS_EVENT_REQUESTDONE);
reqev = (dns_requestevent_t *)event;
request = reqev->request;
@@ -1883,7 +1882,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
section = DNS_SECTION_ANSWER;
else if (pass == 1)
section = DNS_SECTION_AUTHORITY;
- else
+ else
goto droplabel;
result = dns_message_firstname(rcvmsg, section);
@@ -1912,7 +1911,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
break;
}
}
-
+
result = dns_message_nextname(rcvmsg, section);
}
@@ -1977,7 +1976,7 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
dns_message_destroy(&rcvmsg);
ddebug("Out of recvsoa");
return;
-
+
droplabel:
result = dns_message_firstname(soaquery, DNS_SECTION_QUESTION);
INSIST(result == ISC_R_SUCCESS);
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index 0ea49061addb..43fe69ad4853 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -2,7 +2,7 @@
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and/or distribute this software for any
@@ -18,14 +18,14 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.docbook,v 1.18.18.10 2007/08/28 07:20:01 tbox Exp $ -->
+<!-- $Id: nsupdate.docbook,v 1.18.18.12 2008/08/29 23:46:16 tbox Exp $ -->
<refentry>
<refentryinfo>
<date>Jun 30, 2000</date>
</refentryinfo>
<refmeta>
<refentrytitle>nsupdate</refentrytitle>
- <manvolnum>8</manvolnum>
+ <manvolnum>1</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
@@ -39,6 +39,7 @@
<year>2005</year>
<year>2006</year>
<year>2007</year>
+ <year>2008</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
<copyright>
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index d11b57ea6eb8..1fe0f9c15806 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: nsupdate.html,v 1.14.18.22 2007/05/09 03:33:13 marka Exp $ -->
+<!-- $Id: nsupdate.html,v 1.14.18.23 2008/09/01 02:29:00 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -32,7 +32,7 @@
<div class="cmdsynopsis"><p><code class="command">nsupdate</code> [<code class="option">-d</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] | [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2543417"></a><h2>DESCRIPTION</h2>
+<a name="id2543420"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">nsupdate</strong></span>
is used to submit Dynamic DNS Update requests as defined in RFC2136
to a name server.
@@ -153,7 +153,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543645"></a><h2>INPUT FORMAT</h2>
+<a name="id2543649"></a><h2>INPUT FORMAT</h2>
<p><span><strong class="command">nsupdate</strong></span>
reads input from
<em class="parameter"><code>filename</code></em>
@@ -402,7 +402,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544648"></a><h2>EXAMPLES</h2>
+<a name="id2544446"></a><h2>EXAMPLES</h2>
<p>
The examples below show how
<span><strong class="command">nsupdate</strong></span>
@@ -456,7 +456,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544692"></a><h2>FILES</h2>
+<a name="id2544490"></a><h2>FILES</h2>
<div class="variablelist"><dl>
<dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
<dd><p>
@@ -475,7 +475,7 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
-<a name="id2544829"></a><h2>SEE ALSO</h2>
+<a name="id2544560"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
<span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@@ -488,7 +488,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2544900"></a><h2>BUGS</h2>
+<a name="id2542172"></a><h2>BUGS</h2>
<p>
The TSIG key is redundantly stored in two separate files.
This is a consequence of nsupdate using the DST library
diff --git a/bin/rndc/rndc-confgen.c b/bin/rndc/rndc-confgen.c
index 0764104ffa22..bb7ba8151ef9 100644
--- a/bin/rndc/rndc-confgen.c
+++ b/bin/rndc/rndc-confgen.c
@@ -1,8 +1,8 @@
/*
- * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001, 2003 Internet Software Consortium.
*
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc-confgen.c,v 1.18.18.3 2005/04/29 00:15:40 marka Exp $ */
+/* $Id: rndc-confgen.c,v 1.18.18.5 2008/10/15 23:46:06 tbox Exp $ */
/*! \file */
@@ -62,7 +62,7 @@
#define DEFAULT_PORT 953
static char program[256];
-char *progname;
+const char *progname;
isc_boolean_t verbose = ISC_FALSE;
@@ -148,7 +148,7 @@ main(int argc, char **argv) {
isc_boolean_t keyonly = ISC_FALSE;
int len;
- keydef = keyfile = RNDC_KEYFILE;
+ keydef = keyfile = RNDC_KEYFILE;
result = isc_file_progname(*argv, program, sizeof(program));
if (result != ISC_R_SUCCESS)
@@ -286,7 +286,7 @@ main(int argc, char **argv) {
fatal("isc_mem_get(%d) failed\n", len);
snprintf(buf, len, "%s%s%s", chrootdir,
(*keyfile != '/') ? "/" : "", keyfile);
-
+
write_key_file(buf, user, keyname, &key_txtbuffer);
isc_mem_put(mctx, buf, len);
}
diff --git a/bin/rndc/rndc.8 b/bin/rndc/rndc.8
index 14a51b3c62f8..6858ed77cb15 100644
--- a/bin/rndc/rndc.8
+++ b/bin/rndc/rndc.8
@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
-.\" $Id: rndc.8,v 1.26.18.15 2007/06/20 02:26:58 marka Exp $
+.\" $Id: rndc.8,v 1.26.18.16 2007/12/14 22:37:16 marka Exp $
.\"
.hy 0
.ad l
@@ -133,6 +133,7 @@ Several error messages could be clearer.
.SH "SEE ALSO"
.PP
\fBrndc.conf\fR(5),
+\fBrndc\-confgen\fR(8),
\fBnamed\fR(8),
\fBnamed.conf\fR(5),
\fBndc\fR(8),
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index b916aea88bd0..772cc2975ca1 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rndc.c,v 1.96.18.17.42.3 2008/07/23 23:16:43 marka Exp $ */
+/* $Id: rndc.c,v 1.96.18.21 2008/10/15 03:07:19 marka Exp $ */
/*! \file */
@@ -61,7 +61,7 @@
#define SERVERADDRS 10
-char *progname;
+const char *progname;
isc_boolean_t verbose;
static const char *admin_conffile;
@@ -93,7 +93,7 @@ static void
usage(int status) {
fprintf(stderr, "\
Usage: %s [-c config] [-s server] [-p port]\n\
- [-k key-file ] [-y key] [-V] command\n\
+ [-k key-file ] [-y key] [-V] command\n\
\n\
command is one of the following:\n\
\n\
@@ -106,10 +106,10 @@ command is one of the following:\n\
Retransfer a single zone without checking serial number.\n\
freeze Suspend updates to all dynamic zones.\n\
freeze zone [class [view]]\n\
- Suspend updates to a dynamic zone.\n\
+ Suspend updates to a dynamic zone.\n\
thaw Enable updates to all dynamic zones and reload them.\n\
thaw zone [class [view]]\n\
- Enable updates to a frozen dynamic zone and reload it.\n\
+ Enable updates to a frozen dynamic zone and reload it.\n\
notify zone [class [view]]\n\
Resend NOTIFY messages for the zone.\n\
reconfig Reload configuration file and new zones only.\n\
@@ -152,7 +152,7 @@ get_addresses(const char *host, in_port_t port) {
result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
host);
if (result == ISC_R_SUCCESS)
- nserveraddrs++;
+ nserveraddrs++;
} else {
count = SERVERADDRS - nserveraddrs;
result = bind9_getaddresses(host, port,
@@ -485,7 +485,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
(void)cfg_map_get(config, "server", &servers);
if (servers != NULL) {
for (elt = cfg_list_first(servers);
- elt != NULL;
+ elt != NULL;
elt = cfg_list_next(elt))
{
const char *name;
@@ -521,7 +521,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
else {
DO("get config key list", cfg_map_get(config, "key", &keys));
for (elt = cfg_list_first(keys);
- elt != NULL;
+ elt != NULL;
elt = cfg_list_next(elt))
{
key = cfg_listelt_value(elt);
@@ -599,7 +599,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
get_addresses(name, (in_port_t) myport);
else
fprintf(stderr, "too many address: "
- "%s: dropped\n", name);
+ "%s: dropped\n", name);
continue;
}
sa = *cfg_obj_assockaddr(address);
@@ -739,7 +739,7 @@ main(int argc, char **argv) {
case 'y':
keyname = isc_commandline_argument;
break;
-
+
case '?':
usage(0);
break;
@@ -773,7 +773,7 @@ main(int argc, char **argv) {
logdest.file.maximum_size = 0;
DO("creating log channel",
isc_log_createchannel(logconfig, "stderr",
- ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
+ ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
NULL, NULL));
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index 0719a74461b5..f2f0a0d6a84b 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.docbook,v 1.8.18.12 2007/08/28 07:20:01 tbox Exp $ -->
+<!-- $Id: rndc.docbook,v 1.8.18.13 2007/12/14 20:53:58 marka Exp $ -->
<refentry id="man.rndc">
<refentryinfo>
<date>June 30, 2000</date>
@@ -225,6 +225,9 @@
<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
+ <refentrytitle>rndc-confgen</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
diff --git a/bin/rndc/rndc.html b/bin/rndc/rndc.html
index d4d0ebb693fe..c460225cb646 100644
--- a/bin/rndc/rndc.html
+++ b/bin/rndc/rndc.html
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: rndc.html,v 1.8.18.22 2007/06/20 02:26:58 marka Exp $ -->
+<!-- $Id: rndc.html,v 1.8.18.23 2007/12/14 22:37:16 marka Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -149,6 +149,7 @@
<div class="refsect1" lang="en">
<a name="id2543683"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
+ <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
<span class="citerefentry"><span class="refentrytitle">ndc</span>(8)</span>,
@@ -156,7 +157,7 @@
</p>
</div>
<div class="refsect1" lang="en">
-<a name="id2543730"></a><h2>AUTHOR</h2>
+<a name="id2543738"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
diff --git a/configure.in b/configure.in
index fb2f2e2aac3a..6320b6a18b19 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
-AC_REVISION($Revision: 1.355.18.71.8.2 $)
+AC_REVISION($Revision: 1.355.18.85 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.59)
@@ -232,6 +232,15 @@ case "$host" in
STD_CDEFINES="$STD_CDEFINES -D_XPG4_2 -D__EXTENSIONS__"
CPPFLAGS="$CPPFLAGS -D_XPG4_2 -D__EXTENSIONS__"
;;
+ # POSIX doesn't include the IPv6 Advanced Socket API and glibc hides
+ # parts of the IPv6 Advanced Socket API as a result. This is stupid
+ # as it breaks how the two halves (Basic and Advanced) of the IPv6
+ # Socket API were designed to be used but we have to live with it.
+ # Define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
+ *-linux*)
+ STD_CDEFINES="$STD_CDEFINES -D_GNU_SOURCE"
+ CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
+ ;;
esac
AC_HEADER_STDC
@@ -245,6 +254,7 @@ AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param
AC_C_CONST
AC_C_INLINE
+AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
#
@@ -316,6 +326,78 @@ lifconf.lifc_len = 0;
ISC_PLATFORM_HAVELIFCONF="#undef ISC_PLATFORM_HAVELIFCONF"])
AC_SUBST(ISC_PLATFORM_HAVELIFCONF)
+#
+# check if we have kqueue
+#
+AC_ARG_ENABLE(kqueue,
+ [ --enable-kqueue use BSD kqueue when available [[default=yes]]],
+ want_kqueue="$enableval", want_kqueue="yes")
+case $want_kqueue in
+yes)
+ AC_CHECK_FUNC(kqueue, ac_cv_have_kqueue=yes, ac_cv_have_kqueue=no)
+ case $ac_cv_have_kqueue in
+ yes)
+ ISC_PLATFORM_HAVEKQUEUE="#define ISC_PLATFORM_HAVEKQUEUE 1"
+ ;;
+ *)
+ ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
+ ;;
+ esac
+ ;;
+*)
+ ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
+ ;;
+esac
+AC_SUBST(ISC_PLATFORM_HAVEKQUEUE)
+
+#
+# check if we have epoll. Linux kernel 2.4 has epoll_create() which fails,
+# so we need to try running the code, not just test its existence.
+#
+AC_ARG_ENABLE(epoll,
+ [ --enable-epoll use Linux epoll when available [[default=yes]]],
+ want_epoll="$enableval", want_epoll="yes")
+case $want_epoll in
+yes)
+ AC_MSG_CHECKING(epoll support)
+ AC_TRY_RUN([
+#include <sys/epoll.h>
+int main() {
+ if (epoll_create(1) < 0)
+ return (1);
+ return (0);
+}
+],
+ [AC_MSG_RESULT(yes)
+ ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
+ [AC_MSG_RESULT(no)
+ ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
+ ;;
+*)
+ ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
+ ;;
+esac
+AC_SUBST(ISC_PLATFORM_HAVEEPOLL)
+
+#
+# check if we support /dev/poll
+#
+AC_ARG_ENABLE(devpoll,
+ [ --enable-devpoll use /dev/poll when available [[default=yes]]],
+ want_devpoll="$enableval", want_devpoll="yes")
+case $want_devpoll in
+yes)
+ AC_CHECK_HEADERS(sys/devpoll.h,
+ ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1"
+ ,
+ ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
+ )
+ ;;
+*)
+ ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
+ ;;
+esac
+AC_SUBST(ISC_PLATFORM_HAVEDEVPOLL)
#
# check if we need to #include sys/select.h explicitly
@@ -899,6 +981,16 @@ case "$host" in
esac
#
+# Work around Solaris's select() limitations.
+#
+case "$host" in
+ *-solaris2.[[89]]|*-solaris2.1?)
+ AC_DEFINE(FD_SETSIZE, 65536,
+ [Solaris hack to get select_large_fdset.])
+ ;;
+esac
+
+#
# Purify support
#
AC_MSG_CHECKING(whether to use purify)
@@ -943,6 +1035,14 @@ AC_SUBST(PURIFY)
#
# GNU libtool support
#
+case $build_os in
+sunos*)
+ # Just set the maximum command line length for sunos as it otherwise
+ # takes a exceptionally long time to work it out. Required for libtool.
+ lt_cv_sys_max_cmd_len=4096;
+ ;;
+esac
+
AC_ARG_WITH(libtool,
[ --with-libtool use GNU libtool (following indented options supported)],
use_libtool="$withval", use_libtool="no")
@@ -1695,7 +1795,8 @@ AC_ARG_ENABLE(linux-caps,
[ --disable-linux-caps disable linux capabilities])
case "$enable_linux_caps" in
yes|'')
- AC_CHECK_HEADERS(linux/capability.h)
+ AC_CHECK_HEADERS(linux/capability.h sys/capability.h)
+ AC_CHECK_FUNCS(capset)
;;
no)
;;
@@ -1782,6 +1883,18 @@ AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming
AC_SUBST(ISC_PLATFORM_RLIMITTYPE)
#
+# Older HP-UX doesn't have gettune
+#
+case "$host" in
+ *-hp-hpux*)
+ AC_CHECK_HEADERS(sys/dyntune.h)
+ ;;
+ *)
+ ;;
+esac
+
+
+#
# Compaq TruCluster requires more code for handling cluster IP aliases
#
case "$host" in
@@ -1839,7 +1952,7 @@ case "$host" in
[*-solaris2.[89]])
hack_shutup_pthreadonceinit=yes
;;
- *-solaris2.1[0-9])
+ *-solaris2.1[[0-9]])
hack_shutup_pthreadonceinit=yes
;;
esac
@@ -2162,27 +2275,39 @@ AC_SUBST($1)
])
#
-# Look for Docbook-XSL stylesheets. Location probably varies by
-# system. Guessing where it might be found, based on where SGML stuff
-# lives on some systems. FreeBSD is the only one I'm sure of at the
-# moment.
+# Look for Docbook-XSL stylesheets. Location probably varies by system.
+# If it's not explicitly specified, guess where it might be found, based on
+# where SGML stuff lives on some systems (FreeBSD is the only one we're sure
+# of at the moment).
#
-
-docbook_xsl_trees="/usr/pkg/share/xsl /usr/local/share/xsl /usr/share/xsl"
+AC_MSG_CHECKING(for Docbook-XSL path)
+AC_ARG_WITH(docbook-xsl,
+[ --with-docbook-xsl=PATH Specify path for Docbook-XSL stylesheets],
+ docbook_path="$withval", docbook_path="auto")
+case "$docbook_path" in
+auto)
+ AC_MSG_RESULT(auto)
+ docbook_xsl_trees="/usr/pkg/share/xsl/docbook /usr/local/share/xsl/docbook /usr/share/xsl/docbook"
+ ;;
+*)
+ docbook_xsl_trees="$withval"
+ AC_MSG_RESULT($docbook_xsl_trees)
+ ;;
+esac
#
# Look for stylesheets we need.
#
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, docbook/html/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, docbook/xhtml/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, docbook/manpages/docbook.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, docbook/html/chunk.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, docbook/xhtml/chunk.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_HTML, docbook/html/chunktoc.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_XHTML, docbook/xhtml/chunktoc.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, docbook/html/maketoc.xsl, $docbook_xsl_trees)
-NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, docbook/xhtml/maketoc.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_HTML, html/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_XHTML, xhtml/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_STYLE_MAN, manpages/docbook.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_HTML, html/chunk.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNK_XHTML, xhtml/chunk.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_HTML, html/chunktoc.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_CHUNKTOC_XHTML, xhtml/chunktoc.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_HTML, html/maketoc.xsl, $docbook_xsl_trees)
+NOM_PATH_FILE(XSLT_DOCBOOK_MAKETOC_XHTML, xhtml/maketoc.xsl, $docbook_xsl_trees)
#
# Same dance for db2latex
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 24642c13c2b7..cdcb9d8a4108 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.82.8.3 2008/07/23 12:04:32 marka Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.241.18.97 2008/10/17 19:37:35 jreed Exp $ -->
<book xmlns:xi="http://www.w3.org/2001/XInclude">
<title>BIND 9 Administrator Reference Manual</title>
@@ -639,13 +639,11 @@
<title>Supported Operating Systems</title>
<para>
ISC <acronym>BIND</acronym> 9 compiles and runs on a large
- number
- of Unix-like operating system and on NT-derived versions of
- Microsoft Windows such as Windows 2000 and Windows XP. For an
- up-to-date
- list of supported systems, see the README file in the top level
- directory
- of the BIND 9 source distribution.
+ number of Unix-like operating systems, and on some versions of
+ Microsoft Windows including Windows XP, Windows 2003, and
+ Windows 2008. For an up-to-date list of supported systems,
+ see the README file in the top level directory of the BIND 9
+ source distribution.
</para>
</sect1>
</chapter>
@@ -2930,6 +2928,33 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<row rowsep="0">
<entry colname="1">
<para>
+ <varname>port_list</varname>
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ A list of an <varname>ip_port</varname> or a port
+ range.
+ A port range is specified in the form of
+ <userinput>range</userinput> followed by
+ two <varname>ip_port</varname>s,
+ <varname>port_low</varname> and
+ <varname>port_high</varname>, which represents
+ port numbers from <varname>port_low</varname> through
+ <varname>port_high</varname>, inclusive.
+ <varname>port_low</varname> must not be larger than
+ <varname>port_high</varname>.
+ For example,
+ <userinput>range 1024 65535</userinput> represents
+ ports from 1024 through 65535.
+ In either case an asterisk (`*') character is not
+ allowed as a valid <varname>ip_port</varname>.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
<varname>size_spec</varname>
</para>
</entry>
@@ -3582,7 +3607,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
</sect2>
<sect2>
<title><command>include</command> Statement Grammar</title>
- <programlisting>include <replaceable>filename</replaceable>;</programlisting>
+ <programlisting><command>include</command> <replaceable>filename</replaceable>;</programlisting>
</sect2>
<sect2>
<title><command>include</command> Statement Definition and
@@ -3603,7 +3628,7 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
<sect2>
<title><command>key</command> Statement Grammar</title>
-<programlisting>key <replaceable>key_id</replaceable> {
+<programlisting><command>key</command> <replaceable>key_id</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
};
@@ -4364,7 +4389,7 @@ category notify { null; };
statement in the <filename>named.conf</filename> file:
</para>
-<programlisting>options {
+<programlisting><command>options</command> {
<optional> version <replaceable>version_string</replaceable>; </optional>
<optional> hostname <replaceable>hostname_string</replaceable>; </optional>
<optional> server-id <replaceable>server_id_string</replaceable>; </optional>
@@ -4425,7 +4450,9 @@ category notify { null; };
<optional> update-check-ksk <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-v6-synthesis { <replaceable>address_match_list</replaceable> }; </optional>
<optional> blackhole { <replaceable>address_match_list</replaceable> }; </optional>
+ <optional> use-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> avoid-v4-udp-ports { <replaceable>port_list</replaceable> }; </optional>
+ <optional> use-v6-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> avoid-v6-udp-ports { <replaceable>port_list</replaceable> }; </optional>
<optional> listen-on <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
<optional> listen-on-v6 <optional> port <replaceable>ip_port</replaceable> </optional> { <replaceable>address_match_list</replaceable> }; </optional>
@@ -5627,11 +5654,12 @@ options {
to address (A or AAAA) records and that glue
address records exist for delegated zones. For
MX and SRV records only in-zone hostnames are
- checked (for out-of-zone hostnames use named-checkzone).
+ checked (for out-of-zone hostnames use
+ <command>named-checkzone</command>).
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
- checks use named-checkzone). The default is
- <command>yes</command>.
+ checks use <command>named-checkzone</command>).
+ The default is <command>yes</command>.
</para>
</listitem>
</varlistentry>
@@ -6058,7 +6086,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
</para>
</sect3>
- <sect3>
+ <sect3 id="query_address">
<title>Query Address</title>
<para>
If the server doesn't know the answer to a question, it will
@@ -6068,25 +6096,94 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If <command>address</command> is <command>*</command> (asterisk) or is omitted,
a wildcard IP address (<command>INADDR_ANY</command>)
will be used.
+ </para>
+
+ <para>
If <command>port</command> is <command>*</command> or is omitted,
- a random unprivileged port number is picked up and will be
- used for each query.
- It is generally strongly discouraged to
- specify a particular port for the
- <command>query-source</command> or
- <command>query-source-v6</command> options;
- it implicitly disables the use of randomized port numbers
- and leads to insecure operation.
- The <command>avoid-v4-udp-ports</command>
- and <command>avoid-v6-udp-ports</command> options can be used
- to prevent named
- from selecting certain ports. The defaults are:
+ a random port number from a pre-configured
+ range is picked up and will be used for each query.
+ The port range(s) is that specified in
+ the <command>use-v4-udp-ports</command> (for IPv4)
+ and <command>use-v6-udp-ports</command> (for IPv6)
+ options, excluding the ranges specified in
+ the <command>avoid-v4-udp-ports</command>
+ and <command>avoid-v6-udp-ports</command> options, respectively.
+ </para>
+
+ <para>
+ The defaults of the <command>query-source</command> and
+ <command>query-source-v6</command> options
+ are:
</para>
<programlisting>query-source address * port *;
query-source-v6 address * port *;
</programlisting>
+ <para>
+ If <command>use-v4-udp-ports</command> or
+ <command>use-v6-udp-ports</command> is unspecified,
+ <command>named</command> will check if the operating
+ system provides a programming interface to retrieve the
+ system's default range for ephemeral ports.
+ If such an interface is available,
+ <command>named</command> will use the corresponding system
+ default range; otherwise, it will use its own defaults:
+ </para>
+
+<programlisting>use-v4-udp-ports { range 1024 65535; };
+use-v6-udp-ports { range 1024 65535; };
+</programlisting>
+
+ <para>
+ Note: make sure the ranges be sufficiently large for
+ security. A desirable size depends on various parameters,
+ but we generally recommend it contain at least 16384 ports
+ (14 bits of entropy).
+ Note also that the system's default range when used may be
+ too small for this purpose, and that the range may even be
+ changed while <command>named</command> is running; the new
+ range will automatically be applied when <command>named</command>
+ is reloaded.
+ It is encouraged to
+ configure <command>use-v4-udp-ports</command> and
+ <command>use-v6-udp-ports</command> explicitly so that the
+ ranges are sufficiently large and are reasonably
+ independent from the ranges used by other applications.
+ </para>
+
+ <para>
+ Note: the operational configuration
+ where <command>named</command> runs may prohibit the use
+ of some ports. For example, UNIX systems will not allow
+ <command>named</command> running without a root privilege
+ to use ports less than 1024.
+ If such ports are included in the specified (or detected)
+ set of query ports, the corresponding query attempts will
+ fail, resulting in resolution failures or delay.
+ It is therefore important to configure the set of ports
+ that can be safely used in the expected operational environment.
+ </para>
+
+ <para>
+ The defaults of the <command>avoid-v4-udp-ports</command> and
+ <command>avoid-v6-udp-ports</command> options
+ are:
+ </para>
+
+<programlisting>avoid-v4-udp-ports {};
+avoid-v6-udp-ports {};
+</programlisting>
+
+ <para>
+ Note: it is generally strongly discouraged to
+ specify a particular port for the
+ <command>query-source</command> or
+ <command>query-source-v6</command> options;
+ it implicitly disables the use of randomized port numbers
+ and can be insecure.
+ </para>
+
<note>
<para>
The address specified in the <command>query-source</command> option
@@ -6432,17 +6529,48 @@ query-source-v6 address * port *;
</sect3>
<sect3>
- <title>Bad UDP Port Lists</title>
- <para><command>avoid-v4-udp-ports</command>
- and <command>avoid-v6-udp-ports</command> specify a list
- of IPv4 and IPv6 UDP ports that will not be used as system
- assigned source ports for UDP sockets. These lists
- prevent named from choosing as its random source port a
- port that is blocked by your firewall. If a query went
- out with such a source port, the answer would not get by
- the firewall and the name server would have to query
- again.
+ <title>UDP Port Lists</title>
+ <para>
+ <command>use-v4-udp-ports</command>,
+ <command>avoid-v4-udp-ports</command>,
+ <command>use-v6-udp-ports</command>, and
+ <command>avoid-v6-udp-ports</command>
+ specify a list of IPv4 and IPv6 UDP ports that will be
+ used or not used as source ports for UDP messages.
+ See <xref linkend="query_address"/> about how the
+ available ports are determined.
+ For example, with the following configuration
</para>
+
+<programlisting>
+use-v6-udp-ports { range 32768 65535; };
+avoid-v6-udp-ports { 40000; range 50000 60000; };
+</programlisting>
+
+ <para>
+ UDP ports of IPv6 messages sent
+ from <command>named</command> will be in one
+ of the following ranges: 32768 to 39999, 40001 to 49999,
+ and 60001 to 65535.
+ </para>
+
+ <para>
+ <command>avoid-v4-udp-ports</command> and
+ <command>avoid-v6-udp-ports</command> can be used
+ to prevent <command>named</command> from choosing as its random source port a
+ port that is blocked by your firewall or a port that is
+ used by other applications;
+ if a query went out with a source port blocked by a
+ firewall, the
+ answer would not get by the firewall and the name server would
+ have to query again.
+ Note: the desired range can also be represented only with
+ <command>use-v4-udp-ports</command> and
+ <command>use-v6-udp-ports</command>, and the
+ <command>avoid-</command> options are redundant in that
+ sense; they are provided for backward compatibility and
+ to possibly simplify the port specification.
+ </para>
</sect3>
<sect3>
@@ -6618,8 +6746,10 @@ query-source-v6 address * port *;
transfers. The default is <literal>512</literal>.
The minimum value is <literal>128</literal> and the
maximum value is <literal>128</literal> less than
- 'files' or FD_SETSIZE (whichever is smaller). This
- option may be removed in the future.
+ maxsockets (-S). This option may be removed in the future.
+ </para>
+ <para>
+ This option has little effect on Windows.
</para>
</listitem>
</varlistentry>
@@ -6629,16 +6759,23 @@ query-source-v6 address * port *;
<listitem>
<para>
The maximum amount of memory to use for the
- server's cache, in bytes. When the amount of data in the
- cache
+ server's cache, in bytes.
+ When the amount of data in the cache
reaches this limit, the server will cause records to expire
- prematurely so that the limit is not exceeded. In a server
- with
- multiple views, the limit applies separately to the cache of
- each
- view. The default is <literal>unlimited</literal>, meaning that
- records are purged from the cache only when their TTLs
- expire.
+ prematurely so that the limit is not exceeded.
+ A value of 0 is special, meaning that
+ records are purged from the cache only when their
+ TTLs expire.
+ Another special keyword <userinput>unlimited</userinput>
+ means the maximum value of 32-bit unsigned integers
+ (0xffffffff), which may not have the same effect as
+ 0 on machines that support more than 32 bits of
+ memory space.
+ Any positive values less than 2MB will be ignored reset
+ to 2MB.
+ In a server with multiple views, the limit applies
+ separately to the cache of each view.
+ The default is 0.
</para>
</listitem>
</varlistentry>
@@ -7041,6 +7178,10 @@ query-source-v6 address * port *;
Sets the maximum time for which the server will
cache ordinary (positive) answers. The default is
one week (7 days).
+ A value of zero may cause all queries to return
+ SERVFAIL, because of lost caches of intermediate
+ RRsets (such as NS and glue AAAA/A records) in the
+ resolution process.
</para>
</listitem>
</varlistentry>
@@ -7320,9 +7461,8 @@ query-source-v6 address * port *;
<para>
The current list of empty zones is:
<itemizedlist>
+<!-- XXX: The RFC1918 addresses are #defined out in sources currently.
<listitem>10.IN-ADDR.ARPA</listitem>
- <listitem>127.IN-ADDR.ARPA</listitem>
- <listitem>254.169.IN-ADDR.ARPA</listitem>
<listitem>16.172.IN-ADDR.ARPA</listitem>
<listitem>17.172.IN-ADDR.ARPA</listitem>
<listitem>18.172.IN-ADDR.ARPA</listitem>
@@ -7340,7 +7480,12 @@ query-source-v6 address * port *;
<listitem>30.172.IN-ADDR.ARPA</listitem>
<listitem>31.172.IN-ADDR.ARPA</listitem>
<listitem>168.192.IN-ADDR.ARPA</listitem>
+XXX: end of RFC1918 addresses #defined out -->
+ <listitem>0.IN-ADDR.ARPA</listitem>
+ <listitem>127.IN-ADDR.ARPA</listitem>
+ <listitem>254.169.IN-ADDR.ARPA</listitem>
<listitem>2.0.192.IN-ADDR.ARPA</listitem>
+ <listitem>255.255.255.255.IN-ADDR.ARPA</listitem>
<listitem>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</listitem>
<listitem>D.F.IP6.ARPA</listitem>
@@ -7567,8 +7712,10 @@ query-source-v6 address * port *;
<command>success</command>,
<command>referral</command>,
<command>nxrrset</command>,
- <command>nxdomain</command>, or
- <command>failure</command>
+ <command>nxdomain</command>,
+ <command>failure</command>,
+ <command>duplicate</command>, or
+ <command>dropped</command>
to be incremented, and may additionally cause the
<command>recursion</command> counter to be
incremented.
@@ -7699,7 +7846,7 @@ query-source-v6 address * port *;
<sect2 id="server_statement_grammar">
<title><command>server</command> Statement Grammar</title>
-<programlisting>server <replaceable>ip_addr[/prefixlen]</replaceable> {
+<programlisting><command>server</command> <replaceable>ip_addr[/prefixlen]</replaceable> {
<optional> bogus <replaceable>yes_or_no</replaceable> ; </optional>
<optional> provide-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
<optional> request-ixfr <replaceable>yes_or_no</replaceable> ; </optional>
@@ -7908,7 +8055,7 @@ query-source-v6 address * port *;
<sect2>
<title><command>trusted-keys</command> Statement Grammar</title>
-<programlisting>trusted-keys {
+<programlisting><command>trusted-keys</command> {
<replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ;
<optional> <replaceable>string</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>number</replaceable> <replaceable>string</replaceable> ; <optional>...</optional></optional>
};
@@ -7949,7 +8096,7 @@ query-source-v6 address * port *;
<sect2 id="view_statement_grammar">
<title><command>view</command> Statement Grammar</title>
-<programlisting>view <replaceable>view_name</replaceable>
+<programlisting><command>view</command> <replaceable>view_name</replaceable>
<optional><replaceable>class</replaceable></optional> {
match-clients { <replaceable>address_match_list</replaceable> };
match-destinations { <replaceable>address_match_list</replaceable> };
@@ -8005,7 +8152,7 @@ query-source-v6 address * port *;
<para>
Zones defined within a <command>view</command>
statement will
- be only be accessible to clients that match the <command>view</command>.
+ only be accessible to clients that match the <command>view</command>.
By defining a zone of the same name in multiple views, different
zone data can be given to different clients, for example,
"internal"
@@ -8090,7 +8237,7 @@ view "external" {
<title><command>zone</command>
Statement Grammar</title>
-<programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
+<programlisting><command>zone</command> <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> {
type master;
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
@@ -9436,6 +9583,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<row rowsep="0">
<entry colname="1">
<para>
+ IPSECKEY
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Provides a method for storing IPsec keying material in
+ DNS. Described in RFC 4025.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
ISDN
</para>
</entry>
@@ -9674,6 +9834,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<row rowsep="0">
<entry colname="1">
<para>
+ SPF
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Contains the Sender Policy Framework information
+ for a given email domain. Described in RFC 4408.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
SRV
</para>
</entry>
@@ -9687,6 +9860,19 @@ zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replacea
<row rowsep="0">
<entry colname="1">
<para>
+ SSHFP
+ </para>
+ </entry>
+ <entry colname="2">
+ <para>
+ Provides a way to securly publish a secure shell key's
+ fingerprint. Described in RFC 4255.
+ </para>
+ </entry>
+ </row>
+ <row rowsep="0">
+ <entry colname="1">
+ <para>
TXT
</para>
</entry>
@@ -10469,7 +10655,7 @@ $GENERATE 1-127 $ CNAME $.0</programlisting>
is equivalent to
</para>
-<programlisting>0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
+<programlisting>0.0.0.192.IN-ADDR.ARPA. NS SERVER1.EXAMPLE.
0.0.0.192.IN-ADDR.ARPA. NS SERVER2.EXAMPLE.
1.0.0.192.IN-ADDR.ARPA. CNAME 1.0.0.0.192.IN-ADDR.ARPA.
2.0.0.192.IN-ADDR.ARPA. CNAME 2.0.0.0.192.IN-ADDR.ARPA.
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 30e9e0da4724..76a4bb71ecd6 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.21 2007/10/31 01:35:57 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch01.html,v 1.16.18.26 2008/05/24 01:31:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,17 +45,17 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564117">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564140">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563474">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564816">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563405">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564385">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564524">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564637">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564837">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564871">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567208">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567285">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567526">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567588">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564659">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564693">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564845">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567243">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567416">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567546">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -71,7 +71,7 @@
</p>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564117"></a>Scope of Document</h2></div></div></div>
+<a name="id2563405"></a>Scope of Document</h2></div></div></div>
<p>
The Berkeley Internet Name Domain
(<acronym class="acronym">BIND</acronym>) implements a
@@ -87,7 +87,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564140"></a>Organization of This Document</h2></div></div></div>
+<a name="id2564385"></a>Organization of This Document</h2></div></div></div>
<p>
In this document, <span class="emphasis"><em>Section 1</em></span> introduces
the basic <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym> concepts. <span class="emphasis"><em>Section 2</em></span>
@@ -116,7 +116,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2563474"></a>Conventions Used in This Document</h2></div></div></div>
+<a name="id2564524"></a>Conventions Used in This Document</h2></div></div></div>
<p>
In this document, we use the following general typographic
conventions:
@@ -243,7 +243,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2564816"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
+<a name="id2564637"></a>The Domain Name System (<acronym class="acronym">DNS</acronym>)</h2></div></div></div>
<p>
The purpose of this document is to explain the installation
and upkeep of the <acronym class="acronym">BIND</acronym> (Berkeley Internet
@@ -253,7 +253,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564837"></a>DNS Fundamentals</h3></div></div></div>
+<a name="id2564659"></a>DNS Fundamentals</h3></div></div></div>
<p>
The Domain Name System (DNS) is a hierarchical, distributed
database. It stores information for mapping Internet host names to
@@ -273,7 +273,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2564871"></a>Domains and Domain Names</h3></div></div></div>
+<a name="id2564693"></a>Domains and Domain Names</h3></div></div></div>
<p>
The data stored in the DNS is identified by <span class="emphasis"><em>domain names</em></span> that are organized as a tree according to
organizational or administrative boundaries. Each node of the tree,
@@ -319,7 +319,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567208"></a>Zones</h3></div></div></div>
+<a name="id2564845"></a>Zones</h3></div></div></div>
<p>
To properly operate a name server, it is important to understand
the difference between a <span class="emphasis"><em>zone</em></span>
@@ -372,7 +372,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567285"></a>Authoritative Name Servers</h3></div></div></div>
+<a name="id2567243"></a>Authoritative Name Servers</h3></div></div></div>
<p>
Each zone is served by at least
one <span class="emphasis"><em>authoritative name server</em></span>,
@@ -389,7 +389,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567308"></a>The Primary Master</h4></div></div></div>
+<a name="id2567267"></a>The Primary Master</h4></div></div></div>
<p>
The authoritative server where the master copy of the zone
data is maintained is called the
@@ -409,7 +409,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567338"></a>Slave Servers</h4></div></div></div>
+<a name="id2567297"></a>Slave Servers</h4></div></div></div>
<p>
The other authoritative servers, the <span class="emphasis"><em>slave</em></span>
servers (also known as <span class="emphasis"><em>secondary</em></span> servers)
@@ -425,7 +425,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567360"></a>Stealth Servers</h4></div></div></div>
+<a name="id2567386"></a>Stealth Servers</h4></div></div></div>
<p>
Usually all of the zone's authoritative servers are listed in
NS records in the parent zone. These NS records constitute
@@ -460,7 +460,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567526"></a>Caching Name Servers</h3></div></div></div>
+<a name="id2567416"></a>Caching Name Servers</h3></div></div></div>
<p>
The resolver libraries provided by most operating systems are
<span class="emphasis"><em>stub resolvers</em></span>, meaning that they are not
@@ -487,7 +487,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2567561"></a>Forwarding</h4></div></div></div>
+<a name="id2567520"></a>Forwarding</h4></div></div></div>
<p>
Even a caching name server does not necessarily perform
the complete recursive lookup itself. Instead, it can
@@ -514,7 +514,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2567588"></a>Name Servers in Multiple Roles</h3></div></div></div>
+<a name="id2567546"></a>Name Servers in Multiple Roles</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> name server can
simultaneously act as
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index cbf6c15b65dd..f2abce42f488 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.21 2007/10/31 01:35:57 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch02.html,v 1.13.18.28 2008/09/12 01:32:08 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,16 +45,16 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567622">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567649">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567661">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567688">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567699">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567580">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567607">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567851">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567862">Supported Operating Systems</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567622"></a>Hardware requirements</h2></div></div></div>
+<a name="id2567580"></a>Hardware requirements</h2></div></div></div>
<p>
<acronym class="acronym">DNS</acronym> hardware requirements have
traditionally been quite modest.
@@ -73,7 +73,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567649"></a>CPU Requirements</h2></div></div></div>
+<a name="id2567607"></a>CPU Requirements</h2></div></div></div>
<p>
CPU requirements for <acronym class="acronym">BIND</acronym> 9 range from
i486-class machines
@@ -84,7 +84,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567661"></a>Memory Requirements</h2></div></div></div>
+<a name="id2567620"></a>Memory Requirements</h2></div></div></div>
<p>
The memory of the server has to be large enough to fit the
cache and zones loaded off disk. The <span><strong class="command">max-cache-size</strong></span>
@@ -107,7 +107,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567688"></a>Name Server Intensive Environment Issues</h2></div></div></div>
+<a name="id2567851"></a>Name Server Intensive Environment Issues</h2></div></div></div>
<p>
For name server intensive environments, there are two alternative
configurations that may be used. The first is where clients and
@@ -124,16 +124,14 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2567699"></a>Supported Operating Systems</h2></div></div></div>
+<a name="id2567862"></a>Supported Operating Systems</h2></div></div></div>
<p>
ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
- number
- of Unix-like operating system and on NT-derived versions of
- Microsoft Windows such as Windows 2000 and Windows XP. For an
- up-to-date
- list of supported systems, see the README file in the top level
- directory
- of the BIND 9 source distribution.
+ number of Unix-like operating systems, and on some versions of
+ Microsoft Windows including Windows XP, Windows 2003, and
+ Windows 2008. For an up-to-date list of supported systems,
+ see the README file in the top level directory of the BIND 9
+ source distribution.
</p>
</div>
</div>
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 18f2711517c9..4d39c51a8520 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.31 2007/10/31 01:35:57 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch03.html,v 1.35.18.36 2008/05/24 01:31:10 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,14 +47,14 @@
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567894">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567910">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568001">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568423">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568428">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570142">Signals</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -68,7 +68,7 @@
<a name="sample_configuration"></a>Sample Configurations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568004"></a>A Caching-only Name Server</h3></div></div></div>
+<a name="id2567894"></a>A Caching-only Name Server</h3></div></div></div>
<p>
The following sample configuration is appropriate for a caching-only
name server for use by clients internal to a corporation. All
@@ -95,7 +95,7 @@ zone "0.0.127.in-addr.arpa" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568020"></a>An Authoritative-only Name Server</h3></div></div></div>
+<a name="id2567910"></a>An Authoritative-only Name Server</h3></div></div></div>
<p>
This sample configuration is for an authoritative-only server
that is the master server for "<code class="filename">example.com</code>"
@@ -137,7 +137,7 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568042"></a>Load Balancing</h2></div></div></div>
+<a name="id2568001"></a>Load Balancing</h2></div></div></div>
<p>
A primitive form of load balancing can be achieved in
the <acronym class="acronym">DNS</acronym> by using multiple records
@@ -280,10 +280,10 @@ zone "eng.example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2568465"></a>Name Server Operations</h2></div></div></div>
+<a name="id2568423"></a>Name Server Operations</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2568470"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
+<a name="id2568428"></a>Tools for Use With the Name Server Daemon</h3></div></div></div>
<p>
This section describes several indispensable diagnostic,
administrative and monitoring tools available to the system
@@ -739,7 +739,7 @@ controls {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570184"></a>Signals</h3></div></div></div>
+<a name="id2570142"></a>Signals</h3></div></div></div>
<p>
Certain UNIX signals cause the name server to take specific
actions, as described in the following table. These signals can
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 09507fe53cbc..e31d85d2c33e 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.41 2007/10/31 01:35:57 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch04.html,v 1.40.18.46 2008/05/24 01:31:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -49,29 +49,29 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570642">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570660">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570600">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570618">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571095">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571169">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571179">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571219">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571413">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571458">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570985">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571127">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571138">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571177">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571303">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571416">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571472">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571521">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571430">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571547">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571725">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571795">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571874">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571684">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571753">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571832">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571975">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572215">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572236">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572173">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572195">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl>
</div>
@@ -205,7 +205,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570642"></a>Split DNS</h2></div></div></div>
+<a name="id2570600"></a>Split DNS</h2></div></div></div>
<p>
Setting up different views, or visibility, of the DNS space to
internal and external resolvers is usually referred to as a
@@ -235,7 +235,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2570660"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570618"></a>Example split DNS setup</h3></div></div></div>
<p>
Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
(<code class="literal">example.com</code>)
@@ -481,7 +481,7 @@ nameserver 172.16.72.4
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571095"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
+<a name="id2570985"></a>Generate Shared Keys for Each Pair of Hosts</h3></div></div></div>
<p>
A shared secret is generated to be shared between <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host2</em></span>.
An arbitrary key name is chosen: "host1-host2.". The key name must
@@ -489,7 +489,7 @@ nameserver 172.16.72.4
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571112"></a>Automatic Generation</h4></div></div></div>
+<a name="id2571070"></a>Automatic Generation</h4></div></div></div>
<p>
The following command will generate a 128-bit (16 byte) HMAC-MD5
key as described above. Longer keys are better, but shorter keys
@@ -514,7 +514,7 @@ nameserver 172.16.72.4
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2571150"></a>Manual Generation</h4></div></div></div>
+<a name="id2571109"></a>Manual Generation</h4></div></div></div>
<p>
The shared secret is simply a random sequence of bits, encoded
in base-64. Most ASCII strings are valid base-64 strings (assuming
@@ -529,7 +529,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571169"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
+<a name="id2571127"></a>Copying the Shared Secret to Both Machines</h3></div></div></div>
<p>
This is beyond the scope of DNS. A secure transport mechanism
should be used. This could be secure FTP, ssh, telephone, etc.
@@ -537,7 +537,7 @@ nameserver 172.16.72.4
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571179"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
+<a name="id2571138"></a>Informing the Servers of the Key's Existence</h3></div></div></div>
<p>
Imagine <span class="emphasis"><em>host1</em></span> and <span class="emphasis"><em>host 2</em></span>
are
@@ -566,7 +566,7 @@ key host1-host2. {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571219"></a>Instructing the Server to Use the Key</h3></div></div></div>
+<a name="id2571177"></a>Instructing the Server to Use the Key</h3></div></div></div>
<p>
Since keys are shared between two hosts only, the server must
be told when keys are to be used. The following is added to the <code class="filename">named.conf</code> file
@@ -598,7 +598,7 @@ server 10.1.2.3 {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571413"></a>TSIG Key Based Access Control</h3></div></div></div>
+<a name="id2571303"></a>TSIG Key Based Access Control</h3></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> allows IP addresses and ranges
to be specified in ACL
@@ -626,7 +626,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571458"></a>Errors</h3></div></div></div>
+<a name="id2571416"></a>Errors</h3></div></div></div>
<p>
The processing of TSIG signed messages can result in
several errors. If a signed message is sent to a non-TSIG aware
@@ -652,7 +652,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571472"></a>TKEY</h2></div></div></div>
+<a name="id2571430"></a>TKEY</h2></div></div></div>
<p><span><strong class="command">TKEY</strong></span>
is a mechanism for automatically generating a shared secret
between two hosts. There are several "modes" of
@@ -688,7 +688,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2571521"></a>SIG(0)</h2></div></div></div>
+<a name="id2571547"></a>SIG(0)</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
transaction signatures as specified in RFC 2535 and RFC2931.
@@ -749,7 +749,7 @@ allow-update { key host1-host2. ;};
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571725"></a>Generating Keys</h3></div></div></div>
+<a name="id2571684"></a>Generating Keys</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-keygen</strong></span> program is used to
generate keys.
@@ -800,7 +800,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571795"></a>Signing the Zone</h3></div></div></div>
+<a name="id2571753"></a>Signing the Zone</h3></div></div></div>
<p>
The <span><strong class="command">dnssec-signzone</strong></span> program is used
to
@@ -844,7 +844,7 @@ allow-update { key host1-host2. ;};
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2571874"></a>Configuring Servers</h3></div></div></div>
+<a name="id2571832"></a>Configuring Servers</h3></div></div></div>
<p>
To enable <span><strong class="command">named</strong></span> to respond appropriately
to DNS requests from DNSSEC aware clients,
@@ -932,7 +932,7 @@ options {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572153"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
+<a name="id2571975"></a>IPv6 Support in <acronym class="acronym">BIND</acronym> 9</h2></div></div></div>
<p>
<acronym class="acronym">BIND</acronym> 9 fully supports all currently
defined forms of IPv6
@@ -971,7 +971,7 @@ options {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572215"></a>Address Lookups Using AAAA Records</h3></div></div></div>
+<a name="id2572173"></a>Address Lookups Using AAAA Records</h3></div></div></div>
<p>
The IPv6 AAAA record is a parallel to the IPv4 A record,
and, unlike the deprecated A6 record, specifies the entire
@@ -990,7 +990,7 @@ host 3600 IN AAAA 2001:db8::1
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2572236"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
+<a name="id2572195"></a>Address to Name Lookups Using Nibble Format</h3></div></div></div>
<p>
When looking up an address in nibble format, the address
components are simply reversed, just as in IPv4, and
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 80418b9a22da..33d1d0d195a0 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.33 2007/10/31 01:35:58 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch05.html,v 1.33.18.38 2008/05/24 01:31:11 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,13 +45,13 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572269">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572228">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2572269"></a>The Lightweight Resolver Library</h2></div></div></div>
+<a name="id2572228"></a>The Lightweight Resolver Library</h2></div></div></div>
<p>
Traditionally applications have been linked with a stub resolver
library that sends recursive DNS queries to a local caching name
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 59b9cf59a2cd..e2929068970d 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.73.8.1 2008/05/27 22:07:34 each Exp $ -->
+<!-- $Id: Bv9ARM.ch06.html,v 1.82.18.88 2008/10/18 01:29:58 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,52 +48,52 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573480">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573436">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574092"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574117"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574282"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574307"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574711"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574736"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574753"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574749"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574771"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575056"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574776"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574800"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574958"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576406"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576480"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576544"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576587"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576435"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576508"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576572"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576616"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576602"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576631"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585361"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585410"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585614"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585666"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585490"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585748"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586798"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587332"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589080">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589477">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591101">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591500">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591653">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591848">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592173"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592188">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592384">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592572"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl>
@@ -355,6 +355,33 @@
<tr>
<td>
<p>
+ <code class="varname">port_list</code>
+ </p>
+ </td>
+<td>
+ <p>
+ A list of an <code class="varname">ip_port</code> or a port
+ range.
+ A port range is specified in the form of
+ <strong class="userinput"><code>range</code></strong> followed by
+ two <code class="varname">ip_port</code>s,
+ <code class="varname">port_low</code> and
+ <code class="varname">port_high</code>, which represents
+ port numbers from <code class="varname">port_low</code> through
+ <code class="varname">port_high</code>, inclusive.
+ <code class="varname">port_low</code> must not be larger than
+ <code class="varname">port_high</code>.
+ For example,
+ <strong class="userinput"><code>range 1024 65535</code></strong> represents
+ ports from 1024 through 65535.
+ In either case an asterisk (`*') character is not
+ allowed as a valid <code class="varname">ip_port</code>.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
<code class="varname">size_spec</code>
</p>
</td>
@@ -428,7 +455,7 @@
<a name="address_match_lists"></a>Address Match Lists</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573277"></a>Syntax</h4></div></div></div>
+<a name="id2573302"></a>Syntax</h4></div></div></div>
<pre class="programlisting"><code class="varname">address_match_list</code> = address_match_list_element ;
[<span class="optional"> address_match_list_element; ... </span>]
<code class="varname">address_match_list_element</code> = [<span class="optional"> ! </span>] (ip_address [<span class="optional">/length</span>] |
@@ -437,7 +464,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573305"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573330"></a>Definition and Usage</h4></div></div></div>
<p>
Address match lists are primarily used to determine access
control for various server operations. They are also used in
@@ -515,7 +542,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2573480"></a>Comment Syntax</h3></div></div></div>
+<a name="id2573436"></a>Comment Syntax</h3></div></div></div>
<p>
The <acronym class="acronym">BIND</acronym> 9 comment syntax allows for
comments to appear
@@ -525,7 +552,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573495"></a>Syntax</h4></div></div></div>
+<a name="id2573588"></a>Syntax</h4></div></div></div>
<p>
</p>
<pre class="programlisting">/* This is a <acronym class="acronym">BIND</acronym> comment as in C */</pre>
@@ -540,7 +567,7 @@
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2573525"></a>Definition and Usage</h4></div></div></div>
+<a name="id2573618"></a>Definition and Usage</h4></div></div></div>
<p>
Comments may appear anywhere that whitespace may appear in
a <acronym class="acronym">BIND</acronym> configuration file.
@@ -774,7 +801,7 @@
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574092"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574117"></a><span><strong class="command">acl</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">acl</strong></span> acl-name {
address_match_list
};
@@ -857,7 +884,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574282"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574307"></a><span><strong class="command">controls</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">controls</strong></span> {
[ inet ( ip_addr | * ) [ port ip_port ] allow { <em class="replaceable"><code> address_match_list </code></em> }
keys { <em class="replaceable"><code>key_list</code></em> }; ]
@@ -979,12 +1006,12 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574711"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting">include <em class="replaceable"><code>filename</code></em>;</pre>
+<a name="id2574736"></a><span><strong class="command">include</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span><strong class="command">include</strong></span> <em class="replaceable"><code>filename</code></em>;</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574726"></a><span><strong class="command">include</strong></span> Statement Definition and
+<a name="id2574753"></a><span><strong class="command">include</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">include</strong></span> statement inserts the
@@ -999,8 +1026,8 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574749"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting">key <em class="replaceable"><code>key_id</code></em> {
+<a name="id2574776"></a><span><strong class="command">key</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span><strong class="command">key</strong></span> <em class="replaceable"><code>key_id</code></em> {
algorithm <em class="replaceable"><code>string</code></em>;
secret <em class="replaceable"><code>string</code></em>;
};
@@ -1008,7 +1035,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574771"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2574800"></a><span><strong class="command">key</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">key</strong></span> statement defines a shared
secret key for use with TSIG (see <a href="Bv9ARM.ch04.html#tsig" title="TSIG">the section called &#8220;TSIG&#8221;</a>)
@@ -1055,7 +1082,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2574930"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2574958"></a><span><strong class="command">logging</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting"><span><strong class="command">logging</strong></span> {
[ <span><strong class="command">channel</strong></span> <em class="replaceable"><code>channel_name</code></em> {
( <span><strong class="command">file</strong></span> <em class="replaceable"><code>path name</code></em>
@@ -1079,7 +1106,7 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2575056"></a><span><strong class="command">logging</strong></span> Statement Definition and
+<a name="id2575084"></a><span><strong class="command">logging</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p>
The <span><strong class="command">logging</strong></span> statement configures a
@@ -1113,7 +1140,7 @@
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2575108"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
+<a name="id2575137"></a>The <span><strong class="command">channel</strong></span> Phrase</h4></div></div></div>
<p>
All log output goes to one or more <span class="emphasis"><em>channels</em></span>;
you can make as many of them as you want.
@@ -1632,7 +1659,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576406"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2576435"></a><span><strong class="command">lwres</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">lwres</strong></span>
statement in the <code class="filename">named.conf</code> file:
@@ -1647,7 +1674,7 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576480"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2576508"></a><span><strong class="command">lwres</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">lwres</strong></span> statement configures the
name
@@ -1698,14 +1725,14 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576544"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2576572"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
<pre class="programlisting">
<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
</pre>
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576587"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2576616"></a><span><strong class="command">masters</strong></span> Statement Definition and
Usage</h3></div></div></div>
<p><span><strong class="command">masters</strong></span>
lists allow for a common set of masters to be easily used by
@@ -1714,12 +1741,12 @@ category notify { null; };
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2576602"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2576631"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
<p>
This is the grammar of the <span><strong class="command">options</strong></span>
statement in the <code class="filename">named.conf</code> file:
</p>
-<pre class="programlisting">options {
+<pre class="programlisting"><span><strong class="command">options</strong></span> {
[<span class="optional"> version <em class="replaceable"><code>version_string</code></em>; </span>]
[<span class="optional"> hostname <em class="replaceable"><code>hostname_string</code></em>; </span>]
[<span class="optional"> server-id <em class="replaceable"><code>server_id_string</code></em>; </span>]
@@ -1780,7 +1807,9 @@ category notify { null; };
[<span class="optional"> update-check-ksk <em class="replaceable"><code>yes_or_no</code></em>; </span>]
[<span class="optional"> allow-v6-synthesis { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> blackhole { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
+ [<span class="optional"> use-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v4-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
+ [<span class="optional"> use-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> avoid-v6-udp-ports { <em class="replaceable"><code>port_list</code></em> }; </span>]
[<span class="optional"> listen-on [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>ip_port</code></em> </span>] { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@@ -1797,6 +1826,7 @@ category notify { null; };
[<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> max-transfer-idle-out <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> tcp-clients <em class="replaceable"><code>number</code></em>; </span>]
+ [<span class="optional"> reserved-sockets <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> recursive-clients <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-query-rate <em class="replaceable"><code>number</code></em>; </span>]
[<span class="optional"> serial-queries <em class="replaceable"><code>number</code></em>; </span>]
@@ -2739,11 +2769,12 @@ options {
to address (A or AAAA) records and that glue
address records exist for delegated zones. For
MX and SRV records only in-zone hostnames are
- checked (for out-of-zone hostnames use named-checkzone).
+ checked (for out-of-zone hostnames use
+ <span><strong class="command">named-checkzone</strong></span>).
For NS records only names below top of zone are
checked (for out-of-zone names and glue consistency
- checks use named-checkzone). The default is
- <span><strong class="command">yes</strong></span>.
+ checks use <span><strong class="command">named-checkzone</strong></span>).
+ The default is <span><strong class="command">yes</strong></span>.
</p></dd>
<dt><span class="term"><span><strong class="command">check-mx-cname</strong></span></span></dt>
<dd><p>
@@ -2789,7 +2820,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2580536"></a>Forwarding</h4></div></div></div>
+<a name="id2580525"></a>Forwarding</h4></div></div></div>
<p>
The forwarding facility can be used to create a large site-wide
cache on a few servers, reducing traffic over links to external
@@ -2833,7 +2864,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2580595"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2580721"></a>Dual-stack Servers</h4></div></div></div>
<p>
Dual-stack servers are used as servers of last resort to work
around
@@ -2988,7 +3019,7 @@ options {
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2581153"></a>Interfaces</h4></div></div></div>
+<a name="id2581142"></a>Interfaces</h4></div></div></div>
<p>
The interfaces and ports that the server will answer queries
from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -3068,7 +3099,7 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2581241"></a>Query Address</h4></div></div></div>
+<a name="query_address"></a>Query Address</h4></div></div></div>
<p>
If the server doesn't know the answer to a question, it will
query other name servers. <span><strong class="command">query-source</strong></span> specifies
@@ -3077,23 +3108,83 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
If <span><strong class="command">address</strong></span> is <span><strong class="command">*</strong></span> (asterisk) or is omitted,
a wildcard IP address (<span><strong class="command">INADDR_ANY</strong></span>)
will be used.
+ </p>
+<p>
If <span><strong class="command">port</strong></span> is <span><strong class="command">*</strong></span> or is omitted,
- a random unprivileged port number is picked up and will be
- used for each query.
- It is generally strongly discouraged to
- specify a particular port for the
- <span><strong class="command">query-source</strong></span> or
- <span><strong class="command">query-source-v6</strong></span>
- options; it implicitly disables the use of randomized port numbers
- and leads to insecure operation.
- The <span><strong class="command">avoid-v4-udp-ports</strong></span>
- and <span><strong class="command">avoid-v6-udp-ports</strong></span> options can be used
- to prevent named
- from selecting certain ports. The defaults are:
+ a random port number from a pre-configured
+ range is picked up and will be used for each query.
+ The port range(s) is that specified in
+ the <span><strong class="command">use-v4-udp-ports</strong></span> (for IPv4)
+ and <span><strong class="command">use-v6-udp-ports</strong></span> (for IPv6)
+ options, excluding the ranges specified in
+ the <span><strong class="command">avoid-v4-udp-ports</strong></span>
+ and <span><strong class="command">avoid-v6-udp-ports</strong></span> options, respectively.
+ </p>
+<p>
+ The defaults of the <span><strong class="command">query-source</strong></span> and
+ <span><strong class="command">query-source-v6</strong></span> options
+ are:
</p>
<pre class="programlisting">query-source address * port *;
query-source-v6 address * port *;
</pre>
+<p>
+ If <span><strong class="command">use-v4-udp-ports</strong></span> or
+ <span><strong class="command">use-v6-udp-ports</strong></span> is unspecified,
+ <span><strong class="command">named</strong></span> will check if the operating
+ system provides a programming interface to retrieve the
+ system's default range for ephemeral ports.
+ If such an interface is available,
+ <span><strong class="command">named</strong></span> will use the corresponding system
+ default range; otherwise, it will use its own defaults:
+ </p>
+<pre class="programlisting">use-v4-udp-ports { range 1024 65535; };
+use-v6-udp-ports { range 1024 65535; };
+</pre>
+<p>
+ Note: make sure the ranges be sufficiently large for
+ security. A desirable size depends on various parameters,
+ but we generally recommend it contain at least 16384 ports
+ (14 bits of entropy).
+ Note also that the system's default range when used may be
+ too small for this purpose, and that the range may even be
+ changed while <span><strong class="command">named</strong></span> is running; the new
+ range will automatically be applied when <span><strong class="command">named</strong></span>
+ is reloaded.
+ It is encouraged to
+ configure <span><strong class="command">use-v4-udp-ports</strong></span> and
+ <span><strong class="command">use-v6-udp-ports</strong></span> explicitly so that the
+ ranges are sufficiently large and are reasonably
+ independent from the ranges used by other applications.
+ </p>
+<p>
+ Note: the operational configuration
+ where <span><strong class="command">named</strong></span> runs may prohibit the use
+ of some ports. For example, UNIX systems will not allow
+ <span><strong class="command">named</strong></span> running without a root privilege
+ to use ports less than 1024.
+ If such ports are included in the specified (or detected)
+ set of query ports, the corresponding query attempts will
+ fail, resulting in resolution failures or delay.
+ It is therefore important to configure the set of ports
+ that can be safely used in the expected operational environment.
+ </p>
+<p>
+ The defaults of the <span><strong class="command">avoid-v4-udp-ports</strong></span> and
+ <span><strong class="command">avoid-v6-udp-ports</strong></span> options
+ are:
+ </p>
+<pre class="programlisting">avoid-v4-udp-ports {};
+avoid-v6-udp-ports {};
+</pre>
+<p>
+ Note: it is generally strongly discouraged to
+ specify a particular port for the
+ <span><strong class="command">query-source</strong></span> or
+ <span><strong class="command">query-source-v6</strong></span> options;
+ it implicitly disables the use of randomized port numbers
+ and can be insecure.
+ </p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>
@@ -3356,21 +3447,49 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2581988"></a>Bad UDP Port Lists</h4></div></div></div>
-<p><span><strong class="command">avoid-v4-udp-ports</strong></span>
- and <span><strong class="command">avoid-v6-udp-ports</strong></span> specify a list
- of IPv4 and IPv6 UDP ports that will not be used as system
- assigned source ports for UDP sockets. These lists
- prevent named from choosing as its random source port a
- port that is blocked by your firewall. If a query went
- out with such a source port, the answer would not get by
- the firewall and the name server would have to query
- again.
+<a name="id2582140"></a>UDP Port Lists</h4></div></div></div>
+<p>
+ <span><strong class="command">use-v4-udp-ports</strong></span>,
+ <span><strong class="command">avoid-v4-udp-ports</strong></span>,
+ <span><strong class="command">use-v6-udp-ports</strong></span>, and
+ <span><strong class="command">avoid-v6-udp-ports</strong></span>
+ specify a list of IPv4 and IPv6 UDP ports that will be
+ used or not used as source ports for UDP messages.
+ See <a href="Bv9ARM.ch06.html#query_address" title="Query Address">the section called &#8220;Query Address&#8221;</a> about how the
+ available ports are determined.
+ For example, with the following configuration
</p>
+<pre class="programlisting">
+use-v6-udp-ports { range 32768 65535; };
+avoid-v6-udp-ports { 40000; range 50000 60000; };
+</pre>
+<p>
+ UDP ports of IPv6 messages sent
+ from <span><strong class="command">named</strong></span> will be in one
+ of the following ranges: 32768 to 39999, 40001 to 49999,
+ and 60001 to 65535.
+ </p>
+<p>
+ <span><strong class="command">avoid-v4-udp-ports</strong></span> and
+ <span><strong class="command">avoid-v6-udp-ports</strong></span> can be used
+ to prevent <span><strong class="command">named</strong></span> from choosing as its random source port a
+ port that is blocked by your firewall or a port that is
+ used by other applications;
+ if a query went out with a source port blocked by a
+ firewall, the
+ answer would not get by the firewall and the name server would
+ have to query again.
+ Note: the desired range can also be represented only with
+ <span><strong class="command">use-v4-udp-ports</strong></span> and
+ <span><strong class="command">use-v6-udp-ports</strong></span>, and the
+ <span><strong class="command">avoid-</strong></span> options are redundant in that
+ sense; they are provided for backward compatibility and
+ to possibly simplify the port specification.
+ </p>
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582003"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2582200"></a>Operating System Resource Limits</h4></div></div></div>
<p>
The server's usage of many system resources can be limited.
Scaled values are allowed when specifying resource limits. For
@@ -3429,7 +3548,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582186"></a>Server Resource Limits</h4></div></div></div>
+<a name="id2582452"></a>Server Resource Limits</h4></div></div></div>
<p>
The following options set limits on the server's
resource consumption that are enforced internally by the
@@ -3478,19 +3597,42 @@ query-source-v6 address * port *;
connections that the server will accept.
The default is <code class="literal">100</code>.
</p></dd>
+<dt><span class="term"><span><strong class="command">reserved-sockets</strong></span></span></dt>
+<dd>
+<p>
+ The number of file descriptors reserved for TCP, stdio,
+ etc. This needs to be big enough to cover the number of
+ interfaces named listens on, tcp-clients as well as
+ to provide room for outgoing TCP queries and incoming zone
+ transfers. The default is <code class="literal">512</code>.
+ The minimum value is <code class="literal">128</code> and the
+ maximum value is <code class="literal">128</code> less than
+ maxsockets (-S). This option may be removed in the future.
+ </p>
+<p>
+ This option has little effect on Windows.
+ </p>
+</dd>
<dt><span class="term"><span><strong class="command">max-cache-size</strong></span></span></dt>
<dd><p>
The maximum amount of memory to use for the
- server's cache, in bytes. When the amount of data in the
- cache
+ server's cache, in bytes.
+ When the amount of data in the cache
reaches this limit, the server will cause records to expire
- prematurely so that the limit is not exceeded. In a server
- with
- multiple views, the limit applies separately to the cache of
- each
- view. The default is <code class="literal">unlimited</code>, meaning that
- records are purged from the cache only when their TTLs
- expire.
+ prematurely so that the limit is not exceeded.
+ A value of 0 is special, meaning that
+ records are purged from the cache only when their
+ TTLs expire.
+ Another special keyword <strong class="userinput"><code>unlimited</code></strong>
+ means the maximum value of 32-bit unsigned integers
+ (0xffffffff), which may not have the same effect as
+ 0 on machines that support more than 32 bits of
+ memory space.
+ Any positive values less than 2MB will be ignored reset
+ to 2MB.
+ In a server with multiple views, the limit applies
+ separately to the cache of each view.
+ The default is 0.
</p></dd>
<dt><span class="term"><span><strong class="command">tcp-listen-queue</strong></span></span></dt>
<dd><p>
@@ -3507,7 +3649,7 @@ query-source-v6 address * port *;
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2582320"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2582682"></a>Periodic Task Intervals</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
<dd><p>
@@ -3837,6 +3979,10 @@ query-source-v6 address * port *;
Sets the maximum time for which the server will
cache ordinary (positive) answers. The default is
one week (7 days).
+ A value of zero may cause all queries to return
+ SERVFAIL, because of lost caches of intermediate
+ RRsets (such as NS and glue AAAA/A records) in the
+ resolution process.
</p></dd>
<dt><span class="term"><span><strong class="command">min-roots</strong></span></span></dt>
<dd>
@@ -4062,27 +4208,11 @@ query-source-v6 address * port *;
The current list of empty zones is:
</p>
<div class="itemizedlist"><ul type="disc">
-<li>10.IN-ADDR.ARPA</li>
+<li>0.IN-ADDR.ARPA</li>
<li>127.IN-ADDR.ARPA</li>
<li>254.169.IN-ADDR.ARPA</li>
-<li>16.172.IN-ADDR.ARPA</li>
-<li>17.172.IN-ADDR.ARPA</li>
-<li>18.172.IN-ADDR.ARPA</li>
-<li>19.172.IN-ADDR.ARPA</li>
-<li>20.172.IN-ADDR.ARPA</li>
-<li>21.172.IN-ADDR.ARPA</li>
-<li>22.172.IN-ADDR.ARPA</li>
-<li>23.172.IN-ADDR.ARPA</li>
-<li>24.172.IN-ADDR.ARPA</li>
-<li>25.172.IN-ADDR.ARPA</li>
-<li>26.172.IN-ADDR.ARPA</li>
-<li>27.172.IN-ADDR.ARPA</li>
-<li>28.172.IN-ADDR.ARPA</li>
-<li>29.172.IN-ADDR.ARPA</li>
-<li>30.172.IN-ADDR.ARPA</li>
-<li>31.172.IN-ADDR.ARPA</li>
-<li>168.192.IN-ADDR.ARPA</li>
<li>2.0.192.IN-ADDR.ARPA</li>
+<li>255.255.255.255.IN-ADDR.ARPA</li>
<li>0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA</li>
<li>D.F.IP6.ARPA</li>
@@ -4292,8 +4422,10 @@ query-source-v6 address * port *;
<span><strong class="command">success</strong></span>,
<span><strong class="command">referral</strong></span>,
<span><strong class="command">nxrrset</strong></span>,
- <span><strong class="command">nxdomain</strong></span>, or
- <span><strong class="command">failure</strong></span>
+ <span><strong class="command">nxdomain</strong></span>,
+ <span><strong class="command">failure</strong></span>,
+ <span><strong class="command">duplicate</strong></span>, or
+ <span><strong class="command">dropped</strong></span>
to be incremented, and may additionally cause the
<span><strong class="command">recursion</strong></span> counter to be
incremented.
@@ -4397,7 +4529,7 @@ query-source-v6 address * port *;
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="server_statement_grammar"></a><span><strong class="command">server</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting">server <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
+<pre class="programlisting"><span><strong class="command">server</strong></span> <em class="replaceable"><code>ip_addr[/prefixlen]</code></em> {
[<span class="optional"> bogus <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> provide-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
[<span class="optional"> request-ixfr <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
@@ -4587,8 +4719,8 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2585361"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting">trusted-keys {
+<a name="id2585614"></a><span><strong class="command">trusted-keys</strong></span> Statement Grammar</h3></div></div></div>
+<pre class="programlisting"><span><strong class="command">trusted-keys</strong></span> {
<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ;
[<span class="optional"> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>number</code></em> <em class="replaceable"><code>string</code></em> ; [<span class="optional">...</span>]</span>]
};
@@ -4596,7 +4728,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2585410"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2585666"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</h3></div></div></div>
<p>
The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -4627,7 +4759,7 @@ query-source-v6 address * port *;
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="view_statement_grammar"></a><span><strong class="command">view</strong></span> Statement Grammar</h3></div></div></div>
-<pre class="programlisting">view <em class="replaceable"><code>view_name</code></em>
+<pre class="programlisting"><span><strong class="command">view</strong></span> <em class="replaceable"><code>view_name</code></em>
[<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
match-clients { <em class="replaceable"><code>address_match_list</code></em> };
match-destinations { <em class="replaceable"><code>address_match_list</code></em> };
@@ -4639,7 +4771,7 @@ query-source-v6 address * port *;
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2585490"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2585748"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
<p>
The <span><strong class="command">view</strong></span> statement is a powerful
feature
@@ -4680,7 +4812,7 @@ query-source-v6 address * port *;
<p>
Zones defined within a <span><strong class="command">view</strong></span>
statement will
- be only be accessible to clients that match the <span><strong class="command">view</strong></span>.
+ only be accessible to clients that match the <span><strong class="command">view</strong></span>.
By defining a zone of the same name in multiple views, different
zone data can be given to different clients, for example,
"internal"
@@ -4759,7 +4891,7 @@ view "external" {
<div class="titlepage"><div><div><h3 class="title">
<a name="zone_statement_grammar"></a><span><strong class="command">zone</strong></span>
Statement Grammar</h3></div></div></div>
-<pre class="programlisting">zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
+<pre class="programlisting"><span><strong class="command">zone</strong></span> <em class="replaceable"><code>zone_name</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em></span>] {
type master;
[<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
[<span class="optional"> allow-transfer { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
@@ -4891,10 +5023,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2586798"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2587332"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2586806"></a>Zone Types</h4></div></div></div>
+<a name="id2587339"></a>Zone Types</h4></div></div></div>
<div class="informaltable"><table border="1">
<colgroup>
<col>
@@ -5103,7 +5235,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2587362"></a>Class</h4></div></div></div>
+<a name="id2587690"></a>Class</h4></div></div></div>
<p>
The zone's name may optionally be followed by a class. If
a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -5125,7 +5257,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2587395"></a>Zone Options</h4></div></div></div>
+<a name="id2587723"></a>Zone Options</h4></div></div></div>
<div class="variablelist"><dl>
<dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
<dd><p>
@@ -5613,7 +5745,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2589080"></a>Zone File</h2></div></div></div>
+<a name="id2589477"></a>Zone File</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -5626,7 +5758,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2589098"></a>Resource Records</h4></div></div></div>
+<a name="id2589495"></a>Resource Records</h4></div></div></div>
<p>
A domain name identifies a node. Each node has a set of
resource information, which may be empty. The set of resource
@@ -5890,6 +6022,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<tr>
<td>
<p>
+ IPSECKEY
+ </p>
+ </td>
+<td>
+ <p>
+ Provides a method for storing IPsec keying material in
+ DNS. Described in RFC 4025.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
ISDN
</p>
</td>
@@ -6128,6 +6273,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<tr>
<td>
<p>
+ SPF
+ </p>
+ </td>
+<td>
+ <p>
+ Contains the Sender Policy Framework information
+ for a given email domain. Described in RFC 4408.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
SRV
</p>
</td>
@@ -6141,6 +6299,19 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
<tr>
<td>
<p>
+ SSHFP
+ </p>
+ </td>
+<td>
+ <p>
+ Provides a way to securly publish a secure shell key's
+ fingerprint. Described in RFC 4255.
+ </p>
+ </td>
+</tr>
+<tr>
+<td>
+ <p>
TXT
</p>
</td>
@@ -6277,7 +6448,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2590513"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2590912"></a>Textual expression of RRs</h4></div></div></div>
<p>
RRs are represented in binary form in the packets of the DNS
protocol, and are usually represented in highly encoded form
@@ -6480,7 +6651,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591101"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2591500"></a>Discussion of MX Records</h3></div></div></div>
<p>
As described above, domain servers store information as a
series of resource records, each of which contains a particular
@@ -6738,7 +6909,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591653"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2592188"></a>Inverse Mapping in IPv4</h3></div></div></div>
<p>
Reverse name resolution (that is, translation from IP address
to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -6799,7 +6970,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2591848"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2592384"></a>Other Zone File Directives</h3></div></div></div>
<p>
The Master File Format was initially defined in RFC 1035 and
has subsequently been extended. While the Master File Format
@@ -6814,7 +6985,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
</p>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2591870"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2592406"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$ORIGIN</strong></span>
<em class="replaceable"><code>domain-name</code></em>
@@ -6842,7 +7013,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592000"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2592467"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$INCLUDE</strong></span>
<em class="replaceable"><code>filename</code></em>
@@ -6878,7 +7049,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect3" lang="en">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2592069"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2592536"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
<p>
Syntax: <span><strong class="command">$TTL</strong></span>
<em class="replaceable"><code>default-ttl</code></em>
@@ -6897,7 +7068,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2592173"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2592572"></a><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
<p>
Syntax: <span><strong class="command">$GENERATE</strong></span>
<em class="replaceable"><code>range</code></em>
@@ -6922,7 +7093,7 @@ $GENERATE 1-127 $ CNAME $.0</pre>
<p>
is equivalent to
</p>
-<pre class="programlisting">0.0.0.192.IN-ADDR.ARPA NS SERVER1.EXAMPLE.
+<pre class="programlisting">0.0.0.192.IN-ADDR.ARPA. NS SERVER1.EXAMPLE.
0.0.0.192.IN-ADDR.ARPA. NS SERVER2.EXAMPLE.
1.0.0.192.IN-ADDR.ARPA. CNAME 1.0.0.0.192.IN-ADDR.ARPA.
2.0.0.192.IN-ADDR.ARPA. CNAME 2.0.0.0.192.IN-ADDR.ARPA.
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 96acfe607e2f..4ddbcedc9a8b 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.63 2007/10/31 01:35:59 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch07.html,v 1.75.18.76 2008/10/16 01:29:41 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -46,10 +46,10 @@
<p><b>Table of Contents</b></p>
<dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592714"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2593181"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592791">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592851">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593326">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593386">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl>
@@ -118,7 +118,7 @@ zone "example.com" {
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2592714"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2593181"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
</h2></div></div></div>
<p>
On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym> in a <span class="emphasis"><em>chrooted</em></span> environment
@@ -142,7 +142,7 @@ zone "example.com" {
</p>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2592791"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2593326"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
<p>
In order for a <span><strong class="command">chroot</strong></span> environment
to
@@ -170,7 +170,7 @@ zone "example.com" {
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2592851"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2593386"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
<p>
Prior to running the <span><strong class="command">named</strong></span> daemon,
use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index a475378f70bd..65f8cec8d3ba 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.64 2007/10/31 01:35:59 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch08.html,v 1.75.18.77 2008/10/16 01:29:41 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,18 +45,18 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592999">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593004">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593016">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593033">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593466">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593472">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593483">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593500">Where Can I Get Help?</a></span></dt>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2592999"></a>Common Problems</h2></div></div></div>
+<a name="id2593466"></a>Common Problems</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2593004"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2593472"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
<p>
The best solution to solving installation and
configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2593016"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2593483"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
<p>
Zone serial numbers are just numbers &#8212; they aren't
date related. A lot of people set them to a number that
@@ -95,7 +95,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2593033"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2593500"></a>Where Can I Get Help?</h2></div></div></div>
<p>
The Internet Systems Consortium
(<acronym class="acronym">ISC</acronym>) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 3c2e779607f0..71ea617e6afb 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.66 2007/10/31 01:35:59 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch09.html,v 1.75.18.80 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -45,21 +45,21 @@
<div class="toc">
<p><b>Table of Contents</b></p>
<dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593300">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593630">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593472">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593802">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596683">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2597082">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl>
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2593300"></a>Acknowledgments</h2></div></div></div>
+<a name="id2593630"></a>Acknowledgments</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="historical_dns_information"></a>A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym>
@@ -164,7 +164,7 @@
</div>
<div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2593472"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
+<a name="id2593802"></a>General <acronym class="acronym">DNS</acronym> Reference Information</h2></div></div></div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
<a name="ipv6addresses"></a>IPv6 addresses (AAAA)</h3></div></div></div>
@@ -252,17 +252,17 @@
</p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2593659"></a>Bibliography</h4></div></div></div>
+<a name="id2593990"></a>Bibliography</h4></div></div></div>
<div class="bibliodiv">
<h3 class="title">Standards</h3>
<div class="biblioentry">
-<a name="id2593670"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2594001"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593693"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2594024"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593717"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2594048"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
Specification</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
</div>
@@ -270,42 +270,42 @@
<h3 class="title">
<a name="proposed_standards"></a>Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2593753"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2594084"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
Specification</i>. </span><span class="pubdate">July 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593780"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2594110"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
Queries</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593805"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2594136"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593830"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2594161"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593853"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2594184"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593909"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2594240"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593936"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2594266"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2593962"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2594293"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594024"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2594423"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594054"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2594453"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594084"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2594483"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594110"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2594509"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
Key Transaction Authentication for DNS
(GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
@@ -314,19 +314,19 @@
<h3 class="title">
<acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
<div class="biblioentry">
-<a name="id2594193"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2594592"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594288"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2594618"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594324"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2594654"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594389"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2594720"></a><p>[<abbr class="abbrev">RFC4044</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594454"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2594785"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
</div>
</div>
@@ -334,146 +334,146 @@
<h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
Implementation</h3>
<div class="biblioentry">
-<a name="id2594596"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2594858"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
Deployed <acronym class="acronym">DNS</acronym> Software.</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594621"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2594884"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594690"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2594952"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594725"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2594987"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Resource Record Types</h3>
<div class="biblioentry">
-<a name="id2594771"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2595033"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594828"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2595091"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594866"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2595128"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594901"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2595163"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
Domain
Name System</i>. </span><span class="pubdate">January 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594955"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2595218"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
Location of
Services.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2594994"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2595256"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
Distribute MIXER
Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595019"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2595282"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595045"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2595307"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595072"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2595334"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595098"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2595361"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595138"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2595400"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595168"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2595430"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595197"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2595460"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595240"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2595502"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595273"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2595536"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595300"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2595562"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595323"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2595586"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
version 6</i>. </span><span class="pubdate">October 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595381"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2595643"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> and the Internet</h3>
<div class="biblioentry">
-<a name="id2595413"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2595675"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595438"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2595701"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
Support</i>. </span><span class="pubdate">October 1989. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595461"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2595723"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595484"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2595747"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595530"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2595793"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595554"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2595816"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">
<acronym class="acronym">DNS</acronym> Operations</h3>
<div class="biblioentry">
-<a name="id2595611"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2595874"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide.</i>. </span><span class="pubdate">November 1987. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595635"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2595897"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595661"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2595924"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595688"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2595950"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers.</i>. </span><span class="pubdate">October 1996. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595724"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2595987"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
Network Services.</i>. </span><span class="pubdate">October 1997. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Internationalized Domain Names</h3>
<div class="biblioentry">
-<a name="id2595770"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2596033"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595802"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2596065"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595848"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2596110"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595883"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2596146"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
for Internationalized Domain Names in
Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
</div>
@@ -489,47 +489,47 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2595928"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2596190"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595950"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2596213"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2595976"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2596238"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596002"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2596332"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596025"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2596356"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596071"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2596402"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596094"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2596425"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596121"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2596452"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596147"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2596477"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
</div>
</div>
<div class="bibliodiv">
<h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
<div class="biblioentry">
-<a name="id2596190"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2596521"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
Location</i>. </span><span class="pubdate">November 1994. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596248"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2596579"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596275"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2596605"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
</div>
</div>
@@ -543,39 +543,39 @@
</p>
</div>
<div class="biblioentry">
-<a name="id2596323"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2596653"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596362"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2596693"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596389"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2596720"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596419"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2596818"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596444"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2596843"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596471"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2596870"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596507"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2596906"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596544"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2596942"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596570"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2596969"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596597"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2596996"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
(RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
</div>
<div class="biblioentry">
-<a name="id2596642"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2597041"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
</div>
</div>
</div>
@@ -596,14 +596,14 @@
</div>
<div class="sect2" lang="en">
<div class="titlepage"><div><div><h3 class="title">
-<a name="id2596683"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2597082"></a>Other Documents About <acronym class="acronym">BIND</acronym>
</h3></div></div></div>
<p></p>
<div class="bibliography">
<div class="titlepage"><div><div><h4 class="title">
-<a name="id2596693"></a>Bibliography</h4></div></div></div>
+<a name="id2597092"></a>Bibliography</h4></div></div></div>
<div class="biblioentry">
-<a name="id2596695"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2597094"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
</div>
</div>
</div>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 03cce5aae1f4..892ab16b942a 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.6 2007/01/30 00:23:46 marka Exp $ -->
+<!-- $Id: Bv9ARM.ch10.html,v 1.2.2.9 2008/05/24 01:31:12 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 8a33041d76ac..6de42bcee192 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -1,5 +1,5 @@
<!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
- Copyright (C) 2000-2003 Internet Software Consortium.
-
- Permission to use, copy, modify, and distribute this software for any
@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: Bv9ARM.html,v 1.85.18.68 2007/10/31 01:35:59 marka Exp $ -->
+<!-- $Id: Bv9ARM.html,v 1.85.18.82 2008/10/18 01:29:59 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -40,8 +40,8 @@
<div class="titlepage">
<div>
<div><h1 class="title">
-<a name="id2563155"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="copyright">Copyright 2004-2007 Internet Systems Consortium, Inc. ("ISC")</p></div>
+<a name="id2563174"></a>BIND 9 Administrator Reference Manual</h1></div>
+<div><p class="copyright">Copyright 2004-2008 Internet Systems Consortium, Inc. ("ISC")</p></div>
<div><p class="copyright">Copyright 2000-2003 Internet Software Consortium.</p></div>
</div>
<hr>
@@ -51,39 +51,39 @@
<dl>
<dt><span class="chapter"><a href="Bv9ARM.ch01.html">1. Introduction</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564117">Scope of Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564140">Organization of This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563474">Conventions Used in This Document</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564816">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2563405">Scope of Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564385">Organization of This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564524">Conventions Used in This Document</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch01.html#id2564637">The Domain Name System (<acronym class="acronym">DNS</acronym>)</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564837">DNS Fundamentals</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564871">Domains and Domain Names</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567208">Zones</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567285">Authoritative Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567526">Caching Name Servers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567588">Name Servers in Multiple Roles</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564659">DNS Fundamentals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564693">Domains and Domain Names</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2564845">Zones</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567243">Authoritative Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567416">Caching Name Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch01.html#id2567546">Name Servers in Multiple Roles</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch02.html">2. <acronym class="acronym">BIND</acronym> Resource Requirements</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567622">Hardware requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567649">CPU Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567661">Memory Requirements</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567688">Name Server Intensive Environment Issues</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567699">Supported Operating Systems</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567580">Hardware requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567607">CPU Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567620">Memory Requirements</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567851">Name Server Intensive Environment Issues</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch02.html#id2567862">Supported Operating Systems</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch03.html">3. Name Server Configuration</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch03.html#sample_configuration">Sample Configurations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568004">A Caching-only Name Server</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568020">An Authoritative-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567894">A Caching-only Name Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2567910">An Authoritative-only Name Server</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568042">Load Balancing</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568465">Name Server Operations</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568001">Load Balancing</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch03.html#id2568423">Name Server Operations</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568470">Tools for Use With the Name Server Daemon</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570184">Signals</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2568428">Tools for Use With the Name Server Daemon</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch03.html#id2570142">Signals</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch04.html">4. Advanced DNS Features</a></span></dt>
@@ -92,34 +92,34 @@
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570642">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570660">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570600">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570618">Example split DNS setup</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571095">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571169">Copying the Shared Secret to Both Machines</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571179">Informing the Servers of the Key's Existence</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571219">Instructing the Server to Use the Key</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571413">TSIG Key Based Access Control</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571458">Errors</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570985">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571127">Copying the Shared Secret to Both Machines</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571138">Informing the Servers of the Key's Existence</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571177">Instructing the Server to Use the Key</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571303">TSIG Key Based Access Control</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571416">Errors</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571472">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571521">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571430">TKEY</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571547">SIG(0)</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571725">Generating Keys</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571795">Signing the Zone</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571874">Configuring Servers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571684">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571753">Signing the Zone</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571832">Configuring Servers</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2572153">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571975">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572215">Address Lookups Using AAAA Records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572236">Address to Name Lookups Using Nibble Format</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572173">Address Lookups Using AAAA Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2572195">Address to Name Lookups Using Nibble Format</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch05.html">5. The <acronym class="acronym">BIND</acronym> 9 Lightweight Resolver</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572269">The Lightweight Resolver Library</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch05.html#id2572228">The Lightweight Resolver Library</a></span></dt>
<dt><span class="sect1"><a href="Bv9ARM.ch05.html#lwresd">Running a Resolver Daemon</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch06.html">6. <acronym class="acronym">BIND</acronym> 9 Configuration Reference</a></span></dt>
@@ -127,83 +127,83 @@
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#configuration_file_elements">Configuration File Elements</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#address_match_lists">Address Match Lists</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573480">Comment Syntax</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2573436">Comment Syntax</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch06.html#Configuration_File_Grammar">Configuration File Grammar</a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574092"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574117"><span><strong class="command">acl</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#acl"><span><strong class="command">acl</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574282"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574307"><span><strong class="command">controls</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#controls_statement_definition_and_usage"><span><strong class="command">controls</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574711"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574726"><span><strong class="command">include</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574736"><span><strong class="command">include</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574753"><span><strong class="command">include</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574749"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574771"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574930"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575056"><span><strong class="command">logging</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574776"><span><strong class="command">key</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574800"><span><strong class="command">key</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2574958"><span><strong class="command">logging</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2575084"><span><strong class="command">logging</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576406"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576480"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576544"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576587"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576435"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576508"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576572"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576616"><span><strong class="command">masters</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576602"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2576631"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585361"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585410"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585614"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585666"><span><strong class="command">trusted-keys</strong></span> Statement Definition
and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585490"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2585748"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2586798"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2587332"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
</dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589080">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2589477">Zone File</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591101">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591500">Discussion of MX Records</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591653">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2591848">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592173"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592188">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592384">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592572"><acronym class="acronym">BIND</acronym> Master File Extension: the <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
<dd><dl>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2592714"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2593181"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
<dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592791">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2592851">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593326">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2593386">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
</dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
</dl></dd>
<dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2592999">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593004">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593016">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593033">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593466">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2593472">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593483">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2593500">Where Can I Get Help?</a></span></dt>
</dl></dd>
<dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Appendices</a></span></dt>
<dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593300">Acknowledgments</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593630">Acknowledgments</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#historical_dns_information">A Brief History of the <acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593472">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2593802">General <acronym class="acronym">DNS</acronym> Reference Information</a></span></dt>
<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch09.html#ipv6addresses">IPv6 addresses (AAAA)</a></span></dt></dl></dd>
<dt><span class="sect1"><a href="Bv9ARM.ch09.html#bibliography">Bibliography (and Suggested Reading)</a></span></dt>
<dd><dl>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#rfcs">Request for Comments (RFCs)</a></span></dt>
<dt><span class="sect2"><a href="Bv9ARM.ch09.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2596683">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch09.html#id2597082">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
</dl></dd>
</dl></dd>
<dt><span class="reference"><a href="Bv9ARM.ch10.html">I. Manual pages</a></span></dt>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 586aaafd0e72..29637452ec51 100644
--- a/doc/arm/Bv9ARM.pdf
+++ b/doc/arm/Bv9ARM.pdf
@@ -561,7 +561,7 @@ endobj
<< /S /GoTo /D (subsubsection.6.2.16.8) >>
endobj
380 0 obj
-(6.2.16.8 Bad UDP Port Lists)
+(6.2.16.8 UDP Port Lists)
endobj
381 0 obj
<< /S /GoTo /D (subsubsection.6.2.16.9) >>
@@ -1170,14 +1170,16 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
678 0 obj <<
-/Length 994
+/Length 999
/Filter /FlateDecode
>>
stream
-xڵV˒J,5Z҈83h+87Dۛ.*yd@4 ?&29ud`bh
-Qm]ϡ[?Nk5~ ,r v|*Ԙ"V"("6 0SצњfkZUv:d%eKqCYP (ĭؒK/FafZύU5̂Z_S]HZ&nקY_bĈS,ʀ'ɧkz8I.gyYAp
-LֳyGm뜬[al:JXrʛwICXWR8K1wApA0hSk&=/54d+Ig'f[v])KF_?V1ePT&{ځZKpT߄J w͐bb-H:EiЉ剟uG7:B;a;D˜8B ;a{sả'JnIi~$\QC>tgb{LX^1~-fg"ۖbGvS? $AXCA<Ax2Rz=J<ҞF*'KAi{nQ=mÛ#
-Yϼ&r \ d<b2EhvD=@-(WrWANk^ ópzݚ7b~x|5Vƺmo"jbR{89e&_dendstream
+xڵV]:}WUC6|AT\GqQ;56$Ql!I'h~D3-dq5ֻ^7Ng76
+;Igdw-8"0]gaĩh6eS`}e"lY]QUER*A!d(rSl{+F֯myTt<tY)ORm.qu8 n-5e
+6d#IZgvU+KF_=Net_:p%k~8+YT!ؤ$\VjsČR"6-$I4t&r%HŸHYsrT!h=a
+`.n
+CfI( ||
+&cq$e_R֨ h6Sp9U`U=&Ds?f} ڰ7[#-IE~"A! <)%0pCiODeӅn4N|nf B @029}=8JoK AeLwNr\yfn(Kc-Q.v$粶8tnXa/S_'·{M beweAw'SO`G@!!x^攑$HZˬO% "rw4gmmsq'<sg٩73Q4Sla#8:ŲٙT]!}NE0fendstream
endobj
677 0 obj <<
/Type /Page
@@ -1583,26 +1585,17 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
743 0 obj <<
-/Length 3153
+/Length 3152
/Filter /FlateDecode
>>
stream
-x[w)(=kNvliZ UI*.Y;ȵD&'l#MM&q71NE̖gtr동gz-\~HWYBe˫__}s凋_/:{u
-=3*S_%Y5@ sOgR og~'?ݙfF g~.PQh"X.SzCvrE\\Lbt;]Ϻ:sO=T+MZoz/~.{`E)Ց޳a~l?7oV;Cbb!F T #&F =#QںHyѬA)]Gn>u;0q2X0:q3H&Իa~Ѿ<r_Մ=$#B=?]d4m7/!2b!Ԑq2q`
- #%Fʞ+(u~jSWm*^׫Y=p{
-xMy[Zẕ+|!ɂadxAI+H._s(ʛmJHg1*C%8*80TPk"1LѮ|]m]LS{SY
-
-4D@H@h+
-80P}]Q<
-
-= ͜I JHe1(J@(ʩ3T
-5S&'{.8p)=aOm151 'F:K' 2f]7MeuOrC'渔h3'=cܗTs)QNB.9'P+L'ujshb;4ٱ<9ddWf\pIZ9~(r/z?X#`1 āQz(J
--&a
-,b@80NP8%AEay,mOT wĻM1]0
-{Bb0Sh[(./=_WͧݤBv"& `aāazOXpF!oJ]ͻ+b!d`
-k|+
-:qN;Pix+էݫUnV1Q^-P/0dy|"&1=iNbrZld;ULR1C` E. {B2"`[aC?6ic +!a0@9ן3A`(`# a:]].tJY_Tϻ)Q*3CdzڷL̨)C~Q }yt3'S3ͪOtˬ.+(Ä2A`o\w("8hs=5>e f[YV
-y'r;LjS No7ev,n)qL䶖A
+x[w6)h?1מvw4q_VfJWf?" -pdR{Z;13O lBl4юq(d<kX44G=<ka&8D*Eڝj-\^|Wo.?\r٫xVQў_g?B'W>(ΪgJs|<J%8pc<!40J<p~MrD v1eUŔ+zbj5?'Sx|_sJM}֍){ڬ'7Zn
+ ?{qsq`+MUeGOĠĄ 1bj180bPEbDŐfOJ:r^^1cEebF!ԉqF2q` C& !qy'Yo?W߿y} gw*
+0HbadHs%Sݏ{CmYr>z53N~`- ZaL1KWuoy=sWzY~9~eO0>YP2L/0iUeQ{}
+EyӢ ?wP ,Fb@G%
+qM`r<4I`"/mT8uZZ(1@CT(8Pp ˉPx˺CyB*u:-*{R1c
+
+$F =`(tR &_rS__!i7漘'`5xāz< KM}8>N*dA3A``1sbXBDf\_;2!ϩC9JnØbt!'F=ä?H{Lt?;䲘`q8āqzW$S
endobj
742 0 obj <<
/Type /Page
@@ -1874,7 +1867,7 @@ endobj
785 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 292.7672 511.2325 301.7235]
+/Rect [499.2773 292.7672 511.2325 301.873]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.2) >>
>> endobj
@@ -1909,7 +1902,7 @@ endobj
790 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 232.6088 511.2325 241.5651]
+/Rect [499.2773 232.6088 511.2325 241.7146]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.7) >>
>> endobj
@@ -1965,14 +1958,14 @@ endobj
798 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 136.3554 511.2325 145.3117]
+/Rect [499.2773 136.3554 511.2325 145.4611]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.15) >>
>> endobj
799 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 124.3237 511.2325 133.4295]
+/Rect [499.2773 124.3237 511.2325 133.28]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.16) >>
>> endobj
@@ -1986,14 +1979,14 @@ endobj
801 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 100.2604 511.2325 109.2166]
+/Rect [499.2773 100.2604 511.2325 109.3661]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.18) >>
>> endobj
802 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [499.2773 88.2287 511.2325 97.3344]
+/Rect [499.2773 88.2287 511.2325 97.185]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.16.19) >>
>> endobj
@@ -2019,23 +2012,17 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
807 0 obj <<
-/Length 3353
+/Length 3350
/Filter /FlateDecode
>>
stream
-xKs7<jxÖ^vrd$W6Ɂ&PÎ/`"%8~J4̐"TXVE &;7r{1}xߟ ݳ]2z_w^]]^~e<)T̨ίia}p?P¬ɎT()Dο _W!p$\O8'jgoG)wgp1T:ar(ʏs0<2rS/E9)>Wt?g{F]x~ܭ+nH)k}٨׼91 rPp3f_Ŭذ#0##5)fN(1ojO7jؼy=xt\ 
-"ЬMNhRv ڙDkm{R&
-f芍x0Gԣ {pLv؁ vx-Þ ;+$%߸DZ&x6vKlƀ  V݌%C}3qQׯӵfmy=/lA~3~1jh~*}'Wĵ:Z<ixA,Xv`FC +T^E\Z#ؓ,òq
-"xt/@HJ}^譥ۼ\lt4uaXͺ©شx+na~КZ'Z*߉jz`0(*Mb<_&kW]pxU(aF=Ҥ(і%7[ҷej6.JW:c% agXSP5')Ćf 1b!4{GXT{[F8#ȶP1ǥ :ek“}SNf(I\gs1`d1v`\[P
-K}q=݂XR߼39il-A]0vBܞ ĠaŠJ؁Aj+r&FέmyU; >ba$Оꂄ'wA{t溜_G]gofgݲ;wljM]?¸[)M'U3L;Li)M{A9zZ!ͦ>8j]o[/{jo?0s?7~Xlo^{F^@p~<_=R93h>Ɏ6½s$ ;cP^ҫ
-NՠX]b.=WƳq<[N3ΌGPG7e3
-
-Y(@A` (@P$&
-IMy^V,TX1[?RWnj!x5]Vا} ۋRv``~A3_W ޚpo;pܫ;z5 1VC #d LuL hx:o>Hb9BB]w"8"i#x. 1#Aަ ň\q^to!byiԚe@
-ZmLLj63@cFvAp]?QDfD x:Xq&6-bO%{_e
-h}:v)C0P<\ ujrP?}T?GJe3ݝR+h
- +00ݑ#q<Hr xTP[*CA"JFΔ!GT
-QxTR՟U9x7Vom d A0vP BG V߹ԷV"ȧ"ANPq6A@#Ɛ BG8'i@kږ_1& b3 C0P0F -LLCجwٶw_l܀  8cݷ4 pCܬ!tMkɪJ<,߶7"~}rl
+xKs7<jxÖ^vrd$W6Ɂ&PÎ/`"%8~J4̐"TXVE &;7r{1}xߟ ݳ]2z_w^]]^~e<)T̨ίia}p?P¬ɎT()Dο _W!p$\O8'jgoG)wgp1T:ar(ʏs0<2rS/E9)>Wt?g{F]x~ܭ+nH)k}٨׼91 rPp3f_LoHفjoZH _7Jy5^U~5l޼GeV<LN: .b$aD(9- N@ޏ 0tH;Rϙ_ Spw6L@i-L ;0P-L\]2-?v: n͆bЬ &a 9+ZhĝoZih dcN=wܝ `Z )a=TXK*d "0ݝbg؊nͅ
+"ЬMNhRv ڙDkm{R&
+A(2 ^NA
+nφ
+bPbP%BIbKqZĶժx⋃f1``0`v`lhOuAU㻠=l|s]ίU.3ܷفHnY*;<MG7z+?E{d]jiI=M 嶵ɾs/( \Ok1D4StQXB }|\MgwgCfK}ڨ stpՏѿ\*g'X|;apT{J׫^zU 4XݸGWjVx6Sgɛzڙ
+l Zv` #Rf&\;%ګuWh܎B)x;% MJړ~Berwnnj8Q%J0h^|5y91FA=j0xWM?\QR=n+'87#/n^#:5<L{8~b::gFf]DPX B\{H"h"`$eUB|^#u9ޮWe}ZOw`
+.fJ6q8\ ǣG4_c<r;(\wkF KفkFخuG 0 }irP0EgHLᆪjS[5<R-S &lZ9 %LFe7IV` a#GJyHZ=֡$ U!E0vם)C0P$ ?)rn0g1` ^N A6soEOEj>l F!cIqN(Ӏ [-BbM1f )`#aZ噆Y582m:n! ٸA 7pƺoiLᆪYC 74UxX
endobj
806 0 obj <<
/Type /Page
@@ -2083,14 +2070,14 @@ endobj
814 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 698.7008 539.579 707.6571]
+/Rect [527.6238 698.8005 539.579 707.8065]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.2.24) >>
>> endobj
815 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 686.7456 539.579 695.7019]
+/Rect [527.6238 686.8453 539.579 695.8514]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.24.1) >>
>> endobj
@@ -2104,14 +2091,14 @@ endobj
817 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 662.935 539.579 671.7916]
+/Rect [527.6238 662.8353 539.579 671.7916]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.24.3) >>
>> endobj
818 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 650.9798 539.579 659.9859]
+/Rect [527.6238 650.8801 539.579 659.8364]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.2.24.4) >>
>> endobj
@@ -2167,21 +2154,21 @@ endobj
826 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 555.2388 539.579 564.1951]
+/Rect [527.6238 555.2388 539.579 564.3445]
/Subtype /Link
/A << /S /GoTo /D (subsection.6.3.5) >>
>> endobj
827 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 543.2836 539.579 552.2399]
+/Rect [527.6238 543.2836 539.579 552.3894]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.5.1) >>
>> endobj
828 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 531.3284 539.579 540.2847]
+/Rect [527.6238 531.3284 539.579 540.4342]
/Subtype /Link
/A << /S /GoTo /D (subsubsection.6.3.5.2) >>
>> endobj
@@ -2223,28 +2210,28 @@ endobj
834 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 449.6348 539.579 458.7405]
+/Rect [527.6238 449.6348 539.579 458.5911]
/Subtype /Link
/A << /S /GoTo /D (section.7.2) >>
>> endobj
835 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 437.6796 539.579 446.7854]
+/Rect [527.6238 437.6796 539.579 446.6359]
/Subtype /Link
/A << /S /GoTo /D (subsection.7.2.1) >>
>> endobj
836 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 425.7245 539.579 434.8302]
+/Rect [527.6238 425.7245 539.579 434.6807]
/Subtype /Link
/A << /S /GoTo /D (subsection.7.2.2) >>
>> endobj
837 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 413.7693 539.579 422.875]
+/Rect [527.6238 413.7693 539.579 422.7256]
/Subtype /Link
/A << /S /GoTo /D (section.7.3) >>
>> endobj
@@ -2286,21 +2273,21 @@ endobj
843 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 322.0931 539.579 330.8253]
+/Rect [527.6238 322.0931 539.579 330.9498]
/Subtype /Link
/A << /S /GoTo /D (appendix.A) >>
>> endobj
844 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 310.1578 539.579 319.1141]
+/Rect [527.6238 310.1578 539.579 319.2636]
/Subtype /Link
/A << /S /GoTo /D (section.A.1) >>
>> endobj
845 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 298.2027 539.579 307.1589]
+/Rect [527.6238 298.2027 539.579 307.3084]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.1.1) >>
>> endobj
@@ -2335,14 +2322,14 @@ endobj
850 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 238.4268 539.579 247.5326]
+/Rect [527.6238 238.4268 539.579 247.3831]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.3.2) >>
>> endobj
851 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [527.6238 226.4717 539.579 235.5774]
+/Rect [527.6238 226.4717 539.579 235.4279]
/Subtype /Link
/A << /S /GoTo /D (subsection.A.3.3) >>
>> endobj
@@ -2398,7 +2385,7 @@ endobj
859 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 120.8677 539.579 129.9734]
+/Rect [522.6425 120.9673 539.579 129.9734]
/Subtype /Link
/A << /S /GoTo /D (section.B.7) >>
>> endobj
@@ -2412,7 +2399,7 @@ endobj
864 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [522.6425 97.057 539.579 106.0631]
+/Rect [522.6425 96.9573 539.579 106.0631]
/Subtype /Link
/A << /S /GoTo /D (section.B.9) >>
>> endobj
@@ -2795,12 +2782,13 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
933 0 obj <<
-/Length 611
+/Length 608
/Filter /FlateDecode
>>
stream
-xڥTMs0+t3EtI;v$bp$Ϳ@&Mzx<vvzM
-,}Q7c}vbJP*ݾ-Wf=D+\Ki's?0UW`[ϲB >m[7WNnQDZ3c/*Kzܹn8AabD\Q̈́|@endstream
+xڥTKs0+8@:&I'i;iS<W a9uFv v~B
+"H!A];c?ȜOW4r! l;q,
+@66[ŋ0}>_fqb\]om~wdjċ6KƉ 91
endobj
932 0 obj <<
/Type /Page
@@ -3772,22 +3760,30 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1097 0 obj <<
-/Length 3638
-/Filter /FlateDecode
->>
-stream
-x[s_>EΜ`|$ӇKK/M.iL̅hs{w")JvjesblB(Mnb$25/}yY;h+a&8Cj-\-~j9PϿ}?~oߜϸW ˯/|sM?.t$7_~7_rUZLw
-\og?B' XWgg~PœT()DSpD:&@)\jV SP66#(;u-ьPK8llY31@D .L!J8p lHf-Y>wŇ쭫M ^XơmN^PKw4z3HC:~.qJaj]>BX(AC°̖ŲhEษB'?6N]~z'3&1CT23}ۼ뼬ir:u1!3u)ف9yh_<k9}V6jUngiVSJ
-j (6l~䛢~FL]ɀM 8
-s(3ָ@ly?e6r
-x6bڄC\H 7vl>Mn<,Qjb8g/ I c¶8Ld
-u>n&?bSm} mJҦ(`5ӄ*vlCMu+yUA$`BeBMU;6ṬV!n5-F ^JI&Q|D4#`_6x?'J!kB|)c|b^ժ F9E0`0Z;PG;OeCm$/hqԄ!{:ZRbuÐj5[YSGt* X5ϣ n5!8#||AC_d&6)$'5L5/5pi4@pk>Mv]"\Hx 7 &G(Tv1`𣈐|Ẉr:<+Xg랧 &F+pV?`J 2Ys ;qlg]1ʉ@4%َk;m[6|Kvױ('x|
-,݇(!WiQ#%]?8) >a*Hʸ0m0om9 IFLE7(/GKk 
-
-ͤ;.8d}u=?j)κ$G …|7=3E~ۂaiĜBQ ;SY >Rﳢ \V ѴO:B)u ~TxeSE-l0{8X!d 1(;HA2فߋ6غ~hpen76MN`tk@y.MaI*i<qX2pB7x7QyV_#!C6`gEp"RVrLNUw#4OwEY]?4xOTQ
-|+q>2VJNVR<\,-d%0' K%Z'sY$E?"\܋a8
-w "p ?%&y?.&/_Z39
-GX//oendstream
+/Length 3978
+/Filter /FlateDecode
+>>
+stream
+x;ks#q+OUܼvY)H'Gde .ɭvq<:O 
+n3===YvI]*M8Ier LӠpo.޼Z.o~h@o~핑?|rE'wZ]'E|oorscx#?c]x_n|q}730wϿ;/(ΪgA s_..DI!R⧋
+ꮃe#:Feufp5TO*,Զ=PT8exݵ: U
+OjV?;H೫]U˻vڏ4;RDF-eS0쾑
+[PϞ@2ݼ2N뱈z~%["-
+5 sNy qDUFp"}K$Ҍ\4H™q3=/0! M䡇ɣdimٵg\V1-@&M*~T_ ``FmƽVE$!ĂY!DM"emɶQ" O Q,w!Ɯo⑭rq{]V Hܺ#{.p%)ž*<:MW3drわ ݷQ8eX{
+|ަ]WMN
+Qoe6Ƭ~Ï&fIDG:fghf*0LiXApw4xHZIG!]DZa`n6|KtsO'h,>i#O;3 FTv
+{Y7]O6n4ϥ"Z);dtr
+Cq>+A07D2 AdqDpr`N;Eq3V ~fϐHC
+4En2g(-4EsCp\Ko'ulf}5*c_fZ2nB˝%
+t:(c切'l
+G`W`;<Np}(8R:z$CAԮ`A?aGq4Z! m6տ%[싗Py8
+!V`ػx)<[4x ^c)c>?L<]Ac8FzAk6,BYMuUZK| |Elȱjx[4@˯{Ƌ'.5Ƌ=s!AA,Vv̹%quy5hJ ;s ̏e/bc?Іf]/rQ\$|
+/I:d d2Ew^~t{g^bC/CRA!f
+3%XR?;[q_C`na\eGihPa#m[:)u(wUhgg%}:G
+"ۯfߗ
+[F$ ހ)Ih )<B N KB.!-
+&TĮ?"DdAigx:+9rN ~9ΉpOUBI\@>U}Ǣ,82)ڽm
+I" <=yG0Lendstream
endobj
1096 0 obj <<
/Type /Page
@@ -3800,98 +3796,89 @@ endobj
/D [1096 0 R /XYZ 56.6929 794.5015 null]
>> endobj
250 0 obj <<
-/D [1096 0 R /XYZ 56.6929 304.8746 null]
+/D [1096 0 R /XYZ 56.6929 194.962 null]
>> endobj
1094 0 obj <<
-/D [1096 0 R /XYZ 56.6929 277.1668 null]
+/D [1096 0 R /XYZ 56.6929 163.332 null]
>> endobj
254 0 obj <<
-/D [1096 0 R /XYZ 56.6929 277.1668 null]
+/D [1096 0 R /XYZ 56.6929 163.332 null]
>> endobj
1099 0 obj <<
-/D [1096 0 R /XYZ 56.6929 249.2319 null]
->> endobj
-258 0 obj <<
-/D [1096 0 R /XYZ 56.6929 169.6708 null]
->> endobj
-1100 0 obj <<
-/D [1096 0 R /XYZ 56.6929 141.5207 null]
+/D [1096 0 R /XYZ 56.6929 131.4748 null]
>> endobj
1095 0 obj <<
-/Font << /F37 747 0 R /F39 863 0 R /F23 682 0 R /F21 658 0 R /F48 885 0 R /F14 685 0 R >>
+/Font << /F37 747 0 R /F39 863 0 R /F23 682 0 R /F21 658 0 R /F48 885 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1103 0 obj <<
-/Length 2809
-/Filter /FlateDecode
->>
-stream
-xڭ]s6ݿB{X4@ԸNϝ%49$)R%8]D۹kG
-auF  X9ZL6_: o>Hd4m=s9o[%-1ȱC/tTfG3 /2h ZkEqp*aӪ+cړvFU%t)>[ͯq (\`BB+*n~!f>\TU, kϺ1010C2٤thiDLhlDd
-c 2dI\hV8.k5򢪻b=UPq"/`D폃n&
-ւ$Q,wE4I(|jtD]S8AO$K&LPP;
-RQt&Be֔RJò6
-QX5,=P30`cS%es,ȠG;
-GI>+*ʹЭM߫^ݝv'Gj^SĖo
->tMڅhi
-?W[/n_6n{R6Xz.[%"1POo'<Z_ME{U^Fi XR%48D 1lC<=qp.GKPFI03UTN&Fɗ2Ƕ|`&!W |qGTq% S[G k%pDK
-g@ԝC(hF~嫯\'{fM
-CeV/g
-|ER1w}[/rGHV-~DžF)v͑Qe׶bv،A1
-`b>˹3e'( J͡:c>/ԟ״`(iFM& h 0b&<25l\!;!oR|3h--/qo
-xSB:}x-dh*}(. P1^(",XC$q13gOfbW4^a"g23%H=_BU4D./͛Fo u\y43Q3{n:m/GޫMÁy!9rkUR[?EGO:ud|paGPx>xbmhO}DPP$fMwq5ݴ-;9|D%,j7&3^_P]~f A+.,D<xB.2N> a^(Z]H؎<=
-^8r/(8\G]ٳ3_LZh%NJm0VPvžtuv:iiW扗wX[* P\ԕeS1O%
-endobj
1102 0 obj <<
+/Length 2913
+/Filter /FlateDecode
+>>
+stream
+xڭ]s6ݿB{X4A8vNgfΔ`cTIʎb Db%f>,<_f,B/E4+6G?0H LfA<qhbvu~û矎Acxd8/'+:8t~uv@ ̂˟itWן=%䏣_g+8G'4=, f0^Ji Yά^:%H^Ʉ1%(bH-A<}A}.y.Ux^*lĞǙnjE:W]9}aUvmMޖ#:QsznZ⢰䋦5"MH6;ޯSfO؁eͯOgˢ(gqMX̙`^F8{"OA1hOz}*Pz~%RJMd^q1zL {QuOĴNo4%P]_Ok7`Kajd(ɀMji=Ҡg晛sgA\A2r~E2kɞ{z>xoO#ˏ,=CUkc
+( 0bd/H: "imbڒ0\}T2璘iP7v~2X/ЮN6)v'lZlQ+#qpQ' :w*|dR98J\
+/)͡``=i$R7"DAUSպz^ĀPB
+_8r[S$~n$7q<{ؚ YpŌ%4;SiW3V+r;TOt+=YB⩪b4/[@L.2b9hw1pC"QXyї:皍LmEP7eWBN +BMSŮ-{.ˁo]l SbϫrShͮR-LjDN450=C=I_Ƣ\_+dJVVpB\ Ѡ3QVl;*55$[>kLءiOѿ
+-V(d@A8gU)͖pE3(hMlG&8saFG10B,͡҂20] 2d15,&&j6 cv2
+c ldCIhV8SО7SuLd^EIQcIb':*>/M娳/b=u!5iGH"Qw7!FiDoVg j'8Cmxa2}"/@nTS)`J1p5i"BFEOЗpM\n*oc!f&
+%Ycj$z+/a2glC`COt" FVz+<|ҵnFt7`qe^O{ ՙhXj}n$x5ʜRdU`V
+S4IuP=aL\Kا9=H/8g vM3"ҏĞ̌?e3/P"D/T󏿇:N6<rui]z@պgǹnCXRjp;SGkȑ'r^$]=M4w͋^<N!8^vUa'#" i,7oN )*@D RDo NOkx_
+JsjuᕹEg#p
+ s/ 0r̹S dendstream
+endobj
+1101 0 obj <<
/Type /Page
-/Contents 1103 0 R
-/Resources 1101 0 R
+/Contents 1102 0 R
+/Resources 1100 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1093 0 R
>> endobj
+1103 0 obj <<
+/D [1101 0 R /XYZ 85.0394 794.5015 null]
+>> endobj
+258 0 obj <<
+/D [1101 0 R /XYZ 85.0394 769.5949 null]
+>> endobj
1104 0 obj <<
-/D [1102 0 R /XYZ 85.0394 794.5015 null]
+/D [1101 0 R /XYZ 85.0394 749.6335 null]
>> endobj
262 0 obj <<
-/D [1102 0 R /XYZ 85.0394 438.8479 null]
+/D [1101 0 R /XYZ 85.0394 336.0663 null]
>> endobj
1105 0 obj <<
-/D [1102 0 R /XYZ 85.0394 409.9891 null]
+/D [1101 0 R /XYZ 85.0394 307.6963 null]
>> endobj
266 0 obj <<
-/D [1102 0 R /XYZ 85.0394 349.7918 null]
+/D [1101 0 R /XYZ 85.0394 248.6123 null]
>> endobj
1106 0 obj <<
-/D [1102 0 R /XYZ 85.0394 323.4555 null]
+/D [1101 0 R /XYZ 85.0394 222.7648 null]
>> endobj
270 0 obj <<
-/D [1102 0 R /XYZ 85.0394 249.9022 null]
+/D [1101 0 R /XYZ 85.0394 150.9902 null]
>> endobj
1107 0 obj <<
-/D [1102 0 R /XYZ 85.0394 222.3206 null]
+/D [1101 0 R /XYZ 85.0394 123.8975 null]
>> endobj
-1101 0 obj <<
-/Font << /F37 747 0 R /F14 685 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R >>
+1100 0 obj <<
+/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F14 685 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1111 0 obj <<
-/Length 2453
+/Length 2398
/Filter /FlateDecode
>>
stream
-xZoFB@?TB>8>}8GSE"U>:;ȕDKN+
-FWpi(<=ûˋ]$\a6O]ܶ.N߿?I,?ߜ_٩[; Wί?~%`dbxS<@#N`HpHqr}K05KGG0,#
-lLBV٫W},2iZVY6״IC.m]:rImVeooXHkNanR.eg[mynkf|l9!H ATy9ѴL[ӛehӤ,ֶo37$g$VMchuƛ{4C;zl|tUEu?qfcb [gymY.QZuMk[]ㆬaLu.~;ll&/T%fa _nKڀ؏Pí(#܆bƶ~/|YUuKS<Yoޑs]gkd3*C`Mc eVjXgs>;x:GaivՃgf;blF)pd}oF
-w9c)T Q@Xo 9Io^hmx >@ƒ`z^$)%xIӼ: \ӯd5cDUdګnQ$&.BȨ߁Mkkc]tCW@^m:%\L.jt5m#3r&o+qCFL
-3>NV~"(yfCKO?bzEĤ3
-} T]\KG•O'Saآq9^j覕Y@.qIJ`ΒڶIPUv@Cfdj>)@;#Y'g~n*c37|`2wRwC^%,s@a
-LY;fijuʁ[hbɒh}AF` I29 uֶ$ÉүxhА h<#JZWE ˥s#Av` 0!+ܴGY_mcuAT].ґAբ"׵y3Bt |·mHhC)H,EvЂوpc?bő,7#{<f֏QY"
-Ϊ =c_e"W7C)?j
-{sxa~k)mN)pB $TvSEɢ]gȼj0` Ai6AG/C?v*#āy u ౉սwTCŃ
-
-kJGLGDKaA" $؂t|ve85~OU73HCP-/ T*=Uk/jxz_TM`|a|TZhnj6_dwIWldw7Cͷd6^,'#*v@ҥ%4qCU ѝm3꼷.&ߧ@ PIsL mAXJ~V3R=fp}}~fۚe<.y)‡h&yJt7,UtO* DXA2{X
-{](;?ѠP Q_hD1U,9@ =z|b.QgQ^L "cgU{[iZ2œ&
-XqvtҊ`|9Gendstream
+xYYoF~ P7ɓx;bXjKD(R!);_ْc 0`Q]]U_-!DFd GGEK;?Žf!շWGhD
+"W,X$$?/Of).~0w8˓O.gsq~٥Ƿ#~`zy췫ήňqo(Z8B ,%Gӄ3JHua0kNPA&H
+vIS6Y?@-5M6b/4+F-=y\2ʡ"]rpWg04FR6QG7=Fe@c=/G`)2gtk
+#0ث=W]iN,F, D Ќ`E5N2(GSJC6TH.!>c0r ΑX}
+0 6CMYQXjqmaWMh>$
+| vup1$5EM6Y@[~
+m7D珨+kW
+?e,M2RK4FSH(L-Aפ̿Z%j|Z` Q&_Bwv' j&A[ ^WYf?-ͅ6Twz:5*c¿:,>[ QGdeu2`2FI~QU?Sc'A؇Y.GgPPy
+4ePg4x\ÏL-AXL1B 3?+|NrI60N-aΖk~{X֎SWO73O?AB*N HzKEzk6:F= >WYk a~~CaԎTk0P7.Go3oE2Ì ̱E^fAG2`g)Mٽ7\' _endstream
endobj
1110 0 obj <<
/Type /Page
@@ -3924,16 +3911,16 @@ endobj
/D [1110 0 R /XYZ 56.6929 794.5015 null]
>> endobj
274 0 obj <<
-/D [1110 0 R /XYZ 56.6929 426.5656 null]
+/D [1110 0 R /XYZ 56.6929 330.9243 null]
>> endobj
1113 0 obj <<
-/D [1110 0 R /XYZ 56.6929 394.7216 null]
+/D [1110 0 R /XYZ 56.6929 299.0803 null]
>> endobj
1114 0 obj <<
-/D [1110 0 R /XYZ 56.6929 335.9523 null]
+/D [1110 0 R /XYZ 56.6929 240.311 null]
>> endobj
1115 0 obj <<
-/D [1110 0 R /XYZ 56.6929 323.9972 null]
+/D [1110 0 R /XYZ 56.6929 228.3558 null]
>> endobj
1109 0 obj <<
/Font << /F37 747 0 R /F23 682 0 R /F39 863 0 R /F62 995 0 R /F21 658 0 R >>
@@ -3941,23 +3928,16 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1118 0 obj <<
-/Length 2937
+/Length 2415
/Filter /FlateDecode
>>
stream
-xZ_s67 $Oi\> -6/~$%QFb-(1gW^O2L#>G"A.Feϼvrq5wNL.LO~L>xf,~w5Q<=NzN3=8?9px&0_F&9Zo?ɇ.?:2ܯ
-7_~l#Δwfr/ dubF+(ˣGz1q2Q!7FnixfTAi
-ObUTm:_5FᓙkY
-z7ΜH<*e։3u4Vy;,6 &kDȠ3ƭq݆#z]ʹʶ+Ղ?7uQwzqStgB86 ÄUiL3Li4uz4zY鍴êU 7u"NN ǥ6SF*pW[ܮK{z4YJi&tfZdB (S|z2wCN몥~~rCO`1qwu [P
-sزAAH;0؇%I H]m2R9łwe{32sL<VgqeqUtP'I_X6MA^-ӪBĎY`<Ns"
-D /e}W,F qTY]+i\z9,291V1~J`*̲u A h^fluAc.r 1~kbJGhx`nj80lWņ;Փ(zHc-Ot`Rt!E
-NXUVO@o283 *Bt_3Az/qBqg:_4(FRsĐ`+ן饬b}ϋc1M. bY"Os@
-}t<OϽ
-clkNs4ZfuYDuwUjzsOS;ډ{n%;`hTt^_Yy~pMJN(&گbX`AŽo* y
-ƒ{<hXja{b}0XsTkp<fӬ >
-ISJ>-%<
-5pU(dSsY^bh2`J^:˼k.#p޲*,JP g{kq6d9r`=ay+6šG5S|9"S7w_oGӆ[k<}GA6 82$7b4X;ܷ3矣4AWdI&~bDz8u_5SB@R6C  RHWt}{ڬoֈ̜gkLXjᢃbw7j{0"GFo)oCR@Ƃ#Qs0N287WԈw
-&\ hHä.x
+xZS#7ۙXoiOeH= O`n3@]VKHUZRVȈ?1q43\tG0~G94iҟ?)7Xfxyƽ?>Ncv'Gogw>uz|zN7a˂wxǽ/?vgWp/|4cÙʼB3erF1Jο:Ѱt?-2SLoK[p66`1N0L:1qm\)z:R0'33r&cVI˛bt՟=64mil󲊝syq۲
+qz"̈́O⾁v7e6ccq1ePL2#Chk57ѕhM[&ߊq
+ĺ*"r׏z=:99ا62|
+.yjMD+?9X'Y=l &-,4q! {cp8$P |c`SYYX4EA\ sٲh^~MN6&@H>rtUEuM~1tw7NݔO8
+Bр;} P$ip}a^B(f!93 Ay 3Fyj8z
+Dia 0Uo)XqZPu~w;(5ׇe04醗95tZ]s3)c֮<UƟ:X RjYҗtc|o/K 8!i!]\(wrwHRd'uD`1ihڬ&bUԸD̥9}nC Y,Jr+DϤLC(&eC`HG P3=֌>$]b|XXsIRa7wCl@.U%U=殧`];$١e_׊;;$A}z%ҫ[<B۔=pk{eWlukS~b!\FPa<\%kCI6Jtz޼[qYs) \34nXK-L#kFGȜy1 `O.Wx:_b hx"$C& NIs25
endobj
1117 0 obj <<
/Type /Page
@@ -3970,57 +3950,61 @@ endobj
/D [1117 0 R /XYZ 85.0394 794.5015 null]
>> endobj
278 0 obj <<
-/D [1117 0 R /XYZ 85.0394 769.5949 null]
+/D [1117 0 R /XYZ 85.0394 656.7756 null]
>> endobj
1120 0 obj <<
-/D [1117 0 R /XYZ 85.0394 752.4085 null]
+/D [1117 0 R /XYZ 85.0394 632.436 null]
>> endobj
282 0 obj <<
-/D [1117 0 R /XYZ 85.0394 683.64 null]
+/D [1117 0 R /XYZ 85.0394 563.6675 null]
>> endobj
1121 0 obj <<
-/D [1117 0 R /XYZ 85.0394 653.5261 null]
+/D [1117 0 R /XYZ 85.0394 533.5536 null]
>> endobj
1122 0 obj <<
-/D [1117 0 R /XYZ 85.0394 576.1881 null]
+/D [1117 0 R /XYZ 85.0394 456.2156 null]
>> endobj
1123 0 obj <<
-/D [1117 0 R /XYZ 85.0394 564.2329 null]
+/D [1117 0 R /XYZ 85.0394 444.2604 null]
>> endobj
286 0 obj <<
-/D [1117 0 R /XYZ 85.0394 417.9499 null]
+/D [1117 0 R /XYZ 85.0394 307.3784 null]
>> endobj
1124 0 obj <<
-/D [1117 0 R /XYZ 85.0394 388.7174 null]
+/D [1117 0 R /XYZ 85.0394 280.2293 null]
>> endobj
290 0 obj <<
-/D [1117 0 R /XYZ 85.0394 267.384 null]
+/D [1117 0 R /XYZ 85.0394 163.9859 null]
>> endobj
976 0 obj <<
-/D [1117 0 R /XYZ 85.0394 235.1866 null]
+/D [1117 0 R /XYZ 85.0394 133.872 null]
>> endobj
1116 0 obj <<
-/Font << /F37 747 0 R /F21 658 0 R /F39 863 0 R /F23 682 0 R >>
+/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1127 0 obj <<
-/Length 3451
-/Filter /FlateDecode
->>
-stream
-xڭZ_s#=sB
-jz_ x $|R< Xe)9 Y j܎>yQR-6L>CwEà$3c?=՚AO^GȰ%
-5 ؤH"&]5AΔ
-` _c>:B0u3-p7m9@
-Q=51o0O1/~Ɔ
-QF"vUfyS!MMt3 7W쬂\YX8tSpX:a]Z jc&w؛qfTcҠRׂAjR4|zVa\/RV,Z-n_R(Ye -+Ԡ^PPDO7r+zp8n>^xE~S8XXXGk4ޠ[`s?Ka:ZܣzH8@p}qa_[XKfd9e_ o 7f樰|^PN=ko]dԮl`١8d>E,qadLd\i!^ 1f,F6Ds*ɜ1wwA::pp]^5eȓQ]tBˢB*R$Py=>xR\j^.6_QL o0 i`sj|@ϗÎ]Ctؠǂ2,SJ}C\ 9%@=TǶnsɀIM+z_ OR)oq@9Is8@2_R
-
-5,渻ґq
- )7Aʇ):Ɩ2ǂ lBqMUUOLrW{żH@z 鮬fJA!|Uc
-{ϺB}J.@.zbf ֏<%"G:6[0k$HG$ᗖ:@SRI^; Ҡ( /t%cē.(IE0*@],F|ĕl. N%r(!DSe6a=ܢG :kh4P臡`HDeCU_ϩ#R:.zB3+VV YcEnb Ϛex =rN~u5Kb<JW Ob
-BȤ%CS^Fc68ҤkxR`8h&:TnFyFf 3nh2Wa9^
-Kκ{}9#L󠹻^rXQ  u`jQ >ߍIģ$${$?hU&#St"a!x|9J0b V$jOjDzg ;4U]`Qo2{Ġ08g+%BU8zN%޶[aq"|8]όcMgw
-­qj>"zG* Px L$ý=l^Ք]1{D[|ɡ"׃CG89 owgqH(K7#(AOE Iu
+/Length 4048
+/Filter /FlateDecode
+>>
+stream
+xڭ;r8
+eqp%)Nz5MUݵEKĊDjD*gj}x ۳IA$
++>q(<%
+ 5摞ħu&DxzH.3mzM
+܄M!ly(<xݶ!
+!8c8fߡݠNm*aD dAhmIJ
+iCCxWUז{"E(4zZY"ն8Kq;{ mKT'da߇p5:/^?D>KJ f*eeMp8L` q/{qlj&aQЏb`\<ӹOG
+ 8 물NdBo/D1Sp<F> eg
+rDŽGy
+w;ov,w/81(C;r缁O(#g, @<@ৣGěM$ACrqN^|(ߍsYde(}*s`mY&|A3%=|Lka <xF~(`ѷa;Zg`듒sId{mU悿Jw>8D ŸӔgJ'ޯycH#nbjJ9t4?K4'r55U}=Se21s!X2LXd4T 1oj uvgtqASFB.T
+-ng߂~}q؄Q _ƹ!l1lC5%pFkD/UUԏW]X Pwb^` 糛t6s-)Pauky\]s*e1q#~cfwlJ؅u񥤧"%S1鲟 (HId̾@ SAC:.`=@(ad12$ʻc=vl
+0<dfD=Ȃ?v6 !
+p΀C]QgR:""Nvѓ.3AdDhQ
+
+HYgGÇ˩LhUlD1᫰TB5(܆M13K~Ih$?' zEu9Î_׀ѲzHbOJҨ5cp k0M,gl{E*Y
+,[Vm@y͐] =.b[Vt/\|a!(wI\d\S)qA\ľqRS]Yl1S2Ө~7;
+v-?dzZgX3/`4qjHX{4wvHVo{+ʰNN)𰯺pc7zF}Cɥ1hUh&ޘL,8W_~" >^v"@=q #ҍo bn+^F-ϩ!^X;D9A?,.?;iizjg-u=/%>]Lu]XOoѦ Bř
endobj
1126 0 obj <<
/Type /Page
@@ -4028,135 +4012,137 @@ endobj
/Resources 1125 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1093 0 R
-/Annots [ 1129 0 R 1130 0 R 1135 0 R 1136 0 R ]
+/Annots [ 1129 0 R 1130 0 R ]
>> endobj
1129 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [55.6967 676.8938 256.3816 688.9534]
+/Rect [55.6967 576.4843 256.3816 588.5439]
/Subtype /Link
/A << /S /GoTo /D (rndc) >>
>> endobj
1130 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [268.5158 676.8938 332.4306 688.9534]
+/Rect [268.5158 576.4843 332.4306 588.5439]
/Subtype /Link
/A << /S /GoTo /D (admin_tools) >>
>> endobj
-1135 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [378.2799 73.4705 428.5017 85.5301]
-/Subtype /Link
-/A << /S /GoTo /D (tsig) >>
->> endobj
-1136 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [112.234 62.1828 168.4527 73.5749]
-/Subtype /Link
-/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
->> endobj
1128 0 obj <<
/D [1126 0 R /XYZ 56.6929 794.5015 null]
>> endobj
294 0 obj <<
-/D [1126 0 R /XYZ 56.6929 403.8784 null]
+/D [1126 0 R /XYZ 56.6929 311.2132 null]
>> endobj
1131 0 obj <<
-/D [1126 0 R /XYZ 56.6929 377.7405 null]
+/D [1126 0 R /XYZ 56.6929 286.8682 null]
>> endobj
298 0 obj <<
-/D [1126 0 R /XYZ 56.6929 339.6466 null]
+/D [1126 0 R /XYZ 56.6929 252.8569 null]
>> endobj
1132 0 obj <<
-/D [1126 0 R /XYZ 56.6929 308.8302 null]
+/D [1126 0 R /XYZ 56.6929 223.8335 null]
>> endobj
302 0 obj <<
-/D [1126 0 R /XYZ 56.6929 236.1221 null]
+/D [1126 0 R /XYZ 56.6929 155.208 null]
>> endobj
1133 0 obj <<
-/D [1126 0 R /XYZ 56.6929 207.0192 null]
->> endobj
-306 0 obj <<
-/D [1126 0 R /XYZ 56.6929 125.1654 null]
->> endobj
-1134 0 obj <<
-/D [1126 0 R /XYZ 56.6929 93.2531 null]
+/D [1126 0 R /XYZ 56.6929 127.8981 null]
>> endobj
1125 0 obj <<
/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R /F48 885 0 R /F14 685 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1140 0 obj <<
-/Length 2602
+1137 0 obj <<
+/Length 2663
/Filter /FlateDecode
>>
stream
-xڭ]s6ݿBL)M{WqL STE:_v
-Olxw+}Oon/?xqu2Wpv3-@/8SEgGp&BζVL'Jy?{U5?rs(UH`%Tڠ*"g9G_ͣQc4]ٙ;OyYӠ{n#adc/GH@\G!8UV +2)2ǀT..z*؅,t7 YҌq|`nDk
-{Zܯf48J7;9]d⣙;F %>$=s\Qsv4 s2;n\ ``3r.A3GQAO}l#H 'Mg,'/ y_S$ƬI͒B'j"gX$+4i60Ykk-q DA؝2RI+f[Vn?bPWfZ>V6BD5et\> v(.Qi^x3y)XnEyه#24PwAܩmQ U>pnV.HyYR}[,onvDOeuEĦ"Xxq0bFU=ote3僡{cj %Ț``Y);Q󬷲kj@`5?_|kXn i['9w
-.
-B
-MK0@RuߕpPع@,Q&p,U ;v;sOc(иb|km9 (X.yst_7XJRPIB鬞#OHI?˗% g5Ӿ,u~2!'`%zBO $= >^,H/Y *b0K]F
- `f+beP %<LL@n~"j>CA34d)
-T*DE!CӅOS(Xg:׃- ݄[wunV>LV%T{غ"獔S%,[ M ŅG$Y_w,ѤɸPy. 9Efrͣb_r-䖁#ޞH
-
-XV0J0벮9|m@6FiYm#Kc t8T-f'oq_;ԛj[ٛpFC2pgΝ>˲WHcna ԇ$!ḃ`1f$8X 4gp3)h!ǕW.Gp|(PMc^
-U'2(" xgϹMgztYO3ƾ{@[COAIA&}qzWDn˕ I }2|<$%Uq޶M:z{!Ծsphr8z(A % m"Nl
-6!.!2KJP Ps˘Iޭ%q1 ͼ[4nwhmkuh_ћߖnȶ앩a\Ù'刯zRo$(޿o: -N݁[k U0}ܻdQܫאv Vfcn͑x hӸ U-b<,|˪`Y2~~ms%IG<3<
-9 s.:0-tt$wTˊW϶-!bj7I]kH9&MWm*þ{cx2mH<S(ʦY~endstream
+xڥ]s6ݿb噈(4ur]=K{5Jە6;{AJ+Â 
+`=XzOoο\xvq=2֗QaX?Q"t!P´Y&S}:y`8uKc *b@-%XPj .RfQO}ٛiz`~7U_ bf/]yg`31:-HyFt2:$ϸbKcw3Mw 쑬P0ğn]Y%*n p5Bן.#+33HAH%2kqrw@jtL}:^4Vx*,V"84Ra=f*S2̸Y vnv>R-R()tp>X\Mcjtl2(!6>sb$ɣ<t~fՁ))f܂U 1JT.тGbD1Z<;@g,;fɲlhϹsT&}ELm"66 S{ֳZy\IPI$WAo92VEVɿ};L1W-#fƄ AUKYChr
+NՐ,%Qr'x+xV<Ū8aya[Z]d&.3QD%[3R''*'$ ?8> % ܠBH{&Bހax3H:"/Knt"GtBr j Qܸ ] WǶr 淈Oy? CV,1D>fzhZЈK nd| 4e 
+fxsc%fqcE]VJred5tDO:t6~)_W9#\oq[B NJ,; ܋@:5཯T֐=kߕE 40ɁNPN"3R +Vl#^knړoK{[ȱk ڶ&kPat:ojS /7xeUw`1\V5\V+3WG=^`QCuc`% !#lr voa (O7'm;Y27{Kh =8tɉm!n ^{$ִg眦{
+1SBzq'<![thxXOYNOT}F|I\<&B'H,*jԤ÷b\؇mY[I;uvmy.ZBV RٷrkIM6 cHsSD$_o׻߸ezw3hvvս7')̠k3#fG.x},AC#A B '4;vNտ@}K(b,M G <`BW&
+0Yz]{_H,kP;ɡ8fZVlڰظJ%mS-b#d~GY{
+СBxG<d|QAsRpPVqN%E (^endstream
endobj
-1139 0 obj <<
+1136 0 obj <<
/Type /Page
-/Contents 1140 0 R
-/Resources 1138 0 R
+/Contents 1137 0 R
+/Resources 1135 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1145 0 R
-/Annots [ 1142 0 R ]
+/Annots [ 1140 0 R 1141 0 R 1142 0 R ]
+>> endobj
+1140 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [406.6264 730.8852 456.8481 742.9449]
+/Subtype /Link
+/A << /S /GoTo /D (tsig) >>
+>> endobj
+1141 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [140.5805 719.5976 196.7992 730.9897]
+/Subtype /Link
+/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
1142 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [103.6195 731.9163 159.8382 743.9759]
+/Rect [103.6195 677.087 159.8382 689.1466]
/Subtype /Link
/A << /S /GoTo /D (controls_statement_definition_and_usage) >>
>> endobj
-1141 0 obj <<
-/D [1139 0 R /XYZ 85.0394 794.5015 null]
+1138 0 obj <<
+/D [1136 0 R /XYZ 85.0394 794.5015 null]
+>> endobj
+306 0 obj <<
+/D [1136 0 R /XYZ 85.0394 769.5949 null]
+>> endobj
+1139 0 obj <<
+/D [1136 0 R /XYZ 85.0394 749.4437 null]
>> endobj
310 0 obj <<
-/D [1139 0 R /XYZ 85.0394 589.1911 null]
+/D [1136 0 R /XYZ 85.0394 543.6821 null]
>> endobj
1143 0 obj <<
-/D [1139 0 R /XYZ 85.0394 558.8491 null]
+/D [1136 0 R /XYZ 85.0394 516.3776 null]
>> endobj
314 0 obj <<
-/D [1139 0 R /XYZ 85.0394 294.8462 null]
+/D [1136 0 R /XYZ 85.0394 259.6272 null]
>> endobj
1144 0 obj <<
-/D [1139 0 R /XYZ 85.0394 261.6947 null]
+/D [1136 0 R /XYZ 85.0394 229.5133 null]
>> endobj
-1138 0 obj <<
-/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F53 962 0 R /F39 863 0 R >>
+1135 0 obj <<
+/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F53 962 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1148 0 obj <<
-/Length 4109
-/Filter /FlateDecode
->>
-stream
-xڭ]sݿӗ3'?zOԗ\\ҫI2J$(R)N{w !io< X,{!y-O^$Jr_y!rw%7͕1s7h>՗ouzGyh,Y&V?͒HE70}77i<{2b_n͇7\fFξ͏w+9zOqaoo?ܾ旻n^BFu/zJD: ^D$\]b#k ߮'O"R:Q*"ɣD+ K bv-im4eM/?nEWfaJ=R\&{SuF{Ǟڛշj큞;hlKI*p׸&&qi*^ȋ4Κܖ?ϩh~#i!eȏ ޗ.IGL٪YT}6Խ;v=UͲ>Jn|WM1 _ű+=A#i[bc鎃ʺ\卜ny|a7*e#T1gOD0Kf|/y<3}q.=t^˪)޲!~ͪLʃ}k݌=qL)\Gd_VUY{,]O"GL=k<D Qwfuz
-wQ*̵Lv<?|zFƗ"HIņWkl< "soʦ<Fvj+
--ެ +I;;=-\-kJE݃2YlH$b=`$IRh !ťQBRʚzizNwQj9d_lj+P(CgExSp^ӮJAPK42*^$W:Nm  קU
->Vag Vy#xĜs
-G0kbeIayh
-є'jF%M@7`n2U6)ˤyr%'E
-ii];^wUG
-`G*ƺ[_Sp<~`*Z܃a|+ٟPNW%GŸ2=b'%cyhIAqM!'we@VTt]Qa{t/NoUz&*{)2l%d^(}<>H_=y *י0+! j!S(q͢$fqn<,\g*>t9KgZKtCQL]}3G}&|g'L2 $4Vf}?'>}kJ_\%6bI`/SK-rm7;s rF b,QígR}9k^Ռ޸V$}
-[@Ŧ?|*NR4p:/,CyfkkU'Iu^TT؏ExdW0tt<ZHL=-ϧ]L.~q<,=aG&cp*M H<l$:f>) TFU81S<\FRllb-̚L,Njy=_Jp*Z RQQ ]0+bޛPQl6y,! .i) WBϦ\M`-y!w}W0y!0R;FIV>/C`T.pU~8lYh[$ũ=llSSs2M+{oVlwa^v
-/X#XGS~K<v;&z`_p_g?a'~3$?V 9HM3N6:StGjjkraΝaen[#ntp hEg{z_YcP 7:
+/Length 4006
+/Filter /FlateDecode
+>>
+stream
+xڭے:}b2U/r=쁳2<P$lb@t[Qvfa+[ry-'m*$VH{_ }%yZNGouv]$E뻇 <y.]Jn
+.!zk7нTFjS: L:#R7_OBp,^*joZ}iv=c)eRXV۲i]v=Qܬj2~p.l@2 ce9lv13{hCDDh>SvV5Z'KNp-efj{&)t.(Hp!Sl?leWE)dFٛ
+Q$uݭ jHxBI)M԰bW란D'*{\  zǰ{\C_lq'
+&Yezǭ7*lz4u902>6ni4##26 71w*'to]3<eIzO27E:y͎M#pb$
+!Fp قAJ^ȹMh!'Jlx@[Q!0 IJG f
+>x >.|e2v~B\h;Gc\]Cڠ=!]w"}}$2J9-la!+}! H.֚sd&aR8pyUUúY+^ B$(}K#ԣY2js&1rsLZ0g >V`e ^b'xYԞK
+r/i4ˮso;ayO\ J큻pdǛP).i!a1%`}%sހqtp_mOu_*$x9́A;/YNmiRR,M[diA)Bttn \_FRT;8tRl?jd4 |19_RƊu̯Ҹ5
+(H+e'iP"mec):ԙԼ
+ܽC#Gw )=רhNi.0tX
+ufK$DJvVɟÆ1Y 9/%
+Lާخ{bz,KUe
+D0Q߈o.Icxh6.#& [*{IKjoR'>s方!yYz xá=rA.ȹ@G`p0]5Do~c%r
+ή`\`qǂgx| ׅ#H8E9MgQoN)ރ98l-^XQR{;y# +í@]G]1"!+~amx|{5V쨌f
+#7\폞T>dPinvj"yX֛-ή
+xI@` :ڠ5tI'2Ͼ2rq=0DUL 6>qF(?wUqeg
+M
+x2IEDNY/ ;[Tb;9y~ݺ_.&?1H9,bMN 9IufGn(0|ښdyvs<Y2w[9#otEgz_^.PP
+g7<܀_FO$`K76? D 5LQ(&zx?i)hendstream
endobj
1147 0 obj <<
/Type /Page
@@ -4169,33 +4155,31 @@ endobj
/D [1147 0 R /XYZ 56.6929 794.5015 null]
>> endobj
318 0 obj <<
-/D [1147 0 R /XYZ 56.6929 769.5949 null]
+/D [1147 0 R /XYZ 56.6929 728.4063 null]
>> endobj
1150 0 obj <<
-/D [1147 0 R /XYZ 56.6929 752.0323 null]
+/D [1147 0 R /XYZ 56.6929 705.2957 null]
>> endobj
1146 0 obj <<
-/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F47 879 0 R /F39 863 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F39 863 0 R /F21 658 0 R /F47 879 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1153 0 obj <<
-/Length 2579
+/Length 2604
/Filter /FlateDecode
>>
stream
-xrF`bJ>9d+qrJR.
-oH/\ {Vۻ?y˙DF(.X(3/BebbƑR_rɮ9_,U+z(Oq&RH#) d) ./42Xbx A@R&Fөu>5K[R-Z<h`_l?*h3Aޔh[W͚жmiv]KZ+<2gYp hw]Yh*TELY
- `w}k&"g@(Ђ\&̑P;  B?
-$}`2CQf$Y.p) }7% + g^Qn~-gv# ysPm]m,>8GI@Voy| Ɍǔ#Tr2|]`G}5l<+.u<4*|AKKvT^53ReO{G7
-TO9UɠL
-c.m~>2 / Ԓ(TI͕{I!&@C%EAʦ@2JMvy]+W͘IdRYJBo^#ƞ$,v@(h¥߲xBBҙv
-gv=It$@y4J&Qǟ;D), Qu :d v wk2R%MݸDP #*S9q#(LȁoM K.
-\ 1G9M#z(j2 HDX
->{T>-a+*:)#, L/a7-(O_"f"d f^n=b8 Eht)BqJPb;}ᬍ!6j<c )='qhem^ze WX9s<FO~9 U^T6 9%UjϨipJēv~GQöմmy_cE",I+:?mьc^ P9Kz.q<&_Ƨ UnKN5}|
-(/}IaT᧞V'ԻfJ@?ݠ˧1mKK/}2uggj*v]!kk0QS!!9'n|vVg3YlHO6ghQt6^m-yI{kP-#%t4p4J]
-pHPyx Ui04D("s%4~[jࣦXtBP:ihVC=#TdeGN^+DDtI)\D󘓯$pXs X,.Ng7vcMCh5ĴfsNj0SFpXGyf,#Dv
-vV|\ #;14ڶI*@%G ;6 αޡѢھc E806iˌihWk7οM,{$52u='fce
-e$S76endstream
+x]s6ݿB3B
+/"d2Sb!Y&ۋ(,t'fOT,V"(PH%P e<uUw8"o,pXtW_-~vuլjVm͇m}іH5fC! mA͊0S{T:Heq,}k@V aP;KFX6FZ6s4Br
+x)M5}<h΋f&GS#YA}YǰՁ`w P]@'f\0!e^ouiѦ!c[,p$iqMV!S2v+><f\E5 eny^u\9=}5ï |2Vv*5 \K!ND,XgE,3:UiaLѴ
+S@V'0xQ 0up䜣?#lG};ρ90JRhA\.бP_>_BZwrҫU۾z?CFˬRPK2daȕ
+,B &ų GPڙkp2́Cv1Cm͡p&y:7q'i3%!U4#SF|W8c!.u<@D
+_Вs9tg>$513r8ϰfȴtFS<@!xq+Hw۪L
+m1. O0WB@#
+:8g ADv%0FsM& Z1(J1z`9$h6輱im7P2UVT1q
+USx REFFoQcO[
+T:YO4.*nE HRďwtSyD:q7!i{hu<
+r$P8o8Kp"Pxb9} s= 6
endobj
1152 0 obj <<
/Type /Page
@@ -4208,7 +4192,7 @@ endobj
1155 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [173.6261 500.8708 242.2981 510.2804]
+/Rect [173.6261 465.0053 242.2981 474.4149]
/Subtype /Link
/A << /S /GoTo /D (the_category_phrase) >>
>> endobj
@@ -4216,25 +4200,22 @@ endobj
/D [1152 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1151 0 obj <<
-/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F39 863 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1159 0 obj <<
-/Length 2502
+/Length 2725
/Filter /FlateDecode
>>
stream
-xZ_s6%L# /Onj9;9Wk;J,N(RHNbA)>;3?\,o#(Y{H> \3wtcθ4L.ӳ]
-9YzhȊE|4MqB1Hpo.>|,}gzf<׹=}=>Oxp??M/ni(2(1; g,rWA~?7w±<s`
-쌚qy"
-δR.zb rQnzv8q @16mN3z|d
-#<=ߤınpnu~T1jsoOWOe"ӑݻ!' 8)+%MnwpkC<MVCfzN8e.8q|x\E =ޮY-lCEa} ꏅL0=uC.  91 e'*. R,Of9\ҫb:>̀T&[WYYXr,jV{caJpz;kkW/*
-6uaZ%&XIShQWuWƮ'jjln  X '󐷘t^1j6 0 >63&a8ڵ
-
-P-@=6>i1]Q-5t- gdvzZzn"E6ֳ- H
-GMtl`qО>SCWE[&W9<u8~*1儍}µ ,5&`;~5<L
-;S`
-f̴"ͅ8t)0{‡y!~XiꀒkS"K`')UR{7.bfz^M[7 xc܋#sy׍^?D8Z|97"(TC9+;{SQ x.`N/N[ټD9[uY'.3tZu`$NG^&> %]],5ßݯ|DyÿdZ
+xZKsFWr1Tebc}Rl9Z:!M r(  H߷{Hkʥʉ?91&*DI!d:;Li;iڟ^hI͢+EW/~~q2{}Kzś7ϧ26{w7i(d_]"JB0}n~<?ٯu_&}hR1썺I+
+?JN6#}' 9AeGSDZ\YY3 <bΈn V[}Tb'ZEN $ 6'-r*"3[%,ywlie8Ҽ<,Y H&ɷRJnؖV<[lVsH;nẙ!Mf+doLﻍ:pڒ1AB
+f?2ZH /+챸Pa,8 dv$@)f~m1`_!CP cp DEKBn4- Pxڂ続m2Wr1` evm(frK{YiVc
+.Y4mh9/J@vSB4;R}T i, YHGԼ充ܚ觳l!8e"jFbKSjX>P"k.w9Vuu֞_>IqU/9$`+6~]5SÜ1#D*FWʜJ>PvGaDa}c2#󩁲lV5syU3[0]Q4]׊ oi,/ˏͺ5eѤEn[Zv7_ dgԌo]t4(Թ{x>mzRǒU$qD )/aP wMZTڻI觍^n՗]2aFp0߱~8$ C_D•!Ђ.T2#Too^2u9+#3DRp$T]<ݻAnS|*8 T
+?e
+*ebv\IRnޚ"-ln_eEK^Ʋ'jKljA_T0]#}‘":HpC|t}TP8\hX#{=$nߟJCkV}[tpUEǔāƻ<
+*$ w4v(an9}O܍>t5}:y!?,i ^ۢIN_[9~Z95x[}Ma6j Umc7xRsoz{~ϥKjز>FW(Z|<<`A9){|y'~$Q
+y!BxSW[<'
endobj
1158 0 obj <<
/Type /Page
@@ -4247,40 +4228,35 @@ endobj
/D [1158 0 R /XYZ 56.6929 794.5015 null]
>> endobj
322 0 obj <<
-/D [1158 0 R /XYZ 56.6929 729.6823 null]
+/D [1158 0 R /XYZ 56.6929 687.8392 null]
>> endobj
1156 0 obj <<
-/D [1158 0 R /XYZ 56.6929 704.9004 null]
+/D [1158 0 R /XYZ 56.6929 663.0573 null]
>> endobj
1161 0 obj <<
-/D [1158 0 R /XYZ 56.6929 387.929 null]
+/D [1158 0 R /XYZ 56.6929 346.0859 null]
>> endobj
1162 0 obj <<
-/D [1158 0 R /XYZ 56.6929 375.9738 null]
+/D [1158 0 R /XYZ 56.6929 334.1307 null]
>> endobj
1157 0 obj <<
/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1165 0 obj <<
-/Length 2770
+/Length 2655
/Filter /FlateDecode
>>
stream
-xڥ]oFݿB='ɍ.p@R*Rv}7Keqt3=#Q(Qa$R9Stu9w~;{^ģ4L5ףyWFIFw/^r79s:<+?]]_JJû>zsq5-LOn&&c(p}g-HC<5?EH5z(diG3D~8=WkOF,d\)tFtݔ)J3R x
-g0)D5Uj˟[MxсJ@nfϟK9gI`3;Z,[k1(-| &4?+dD5/, MYcݻN-Cp?@3 YQWcPW5ev_`D_N{Wؖ 8' >Ɂb\n$ 'aS]Yi"W:ߢ [b'l{]mGEpwWٌn#+gCX8({*bH=aw,);
-2[7-2$
-P#yD օ Պ\]x.ohQv@41c" ("J5u+]I( '."tB*IB q"Z)s:k˓7<4%ҭ`M0`h&<XCm rҏFp܅\cnVSP7J˥q~'Lp/PŒuJH$f OhՇjZA?Ν_LJk
- PY+0QTV4A4&=Z}`[*u
-_c1mV%vaR`_d#
-D:j
-Wet.[x$Mc,
-xk =̎ #"0򦱤v%uA/9^D?p]-鐍&z IDp
-lFcF(9 v:k} /x!Ot<eGz0P{)!ecz:)H'
-ͅo
-:P w`dfs)Ijpʒ^TPqjvz ,ν=k9+,Rn#VĜVWe_WEw)ˏq{f-3
-Nגl٣b$!GiU yg2m3uJ~Hb!_eB?dEnV* .>@yBޘffc-X*OP b̸Wf4P Y5'3<+m2,sצ~?zg_ED),$eCt ԯ|Dމj~!Wf9Z7Q '8؃~W s9b0rə@Qihץg7pϟ%d'UvM4SIU⮳Lͣ
-H%䰟zGm=?X5~D}w)|dHBx5Cendstream
+xڭZmo8_a>=")RRSI{Y^ EfldkoCŖ()r8C l_6Kd4iȐY> gK{w,!Owgފxjv0a]}.COs_FRj|~{כyywWi˹`=,x{zn?|8;,x?>}g 8ga DΞ# X,"n<=Gp0kN/
+Y3_$A$er\,A2RKS6*لMX$D9e(1nZ7:m`'Q |YՏYIͪu*`@-Ym}kD`X)>#$}")%<ݒVa(Sڎ@1
+)8sϧ^Ucv$ VحM(xsGSV!Ųr\ok@+ҁ|c^_FC;_Oi)֛Ry&.WԞp{9ׯIh2n Idy "$8V2VA~"[Ȕ\QϢh6YN KH~-*e&MT[8&t}4uؕtl`MSh$ r8i͡Oo7'- I/V-l!Jٲ-y}{{fX^<P, g*!DɗD[q\< 4>$`DQY '= 1$-Zwo0o3sc':?Əuu)}f L DN+~]&)wRj *,0!l5GHsN'ޛ{M]@_5½
+B<FUx1,DҺP6fcF:3=
+PRE_Op9!Kh, T`x4#?DeѴ-0M<'zqL_?oXu~twX觾;jpz耍ζy[묨 =W7hg:.u9 PG}!ty(&[ꯉXI/n $ScEp8 R
+˟E EϜ,qfZ[^aIS,6r5I9# xg#V i`0xEQ?Nز)QtRWstWjh-^k@!:', 0ᄄ uI 6bμ'pl8 o#IlEQ:wCFd9VH<S&6ͅ
+W9n6Dݗqoi<v9YjΪ^-TvYtt{FC)7+dWW
+ )8y! i{nFVq]CAѐvmg-]NTb[,2gQuB#G]ˣ 1+qQz!<qϷ&T}ZxDֱgD*1?eDO*fwb)3j(`~0
+|2'nU pm6Z?oُDe+',~P7,LvS
endobj
1164 0 obj <<
/Type /Page
@@ -4293,14 +4269,14 @@ endobj
1169 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [519.8432 252.798 539.579 264.8576]
+/Rect [519.8432 216.1999 539.579 228.2596]
/Subtype /Link
/A << /S /GoTo /D (lwresd) >>
>> endobj
1170 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [84.0431 240.8428 117.8035 252.9024]
+/Rect [84.0431 204.2448 117.8035 216.3044]
/Subtype /Link
/A << /S /GoTo /D (lwresd) >>
>> endobj
@@ -4308,32 +4284,33 @@ endobj
/D [1164 0 R /XYZ 85.0394 794.5015 null]
>> endobj
326 0 obj <<
-/D [1164 0 R /XYZ 85.0394 451.0558 null]
+/D [1164 0 R /XYZ 85.0394 429.0696 null]
>> endobj
1167 0 obj <<
-/D [1164 0 R /XYZ 85.0394 423.9067 null]
+/D [1164 0 R /XYZ 85.0394 399.3522 null]
>> endobj
330 0 obj <<
-/D [1164 0 R /XYZ 85.0394 301.4703 null]
+/D [1164 0 R /XYZ 85.0394 269.1889 null]
>> endobj
1168 0 obj <<
-/D [1164 0 R /XYZ 85.0394 271.3564 null]
+/D [1164 0 R /XYZ 85.0394 236.5067 null]
>> endobj
1163 0 obj <<
/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1173 0 obj <<
-/Length 1216
+/Length 1372
/Filter /FlateDecode
>>
stream
-xڥXKs6Who99:8"A c`Ж@՚Gs?~X,-$0
-c k->Nl3@7bN`ͳVQ<]\Ё]\mvuz/wS]8jv ȷ/c>`{b]lz3MﮧO鼳o\eȏY4A7|I6ر\'_'vѝQl7pؖm~ q;mW(0ʯ RRj\V&˝{;,RM;@" X-tVKո׭uH 2p֯-ȳ}n;3 Bhym%"NA!R2ՕoIր?LJ~D7Qzq <E9{ՌզO +VN,t"$YN+S4UnrѬ9~4pxeК
-VfGV Arz81~Jnh{!rX-m3|XrQrmv_zøǂ9嚀撦RZDĆ
-R0ByGi⃕wOYa^G*7j <'2-H/:P :;2ф|E3%~7ڿYu6Ew>dd#
-srI/9' %^g#sb1c9cٙegdx
-!Um' |gDV?:=̀<9u TfL]"f)YFJzm4֗!CƝ5 ?@![I\ˀq3Fj5N}p}# <7.Kd^EK@?qpBD(,^/#rendstream
+xڥXKs6WH
+#lvqA-h)\q,e$ϋJϋiQGI_\j'z{WTįʫUN<1 2>ìKgeb)-|!ec (%p}.Fy!-$[e[liR=HnasCD{o-X%)̬ȈϪ6OܼZG#SqgzzKJtơQnQq0ͻzD 5-}!S%k;>ͱ#S!$U6e7(.{_"j)ꦮIVoV֏C2
+ip?j53 yVf/<'fGUR>7Ĥwpg]ʕGUO|ΘA蟦 `B !t=3k6qP&"LUQԕQ2DeZOR!mh~
+6 A/
+mJޱ: UuTn{(]L.Vޙ*`;8Ԃ~S~<紑2K K a E՘ڠ
+Fp#4!]JEN:3:$lX7SP#A~L⌂t gP##k̔.ϻQ^eU=Hj6eu(w9=^QJ@wLYGr荮;GO7
+IwlD3ptӼn-e9ZT3< ' ΙnN?
endobj
1172 0 obj <<
/Type /Page
@@ -4346,36 +4323,35 @@ endobj
/D [1172 0 R /XYZ 56.6929 794.5015 null]
>> endobj
334 0 obj <<
-/D [1172 0 R /XYZ 56.6929 769.5949 null]
+/D [1172 0 R /XYZ 56.6929 716.8068 null]
>> endobj
1175 0 obj <<
-/D [1172 0 R /XYZ 56.6929 752.2028 null]
+/D [1172 0 R /XYZ 56.6929 691.8907 null]
>> endobj
338 0 obj <<
-/D [1172 0 R /XYZ 56.6929 693.9224 null]
+/D [1172 0 R /XYZ 56.6929 633.7645 null]
>> endobj
1176 0 obj <<
-/D [1172 0 R /XYZ 56.6929 663.1642 null]
+/D [1172 0 R /XYZ 56.6929 603.0741 null]
>> endobj
342 0 obj <<
-/D [1172 0 R /XYZ 56.6929 628.9495 null]
+/D [1172 0 R /XYZ 56.6929 569.0137 null]
>> endobj
1177 0 obj <<
-/D [1172 0 R /XYZ 56.6929 601.0964 null]
+/D [1172 0 R /XYZ 56.6929 541.2283 null]
>> endobj
1171 0 obj <<
-/Font << /F37 747 0 R /F21 658 0 R /F39 863 0 R /F23 682 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1180 0 obj <<
-/Length 1186
+/Length 1187
/Filter /FlateDecode
>>
stream
-xYr6+:OWNiVUWGC̚"4B[lRt{pc?l"*a 9p=d=}@2&1ѴeCdy㋫_/ }@80ap]% /|Mpp{5lsIA0rؿ} FE,x1@wt{RasI? Ƽ8Q?{&8!$ aqMJFq]}3*qJd?*pVKB% c 
-QS+bdi>Cue&Rdtc|Xz NvuRDte@Zw'p9Zڡe,e_K.% %װboPJ_e~*/`ӂ"Nby%7pJUݾeLڜd6cV' Ȩ0O(H
-e!ikO:E6g 10)#];S8f?F=CZe?Ȟөmj<Hem&\ebڅ1_N#q |[XkˬZ5Jƾd5d\OW};4Rv^3mgzJ?x:Ν%WN;L:EZضJlбEU;
-2Nr׸"lޯm)l!aժReQ%BB-NV +A37%Cl!Lt1I#ݥғvojc߁'%_(T打!6eQ(?nXR&,ߞ4 <äCcl4*jTр%˷-y ! X[n{HWsy+zU81@:6 tN9\_7܂=νs߶IqNh:"DX9un3/.w@wJendstream
+xڽY[s6~1T]>eSgnuݧ4!$Lxvֳ^a.L;t$)@6
+fXA07p߀#Pl% ILcv_ò!ml̼Mc@8:3p}-q?fW_str9N/&cmuR py$izt|;<̪XbD@nn?Ƴn F8bB(--_`k~ڐjPȆ ˰&%tɳx2QyG(yIa[IZٳm? ߇ҔPpN
+lXqdgtxG: Q⤆7n8'D/8{Rd~?JCN
endobj
1179 0 obj <<
/Type /Page
@@ -4392,16 +4368,16 @@ endobj
/ProcSet [ /PDF /Text ]
>> endobj
1185 0 obj <<
-/Length 1615
+/Length 1261
/Filter /FlateDecode
>>
stream
-xڥ]s8="o`!S+sJJʒ;1% ɃVj?%1?R/iBLqލq["Kz2zy'$!I~DC';o>^_|uz9@N?|8:qI͟OήRdy|k0~l>K F7xñߏ0$#x9
-B﷘riϚag:h?Gސӎ" 0EOcgPSF[T;Z|ZNxe&7 %au4f4c2B"p ]׼G3 4vIU-Ay2\ oB2r3`ne23~v!ڡ;xYJdRcI*+ /B=B"jQT\_I⇙-NnwE>c}[1ܭNLT|< "~bɎ
-mH4XӴ2Nv}.@ڌOukxs,(2A@G37&2dQm[Hzex& ^3QP=|%^ӘD:3T 88li4ŀa%iJ~m@l[NC𲑵68-yՀ1i
-jp 6hq0MٌJtEYqWs'(&$0
-2šnINcIh@r{+Y^szBM@%֫U8pʒVp7S˕zkvڍR@($8xL$ *Ҍ,%kYQMjhsb}\BHsXi6r4VMXg%@ixvTKP92\Uõr$V@>ij9fniKܞSCU\@Z
-}C6{ 6KhmSDS7CE 
+xڭX[w8~WY`c<)ɦgK>9a ֶ\I$!;@R<i>梑dmM?tBcMϲ=#J;]AAhIݵ;0B3ߘ
+ۘ]t XݫeoNnF=xVnƗ>]{<{p
+xx=GWcg8ٮe媅?XF رL7 < ic^u7p=i?2wN03``P/4}q oY]2&|ͧ8n-_5to!c&J&ևl =W6ψ>9J B4;[3kV<ɞ"'i{!b- b,9s@8~QBpF$' $@eG`Ih Y ٢ž1Mf(-@R6hŹ 1^A+8N05w N CUFf5ҹ Χ1듡P;R!Θ 5X Rlf&b4c1'1jhɏt5 J#,!.0C/)i6 '4|}DGSRfiaǠ2U朥䲭?j
+i!
+R-ϥa$S*N= rKJA7$儣7w߅$h8.$y?9~RIU{}$͡ FFXGjZeD4T5_QvU wq|
+/H9wwϴ]OO5YBAv`a8jFc0ׇĞrۅ*Ef*[4$S~wFJAbM4LMN;0`U1/)zMED{NjSu}g
endobj
1184 0 obj <<
/Type /Page
@@ -4414,37 +4390,38 @@ endobj
/D [1184 0 R /XYZ 56.6929 794.5015 null]
>> endobj
346 0 obj <<
-/D [1184 0 R /XYZ 56.6929 215.7523 null]
+/D [1184 0 R /XYZ 56.6929 122.4687 null]
>> endobj
1187 0 obj <<
-/D [1184 0 R /XYZ 56.6929 183.9675 null]
+/D [1184 0 R /XYZ 56.6929 92.1609 null]
>> endobj
1183 0 obj <<
/Font << /F37 747 0 R /F39 863 0 R /F21 658 0 R /F23 682 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1190 0 obj <<
-/Length 3744
-/Filter /FlateDecode
->>
-stream
-xڽ]sݿo'"SrK6ΙN'-R$R'Rs}w
-[
-
-w%2'? 3g\Ae,KtEʵ31 \2c>1gY?xOM.8μ KDƂԏ53,s|[YF8F
-u[޺ByDG:#Gp9f,G qq&Z P@;.eLԶ̲mȝPOM4Ƅ_1b> Oyh哾8eȒHlPx*r1bX#F:z7Dˤ= iqB1m087sClmi4yDA2\qk@,8F6nXrfjn.3`#:ùfoRt&ͱS?10IjݰnF:@|ظ lr _}qP'*(:/T>B
-;@W+Xyݹ
-Ϥ:G=rOS+Qrx~
-~RUhw|TFMFH{:/ Zj;Nmtf \Ugy$&[իڝ&֧0SĥtMEVR*38|n?IMʘ;!YQrb:+0@R sV>^$º`%&<ʡs^%ōEacd0`'f|ֱhC}`b`0
-MzBEkl T 6WV`f4Oٮ)\lr$7s:
-s&'mکU/e1y; Xdns ]f+\UY>&~?4hV1hVkeܲlbVn(&Dّ\Peh=UeWQfҰ\_+w؄Y z<s ߔKI_
-"a
-zcH&` |@gIvAi@Ku{:cϲ(wEgUZp9|;P<!ikN&ASv㩗t Siq ].7]à/ا?7yC 뎱̀esV<:*_ `Ͱ0=b‚*j5<xPހձ+F;7u o%7r5 @G -aRYĹK}SʂeAۆ5˃TZ
-=o.x)qB`bGXc,Baܛˡ<՘ J ODzF{[
-7BVz{2Sc'}'9JcGyEwCFI.h"HXqAKD51mj~
-WAr>3C#-2 ud!6;7>Ы.eqe/1W2(>;ADWwx
-,O"c"L>`g|f3`̆FG7v@!Ruh!#|3.а_r;*>wf[ [lЇ.ӐM+ngdIXx@=zzs);sj:V{HfEfE,z-ckl/9*P!}XŜBȋX,kX:S0쯧uc˨Fy<$_FtK ,1⟥g~N胈c͞\؄h<6l܈%^"
-0^.`VQB\Cqeܣo(ͦ9BPQj0?%4GRi,Srš>ȌKP궣߫H8Kߙ,RԆ`Xˁ~WR22-|R7m34.w@E@w}{~87o6g5NNIyԢ=lj T˙ nO[+xoP3ETsSxPRM9WBJbendstream
+/Length 3581
+/Filter /FlateDecode
+>>
+stream
+xڵ]s6ݿoOi]\Mۙ%D"H"x< b
+p!.~_a?_pї3a_$Z1( &z)ie62TSԖ
+Pbw-uWkvJθ ȤeR$zeEL)c<><) Z'aMЎ"g6K!-]Ix~
+ s
+Ph\~iؚ\2rq!|
+o0YUhU)pMir.Pv !@[?'RR3<6%
+_
+)Ƕ<!c)XMR~7C~)D143BT\xoUb= e롛cwe
+P?bRDm/KEsk Ԇ
+ 5e.\Tv{aZC>
+n[N&г󵇄)BTk e BffU9t3PsaXm>oo܂E7,նX`ӧktPTlHI"-&n7k/NVg2 9|iE5/˹aVxiPt 3Vg3mC/
+f4hh}$Zeմ+8(獐Dj&^B4uljf \fBNenF0::ppF_6ao0L,T)TAd3}7f\S2L:lR`n%I+Q) YIuJKu}m jqj=E5`RR#2cb1 Ƅ
+`b`g0
+F[Tz&$0}لlE}h|X%yWW(ΰO\]B,.v
+)e}㘙cYoxVK
+*yN3L^
+;BeСRޓpT1CE(Ak}/i:,;}Um7eQIR
+s5t/S1tQ$ɺZw ;+ͺ'#l-SJ_qc?Q'NW)ByY%yb_:A#X .X<"O gso!C U/=q3g<eF,0I)6Rendstream
endobj
1189 0 obj <<
/Type /Page
@@ -4457,7 +4434,7 @@ endobj
1192 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [250.9056 208.6872 324.559 218.0968]
+/Rect [250.9056 118.4935 324.559 127.9031]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
@@ -4465,30 +4442,27 @@ endobj
/D [1189 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1188 0 obj <<
-/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F47 879 0 R /F39 863 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F39 863 0 R /F47 879 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1196 0 obj <<
-/Length 3362
+/Length 3429
/Filter /FlateDecode
>>
stream
-xڥ]sݿsOLrr9yrbnm=PJ"u"e'/Hi2cK7@D*4A|> ϗ38S4c{<ˇ8=ςLEqѣPkqX:QA\
-Bn AIxI͖., Z}.gLȬS'6ӱe:^(('N)
-@r:NW6u^1ft,叝~%h7M0XG<+"Uݔ-]"5fiҺF/-He*F6>q3X(mtTfDM]}}alIDOsF[ԐNj,춠XJUI07kSw*CCbDj E5Z̓fuK y]vG SJޞ( Ԇ\v+_M̗y+X3V 6W3"xt6k Z)82(W ?,`u)>~z!o-f<qRÑ }4QsK^nD^~(o<k=޵fv}1a59\bH:p ,6UfWf vn_4kzqUC\><\=5@y~bm(r#OUh | cST
- DW.l,󬼂CλSi.
-T3GlJ$vbL⡏uJBVM9oe 3}5 xbÿVҐm7#*R+rC5Қ)6O6ltzWew[
-J6bV?3iFBL ಷWVn{lS[庬-ِ|s9?q?S*Fهmǀm%!" w0){9!iZ cTk4Ǚ۾ @4kA4W2H42Qc>Ui5
-MI$aأD9+YV+
-_O54AhӵH~
-B^K@_X Rh# RdtDX.$EJVl:l[A+Pr"Sc%qEкepp/ZFԗ:(ɨA$JeĻx":A uXVbJ#"$0Y920@>:K&8"sT"*U$!xү]d"GzQf~ 0/>]TƵwz Wqa+ec׭ԋ|'X#N!^i,s84q]pXBE(S/]^AC+
-6'f jxys|4jAC9bͽ}2[;"R}~S$Z\+߁**9'˜J4ּÁDT'ۃ['maw2_Ж
-
-0=Cٶo@zb'H"%R CD"i*S聛ZKKzږ{qP%-\`Lui.W5څ5$N4414NIU֟1c鸊}l@I;q$W`q(<w C,gCbQ;KP;/>m<+JK?n33GE֏dKLtbm.M==ܫ
-@ :
-C"op`&fc;p[5s8rbj9 zU#=h$87`X{g}iT[(M#3:j]g~Rb6qhLs1р$ K]p 6qa%ѐ@cSiG8@:tBPè0}1pCjr?[>2Rk TX* o?˪yﳞTߠX>X"D](t
- }񅝷ެ_i%=>bq_|5u]+N]g?PpT[e f{ިiUųѴVaI@(jH0MғY%7]`;M
-} f0۪p@9 aO U9_a-e?+ }{ؒUjBWf
+xڥ]s6ݿB'y&B  铛8vc>$dqBH]"%J%3X~,rca:KR%t ,__GB2#-X?_|>JfH0/k#gůXVo?ݼ۫D?|\:5A?^}xu{F?]b^7h$ljEo_^߼, ƒqc|(5z /iJGB(#_))mU DpR$RRZG=C9e\fuѬ}*s{xf*ĉ >ھǚ?/T$ʨ1+ m/,i΍7z>0⮵x~M}[a+[zn:ۖ~e%[d܌Rl)E5l۬+}sd8ow
+ g-=|O:`}Kp4Uٺe)<g[>֖Զ)3Kާ}cr<š -bIE\CtqD,Hz_+*a#!r6+mxRJ0 K}ɄgImQ0`p?v嶬8sYU.6+z^!IL!ڕ>\ʹ*۵- QBAplw.K`2UU; $yLD(4;p?ߓHb#I"UJEY^Czn
+iyUZ_),0]]҃]"(4HZ ezZ`{
+fW:xyjm*4NP}
+@Iqno-EfF?'+hV-8n|F
+nSXF|<]s٭LmfծFϐĩ[m3{ٞޔU/{0T4`=08z<Q Tʁ
+]awm!ܭ~`0ޚH)SFb
+]bV ,6{"-ͺ=R7
+< =#u@EI3Qs Gnr@s.NH
+]v4kai.)<D*%@Y +7qYX*$\6q{Pޑykyvn1RTT {&ef ¹
+0+T M\dҖʶ.dxxwOEc)l{\=,8p!_tފ!$AJx>:m{RQؚThX<=#k+D CD
+[9- r A$ ÐLx `h^Jd&
+ W0#/q-XSV!@[s)+!etj !oٗv8@XD{P^/y3*v dsnSHAP%
endobj
1195 0 obj <<
/Type /Page
@@ -4501,31 +4475,33 @@ endobj
/D [1195 0 R /XYZ 56.6929 794.5015 null]
>> endobj
350 0 obj <<
-/D [1195 0 R /XYZ 56.6929 387.6589 null]
+/D [1195 0 R /XYZ 56.6929 293.8263 null]
>> endobj
1005 0 obj <<
-/D [1195 0 R /XYZ 56.6929 362.5676 null]
+/D [1195 0 R /XYZ 56.6929 268.1652 null]
>> endobj
1194 0 obj <<
/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F39 863 0 R /F48 885 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1200 0 obj <<
-/Length 3390
+/Length 3311
/Filter /FlateDecode
>>
stream
-x]sݿBog>Ir]34O,62鈔}.Hi:x\,bI1'f0eN3Å-.]@DO7oU6s̥2ݭzkYƭ7~׻D>OebR>;8yo__fz~wзWonn\]&eXȄ"_^r]wyWx.~ϖp/8SΚ3<p& m3Z\|[7N(ˌل
-͊6qX+qp;Tsf2:d(eov$ze9-iŅ"EJPPLe#K x`$7 ;FV)tj=;
-
-Kᶼa~l˺ѢraIM-]<OM)!=EFRٟ.p~܅Y1AXA uLkz92YWGV1hSێm.fWԞ޻|pʀO vi6p@*UN0VFI*|ec,]5 (]"߼mǖ"H*hf" SS<`.
-O'7
-0YhPD%Łs64 UO^9p Ҳ;`Sy%Rm9lKE"%ʍm Z?jN1GT:a0b_MTAτZe;^}Q\,Ŧ,vApdS tT kR8CȘUv>< K19Mj}nDda< ]$kWu! 6y9@[RkwTtOg L(t-Q`ZZt)=˛P6Hߵ9P=%tP9%㚘p9oVC:m4ˤuh컊]'eSa-'f[B';뺾D,Fj! &RbJX}5.r ȗǍRÂN}FM4-dhM[.FlO3QMp04JtY6d>FOI0@kQ<+(o hUo'J{Ga1a _# Iɸے]oˤj6'LFܧ:~rR~Vv)o1Ki6"ј <*ύ&/e&㮋aP?uKG ddX:J
-,'}%n&(ĖriyՀ
-XHHhD PUADuxU@1962q%
-V!׫ 99maºqzc0Btl[&TW kz^V(7AH{.iWѮkHqeHSbX2b)A%dl|[&]xzMq;!^g_@VM}_PCWd^_:re8AqC_fק:nv7;8B 8Y
-rSN tT LeY7z<)B4*@a(z,x]|'d*/b:1四XJ.i`,crT#(@FڍZa o]us>(</M\c[R#EC79u$~x;u㧺]ӱ|[v]f-!Z="+2T'9R xW
-NV3n{|}]MM31j))7>]:xR@6z{!…qJq]wCx; =l(:J?սp5VNɡEymF۪-/x?&wA6˨ޘTa?<~4N҂|ѯ" t) 
+x]sݿog E}ukg:iZ,6}.vA%]ӛv ĥ5q̜M"tu\>q}Fe.vL/潹lX+.fL"iI_E&M&}G#>ܾU'hU$|psk߿o_\?tBFrlYs?X8'/WڨhNj {oc3lDR(uz
+^
+]W =sz-6;7W?hs|)0Z`滏7?vR-ik YE[
+ㆩߟ* G)é(MLI,e N7AHoU|ҦiID(R5Tvsi}+ &t ''g1&g$d6eo:b
+_okp-,7$obn&K+r)bP',LMt0:
+X^ЗY9TzMFK*{S.)ʙ3W%6:;X't,`]\,gtYU{A&' F(0 EdWbHei~y
+\kR{8Z/8_A#['|QœOU xE^?wxHhʁjiݣ1lyV۬Eop|#&Q.]69{*eUB* aNLh9iԟHn_^盼aڗQ}AmOzcU@w 2NLb-;;u bf>YSbLXP!u:"ڄ^r gGRBjuenڨi!OkrzhȦ4CHlHπEG
+Ra(
+>iO-gJ~Df%AcBN?Lȧ|Di'Rd{g&e`oAp|EgXН։XH)J Qc`.էHdldfZ] 0]3dbXܶpSAPftWACT]5ӣU*
+H0l~kxؕzԠ_-mT y 'mf,=u18XoJAj;r.yS|h#%?Xf9}ay+r/ W6
+!(&ab>8 v>"<9M?#^X7YaL
+̦i2e$^?`.
+J~Ů K(^םx ҃_3~褘N k2jc'Q'乬G^dtx[ ,9 t)T/`|6aMIe)y=foK>/v2Ǻ] ӱpa(e5mf rjϚ[eb.;EϽ %Ƚ@ . D8tvpendstream
endobj
1199 0 obj <<
/Type /Page
@@ -4533,121 +4509,126 @@ endobj
/Resources 1198 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1182 0 R
-/Annots [ 1204 0 R ]
->> endobj
-1204 0 obj <<
-/Type /Annot
-/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [182.6146 117.0296 231.8861 129.0892]
-/Subtype /Link
-/A << /S /GoTo /D (notify) >>
>> endobj
1201 0 obj <<
/D [1199 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1202 0 obj <<
-/D [1199 0 R /XYZ 85.0394 720.9574 null]
+/D [1199 0 R /XYZ 85.0394 625.316 null]
>> endobj
1203 0 obj <<
-/D [1199 0 R /XYZ 85.0394 709.0022 null]
+/D [1199 0 R /XYZ 85.0394 613.3608 null]
>> endobj
1198 0 obj <<
-/Font << /F37 747 0 R /F23 682 0 R /F48 885 0 R /F21 658 0 R /F47 879 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F48 885 0 R /F47 879 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
-1207 0 obj <<
-/Length 3814
-/Filter /FlateDecode
->>
-stream
-xڭ]s6ݿBoGD,@$0&NΝssi@K E"oHi
-ϿÕ5z"FUUcHyެtr#Djk,6LL>
- jO*{@$rJinn*Z*gz1HdVtP6l|2 À p-t][<!(3&ΊQL]ɷ ɾ(KԂmZvKn3$z]9J=sup5"&B
-S)i0ۡV
-eAPgWR#U0갡T lKޅ12-++0
-떩/#FmQ=O1pBoc
-&$HiH#Q
-MZ2+A8"=rɲΓe]m܂>9a
-b^,盺.GQ@ R=F55Ņ?Rݥ94eNضX'Gɉ@Vzya;tX/98t,3@>OcY@hF$2=K+P>yS:Għ'.ljE] _q`c; hG EhJ
-f/R
-k>yJ E*9mZF<QiU:td t Xi CiL\HtJbƶs]jBP\}Zs9G@(s,anJC*!EAs7|KtR.N{*$Emٻ>|+z͌ V)-d`ͧJ$Z}F\`RȜ'Ƅ^&XڔCTza;l*wzM]MF;BP8RedO(錚MIޕٖCw#;`uVJhY_0
-0q{H[>}]Х ܋P7>X&s S/S*@~WS JN,z%SlKhU
-+K_'1qeQ:^qo7po)MUӶcSz
-vj8M4++p&rG5b#1xw)u)?DDMީՑ`b
-L80zʂEnZny;:uRmSȕD
-endobj
1206 0 obj <<
+/Length 3763
+/Filter /FlateDecode
+>>
+stream
+xڭ]s6ݿBog"$0&N7qz(TE*.Hi'3&,v~3LQl%VEq=6Wlc?\q@>Wo?df#x23?HD׀xÏ5|w?Z?ܿ_74{}KHo>ܽW7ZLB~W6[²q"i=qkls2W_!썺SSDZx*2@Z<J8D(BvR|J
+\mz9^Q GHޮۏ 9N,`G!6#͵00u~|1hh;pɛ&}n$]s3j+@+D`wuݾ]׻M[YB9[pYc|UD&:dk@o:RD%Q$L5{/2Ƌ|}ɳ+ )mH3: <!pbUlNFoØm V[ppwQM/ qk؝@j]6\*i[:[D*
+%p]˜p,aOu4wt 5݄r[yZnM>~t?Do!XXmDZ6` 6ڟzz8}md$8H`*:JTE 3_N0Vz}tD hQu27`x,.o㆒ t*3wllzf.2 <ʂQVFh !)uU; dtA6RߝJk`1;1ԮI :NQr
+jjR@Z5ώ26his4:o"NiaLy{B{Y;a8{~BI |#<ǠErN؝{9
+ ~t
+CIz΅biIK{Di $z\*滴%" j$'A㋐Xc˺6>0ąS=AWyO~+)li FL CvA;#LHf6x$<O?8ߐ[C!Ykf$20336ȟ,"tQAvvt_/Ԣ 0enjZց]'>kܐ<W7Aj30ڂVX ||`MTetI
+wf/4.
+3L$҉[e$^ۭ v#fjXϬ$wCV9
+*9SREՑ9˵d(6dK뫠в}W1dzƚY_n$Bl!m^jN 芌S$*$Bt8
+iP`/rrd 6vlԘJ6: @.١N}M][$JGyꝖKȯ˲ {?C@hN,Iya_zPg%@yfqD֌<A2AMp0tZ:2pȞb84{C{25겤Aª]>³'?JY фqa$asWh6 8끷
+>oጅCcHurd,zE;> ܀<~Iwd" ծl5pJGbK)0Jh57]C'4ê9FC2S-3DKHY%5
+D8P\7[9m|1RG@(s< T9I0p۞H@ o"뾽]wqT`"H%EH)'A
+Q}_H6'@]`dm2< 6TX% ;Cۇ:mh;:И˜|H\Lu>lw}]}UfazOj7wY4#*;p86݁&tG
+ ৻OHm ^)E![k@GDdQAIh:[<Jj.
+䅓}۽c'ktEquPcG~G CWH0*tPxc;ol吢53MiC}t4=LxAcHĻouAWG&<>u^
+)<mDihi6~#,>gctREZ0=d?}h?ߓ*FA=2 }\Z
+w/*S^} 邯$@wwuK_q;th<P<oXc[KhP_M=J8YKЧHt$.}W¿hNm>J,3J_p<rJS⩪i[ʁq.\P
+endobj
+1205 0 obj <<
/Type /Page
-/Contents 1207 0 R
-/Resources 1205 0 R
+/Contents 1206 0 R
+/Resources 1204 0 R
/MediaBox [0 0 595.2756 841.8898]
/Parent 1182 0 R
-/Annots [ 1209 0 R 1210 0 R 1211 0 R 1212 0 R 1213 0 R ]
+/Annots [ 1208 0 R 1209 0 R 1210 0 R 1211 0 R 1212 0 R 1213 0 R ]
+>> endobj
+1208 0 obj <<
+/Type /Annot
+/Border[0 0 0]/H/I/C[1 0 0]
+/Rect [154.2681 743.8714 203.5396 755.9311]
+/Subtype /Link
+/A << /S /GoTo /D (notify) >>
>> endobj
1209 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [80.6033 407.9328 154.2566 417.1482]
+/Rect [80.6033 320.3921 154.2566 329.6075]
/Subtype /Link
/A << /S /GoTo /D (statsfile) >>
>> endobj
1210 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [265.4578 363.0047 326.6578 375.0643]
+/Rect [265.4578 275.0376 326.6578 287.0973]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
1211 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [367.5441 363.0047 416.2908 375.0643]
+/Rect [367.5441 275.0376 416.2908 287.0973]
/Subtype /Link
/A << /S /GoTo /D (incremental_zone_transfers) >>
>> endobj
1212 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [280.9692 332.6817 342.1692 344.7414]
+/Rect [280.9692 244.2883 342.1692 256.348]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
1213 0 obj <<
/Type /Annot
/Border[0 0 0]/H/I/C[1 0 0]
-/Rect [277.6219 302.3588 338.8219 314.4184]
+/Rect [277.6219 213.539 338.8219 225.5987]
/Subtype /Link
/A << /S /GoTo /D (server_statement_definition_and_usage) >>
>> endobj
-1208 0 obj <<
-/D [1206 0 R /XYZ 56.6929 794.5015 null]
+1207 0 obj <<
+/D [1205 0 R /XYZ 56.6929 794.5015 null]
>> endobj
-1205 0 obj <<
-/Font << /F37 747 0 R /F23 682 0 R /F21 658 0 R /F48 885 0 R /F62 995 0 R /F47 879 0 R /F14 685 0 R /F39 863 0 R >>
+1204 0 obj <<
+/Font << /F37 747 0 R /F21 658 0 R /F23 682 0 R /F48 885 0 R /F62 995 0 R /F47 879 0 R /F14 685 0 R >>
/XObject << /Im2 984 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1217 0 obj <<
-/Length 3673
-/Filter /FlateDecode
->>
-stream
-xڭr6m!uL<YS9$9dqM
-8_HJ&Fh4 4uiat]O0U8Kc}p;\g"e| Mo|RF"7(ݽ }>Ix70B/y3tK>7oxe|0Px?~#^ñ
-
-%$^Pyl݆{*6,3@3%XLn"*. rlܒ`^F (ګ )E%ɔXYSBCTxB̬ٙ͟0_NEm妩wUm0tW]V`HeSChˠQoF&uTH15+&2cG"K4VȺߣE$/:l~ bZ"hgXFV1V)!*xe O\ X3lɕ[NKZdO,
-#
-D,d<Dm?/anT}'E<PdP^= ٛp95ѱ΅i1M{Zb:n=thUjͷlnȘcw)u?^3zc&/8JꚷeM+1cVl띙;TݡI
-gRuԷ8lj Wj%dq_T+sTNHK|
-yHRaDS2}bGĘbje~&<
-9Tw2r3g+'k4WȲ- M+;6b9>m^=^b]ukỆl|H415?><il,3|!%b r.LnMG)4 Q~ׯ+B#AUM4[f~aZX1Դ/ja>Mex@ ,rK&~+T ٙ]m6hwnhg_ 2
-}aUZav %K4 p_4
-WsB[Y#HUG-8}U(W0ճ:1L՚5,h1׈vf(\zqRBeq<3fd^|GD&9XnG,USSr-q&D-RBBoz_DdC] DNvDDD,E&cK8i/8?-X=)1w0 gaHr0<: {,ˁIizyw5]-qsbIVa^B*z{A YɫeO鎒4*|Qȼ )ت|sјʲ"
-oT9ҡ!ĖE״RWJM9m ڔgm
-]RƤY#2( (\lrX&0SJHP. yB&`V.~9,+Hӊ&
- kfQ#:HV ou=؎l@@{Ihrל?fQ ~ŋoJSV`9~dk2/STMn8ZPkKk8s0|˗K^܆2GBIv5C:SS"K1lN̢T-ם񮶔g'jtDW(wвfWbط/REMM" ~>HY { '!Mąӄ. K6u4C.f20:!䍥
-v 1Qj#W0QؙeG9߹I+,PGG!/킌a:u/}Y#2wYWRp R_Ў Csg_]E m=ӿ"Kd1aH Tƿ~K4±Fׁ&ZZ]:G^Z{,İN!N9:lP;UpƢ&\(jY5~ƿTVGog'/Nאb7;WSlu
- 1ðDendstream
+/Length 3807
+/Filter /FlateDecode
+>>
+stream
+xڥ]s6ݿoGT<N/6%f>eBHq} )j?X,b!uI<8L"\=}gVSoo/dy:NֲadۛW+DA^4
+};yo*7?e7o޾Z)(eg&~ O~֟ez^<]n?\Dmr(Ty/qb$6A NFiclL"heaj`[.7p<6gЦ nWm+<P =V}W%6e',>ouޕ8I7 úv/]ntnZ rXR*̓DyfSvձoV&2A7w8C4lBg
+﷔# MKp(ű.Ťip]w-C*maH,h:1[8(rwV#^jQc_9!ǪXw(<
+mU  .?ʦ!32tPKз|Q][ӥ
+lHuzE(♞Yt:nm+OHvںvm#)`iƄ3)۶m(DkPx0ELPjPN7psZ X1 R+Mx8̭23:@EUIo~te4p_M{uM܎!JEj:O%ߢ$ |(?+V^GΔP3_!|=g`(5V]T1 0|O dSX5A+@}jF`\N(2O7iڞ##S"
+L^Pelx(Iuah:x,ñ"&6z 나[ ل}z d>Yd^͹8jO"
+u{/űX:{~}$K^bFlC%~=XA *U:k&@㌉N E ӑn 5n9VX5ب$̳=du5)r4PP\-Xq1ưD ŜlbjrPSB8TC'@H13FF&7n%ZB]D(JisIc=BƋKH, 9NSšxD~Pҁ
+
+&AVgKL!,6JV⒏вSw.Kdfc7?~.d8>si=Lr "Ȫ7jp{13 6gB{JS{';?RO,O3=HdxVxx7X/Rau6YMJl~[áܬ08MҠ(LmHG:b$ BD3%͖1h)ƉSudan$4r
+m@o=rH
+xH
+@jm>D
+Kx]ɶ$TH]8*q<#LZ7 X9
+bB@ w̆ЙP/:ьNW%nB f tQ))ec{-ϟO)knxYh2w[p4\DY,8â8K`#ѭ$DZlrLXРj$Q"=8kן(
+]h&4 gNr`[5ۋuGsςp<n2.v8Bưy֙T& =o\}fξpSm2P?3y
+uHG:'ff83b~|ft׼h
+ĩٰ%b6G"
+")厽g7pyLXʟ=SS=a=ʕPd6kݻ^tkWÅz_N<snCȭ]Xy&d_NRCjq1t:̽\PG,rlRN]>wg.P?'jzjfʹ.D
+"R&*ʿd:u'9Uh$[{s&-T|TJFʦr<z>XāȇY}yw͆iRK8;(1Аs@g'P|Cztnif>owA#<CLNu_*[z֖~f :R(o[ͨ}O*\ʺ,wܳdd[n°\D# ?쀅OknՌLa<n‘Vy8:9 qJֺp`(d־P'7(QaA~M^/ERр4Zr`y_c-?;j˲97߽z
+t᳆.lOH~%_'`5۶/*ՎܱLNJ0Ƨc~Mŝ ٷw*2p~+NLK>&>EJ01n҅7|,4>()Ǯ"endstream
endobj
1216 0 obj <<
/Type /Page
@@ -4660,29 +4641,34 @@ endobj
/D [1216 0 R /XYZ 85.0394 794.5015 null]
>> endobj
1215 0 obj <<
-/Font << /F37 747 0 R /F39 863 0 R /F23 682 0 R /F21 658 0 R /F48 885 0 R >>
+/Font << /F37 747 0 R /F23 682 0 R /F39 863 0 R /F21 658 0 R /F48 885 0 R >>
/ProcSet [ /PDF /Text ]
>> endobj
1222 0 obj <<
-/Length 3453
-/Filter /FlateDecode
->>
-stream
-xZYs#7~Uã/>*3Y'Wv$meu[v_