From 8aae2264818e1511fa30c3ef5c3dc7669e347d3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?= Date: Mon, 23 Jun 2008 23:59:28 +0000 Subject: [PATCH 001/135] give a new change number to query port randomization --- CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 4431c6c050..c762e6d8f1 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2384. [security] Fully randomize UDP query ports to improve + forgery resilience. [RT #17949, #18098] + 2383. [bug] named could double queries when they resulted in SERVFAIL due to overkilling EDNS0 failure detection. [RT #18182] @@ -24,8 +27,7 @@ 2376. [bug] Change #2144 was not complete. -2375. [security] Fully randomize UDP query ports to improve - forgery resilience. [RT #17949, #18098] +2375. [placeholder] 2374. [bug] "blackhole" ACLs could cause named to segfault due to some uninitialized memory. [RT #18095] From 984c2e9f76e66e86f7d9aca99a774836ddf196ea Mon Sep 17 00:00:00 2001 From: Automatic Updater Date: Tue, 24 Jun 2008 01:12:04 +0000 Subject: [PATCH 002/135] regen --- doc/arm/Bv9ARM.ch06.html | 318 ++++++++++++++++++--------- doc/arm/Bv9ARM.ch07.html | 14 +- doc/arm/Bv9ARM.ch08.html | 18 +- doc/arm/Bv9ARM.ch09.html | 180 +++++++-------- doc/arm/Bv9ARM.html | 70 +++--- doc/arm/man.dig.html | 20 +- doc/arm/man.dnssec-keyfromlabel.html | 12 +- doc/arm/man.dnssec-keygen.html | 14 +- doc/arm/man.dnssec-signzone.html | 12 +- doc/arm/man.host.html | 10 +- doc/arm/man.named-checkconf.html | 12 +- doc/arm/man.named-checkzone.html | 12 +- doc/arm/man.named.html | 16 +- doc/arm/man.nsupdate.html | 14 +- doc/arm/man.rndc-confgen.html | 12 +- doc/arm/man.rndc.conf.html | 12 +- doc/arm/man.rndc.html | 12 +- doc/misc/options | 18 +- 18 files changed, 448 insertions(+), 328 deletions(-) diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html index 0047be14a0..585a0942f4 100644 --- a/doc/arm/Bv9ARM.ch06.html +++ b/doc/arm/Bv9ARM.ch06.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> - + @@ -48,55 +48,55 @@
Configuration File Elements
Address Match Lists
-
Comment Syntax
+
Comment Syntax
Configuration File Grammar
-
acl Statement Grammar
+
acl Statement Grammar
acl Statement Definition and Usage
-
controls Statement Grammar
+
controls Statement Grammar
controls Statement Definition and Usage
-
include Statement Grammar
-
include Statement Definition and +
include Statement Grammar
+
include Statement Definition and Usage
-
key Statement Grammar
-
key Statement Definition and Usage
-
logging Statement Grammar
-
logging Statement Definition and +
key Statement Grammar
+
key Statement Definition and Usage
+
logging Statement Grammar
+
logging Statement Definition and Usage
-
lwres Statement Grammar
-
lwres Statement Definition and Usage
-
masters Statement Grammar
-
masters Statement Definition and +
lwres Statement Grammar
+
lwres Statement Definition and Usage
+
masters Statement Grammar
+
masters Statement Definition and Usage
-
options Statement Grammar
+
options Statement Grammar
options Statement Definition and Usage
statistics-channels Statement Grammar
-
statistics-channels Statement Definition and +
statistics-channels Statement Definition and Usage
server Statement Grammar
server Statement Definition and Usage
-
trusted-keys Statement Grammar
-
trusted-keys Statement Definition +
trusted-keys Statement Grammar
+
trusted-keys Statement Definition and Usage
view Statement Grammar
-
view Statement Definition and Usage
+
view Statement Definition and Usage
zone Statement Grammar
-
zone Statement Definition and Usage
+
zone Statement Definition and Usage
-
Zone File
+
Zone File
Types of Resource Records and When to Use Them
-
Discussion of MX Records
+
Discussion of MX Records
Setting TTLs
-
Inverse Mapping in IPv4
-
Other Zone File Directives
-
BIND Master File Extension: the $GENERATE Directive
+
Inverse Mapping in IPv4
+
Other Zone File Directives
+
BIND Master File Extension: the $GENERATE Directive
Additional File Formats
BIND9 Statistics
@@ -359,6 +359,33 @@ + +

+ port_list +

+ + +

+ A list of an ip_port or a port + range. + A port range is specified in the form of + range followed by + two ip_ports, + port_low and + port_high, which represents + port numbers from port_low through + port_high, inclusive. + port_low must not be larger than + port_high. + For example, + range 1024 65535 represents + ports from 1024 through 65535. + In either case an asterisk (`*') character is not + allowed as a valid ip_port. +

+ + +

size_spec @@ -434,7 +461,7 @@ Address Match Lists

-Syntax

+Syntax
address_match_list = address_match_list_element ;
   [ address_match_list_element; ... ]
 address_match_list_element = [ ! ] (ip_address [/length] |
@@ -443,7 +470,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Address match lists are primarily used to determine access
             control for various server operations. They are also used in
@@ -527,7 +554,7 @@
 
 

 

-Comment Syntax

+Comment Syntax

 

           The BIND 9 comment syntax allows for
           comments to appear
@@ -537,7 +564,7 @@
         

 

 

-Syntax

+Syntax

 

             

 
/* This is a BIND comment as in C */

@@ -552,7 +579,7 @@
 
 

 

-Definition and Usage

+Definition and Usage

 

             Comments may appear anywhere that whitespace may appear in
             a BIND configuration file.
@@ -797,7 +824,7 @@
       

 

 

-acl Statement Grammar

+acl Statement Grammar

 
acl acl-name {
     address_match_list
 };
@@ -879,7 +906,7 @@
 
 

 

-controls Statement Grammar

+controls Statement Grammar

 
controls {
    [ inet ( ip_addr | * ) [ port ip_port ] allow {  address_match_list  }
                 keys { key_list }; ]
@@ -1001,12 +1028,12 @@
 
 

 

-include Statement Grammar

+include Statement Grammar

 
include filename;

 
 

 

-include Statement Definition and
+include Statement Definition and
           Usage

 

           The include statement inserts the
@@ -1021,7 +1048,7 @@
 

 

 

-key Statement Grammar

+key Statement Grammar

 
key key_id {
     algorithm string;
     secret string;
@@ -1030,7 +1057,7 @@
 
 

 

-key Statement Definition and Usage

+key Statement Definition and Usage

 

           The key statement defines a shared
           secret key for use with TSIG (see the section called “TSIG”)
@@ -1077,7 +1104,7 @@
 
 

 

-logging Statement Grammar

+logging Statement Grammar

 
logging {
    [ channel channel_name {
      ( file path name
@@ -1101,7 +1128,7 @@
 
 

 

-logging Statement Definition and
+logging Statement Definition and
           Usage

 

           The logging statement configures a
@@ -1135,7 +1162,7 @@
         

 

 

-The channel Phrase

+The channel Phrase

 

             All log output goes to one or more channels;
             you can make as many of them as you want.
@@ -1691,7 +1718,7 @@ category notify { null; };
 
 

 

-lwres Statement Grammar

+lwres Statement Grammar

 

            This is the grammar of the lwres
           statement in the named.conf file:
@@ -1706,7 +1733,7 @@ category notify { null; };
 
 

 

-lwres Statement Definition and Usage

+lwres Statement Definition and Usage

 

           The lwres statement configures the
           name
@@ -1757,14 +1784,14 @@ category notify { null; };
 
 

 

-masters Statement Grammar

+masters Statement Grammar

 
 masters name [port ip_port] { ( masters_list | ip_addr [port ip_port] [key key] ) ; [...] };
 

 
 

 

-masters Statement Definition and
+masters Statement Definition and
           Usage

 
masters
           lists allow for a common set of masters to be easily used by
@@ -1773,7 +1800,7 @@ category notify { null; };
 

 

 

-options Statement Grammar

+options Statement Grammar

 

           This is the grammar of the options
           statement in the named.conf file:
@@ -1845,7 +1872,9 @@ category notify { null; };
     [ try-tcp-refresh yes_or_no; ]
     [ allow-v6-synthesis { address_match_list }; ]
     [ blackhole { address_match_list }; ]
+    [ use-v4-udp-ports { port_list }; ]
     [ avoid-v4-udp-ports { port_list }; ]
+    [ use-v6-udp-ports { port_list }; ]
     [ avoid-v6-udp-ports { port_list }; ]
     [ listen-on [ port ip_port ] { address_match_list }; ]
     [ listen-on-v6 [ port ip_port ] { address_match_list }; ]
@@ -2892,7 +2921,7 @@ options {
 
 

 

-Forwarding

+Forwarding

 

             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -2936,7 +2965,7 @@ options {
 
 

 

-Dual-stack Servers

+Dual-stack Servers

 

             Dual-stack servers are used as servers of last resort to work
             around
@@ -3132,7 +3161,7 @@ options {
 
 

 

-Interfaces

+Interfaces

 

             The interfaces and ports that the server will answer queries
             from may be specified using the listen-on option. listen-on takes
@@ -3223,38 +3252,99 @@ listen-on-v6 port 1234 { !2001:db8::/32; any; };
             If address is * (asterisk) or is omitted,
             a wildcard IP address (INADDR_ANY)
             will be used.
+          

+

             If port is * or is omitted,
-            a pool of random unprivileged ports will be used.  See the
-            use-queryport-pool,
-            queryport-pool-ports and
-            queryport-pool-updateinterval options below for how the pool
-            is configured.
-            The avoid-v4-udp-ports
-            and avoid-v6-udp-ports options can be used
-            to prevent named
-            from selecting certain ports.
-            The defaults are:
+            a random port number from a pre-configured
+            range is picked up and will be used for each query.
+            The port range(s) is that specified in
+            the use-v4-udp-ports (for IPv4)
+            and use-v6-udp-ports (for IPv6)
+            options, excluding the ranges specified in
+            the avoid-v4-udp-ports
+            and avoid-v6-udp-ports options, respectively.
+          

+

+            The defaults of the query-source and
+            query-source-v6 options
+            are:
           

 
query-source address * port *;
 query-source-v6 address * port *;
 

+

+            If use-v4-udp-ports or
+            use-v6-udp-ports is unspecified,
+            named will check if the operating
+            system provides a programming interface to retrieve the
+            system's default range for ephemeral ports.
+            If such an interface is available,
+            named will use the corresponding system
+            default range; otherwise, it will use its own defaults:
+         

+
use-v4-udp-ports { range 1024 65535; };
+use-v6-udp-ports { range 1024 65535; };
+

+

+            Note: make sure the ranges be sufficiently large for
+            security.  A desirable size depends on various parameters,
+            but we generally recommend it contain at least 16384 ports
+            (14 bits of entropy).
+            Note also that the system's default range when used may be
+            too small for this purpose, and that the range may even be
+            changed while named is running; the new
+            range will automatically be applied when named
+            is reloaded.
+            It is encouraged to
+            configure use-v4-udp-ports and
+            use-v6-udp-ports explicitly so that the
+            ranges are sufficiently large and are reasonably
+            independent from the ranges used by other applications.
+          

+

+            Note: the operational configuration
+            where named runs may prohibit the use
+            of some ports.  For example, UNIX systems will not allow
+            named running without a root privilege
+            to use ports less than 1024.
+            If such ports are included in the specified (or detected)
+            set of query ports, the corresponding query attempts will
+            fail, resulting in resolution failures or delay.
+            It is therefore important to configure the set of ports
+            that can be safely used in the expected operational environment.
+          

+

+            The defaults of the avoid-v4-udp-ports and
+            avoid-v6-udp-ports options
+            are:
+          

+
avoid-v4-udp-ports {};
+avoid-v6-udp-ports {};
+

+

+            Note: BIND 9.5.0 introduced
+            the use-queryport-pool 
+            option to support a pool of such random ports, but this
+            option is now obsolete because reusing the same ports in
+            the pool may not be sufficiently secure.
+            For the same reason, it is generally strongly discouraged to
+            specify a particular port for the
+            query-source or
+            query-source-v6 options;
+            it implicitly disables the use of randomized port numbers.
+          

 

 
use-queryport-pool

 

-                  Enable the use of query port pools.  By default query port
-                  pools are enabled unless there is a explicit port defined
-                  in query-source or
-                  query-source-v6.
+                  This option is obsolete.
                 

 
queryport-pool-ports

 

-                  Specify how many pool ports to use.  The default is 8.
+                  This option is obsolete.
                 

 
queryport-pool-updateinterval

 

-                  Specify how often, in minutes, that the queryport pool
-                  should be recreated (new ports selected).  The default
-                  is 15 minutes.
+                  This option is obsolete.
                 

 

 

@@ -3518,21 +3608,49 @@ query-source-v6 address * port *;
 

 

 

-Bad UDP Port Lists

-
avoid-v4-udp-ports
-            and avoid-v6-udp-ports specify a list
-            of IPv4 and IPv6 UDP ports that will not be used as system
-            assigned source ports for UDP sockets.  These lists
-            prevent named from choosing as its random source port a
-            port that is blocked by your firewall.  If a query went
-            out with such a source port, the answer would not get by
-            the firewall and the name server would have to query
-            again.
+UDP Port Lists

+

+            use-v4-udp-ports,
+            avoid-v4-udp-ports,
+            use-v6-udp-ports, and
+            avoid-v6-udp-ports
+            specify a list of IPv4 and IPv6 UDP ports that will be
+            used or not used as source ports for UDP messages.
+            See the section called “Query Address” about how the
+            available ports are determined.
+            For example, with the following configuration
           

+
+use-v6-udp-ports { range 32768 65535; };
+avoid-v6-udp-ports { 40000; range 50000 60000; };
+

+

+             UDP ports of IPv6 messages sent
+             from named will be in one
+             of the following ranges: 32768 to 39999, 40001 to 49999,
+             and 60001 to 65535.
+           

+

+             avoid-v4-udp-ports and
+             avoid-v6-udp-ports can be used
+             to prevent named from choosing as its random source port a
+             port that is blocked by your firewall or a port that is
+             used by other applications;
+             if a query went out with a source port blocked by a
+             firewall, the
+             answer would not get by the firewall and the name server would
+             have to query again.
+             Note: the desired range can also be represented only with
+             use-v4-udp-ports and
+             use-v6-udp-ports, and the
+             avoid- options are redundant in that
+             sense; they are provided for backward compatibility and
+             to possibly simplify the port specification.
+           

 
 

 

-Operating System Resource Limits

+Operating System Resource Limits

 

             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -3591,7 +3709,7 @@ query-source-v6 address * port *;
 
 

 

-Server  Resource Limits

+Server  Resource Limits

 

             The following options set limits on the server's
             resource consumption that are enforced internally by the
@@ -3667,7 +3785,7 @@ query-source-v6 address * port *;
 
 

 

-Periodic Task Intervals

+Periodic Task Intervals

 

 
cleaning-interval

 

@@ -4462,7 +4580,7 @@ query-source-v6 address * port *;
 

 

 

-statistics-channels Statement Definition and
+statistics-channels Statement Definition and
             Usage

 

           The statistics-channels statement
@@ -4707,7 +4825,7 @@ query-source-v6 address * port *;
 

 

 

-trusted-keys Statement Grammar

+trusted-keys Statement Grammar

 
trusted-keys {
     string number number number string ;
     [ string number number number string ; [...]]
@@ -4716,7 +4834,7 @@ query-source-v6 address * port *;
 
 

 

-trusted-keys Statement Definition
+trusted-keys Statement Definition
             and Usage

 

             The trusted-keys statement defines
@@ -4762,7 +4880,7 @@ query-source-v6 address * port *;
 

 

 

-view Statement Definition and Usage

+view Statement Definition and Usage

 

             The view statement is a powerful
             feature
@@ -5025,10 +5143,10 @@ zone zone_name [
 

 

-zone Statement Definition and Usage

+zone Statement Definition and Usage

 

 

-Zone Types

+Zone Types

 
@@ -5237,7 +5355,7 @@ zone zone_name [
 

 

-Class

+Class

 

               The zone's name may optionally be followed by a class. If
               a class is not specified, class IN (for Internet),
@@ -5259,7 +5377,7 @@ zone zone_name [
 

 

-Zone Options

+Zone Options

 

 
allow-notify

 

@@ -5831,7 +5949,7 @@ zone zone_name [
 

 

-Zone File

+Zone File

 

 

 Types of Resource Records and When to Use Them

@@ -5844,7 +5962,7 @@ zone zone_name [
 

 

-Resource Records

+Resource Records

 

               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -6547,7 +6665,7 @@ zone zone_name [
 

 

-Textual expression of RRs

+Textual expression of RRs

 

               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -6750,7 +6868,7 @@ zone zone_name [
 

 

-Discussion of MX Records

+Discussion of MX Records

 

             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -7008,7 +7126,7 @@ zone zone_name [
 

 

-Inverse Mapping in IPv4

+Inverse Mapping in IPv4

 

             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the in-addr.arpa domain
@@ -7069,7 +7187,7 @@ zone zone_name [
 

 

-Other Zone File Directives

+Other Zone File Directives

 

             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -7084,7 +7202,7 @@ zone zone_name [
 

 

-The $ORIGIN Directive

+The $ORIGIN Directive

 

               Syntax: $ORIGIN
               domain-name
@@ -7112,7 +7230,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $INCLUDE Directive

+The $INCLUDE Directive

 

               Syntax: $INCLUDE
               filename
@@ -7148,7 +7266,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-The $TTL Directive

+The $TTL Directive

 

               Syntax: $TTL
               default-ttl
@@ -7167,7 +7285,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 
 

 

-BIND Master File Extension: the  $GENERATE Directive

+BIND Master File Extension: the  $GENERATE Directive

 

             Syntax: $GENERATE
             range
@@ -7548,7 +7666,7 @@ $GENERATE 1-127 $ CNAME $.0
           

 

 

-Name Server Statistics Counters

+Name Server Statistics Counters

 

 
 

@@ -8089,7 +8207,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Zone Maintenance Statistics Counters

+Zone Maintenance Statistics Counters

 
 

 
 
 
@@ -8243,7 +8361,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Resolver Statistics Counters

+Resolver Statistics Counters

 
 

 
 
 
@@ -8549,7 +8667,7 @@ $GENERATE 1-127 $ CNAME $.0

 

-Compatibility with BIND 8 Counters

+Compatibility with BIND 8 Counters

               Most statistics counters that were available
               in BIND 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 568151b5ea..e9019a87e9 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -46,10 +46,10 @@
 
Table of Contents

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

@@ -119,7 +119,7 @@ zone "example.com" {
 

 

-Chroot and Setuid
+Chroot and Setuid
 

 

           On UNIX servers, it is possible to run BIND in a chrooted environment
@@ -143,7 +143,7 @@ zone "example.com" {
         

 

 

-The chroot Environment

+The chroot Environment

             In order for a chroot environment
             to
@@ -171,7 +171,7 @@ zone "example.com" {
 
 

 

-Using the setuid Function

+Using the setuid Function

             Prior to running the named daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 9d6c9a1559..3643906577 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,18 +45,18 @@
 

 
Table of Contents

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 

 

-Common Problems

+Common Problems

 

-It's not working; how can I figure out what's wrong?

+It's not working; how can I figure out what's wrong?

             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 
 

 

-Incrementing and Changing the Serial Number

+Incrementing and Changing the Serial Number

           Zone serial numbers are just numbers — they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 
 

 

-Where Can I Get Help?

+Where Can I Get Help?

           The Internet Systems Consortium
           (ISC) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 78a54b5425..81ce284d74 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -45,21 +45,21 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 

 

-Acknowledgments

+Acknowledgments

 

 A Brief History of the DNS and BIND
@@ -164,7 +164,7 @@
 

 

 

-General DNS Reference Information

+General DNS Reference Information

 

 

 IPv6 addresses (AAAA)

@@ -252,17 +252,17 @@
           

 

 

-Bibliography

+Bibliography

 
Standards

 

-
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

+
[RFC974] C. Partridge. Mail Routing and the Domain System. January 1986. 

 

 

-
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

+
[RFC1034] P.V. Mockapetris. Domain Names — Concepts and Facilities. November 1987. 

 

 

-
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
+
[RFC1035] P. V. Mockapetris. Domain Names — Implementation and
                   Specification. November 1987. 

 

 

@@ -270,42 +270,42 @@
 

 Proposed Standards

 

-
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
+
[RFC2181] R., R. Bush Elz. Clarifications to the DNS
                   Specification. July 1997. 

 

 

-
[RFC2308] M. Andrews. Negative Caching of DNS
+
[RFC2308] M. Andrews. Negative Caching of DNS
                   Queries. March 1998. 

 

 

-
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

+
[RFC1995] M. Ohta. Incremental Zone Transfer in DNS. August 1996. 

 

 

-
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

+
[RFC1996] P. Vixie. A Mechanism for Prompt Notification of Zone Changes. August 1996. 

 

 

-
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

+
[RFC2136] P. Vixie, S. Thomson, Y. Rekhter, and J. Bound. Dynamic Updates in the Domain Name System. April 1997. 

 

 

-
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

+
[RFC2671] P. Vixie. Extension Mechanisms for DNS (EDNS0). August 1997. 

 

 

-
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

+
[RFC2672] M. Crawford. Non-Terminal DNS Name Redirection. August 1999. 

 

 

-
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

+
[RFC2845] P. Vixie, O. Gudmundsson, D. Eastlake, 3rd, and B. Wellington. Secret Key Transaction Authentication for DNS (TSIG). May 2000. 

 

 

-
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

+
[RFC2930] D. Eastlake, 3rd. Secret Key Establishment for DNS (TKEY RR). September 2000. 

 

 

-
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

+
[RFC2931] D. Eastlake, 3rd. DNS Request and Transaction Signatures (SIG(0)s). September 2000. 

 

 

-
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

+
[RFC3007] B. Wellington. Secure Domain Name System (DNS) Dynamic Update. November 2000. 

 

 

-
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
+
[RFC3645] S. Kwan, P. Garg, J. Gilroy, L. Esibov, J. Westhead, and R. Hall. Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG). October 2003. 

 

@@ -314,19 +314,19 @@
 

 DNS Security Proposed Standards

 

-
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

+
[RFC3225] D. Conrad. Indicating Resolver Support of DNSSEC. December 2001. 

 

 

-
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

+
[RFC3833] D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS). August 2004. 

 

 

-
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

+
[RFC4033] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements. March 2005. 

 

 

-
[RFC4044] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

+
[RFC4044] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions. March 2005. 

 

 

-
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
+
[RFC4035] R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS
                        Security Extensions. March 2005. 

 

 
@@ -334,146 +334,146 @@
 
Other Important RFCs About DNS
                 Implementation

 

-
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
+
[RFC1535] E. Gavron. A Security Problem and Proposed Correction With Widely
                   Deployed DNS Software.. October 1993. 

 

 

-
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
+
[RFC1536] A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller. Common DNS Implementation
                   Errors and Suggested Fixes. October 1993. 

 

 

-
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

+
[RFC1982] R. Elz and R. Bush. Serial Number Arithmetic. August 1996. 

 

 

-
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
+
[RFC4074] Y. Morishita and T. Jinmei. Common Misbehaviour Against DNS
                 Queries for IPv6 Addresses. May 2005. 

 

 
 

 
Resource Record Types

 

-
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

+
[RFC1183] C.F. Everhart, L. A. Mamakos, R. Ullmann, and P. Mockapetris. New DNS RR Definitions. October 1990. 

 

 

-
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

+
[RFC1706] B. Manning and R. Colella. DNS NSAP Resource Records. October 1994. 

 

 

-
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
+
[RFC2168] R. Daniel and M. Mealling. Resolution of Uniform Resource Identifiers using
                   the Domain Name System. June 1997. 

 

 

-
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
+
[RFC1876] C. Davis, P. Vixie, T., and I. Dickinson. A Means for Expressing Location Information in the
                   Domain
                   Name System. January 1996. 

 

 

-
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
+
[RFC2052] A. Gulbrandsen and P. Vixie. A DNS RR for Specifying the
                   Location of
                   Services.. October 1996. 

 

 

-
[RFC2163] A. Allocchio. Using the Internet DNS to
+
[RFC2163] A. Allocchio. Using the Internet DNS to
                   Distribute MIXER
                   Conformant Global Address Mapping. January 1998. 

 

 

-
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

+
[RFC2230] R. Atkinson. Key Exchange Delegation Record for the DNS. October 1997. 

 

 

-
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2536] D. Eastlake, 3rd. DSA KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

+
[RFC2537] D. Eastlake, 3rd. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

+
[RFC2538] D. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

+
[RFC2539] D. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS). March 1999. 

 

 

-
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

+
[RFC2540] D. Eastlake, 3rd. Detached Domain Name System (DNS) Information. March 1999. 

 

 

-
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

+
[RFC2782] A. Gulbrandsen. P. Vixie. L. Esibov. A DNS RR for specifying the location of services (DNS SRV). February 2000. 

 

 

-
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

+
[RFC2915] M. Mealling. R. Daniel. The Naming Authority Pointer (NAPTR) DNS Resource Record. September 2000. 

 

 

-
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

+
[RFC3110] D. Eastlake, 3rd. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS). May 2001. 

 

 

-
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

+
[RFC3123] P. Koch. A DNS RR Type for Lists of Address Prefixes (APL RR). June 2001. 

 

 

-
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
+
[RFC3596] S. Thomson, C. Huitema, V. Ksinant, and M. Souissi. DNS Extensions to support IP
                   version 6. October 2003. 

 

 

-
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

+
[RFC3597] A. Gustafsson. Handling of Unknown DNS Resource Record (RR) Types. September 2003. 

 

 

 

 

 DNS and the Internet

 

-
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
+
[RFC1101] P. V. Mockapetris. DNS Encoding of Network Names
                   and Other Types. April 1989. 

 

 

-
[RFC1123] Braden. Requirements for Internet Hosts - Application and
+
[RFC1123] Braden. Requirements for Internet Hosts - Application and
                   Support. October 1989. 

 

 

-
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

+
[RFC1591] J. Postel. Domain Name System Structure and Delegation. March 1994. 

 

 

-
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

+
[RFC2317] H. Eidnes, G. de Groot, and P. Vixie. Classless IN-ADDR.ARPA Delegation. March 1998. 

 

 

-
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

+
[RFC2826] Internet Architecture Board. IAB Technical Comment on the Unique DNS Root. May 2000. 

 

 

-
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

+
[RFC2929] D. Eastlake, 3rd, E. Brunner-Williams, and B. Manning. Domain Name System (DNS) IANA Considerations. September 2000. 

 

 

 

 

 DNS Operations

 

-
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

+
[RFC1033] M. Lottor. Domain administrators operations guide.. November 1987. 

 

 

-
[RFC1537] P. Beertema. Common DNS Data File
+
[RFC1537] P. Beertema. Common DNS Data File
                   Configuration Errors. October 1993. 

 

 

-
[RFC1912] D. Barr. Common DNS Operational and
+
[RFC1912] D. Barr. Common DNS Operational and
                   Configuration Errors. February 1996. 

 

 

-
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

+
[RFC2010] B. Manning and P. Vixie. Operational Criteria for Root Name Servers.. October 1996. 

 

 

-
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
+
[RFC2219] M. Hamilton and R. Wright. Use of DNS Aliases for
                   Network Services.. October 1997. 

 

 

 

 
Internationalized Domain Names

 

-
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
+
[RFC2825] IAB and R. Daigle. A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols. May 2000. 

 

 

-
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

+
[RFC3490] P. Faltstrom, P. Hoffman, and A. Costello. Internationalizing Domain Names in Applications (IDNA). March 2003. 

 

 

-
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

+
[RFC3491] P. Hoffman and M. Blanchet. Nameprep: A Stringprep Profile for Internationalized Domain Names. March 2003. 

 

 

-
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
+
[RFC3492] A. Costello. Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA). March 2003. 

 

@@ -489,47 +489,47 @@
                 

 

 

-
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
+
[RFC1464] R. Rosenbaum. Using the Domain Name System To Store Arbitrary String
                   Attributes. May 1993. 

 

 

-
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

+
[RFC1713] A. Romao. Tools for DNS Debugging. November 1994. 

 

 

-
[RFC1794] T. Brisco. DNS Support for Load
+
[RFC1794] T. Brisco. DNS Support for Load
                   Balancing. April 1995. 

 

 

-
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

+
[RFC2240] O. Vaughan. A Legal Basis for Domain Name Allocation. November 1997. 

 

 

-
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

+
[RFC2345] J. Klensin, T. Wolf, and G. Oglesby. Domain Names and Company Name Retrieval. May 1998. 

 

 

-
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

+
[RFC2352] O. Vaughan. A Convention For Using Legal Names as Domain Names. May 1998. 

 

 

-
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

+
[RFC3071] J. Klensin. Reflections on the DNS, RFC 1591, and Categories of Domains. February 2001. 

 

 

-
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
+
[RFC3258] T. Hardie. Distributing Authoritative Name Servers via
                        Shared Unicast Addresses. April 2002. 

 

 

-
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

+
[RFC3901] A. Durand and J. Ihren. DNS IPv6 Transport Operational Guidelines. September 2004. 

 

 
 

 
Obsolete and Unimplemented Experimental RFC

 

-
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
+
[RFC1712] C. Farrell, M. Schulze, S. Pleitner, and D. Baldoni. DNS Encoding of Geographical
                   Location. November 1994. 

 

 

-
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

+
[RFC2673] M. Crawford. Binary Labels in the Domain Name System. August 1999. 

 

 

-
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
+
[RFC2874] M. Crawford and C. Huitema. DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering. July 2000. 

 

 

@@ -543,39 +543,39 @@
                 

 
 

-
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

+
[RFC2065] D. Eastlake, 3rd and C. Kaufman. Domain Name System Security Extensions. January 1997. 

 

 

-
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

+
[RFC2137] D. Eastlake, 3rd. Secure Domain Name System Dynamic Update. April 1997. 

 

 

-
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

+
[RFC2535] D. Eastlake, 3rd. Domain Name System Security Extensions. March 1999. 

 

 

-
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
+
[RFC3008] B. Wellington. Domain Name System Security (DNSSEC)
                        Signing Authority. November 2000. 

 

 

-
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

+
[RFC3090] E. Lewis. DNS Security Extension Clarification on Zone Status. March 2001. 

 

 

-
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

+
[RFC3445] D. Massey and S. Rose. Limiting the Scope of the KEY Resource Record (RR). December 2002. 

 

 

-
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

+
[RFC3655] B. Wellington and O. Gudmundsson. Redefinition of DNS Authenticated Data (AD) bit. November 2003. 

 

 

-
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

+
[RFC3658] O. Gudmundsson. Delegation Signer (DS) Resource Record (RR). December 2003. 

 

 

-
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

+
[RFC3755] S. Weiler. Legacy Resolver Compatibility for Delegation Signer (DS). May 2004. 

 

 

-
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
+
[RFC3757] O. Kolkman, J. Schlyter, and E. Lewis. Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag. April 2004. 

 

 

-
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

+
[RFC3845] J. Schlyter. DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format. August 2004. 

 

 
 
@@ -596,14 +596,14 @@
 
 

 

-Other Documents About BIND
+Other Documents About BIND
 

 

 

 

-Bibliography

+Bibliography

 

-
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

+
Paul Albitz and Cricket Liu. DNS and BIND. Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. 

 

 
 
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 479be93c8f..0b95b7bf8e 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -127,55 +127,55 @@
 
Configuration File Elements

 

 
Address Match Lists

-
Comment Syntax

+
Comment Syntax

 

 
Configuration File Grammar

 

-
acl Statement Grammar

+
acl Statement Grammar

 
acl Statement Definition and
           Usage

-
controls Statement Grammar

+
controls Statement Grammar

 
controls Statement Definition and
           Usage

-
include Statement Grammar

-
include Statement Definition and
+
include Statement Grammar

+
include Statement Definition and
           Usage

-
key Statement Grammar

-
key Statement Definition and Usage

-
logging Statement Grammar

-
logging Statement Definition and
+
key Statement Grammar

+
key Statement Definition and Usage

+
logging Statement Grammar

+
logging Statement Definition and
           Usage

-
lwres Statement Grammar

-
lwres Statement Definition and Usage

-
masters Statement Grammar

-
masters Statement Definition and
+
lwres Statement Grammar

+
lwres Statement Definition and Usage

+
masters Statement Grammar

+
masters Statement Definition and
           Usage

-
options Statement Grammar

+
options Statement Grammar

 
options Statement Definition and
           Usage

 
statistics-channels Statement Grammar

-
statistics-channels Statement Definition and
+
statistics-channels Statement Definition and
             Usage

 
server Statement Grammar

 
server Statement Definition and
             Usage

-
trusted-keys Statement Grammar

-
trusted-keys Statement Definition
+
trusted-keys Statement Grammar

+
trusted-keys Statement Definition
             and Usage

 
view Statement Grammar

-
view Statement Definition and Usage

+
view Statement Definition and Usage

 
zone
             Statement Grammar

-
zone Statement Definition and Usage

+
zone Statement Definition and Usage

 

-
Zone File

+
Zone File

 

 
Types of Resource Records and When to Use Them

-
Discussion of MX Records

+
Discussion of MX Records

 
Setting TTLs

-
Inverse Mapping in IPv4

-
Other Zone File Directives

-
BIND Master File Extension: the  $GENERATE Directive

+
Inverse Mapping in IPv4

+
Other Zone File Directives

+
BIND Master File Extension: the  $GENERATE Directive

 
Additional File Formats

 

 
BIND9 Statistics

@@ -184,31 +184,31 @@
 
7. BIND 9 Security Considerations

 

 
Access Control Lists

-
Chroot and Setuid

+
Chroot and Setuid

 

-
The chroot Environment

-
Using the setuid Function

+
The chroot Environment

+
Using the setuid Function

 

 
Dynamic Update Security

 

 
8. Troubleshooting

 

-
Common Problems

-
It's not working; how can I figure out what's wrong?

-
Incrementing and Changing the Serial Number

-
Where Can I Get Help?

+
Common Problems

+
It's not working; how can I figure out what's wrong?

+
Incrementing and Changing the Serial Number

+
Where Can I Get Help?

 

 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

-
General DNS Reference Information

+
General DNS Reference Information

 
IPv6 addresses (AAAA)

 
Bibliography (and Suggested Reading)

 

 
Request for Comments (RFCs)

 
Internet Drafts

-
Other Documents About BIND

+
Other Documents About BIND

 

 

 
I. Manual pages

diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 0f6846cafc..268bfab46a 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -52,7 +52,7 @@
 
dig  [global-queryopt...] [query...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dig
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -98,7 +98,7 @@
     

 

 

-
SIMPLE USAGE

+
SIMPLE USAGE

 

       A typical invocation of dig looks like:
       

@@ -144,7 +144,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

       The -b option sets the source IP address of the query
       to address.  This must be a valid
@@ -244,7 +244,7 @@
     

 

 

-
QUERY OPTIONS

+
QUERY OPTIONS

 
dig
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -567,7 +567,7 @@
     

 

 

-
MULTIPLE QUERIES

+
MULTIPLE QUERIES

 

       The BIND 9 implementation of dig 
       supports
@@ -613,7 +613,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If dig has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -627,14 +627,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 
${HOME}/.digrc
     

 

 

-
SEE ALSO

+
SEE ALSO

 
host(1),
       named(8),
       dnssec-keygen(8),
@@ -642,7 +642,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     

 

 

-
BUGS

+
BUGS

 

       There are probably too many query options.
     

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index c09d09036d..9dca8e592e 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keyfromlabel  {-a algorithm} {-l label} [-c class] [-f flag] [-k] [-n nametype] [-p protocol] [-t type] [-v level] {name}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keyfromlabel
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -131,7 +131,7 @@
 

 

 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -172,7 +172,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -182,7 +182,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 2a98e8b1e6..9f4de0222a 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -166,7 +166,7 @@
 

 

 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -212,7 +212,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -233,7 +233,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535,
@@ -242,7 +242,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index f8afe6ff25..c57bdbf505 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -259,7 +259,7 @@
 

 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -288,14 +288,14 @@ db.example.com.signed
 %
 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index bda82a5ede..a6a5c633d6 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
host  [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [-4] [-6] {name} [server]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
host
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -202,7 +202,7 @@
     

 

 

-
IDN SUPPORT

+
IDN SUPPORT

 

       If host has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -216,12 +216,12 @@
     

 

 

-
FILES

+
FILES

 
/etc/resolv.conf
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dig(1),
       named(8).
     

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 18b4446695..016459ea62 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-z]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -92,21 +92,21 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index d1274ba212..f8ee2aea6e 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

@@ -257,14 +257,14 @@
 

 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkzone
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkconf(8),
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 8727623d61..072230d78a 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -209,7 +209,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -230,7 +230,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -239,7 +239,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -252,7 +252,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -265,7 +265,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 580f62292b..d3b5781659 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [[-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 
 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -182,7 +182,7 @@
     

 

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -431,7 +431,7 @@
     

 

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -485,7 +485,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -504,7 +504,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2136,
       RFC3007,
       RFC2104,
@@ -517,7 +517,7 @@
     

 

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 6a660cc4c5..faff8e3148 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index ebcf47d3c0..95838ee4da 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 49cd5eaa9d..334883a99f 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

 
 

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/misc/options b/doc/misc/options
index 95d0b3100a..1fac77be62 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -69,8 +69,8 @@ options {
         alt-transfer-source-v6 (  | * ) [ port (  |
             * ) ];
         auth-nxdomain ; // default changed
-        avoid-v4-udp-ports { ; ... };
-        avoid-v6-udp-ports { ; ... };
+        avoid-v4-udp-ports { ; ... };
+        avoid-v6-udp-ports { ; ... };
         blackhole { ; ... };
         cache-file ;
         check-integrity ;
@@ -158,8 +158,8 @@ options {
         query-source ;
         query-source-v6 ;
         querylog ;
-        queryport-pool-ports ;
-        queryport-pool-updateinterval ;
+        queryport-pool-ports ; // obsolete
+        queryport-pool-updateinterval ; // obsolete
         random-device ;
         recursing-file ;
         recursion ;
@@ -200,7 +200,9 @@ options {
         use-alt-transfer-source ;
         use-id-pool ; // obsolete
         use-ixfr ;
-        use-queryport-pool ;
+        use-queryport-pool ; // obsolete
+        use-v4-udp-ports { ; ... };
+        use-v6-udp-ports { ; ... };
         version (  | none );
         zero-no-soa-ttl ;
         zero-no-soa-ttl-cache ;
@@ -328,8 +330,8 @@ view   {
         provide-ixfr ;
         query-source ;
         query-source-v6 ;
-        queryport-pool-ports ;
-        queryport-pool-updateinterval ;
+        queryport-pool-ports ; // obsolete
+        queryport-pool-updateinterval ; // obsolete
         recursion ;
         request-ixfr ;
         request-nsid ;
@@ -374,7 +376,7 @@ view   {
         try-tcp-refresh ;
         update-check-ksk ;
         use-alt-transfer-source ;
-        use-queryport-pool ;
+        use-queryport-pool ; // obsolete
         zero-no-soa-ttl ;
         zero-no-soa-ttl-cache ;
         zone   {

From 78576fe0db75332cd956b037d90dad0c7e09b005 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 24 Jun 2008 01:40:25 +0000
Subject: [PATCH 003/135] include sys/sysctl.h only if HAVE_SYS_SYSCTL_H is
 defined

---
 lib/isc/unix/net.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/isc/unix/net.c b/lib/isc/unix/net.c
index 7a422691a5..5afe88d327 100644
--- a/lib/isc/unix/net.c
+++ b/lib/isc/unix/net.c
@@ -15,12 +15,14 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.c,v 1.38 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: net.c,v 1.39 2008/06/24 01:40:25 jinmei Exp $ */
 
 #include 
 
 #include 
+#ifdef HAVE_SYS_SYSCTL_H
 #include 
+#endif
 
 #include 
 #include 

From 1ef53a4a91f29db3b53b9686f391c7a1710cbca6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 24 Jun 2008 01:58:16 +0000
Subject: [PATCH 004/135] newline

---
 lib/isc/unix/socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 7fa9216ae6..0ab6978a95 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.282 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: socket.c,v 1.283 2008/06/24 01:58:16 jinmei Exp $ */
 
 /*! \file */
 
@@ -3325,6 +3325,7 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
 	char strbuf[ISC_STRERRORSIZE];
 #endif
 	isc_result_t result;
+
 	REQUIRE(managerp != NULL && *managerp == NULL);
 
 #ifndef ISC_PLATFORM_USETHREADS

From 391ac1cbfd70da63569b621113f66a1526c2640c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 24 Jun 2008 21:44:11 +0000
Subject: [PATCH 005/135] static inline -> inline

---
 lib/isc/portset.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/isc/portset.c b/lib/isc/portset.c
index e4c5da0f39..00a2e1cb6f 100644
--- a/lib/isc/portset.c
+++ b/lib/isc/portset.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: portset.c,v 1.2 2008/06/23 19:41:19 jinmei Exp $ */
+/* $Id: portset.c,v 1.3 2008/06/24 21:44:11 marka Exp $ */
 
 /*! \file */
 #include 
@@ -35,12 +35,12 @@ struct isc_portset {
 	isc_uint32_t buf[ISC_PORTSET_BUFSIZE];
 };
 
-static inline isc_boolean_t
+inline isc_boolean_t
 portset_isset(isc_portset_t *portset, in_port_t port) {
 	return (ISC_TF((portset->buf[port >> 5] & (1 << (port & 31))) != 0));
 }
 
-static inline void
+inline void
 portset_add(isc_portset_t *portset, in_port_t port) {
 	if (!portset_isset(portset, port)) {
 		portset->nports++;
@@ -48,7 +48,7 @@ portset_add(isc_portset_t *portset, in_port_t port) {
 	}
 }
 
-static inline void
+inline void
 portset_remove(isc_portset_t *portset, in_port_t port) {
 	if (portset_isset(portset, port)) {
 		portset->nports--;

From 0d5cc4c53a0200d673bcf36bddcbaed50453e1fd Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 24 Jun 2008 23:24:35 +0000
Subject: [PATCH 006/135] #include , restore 'static inline'

---
 lib/isc/portset.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/isc/portset.c b/lib/isc/portset.c
index 00a2e1cb6f..471ca8e8d0 100644
--- a/lib/isc/portset.c
+++ b/lib/isc/portset.c
@@ -14,9 +14,12 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: portset.c,v 1.3 2008/06/24 21:44:11 marka Exp $ */
+/* $Id: portset.c,v 1.4 2008/06/24 23:24:35 marka Exp $ */
 
 /*! \file */
+
+#include 
+
 #include 
 #include 
 #include 
@@ -35,12 +38,12 @@ struct isc_portset {
 	isc_uint32_t buf[ISC_PORTSET_BUFSIZE];
 };
 
-inline isc_boolean_t
+static inline isc_boolean_t
 portset_isset(isc_portset_t *portset, in_port_t port) {
 	return (ISC_TF((portset->buf[port >> 5] & (1 << (port & 31))) != 0));
 }
 
-inline void
+static inline void
 portset_add(isc_portset_t *portset, in_port_t port) {
 	if (!portset_isset(portset, port)) {
 		portset->nports++;
@@ -48,7 +51,7 @@ portset_add(isc_portset_t *portset, in_port_t port) {
 	}
 }
 
-inline void
+static inline void
 portset_remove(isc_portset_t *portset, in_port_t port) {
 	if (portset_isset(portset, port)) {
 		portset->nports--;

From cc758fbc8fea942503e5de9a9f151570dc4f9a6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 25 Jun 2008 00:09:50 +0000
Subject: [PATCH 007/135] typo

---
 lib/isc/unix/socket.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 0ab6978a95..ebd8197641 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.283 2008/06/24 01:58:16 jinmei Exp $ */
+/* $Id: socket.c,v 1.284 2008/06/25 00:09:50 jinmei Exp $ */
 
 /*! \file */
 
@@ -4279,7 +4279,7 @@ isc_socket_listen(isc_socket_t *sock, unsigned int backlog) {
 }
 
 /*
- * This should try to do agressive accept() XXXMLG
+ * This should try to do aggressive accept() XXXMLG
  */
 isc_result_t
 isc_socket_accept(isc_socket_t *sock,

From 7b0bb3bdc96dca1b8fd0571121e90a81a1bfabe2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 25 Jun 2008 22:56:33 +0000
Subject: [PATCH 008/135] work around HP-UX UDP connect behavior [RT #18202]

---
 lib/isc/unix/socket.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index ebd8197641..03f0f804d0 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.284 2008/06/25 00:09:50 jinmei Exp $ */
+/* $Id: socket.c,v 1.285 2008/06/25 22:56:33 jinmei Exp $ */
 
 /*! \file */
 
@@ -4390,6 +4390,16 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr,
 	sock->peer_address = *addr;
 	cc = connect(sock->fd, &addr->type.sa, addr->length);
 	if (cc < 0) {
+		/*
+		 * HP-UX "fails" to connect a UDP socket and sets errno to
+		 * EINPROGRESS if it's non-blocking.  We'd rather regard this as
+		 * a success and let the user detect it if it's really an error
+		 * at the time of sending a packet on the socket.
+		 */
+		if (sock->type == isc_sockettype_udp && errno == EINPROGRESS) {
+			cc = 0;
+			goto success;
+		}
 		if (SOFT_ERROR(errno) || errno == EINPROGRESS)
 			goto queue;
 
@@ -4431,6 +4441,7 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr,
 	/*
 	 * If connect completed, fire off the done event.
 	 */
+ success:
 	if (cc == 0) {
 		sock->connected = 1;
 		sock->bound = 1;

From 4462803b0dcfe07133a8ffdc13dc1f5688196d1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 25 Jun 2008 23:13:51 +0000
Subject: [PATCH 009/135] minor resource leak in error handling of socket.c [RT
 #17968]

---
 lib/isc/win32/socket.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 18dbff2894..cb1a6f0a28 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.54 2008/03/27 23:46:57 tbox Exp $ */
+/* $Id: socket.c,v 1.55 2008/06/25 23:13:51 jinmei Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -2841,6 +2841,7 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
 	 */
 	result = event_thread_create(&evthread, manager);
 	if (result != ISC_R_SUCCESS) {
+		isc_condition_destroy(&manager->shutdown_ok);
 		DESTROYLOCK(&manager->lock);
 		isc_mem_put(mctx, manager, sizeof(*manager));
 		return (result);

From 77514242b09538db8f3a8f96f7f3d368cff6ebba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 25 Jun 2008 23:17:47 +0000
Subject: [PATCH 010/135] 2385.	[bug]		A condition variable in
 socket.c could leak in 			rare error handling [RT
 #17968].

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index c762e6d8f1..1dbce9198e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2385.	[bug]		A condition variable in socket.c could leak in
+			rare error handling [RT #17968].
+
 2384.	[security]	Fully randomize UDP query ports to improve
 			forgery resilience. [RT #17949, #18098]
 

From 2a03c0af765860308edb715be012d4bc743c47f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 26 Jun 2008 22:15:40 +0000
Subject: [PATCH 011/135] prevent null socket dereference in IPv6 interface
 address adjustment [RT #18203]

---
 lib/dns/dispatch.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index fc97333139..999b84c681 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.142 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: dispatch.c,v 1.143 2008/06/26 22:15:40 jinmei Exp $ */
 
 /*! \file */
 
@@ -2022,18 +2022,17 @@ local_addr_match(dns_dispatch_t *disp, isc_sockaddr_t *addr) {
 	isc_sockaddr_t sockaddr;
 	isc_result_t result;
 
+	REQUIRE(disp->socket != NULL);
+
 	if (addr == NULL)
 		return (ISC_TRUE);
 
 	/*
 	 * Don't match wildcard ports unless the port is available in the
-	 * current configuration.  We can skip this check when disp->socket is
-	 * NULL because such a dispatcher will choose ports on-demand from
-	 * the available set.
+	 * current configuration.
 	 */
 	if (isc_sockaddr_getport(addr) == 0 &&
 	    isc_sockaddr_getport(&disp->local) == 0 &&
-	    disp->socket != NULL &&
 	    !portavailable(disp->mgr, disp->socket, NULL)) {
 		return (ISC_FALSE);
 	}
@@ -2078,10 +2077,10 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local,
 	isc_result_t result;
 
 	/*
-	 * Make certain that we will not match a private dispatch.
+	 * Make certain that we will not match a private or exclusive dispatch.
 	 */
-	attributes &= ~DNS_DISPATCHATTR_PRIVATE;
-	mask |= DNS_DISPATCHATTR_PRIVATE;
+	attributes &= ~(DNS_DISPATCHATTR_PRIVATE|DNS_DISPATCHATTR_EXCLUSIVE);
+	mask |= (DNS_DISPATCHATTR_PRIVATE|DNS_DISPATCHATTR_EXCLUSIVE);
 
 	disp = ISC_LIST_HEAD(mgr->list);
 	while (disp != NULL) {

From 69070fbbf342fd26b913789b8b03c13a92d72f81 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 26 Jun 2008 23:18:47 +0000
Subject: [PATCH 012/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 7418687e69..b2cc3f7e86 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -133,6 +133,7 @@ rt18046				new	fdupont	// 2008-05-09 06:56 +0000
 rt18092				new	each	// 2008-05-21 05:49 +0000
 rt18098				new	
 rt18159				new	
+rt18194				new	
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From dfe1f59d9d83bd143aed555ecb599eedea1c7a9a Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 30 Jun 2008 23:17:55 +0000
Subject: [PATCH 013/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index b2cc3f7e86..af77cd45d9 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -9,6 +9,7 @@ Branch				Status	Whom	// Comments
 				private		private branch
 				closed		finished with
 
+branch_9_5_0_P1			new	each	// 2008-06-30 22:15 +0000
 custom_AFILIAS_v9_4_1_P1	private	marka	// 2007-08-30 01:11 +0000
 custom_AFIS_v9_4_0		private	marka	// 2007-04-23 05:08 +0000
 custom_ALLIANZ_v9_4_1_P1	private	marka	// 2007-08-03 04:51 +0000

From f41bd47802eef1298558027d5b86a9078fd8de71 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 1 Jul 2008 03:55:10 +0000
Subject: [PATCH 014/135] merge rt18194 to enable windows build

---
 lib/isc/win32/include/isc/net.h |  19 ++++-
 lib/isc/win32/net.c             |  35 ++++++++-
 lib/isc/win32/socket.c          | 126 ++++++++++++++++++++++++--------
 3 files changed, 148 insertions(+), 32 deletions(-)

diff --git a/lib/isc/win32/include/isc/net.h b/lib/isc/win32/include/isc/net.h
index 86bb6040f8..e84d190a1d 100644
--- a/lib/isc/win32/include/isc/net.h
+++ b/lib/isc/win32/include/isc/net.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.h,v 1.28 2007/06/19 23:47:20 tbox Exp $ */
+/* $Id: net.h,v 1.29 2008/07/01 03:55:10 each Exp $ */
 
 #ifndef ISC_NET_H
 #define ISC_NET_H 1
@@ -306,6 +306,23 @@ isc_net_enableipv4(void);
 void
 isc_net_enableipv6(void);
 
+isc_result_t
+isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high);
+/*%<
+ * Returns system's default range of ephemeral UDP ports, if defined.
+ * If the range is not available or unknown, ISC_NET_PORTRANGELOW and
+ * ISC_NET_PORTRANGEHIGH will be returned.
+ *
+ * Requires:
+ *
+ *\li	'low' and 'high' must be non NULL.
+ *
+ * Returns:
+ *
+ *\li	*low and *high will be the ports specifying the low and high ends of
+ *	the range.
+ */
+
 #ifdef ISC_PLATFORM_NEEDNTOP
 const char *
 isc_net_ntop(int af, const void *src, char *dst, size_t size);
diff --git a/lib/isc/win32/net.c b/lib/isc/win32/net.c
index 29f2656097..5647c424bc 100644
--- a/lib/isc/win32/net.c
+++ b/lib/isc/win32/net.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.c,v 1.16 2008/04/02 23:46:57 tbox Exp $ */
+/* $Id: net.c,v 1.17 2008/07/01 03:55:10 each Exp $ */
 
 #include 
 
@@ -30,6 +30,23 @@
 #include 
 #include 
 
+/*%
+ * Definitions about UDP port range specification.  This is a total mess of
+ * portability variants: some use sysctl (but the sysctl names vary), some use
+ * system-specific interfaces, some have the same interface for IPv4 and IPv6,
+ * some separate them, etc...
+ */
+
+/*%
+ * The last resort defaults: use all non well known port space
+ */
+#ifndef ISC_NET_PORTRANGELOW
+#define ISC_NET_PORTRANGELOW 1024
+#endif	/* ISC_NET_PORTRANGELOW */
+#ifndef ISC_NET_PORTRANGEHIGH
+#define ISC_NET_PORTRANGEHIGH 65535
+#endif	/* ISC_NET_PORTRANGEHIGH */
+
 #if defined(ISC_PLATFORM_HAVEIPV6) && defined(ISC_PLATFORM_NEEDIN6ADDRANY)
 const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT;
 #endif
@@ -269,6 +286,22 @@ isc_net_probe_ipv6pktinfo(void) {
 	return (ipv6pktinfo_result);
 }
 
+isc_result_t
+isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) {
+	int result = ISC_R_FAILURE;
+
+	REQUIRE(low != NULL && high != NULL);
+
+	UNUSED(af);
+
+	if (result != ISC_R_SUCCESS) {
+		*low = ISC_NET_PORTRANGELOW;
+		*high = ISC_NET_PORTRANGEHIGH;
+	}
+
+	return (ISC_R_SUCCESS);	/* we currently never fail in this function */
+}
+
 void
 isc_net_disableipv4(void) {
 	initialize();
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index cb1a6f0a28..e8e8c7e73f 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.55 2008/06/25 23:13:51 jinmei Exp $ */
+/* $Id: socket.c,v 1.56 2008/07/01 03:55:10 each Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -1173,7 +1173,7 @@ build_msghdr_send(isc_socket_t *sock, isc_socketevent_t *dev,
 
 	memset(msg, 0, sizeof(*msg));
 
-	if (sock->type == isc_sockettype_udp) {
+	if (!sock->connected) {
 		msg->msg_name = (void *)&dev->address.type.sa;
 		msg->msg_namelen = dev->address.length;
 	} else {
@@ -1869,16 +1869,8 @@ free_socket(isc_socket_t **socketp) {
 	*socketp = NULL;
 }
 
-/*
- * Create a new 'type' socket managed by 'manager'.  Events
- * will be posted to 'task' and when dispatched 'action' will be
- * called with 'arg' as the arg value.  The new socket is returned
- * in 'socketp'.
- */
-isc_result_t
-isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
-		  isc_socket_t **socketp) {
-	isc_socket_t *sock = NULL;
+static isc_result_t
+internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 	isc_result_t result;
 #if defined(USE_CMSG)
 	int on = 1;
@@ -1890,17 +1882,9 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	int socket_errno;
 	char strbuf[ISC_STRERRORSIZE];
 
-	REQUIRE(VALID_MANAGER(manager));
-	REQUIRE(socketp != NULL && *socketp == NULL);
-
-	result = allocate_socket(manager, type, &sock);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	sock->pf = pf;
-	switch (type) {
+	switch (sock->type) {
 	case isc_sockettype_udp:
-		sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
+		sock->fd = socket(sock->pf, SOCK_DGRAM, IPPROTO_UDP);
 		if (sock->fd != INVALID_SOCKET) {
 			result = connection_reset_fix(sock->fd);
 			if (result != ISC_R_SUCCESS) {
@@ -1911,13 +1895,12 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 		}
 		break;
 	case isc_sockettype_tcp:
-		sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
+		sock->fd = socket(sock->pf, SOCK_STREAM, IPPROTO_TCP);
 		break;
 	}
 
 	if (sock->fd == INVALID_SOCKET) {
 		socket_errno = WSAGetLastError();
-		free_socket(&sock);
 
 		switch (socket_errno) {
 		case WSAEMFILE:
@@ -1945,19 +1928,17 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	result = make_nonblock(sock->fd);
 	if (result != ISC_R_SUCCESS) {
 		closesocket(sock->fd);
-		free_socket(&sock);
 		return (result);
 	}
 
-
 #if defined(USE_CMSG) || defined(SO_RCVBUF)
-	if (type == isc_sockettype_udp) {
+	if (sock->type == isc_sockettype_udp) {
 
 #if defined(USE_CMSG)
 #if defined(ISC_PLATFORM_HAVEIPV6)
 #ifdef IPV6_RECVPKTINFO
 		/* 2292bis */
-		if ((pf == AF_INET6)
+		if ((sock->pf == AF_INET6)
 		    && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
 				   (void *)&on, sizeof(on)) < 0)) {
 			isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
@@ -1972,7 +1953,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 		}
 #else
 		/* 2292 */
-		if ((pf == AF_INET6)
+		if ((sock->pf == AF_INET6)
 		    && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_PKTINFO,
 				   (void *)&on, sizeof(on)) < 0)) {
 			isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
@@ -1988,7 +1969,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 #endif /* IPV6_RECVPKTINFO */
 #ifdef IPV6_USE_MIN_MTU	/*2292bis, not too common yet*/
 		/* use minimum MTU */
-		if (pf == AF_INET6) {
+		if (sock->pf == AF_INET6) {
 			(void)setsockopt(sock->fd, IPPROTO_IPV6,
 					 IPV6_USE_MIN_MTU,
 					 (void *)&on, sizeof(on));
@@ -2011,6 +1992,36 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	}
 #endif /* defined(USE_CMSG) || defined(SO_RCVBUF) */
 
+	return (ISC_R_SUCCESS);
+}
+
+
+/*
+ * Create a new 'type' socket managed by 'manager'.  Events
+ * will be posted to 'task' and when dispatched 'action' will be
+ * called with 'arg' as the arg value.  The new socket is returned
+ * in 'socketp'.
+ */
+isc_result_t
+isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
+		  isc_socket_t **socketp) {
+	isc_socket_t *sock = NULL;
+	isc_result_t result;
+
+	REQUIRE(VALID_MANAGER(manager));
+	REQUIRE(socketp != NULL && *socketp == NULL);
+
+	result = allocate_socket(manager, type, &sock);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	sock->pf = pf;
+	result = internal_open(manager, sock);
+	if (result != ISC_R_SUCCESS) {
+		free_socket(&sock);
+		return (result);
+	}
+
 	sock->references = 1;
 	*socketp = sock;
 
@@ -2030,6 +2041,29 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 	return (ISC_R_SUCCESS);
 }
 
+isc_result_t
+isc_socket_open(isc_socket_t *sock) {
+	isc_result_t result;
+
+	REQUIRE(VALID_SOCKET(sock));
+
+	LOCK(&sock->lock);
+	REQUIRE(sock->references == 1);
+	UNLOCK(&sock->lock);
+
+	/*
+	 * We don't need to retain the lock hereafter, since no one else has
+	 * this socket.
+	 */
+	REQUIRE(sock->fd == -1);
+
+	result = internal_open(sock->manager, sock);
+	if (result != ISC_R_SUCCESS)
+		sock->fd = -1;
+
+	return (result);
+}
+
 /*
  * Attach to a socket.  Caller must explicitly detach when it is done.
  */
@@ -2071,6 +2105,38 @@ isc_socket_detach(isc_socket_t **socketp) {
 	*socketp = NULL;
 }
 
+void
+isc_socket_close(isc_socket_t *sock) {
+	REQUIRE(VALID_SOCKET(sock));
+
+	LOCK(&sock->lock);
+	REQUIRE(sock->references == 1);
+	UNLOCK(&sock->lock);
+	/*
+	 * We don't need to retain the lock hereafter, since no one else has
+	 * this socket.
+	 */
+	REQUIRE(sock->fd >= 0);
+
+	INSIST(!sock->connecting);
+	INSIST(!sock->pending_recv);
+	INSIST(!sock->pending_send);
+	INSIST(!sock->pending_accept);
+	INSIST(ISC_LIST_EMPTY(sock->recv_list));
+	INSIST(ISC_LIST_EMPTY(sock->send_list));
+	INSIST(ISC_LIST_EMPTY(sock->accept_list));
+	INSIST(sock->connect_ev == NULL);
+
+	sock->fd = -1;
+	sock->listener = 0;
+	sock->connected = 0;
+	sock->connecting = 0;
+	sock->bound = 0;
+	isc_sockaddr_any(&sock->address);
+
+	socket_close(sock);
+}
+
 /*
  * Dequeue an item off the given socket's read queue, set the result code
  * in the done event to the one provided, and send it to the task it was

From 0c42fc3acc95ea284cf1bfdf6869d1836756ebb9 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 1 Jul 2008 23:30:26 +0000
Subject: [PATCH 015/135] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index b65f58d2b1..df5c6a792e 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2323,7 +2323,7 @@
 ./lib/isc/win32/include/isc/ipv6.h		C	1999,2000,2001,2002,2004,2005,2007
 ./lib/isc/win32/include/isc/keyboard.h		C	2000,2001,2004,2007
 ./lib/isc/win32/include/isc/mutex.h		C	1998,1999,2000,2001,2004,2007
-./lib/isc/win32/include/isc/net.h		C	1999,2000,2001,2002,2003,2004,2005,2007
+./lib/isc/win32/include/isc/net.h		C	1999,2000,2001,2002,2003,2004,2005,2007,2008
 ./lib/isc/win32/include/isc/netdb.h		C	1999,2000,2001,2004,2007
 ./lib/isc/win32/include/isc/ntgroups.h		C	2001,2004,2007
 ./lib/isc/win32/include/isc/ntpaths.h		C	2000,2001,2004,2007

From 935c5b4fa2347beeeaa71759f8e709e15146c5d3 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 1 Jul 2008 23:47:17 +0000
Subject: [PATCH 016/135] update copyright notice

---
 lib/isc/win32/include/isc/net.h | 38 ++++++++++++++++-----------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/lib/isc/win32/include/isc/net.h b/lib/isc/win32/include/isc/net.h
index e84d190a1d..a89bce0b90 100644
--- a/lib/isc/win32/include/isc/net.h
+++ b/lib/isc/win32/include/isc/net.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.h,v 1.29 2008/07/01 03:55:10 each Exp $ */
+/* $Id: net.h,v 1.30 2008/07/01 23:47:17 tbox Exp $ */
 
 #ifndef ISC_NET_H
 #define ISC_NET_H 1
@@ -104,7 +104,7 @@
  * This is here because named client, interfacemgr.c, etc. use the name as
  * a variable
  */
-#undef interface 
+#undef interface
 
 #ifndef INADDR_LOOPBACK
 #define INADDR_LOOPBACK 0x7f000001UL
@@ -155,15 +155,15 @@ typedef isc_uint16_t in_port_t;
 #define FD_CLR(fd, set) do { \
     u_int __i; \
     for (__i = 0; __i < ((fd_set FAR *)(set))->fd_count; __i++) { \
-        if (((fd_set FAR *)(set))->fd_array[__i] == (SOCKET) fd) { \
-            while (__i < ((fd_set FAR *)(set))->fd_count-1) { \
-                ((fd_set FAR *)(set))->fd_array[__i] = \
-                    ((fd_set FAR *)(set))->fd_array[__i+1]; \
-                __i++; \
-            } \
-            ((fd_set FAR *)(set))->fd_count--; \
-            break; \
-        } \
+	if (((fd_set FAR *)(set))->fd_array[__i] == (SOCKET) fd) { \
+	    while (__i < ((fd_set FAR *)(set))->fd_count-1) { \
+		((fd_set FAR *)(set))->fd_array[__i] = \
+		    ((fd_set FAR *)(set))->fd_array[__i+1]; \
+		__i++; \
+	    } \
+	    ((fd_set FAR *)(set))->fd_count--; \
+	    break; \
+	} \
     } \
 } while (0)
 
@@ -171,15 +171,15 @@ typedef isc_uint16_t in_port_t;
 #define FD_SET(fd, set) do { \
     u_int __i; \
     for (__i = 0; __i < ((fd_set FAR *)(set))->fd_count; __i++) { \
-        if (((fd_set FAR *)(set))->fd_array[__i] == (SOCKET)(fd)) { \
-            break; \
-        } \
+	if (((fd_set FAR *)(set))->fd_array[__i] == (SOCKET)(fd)) { \
+	    break; \
+	} \
     } \
     if (__i == ((fd_set FAR *)(set))->fd_count) { \
-        if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \
-            ((fd_set FAR *)(set))->fd_array[__i] = (SOCKET)(fd); \
-            ((fd_set FAR *)(set))->fd_count++; \
-        } \
+	if (((fd_set FAR *)(set))->fd_count < FD_SETSIZE) { \
+	    ((fd_set FAR *)(set))->fd_array[__i] = (SOCKET)(fd); \
+	    ((fd_set FAR *)(set))->fd_count++; \
+	} \
     } \
 } while (0)
 

From 34350037a886e7a16728335821da2bbff95683a9 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Thu, 3 Jul 2008 00:13:25 +0000
Subject: [PATCH 017/135] re-merged rt18194 after fixing problems

---
 lib/dns/dispatch.c           |  18 +++++-
 lib/isc/include/isc/socket.h |  14 +++--
 lib/isc/unix/socket.c        |   6 +-
 lib/isc/win32/socket.c       | 118 ++++++++++-------------------------
 4 files changed, 62 insertions(+), 94 deletions(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 999b84c681..3a179d91ac 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.143 2008/06/26 22:15:40 jinmei Exp $ */
+/* $Id: dispatch.c,v 1.144 2008/07/03 00:13:25 each Exp $ */
 
 /*! \file */
 
@@ -803,6 +803,8 @@ destroy_dispsocket(dns_dispatch_t *disp, dispsocket_t **dispsockp) {
  */
 static void
 deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) {
+	isc_result_t result;
+
 	/*
 	 * The dispatch must be locked.
 	 */
@@ -815,8 +817,18 @@ deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) {
 	if (disp->nsockets > DNS_DISPATCH_POOLSOCKS)
 		destroy_dispsocket(disp, &dispsock);
 	else {
-		isc_socket_close(dispsock->socket);
-		ISC_LIST_APPEND(disp->inactivesockets, dispsock, link);
+		result = isc_socket_close(dispsock->socket);
+		if (result == ISC_R_SUCCESS)
+			ISC_LIST_APPEND(disp->inactivesockets, dispsock, link);
+		else {
+			/*
+			 * If the underlying system does not allow this
+			 * optimization, destroy this temporary structure (and
+			 * create a new one for a new transaction).
+			 */
+			INSIST(result == ISC_R_NOTIMPLEMENTED);
+			destroy_dispsocket(disp, &dispsock);
+		}
 	}
 }
 
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index f4bdc70244..8236adcf16 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.76 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: socket.h,v 1.77 2008/07/03 00:13:25 each Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -369,7 +369,8 @@ isc_socket_open(isc_socket_t *sock);
  * avoid overhead of destroying and creating sockets when many short-lived
  * sockets are frequently opened and closed.  When the efficiency is not an
  * issue, it should be safer to detach the unused socket and re-create a new
- * one.
+ * one.  This optimization may not be available for some systems, in which
+ * case this function will return ISC_R_NOTIMPLEMENTED and must not be used.
  *
  * Requires:
  *
@@ -379,15 +380,18 @@ isc_socket_open(isc_socket_t *sock);
  *
  * Returns:
  *	Same as isc_socket_create().
+ * \li	ISC_R_NOTIMPLEMENTED
  */
 
-void
+isc_result_t
 isc_socket_close(isc_socket_t *sock);
 /*%<
  * Close a socket file descriptor of the given socket structure.  This function
  * is provided as an alternative to destroying an unused socket when overhead
  * destroying/re-creating sockets can be significant, and is expected to be
- * used with isc_socket_open().
+ * used with isc_socket_open().  This optimization may not be available for some
+ * systems, in which case this function will return ISC_R_NOTIMPLEMENTED and
+ * must not be used.
  *
  * Requires:
  *
@@ -397,6 +401,8 @@ isc_socket_close(isc_socket_t *sock);
  *
  * \li	There must be no pending I/O requests.
  *
+ * Returns:
+ * \li	#ISC_R_NOTIMPLEMENTED
  */
 
 isc_result_t
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 03f0f804d0..e3157de3c7 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.285 2008/06/25 22:56:33 jinmei Exp $ */
+/* $Id: socket.c,v 1.286 2008/07/03 00:13:25 each Exp $ */
 
 /*! \file */
 
@@ -2195,7 +2195,7 @@ isc_socket_detach(isc_socket_t **socketp) {
 	*socketp = NULL;
 }
 
-void
+isc_result_t
 isc_socket_close(isc_socket_t *sock) {
 	int fd;
 
@@ -2229,6 +2229,8 @@ isc_socket_close(isc_socket_t *sock) {
 	isc_sockaddr_any(&sock->peer_address);
 
 	closesocket(sock->manager, sock->type, fd);
+
+	return (ISC_R_SUCCESS);
 }
 
 /*
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index e8e8c7e73f..374caf74e5 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.56 2008/07/01 03:55:10 each Exp $ */
+/* $Id: socket.c,v 1.57 2008/07/03 00:13:25 each Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -1173,7 +1173,7 @@ build_msghdr_send(isc_socket_t *sock, isc_socketevent_t *dev,
 
 	memset(msg, 0, sizeof(*msg));
 
-	if (!sock->connected) {
+	if (sock->type == isc_sockettype_udp) {
 		msg->msg_name = (void *)&dev->address.type.sa;
 		msg->msg_namelen = dev->address.length;
 	} else {
@@ -1869,8 +1869,16 @@ free_socket(isc_socket_t **socketp) {
 	*socketp = NULL;
 }
 
-static isc_result_t
-internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
+/*
+ * Create a new 'type' socket managed by 'manager'.  Events
+ * will be posted to 'task' and when dispatched 'action' will be
+ * called with 'arg' as the arg value.  The new socket is returned
+ * in 'socketp'.
+ */
+isc_result_t
+isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
+		  isc_socket_t **socketp) {
+	isc_socket_t *sock = NULL;
 	isc_result_t result;
 #if defined(USE_CMSG)
 	int on = 1;
@@ -1882,9 +1890,17 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 	int socket_errno;
 	char strbuf[ISC_STRERRORSIZE];
 
-	switch (sock->type) {
+	REQUIRE(VALID_MANAGER(manager));
+	REQUIRE(socketp != NULL && *socketp == NULL);
+
+	result = allocate_socket(manager, type, &sock);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	sock->pf = pf;
+	switch (type) {
 	case isc_sockettype_udp:
-		sock->fd = socket(sock->pf, SOCK_DGRAM, IPPROTO_UDP);
+		sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
 		if (sock->fd != INVALID_SOCKET) {
 			result = connection_reset_fix(sock->fd);
 			if (result != ISC_R_SUCCESS) {
@@ -1895,12 +1911,13 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 		}
 		break;
 	case isc_sockettype_tcp:
-		sock->fd = socket(sock->pf, SOCK_STREAM, IPPROTO_TCP);
+		sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
 		break;
 	}
 
 	if (sock->fd == INVALID_SOCKET) {
 		socket_errno = WSAGetLastError();
+		free_socket(&sock);
 
 		switch (socket_errno) {
 		case WSAEMFILE:
@@ -1928,17 +1945,19 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 	result = make_nonblock(sock->fd);
 	if (result != ISC_R_SUCCESS) {
 		closesocket(sock->fd);
+		free_socket(&sock);
 		return (result);
 	}
 
+
 #if defined(USE_CMSG) || defined(SO_RCVBUF)
-	if (sock->type == isc_sockettype_udp) {
+	if (type == isc_sockettype_udp) {
 
 #if defined(USE_CMSG)
 #if defined(ISC_PLATFORM_HAVEIPV6)
 #ifdef IPV6_RECVPKTINFO
 		/* 2292bis */
-		if ((sock->pf == AF_INET6)
+		if ((pf == AF_INET6)
 		    && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
 				   (void *)&on, sizeof(on)) < 0)) {
 			isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
@@ -1953,7 +1972,7 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 		}
 #else
 		/* 2292 */
-		if ((sock->pf == AF_INET6)
+		if ((pf == AF_INET6)
 		    && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_PKTINFO,
 				   (void *)&on, sizeof(on)) < 0)) {
 			isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
@@ -1969,7 +1988,7 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 #endif /* IPV6_RECVPKTINFO */
 #ifdef IPV6_USE_MIN_MTU	/*2292bis, not too common yet*/
 		/* use minimum MTU */
-		if (sock->pf == AF_INET6) {
+		if (pf == AF_INET6) {
 			(void)setsockopt(sock->fd, IPPROTO_IPV6,
 					 IPV6_USE_MIN_MTU,
 					 (void *)&on, sizeof(on));
@@ -1992,36 +2011,6 @@ internal_open(isc_socketmgr_t *manager, isc_socket_t *sock) {
 	}
 #endif /* defined(USE_CMSG) || defined(SO_RCVBUF) */
 
-	return (ISC_R_SUCCESS);
-}
-
-
-/*
- * Create a new 'type' socket managed by 'manager'.  Events
- * will be posted to 'task' and when dispatched 'action' will be
- * called with 'arg' as the arg value.  The new socket is returned
- * in 'socketp'.
- */
-isc_result_t
-isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
-		  isc_socket_t **socketp) {
-	isc_socket_t *sock = NULL;
-	isc_result_t result;
-
-	REQUIRE(VALID_MANAGER(manager));
-	REQUIRE(socketp != NULL && *socketp == NULL);
-
-	result = allocate_socket(manager, type, &sock);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	sock->pf = pf;
-	result = internal_open(manager, sock);
-	if (result != ISC_R_SUCCESS) {
-		free_socket(&sock);
-		return (result);
-	}
-
 	sock->references = 1;
 	*socketp = sock;
 
@@ -2043,25 +2032,9 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 
 isc_result_t
 isc_socket_open(isc_socket_t *sock) {
-	isc_result_t result;
-
 	REQUIRE(VALID_SOCKET(sock));
 
-	LOCK(&sock->lock);
-	REQUIRE(sock->references == 1);
-	UNLOCK(&sock->lock);
-
-	/*
-	 * We don't need to retain the lock hereafter, since no one else has
-	 * this socket.
-	 */
-	REQUIRE(sock->fd == -1);
-
-	result = internal_open(sock->manager, sock);
-	if (result != ISC_R_SUCCESS)
-		sock->fd = -1;
-
-	return (result);
+	return (ISC_R_NOTIMPLEMENTED);
 }
 
 /*
@@ -2105,36 +2078,11 @@ isc_socket_detach(isc_socket_t **socketp) {
 	*socketp = NULL;
 }
 
-void
+isc_result_t
 isc_socket_close(isc_socket_t *sock) {
 	REQUIRE(VALID_SOCKET(sock));
 
-	LOCK(&sock->lock);
-	REQUIRE(sock->references == 1);
-	UNLOCK(&sock->lock);
-	/*
-	 * We don't need to retain the lock hereafter, since no one else has
-	 * this socket.
-	 */
-	REQUIRE(sock->fd >= 0);
-
-	INSIST(!sock->connecting);
-	INSIST(!sock->pending_recv);
-	INSIST(!sock->pending_send);
-	INSIST(!sock->pending_accept);
-	INSIST(ISC_LIST_EMPTY(sock->recv_list));
-	INSIST(ISC_LIST_EMPTY(sock->send_list));
-	INSIST(ISC_LIST_EMPTY(sock->accept_list));
-	INSIST(sock->connect_ev == NULL);
-
-	sock->fd = -1;
-	sock->listener = 0;
-	sock->connected = 0;
-	sock->connecting = 0;
-	sock->bound = 0;
-	isc_sockaddr_any(&sock->address);
-
-	socket_close(sock);
+	return (ISC_R_NOTIMPLEMENTED);
 }
 
 /*

From 64ecc88345766e124e1fb053dbf4e36550471f83 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 4 Jul 2008 05:52:31 +0000
Subject: [PATCH 018/135] Several BSD-related fixes for port range:  - add
 param.h for NetBSD [rt18228]  - use correct sysctl strings on NetBSD
 [rt18230]  - use net.inet.ip.portrange.hiport/hilast instead of    first/last
 on FreeBSD [rt18234]  - define sysctl strings for DragonFly [rt18235]  - use
 sysctl() on OpenBSD because it doesn't support    sysctlbyname() [rt18231]

---
 lib/isc/unix/net.c | 86 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 70 insertions(+), 16 deletions(-)

diff --git a/lib/isc/unix/net.c b/lib/isc/unix/net.c
index 5afe88d327..b2fb30e4ed 100644
--- a/lib/isc/unix/net.c
+++ b/lib/isc/unix/net.c
@@ -15,12 +15,16 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.c,v 1.39 2008/06/24 01:40:25 jinmei Exp $ */
+/* $Id: net.c,v 1.40 2008/07/04 05:52:31 each Exp $ */
 
 #include 
 
 #include 
-#ifdef HAVE_SYS_SYSCTL_H
+
+#if defined(HAVE_SYS_SYSCTL_H)
+#if defined(HAVE_SYS_PARAM_H)
+#include 
+#endif
 #include 
 #endif
 
@@ -52,33 +56,42 @@
 #define ISC_NET_PORTRANGEHIGH 65535
 #endif	/* ISC_NET_PORTRANGEHIGH */
 
+#ifdef HAVE_SYSCTLBYNAME
+
 /*%
  * sysctl variants
  */
-#if defined(__FreeBSD__) || defined(__APPLE__)
+#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__DragonFly__)
 #define USE_SYSCTL_PORTRANGE
-#define SYSCTL_V4PORTRANGE_LOW	"net.inet.ip.portrange.first"
-#define SYSCTL_V4PORTRANGE_HIGH	"net.inet.ip.portrange.last"
-#define SYSCTL_V6PORTRANGE_LOW	"net.inet.ip.portrange.first"
-#define SYSCTL_V6PORTRANGE_HIGH	"net.inet.ip.portrange.last"
+#define SYSCTL_V4PORTRANGE_LOW	"net.inet.ip.portrange.hifirst"
+#define SYSCTL_V4PORTRANGE_HIGH	"net.inet.ip.portrange.hilast"
+#define SYSCTL_V6PORTRANGE_LOW	"net.inet.ip.portrange.hifirst"
+#define SYSCTL_V6PORTRANGE_HIGH	"net.inet.ip.portrange.hilast"
 #endif
 
 #ifdef __NetBSD__
 #define USE_SYSCTL_PORTRANGE
 #define SYSCTL_V4PORTRANGE_LOW	"net.inet.ip.anonportmin"
 #define SYSCTL_V4PORTRANGE_HIGH	"net.inet.ip.anonportmax"
-#define SYSCTL_V6PORTRANGE_LOW	"net.inet6.ip6.portrange.first"
-#define SYSCTL_V6PORTRANGE_HIGH	"net.inet6.ip6.portrange.last"
+#define SYSCTL_V6PORTRANGE_LOW	"net.inet6.ip6.anonportmin"
+#define SYSCTL_V6PORTRANGE_HIGH	"net.inet6.ip6.anonportmax"
 #endif
 
+#else /* !HAVE_SYSCTLBYNAME */
+
 #ifdef __OpenBSD__
 #define USE_SYSCTL_PORTRANGE
-#define SYSCTL_V4PORTRANGE_LOW	"net.inet.ip.portfirst"
-#define SYSCTL_V4PORTRANGE_HIGH	"net.inet.ip.portlast"
-#define SYSCTL_V6PORTRANGE_LOW	"net.inet6.ip6.portrange.first"
-#define SYSCTL_V6PORTRANGE_HIGH	"net.inet6.ip6.portrange.last"
+#define SYSCTL_V4PORTRANGE_LOW	{ CTL_NET, PF_INET, IPPROTO_IP, \
+				  IPCTL_IPPORT_HIFIRSTAUTO }
+#define SYSCTL_V4PORTRANGE_HIGH	{ CTL_NET, PF_INET, IPPROTO_IP, \
+				  IPCTL_IPPORT_HILASTAUTO }
+/* Same for IPv6 */
+#define SYSCTL_V6PORTRANGE_LOW	SYSCTL_V4PORTRANGE_LOW
+#define SYSCTL_V6PORTRANGE_HIGH	SYSCTL_V4PORTRANGE_HIGH
 #endif
 
+#endif /* HAVE_SYSCTLBYNAME */
+
 #if defined(ISC_PLATFORM_HAVEIPV6)
 # if defined(ISC_PLATFORM_NEEDIN6ADDRANY)
 const struct in6_addr isc_net_in6addrany = IN6ADDR_ANY_INIT;
@@ -387,7 +400,8 @@ isc_net_probe_ipv6pktinfo(void) {
 	return (ipv6pktinfo_result);
 }
 
-#ifdef USE_SYSCTL_PORTRANGE
+#if defined(USE_SYSCTL_PORTRANGE)
+#if defined(HAVE_SYSCTLBYNAME)
 static isc_result_t
 getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) {
 	int port_low, port_high;
@@ -419,7 +433,47 @@ getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) {
 
 	return (ISC_R_SUCCESS);
 }
-#endif
+#else /* !HAVE_SYSCTLBYNAME */
+static isc_result_t
+getudpportrange_sysctl(int af, in_port_t *low, in_port_t *high) {
+	int mib_lo4[4] = SYSCTL_V4PORTRANGE_LOW;
+	int mib_hi4[4] = SYSCTL_V4PORTRANGE_HIGH;
+	int mib_lo6[4] = SYSCTL_V6PORTRANGE_LOW;
+	int mib_hi6[4] = SYSCTL_V6PORTRANGE_HIGH;
+	int *mib_lo, *mib_hi, miblen;
+	int port_low, port_high;
+	size_t portlen;
+
+	if (af == AF_INET) {
+		mib_lo = mib_lo4;
+		mib_hi = mib_hi4;
+		miblen = sizeof(mib_lo4) / sizeof(mib_lo4[0]);
+	} else {
+		mib_lo = mib_lo6;
+		mib_hi = mib_hi6;
+		miblen = sizeof(mib_lo6) / sizeof(mib_lo6[0]);
+	}
+
+	portlen = sizeof(portlen);
+	if (sysctl(mib_lo, miblen, &port_low, &portlen, NULL, 0) < 0) {
+		return (ISC_R_FAILURE);
+	}
+
+	portlen = sizeof(portlen);
+	if (sysctl(mib_hi, miblen, &port_high, &portlen, NULL, 0) < 0) {
+		return (ISC_R_FAILURE);
+	}
+
+	if ((port_low & ~0xffff) != 0 || (port_high & ~0xffff) != 0)
+		return (ISC_R_RANGE);
+
+	*low = (in_port_t) port_low;
+	*high = (in_port_t) port_high;
+
+	return (ISC_R_SUCCESS);
+}
+#endif /* HAVE_SYSCTLBYNAME */
+#endif /* USE_SYSCTL_PORTRANGE */
 
 isc_result_t
 isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) {
@@ -427,7 +481,7 @@ isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high) {
 
 	REQUIRE(low != NULL && high != NULL);
 
-#ifdef USE_SYSCTL_PORTRANGE
+#if defined(USE_SYSCTL_PORTRANGE)
 	result = getudpportrange_sysctl(af, low, high);
 #else
 	UNUSED(af);

From 4fd1d8e7e9dec19cf1a82d78e7bcdb0fc8942211 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 7 Jul 2008 23:19:15 +0000
Subject: [PATCH 019/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index af77cd45d9..08e34e9bd0 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -118,6 +118,7 @@ rt17671				new	marka	// 2008-02-27 01:39 +0000
 rt17729				new	marka	// 2008-03-06 03:56 +0000
 rt17729a			new	marka	// 2008-04-02 23:40 +0000
 rt17828				new	marka	// 2008-04-09 23:06 +0000
+rt17849				new	mayer	// 2008-07-07 04:17 +0000
 rt17949				new	
 rt17949_v9_3			new	
 rt17949_v9_4			new	

From 158f256a14b629c4157fe0da779a4ff0e3402e48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 11 Jul 2008 23:05:46 +0000
Subject: [PATCH 020/135] 2386.	[bug]		Add warning about too small
 'open files' limit 			[RT #18269].

---
 CHANGES                        |  3 +++
 bin/named/server.c             | 25 ++++++++++++++++++++++++-
 lib/isc/include/isc/resource.h | 12 +++++++++++-
 lib/isc/include/isc/socket.h   | 18 +++++++++++++++++-
 lib/isc/unix/resource.c        | 19 ++++++++++++++++++-
 lib/isc/unix/socket.c          | 12 +++++++++++-
 lib/isc/win32/libisc.def       |  2 ++
 lib/isc/win32/resource.c       |  7 ++++++-
 lib/isc/win32/socket.c         | 10 +++++++++-
 9 files changed, 101 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1dbce9198e..b948a639a1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2386.	[bug]		Add warning about too small 'open files' limit
+			[RT #18269].
+
 2385.	[bug]		A condition variable in socket.c could leak in
 			rare error handling [RT #17968].
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 2680ec47d0..932d40c59b 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.510 2008/06/23 23:15:59 jinmei Exp $ */
+/* $Id: server.c,v 1.511 2008/07/11 23:05:45 jinmei Exp $ */
 
 /*! \file */
 
@@ -2905,6 +2905,7 @@ load_configuration(const char *filename, ns_server_t *server,
 	in_port_t listen_port, udpport_low, udpport_high;
 	isc_portset_t *v4portset = NULL;
 	isc_portset_t *v6portset = NULL;
+	isc_resourcevalue_t nfiles;
 	int i;
 
 	cfg_aclconfctx_init(&aclconfctx);
@@ -2994,6 +2995,28 @@ load_configuration(const char *filename, ns_server_t *server,
 	 */
 	set_limits(maps);
 
+	/*
+	 * Check if max number of open sockets that the system allows is
+	 * sufficiently large.  Failing this condition is not necessarily fatal,
+	 * but may cause subsequent runtime failures for a busy recursive
+	 * server.
+	 */
+	result = isc_resource_getcurlimit(isc_resource_openfiles, &nfiles);
+	if (result == ISC_R_SUCCESS) {
+		unsigned int maxsocks;
+
+		result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
+		if (result == ISC_R_SUCCESS &&
+		    ((isc_resourcevalue_t)maxsocks > nfiles) {
+			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+				      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
+				      "max open files "
+				      "(%" ISC_PRINT_QUADFORMAT "u)"
+				      " is smaller than max sockets (%u)",
+				      nfiles, maxsocks);
+		}
+	}
+
 	/*
 	 * Configure various server options.
 	 */
diff --git a/lib/isc/include/isc/resource.h b/lib/isc/include/isc/resource.h
index 7a615655f8..f32b632eca 100644
--- a/lib/isc/include/isc/resource.h
+++ b/lib/isc/include/isc/resource.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.h,v 1.11 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: resource.h,v 1.12 2008/07/11 23:05:46 jinmei Exp $ */
 
 #ifndef ISC_RESOURCE_H
 #define ISC_RESOURCE_H 1
@@ -81,6 +81,16 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value);
  *\li	#ISC_R_NOTIMPLEMENTED	'resource' is not a type known by the OS.
  */
 
+isc_result_t
+isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value);
+/*%<
+ * Same as isc_resource_getlimit(), but returns the current (soft) limit. 
+ *
+ * Returns:
+ *\li	#ISC_R_SUCCESS		Success.
+ *\li	#ISC_R_NOTIMPLEMENTED	'resource' is not a type known by the OS.
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* ISC_RESOURCE_H */
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 8236adcf16..530e684b65 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.77 2008/07/03 00:13:25 each Exp $ */
+/* $Id: socket.h,v 1.78 2008/07/11 23:05:46 jinmei Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -755,6 +755,22 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp);
  *\li	#ISC_R_UNEXPECTED
  */
 
+isc_result_t
+isc_socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp);
+/*%<
+ * Returns in "*nsockp" the maximum number of sockets this manager may open.
+ *
+ * Requires:
+ *
+ *\li	'*manager' is a valid isc_socketmgr_t.
+ *\li	'nsockp' is not NULL.
+ *
+ * Returns:
+ *
+ *\li	#ISC_R_SUCCESS
+ *\li	#ISC_R_NOTIMPLEMENTED
+ */
+
 void
 isc_socketmgr_destroy(isc_socketmgr_t **managerp);
 /*%<
diff --git a/lib/isc/unix/resource.c b/lib/isc/unix/resource.c
index 97ffd75747..aaaec1b6ff 100644
--- a/lib/isc/unix/resource.c
+++ b/lib/isc/unix/resource.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.17 2008/01/25 23:50:38 jinmei Exp $ */
+/* $Id: resource.c,v 1.18 2008/07/11 23:05:46 jinmei Exp $ */
 
 #include 
 
@@ -171,3 +171,20 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
 
 	return (result);
 }
+
+isc_result_t
+isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
+	int unixresult;
+	int unixresource;
+	struct rlimit rl;
+	isc_result_t result;
+
+	result = resource2rlim(resource, &unixresource);
+	if (result == ISC_R_SUCCESS) {
+		unixresult = getrlimit(unixresource, &rl);
+		INSIST(unixresult == 0);
+		*value = rl.rlim_cur;
+	}
+
+	return (result);
+}
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index e3157de3c7..b5367f7e64 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.286 2008/07/03 00:13:25 each Exp $ */
+/* $Id: socket.c,v 1.287 2008/07/11 23:05:46 jinmei Exp $ */
 
 /*! \file */
 
@@ -3489,6 +3489,16 @@ free_manager:
 	return (result);
 }
 
+isc_result_t
+isc_socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp) {
+	REQUIRE(VALID_MANAGER(manager));
+	REQUIRE(nsockp != NULL);
+
+	*nsockp = manager->maxsocks;
+
+	return (ISC_R_SUCCESS);
+}
+
 void
 isc_socketmgr_destroy(isc_socketmgr_t **managerp) {
 	isc_socketmgr_t *manager;
diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index 1480d85e92..5dcc73dd0d 100644
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -336,6 +336,7 @@ isc_ratelimiter_shutdown
 isc_refcount_init
 isc_region_compare
 isc_resource_getlimit
+isc_resource_getcurlimit
 isc_resource_setlimit
 isc_result_register
 isc_result_totext
@@ -417,6 +418,7 @@ isc_socket_sendv
 isc_socket_setname
 isc_socketmgr_create
 isc_socketmgr_destroy
+isc_socketmgr_getmaxsockets
 isc_stdio_close
 isc_stdio_flush
 isc_stdio_open
diff --git a/lib/isc/win32/resource.c b/lib/isc/win32/resource.c
index 328b711ca6..228ca7dfd7 100644
--- a/lib/isc/win32/resource.c
+++ b/lib/isc/win32/resource.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.8 2007/06/19 23:47:19 tbox Exp $ */
+/* $Id: resource.c,v 1.9 2008/07/11 23:05:46 jinmei Exp $ */
 
 #include 
 
@@ -65,3 +65,8 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
 	*value = WIN32_MAX_OPEN_FILES;
 	return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value) {
+	return (isc_resource_getlimit(resource, value));
+}
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 374caf74e5..77f2900c6b 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.57 2008/07/03 00:13:25 each Exp $ */
+/* $Id: socket.c,v 1.58 2008/07/11 23:05:46 jinmei Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -2873,6 +2873,14 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
 	return (ISC_R_SUCCESS);
 }
 
+isc_result_t
+isc_socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp) {
+	REQUIRE(VALID_MANAGER(manager));
+	REQUIRE(nsockp != NULL);
+
+	return (ISC_R_NOTIMPLEMENTED);
+}
+
 void
 isc_socketmgr_destroy(isc_socketmgr_t **managerp) {
 	isc_socketmgr_t *manager;

From f92c897cb69fbb8b7400a5df93271b0743fe9ade Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 11 Jul 2008 23:06:17 +0000
Subject: [PATCH 021/135] (it was not a 'bug')

---
 CHANGES | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index b948a639a1..f27f098209 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
-2386.	[bug]		Add warning about too small 'open files' limit
-			[RT #18269].
+2386.	[func]		Add warning about too small 'open files' limit.
+			[RT #18269]
 
 2385.	[bug]		A condition variable in socket.c could leak in
 			rare error handling [RT #17968].

From eeb3e1e1330e0782dbcb866aead4eef764a4983d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 11 Jul 2008 23:10:09 +0000
Subject: [PATCH 022/135] added some missing definitions

---
 lib/isc/win32/libisc.def | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index 5dcc73dd0d..94f1f2f336 100644
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -276,6 +276,7 @@ isc_mutexblock_init
 isc_net_aton
 isc_net_disableipv4
 isc_net_disableipv6
+isc_net_getudpportrange
 isc_net_ntop
 isc_net_probe_ipv6only
 isc_net_probe_ipv6pktinfo
@@ -394,6 +395,7 @@ isc_socket_attach
 isc_socket_bind
 isc_socket_cancel
 isc_socket_cleanunix
+isc_socket_close
 isc_socket_connect
 isc_socket_create
 isc_socket_detach
@@ -406,6 +408,7 @@ isc_socket_gettype
 isc_socket_ipv6only
 isc_socket_isbound
 isc_socket_listen
+isc_socket_open
 isc_socket_permunix
 isc_socket_recv
 isc_socket_recv2

From e705db6d5d886dc14f4a75a2046a075c0750e7ee Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 11 Jul 2008 23:30:23 +0000
Subject: [PATCH 023/135] newcopyrights

---
 util/copyrights | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index df5c6a792e..a193e0cae0 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2145,7 +2145,7 @@
 ./lib/isc/include/isc/ratelimiter.h		C	1999,2000,2001,2002,2004,2005,2006,2007
 ./lib/isc/include/isc/refcount.h		C	2001,2003,2004,2005,2006,2007
 ./lib/isc/include/isc/region.h			C	1998,1999,2000,2001,2002,2004,2005,2006,2007
-./lib/isc/include/isc/resource.h		C	2000,2001,2004,2005,2006,2007
+./lib/isc/include/isc/resource.h		C	2000,2001,2004,2005,2006,2007,2008
 ./lib/isc/include/isc/result.h			C	1998,1999,2000,2001,2003,2004,2005,2006,2007
 ./lib/isc/include/isc/resultclass.h		C	1999,2000,2001,2004,2005,2006,2007
 ./lib/isc/include/isc/rwlock.h			C	1998,1999,2000,2001,2003,2004,2005,2006,2007
@@ -2350,7 +2350,7 @@
 ./lib/isc/win32/ntpaths.c			C	2001,2004,2007
 ./lib/isc/win32/once.c				C	1999,2000,2001,2004,2007
 ./lib/isc/win32/os.c				C	2000,2001,2002,2004,2007
-./lib/isc/win32/resource.c			C	2000,2001,2004,2007
+./lib/isc/win32/resource.c			C	2000,2001,2004,2007,2008
 ./lib/isc/win32/socket.c			C	2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./lib/isc/win32/stdio.c				C	2000,2001,2004,2007
 ./lib/isc/win32/stdtime.c			C	1999,2000,2001,2004,2007

From b0364f1f3c6f90501d1ff7747c24b14bb80528b6 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 11 Jul 2008 23:47:09 +0000
Subject: [PATCH 024/135] update copyright notice

---
 lib/isc/include/isc/resource.h | 6 +++---
 lib/isc/win32/resource.c       | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/isc/include/isc/resource.h b/lib/isc/include/isc/resource.h
index f32b632eca..747c9fdf4e 100644
--- a/lib/isc/include/isc/resource.h
+++ b/lib/isc/include/isc/resource.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.h,v 1.12 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: resource.h,v 1.13 2008/07/11 23:47:09 tbox Exp $ */
 
 #ifndef ISC_RESOURCE_H
 #define ISC_RESOURCE_H 1
@@ -84,7 +84,7 @@ isc_resource_getlimit(isc_resource_t resource, isc_resourcevalue_t *value);
 isc_result_t
 isc_resource_getcurlimit(isc_resource_t resource, isc_resourcevalue_t *value);
 /*%<
- * Same as isc_resource_getlimit(), but returns the current (soft) limit. 
+ * Same as isc_resource_getlimit(), but returns the current (soft) limit.
  *
  * Returns:
  *\li	#ISC_R_SUCCESS		Success.
diff --git a/lib/isc/win32/resource.c b/lib/isc/win32/resource.c
index 228ca7dfd7..e7e7cf4146 100644
--- a/lib/isc/win32/resource.c
+++ b/lib/isc/win32/resource.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.9 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: resource.c,v 1.10 2008/07/11 23:47:09 tbox Exp $ */
 
 #include 
 

From fa77ca1069ab1437929a1607d7fc10ed7ba3d34f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Sat, 12 Jul 2008 05:58:08 +0000
Subject: [PATCH 025/135] removed redundant parenthesis (I don't know why it
 was included in the previous commit..)

---
 bin/named/server.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/named/server.c b/bin/named/server.c
index 932d40c59b..33b4c21746 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.511 2008/07/11 23:05:45 jinmei Exp $ */
+/* $Id: server.c,v 1.512 2008/07/12 05:58:08 jinmei Exp $ */
 
 /*! \file */
 
@@ -3007,7 +3007,7 @@ load_configuration(const char *filename, ns_server_t *server,
 
 		result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &maxsocks);
 		if (result == ISC_R_SUCCESS &&
-		    ((isc_resourcevalue_t)maxsocks > nfiles) {
+		    (isc_resourcevalue_t)maxsocks > nfiles) {
 			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
 				      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
 				      "max open files "

From 5c2512f98279456beb33ed85fde3b8199eef0687 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 14 Jul 2008 23:46:15 +0000
Subject: [PATCH 026/135] new draft

---
 ... => draft-ietf-dnsext-axfr-clarify-09.txt} | 326 ++++++++++--------
 1 file changed, 183 insertions(+), 143 deletions(-)
 rename doc/draft/{draft-ietf-dnsext-axfr-clarify-08.txt => draft-ietf-dnsext-axfr-clarify-09.txt} (78%)

diff --git a/doc/draft/draft-ietf-dnsext-axfr-clarify-08.txt b/doc/draft/draft-ietf-dnsext-axfr-clarify-09.txt
similarity index 78%
rename from doc/draft/draft-ietf-dnsext-axfr-clarify-08.txt
rename to doc/draft/draft-ietf-dnsext-axfr-clarify-09.txt
index 91dd61379c..94c08ec884 100644
--- a/doc/draft/draft-ietf-dnsext-axfr-clarify-08.txt
+++ b/doc/draft/draft-ietf-dnsext-axfr-clarify-09.txt
@@ -1,6 +1,6 @@
 INTERNET-DRAFT                                            Edward Lewis
-draft-ietf-dnsext-axfr-clarify-08.txt                    NeuStar, Inc.
-DNSEXT WG                                                    June 2008
+draft-ietf-dnsext-axfr-clarify-09.txt                    NeuStar, Inc.
+DNSEXT WG                                                    July 2008
 Updates: 1034, 1035 (if approved)     Intended status: Standards Track
 
                       DNS Zone Transfer Protocol (AXFR)
@@ -27,7 +27,7 @@ http://www.ietf.org/ietf/1id-abstracts.txt.
 The list of Internet-Draft Shadow Directories can be accessed at
 http://www.ietf.org/shadow.html.
 
-This Internet-Draft will expire on December 1, 2008.
+This Internet-Draft will expire on December 31, 2008.
 
 Copyright Notice
 
@@ -35,17 +35,15 @@ Copyright (C) The IETF Trust (2008).
 
 Abstract
 
-The Domain Name System standard facilities for maintaining coherent
-servers for a zone consist of three elements.  The Authoritative
-Transfer (AXFR) is defined in RFC 1034 and RFC 1035.  The Incremental
-Zone Transfer (IXFR) is defined in RFC 1995.  A mechanism for prompt
-notification of zone changes (NOTIFY) is defined in RFC 1996.  The base
-definition of these facilities, that of the AXFR, has proven
-insufficient in detail, resulting in no implementation complying with
-it. Yet today we have a satisfactory set of implementations that do
-interoperate. This document is a new definition of the AXFR, new in the
-sense that is it recording an accurate definition of an interoperable
-AXFR mechanism.
+The Domain Name System standard mechanisms for maintaining coherent
+servers for a zone consist of three elements.  One mechanism is the
+Authoritative Transfer (AXFR) is defined in RFC 1034 and RFC 1035.
+The definition of AXFR, has proven insufficient in detail, forcing
+implementations intended to be compliant to make assumptions, impeding
+interoperability. Yet today we have a satisfactory set of
+implementations that do interoperate. This document is a new
+definition of the AXFR, new in the sense that is it recording an
+accurate definition of an interoperable AXFR mechanism.
 
 1 Introduction
 
@@ -83,9 +81,9 @@ DNS implementations that assemble answers from data stored in
 relational databases (as opposed to master files) relying on the
 database's non-DNS means to synchronize the database instances.  Some
 of these non-DNS solutions interoperate in some fashion.  As far as
-it is known, AXFR, IXFR and NOTIFY are the only mechanisms that
-provide an interoperable solution to the desire for coherency within
-the definition of DNS, they certainly are the only mechanisms
+it is known, AXFR, IXFR and NOTIFY are the only in-band mechanisms
+that provide an interoperable solution to the desire for coherency
+within the definition of DNS, they certainly are the only mechanisms
 documented by the IETF.
 
 This document does not cover incoherent DNS situations.  There are
@@ -101,14 +99,16 @@ offerings.
 
 "Turnkey DNS implementation" refers to custom made, single use
 implementations of DNS.  Such implementations consist of software
-that employes the DNS protocol message format yet do not conform to
+that employs the DNS protocol message format yet do not conform to
 the entire range of DNS functionality.
 
 A DNS implementation is not required to support AXFR, IXFR and NOTIFY.
 A DNS implementation SHOULD have some means for maintaining name server
-coherency.  A general purpose DNS implementation SHOULD include AXFR,
-IXFR and NOTIFY, but turnkey DNS implementations MAY operate without
-it.
+coherency.  A general purpose DNS implementation SHOULD include AXFR
+(and in the same vein IXFR and NOTIFY), but turnkey DNS implementations
+MAY exist without AXFR.  (An editorial note to readers of this section.
+The mention of IXFR and NOTIFY is for context and illustration, this
+document does not make any normative comments on those mechanisms.)
 
 1.3 Context
 
@@ -130,6 +130,36 @@ invalidate at least one part of that definition.  The goal of this
 document is to define AXFR as it exists, or is supposed to exist,
 currently.
 
+1.4 Coverage and Relationship to Original AXFR Specification
+ 
+This document concentrates on just the definition of AXFR.  Any effort
+to update the IXFR or NOTIFY mechanisms would be done in different
+documents.
+
+The original "specification" of the AXFR sub-protocol is scattered
+through RFC 1034 and RFC 1035.  Section 2.2 of RFC 1035 on page 5
+depicts the scenario for which AXFR has been designed.  Section 4.3.5
+of RFC 1034 describes the zone synchronisation strategies in general
+and rules for the invocation of a full zone transfer via AXFR; the
+fifth paragraph of that section contains a very short sketch of the
+AXFR protocol.  Section 3.2.3 of RFC 1035 has assigned the code point
+for the AXFR QTYPE (see section 2.1.2 below for more details).
+Section 4.2 of RFC 1035 discusses the transport layer use of DNS and
+shortly explains why UDP transport is deemed inappropriate for AXFR;
+the last paragraph of Section 4.2.2 gives details for the TCP
+connection management with AXFR.  Finally, the second paragraph of
+Section 6.3 in RFC 1035 mandates server behavior when zone data
+changes occur during an ongoing zone transfer using AXFR.
+
+This document will update the specification of AXFR in fully
+specifying the record formats and processing rules for AXFR, largely
+expanding on paragraph 5 of Section 4.3.5 of RFC 1034, and detailing
+the transport considerations for AXFR, thus amending Section 4.2.2 of
+RFC 1035.  Furthermore, it discusses backward compatibility issues
+and provides policy/management considerations as well as specific
+Security Considerations for AXFR.  The goal of this document is to
+define AXFR as it exists, or is supposed to exist, currently.
+
 2 AXFR Messages
 
 An AXFR message exchange (or session) consists of an AXFR query message
@@ -142,7 +172,7 @@ fit into the limited permissible size of a DNS message.
 
 An important aspect to keep in mind is that the definition of AXFR is
 restricted to TCP [RFC0793].  The design of the AXFR process has
-certain inherit features that are not easily ported to UDP [RFC0768].
+certain inherent features that are not easily ported to UDP [RFC0768].
 
 The basic format of an AXFR message is the DNS message as defined in
 RFC 1035, Section 4 ("MESSAGES") [RFC1035], updated by the following:
@@ -190,17 +220,26 @@ ANCOUNT     MUST be 0
 NSCOUNT     MUST be 0
 ARCOUNT     See note 2.1.1.d
 
-Note 2.1.1.a Set to any value that the client desires.  There
-is no specific means for selecting the value in this field.
-(Recall that AXFR is done only via TCP connections.)
+Note 2.1.1.a Set to any value that the client is not already using
+with the same server.  There is no specific means for selecting the
+value in this field.  (Recall that AXFR is done only via TCP
+connections.)
+
+A server MUST reply using messages that use the same message ID to
+allow a client to meaningfully have multiple AXFR queries outstanding.
 
 Note 2.1.1.b The value in this field has no meaning in the context of
 AXFR query messages.  For the client, it is RECOMMENDED that the
 value be zero.  The server MUST ignore this value.
 
-Note 2.1.1.c The client MUST set to 0, the server MUST ignore.
+Note 2.1.1.c The client MUST set this bit to 0, the server MUST ignore
+it.
 
-Note 2.1.1.d The value MAY be 0, 1 or 2.  If it is 2, the additional
+Note 2.1.1.d The client MUST set this field to be the number of
+resource records appearing in the additional section.  See Section
+2.1.5 "Additional Section" for details.
+
+The value MAY be 0, 1 or 2.  If it is 2, the additional
 section MUST contain both an EDNS0 [RFC2671] OPT resource record and
 a record carrying transaction integrity and authentication data,
 currently a choice of TSIG [RFC2845] and SIG(0) [RFC2931].  If the
@@ -209,16 +248,6 @@ EDNS0 OPT resource record or a record carrying transaction integrity
 and authentication data.  If the value is 0, the additional section
 MUST be empty.
 
-A note on "future proofing" this document.  It is possible that in the
-future more records might be introduced that share the property of
-being placed in the additional section.  Such records might be other
-options to, say, TSIG and SIG(0) for message authentication or may
-be completely unrelated to that service.  In any case, each new record
-that might appear in the additional section might expand the range of
-values that this field can take on.  As predicting the future is still
-an unproven field, further details are not available.  Check back
-later for updates.
-
 2.1.2 Query Section
 
 The Query section of the AXFR query MUST conform to section 4.1.2 of
@@ -238,123 +267,151 @@ MUST be empty.
 
 2.1.5 Additional Section
 
-The client MAY include an EDNS0 OPT resource record.  If the server
-has indicated that it does not support EDNS0, the client MUST send
-this section without an EDNS0 OPT resource record if there is a retry.
-Indication that a server does not support EDNS0 is not an explicit
-element in the protocol, it is up to the client to interpret.  Most
-likely, the server will return a FORMERR which might be related to
+The client MAY include an EDNS0 OPT [RFC2671] resource record.  If the
+server has indicated that it does not support EDNS0, the client MUST
+send this section without an EDNS0 OPT resource record if there is a
+retry.  Indication that a server does not support EDNS0 is not an
+explicit element in the protocol, it is up to the client to interpret. 
+Most likely, the server will return a FORMERR which might be related to
 the OPT resource record.
 
 The client MAY include a transaction integrity and authentication
-resource record, currently a choice of TSIG or SIG(0).  If the server
-has indicated that it does not recognize the resource record, and
-that the error is indeed caused by the resource record, the client
-probably ought not try again.  Removing the security data in the
-face of an obstacle ought to only be done with full awareness of the
-implication of doing so.
+resource record, currently a choice of TSIG [RFC2845] or SIG(0)
+[RFC2931].  If the server has indicated that it does not recognize the
+resource record, and that the error is indeed caused by the resource
+record, the client probably ought not try again.  Removing the security
+data in the face of an obstacle ought to only be done with full
+awareness of the implication of doing so.
 
 In general, if an AXFR client is aware that an AXFR server does not
 support a particular mechanism, the client SHOULD NOT attempt to engage
-the server using the mechanism (or at all).  A client MAY become aware
-of a server's abilities via a configuration setting.
+the server using the mechanism (or at all).  A client could become
+aware of a server's abilities via a configuration setting or via some
+other (as yet) undefined means.
+
+The range of permissible resource records that MAY appear in the
+additional section might change over time.  If either a change to an
+existing resource record (like the OPT RR for EDNS0) is made or
+a new additional section record is created, the new definitions ought
+to include a discussion on the impact upon AXFR.  Although this is not
+predictale, future additional section residing records may have an
+effect that is orthogonal to AXFR, so can ride through the session as
+opaque data.  In this case, a "wise" implementation ought to be able
+to pass these records through without disruption.
 
 2.2 AXFR response
 
-The AXFR response will consist of 0 or more messages.
-
-A 0 message response is very exceptional.  It is unhealthy for there
-to be 0 responses in a protocol that is designed around a query -
-response paradigm.  A 0 message response is reserved for situations in
-which the server has a reason to suspect that the query is sent for
-the purpose of abuse.  Therefore any earnest query has the expectation
-of some response.
+The AXFR response will consist of 0 or more messages.  A "0 message"
+response is covered in section 2.2.1.
 
 An AXFR response that is transferring the zone's contents will consist
-of a series of DNS messages bounded in size by the limited permissible
-size.  In such a series, the first message MUST begin with the SOA
+of a series (which could be a series of length 1) of DNS messages.
+In such a series, the first message MUST begin with the SOA
 resource record of the zone, the last message MUST conclude with the
-same SOA resource record.  Intermediate message MUST NOT contain the
+same SOA resource record.  Intermediate messages MUST NOT contain the
 SOA resource record.  The first message MUST copy the Query Section
 from the corresponding AXFR query message in to the first response
 message's query section.  Subsequent messages MAY do the same.
 
-Editorial note "MAY" or SHOULD/are RECOMMENDED TO
-
 An AXFR response that is indicating an error MUST consist of a single
 DNS message with the return code set to the appropriate value for the
 condition encountered - once the error condition is detected.  Such
 a message MUST copy the AXFR query Query Section into its Query
-Section.
+Section.  The inclusion of the terminating SOA resource record is not
+necessary.
 
 An AXFR client might receive a number of AXFR response messages
-free of an error condition before the message indicating the error
+free of an error condition before the message indicating an error
 is received.  But once an error is reported, the AXFR client can
-assume this the reporting message is the last.
+assume that the error reporting message is the last.
 
-An AXFR client MUST be able to react to no AXFR response messages from
-the server. An AXFR server MAY elect to silently discard the AXFR
-query but this is only RECOMMENDED if the server has reasons to deduce
-that the query was sent maliciously.
+2.2.1 "0 Message" Response
 
-An AXFR server MAY elect to close the underlying TCP connection in
-response to an AXFR query.  Because this action could impact other
-DNS queries and responses, it is RECOMMENDED that this tactic only be
-employed when there are strong indications of malicious activity.
-Still, an AXFR client MUST be able to adequately react to this
-situation.
+A legitimate "0 message" response, i.e., the client sees no response
+whatsoever, is very exceptional and controversial.  Unquestionably it
+is unhealthy for there to be 0 responses in a protocol that is designed
+around a query - response paradigm over an unreliable transport.  The
+lack of a response could be a sign of underlying network problems and
+cause the protocol state machine to react accordingly.  However, AXFR
+uses TCP and not UDP, eliminating undetected network errors.
 
-2.2.1 Header Values
+A "0 message response" is reserved for situations in which the server
+has a reason to suspect that the query is sent for the purpose of
+abuse.  Due to the use of this being so controversial, a "0 message
+response" is not being defined as a legitimate part of the protocol
+but the use of it is being acknowledge as a warning to AXFR client
+implementations.  Any earnest query has the expectation of some
+response but may not get one.
 
-ID          See note 2.2.1.a
+If an AXFR client sends a query on a TCP connection and the connection
+is closed at any point, the AXFR client MUST consider the session
+terminated.  The message ID MAY be used again on a new connection,
+even if the question and AXFR server are the same.  Facing a dropped
+connection a client SHOULD try to make some determination whether the
+connection closure was the result of network activity or a decision
+by the AXFR server.  This determination is not an exact science.  It
+is up to the AXFR client implementor to react, but the reaction
+SHOULD NOT be an endless cycle of retires nor an increasing (in
+frequency) retry rate.
+
+An AXFR server implementor SHOULD take into consideration what this
+dilemma described above when a connection is closed with an outstanding
+query in the pipeline.  For this reason, a server ought to reserve
+this course of action for situations in which it believes beyond a
+doubt that the AXFR client is attemping abusive behavior.
+
+2.2.2 Header Values
+
+ID          See note 2.2.2.a
 QR          MUST be 1 (Response)
 OPCODE      MUST be 0 (Standard Query)
-AA          See note 2.2.1.b
+AA          See note 2.2.2.b
 TC          MUST be 0 (Not truncated)
 RD          RECOMMENDED copy request's value, MAY be set to 0
-RA          See note 2.2.1.c
-Z           See note 2.2.1.d
-AD          See note 2.2.1.e
-CD          See note 2.2.1.e
-RCODE       See note 2.2.1.f
+RA          See note 2.2.2.c
+Z           See note 2.2.2.d
+AD          See note 2.2.2.e
+CD          See note 2.2.2.e
+RCODE       See note 2.2.2.f
 QDCOUNT     MUST be 1 in the first message; MUST be 0 or 1 in all
             following
-ANCOUNT     See note 2.2.1.g
+ANCOUNT     See note 2.2.2.g
 NSCOUNT     MUST be 0
-ARCOUNT     See note 2.2.1.h
+ARCOUNT     See note 2.2.2.h
 
-Note 2.2.1.a Because of old implementations, the requirement
-on this section is stated in detail.  New DNS servers MUST set this
-field to the value of the AXFR query ID in each AXFR response message
-for the session.  New AXFR clients MUST be able to accept sessions in
-which the responses do not have the same ID field.
+Note 2.2.2.a Because some old implementations behave differently than
+is now desired, the requirement on this field is stated in detail. 
+New DNS servers MUST set this field to the value of the AXFR query
+ID in each AXFR response message for the session.  AXFR clients MUST
+be able to manage sessions resulting from the issuance of multiple
+outstanding queries, whether AXFR queries or other DNS queries.  A
+client SHOULD discard responses that do not correspond (via the
+message ID) to any outstanding queries.
 
-If a client detects or is aware that the server is new, that is, all of
-the responses have the same ID value as the query, the client MAY issue
-other DNS queries (of any type) to the server using the same transport.
 Unless the client is sure that the server will consistently set the ID
 field to the query's ID, the client is NOT RECOMMENDED to issue any
 other queries until the end of the zone transfer.  A client MAY become
 aware of a server's abilities via a configuration setting.
 
-Note 2.2.1.b If the RCODE is 0 (no error), then the AA bit MUST be 1.
+Note 2.2.2.b If the RCODE is 0 (no error), then the AA bit MUST be 1.
 For any other value of RCODE, the AA bit MUST be set according to rules
-for that error code.  If in doubt, it is RECOMMENDED that is be set
+for that error code.  If in doubt, it is RECOMMENDED that it be set
 to 1.  It is RECOMMENDED that the value be ignored by the AXFR client.
 
-Note 2.2.1.c It is RECOMMENDED that the server set the value to 0,
+Note 2.2.2.c It is RECOMMENDED that the server set the value to 0,
 the client MUST ignore this value.
 
 The server MAY set this value according to the local policy regarding
 recursive service, but doing so might confuse the interpretation of the
 response as AXFR can not be retrieved recursively.  A client MAY note
-the server's policy regarding recursive from this value, but SHOULD NOT
-conclude that the AXFR response was obtained recursively even if the RD
-bit was 1 in the query.
+the server's policy regarding recursive service from this value, but
+SHOULD NOT conclude that the AXFR response was obtained recursively
+even if the RD bit was 1 in the query.
 
-Note 2.2.1.d The server MUST set to 0, and the client MUST ignore.
+Note 2.2.2.d The server MUST set this bit to 0, the client MUST ignore
+it.
 
-Note 2.2.1.e If the implementation supports the DNS Security Extensions
+Note 2.2.2.e If the implementation supports the DNS Security Extensions
 (see below) then this value MUST be set according to the rules in RFC
 4035, section 3.1.6, "The AD and CD Bits in an Authoritative Response".
 If the implementation does not support the DNS Security Extensions,
@@ -366,7 +423,7 @@ documents:
 - "Resource Records for the DNS Security Extensions" [RFC4034]
 - "Protocol Modifications for the DNS Security Extensions" [RFC4035]
 
-Note 2.2.1.f In the absence of an error, the server MUST set the value
+Note 2.2.2.f In the absence of an error, the server MUST set the value
 of this field to NoError.  If a server is not authoritative for the
 queried zone, the server SHOULD set the value to NotAuth.  (Reminder,
 consult the appropriate IANA registry [DNSVALS].)  If a client
@@ -376,32 +433,17 @@ OPT resource record sent to an old server will garner a FormErr value.
 This value is not set as part of the AXFR response processing.  The
 same is true for other error-indicating values.
 
-Note 2.2.1.g The count of answer records MUST equal the number of
+Note 2.2.2.g The count of answer records MUST equal the number of
 resource records in the AXFR Answer Section.  When a server is aware
 that a client will only accept one resource record per response
 message, then the value MUST be 1.  A server MAY be made aware of a
 client's limitations via configuration data.
 
-Note 2.2.1.h The value MAY be 0, 1 or 2.  If it is 2, the additional
-section MUST contain both an EDNS0 [RFC2671] OPT resource record and
-a record carrying transaction integrity and authentication data,
-currently a choice of TSIG [RFC2845] and SIG(0) [RFC2931].  If the
-value is 1, then the additional section MUST contain either only an
-EDNS0 OPT resource record or a record carrying transaction integrity
-and authentication data.  If the value is 0, the additional section
-MUST be empty.
+Note 2.2.2.h The client MUST set this field to be the number of
+resource records appearing in the additional section.  See Section
+2.1.5 "Additional Section" for details.
 
-A note on "future proofing" this document.  It is possible that in the
-future more records might be introduced that share the property of
-being placed in the additional section.  Such records might be other
-options to, say, TSIG and SIG(0), for message authentication or may
-be completely unrelated to that service.  In any case, each new record
-that might appear in the additional section might expand the range of
-values that this field can take on.  As predicting the future is still
-an unproven field, further details are not available.  Check back
-later for updates.
-
-2.2.2 Query Section
+2.2.3 Query Section
 
 In the first response message, this section MUST be copied from the
 query.  In subsequent messages this section MAY be copied from the
@@ -409,20 +451,27 @@ query, MAY be empty.  The content of this section MAY be used to
 determine the context of the message, that is, the name of the zone
 being transferred.
 
-2.2.3 Answer Section
+2.2.4 Answer Section
 
 MUST be populated with the zone contents.  See later section on
 encoding zone contents.
 
-2.2.4 Authority Section
+2.2.5 Authority Section
 
 MUST be empty.
 
 2.2.5 Additional Section
 
 The contents of this section MUST follow the guidelines for EDNS0,
-TSIG, SIG(0), or what ever other future record is possible here.  See
-the appropriate specifications for instructions and restrictions.
+TSIG, SIG(0), or what ever other future record is possible here.  The
+contents of section 2.1.5 apply here as well.
+
+Note that TSIG and SIG(0), if in use, will treat each individual
+AXFR response message within a session as a unit of data.  That is,
+each message will have a TSIG or SIG(0) (if in use) and the
+crytpographic check will cover just that message.  The same rule
+will apply to future alternatives and documents covering them ought
+to consider the impact on AXFR response messages.
 
 3 Zone Contents
 
@@ -441,17 +490,10 @@ of what belongs in a zone is described in RFC 1034, Section 4.2, "How
 the database is divided into zones", and in particular, section 4.2.1,
 "Technical considerations".
 
-The first resource record of the first AXFR response message sent by
-the AXFR server MUST be the zone's SOA resource record.   The last
-resource record of the final AXFR response message sent by the AXFR
-server MUST be the zone's SOA resource record.  The order and grouping
-of all other records in the AXFR is arbitrary, but the AXFR server
-SHOULD group resource record sets together.
-
 Unless the AXFR server knows that the AXFR client expects just one
 resource record per AXFR response message, an AXFR server SHOULD
 populate an AXFR response message with as many complete resource
-records as will fit within the limited permissible message size.
+records as will fit within a DNS message.
 
 Zones for which it is impractical to list the entire zones for a serial
 number (because changes happen too quickly) are not suitable for AXFR
@@ -612,7 +654,7 @@ zone to transfer before the next could begin.  The desire here is to
 tighten the specification, not a change, but adding words to the
 unclear areas, to define what is needed to permit two servers to
 share a TCP connection among concurrent AXFR sessions.  The challenge
-is to design this in a way that can fallback to the old behavior if
+is to design this in a way that can fall back to the old behavior if
 either the AXFR client or AXFR server is incapable of performing
 multiple concurrent AXFR sessions.
 
@@ -620,9 +662,7 @@ With the addition of EDNS0 and applications which require many
 small zones such as in web hosting and some ENUM scenarios, AXFR
 sessions on UDP are now possible and desirable.  However, there
 are still some aspects of the AXFR session that are not easily
-translated to UDP.  This document leaves AXFR over UDP undefined,
-with the issue to be discussed and possibly appear in a separate
-definition.
+translated to UDP.  This document leaves AXFR over UDP undefined.
 
 4.1 TCP
 
@@ -648,8 +688,8 @@ specification for an older server.
 An AXFR client MAY request an connection to an AXFR server for any
 reason.  An AXFR client SHOULD close the connection when there is
 no apparent need to use the connection for some time period. The
-AXFR server ought not to maintain idle connections, the burden of
-connection closure ought to be on the client.  Apparent need for
+AXFR server ought not have to maintain idle connections, the burden
+of connection closure ought to be on the client.  Apparent need for
 the connection is a judgement for the AXFR client and the DNS
 client. If the connection is used for multiple sessions, or it is
 known sessions will be coming or is there is other query/response
@@ -675,7 +715,7 @@ clear (momentary disruption, failure, policy).
 
 An AXFR client MAY use an already opened TCP connection to start an
 AXFR session.  Using an existing open connection is RECOMMENDED over
-opening a new connection.  (Non AXFR session traffic can also use an
+opening a new connection.  (Non-AXFR session traffic can also use an
 open connection.)  If in doing so the AXFR client realizes that
 the responses cannot be properly differentiated (lack of matching
 query IDs for example) or the connection is terminated for a remote

From d923262186a3111a6ac7aae5dcd9996e01115a44 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 15 Jul 2008 00:21:16 +0000
Subject: [PATCH 027/135] 2387.   [bug]           Silence compiler warnings in
 lib/isc/radix.c.                         [RT #18147] [RT #18258]

---
 CHANGES         | 3 +++
 lib/isc/radix.c | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index f27f098209..17568c318b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
+			[RT #18147] [RT #18258]
+
 2386.	[func]		Add warning about too small 'open files' limit.
 			[RT #18269]
 
diff --git a/lib/isc/radix.c b/lib/isc/radix.c
index ee0c815811..95f8f54e8f 100644
--- a/lib/isc/radix.c
+++ b/lib/isc/radix.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: radix.c,v 1.14 2008/05/21 23:21:33 each Exp $ */
+/* $Id: radix.c,v 1.15 2008/07/15 00:21:16 marka Exp $ */
 
 /*
  * This source was adapted from MRT's RCS Ids:
@@ -22,6 +22,8 @@
  * Id: prefix.c,v 1.37.2.9 2000/03/10 02:53:19 labovit Exp
  */
 
+#include 
+
 #include 
 #include 
 #include 
@@ -233,7 +235,8 @@ isc_radix_search(isc_radix_tree_t *radix, isc_radix_node_t **target,
 	isc_radix_node_t *node;
 	isc_radix_node_t *stack[RADIX_MAXBITS + 1];
 	u_char *addr;
-	isc_uint32_t bitlen, family, tfamily = -1;
+	isc_uint32_t bitlen;
+	int family, tfamily = -1;
 	int cnt = 0;
 
 	REQUIRE(radix != NULL);

From f1be51091ef362e4c621b3805bb9bdeeb4f35fee Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 15 Jul 2008 01:16:02 +0000
Subject: [PATCH 028/135] custom_WFB_v9_5_0_P1

---
 doc/private/delete-list | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/delete-list b/doc/private/delete-list
index 1df5ebcffb..b25bb7e9db 100644
--- a/doc/private/delete-list
+++ b/doc/private/delete-list
@@ -7,6 +7,7 @@ custom_WFB_v9_4_1
 custom_WFB_v9_4_1_P1
 custom_WFB_v9_4_2
 custom_WFB_v9_4_2_P1
+custom_WFB_v9_5_0_P1
 custom_ALLIANZ_v9_4_1_P1
 custom_AFILIAS_v9_4_1_P1
 custom_AFIS_v9_4_0

From 718106da1465a82189cbd937e38b9531ef65f8c7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 15 Jul 2008 05:45:34 +0000
Subject: [PATCH 029/135] update reference

---
 lib/dns/rdata/generic/nsec_47.c | 4 ++--
 lib/dns/rdata/generic/nsec_47.h | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/dns/rdata/generic/nsec_47.c b/lib/dns/rdata/generic/nsec_47.c
index 8f022fb775..f09557d86b 100644
--- a/lib/dns/rdata/generic/nsec_47.c
+++ b/lib/dns/rdata/generic/nsec_47.c
@@ -15,11 +15,11 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nsec_47.c,v 1.9 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: nsec_47.c,v 1.10 2008/07/15 05:45:34 marka Exp $ */
 
 /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
 
-/* draft-ietf-dnsext-nsec-rdata-01.txt */
+/* RFC 3845 */
 
 #ifndef RDATA_GENERIC_NSEC_47_C
 #define RDATA_GENERIC_NSEC_47_C
diff --git a/lib/dns/rdata/generic/nsec_47.h b/lib/dns/rdata/generic/nsec_47.h
index 4f9b90e19b..11630d0b99 100644
--- a/lib/dns/rdata/generic/nsec_47.h
+++ b/lib/dns/rdata/generic/nsec_47.h
@@ -18,10 +18,10 @@
 #ifndef GENERIC_NSEC_47_H
 #define GENERIC_NSEC_47_H 1
 
-/* $Id: nsec_47.h,v 1.8 2007/06/19 23:47:17 tbox Exp $ */
+/* $Id: nsec_47.h,v 1.9 2008/07/15 05:45:34 marka Exp $ */
 
 /*!
- * \brief Per draft-ietf-dnsext-nsec-rdata-01.txt */
+ * \brief Per RFC 3845 */
 
 typedef struct dns_rdata_nsec {
 	dns_rdatacommon_t	common;

From d07e6bc6a61460ee948c335572cd2d4c6d478130 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 15 Jul 2008 14:44:48 +0000
Subject: [PATCH 030/135] update libtool and sunos4

---
 README | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/README b/README
index 288ffddf46..a4123a0476 100644
--- a/README
+++ b/README
@@ -353,9 +353,6 @@ BIND 9.2.0
 
 		--with-libtool does not work on AIX.
 
-		--with-libtool does not work on SunOS 4.  configure
-		requires "printf" which is not available.
-
 	A bug in the Windows 2000 DNS server can cause zone transfers
 	from a BIND 9 server to a W2K server to fail.  For details,
 	see the "Zone Transfers" section in doc/misc/migration.

From 0b451634f3f1f59022603efda3b81b3bd4c00664 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 15 Jul 2008 23:18:58 +0000
Subject: [PATCH 031/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 08e34e9bd0..a306b6983d 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -29,6 +29,7 @@ custom_WFB_v9_4_1		private	marka	// 2007-04-30 01:53 +0000
 custom_WFB_v9_4_1_P1		private	marka	// 2007-08-01 22:49 +0000
 custom_WFB_v9_4_2		private	each	// 2007-12-05 18:10 +0000
 custom_WFB_v9_4_2_P1		new	each	// 2008-05-27 22:59 +0000
+custom_WFB_v9_5_0_P1		new	marka	// 2008-07-15 00:05 +0000
 gsstsig4			open	sra	// head + gsstsig as of 12 may 2006
 gsstsig4_win32			open	danny	// sub-branch off gsstsig4 for windows development
 ietf71				new	marka	// 2008-03-12 04:10 +0000

From 1b670d35282f1b9352692ad212be3c0aa97b0689 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 15 Jul 2008 23:30:27 +0000
Subject: [PATCH 032/135] newcopyrights

---
 util/copyrights | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index a193e0cae0..c8b2ffb253 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1955,8 +1955,8 @@
 ./lib/dns/rdata/generic/mx_15.h			C	1998,1999,2000,2001,2004,2005,2007
 ./lib/dns/rdata/generic/ns_2.c			C	1998,1999,2000,2001,2004,2007
 ./lib/dns/rdata/generic/ns_2.h			C	1998,1999,2000,2001,2004,2005,2007
-./lib/dns/rdata/generic/nsec_47.c		C	2003,2004,2007
-./lib/dns/rdata/generic/nsec_47.h		C	2003,2004,2005,2007
+./lib/dns/rdata/generic/nsec_47.c		C	2003,2004,2007,2008
+./lib/dns/rdata/generic/nsec_47.h		C	2003,2004,2005,2007,2008
 ./lib/dns/rdata/generic/null_10.c		C	1998,1999,2000,2001,2002,2004,2007
 ./lib/dns/rdata/generic/null_10.h		C	1998,1999,2000,2001,2004,2005,2007
 ./lib/dns/rdata/generic/nxt_30.c		C	1999,2000,2001,2002,2003,2004,2005,2007

From b6ba2af51b60c61023000c8afbe3fa5c801ca455 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 15 Jul 2008 23:47:21 +0000
Subject: [PATCH 033/135] update copyright notice

---
 lib/dns/rdata/generic/nsec_47.c | 6 +++---
 lib/dns/rdata/generic/nsec_47.h | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/dns/rdata/generic/nsec_47.c b/lib/dns/rdata/generic/nsec_47.c
index f09557d86b..7e443d9b76 100644
--- a/lib/dns/rdata/generic/nsec_47.c
+++ b/lib/dns/rdata/generic/nsec_47.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nsec_47.c,v 1.10 2008/07/15 05:45:34 marka Exp $ */
+/* $Id: nsec_47.c,v 1.11 2008/07/15 23:47:21 tbox Exp $ */
 
 /* reviewed: Wed Mar 15 18:21:15 PST 2000 by brister */
 
@@ -255,7 +255,7 @@ fromstruct_nsec(ARGS_FROMSTRUCT) {
 		window = nsec->typebits[i];
 		len = nsec->typebits[i+1];
 		i += 2;
-		INSIST(first || window > lastwindow); 
+		INSIST(first || window > lastwindow);
 		INSIST(len > 0 && len <= 32);
 		INSIST(i + len <= nsec->len);
 		INSIST(nsec->typebits[i + len - 1] != 0);
diff --git a/lib/dns/rdata/generic/nsec_47.h b/lib/dns/rdata/generic/nsec_47.h
index 11630d0b99..2b3c6b6ba4 100644
--- a/lib/dns/rdata/generic/nsec_47.h
+++ b/lib/dns/rdata/generic/nsec_47.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
 #ifndef GENERIC_NSEC_47_H
 #define GENERIC_NSEC_47_H 1
 
-/* $Id: nsec_47.h,v 1.9 2008/07/15 05:45:34 marka Exp $ */
+/* $Id: nsec_47.h,v 1.10 2008/07/15 23:47:21 tbox Exp $ */
 
 /*!
  * \brief Per RFC 3845 */

From 549ae801457f5d9b2215362d300e3f3060ebd5a7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 17 Jul 2008 00:00:34 +0000
Subject: [PATCH 034/135] How do change the nameservers for a zone?

---
 FAQ.xml | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 61 insertions(+), 1 deletion(-)

diff --git a/FAQ.xml b/FAQ.xml
index 4674456777..95aabffb3a 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 

   Frequently Asked Questions about BIND 9
@@ -664,6 +664,66 @@ zone "list.dsbl.org" {
     
      
     
+    Operations Questions
+
+    
+      
+	
+	  How do change the nameservers for a zone?
+	
+      
+      
+	
+	  Step 1: Ensure all nameservers, new and old, are serving the
+	  same zone content.
+	
+	
+	  Step 2: Work out the maximum TTL of the NS RRset in the parent and child
+	  zones.  This is the time it will take caches to be clear of a
+	  particular version of the NS RRset.
+	  If you are just removing nameservers you can skip to Step 6.
+	
+	
+	  Step 3: Add new nameservers to the NS RRset for the zone and
+	  wait until all the servers for the zone are answering with this
+	  new NS RRset.
+	
+	
+	  Step 4: Inform the parent zone of the new NS RRset then wait for all the
+	  parent servers to be answering with the new NS RRset.
+	
+	
+	  Step 5: Wait for cache to be clear of the old NS RRset.
+	  See Step 2 for how long.
+	  If you are just adding nameservers you are done.
+	
+	
+	  Step 6: Remove any old nameservers from the zones NS RRset and
+	  wait for all the servers for the zone to be serving the new NS RRset.
+	
+	
+	  Step 7: Inform the parent zone of the new NS RRset then wait for all the
+	  parent servers to be answering with the new NS RRset.
+	
+	
+	  Step 8: Wait for cache to be clear of the old NS RRset.
+	  See Step 2 for how long.
+	
+	
+	  Step 9: Turn off the old nameservers or remove the zone entry from
+	  the configuration of the old nameservers.
+	
+	
+	  Step 10: Increment the serial number and wait for the change to
+	  be visible in all nameservers for the zone.  This ensures that
+	  zone transfers are still working after the old servers are
+	  decommision.
+	
+      
+    
+
+     
+
     General Questions
 	    
     

From 4ab7003492ed3b862c029ab4b8bf6f747b92a354 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 17 Jul 2008 00:12:41 +0000
Subject: [PATCH 035/135] spelling

---
 FAQ.xml | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/FAQ.xml b/FAQ.xml
index 95aabffb3a..4efefac337 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 

   Frequently Asked Questions about BIND 9
@@ -717,7 +717,17 @@ zone "list.dsbl.org" {
 	  Step 10: Increment the serial number and wait for the change to
 	  be visible in all nameservers for the zone.  This ensures that
 	  zone transfers are still working after the old servers are
-	  decommision.
+	  decommissioned.
+	
+	
+	  Note: the above proceedure is designed to be transparent
+	  to dns clients.  Decommisioning the old servers too early
+	  will result in some clients not being able to look up
+	  answers in the zone.
+	
+	
+	  Note: while it is possible to run the addition and removal
+	  stages together it is not recommended.
 	
       
     

From eb3476f9a075f51e299d36406a8b2e939896531d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 17 Jul 2008 00:17:20 +0000
Subject: [PATCH 036/135] spelling

---
 FAQ.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/FAQ.xml b/FAQ.xml
index 4efefac337..2bf1257341 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 

   Frequently Asked Questions about BIND 9
@@ -669,7 +669,7 @@ zone "list.dsbl.org" {
     
       
 	
-	  How do change the nameservers for a zone?
+	  How to change the nameservers for a zone?
 	
       
       

From a6c05a73981f9d564f4cd205f15f4f46bd860282 Mon Sep 17 00:00:00 2001
From: Jeremy Reed 
Date: Thu, 17 Jul 2008 00:24:51 +0000
Subject: [PATCH 037/135] Fix two typo/mispellings.

---
 FAQ.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/FAQ.xml b/FAQ.xml
index 2bf1257341..2fe6d29df1 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 

   Frequently Asked Questions about BIND 9
@@ -720,8 +720,8 @@ zone "list.dsbl.org" {
 	  decommissioned.
 	
 	
-	  Note: the above proceedure is designed to be transparent
-	  to dns clients.  Decommisioning the old servers too early
+	  Note: the above procedure is designed to be transparent
+	  to dns clients.  Decommissioning the old servers too early
 	  will result in some clients not being able to look up
 	  answers in the zone.
 	

From 9de3fd52cc1f67d876ab6193f7d17507a31896da Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 17 Jul 2008 01:12:20 +0000
Subject: [PATCH 038/135] regen

---
 FAQ | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 8 deletions(-)

diff --git a/FAQ b/FAQ
index 912a2f8f53..2e93100737 100644
--- a/FAQ
+++ b/FAQ
@@ -375,7 +375,51 @@ A: When reloading a zone named my have multiple copies of the zone in
    other errors in the master file as it still has an in-core copy of the
    old contents.
 
-3. General Questions
+3. Operations Questions
+
+Q: How to change the nameservers for a zone?
+
+A: Step 1: Ensure all nameservers, new and old, are serving the same zone
+   content.
+
+   Step 2: Work out the maximum TTL of the NS RRset in the parent and
+   child zones. This is the time it will take caches to be clear of a
+   particular version of the NS RRset. If you are just removing
+   nameservers you can skip to Step 6.
+
+   Step 3: Add new nameservers to the NS RRset for the zone and wait until
+   all the servers for the zone are answering with this new NS RRset.
+
+   Step 4: Inform the parent zone of the new NS RRset then wait for all
+   the parent servers to be answering with the new NS RRset.
+
+   Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
+   how long. If you are just adding nameservers you are done.
+
+   Step 6: Remove any old nameservers from the zones NS RRset and wait for
+   all the servers for the zone to be serving the new NS RRset.
+
+   Step 7: Inform the parent zone of the new NS RRset then wait for all
+   the parent servers to be answering with the new NS RRset.
+
+   Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
+   how long.
+
+   Step 9: Turn off the old nameservers or remove the zone entry from the
+   configuration of the old nameservers.
+
+   Step 10: Increment the serial number and wait for the change to be
+   visible in all nameservers for the zone. This ensures that zone
+   transfers are still working after the old servers are decommissioned.
+
+   Note: the above procedure is designed to be transparent to dns clients.
+   Decommissioning the old servers too early will result in some clients
+   not being able to look up answers in the zone.
+
+   Note: while it is possible to run the addition and removal stages
+   together it is not recommended.
+
+4. General Questions
 
 Q: I keep getting log messages like the following. Why?
 
@@ -541,9 +585,9 @@ A: No. The BIND 9 bug database is kept closed for a number of reasons.
    that have been fixed post release. That is as close as we can get to
    providing a bug database.
 
-4. Operating-System Specific Questions
+5. Operating-System Specific Questions
 
-4.1. HPUX
+5.1. HPUX
 
 Q: I get the following error trying to configure BIND:
 
@@ -559,7 +603,7 @@ A: You have attempted to configure BIND with the bundled C compiler. This
 
    ./configure CC= ...
 
-4.2. Linux
+5.2. Linux
 
 Q: Why do I get the following errors:
 
@@ -729,7 +773,7 @@ A: This is usually due to "/proc/net/if_inet6" not being available in the
    proc /proc           proc defaults 0 0
    proc /var/named/proc proc defaults 0 0
 
-4.3. Windows
+5.3. Windows
 
 Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
    Why?
@@ -755,7 +799,7 @@ A: This is the service manager saying that named exited. You need to
            Directory "C:\windows\dns\etc";
    };
 
-4.4. FreeBSD
+5.4. FreeBSD
 
 Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
 
@@ -768,7 +812,7 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
 
    See also .
 
-4.5. Solaris
+5.5. Solaris
 
 Q: How do I integrate BIND 9 and Solaris SMF
 
@@ -776,7 +820,7 @@ A: Sun has a blog entry describing how to do this.
 
    
 
-4.6. Apple Mac OS X
+5.6. Apple Mac OS X
 
 Q: How do I run BIND 9 on Apple Mac OS X?
 

From 862015b91f4426956b75db57aafb26b6eb0587ff Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 17 Jul 2008 01:15:34 +0000
Subject: [PATCH 039/135] cleanup

---
 bin/tests/system/lwresd/clean.sh   | 22 ++++++++++++++++++++++
 bin/tests/system/resolver/clean.sh | 22 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 bin/tests/system/lwresd/clean.sh
 create mode 100644 bin/tests/system/resolver/clean.sh

diff --git a/bin/tests/system/lwresd/clean.sh b/bin/tests/system/lwresd/clean.sh
new file mode 100644
index 0000000000..107a0209dd
--- /dev/null
+++ b/bin/tests/system/lwresd/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.1 2008/07/17 01:14:16 marka Exp $
+
+#
+# Clean up after lwresd tests.
+#
+rm -f */named.memstats
diff --git a/bin/tests/system/resolver/clean.sh b/bin/tests/system/resolver/clean.sh
new file mode 100644
index 0000000000..c79da92819
--- /dev/null
+++ b/bin/tests/system/resolver/clean.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.1 2008/07/17 01:15:34 marka Exp $
+
+#
+# Clean up after resolver tests.
+#
+rm -f */named.memstats

From f65d2e1c04c806a185bf9f3120e80692f5ccd5e6 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 17 Jul 2008 23:30:25 +0000
Subject: [PATCH 040/135] newcopyrights

---
 util/copyrights | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/copyrights b/util/copyrights
index c8b2ffb253..197355b4a6 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -582,6 +582,7 @@
 ./bin/tests/system/limits/tests.sh		SH	2000,2001,2004,2007
 ./bin/tests/system/lwresd/.cvsignore		X	2000,2001
 ./bin/tests/system/lwresd/Makefile.in		MAKE	2000,2001,2002,2004,2007
+./bin/tests/system/lwresd/clean.sh		SH	2008
 ./bin/tests/system/lwresd/lwresd1/.cvsignore	X	2000,2001
 ./bin/tests/system/lwresd/lwresd1/lwresd.conf	CONF-C	2000,2001,2004,2007
 ./bin/tests/system/lwresd/lwresd1/resolv.conf	CONF-SH	2000,2001,2004,2007
@@ -662,6 +663,7 @@
 ./bin/tests/system/resolver/ans2/ans.pl		PERL	2000,2001,2004,2007
 ./bin/tests/system/resolver/ans3/.cvsignore	X	2001
 ./bin/tests/system/resolver/ans3/ans.pl		PERL	2000,2001,2004,2007
+./bin/tests/system/resolver/clean.sh		SH	2008
 ./bin/tests/system/resolver/ns1/.cvsignore	X	2001
 ./bin/tests/system/resolver/ns1/named.conf	CONF-C	2000,2001,2004,2007
 ./bin/tests/system/resolver/ns1/root.hint	ZONE	2000,2001,2004,2007

From 7c60401dbd4dce617dffc685c269fca224c589ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 17 Jul 2008 23:43:26 +0000
Subject: [PATCH 041/135] 2388.	[bug]		Avoid using tables for layout
 purposes in 			statistics XSL [RT #18159].

---
 CHANGES                  |   3 +
 bin/named/bind9.xsl      | 310 +++++++----------------
 bin/named/convertxsl.pl  |  38 +--
 bin/named/statschannel.c | 534 ++++++++++++++++++++++++---------------
 doc/arm/Bv9ARM-book.xml  |   5 +-
 5 files changed, 425 insertions(+), 465 deletions(-)

diff --git a/CHANGES b/CHANGES
index 17568c318b..f4af6fc407 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2388.	[bug]		Avoid using tables for layout purposes in
+			statistics XSL [RT #18159].
+
 2387.	[bug]		Silence compiler warnings in lib/isc/radix.c.
 			[RT #18147] [RT #18258]
 
diff --git a/bin/named/bind9.xsl b/bin/named/bind9.xsl
index cf3e04bcc6..b6562b8e39 100644
--- a/bin/named/bind9.xsl
+++ b/bin/named/bind9.xsl
@@ -15,7 +15,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 
         BIND 9 Statistics
       
       
-        
Bind 9 Configuration and Statistics

+	

+	  
Bind 9 Configuration and Statistics

+	

+
 	

 
 	

 
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

@@ -143,231 +185,53 @@ td, th {
 
 	

 
-	

-	  
-          
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	  
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-          
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	  
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-          
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	  
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-          
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	
Server Statistics
Requestv4Requestv6ReqEdns0ReqBadEDNSVerReqTSIGReqSIG0ReqBadSIGReqTCPAuthQryRejRecQryRej
XfrRejUpdateRejResponseRespTruncatedRespEDNS0RespTSIGRespSIG0QrySuccessQryAuthAnsQryNoauthAns
QryReferralQryNxrrsetQrySERVFAILQryFORMERRQryNXDOMAINQryRecursionQryDuplicateQryDroppedQryFailureXfrReqDone
UpdateReqFwdUpdateRespFwdUpdateFwdFailUpdateDoneUpdateFailUpdateBadPrereqRespMismatch
-	    
-	    
-	  

-	    
-	    
-	  

+	

+	  
Server Statistics

+	  
+	    

+	      

+	      

+	    

+	  
+	  

+	

 
-	

+	

+	  
Zone Maintenance Statistics

+	  
+	    

+	      

+	      

+	    

+	  
+	  

+	

 
-	
-	  
-          
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	  
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	    
-	  
-	  
-	    
-	    
-	    
-	    
-	  
-	    
-	    
-	    
-	    
-	
Zone Maintenance Statistics
NotifyOutv4NotifyOutv6NotifyInv4NotifyInv6NotifyRejSOAOutv4SOAOutv6AXFRReqv4AXFRReqv6IXFRReqv4
IXFRReqv6XfrSuccessXfrFail
-	    
-	    
-	    
-	    
-	    
-	    
-	  

-	    
-	    
-	    
-	    
-	    
-	    
-	  

-
-	

+	

+	  
Resolver Statistics (Common)

+	  
+	    

+	      

+	      

+	    

+	  
+	  

+	

 
 	
-	  
-	    
-	      
-	    
-	    
-	    
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	    
-	    
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	    
-	    
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	    
-	    
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	      
-	    
-          
Resolver Statistics for View 
Queryv4Queryv6Responsev4Responsev6NXDOMAINSERVFAILFORMERROtherErrorEDNS0FailTruncated
LameRetryGlueFetchv4GlueFetchv6GlueFetchv4FailGlueFetchv6FailValAttemptValOkValNegOkValFail

-	  

-        
+	  

+	    
Resolver Statistics for View 

+	    
+	      

+		

+		

+	      

+	    
+	    

+	  

+	
 
-	

+	

 
 	
 	  
diff --git a/bin/named/convertxsl.pl b/bin/named/convertxsl.pl
index 81b7c0111e..87550b3c1a 100755
--- a/bin/named/convertxsl.pl
+++ b/bin/named/convertxsl.pl
@@ -14,19 +14,18 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: convertxsl.pl,v 1.13 2008/04/03 10:52:46 marka Exp $
+# $Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $
 
 use strict;
 use warnings;
 
-my $rev = '$Id: convertxsl.pl,v 1.13 2008/04/03 10:52:46 marka Exp $';
+my $rev = '$Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $';
 $rev =~ s/\$//g;
 $rev =~ s/,v//g;
 $rev =~ s/Id: //;
 
 my $xsl = "unknown";
 my $lines = '';
-my (@nsstatsdesc, @zonestatsdesc, @resstatsdesc);
 
 while (<>) {
     chomp;
@@ -34,13 +33,6 @@ while (<>) {
     $xsl = $_ if (//);
     # convert Id string to a form not recognisable by cvs.
     $_ =~ s///;
-    if (/server\/nsstats\/(\w+)\"/) {
-	push(@nsstatsdesc, $1);
-    } elsif (/server\/zonestats\/(\w+)\"/) {
-	push(@zonestatsdesc, $1);
-    } elsif (/\"resstats\/(\w+)\"/) {
-	push(@resstatsdesc, $1);
-    }
     s/[\ \t]+/ /g;
     s/\>\ \\arg;
 
-		xmlTextWriterStartElement(writer, ISC_XMLCHAR
-					  dumparg->desc[counter]);
+		if (dumparg->category != NULL) {
+			xmlTextWriterStartElement(writer,
+						  ISC_XMLCHAR
+						  dumparg->category);
+			xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
+			xmlTextWriterWriteString(writer, ISC_XMLCHAR
+						 dumparg->desc[counter]);
+			xmlTextWriterEndElement(writer); /* name */
+
+			xmlTextWriterStartElement(writer, ISC_XMLCHAR
+						  "counter");
+		} else {
+			xmlTextWriterStartElement(writer, ISC_XMLCHAR
+						  dumparg->desc[counter]);
+		}
 		xmlTextWriterWriteFormatString(writer,
 					       "%" ISC_PRINT_QUADFORMAT "u",
 					       val);
-		xmlTextWriterEndElement(writer);
+		xmlTextWriterEndElement(writer); /* counter */
+		if (dumparg->category != NULL)
+			xmlTextWriterEndElement(writer); /* category */
 #endif
 		break;
 	}
@@ -279,6 +591,7 @@ zone_xmlrender(dns_zone_t *zone, void *arg) {
 
 	dumparg.type = statsformat_xml;
 	dumparg.arg = writer;
+	dumparg.category = NULL;
 	dumparg.desc = nsstats_xmldesc;
 	dumparg.ncounters = dns_nsstatscounter_max;
 
@@ -352,13 +665,11 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
 		}
 
 		if (view->resstats != NULL) {
-			xmlTextWriterStartElement(writer,
-						  ISC_XMLCHAR "resstats");
 			dumparg.ncounters = dns_resstatscounter_max;
-			dumparg.desc = resstats_xmldesc; /* auto-generated */
+			dumparg.category = "resstat";
+			dumparg.desc = resstats_xmldesc;
 			dns_generalstats_dump(view->resstats, generalstat_dump,
 					      &dumparg, DNS_STATSDUMP_VERBOSE);
-			xmlTextWriterEndElement(writer); /* resstats */
 		}
 
 		cachestats = dns_db_getrrsetstats(view->cachedb);
@@ -402,26 +713,27 @@ generatexml(ns_server_t *server, int *buflen, xmlChar **buf) {
 				&dumparg, 0);
 	xmlTextWriterEndElement(writer); /* queries-in */
 
-	TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "nsstats"));
-	dumparg.desc = nsstats_xmldesc; /* auto-generated in bind9.xsl.h */
+	dumparg.category = "nsstat";
+	dumparg.desc = nsstats_xmldesc;
 	dumparg.ncounters = dns_nsstatscounter_max;
 	dns_generalstats_dump(server->nsstats, generalstat_dump, &dumparg,
 			      DNS_STATSDUMP_VERBOSE);
-	xmlTextWriterEndElement(writer); /* nsstats */
 
-	TRY0(xmlTextWriterStartElement(writer, ISC_XMLCHAR "zonestats"));
-	dumparg.desc = zonestats_xmldesc; /* auto-generated in bind9.xsl.h */
+	dumparg.category = "zonestat";
+	dumparg.desc = zonestats_xmldesc;
 	dumparg.ncounters = dns_zonestatscounter_max;
 	dns_generalstats_dump(server->zonestats, generalstat_dump, &dumparg,
 			      DNS_STATSDUMP_VERBOSE);
-	xmlTextWriterEndElement(writer); /* zonestats */
 
-	xmlTextWriterStartElement(writer, ISC_XMLCHAR "resstats");
+	/*
+	 * Most of the common resolver statistics entries are 0, so we don't
+	 * use the verbose dump here.
+	 */
+	dumparg.category = "resstat";
 	dumparg.ncounters = dns_resstatscounter_max;
 	dumparg.desc = resstats_xmldesc;
 	dns_generalstats_dump(server->resolverstats, generalstat_dump,
-			      &dumparg, DNS_STATSDUMP_VERBOSE);
-	xmlTextWriterEndElement(writer); /* resstats */
+			      &dumparg, 0);
 
 	xmlTextWriterEndElement(writer); /* server */
 
@@ -705,6 +1017,8 @@ ns_statschannels_configure(ns_server_t *server, const cfg_obj_t *config,
 	const cfg_listelt_t *element, *element2;
 	char socktext[ISC_SOCKADDR_FORMATSIZE];
 
+	RUNTIME_CHECK(isc_once_do(&once, init_desc) == ISC_R_SUCCESS);
+
 	ISC_LIST_INIT(new_listeners);
 
 	/*
@@ -827,191 +1141,6 @@ ns_statschannels_shutdown(ns_server_t *server) {
 	}
 }
 
-/*%
- * Statistics descriptions.  These could be statistically initialized at
- * compile time, but we configure them run time in the init_desc() function
- * below so that they'll be less susceptible to counter name changes.
- * Note that bind9.xsl must still be updated consistently with the counter
- * numbering.
- */
-static const char *nsstats_desc[dns_nsstatscounter_max];
-static const char *resstats_desc[dns_resstatscounter_max];
-static const char *zonestats_desc[dns_zonestatscounter_max];
-
-static inline void
-set_desc(int counter, int maxcounter, const char *desc, const char **descs) {
-	REQUIRE(counter < maxcounter);
-	REQUIRE(descs[counter] == NULL);
-
-	descs[counter] = desc;
-}
-
-static void
-init_desc() {
-	int i;
-
-	/* Initialize name server statistics */
-	memset(nsstats_desc, 0,
-	       dns_nsstatscounter_max * sizeof(nsstats_desc[0]));
-	set_desc(dns_nsstatscounter_requestv4, dns_nsstatscounter_max,
-		 "IPv4 requests received", nsstats_desc);
-	set_desc(dns_nsstatscounter_requestv6, dns_nsstatscounter_max,
-		 "IPv6 requests received", nsstats_desc);
-	set_desc(dns_nsstatscounter_edns0in, dns_nsstatscounter_max,
-		 "requests with EDNS(0) received", nsstats_desc);
-	set_desc(dns_nsstatscounter_badednsver, dns_nsstatscounter_max,
-		 "requests with unsupported EDNS version received",
-		 nsstats_desc);
-	set_desc(dns_nsstatscounter_tsigin, dns_nsstatscounter_max,
-		 "requests with TSIG received", nsstats_desc);
-	set_desc(dns_nsstatscounter_sig0in, dns_nsstatscounter_max,
-		 "requests with SIG(0) received", nsstats_desc);
-	set_desc(dns_nsstatscounter_invalidsig, dns_nsstatscounter_max,
-		 "requests with invalid signature", nsstats_desc);
-	set_desc(dns_nsstatscounter_tcp, dns_nsstatscounter_max,
-		 "TCP requests received", nsstats_desc);
-	set_desc(dns_nsstatscounter_authrej, dns_nsstatscounter_max,
-		 "auth queries rejected", nsstats_desc);
-	set_desc(dns_nsstatscounter_recurserej, dns_nsstatscounter_max,
-		 "recursive queries rejected", nsstats_desc);
-	set_desc(dns_nsstatscounter_xfrrej, dns_nsstatscounter_max,
-		 "transfer requests rejected", nsstats_desc);
-	set_desc(dns_nsstatscounter_updaterej, dns_nsstatscounter_max,
-		 "update requests rejected", nsstats_desc);
-	set_desc(dns_nsstatscounter_response, dns_nsstatscounter_max,
-		 "responses sent", nsstats_desc);
-	set_desc(dns_nsstatscounter_truncatedresp, dns_nsstatscounter_max,
-		 "truncated responses sent", nsstats_desc);
-	set_desc(dns_nsstatscounter_edns0out, dns_nsstatscounter_max,
-		 "responses with EDNS(0) sent", nsstats_desc);
-	set_desc(dns_nsstatscounter_tsigout, dns_nsstatscounter_max,
-		 "responses with TSIG sent", nsstats_desc);
-	set_desc(dns_nsstatscounter_sig0out, dns_nsstatscounter_max,
-		 "responses with SIG(0) sent", nsstats_desc);
-	set_desc(dns_nsstatscounter_success, dns_nsstatscounter_max,
-		 "queries resulted in successful answer", nsstats_desc);
-	set_desc(dns_nsstatscounter_authans, dns_nsstatscounter_max,
-		 "queries resulted in authoritative answer", nsstats_desc);
-	set_desc(dns_nsstatscounter_nonauthans, dns_nsstatscounter_max,
-		 "queries resulted in non authoritative answer", nsstats_desc);
-	set_desc(dns_nsstatscounter_referral, dns_nsstatscounter_max,
-		 "queries resulted in referral answer", nsstats_desc);
-	set_desc(dns_nsstatscounter_nxrrset, dns_nsstatscounter_max,
-		 "queries resulted in nxrrset", nsstats_desc);
-	set_desc(dns_nsstatscounter_servfail, dns_nsstatscounter_max,
-		 "queries resulted in SERVFAIL", nsstats_desc);
-	set_desc(dns_nsstatscounter_formerr, dns_nsstatscounter_max,
-		 "queries resulted in FORMERR", nsstats_desc);
-	set_desc(dns_nsstatscounter_nxdomain, dns_nsstatscounter_max,
-		 "queries resulted in NXDOMAIN", nsstats_desc);
-	set_desc(dns_nsstatscounter_recursion, dns_nsstatscounter_max,
-		 "queries caused recursion", nsstats_desc);
-	set_desc(dns_nsstatscounter_duplicate, dns_nsstatscounter_max,
-		 "duplicate queries received", nsstats_desc);
-	set_desc(dns_nsstatscounter_dropped, dns_nsstatscounter_max,
-		 "queries dropped", nsstats_desc);
-	set_desc(dns_nsstatscounter_failure, dns_nsstatscounter_max,
-		 "other query failures", nsstats_desc);
-	set_desc(dns_nsstatscounter_xfrdone, dns_nsstatscounter_max,
-		 "requested transfers completed", nsstats_desc);
-	set_desc(dns_nsstatscounter_updatereqfwd, dns_nsstatscounter_max,
-		 "update requests forwarded", nsstats_desc);
-	set_desc(dns_nsstatscounter_updaterespfwd, dns_nsstatscounter_max,
-		 "update responses forwarded", nsstats_desc);
-	set_desc(dns_nsstatscounter_updatefwdfail, dns_nsstatscounter_max,
-		 "update forward failed", nsstats_desc);
-	set_desc(dns_nsstatscounter_updatedone, dns_nsstatscounter_max,
-		 "updates completed", nsstats_desc);
-	set_desc(dns_nsstatscounter_updatefail, dns_nsstatscounter_max,
-		 "updates failed", nsstats_desc);
-	set_desc(dns_nsstatscounter_updatebadprereq, dns_nsstatscounter_max,
-		 "updates rejected due to prerequisite failure", nsstats_desc);
-
-	/* Initialize resolver statistics */
-	memset(resstats_desc, 0,
-	       dns_resstatscounter_max * sizeof(resstats_desc[0]));
-	set_desc(dns_resstatscounter_queryv4, dns_resstatscounter_max,
-		 "IPv4 queries sent", resstats_desc);
-	set_desc(dns_resstatscounter_queryv6, dns_resstatscounter_max,
-		 "IPv6 queries sent", resstats_desc);
-	set_desc(dns_resstatscounter_responsev4, dns_resstatscounter_max,
-		 "IPv4 responses received", resstats_desc);
-	set_desc(dns_resstatscounter_responsev6, dns_resstatscounter_max,
-		 "IPv6 responses received", resstats_desc);
-	set_desc(dns_resstatscounter_nxdomain, dns_resstatscounter_max,
-		 "NXDOMAIN received", resstats_desc);
-	set_desc(dns_resstatscounter_servfail, dns_resstatscounter_max,
-		 "SERVFAIL received", resstats_desc);
-	set_desc(dns_resstatscounter_formerr, dns_resstatscounter_max,
-		 "FORMERR received", resstats_desc);
-	set_desc(dns_resstatscounter_othererror, dns_resstatscounter_max,
-		 "other errors received", resstats_desc);
-	set_desc(dns_resstatscounter_edns0fail, dns_resstatscounter_max,
-		 "EDNS(0) query failures", resstats_desc);
-	set_desc(dns_resstatscounter_mismatch, dns_resstatscounter_max,
-		 "mismatch responses received", resstats_desc);
-	set_desc(dns_resstatscounter_truncated, dns_resstatscounter_max,
-		 "truncated responses received", resstats_desc);
-	set_desc(dns_resstatscounter_lame, dns_resstatscounter_max,
-		 "lame delegations received", resstats_desc);
-	set_desc(dns_resstatscounter_retry, dns_resstatscounter_max,
-		 "query retries", resstats_desc);
-	set_desc(dns_resstatscounter_gluefetchv4, dns_resstatscounter_max,
-		 "IPv4 NS address fetches", resstats_desc);
-	set_desc(dns_resstatscounter_gluefetchv6, dns_resstatscounter_max,
-		 "IPv6 NS address fetches", resstats_desc);
-	set_desc(dns_resstatscounter_gluefetchv4fail, dns_resstatscounter_max,
-		 "IPv4 NS address fetch failed", resstats_desc);
-	set_desc(dns_resstatscounter_gluefetchv6fail, dns_resstatscounter_max,
-		 "IPv6 NS address fetch failed", resstats_desc);
-	set_desc(dns_resstatscounter_val, dns_resstatscounter_max,
-		 "DNSSEC validation attempted", resstats_desc);
-	set_desc(dns_resstatscounter_valsuccess, dns_resstatscounter_max,
-		 "DNSSEC validation succeeded", resstats_desc);
-	set_desc(dns_resstatscounter_valnegsuccess, dns_resstatscounter_max,
-		 "DNSSEC NX validation succeeded", resstats_desc);
-	set_desc(dns_resstatscounter_valfail, dns_resstatscounter_max,
-		 "DNSSEC validation failed", resstats_desc);
-
-	/* Initialize zone statistics */
-	memset(zonestats_desc, 0,
-	       dns_zonestatscounter_max * sizeof(zonestats_desc[0]));
-	set_desc(dns_zonestatscounter_notifyoutv4, dns_zonestatscounter_max,
-		 "IPv4 notifies sent", zonestats_desc);
-	set_desc(dns_zonestatscounter_notifyoutv6, dns_zonestatscounter_max,
-		 "IPv6 notifies sent", zonestats_desc);
-	set_desc(dns_zonestatscounter_notifyinv4, dns_zonestatscounter_max,
-		 "IPv4 notifies received", zonestats_desc);
-	set_desc(dns_zonestatscounter_notifyinv6, dns_zonestatscounter_max,
-		 "IPv6 notifies received", zonestats_desc);
-	set_desc(dns_zonestatscounter_notifyrej, dns_zonestatscounter_max,
-		 "notifies rejected", zonestats_desc);
-	set_desc(dns_zonestatscounter_soaoutv4, dns_zonestatscounter_max,
-		 "IPv4 SOA queries sent", zonestats_desc);
-	set_desc(dns_zonestatscounter_soaoutv6, dns_zonestatscounter_max,
-		 "IPv6 SOA queries sent", zonestats_desc);
-	set_desc(dns_zonestatscounter_axfrreqv4, dns_zonestatscounter_max,
-		 "IPv4 AXFR requested", zonestats_desc);
-	set_desc(dns_zonestatscounter_axfrreqv6, dns_zonestatscounter_max,
-		 "IPv6 AXFR requested", zonestats_desc);
-	set_desc(dns_zonestatscounter_ixfrreqv4, dns_zonestatscounter_max,
-		 "IPv4 IXFR requested", zonestats_desc);
-	set_desc(dns_zonestatscounter_ixfrreqv6, dns_zonestatscounter_max,
-		 "IPv6 IXFR requested", zonestats_desc);
-	set_desc(dns_zonestatscounter_xfrsuccess, dns_zonestatscounter_max,
-		 "transfer requests succeeded", zonestats_desc);
-	set_desc(dns_zonestatscounter_xfrfail, dns_zonestatscounter_max,
-		 "transfer requests failed", zonestats_desc);
-
-	/* Sanity check */
-	for (i = 0; i < dns_nsstatscounter_max; i++)
-		INSIST(nsstats_desc[i] != NULL);
-	for (i = 0; i < dns_resstatscounter_max; i++)
-		INSIST(resstats_desc[i] != NULL);
-	for (i = 0; i < dns_zonestatscounter_max; i++)
-		INSIST(zonestats_desc[i] != NULL);
-}
-
 isc_result_t
 ns_stats_dump(ns_server_t *server, FILE *fp) {
 	isc_stdtime_t now;
@@ -1025,6 +1154,7 @@ ns_stats_dump(ns_server_t *server, FILE *fp) {
 	/* Set common fields */
 	dumparg.type = statsformat_file;
 	dumparg.arg = fp;
+	dumparg.category = NULL; /* unused */
 
 	isc_stdtime_get(&now);
 	fprintf(fp, "+++ Statistics Dump +++ (%lu)\n", (unsigned long)now);
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 70ff8d4238..18dd545197 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
   BIND 9 Administrator Reference Manual
 
@@ -12195,9 +12195,6 @@ $GENERATE 1-127 $ CNAME $.0
 		    
 		      
 			Mismatch responses received.
-			When shown via an HTTP statistics channel,
-			this counter is shown in the
-			Name Server Statistics section for brevity.
 		      
 		    
 		  

From 829f1b9a32ffd82acab0d6713a0479793a566976 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 17 Jul 2008 23:48:16 +0000
Subject: [PATCH 042/135] regen

---
 bin/named/bind9.xsl.h | 385 ++++++++++--------------------------------
 1 file changed, 87 insertions(+), 298 deletions(-)

diff --git a/bin/named/bind9.xsl.h b/bin/named/bind9.xsl.h
index d9a5ebe46d..d9dc624fb8 100644
--- a/bin/named/bind9.xsl.h
+++ b/bin/named/bind9.xsl.h
@@ -1,6 +1,6 @@
 /*
- * Generated by convertxsl.pl 1.13 2008/04/03 10:52:46 marka Exp  
- * From bind9.xsl 1.18 2008/06/23 19:41:18 jinmei Exp 
+ * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp  
+ * From bind9.xsl 1.19 2008/07/17 23:43:26 jinmei Exp 
  */
 static char xslmsg[] =
 	"\n"
@@ -20,7 +20,7 @@ static char xslmsg[] =
 	" - PERFORMANCE OF THIS SOFTWARE.\n"
 	"-->\n"
 	"\n"
-	"\n"
+	"\n"
 	"\n"
 	"\n"
 	" BIND 9 Statistics\n"
 	" \n"
 	" \n"
-	" 
Bind 9 Configuration and Statistics
\n"
+	" 
\n"
+	" 
Bind 9 Configuration and Statistics
\n"
+	" 
\n"
+	"\n"
 	" 
\n"
 	"\n"
 	" 

 
\n"
@@ -148,231 +190,53 @@ static char xslmsg[] =
 	"\n"
 	" 
\n"
 	"\n"
-	" 
\n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" 
Server Statistics
Requestv4Requestv6ReqEdns0ReqBadEDNSVerReqTSIGReqSIG0ReqBadSIGReqTCPAuthQryRejRecQryRej
XfrRejUpdateRejResponseRespTruncatedRespEDNS0RespTSIGRespSIG0QrySuccessQryAuthAnsQryNoauthAns
QryReferralQryNxrrsetQrySERVFAILQryFORMERRQryNXDOMAINQryRecursionQryDuplicateQryDroppedQryFailureXfrReqDone
UpdateReqFwdUpdateRespFwdUpdateFwdFailUpdateDoneUpdateFailUpdateBadPrereqRespMismatch\n"
-	" \n"
-	" \n"
-	" 
\n"
-	" \n"
-	" \n"
-	" 
\n"
-	"\n"
+	" 
\n"
+	" 
Server Statistics
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" \n"
 	" 
\n"
+	" 
\n"
 	"\n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" 
Zone Maintenance Statistics
NotifyOutv4NotifyOutv6NotifyInv4NotifyInv6NotifyRejSOAOutv4SOAOutv6AXFRReqv4AXFRReqv6IXFRReqv4
IXFRReqv6XfrSuccessXfrFail\n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" 
\n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" 
\n"
+	" 
\n"
+	" 
Zone Maintenance Statistics
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
 	"\n"
-	" 
\n"
+	" 
\n"
+	" 
Resolver Statistics (Common)
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
 	"\n"
 	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" \n"
-	" 
Resolver Statistics for View 
Queryv4Queryv6Responsev4Responsev6NXDOMAINSERVFAILFORMERROtherErrorEDNS0FailTruncated
LameRetryGlueFetchv4GlueFetchv6GlueFetchv4FailGlueFetchv6FailValAttemptValOkValNegOkValFail
\n"
-	" 
\n"
+	" 
\n"
+	" 
Resolver Statistics for View 
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" 
\n"
+	" \n"
+	" 
\n"
+	" 
\n"
 	" \n"
 	"\n"
-	" 
\n"
+	" 
\n"
 	"\n"
 	" \n"
 	" \n"
@@ -620,78 +484,3 @@ static char xslmsg[] =
 	" \n"
 	" \n"
 	"\n";
-#ifdef HAVE_LIBXML2
-static const char *nsstats_xmldesc[] = {	"Requestv4",
-	"Requestv6",
-	"ReqEdns0",
-	"ReqBadEDNSVer",
-	"ReqTSIG",
-	"ReqSIG0",
-	"ReqBadSIG",
-	"ReqTCP",
-	"AuthQryRej",
-	"RecQryRej",
-	"XfrRej",
-	"UpdateRej",
-	"Response",
-	"TruncatedResp",
-	"RespEDNS0",
-	"RespTSIG",
-	"RespSIG0",
-	"QrySuccess",
-	"QryAuthAns",
-	"QryNoauthAns",
-	"QryReferral",
-	"QryNxrrset",
-	"QrySERVFAIL",
-	"QryFORMERR",
-	"QryNXDOMAIN",
-	"QryRecursion",
-	"QryDuplicate",
-	"QryDropped",
-	"QryFailure",
-	"XfrReqDone",
-	"UpdateReqFwd",
-	"UpdateRespFwd",
-	"UpdateFwdFail",
-	"UpdateDone",
-	"UpdateFail",
-	"UpdateBadPrereq"
-};
-static const char *zonestats_xmldesc[] = {	"NotifyOutv4",
-	"NotifyOutv6",
-	"NotifyInv4",
-	"NotifyInv6",
-	"NotifyRej",
-	"SOAOutv4",
-	"SOAOutv6",
-	"AXFRReqv4",
-	"AXFRReqv6",
-	"IXFRReqv4",
-	"IXFRReqv6",
-	"XfrSuccess",
-	"XfrFail"
-};
-static const char *resstats_xmldesc[] = {	"Queryv4",
-	"Queryv6",
-	"Responsev4",
-	"Responsev6",
-	"NXDOMAIN",
-	"SERVFAIL",
-	"FORMERR",
-	"OtherError",
-	"EDNS0Fail",
-	"Mismatch",
-	"Truncated",
-	"Lame",
-	"Retry",
-	"GlueFetchv4",
-	"GlueFetchv6",
-	"GlueFetchv4Fail",
-	"GlueFetchv6Fail",
-	"ValAttempt",
-	"ValOk",
-	"ValNegOk",
-	"ValFail"
-};
-#endif

From 2152b79896eee9112e4e830a4e44c3d9a29e3108 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 18 Jul 2008 01:12:06 +0000
Subject: [PATCH 043/135] regen

---
 doc/arm/Bv9ARM.ch06.html             |  5 +----
 doc/arm/Bv9ARM.ch09.html             |  6 +++---
 doc/arm/Bv9ARM.html                  |  4 ++--
 doc/arm/man.dnssec-keyfromlabel.html |  8 ++++----
 doc/arm/man.dnssec-keygen.html       | 14 +++++++-------
 doc/arm/man.dnssec-signzone.html     | 12 ++++++------
 doc/arm/man.named-checkconf.html     | 12 ++++++------
 doc/arm/man.named-checkzone.html     |  6 +++---
 doc/arm/man.named.html               | 16 ++++++++--------
 doc/arm/man.nsupdate.html            | 10 +++++-----
 doc/arm/man.rndc-confgen.html        | 12 ++++++------
 doc/arm/man.rndc.conf.html           | 12 ++++++------
 doc/arm/man.rndc.html                | 12 ++++++------
 13 files changed, 63 insertions(+), 66 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 585a0942f4..fe4c535ac5 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -8513,9 +8513,6 @@ $GENERATE 1-127 $ CNAME $.0
 
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 81ce284d74..2e3668ce6a 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -45,7 +45,7 @@
 

 
Table of Contents

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

@@ -59,7 +59,7 @@
 

 

-Acknowledgments

+Acknowledgments

 

 A Brief History of the DNS and BIND
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 0b95b7bf8e..f64545ee38 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -200,7 +200,7 @@
 
 
A. Appendices

 

-
Acknowledgments

+
Acknowledgments

 
A Brief History of the DNS and BIND

 
General DNS Reference Information

 
IPv6 addresses (AAAA)

diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 9dca8e592e..504de463f3 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -131,7 +131,7 @@
 

 

 

-
GENERATED KEY FILES

+
GENERATED KEY FILES

 

       When dnssec-keyfromlabel completes
       successfully,
@@ -172,7 +172,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
@@ -182,7 +182,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 9f4de0222a..f008e4c5d9 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-keygen  {-a algorithm} {-b keysize} {-n nametype} [-c class] [-e] [-f flag] [-g generator] [-h] [-k] [-p protocol] [-r randomdev] [-s strength] [-t type] [-v level] {name}

 

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-keygen
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -58,7 +58,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a algorithm

 

@@ -166,7 +166,7 @@
 

 

 

-
GENERATED KEYS

+
GENERATED KEYS

 

       When dnssec-keygen completes
       successfully,
@@ -212,7 +212,7 @@
     

 

 

-
EXAMPLE

+
EXAMPLE

 

       To generate a 768-bit DSA key for the domain
       example.com, the following command would be
@@ -233,7 +233,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
dnssec-signzone(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535,
@@ -242,7 +242,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index c57bdbf505..058ded0b6f 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
dnssec-signzone  [-a] [-c class] [-d directory] [-e end-time] [-f output-file] [-g] [-h] [-k key] [-l domain] [-i interval] [-I input-format] [-j jitter] [-N soa-serial-format] [-o origin] [-O output-format] [-p] [-r randomdev] [-s start-time] [-t] [-v level] [-z] {zonefile} [key...]

 

-
DESCRIPTION

+
DESCRIPTION

 
dnssec-signzone
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -259,7 +259,7 @@
 

 

-
EXAMPLE

+
EXAMPLE

 

       The following command signs the example.com
       zone with the DSA key generated by dnssec-keygen
@@ -288,14 +288,14 @@ db.example.com.signed
 %
 

-
SEE ALSO

+
SEE ALSO

 
dnssec-keygen(8),
       BIND 9 Administrator Reference Manual,
       RFC 2535.
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 016459ea62..0d211228a3 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,14 +50,14 @@
 
named-checkconf  [-h] [-v] [-j] [-t directory] {filename} [-z]

-
DESCRIPTION

+
DESCRIPTION

 
named-checkconf
       checks the syntax, but not the semantics, of a named
       configuration file.
     

 

-
OPTIONS

+
OPTIONS

 

 
-h

 

@@ -92,21 +92,21 @@
 

 

-
RETURN VALUES

+
RETURN VALUES

 
named-checkconf
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     

 

-
SEE ALSO

+
SEE ALSO

 
named(8),
       named-checkzone(8),
       BIND 9 Administrator Reference Manual.
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index f8ee2aea6e..8a530b4817 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -51,7 +51,7 @@
 
named-compilezone  [-d] [-j] [-q] [-v] [-c class] [-C mode] [-f format] [-F format] [-i mode] [-k mode] [-m mode] [-n mode] [-o filename] [-s style] [-t directory] [-w directory] [-D] [-W mode] {zonename} {filename}

-
DESCRIPTION

+
DESCRIPTION

 
named-checkzone
       checks the syntax and integrity of a zone file.  It performs the
       same checks as named does when loading a
@@ -71,7 +71,7 @@
      

 

-
OPTIONS

+
OPTIONS

 

 
-d

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 072230d78a..66032a1678 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -209,7 +209,7 @@
 

 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -230,7 +230,7 @@
     

 

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -239,7 +239,7 @@
     

 

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -252,7 +252,7 @@
 

 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -265,7 +265,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index d3b5781659..408557f463 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 
 
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [[-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

 

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -182,7 +182,7 @@
     

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -431,7 +431,7 @@
     

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -485,7 +485,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index faff8e3148..235dd324bc 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 95838ee4da..a22951087e 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -50,7 +50,7 @@
 
rndc.conf 

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 334883a99f..b15a38274d 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From efe34b8ddbecf45d1671efbcba30bdb75410c98a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 18 Jul 2008 01:26:20 +0000
Subject: [PATCH 044/135] 2389    [bug]           Move the working directory
 writable to after the                         ns_os_changeuser() call. [RT
 #18326]

---
 CHANGES            |  3 +++
 bin/named/server.c | 20 ++++++++++----------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index f4af6fc407..0decf963bf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2389	[bug]		Move the working directory writable to after the
+			ns_os_changeuser() call. [RT #18326]
+
 2388.	[bug]		Avoid using tables for layout purposes in
 			statistics XSL [RT #18159].
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 33b4c21746..4974a46f02 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.512 2008/07/12 05:58:08 jinmei Exp $ */
+/* $Id: server.c,v 1.513 2008/07/18 01:26:20 marka Exp $ */
 
 /*! \file */
 
@@ -2965,15 +2965,6 @@ load_configuration(const char *filename, ns_server_t *server,
 	}
 	CHECK(result);
 
-	/*
-	 * Check that the working directory is writable.
-	 */
-	if (access(".", W_OK) != 0) {
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
-			      "the working directory is not writable");
-	}
-
 	/*
 	 * Check the validity of the configuration.
 	 */
@@ -3411,6 +3402,15 @@ load_configuration(const char *filename, ns_server_t *server,
 	if (first_time)
 		ns_os_changeuser();
 
+	/*
+	 * Check that the working directory is writable.
+	 */
+	if (access(".", W_OK) != 0) {
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+			      "the working directory is not writable");
+	}
+
 	/*
 	 * Configure the logging system.
 	 *

From c6678b68efae57ecaec97f489f6d9104f85ed0a8 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 18 Jul 2008 02:02:54 +0000
Subject: [PATCH 045/135] update description

---
 CHANGES | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0decf963bf..47fea89342 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,5 @@
-2389	[bug]		Move the working directory writable to after the
-			ns_os_changeuser() call. [RT #18326]
+2389	[bug]		Move the "working directory writable" check to after
+			the ns_os_changeuser() call. [RT #18326]
 
 2388.	[bug]		Avoid using tables for layout purposes in
 			statistics XSL [RT #18159].

From 2f76108082f11d4979048f1c22602391c5733c88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 18 Jul 2008 02:35:42 +0000
Subject: [PATCH 046/135] 2390	[bug]		dispatch.c could make a false
 warning on 'odd socket'. 			[RT #18301].

---
 CHANGES            |  3 +++
 lib/dns/dispatch.c | 31 ++++++++++++++++++-------------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/CHANGES b/CHANGES
index 47fea89342..89703b9073 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2390	[bug]		dispatch.c could make a false warning on 'odd socket'.
+			[RT #18301].
+
 2389	[bug]		Move the "working directory writable" check to after
 			the ns_os_changeuser() call. [RT #18326]
 
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 3a179d91ac..8abf1de834 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.144 2008/07/03 00:13:25 each Exp $ */
+/* $Id: dispatch.c,v 1.145 2008/07/18 02:35:42 jinmei Exp $ */
 
 /*! \file */
 
@@ -1026,18 +1026,23 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 		return;
 	}
 
-	if (dispsock != NULL &&
-	    (disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) {
-		resp = dispsock->resp;
-		id = resp->id;
-		if (ev->result != ISC_R_SUCCESS) {
-			/*
-			 * This is most likely a network error on a connected
-			 * socket.  It makes no sense to check the address or
-			 * parse the packet, but it will help to return the
-			 * error to the caller.
-			 */
-			goto sendresponse;
+	if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) {
+		if (dispsock != NULL) {
+	    		resp = dispsock->resp;
+			id = resp->id;
+			if (ev->result != ISC_R_SUCCESS) {
+				/*
+				 * This is most likely a network error on a
+				 * connected socket.  It makes no sense to
+				 * check the address or parse the packet, but it
+				 * will help to return the error to the caller.
+				 */
+				goto sendresponse;
+			}
+		} else {
+			UNLOCK(&disp->lock);
+			isc_event_free(&ev_in);
+			return;
 		}
 	} else if (ev->result != ISC_R_SUCCESS) {
 		free_buffer(disp, ev->region.base, ev->region.length);

From 3d8b9b9956b64aba0d105f955ac0354fbcf5baa9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 18 Jul 2008 02:43:31 +0000
Subject: [PATCH 047/135] 2400	[port]		hpux: cover additional
 recvmsg() error codes. 			[RT #18301]

---
 CHANGES               | 3 +++
 lib/isc/unix/socket.c | 8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 89703b9073..330866346d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2400	[port]		hpux: cover additional recvmsg() error codes.
+			[RT #18301]
+
 2390	[bug]		dispatch.c could make a false warning on 'odd socket'.
 			[RT #18301].
 
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index b5367f7e64..b517024aba 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.287 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: socket.c,v 1.288 2008/07/18 02:43:31 jinmei Exp $ */
 
 /*! \file */
 
@@ -1297,6 +1297,12 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) {
 		/* HPUX 11.11 can return EADDRNOTAVAIL. */
 		SOFT_OR_HARD(EADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
 		ALWAYS_HARD(ENOBUFS, ISC_R_NORESOURCES);
+		/*
+		 * HPUX returns EPROTO and EINVAL on receiving some ICMP/ICMPv6
+		 * errors.
+		 */
+		SOFT_OR_HARD(EPROTO, ISC_R_HOSTUNREACH);
+		SOFT_OR_HARD(EINVAL, ISC_R_HOSTUNREACH);
 
 #undef SOFT_OR_HARD
 #undef ALWAYS_HARD

From 9de2552945bb15b29e189e009594f6b7b5b9c328 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 18 Jul 2008 02:44:15 +0000
Subject: [PATCH 048/135] corrected change #

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 330866346d..3048850be9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-2400	[port]		hpux: cover additional recvmsg() error codes.
+2391	[port]		hpux: cover additional recvmsg() error codes.
 			[RT #18301]
 
 2390	[bug]		dispatch.c could make a false warning on 'odd socket'.

From 8afedf9ec0aaa5adb0afe8bba38e13d994c3ab97 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 18 Jul 2008 03:45:55 +0000
Subject: [PATCH 049/135] #ifdef EPROTO/#endif

---
 lib/isc/unix/socket.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index b517024aba..80a58b5d05 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.288 2008/07/18 02:43:31 jinmei Exp $ */
+/* $Id: socket.c,v 1.289 2008/07/18 03:45:55 marka Exp $ */
 
 /*! \file */
 
@@ -1301,7 +1301,9 @@ doio_recv(isc_socket_t *sock, isc_socketevent_t *dev) {
 		 * HPUX returns EPROTO and EINVAL on receiving some ICMP/ICMPv6
 		 * errors.
 		 */
+#ifdef EPROTO
 		SOFT_OR_HARD(EPROTO, ISC_R_HOSTUNREACH);
+#endif
 		SOFT_OR_HARD(EINVAL, ISC_R_HOSTUNREACH);
 
 #undef SOFT_OR_HARD

From 61facaae4eb15535e1b0cebf007500551874f133 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 18 Jul 2008 06:09:39 +0000
Subject: [PATCH 050/135] change 2390 leaked memory

---
 lib/dns/dispatch.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 8abf1de834..3dfbc33692 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.145 2008/07/18 02:35:42 jinmei Exp $ */
+/* $Id: dispatch.c,v 1.146 2008/07/18 06:09:39 marka Exp $ */
 
 /*! \file */
 
@@ -1040,6 +1040,8 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 				goto sendresponse;
 			}
 		} else {
+			free_buffer(disp, ev->region.base, ev->region.length);
+
 			UNLOCK(&disp->lock);
 			isc_event_free(&ev_in);
 			return;

From eed82871723b29c20c1a9536d4b056ea60bf1913 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 18 Jul 2008 23:18:45 +0000
Subject: [PATCH 051/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index a306b6983d..45a4190607 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -137,6 +137,7 @@ rt18092				new	each	// 2008-05-21 05:49 +0000
 rt18098				new	
 rt18159				new	
 rt18194				new	
+rt18253				new	each	// 2008-07-18 23:01 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 321b1c0501d6d97c852ae02e13bdfef6f0bbe776 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 18 Jul 2008 23:47:01 +0000
Subject: [PATCH 052/135] update copyright notice

---
 lib/dns/dispatch.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 3dfbc33692..14d9b87592 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.146 2008/07/18 06:09:39 marka Exp $ */
+/* $Id: dispatch.c,v 1.147 2008/07/18 23:47:01 tbox Exp $ */
 
 /*! \file */
 
@@ -1028,7 +1028,7 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 
 	if ((disp->attributes & DNS_DISPATCHATTR_EXCLUSIVE) != 0) {
 		if (dispsock != NULL) {
-	    		resp = dispsock->resp;
+			resp = dispsock->resp;
 			id = resp->id;
 			if (ev->result != ISC_R_SUCCESS) {
 				/*

From 7ed4399c6598276b76df95e6dc91ed7b2834abc6 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Sat, 19 Jul 2008 00:02:14 +0000
Subject: [PATCH 053/135] remove 'grep -q' from acl test script, some platforms
 don't support it. [rt18253]

---
 CHANGES                       |  9 ++++++---
 bin/tests/system/acl/tests.sh | 36 +++++++++++++++++------------------
 2 files changed, 24 insertions(+), 21 deletions(-)

diff --git a/CHANGES b/CHANGES
index 3048850be9..55abaeb043 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,10 +1,13 @@
-2391	[port]		hpux: cover additional recvmsg() error codes.
+2392.   [bug]           remove 'grep -q' from acl test script, some platforms
+                        don't support it. [RT #18253]
+
+2391.	[port]		hpux: cover additional recvmsg() error codes.
 			[RT #18301]
 
-2390	[bug]		dispatch.c could make a false warning on 'odd socket'.
+2390.	[bug]		dispatch.c could make a false warning on 'odd socket'.
 			[RT #18301].
 
-2389	[bug]		Move the "working directory writable" check to after
+2389.	[bug]		Move the "working directory writable" check to after
 			the ns_os_changeuser() call. [RT #18326]
 
 2388.	[bug]		Avoid using tables for layout purposes in
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index a81bc035a1..8d2d5640e8 100644
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.3 2008/01/10 23:47:01 tbox Exp $
+# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -29,13 +29,13 @@ echo "I:testing basic ACL processing"
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 # any other key should be fine
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 cp -f ns2/named2.conf ns2/named.conf
 $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /'
@@ -45,18 +45,18 @@ sleep 5
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 # any other address should work, as long as it sends key "one"
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 echo "I:testing nested ACL processing"
 # all combinations of 10.53.0.{1|2} with key {one|two}, should succeed
@@ -68,42 +68,42 @@ sleep 5
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # should succeed
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # should succeed
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # should succeed
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # but only one or the other should fail
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $tt failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; }
 
 # and other values? right out
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 # now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
 cp -f ns2/named4.conf ns2/named.conf
@@ -114,31 +114,31 @@ sleep 5
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # should succeed
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out && { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; }
 
 # should fail
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 # should fail
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 # should fail
 t=`expr $t + 1`
 $DIG $DIGOPTS tsigzone. \
     	@10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out
-grep -q "^;" dig.out || { echo "I:test $t failed" ; status=1; }
+grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; }
 
 echo "I:exit status: $status"
 exit $status

From 2ca30c1774245f3aa7e8a1f3781cb965152373d8 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Sat, 19 Jul 2008 00:09:44 +0000
Subject: [PATCH 054/135] Nested acls containing keys could trigger an
 assertion in acl.c. [rt18166]

---
 CHANGES              | 3 +++
 lib/isccfg/aclconf.c | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 55abaeb043..7797087ab8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2393.   [bug]           nested acls containing keys could trigger an
+                        assertion in acl.c. [RT #18166]
+
 2392.   [bug]           remove 'grep -q' from acl test script, some platforms
                         don't support it. [RT #18253]
 
diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c
index f81462796b..6fb2f26575 100644
--- a/lib/isccfg/aclconf.c
+++ b/lib/isccfg/aclconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.19 2008/05/21 23:47:01 tbox Exp $ */
+/* $Id: aclconf.c,v 1.20 2008/07/19 00:09:44 each Exp $ */
 
 #include 
 
@@ -290,6 +290,7 @@ nested_acl:
 			} else {
 				dns_acl_merge(dacl, inneracl,
 					      ISC_TF(!neg));
+				de += inneracl->length;  /* elements added */
 				dns_acl_detach(&inneracl);
 				continue;
 			}

From 80e45d89bcb330af1ecdf3bb825e23da3d83139d Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Sat, 19 Jul 2008 23:18:49 +0000
Subject: [PATCH 055/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 45a4190607..7a78ab1834 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -138,6 +138,7 @@ rt18098				new
 rt18159				new	
 rt18194				new	
 rt18253				new	each	// 2008-07-18 23:01 +0000
+rt18331				new	fdupont	// 2008-07-19 14:53 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 07d0f86c8a1591c0ee785d6728af69cb40f1da61 Mon Sep 17 00:00:00 2001
From: Francis Dupont 
Date: Sun, 20 Jul 2008 09:29:52 +0000
Subject: [PATCH 056/135] "files unlimited" in code [rt18331]

---
 CHANGES            | 12 ++++++++----
 bin/named/config.c |  4 ++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 7797087ab8..2bb971bd12 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,12 @@
-2393.   [bug]           nested acls containing keys could trigger an
-                        assertion in acl.c. [RT #18166]
+2394.	[bug]		Default configuration options set the limit for
+			open files to 'unlimited' as described in the
+			documentation. [RT #18331]
 
-2392.   [bug]           remove 'grep -q' from acl test script, some platforms
-                        don't support it. [RT #18253]
+2393.	[bug]		nested acls containing keys could trigger an
+			assertion in acl.c. [RT #18166]
+
+2392.	[bug]		remove 'grep -q' from acl test script, some platforms
+			don't support it. [RT #18253]
 
 2391.	[port]		hpux: cover additional recvmsg() error codes.
 			[RT #18301]
diff --git a/bin/named/config.c b/bin/named/config.c
index 730fa502ea..9353782ce3 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.88 2008/05/28 21:02:45 each Exp $ */
+/* $Id: config.c,v 1.89 2008/07/20 09:29:52 fdupont Exp $ */
 
 /*! \file */
 
@@ -52,7 +52,7 @@ options {\n\
 #ifndef WIN32
 "	coresize default;\n\
 	datasize default;\n\
-	files default;\n\
+	files unlimited;\n\
 	stacksize default;\n"
 #endif
 "	deallocate-on-exit true;\n\

From 28631bf0cd74b9bf9b025dd4cf6ecd9ed2ba547e Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Sun, 20 Jul 2008 23:19:44 +0000
Subject: [PATCH 057/135] auto update

---
 doc/private/branches | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 7a78ab1834..9ef248ac57 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -139,6 +139,9 @@ rt18159				new
 rt18194				new	
 rt18253				new	each	// 2008-07-18 23:01 +0000
 rt18331				new	fdupont	// 2008-07-19 14:53 +0000
+rt18332				new	fdupont	// 2008-07-20 13:11 +0000
+rt18332_v9_3_5_P1		new	fdupont	// 2008-07-20 13:16 +0000
+rt18335				new	fdupont	// 2008-07-20 11:50 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From ee6c0ce79e83039c9f8692bfb6196e0bb591ff98 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 21 Jul 2008 03:37:17 +0000
Subject: [PATCH 058/135] 2395.   [port]          Avoid warning and no effect
 from "files unlimited"                         on Linux when running as root.
 [RT #18335]

---
 CHANGES                 |  3 +++
 lib/isc/unix/resource.c | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 2bb971bd12..d47916987f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2395.	[port]		Avoid warning and no effect from "files unlimited"
+			on Linux when running as root. [RT #18335]
+
 2394.	[bug]		Default configuration options set the limit for
 			open files to 'unlimited' as described in the
 			documentation. [RT #18331]
diff --git a/lib/isc/unix/resource.c b/lib/isc/unix/resource.c
index aaaec1b6ff..f422cb1876 100644
--- a/lib/isc/unix/resource.c
+++ b/lib/isc/unix/resource.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.18 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: resource.c,v 1.19 2008/07/21 03:37:17 marka Exp $ */
 
 #include 
 
@@ -28,6 +28,10 @@
 #include 
 #include 
 
+#ifdef __linux__
+#include 	/* To get the large NR_OPEN. */
+#endif
+
 #include "errno2result.h"
 
 static isc_result_t
@@ -151,6 +155,17 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) {
 		if (unixresult == 0)
 			return (ISC_R_SUCCESS);
 	}
+#elif defined(NR_OPEN) && defined(__linux__)
+	/*
+	 * Some Linux kernels don't accept RLIM_INFINIT; the maximum
+	 * possible value is the NR_OPEN defined in linux/fs.h.
+	 */
+	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
+		rl.rlim_cur = rl.rlim_max = NR_OPEN;
+		unixresult = setrlimit(unixresource, &rl);
+		if (unixresult == 0)
+			return (ISC_R_SUCCESS);
+	}
 #endif
 	return (isc__errno2result(errno));
 }

From 2dbc961b453887a85054133571dffea11a91d98c Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 21 Jul 2008 23:19:40 +0000
Subject: [PATCH 059/135] auto update

---
 doc/private/branches | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 9ef248ac57..8b7e81d696 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -142,6 +142,7 @@ rt18331				new	fdupont	// 2008-07-19 14:53 +0000
 rt18332				new	fdupont	// 2008-07-20 13:11 +0000
 rt18332_v9_3_5_P1		new	fdupont	// 2008-07-20 13:16 +0000
 rt18335				new	fdupont	// 2008-07-20 11:50 +0000
+rt18336				new	fdupont	// 2008-07-21 13:51 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer
@@ -175,11 +176,14 @@ v9_3_2_patch			active		// security fixes 9.3.2 only
 v9_3_4-cisco			active	
 v9_3_4_patch			active		// security fixes 9.3.4 only
 v9_3_5_P1			new	each	// 2008-05-22 20:42 +0000
+v9_3_5_patch			new	
 v9_4				active	
 v9_4_1_P1_lruttl		active	
 v9_4_1_patch			active		// security fixes 9.4.1 only
 v9_4_2_P1			new	each	// 2008-05-22 21:12 +0000
+v9_4_2_patch			new	
 v9_5				new	marka	// 2008-01-02 04:47 +0000
+v9_5_0_patch			new	
 
 
 a6_remove			closed

From 9de0f9b0aed432ee357dbba8d1d807525f4b6d4a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 22 Jul 2008 03:43:04 +0000
Subject: [PATCH 060/135] 2396.   [bug]           Don't set SO_REUSEADDR for
 randomized ports.                         [RT #18336]

---
 CHANGES                      |  3 +++
 bin/dig/dighost.c            | 11 ++++++-----
 bin/named/controlconf.c      |  4 ++--
 bin/named/interfacemgr.c     |  4 ++--
 bin/named/lwresd.c           |  4 ++--
 bin/named/statschannel.c     |  4 ++--
 bin/rndc/rndc.c              |  6 +++---
 bin/tests/sig0_test.c        |  4 ++--
 bin/tests/sock_test.c        |  4 ++--
 lib/dns/dispatch.c           | 15 ++++++++-------
 lib/dns/request.c            |  6 +++---
 lib/dns/resolver.c           |  4 ++--
 lib/dns/xfrin.c              |  4 ++--
 lib/isc/include/isc/socket.h |  6 ++++--
 lib/isc/unix/socket.c        |  7 ++++---
 lib/isc/win32/socket.c       |  7 ++++---
 16 files changed, 51 insertions(+), 42 deletions(-)

diff --git a/CHANGES b/CHANGES
index d47916987f..afa840767f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
+			[RT #18336]
+
 2395.	[port]		Avoid warning and no effect from "files unlimited"
 			on Linux when running as root. [RT #18335]
 
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 2a7e9b020d..e07a98ad96 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.309 2008/04/03 02:01:08 marka Exp $ */
+/* $Id: dighost.c,v 1.310 2008/07/22 03:43:03 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2236,14 +2236,14 @@ send_tcp_connect(dig_query_t *query) {
 	sockcount++;
 	debug("sockcount=%d", sockcount);
 	if (specified_source)
-		result = isc_socket_bind(query->sock, &bind_address);
+		result = isc_socket_bind(query->sock, &bind_address, 1);
 	else {
 		if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
 		    have_ipv4)
 			isc_sockaddr_any(&bind_any);
 		else
 			isc_sockaddr_any6(&bind_any);
-		result = isc_socket_bind(query->sock, &bind_any);
+		result = isc_socket_bind(query->sock, &bind_any, 0);
 	}
 	check_result(result, "isc_socket_bind");
 	bringup_timer(query, TCP_TIMEOUT);
@@ -2290,11 +2290,12 @@ send_udp(dig_query_t *query) {
 		sockcount++;
 		debug("sockcount=%d", sockcount);
 		if (specified_source) {
-			result = isc_socket_bind(query->sock, &bind_address);
+			result = isc_socket_bind(query->sock,
+						 &bind_address, 1);
 		} else {
 			isc_sockaddr_anyofpf(&bind_any,
 					isc_sockaddr_pf(&query->sockaddr));
-			result = isc_socket_bind(query->sock, &bind_any);
+			result = isc_socket_bind(query->sock, &bind_any, 0);
 		}
 		check_result(result, "isc_socket_bind");
 
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index 95ff3b6613..b5572331f1 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.58 2008/01/18 23:46:57 tbox Exp $ */
+/* $Id: controlconf.c,v 1.59 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -1150,7 +1150,7 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 
 	if (result == ISC_R_SUCCESS)
 		result = isc_socket_bind(listener->sock,
-					 &listener->address);
+					 &listener->address, 1);
 
 	if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
 		listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 47860214c4..3bc685e63f 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.90 2007/09/12 01:09:07 each Exp $ */
+/* $Id: interfacemgr.c,v 1.91 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -308,7 +308,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
 #endif
-	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr);
+	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr, 1);
 	if (result != ISC_R_SUCCESS) {
 		isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
 				 "binding TCP socket: %s",
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index 1674438d6d..73e3c66e36 100644
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.55 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: lwresd.c,v 1.56 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file 
  * \brief
@@ -576,7 +576,7 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
 		return (result);
 	}
 
-	result = isc_socket_bind(sock, &listener->address);
+	result = isc_socket_bind(sock, &listener->address, 1);
 	if (result != ISC_R_SUCCESS) {
 		char socktext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(&listener->address, socktext,
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index a86aea01d5..32a9d6aa1b 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: statschannel.c,v 1.11 2008/07/17 23:43:26 jinmei Exp $ */
+/* $Id: statschannel.c,v 1.12 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -919,7 +919,7 @@ add_listener(ns_server_t *server, ns_statschannel_t **listenerp,
 	isc_socket_ipv6only(sock, ISC_TRUE);
 #endif
 
-	result = isc_socket_bind(sock, addr);
+	result = isc_socket_bind(sock, addr, 1);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 2d4d33c2ea..8fb88924ed 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.118 2007/06/18 23:47:25 tbox Exp $ */
+/* $Id: rndc.c,v 1.119 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -400,10 +400,10 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
 	DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
 	switch (isc_sockaddr_pf(addr)) {
 	case AF_INET:
-		DO("bind socket", isc_socket_bind(sock, &local4));
+		DO("bind socket", isc_socket_bind(sock, &local4, 1));
 		break;
 	case AF_INET6:
-		DO("bind socket", isc_socket_bind(sock, &local6));
+		DO("bind socket", isc_socket_bind(sock, &local6, 1));
 		break;
 	default:
 		break;
diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c
index 8f5c17ef91..3ca2e6808a 100644
--- a/bin/tests/sig0_test.c
+++ b/bin/tests/sig0_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sig0_test.c,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: sig0_test.c,v 1.16 2008/07/22 03:43:04 marka Exp $ */
 
 #include 
 
@@ -189,7 +189,7 @@ buildquery(void) {
 
 	isc_buffer_usedregion(&qbuffer, &r);
 	isc_sockaddr_any(&sa);
-	result = isc_socket_bind(s, &sa);
+	result = isc_socket_bind(s, &sa, 0);
 	CHECK("isc_socket_bind", result);
 	result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address,
 				   NULL);
diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c
index ba6beb3edc..1f5dc45f4b 100644
--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sock_test.c,v 1.52 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: sock_test.c,v 1.53 2008/07/22 03:43:04 marka Exp $ */
 
 #include 
 
@@ -321,7 +321,7 @@ main(int argc, char *argv[]) {
 	}
 	RUNTIME_CHECK(isc_socket_create(socketmgr, pf, isc_sockettype_tcp,
 					&so1) == ISC_R_SUCCESS);
-	result = isc_socket_bind(so1, &sockaddr);
+	result = isc_socket_bind(so1, &sockaddr, 1);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_socket_listen(so1, 0) == ISC_R_SUCCESS);
 
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 14d9b87592..bff70414be 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.147 2008/07/18 23:47:01 tbox Exp $ */
+/* $Id: dispatch.c,v 1.148 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -304,7 +304,7 @@ static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 				 isc_boolean_t needaddrtable);
 static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
 static isc_result_t open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
-				isc_socket_t **sockp);
+				int reuseaddr, isc_socket_t **sockp);
 static isc_boolean_t portavailable(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
 				   isc_sockaddr_t *sockaddrp);
 
@@ -747,7 +747,7 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 			continue;
 		}
 
-		result = open_socket(sockmgr, &localaddr, &sock);
+		result = open_socket(sockmgr, &localaddr, 0, &sock);
 		if (result == ISC_R_SUCCESS || result != ISC_R_ADDRINUSE)
 			break;
 	}
@@ -1586,7 +1586,7 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) {
 }
 
 static isc_result_t
-open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
+open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, int reuseaddr,
 	    isc_socket_t **sockp)
 {
 	isc_socket_t *sock;
@@ -1608,7 +1608,7 @@ open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(sock, ISC_TRUE);
 #endif
-	result = isc_socket_bind(sock, local);
+	result = isc_socket_bind(sock, local, reuseaddr);
 	if (result != ISC_R_SUCCESS) {
 		if (*sockp == NULL)
 			isc_socket_detach(&sock);
@@ -2535,7 +2535,8 @@ get_udpsocket(dns_dispatchmgr_t *mgr, dns_dispatch_t *disp,
 					DISP_ARC4CTX(disp),
 					nports)];
 			isc_sockaddr_setport(&localaddr_bound, prt);
-			result = open_socket(sockmgr, &localaddr_bound, &sock);
+			result = open_socket(sockmgr, &localaddr_bound,
+					     0, &sock);
 			if (result == ISC_R_SUCCESS ||
 			    result != ISC_R_ADDRINUSE) {
 				disp->localport = prt;
@@ -2554,7 +2555,7 @@ get_udpsocket(dns_dispatchmgr_t *mgr, dns_dispatch_t *disp,
 	i = 0;
 
 	for (j = 0; j < maxtry; j++) {
-		result = open_socket(sockmgr, localaddr, &sock);
+		result = open_socket(sockmgr, localaddr, 0, &sock);
 		if (result != ISC_R_SUCCESS)
 			goto end;
 		else if (!anyport)
diff --git a/lib/dns/request.c b/lib/dns/request.c
index 26e25ad85e..af756686a4 100644
--- a/lib/dns/request.c
+++ b/lib/dns/request.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: request.c,v 1.81 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: request.c,v 1.82 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -528,11 +528,11 @@ create_tcp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr,
 	if (srcaddr == NULL) {
 		isc_sockaddr_anyofpf(&bind_any,
 				     isc_sockaddr_pf(destaddr));
-		result = isc_socket_bind(socket, &bind_any);
+		result = isc_socket_bind(socket, &bind_any, 0);
 	} else {
 		src = *srcaddr;
 		isc_sockaddr_setport(&src, 0);
-		result = isc_socket_bind(socket, &src);
+		result = isc_socket_bind(socket, &src, 0);
 	}
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 9b07d1bbd2..bc556eb214 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.373 2008/06/23 19:41:19 jinmei Exp $ */
+/* $Id: resolver.c,v 1.374 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -1201,7 +1201,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 			goto cleanup_query;
 
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
-		result = isc_socket_bind(query->tcpsocket, &addr);
+		result = isc_socket_bind(query->tcpsocket, &addr, 0);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup_socket;
 #endif
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index 35ab8eddbf..b4e887ccb5 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.157 2007/12/02 23:55:01 marka Exp $ */
+/* $Id: xfrin.c,v 1.158 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -873,7 +873,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
 				&xfr->socket));
 	isc_socket_setname(xfr->socket, "xfrin", NULL);
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
-	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr));
+	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr, 1));
 #endif
 	CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,
 				 xfrin_connect_done, xfr));
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 530e684b65..9de8124987 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.78 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: socket.h,v 1.79 2008/07/22 03:43:04 marka Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -406,7 +406,7 @@ isc_socket_close(isc_socket_t *sock);
  */
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp);
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, int reuseaddr);
 /*%<
  * Bind 'socket' to '*addressp'.
  *
@@ -416,6 +416,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp);
  *
  * \li	'addressp' points to a valid isc_sockaddr.
  *
+ * \li	'reuseaddr' asks to set SO_REUSEADDR (if the port is not 0).
+
  * Returns:
  *
  * \li	ISC_R_SUCCESS
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 80a58b5d05..38c8573cbe 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.289 2008/07/18 03:45:55 marka Exp $ */
+/* $Id: socket.c,v 1.290 2008/07/22 03:43:04 marka Exp $ */
 
 /*! \file */
 
@@ -4170,7 +4170,7 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;
 
@@ -4189,7 +4189,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
 	if (sock->pf == AF_UNIX)
 		goto bind_socket;
 #endif
-	if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
+	if (reuseaddr &&
+	    isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
 	    setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		       sizeof(on)) < 0) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 77f2900c6b..80b2bd3c9f 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.58 2008/07/11 23:05:46 jinmei Exp $ */
+/* $Id: socket.c,v 1.59 2008/07/22 03:43:04 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -3308,7 +3308,7 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
 	int bind_errno;
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;
@@ -3324,7 +3324,8 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr) {
 	/*
 	 * Only set SO_REUSEADDR when we want a specific port.
 	 */
-	if (isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
+	if (reuseaddr &&
+	    isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
 	    setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		       sizeof(on)) < 0) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,

From 021e9254f58894f40fadbc8e9645b4c66cf20351 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 22 Jul 2008 23:19:58 +0000
Subject: [PATCH 061/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index 8b7e81d696..374eb35282 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -143,6 +143,7 @@ rt18332				new	fdupont	// 2008-07-20 13:11 +0000
 rt18332_v9_3_5_P1		new	fdupont	// 2008-07-20 13:16 +0000
 rt18335				new	fdupont	// 2008-07-20 11:50 +0000
 rt18336				new	fdupont	// 2008-07-21 13:51 +0000
+rt18336p1			new	
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From b0d566a2ce0f5a67f537ee7f8233f82f2584cc61 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 22 Jul 2008 23:30:31 +0000
Subject: [PATCH 062/135] newcopyrights

---
 util/copyrights | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index 197355b4a6..e02503e34a 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -120,7 +120,7 @@
 ./bin/named/include/named/update.h		C	1999,2000,2001,2004,2005,2007
 ./bin/named/include/named/xfrout.h		C	1999,2000,2001,2004,2005,2007
 ./bin/named/include/named/zoneconf.h		C	1999,2000,2001,2002,2004,2005,2006,2007
-./bin/named/interfacemgr.c			C	1999,2000,2001,2002,2004,2005,2006,2007
+./bin/named/interfacemgr.c			C	1999,2000,2001,2002,2004,2005,2006,2007,2008
 ./bin/named/listenlist.c			C	2000,2001,2004,2005,2007
 ./bin/named/log.c				C	1999,2000,2001,2002,2004,2005,2006,2007
 ./bin/named/logconf.c				C	1999,2000,2001,2004,2005,2006,2007
@@ -132,7 +132,7 @@
 ./bin/named/lwdgrbn.c				C	2000,2001,2003,2004,2005,2006,2007
 ./bin/named/lwdnoop.c				C	2000,2001,2004,2005,2007,2008
 ./bin/named/lwresd.8				MAN	DOCBOOK
-./bin/named/lwresd.c				C	2000,2001,2002,2003,2004,2005,2006,2007
+./bin/named/lwresd.c				C	2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./bin/named/lwresd.docbook			SGML	2000,2001,2004,2005,2007
 ./bin/named/lwresd.html				HTML	DOCBOOK
 ./bin/named/lwsearch.c				C	2000,2001,2004,2005,2007
@@ -181,7 +181,7 @@
 ./bin/rndc/rndc-confgen.docbook			SGML	2001,2003,2004,2005,2007
 ./bin/rndc/rndc-confgen.html			HTML	DOCBOOK
 ./bin/rndc/rndc.8				MAN	DOCBOOK
-./bin/rndc/rndc.c				C	2000,2001,2002,2003,2004,2005,2006,2007
+./bin/rndc/rndc.c				C	2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./bin/rndc/rndc.conf				CONF-C	2000,2001,2004,2007
 ./bin/rndc/rndc.conf.5				MAN	DOCBOOK
 ./bin/rndc/rndc.conf.docbook			SGML	2000,2001,2004,2005,2007
@@ -416,8 +416,8 @@
 ./bin/tests/rwlock_test.c			C	1998,1999,2000,2001,2004,2005,2007
 ./bin/tests/serial_test.c			C	1999,2000,2001,2003,2004,2007
 ./bin/tests/shutdown_test.c			C	1998,1999,2000,2001,2004,2007
-./bin/tests/sig0_test.c				C	2000,2001,2004,2005,2007
-./bin/tests/sock_test.c				C	1998,1999,2000,2001,2004,2007
+./bin/tests/sig0_test.c				C	2000,2001,2004,2005,2007,2008
+./bin/tests/sock_test.c				C	1998,1999,2000,2001,2004,2007,2008
 ./bin/tests/sockaddr/.cvsignore			X	1999,2000,2001
 ./bin/tests/sockaddr/Makefile.in		MAKE	1999,2000,2001,2002,2004,2007
 ./bin/tests/sockaddr/t_sockaddr.c		C	1999,2000,2001,2004,2007
@@ -2056,7 +2056,7 @@
 ./lib/dns/win32/libdns.dsw			X	2001
 ./lib/dns/win32/libdns.mak			X	2001,2002,2003,2004,2005,2006,2007
 ./lib/dns/win32/version.c			C	1998,1999,2000,2001,2004,2007
-./lib/dns/xfrin.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007
+./lib/dns/xfrin.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./lib/dns/zone.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./lib/dns/zonekey.c				C	2001,2003,2004,2005,2007
 ./lib/dns/zt.c					C	1999,2000,2001,2002,2004,2005,2006,2007

From 1d16cf8bb8596c3e4dc1123a5bdf360bf24a272b Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 22 Jul 2008 23:47:04 +0000
Subject: [PATCH 063/135] update copyright notice

---
 bin/named/interfacemgr.c | 42 ++++++++++++++++++++--------------------
 bin/named/lwresd.c       |  8 ++++----
 bin/rndc/rndc.c          | 24 +++++++++++------------
 bin/tests/sig0_test.c    |  4 ++--
 bin/tests/sock_test.c    |  4 ++--
 lib/dns/xfrin.c          | 12 ++++++------
 6 files changed, 47 insertions(+), 47 deletions(-)

diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 3bc685e63f..2ebc2794fb 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.91 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.92 2008/07/22 23:47:04 tbox Exp $ */
 
 /*! \file */
 
@@ -90,7 +90,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 	mgr->generation = 1;
 	mgr->listenon4 = NULL;
 	mgr->listenon6 = NULL;
-	
+
 	ISC_LIST_INIT(mgr->interfaces);
 	ISC_LIST_INIT(mgr->listenon);
 
@@ -323,7 +323,7 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 		goto tcp_listen_failure;
 	}
 
-	/* 
+	/*
 	 * If/when there a multiple filters listen to the
 	 * result.
 	 */
@@ -494,26 +494,26 @@ clearacl(isc_mem_t *mctx, dns_acl_t **aclp) {
 
 static isc_boolean_t
 listenon_is_ip6_any(ns_listenelt_t *elt) {
-        REQUIRE(elt && elt->acl);
-        return dns_acl_isany(elt->acl);
+	REQUIRE(elt && elt->acl);
+	return dns_acl_isany(elt->acl);
 }
 
 static isc_result_t
 setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
 	isc_result_t result;
 	unsigned int prefixlen;
-        isc_netaddr_t *netaddr;
+	isc_netaddr_t *netaddr;
 
-        netaddr = &interface->address;
-	
-        /* First add localhost address */
+	netaddr = &interface->address;
+
+	/* First add localhost address */
 	prefixlen = (netaddr->family == AF_INET) ? 32 : 128;
-        result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable,
-                                       netaddr, prefixlen, ISC_TRUE);
+	result = dns_iptable_addprefix(mgr->aclenv.localhost->iptable,
+				       netaddr, prefixlen, ISC_TRUE);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-        /* Then add localnets prefix */
+	/* Then add localnets prefix */
 	result = isc_netaddr_masktoprefixlen(&interface->netmask,
 					     &prefixlen);
 
@@ -528,11 +528,11 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
 			      "localnets ACL: %s",
 			      interface->name,
 			      isc_result_totext(result));
-	        return (ISC_R_SUCCESS);
+		return (ISC_R_SUCCESS);
 	}
 
-        result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
-                                       netaddr, prefixlen, ISC_TRUE);
+	result = dns_iptable_addprefix(mgr->aclenv.localnets->iptable,
+				       netaddr, prefixlen, ISC_TRUE);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
@@ -542,7 +542,7 @@ setup_locals(ns_interfacemgr_t *mgr, isc_interface_t *interface) {
 static void
 setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
 	       in_port_t port)
-{ 
+{
 	isc_sockaddr_t *addr;
 	isc_sockaddr_t *old;
 
@@ -556,7 +556,7 @@ setup_listenon(ns_interfacemgr_t *mgr, isc_interface_t *interface,
 	     old != NULL;
 	     old = ISC_LIST_NEXT(old, link))
 		if (isc_sockaddr_equal(addr, old))
-			break;	
+			break;
 
 	if (old != NULL)
 		isc_mem_put(mgr->mctx, addr, sizeof(*addr));
@@ -692,7 +692,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
 	{
 		isc_interface_t interface;
 		ns_listenlist_t *ll;
-		unsigned int family; 
+		unsigned int family;
 
 		result = isc_interfaceiter_current(iter, &interface);
 		if (result != ISC_R_SUCCESS)
@@ -876,7 +876,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
 				 "interface iteration failed: %s",
 				 isc_result_totext(result));
-	else 
+	else
 		result = ISC_R_SUCCESS;
  cleanup_iter:
 	isc_interfaceiter_destroy(&iter);
@@ -907,7 +907,7 @@ ns_interfacemgr_scan0(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
 
 	/*
 	 * Warn if we are not listening on any interface, unless
-	 * we're in lwresd-only mode, in which case that is to 
+	 * we're in lwresd-only mode, in which case that is to
 	 * be expected.
 	 */
 	if (ext_listen == NULL &&
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index 73e3c66e36..cd6f2c77b3 100644
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,9 +15,9 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.56 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: lwresd.c,v 1.57 2008/07/22 23:47:04 tbox Exp $ */
 
-/*! \file 
+/*! \file
  * \brief
  * Main program for the Lightweight Resolver Daemon.
  *
@@ -224,7 +224,7 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
 			for (i = 0; i < lwc->searchnxt; i++) {
 				CHECK(buffer_putstr(&b, "\t\t\""));
 				CHECK(buffer_putstr(&b, lwc->search[i]));
-			        CHECK(buffer_putstr(&b, "\";\n"));
+				CHECK(buffer_putstr(&b, "\";\n"));
 			}
 			CHECK(buffer_putstr(&b, "\t};\n"));
 		}
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 8fb88924ed..0977b1a5b0 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.119 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: rndc.c,v 1.120 2008/07/22 23:47:04 tbox Exp $ */
 
 /*! \file */
 
@@ -93,7 +93,7 @@ static void
 usage(int status) {
 	fprintf(stderr, "\
 Usage: %s [-c config] [-s server] [-p port]\n\
-        [-k key-file ] [-y key] [-V] command\n\
+	[-k key-file ] [-y key] [-V] command\n\
 \n\
 command is one of the following:\n\
 \n\
@@ -106,10 +106,10 @@ command is one of the following:\n\
 		Retransfer a single zone without checking serial number.\n\
   freeze	Suspend updates to all dynamic zones.\n\
   freeze zone [class [view]]\n\
-  		Suspend updates to a dynamic zone.\n\
+		Suspend updates to a dynamic zone.\n\
   thaw		Enable updates to all dynamic zones and reload them.\n\
   thaw zone [class [view]]\n\
-  		Enable updates to a frozen dynamic zone and reload it.\n\
+		Enable updates to a frozen dynamic zone and reload it.\n\
   notify zone [class [view]]\n\
 		Resend NOTIFY messages for the zone.\n\
   reconfig	Reload configuration file and new zones only.\n\
@@ -152,7 +152,7 @@ get_addresses(const char *host, in_port_t port) {
 		result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
 					       host);
 		if (result == ISC_R_SUCCESS)
-			nserveraddrs++; 
+			nserveraddrs++;
 	} else {
 		count = SERVERADDRS - nserveraddrs;
 		result = bind9_getaddresses(host, port,
@@ -485,7 +485,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
 		(void)cfg_map_get(config, "server", &servers);
 		if (servers != NULL) {
 			for (elt = cfg_list_first(servers);
-			     elt != NULL; 
+			     elt != NULL;
 			     elt = cfg_list_next(elt))
 			{
 				const char *name;
@@ -521,7 +521,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
 	else {
 		DO("get config key list", cfg_map_get(config, "key", &keys));
 		for (elt = cfg_list_first(keys);
-		     elt != NULL; 
+		     elt != NULL;
 		     elt = cfg_list_next(elt))
 		{
 			key = cfg_listelt_value(elt);
@@ -599,7 +599,7 @@ parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname,
 					get_addresses(name, (in_port_t) myport);
 				else
 					fprintf(stderr, "too many address: "
-					        "%s: dropped\n", name);
+						"%s: dropped\n", name);
 				continue;
 			}
 			sa = *cfg_obj_assockaddr(address);
@@ -741,7 +741,7 @@ main(int argc, char **argv) {
 		case 'y':
 			keyname = isc_commandline_argument;
 			break;
- 
+
 		case '?':
 			if (isc_commandline_option != '?') {
 				fprintf(stderr, "%s: invalid argument -%c\n",
@@ -754,7 +754,7 @@ main(int argc, char **argv) {
 		default:
 			fprintf(stderr, "%s: unhandled option -%c\n",
 				program, isc_commandline_option);
-                        exit(1);
+			exit(1);
 		}
 	}
 
@@ -780,7 +780,7 @@ main(int argc, char **argv) {
 	logdest.file.maximum_size = 0;
 	DO("creating log channel",
 	   isc_log_createchannel(logconfig, "stderr",
-		   		 ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
+				 ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest,
 				 ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL));
 	DO("enabling log channel", isc_log_usechannel(logconfig, "stderr",
 						      NULL, NULL));
diff --git a/bin/tests/sig0_test.c b/bin/tests/sig0_test.c
index 3ca2e6808a..f36bbee02f 100644
--- a/bin/tests/sig0_test.c
+++ b/bin/tests/sig0_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sig0_test.c,v 1.16 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: sig0_test.c,v 1.17 2008/07/22 23:47:04 tbox Exp $ */
 
 #include 
 
diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c
index 1f5dc45f4b..51c968e356 100644
--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1998-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sock_test.c,v 1.53 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: sock_test.c,v 1.54 2008/07/22 23:47:04 tbox Exp $ */
 
 #include 
 
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index b4e887ccb5..b25cdb026b 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.158 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: xfrin.c,v 1.159 2008/07/22 23:47:04 tbox Exp $ */
 
 /*! \file */
 
@@ -253,7 +253,7 @@ static isc_result_t
 axfr_init(dns_xfrin_ctx_t *xfr) {
 	isc_result_t result;
 
- 	xfr->is_ixfr = ISC_FALSE;
+	xfr->is_ixfr = ISC_FALSE;
 
 	if (xfr->db != NULL)
 		dns_db_detach(&xfr->db);
@@ -902,8 +902,8 @@ render(dns_message_t *msg, isc_mem_t *mctx, isc_buffer_t *buf) {
 	CHECK(dns_message_renderend(msg));
 	result = ISC_R_SUCCESS;
  failure:
- 	if (cleanup_cctx)
-	 	dns_compress_invalidate(&cctx);
+	if (cleanup_cctx)
+		dns_compress_invalidate(&cctx);
 	return (result);
 }
 
@@ -1409,7 +1409,7 @@ maybe_free(dns_xfrin_ctx_t *xfr) {
 	if (msecs == 0)
 		msecs = 1;
 	persec = (xfr->nbytes * 1000) / msecs;
-	xfrin_log(xfr, ISC_LOG_INFO, 
+	xfrin_log(xfr, ISC_LOG_INFO,
 		  "Transfer completed: %d messages, %d records, "
 		  "%" ISC_PRINT_QUADFORMAT "u bytes, "
 		  "%u.%03u secs (%u bytes/sec)",

From e8ebdf044d241387bc3140d58fd51db357bad621 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 23 Jul 2008 10:26:54 +0000
Subject: [PATCH 064/135] 2397.   [bug]           gssapi_functions had too many
 elements. [RT #18355]

---
 CHANGES               | 2 ++
 lib/dns/gssapi_link.c | 5 ++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index afa840767f..fbec1ce77d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2397.	[bug]		gssapi_functions had too many elements. [RT #18355]
+
 2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.
 			[RT #18336]
 
diff --git a/lib/dns/gssapi_link.c b/lib/dns/gssapi_link.c
index ed696755b0..2216c962ff 100644
--- a/lib/dns/gssapi_link.c
+++ b/lib/dns/gssapi_link.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: gssapi_link.c,v 1.10 2008/04/03 06:09:04 tbox Exp $
+ * $Id: gssapi_link.c,v 1.11 2008/07/23 10:26:54 marka Exp $
  */
 
 #include 
@@ -291,8 +291,7 @@ static dst_func_t gssapi_functions = {
 	NULL, /*%< fromdns */
 	NULL, /*%< tofile */
 	NULL, /*%< parse */
-	NULL, /*%< cleanup */
-	NULL
+	NULL /*%< cleanup */
 };
 
 isc_result_t

From 673ef465c6a5ba59cf3f8d727aa7cfbdd33d3c2c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 23 Jul 2008 12:06:43 +0000
Subject: [PATCH 065/135] 2398.   [placeholder]

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index fbec1ce77d..7c81914511 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2398.	[placeholder]
+
 2397.	[bug]		gssapi_functions had too many elements. [RT #18355]
 
 2396.	[bug]		Don't set SO_REUSEADDR for randomized ports.

From 5df5127aa4a76fd678e1ea602776a8f0d748c2b4 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 23 Jul 2008 23:19:11 +0000
Subject: [PATCH 066/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 374eb35282..f6390821c1 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -144,6 +144,8 @@ rt18332_v9_3_5_P1		new	fdupont	// 2008-07-20 13:16 +0000
 rt18335				new	fdupont	// 2008-07-20 11:50 +0000
 rt18336				new	fdupont	// 2008-07-21 13:51 +0000
 rt18336p1			new	
+rt18344				new	
+rt18358				new	fdupont	// 2008-07-23 22:35 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 240e53b13217af266abb3dae8ba103614daf2bf7 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 23 Jul 2008 23:27:54 +0000
Subject: [PATCH 067/135] 2396.   [bug]           Don't set SO_REUSEADDR for
 randomized ports.                         [RT #18336] part 2

---
 bin/dig/dighost.c            |  9 +++++----
 bin/named/controlconf.c      |  6 +++---
 bin/named/interfacemgr.c     |  5 +++--
 bin/named/lwresd.c           |  5 +++--
 bin/named/statschannel.c     |  4 ++--
 bin/rndc/rndc.c              |  6 +++---
 bin/tests/sock_test.c        |  4 ++--
 lib/dns/dispatch.c           | 10 +++++-----
 lib/dns/xfrin.c              |  5 +++--
 lib/isc/include/isc/socket.h | 13 +++++++++----
 lib/isc/unix/socket.c        |  7 ++++---
 lib/isc/win32/socket.c       |  7 ++++---
 12 files changed, 46 insertions(+), 35 deletions(-)

diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index e07a98ad96..86659444a9 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.310 2008/07/22 03:43:03 marka Exp $ */
+/* $Id: dighost.c,v 1.311 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file
  *  \note
@@ -2236,7 +2236,8 @@ send_tcp_connect(dig_query_t *query) {
 	sockcount++;
 	debug("sockcount=%d", sockcount);
 	if (specified_source)
-		result = isc_socket_bind(query->sock, &bind_address, 1);
+		result = isc_socket_bind(query->sock, &bind_address,
+					 ISC_SOCKET_REUSEADDRESS);
 	else {
 		if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) &&
 		    have_ipv4)
@@ -2290,8 +2291,8 @@ send_udp(dig_query_t *query) {
 		sockcount++;
 		debug("sockcount=%d", sockcount);
 		if (specified_source) {
-			result = isc_socket_bind(query->sock,
-						 &bind_address, 1);
+			result = isc_socket_bind(query->sock, &bind_address,
+						 ISC_SOCKET_REUSEADDRESS);
 		} else {
 			isc_sockaddr_anyofpf(&bind_any,
 					isc_sockaddr_pf(&query->sockaddr));
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index b5572331f1..766f013ba8 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.59 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: controlconf.c,v 1.60 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -1149,8 +1149,8 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		isc_socket_setname(listener->sock, "control", NULL);
 
 	if (result == ISC_R_SUCCESS)
-		result = isc_socket_bind(listener->sock,
-					 &listener->address, 1);
+		result = isc_socket_bind(listener->sock, &listener->address,
+					 ISC_SOCKET_REUSEADDRESS);
 
 	if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
 		listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 2ebc2794fb..897de28856 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.92 2008/07/22 23:47:04 tbox Exp $ */
+/* $Id: interfacemgr.c,v 1.93 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -308,7 +308,8 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
 #endif
-	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr, 1);
+	result = isc_socket_bind(ifp->tcpsocket, &ifp->addr,
+				 ISC_SOCKET_REUSEADDRESS);
 	if (result != ISC_R_SUCCESS) {
 		isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR,
 				 "binding TCP socket: %s",
diff --git a/bin/named/lwresd.c b/bin/named/lwresd.c
index cd6f2c77b3..4e245fdb3d 100644
--- a/bin/named/lwresd.c
+++ b/bin/named/lwresd.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.57 2008/07/22 23:47:04 tbox Exp $ */
+/* $Id: lwresd.c,v 1.58 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file
  * \brief
@@ -576,7 +576,8 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
 		return (result);
 	}
 
-	result = isc_socket_bind(sock, &listener->address, 1);
+	result = isc_socket_bind(sock, &listener->address,
+				 ISC_SOCKET_REUSEADDRESS);
 	if (result != ISC_R_SUCCESS) {
 		char socktext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(&listener->address, socktext,
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 32a9d6aa1b..0e0a43ec67 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: statschannel.c,v 1.12 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: statschannel.c,v 1.13 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -919,7 +919,7 @@ add_listener(ns_server_t *server, ns_statschannel_t **listenerp,
 	isc_socket_ipv6only(sock, ISC_TRUE);
 #endif
 
-	result = isc_socket_bind(sock, addr, 1);
+	result = isc_socket_bind(sock, addr, ISC_SOCKET_REUSEADDRESS);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index 0977b1a5b0..a867022cee 100644
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.120 2008/07/22 23:47:04 tbox Exp $ */
+/* $Id: rndc.c,v 1.121 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -400,10 +400,10 @@ rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) {
 	DO("create socket", isc_socket_create(socketmgr, pf, type, &sock));
 	switch (isc_sockaddr_pf(addr)) {
 	case AF_INET:
-		DO("bind socket", isc_socket_bind(sock, &local4, 1));
+		DO("bind socket", isc_socket_bind(sock, &local4, 0));
 		break;
 	case AF_INET6:
-		DO("bind socket", isc_socket_bind(sock, &local6, 1));
+		DO("bind socket", isc_socket_bind(sock, &local6, 0));
 		break;
 	default:
 		break;
diff --git a/bin/tests/sock_test.c b/bin/tests/sock_test.c
index 51c968e356..c9612f7894 100644
--- a/bin/tests/sock_test.c
+++ b/bin/tests/sock_test.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sock_test.c,v 1.54 2008/07/22 23:47:04 tbox Exp $ */
+/* $Id: sock_test.c,v 1.55 2008/07/23 23:27:54 marka Exp $ */
 
 #include 
 
@@ -321,7 +321,7 @@ main(int argc, char *argv[]) {
 	}
 	RUNTIME_CHECK(isc_socket_create(socketmgr, pf, isc_sockettype_tcp,
 					&so1) == ISC_R_SUCCESS);
-	result = isc_socket_bind(so1, &sockaddr, 1);
+	result = isc_socket_bind(so1, &sockaddr, ISC_SOCKET_REUSEADDRESS);
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_socket_listen(so1, 0) == ISC_R_SUCCESS);
 
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index bff70414be..53916c07c1 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.148 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: dispatch.c,v 1.149 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -304,7 +304,7 @@ static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 				 isc_boolean_t needaddrtable);
 static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
 static isc_result_t open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
-				int reuseaddr, isc_socket_t **sockp);
+				unsigned int options, isc_socket_t **sockp);
 static isc_boolean_t portavailable(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
 				   isc_sockaddr_t *sockaddrp);
 
@@ -1586,8 +1586,8 @@ destroy_mgr(dns_dispatchmgr_t **mgrp) {
 }
 
 static isc_result_t
-open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, int reuseaddr,
-	    isc_socket_t **sockp)
+open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local,
+	    unsigned int options, isc_socket_t **sockp)
 {
 	isc_socket_t *sock;
 	isc_result_t result;
@@ -1608,7 +1608,7 @@ open_socket(isc_socketmgr_t *mgr, isc_sockaddr_t *local, int reuseaddr,
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(sock, ISC_TRUE);
 #endif
-	result = isc_socket_bind(sock, local, reuseaddr);
+	result = isc_socket_bind(sock, local, options);
 	if (result != ISC_R_SUCCESS) {
 		if (*sockp == NULL)
 			isc_socket_detach(&sock);
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index b25cdb026b..3b2a03c16f 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.159 2008/07/22 23:47:04 tbox Exp $ */
+/* $Id: xfrin.c,v 1.160 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -873,7 +873,8 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
 				&xfr->socket));
 	isc_socket_setname(xfr->socket, "xfrin", NULL);
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
-	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr, 1));
+	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr,
+			      ISC_SOCKET_REUSEADDRESS));
 #endif
 	CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,
 				 xfrin_connect_done, xfr));
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 9de8124987..febb11433f 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.79 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: socket.h,v 1.80 2008/07/23 23:27:54 marka Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -78,6 +78,12 @@ ISC_LANG_BEGINDECLS
  */
 #define ISC_SOCKET_MAXSCATTERGATHER	8
 
+/*%
+ * In isc_socket_bind() set socket option SO_REUSEADDR prior to calling
+ * bind() if a non zero port is specified (AF_INET and AF_INET6).
+ */
+#define ISC_SOCKET_REUSEADDRESS		0x01U
+
 /***
  *** Types
  ***/
@@ -406,7 +412,8 @@ isc_socket_close(isc_socket_t *sock);
  */
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, int reuseaddr);
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp,
+	        unsigned int options);
 /*%<
  * Bind 'socket' to '*addressp'.
  *
@@ -416,8 +423,6 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp, int reuseaddr);
  *
  * \li	'addressp' points to a valid isc_sockaddr.
  *
- * \li	'reuseaddr' asks to set SO_REUSEADDR (if the port is not 0).
-
  * Returns:
  *
  * \li	ISC_R_SUCCESS
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 38c8573cbe..77b65eae13 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.290 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: socket.c,v 1.291 2008/07/23 23:27:54 marka Exp $ */
 
 /*! \file */
 
@@ -4170,7 +4170,8 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, 
+		unsigned int options) {
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;
 
@@ -4189,7 +4190,7 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
 	if (sock->pf == AF_UNIX)
 		goto bind_socket;
 #endif
-	if (reuseaddr &&
+	if ((options & ISC_SOCKET_REUSEADDRESS) != 0 &&
 	    isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
 	    setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		       sizeof(on)) < 0) {
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 80b2bd3c9f..429c0c9c77 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.59 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: socket.c,v 1.60 2008/07/23 23:27:54 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -3308,7 +3308,8 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr,
+	        unsigned int options) {
 	int bind_errno;
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;
@@ -3324,7 +3325,7 @@ isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, int reuseaddr) {
 	/*
 	 * Only set SO_REUSEADDR when we want a specific port.
 	 */
-	if (reuseaddr &&
+	if ((options & ISC_SOCKET_REUSEADDRESS) != 0 &&
 	    isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
 	    setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
 		       sizeof(on)) < 0) {

From 74157722706a1cdcd1f0dcc7d61613d0c592f332 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 23 Jul 2008 23:47:07 +0000
Subject: [PATCH 068/135] update copyright notice

---
 lib/isc/include/isc/socket.h | 4 ++--
 lib/isc/unix/socket.c        | 4 ++--
 lib/isc/win32/socket.c       | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index febb11433f..600cf977a3 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.80 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: socket.h,v 1.81 2008/07/23 23:47:07 tbox Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -413,7 +413,7 @@ isc_socket_close(isc_socket_t *sock);
 
 isc_result_t
 isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *addressp,
-	        unsigned int options);
+		unsigned int options);
 /*%<
  * Bind 'socket' to '*addressp'.
  *
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 77b65eae13..5a25f4dcf9 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.291 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: socket.c,v 1.292 2008/07/23 23:47:07 tbox Exp $ */
 
 /*! \file */
 
@@ -4170,7 +4170,7 @@ isc_socket_permunix(isc_sockaddr_t *sockaddr, isc_uint32_t perm,
 }
 
 isc_result_t
-isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr, 
+isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr,
 		unsigned int options) {
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 429c0c9c77..d8da30d7e7 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.60 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: socket.c,v 1.61 2008/07/23 23:47:07 tbox Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -3309,7 +3309,7 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
 
 isc_result_t
 isc_socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr,
-	        unsigned int options) {
+		unsigned int options) {
 	int bind_errno;
 	char strbuf[ISC_STRERRORSIZE];
 	int on = 1;

From 05b8187cb3cf03fbd75af1afdacc4aefb373e37b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 24 Jul 2008 04:53:34 +0000
Subject: [PATCH 069/135] 2399.	[placeholder]

---
 CHANGES | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGES b/CHANGES
index 7c81914511..725b51975f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2399.	[placeholder]
+
 2398.	[placeholder]
 
 2397.	[bug]		gssapi_functions had too many elements. [RT #18355]

From 72e52e1a0325bd113c87cc15361527a924ac9825 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 24 Jul 2008 04:54:44 +0000
Subject: [PATCH 070/135] comment wording

---
 lib/dns/resolver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index bc556eb214..fb46050ca7 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.374 2008/07/22 03:43:04 marka Exp $ */
+/* $Id: resolver.c,v 1.375 2008/07/24 04:54:44 jinmei Exp $ */
 
 /*! \file */
 
@@ -2805,7 +2805,7 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) {
 		 * them keep going.  Since we normally use separate sockets for
 		 * different queries, we adopt the former approach to reduce
 		 * the number of open sockets: cancel the oldest query if it
-		 * expired before the query had started (this is usually the
+		 * expired after the query had started (this is usually the
 		 * case but is not always so, depending on the task schedule
 		 * timing).
 		 */

From 0cdb53f093f5814b40a68848025dd8d7e9ef2e9b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 24 Jul 2008 05:19:15 +0000
Subject: [PATCH 071/135] 2400.	[bug]		Log if
 kqueue()/epoll_create()/opne(devpoll) fails. 			[RT #18297]

---
 CHANGES               |  3 +++
 lib/isc/unix/socket.c | 23 ++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 725b51975f..e248d9c6d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2400.	[bug]		Log if kqueue()/epoll_create()/opne(devpoll) fails.
+			[RT #18297]
+
 2399.	[placeholder]
 
 2398.	[placeholder]
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 5a25f4dcf9..33425ce809 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.292 2008/07/23 23:47:07 tbox Exp $ */
+/* $Id: socket.c,v 1.293 2008/07/24 05:19:15 jinmei Exp $ */
 
 /*! \file */
 
@@ -3188,6 +3188,9 @@ watcher(void *uap) {
 static isc_result_t
 setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	isc_result_t result;
+#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
+	char strbuf[ISC_STRERRORSIZE];
+#endif
 
 #ifdef USE_KQUEUE
 	manager->nevents = ISC_SOCKET_MAXEVENTS;
@@ -3198,6 +3201,12 @@ setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	manager->kqueue_fd = kqueue();
 	if (manager->kqueue_fd == -1) {
 		result = isc__errno2result(errno);
+		isc__strerror(errno, strbuf, sizeof(strbuf));
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "kqueue %s: %s",
+				 isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
+						ISC_MSG_FAILED, "failed"),
+				 strbuf);
 		isc_mem_put(mctx, manager->events,
 			    sizeof(struct kevent) * manager->nevents);
 		return (result);
@@ -3221,6 +3230,12 @@ setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	manager->epoll_fd = epoll_create(manager->nevents);
 	if (manager->epoll_fd == -1) {
 		result = isc__errno2result(errno);
+		isc__strerror(errno, strbuf, sizeof(strbuf));
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "epoll_create %s: %s",
+				 isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
+						ISC_MSG_FAILED, "failed"),
+				 strbuf);
 		isc_mem_put(mctx, manager->events,
 			    sizeof(struct epoll_event) * manager->nevents);
 		return (result);
@@ -3259,6 +3274,12 @@ setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	manager->devpoll_fd = open("/dev/poll", O_RDWR);
 	if (manager->devpoll_fd == -1) {
 		result = isc__errno2result(errno);
+		isc__strerror(errno, strbuf, sizeof(strbuf));
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "open(/dev/poll) %s: %s",
+				 isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
+						ISC_MSG_FAILED, "failed"),
+				 strbuf);
 		isc_mem_put(mctx, manager->events,
 			    sizeof(struct pollfd) * manager->nevents);
 		isc_mem_put(mctx, manager->fdpollinfo,

From 09477e188f874c8c43a90f050733b114385992dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 24 Jul 2008 05:28:33 +0000
Subject: [PATCH 072/135] spelling

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index e248d9c6d7..cf76152bbf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-2400.	[bug]		Log if kqueue()/epoll_create()/opne(devpoll) fails.
+2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
 			[RT #18297]
 
 2399.	[placeholder]

From bd7e02a3378274436e30beecca33bf7889182776 Mon Sep 17 00:00:00 2001
From: Francis Dupont 
Date: Thu, 24 Jul 2008 09:50:21 +0000
Subject: [PATCH 073/135] Expect to get E[MN]FILE errno internal_accept() [RT
 #18358]

---
 CHANGES                |  3 +++
 lib/isc/unix/socket.c  | 15 ++++++++++++---
 lib/isc/win32/socket.c | 13 +++++++++++--
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index cf76152bbf..4ff2c5fa6c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
+			(from accept() or fcntl() system calls). [RT #18358]
+
 2400.	[bug]		Log if kqueue()/epoll_create()/open(/dev/poll) fails.
 			[RT #18297]
 
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 33425ce809..09582d3028 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.293 2008/07/24 05:19:15 jinmei Exp $ */
+/* $Id: socket.c,v 1.294 2008/07/24 09:50:21 fdupont Exp $ */
 
 /*! \file */
 
@@ -2511,7 +2511,7 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 		(void)close(fd);
 		errno = tmp;
 		fd = new;
-		err = "fcntl";
+		err = "accept/fcntl";
 	}
 #endif
 
@@ -2519,8 +2519,17 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 		if (SOFT_ERROR(errno))
 			goto soft_error;
 		switch (errno) {
-		case ENOBUFS:
 		case ENFILE:
+		case EMFILE:
+			isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL,
+				       ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+				       isc_msgcat, ISC_MSGSET_SOCKET,
+				       ISC_MSG_TOOMANYFDS,
+				       "%s: too many open file descriptors",
+				       err);
+			goto soft_error;
+
+		case ENOBUFS:
 		case ENOMEM:
 		case ECONNRESET:
 		case ECONNABORTED:
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index d8da30d7e7..ed6132eeff 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.61 2008/07/23 23:47:07 tbox Exp $ */
+/* $Id: socket.c,v 1.62 2008/07/24 09:50:21 fdupont Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -2238,7 +2238,16 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 		    (void *)&addrlen);
 	if (fd == INVALID_SOCKET) {
 		accept_errno = WSAGetLastError();
-		if (SOFT_ERROR(accept_errno) || accept_errno == WSAECONNRESET) {
+		if (accept_errno == WSAEMFILE) {
+			isc_log_iwrite(isc_lctx, ISC_LOGCATEGORY_GENERAL,
+				       ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+				       isc_msgcat, ISC_MSGSET_SOCKET,
+				       ISC_MSG_TOOMANYFDS,
+				       "%s: too many open file descriptors",
+				       "accept");
+			goto soft_error;
+		} else if (SOFT_ERROR(accept_errno) ||
+			   accept_errno == WSAECONNRESET) {
 			goto soft_error;
 		} else {
 			isc__strerror(accept_errno, strbuf, sizeof(strbuf));

From a60ac36ef27b0c3d8eba30c75a6109ece5bf50f7 Mon Sep 17 00:00:00 2001
From: Jeremy Reed 
Date: Thu, 24 Jul 2008 21:31:09 +0000
Subject: [PATCH 074/135] Grammar fix from justinpryzby@users.sourceforge.net
 via info@isc.org.

---
 doc/arm/Bv9ARM-book.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 18dd545197..ad30cf4a80 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -8328,7 +8328,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
           
             Zones defined within a view
             statement will
-            be only be accessible to clients that match the view.
+            only be accessible to clients that match the view.
             By defining a zone of the same name in multiple views, different
             zone data can be given to different clients, for example,
             "internal"

From d01e14dc0bfc700a8d72e9676fc8aa66c237151f Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 25 Jul 2008 01:12:09 +0000
Subject: [PATCH 075/135] regen

---
 doc/arm/Bv9ARM.ch06.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index fe4c535ac5..38d0de4c21 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -4921,7 +4921,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

             Zones defined within a view
             statement will
-            be only be accessible to clients that match the view.
+            only be accessible to clients that match the view.
             By defining a zone of the same name in multiple views, different
             zone data can be given to different clients, for example,
             "internal"

From cbb8a1b7cbab933795ddee4f05f4eb5074a68e6c Mon Sep 17 00:00:00 2001
From: Francis Dupont 
Date: Fri, 25 Jul 2008 20:40:07 +0000
Subject: [PATCH 076/135] Support Solaris 2.11 and over. [RT #18362]

---
 CHANGES                      | 2 ++
 bin/tests/system/ifconfig.sh | 6 +++---
 configure                    | 4 ++--
 configure.in                 | 4 ++--
 lib/bind/configure           | 2 +-
 lib/bind/configure.in        | 4 ++--
 6 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4ff2c5fa6c..b6c81b3d65 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2402.	[port]		Support Solaris 2.11 and over. [RT #18362]
+
 2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
 			(from accept() or fcntl() system calls). [RT #18358]
 
diff --git a/bin/tests/system/ifconfig.sh b/bin/tests/system/ifconfig.sh
index da08026d0c..da448e1071 100644
--- a/bin/tests/system/ifconfig.sh
+++ b/bin/tests/system/ifconfig.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: ifconfig.sh,v 1.53 2008/03/03 23:47:02 tbox Exp $
+# $Id: ifconfig.sh,v 1.54 2008/07/25 20:40:07 fdupont Exp $
 
 #
 # Set up interface aliases for bind9 system tests.
@@ -72,7 +72,7 @@ case "$1" in
 		    *-sun-solaris2.[6-7])
 			ifconfig lo0:$int 10.53.0.$ns netmask 0xffffffff up
 			;;
-		    *-*-solaris2.[8-9]|*-*-solaris2.10)
+		    *-*-solaris2.[8-9]|*-*-solaris2.1[0-9])
     			/sbin/ifconfig lo0:$int plumb
 			/sbin/ifconfig lo0:$int 10.53.0.$ns up
 			;;
@@ -135,7 +135,7 @@ case "$1" in
 		    *-sun-solaris2.[6-7])
 			ifconfig lo0:$int 10.53.0.$ns down
 			;;
-		    *-*-solaris2.[8-9]|*-*-solaris2.10)
+		    *-*-solaris2.[8-9]|*-*-solaris2.1[0-9])
 			ifconfig lo0:$int 10.53.0.$ns down
 			ifconfig lo0:$int 10.53.0.$ns unplumb
 			;;
diff --git a/configure b/configure
index 2428e85ba1..94c4ba17f0 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.430 2008/06/23 19:42:21 jinmei Exp $
+# $Id: configure,v 1.431 2008/07/25 20:40:05 fdupont Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -28898,7 +28898,7 @@ case "$host" in
 	*-solaris2.[89])
 		hack_shutup_pthreadonceinit=yes
 		;;
-	*-solaris2.10)
+	*-solaris2.1[0-9])
 		hack_shutup_pthreadonceinit=yes
 		;;
 esac
diff --git a/configure.in b/configure.in
index 0ed9c480c5..452a91da1a 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.444 $)
+AC_REVISION($Revision: 1.445 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -2072,7 +2072,7 @@ case "$host" in
 	[*-solaris2.[89]])
 		hack_shutup_pthreadonceinit=yes
 		;;
-	*-solaris2.10)
+	*-solaris2.1[0-9])
 		hack_shutup_pthreadonceinit=yes
 		;;
 esac
diff --git a/lib/bind/configure b/lib/bind/configure
index 556b618c17..077268f677 100644
--- a/lib/bind/configure
+++ b/lib/bind/configure
@@ -32755,7 +32755,7 @@ case "$host" in
 	*-solaris2.9)
 		hack_shutup_in6addr_init_macros=yes
 		;;
-	*-solaris2.10)
+	*-solaris2.1[0-9])
 		hack_shutup_in6addr_init_macros=yes
 		;;
 esac
diff --git a/lib/bind/configure.in b/lib/bind/configure.in
index 623625e1f9..616a19abd3 100644
--- a/lib/bind/configure.in
+++ b/lib/bind/configure.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-AC_REVISION($Revision: 1.135 $)
+AC_REVISION($Revision: 1.136 $)
 
 AC_INIT(resolv/herror.c)
 AC_PREREQ(2.13)
@@ -2778,7 +2778,7 @@ case "$host" in
 	*-solaris2.9)
 		hack_shutup_in6addr_init_macros=yes
 		;;
-	*-solaris2.10)
+	*-solaris2.1[0-9])
 		hack_shutup_in6addr_init_macros=yes
 		;;
 esac

From 481e9b573b8233f8678c1dd4549c8c949312e81d Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 28 Jul 2008 08:39:52 +0000
Subject: [PATCH 077/135] 2403.   [bug]           TSIG context leak. [RT
 #18341]

---
 CHANGES           |  2 ++
 lib/dns/message.c |  5 ++++-
 lib/dns/xfrin.c   | 14 ++++++++++++--
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index b6c81b3d65..43c1ad676f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2403.	[bug]		TSIG context leak. [RT #18341]
+
 2402.	[port]		Support Solaris 2.11 and over. [RT #18362]
 
 2401.	[bug]		Expect to get E[MN]FILE errno internal_accept()
diff --git a/lib/dns/message.c b/lib/dns/message.c
index 48e8f6f9df..d91bccc66d 100644
--- a/lib/dns/message.c
+++ b/lib/dns/message.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.243 2008/04/03 10:45:35 marka Exp $ */
+/* $Id: message.c,v 1.244 2008/07/28 08:39:52 marka Exp $ */
 
 /*! \file */
 
@@ -622,6 +622,9 @@ msgreset(dns_message_t *msg, isc_boolean_t everything) {
 		msg->tsigkey = NULL;
 	}
 
+	if (msg->tsigctx != NULL)
+		dst_context_destroy(&msg->tsigctx);
+
 	if (msg->query.base != NULL) {
 		if (msg->free_query != 0)
 			isc_mem_put(msg->mctx, msg->query.base,
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index 3b2a03c16f..b3586d6f6b 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.160 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: xfrin.c,v 1.161 2008/07/28 08:39:52 marka Exp $ */
 
 /*! \file */
 
@@ -1075,6 +1075,8 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) {
 	xfr->nbytes = 0;
 	isc_time_now(&xfr->start);
 	msg->id = xfr->id;
+	if (xfr->tsigctx != NULL)
+		dst_context_destroy(&xfr->tsigctx);
 
 	CHECK(render(msg, xfr->mctx, &xfr->qbuffer));
 
@@ -1210,7 +1212,10 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
 
 	CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
 	CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
+
 	msg->tsigctx = xfr->tsigctx;
+	xfr->tsigctx = NULL;
+	
 	if (xfr->nmsg > 0)
 		msg->tcp_continuation = 1;
 
@@ -1328,9 +1333,11 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
 	xfr->nbytes += tcpmsg->buffer.used;
 
 	/*
-	 * Copy the context back.
+	 * Take the context back.
 	 */
+	INSIST(xfr->tsigctx == NULL);
 	xfr->tsigctx = msg->tsigctx;
+	msg->tsigctx = NULL;
 
 	dns_message_destroy(&msg);
 
@@ -1444,6 +1451,9 @@ maybe_free(dns_xfrin_ctx_t *xfr) {
 	if (xfr->tcpmsg_valid)
 		dns_tcpmsg_invalidate(&xfr->tcpmsg);
 
+	if (xfr->tsigctx != NULL)
+		dst_context_destroy(&xfr->tsigctx);
+
 	if ((xfr->name.attributes & DNS_NAMEATTR_DYNAMIC) != 0)
 		dns_name_free(&xfr->name, xfr->mctx);
 

From 7999db4215b9398d4598ac0156ff097cda40402b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Mon, 28 Jul 2008 22:36:36 +0000
Subject: [PATCH 078/135] 2404.   [port]          hpux: files unlimited
 support.

---
 CHANGES                 |  2 ++
 lib/isc/unix/resource.c | 24 +++++++++++++++++++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 43c1ad676f..5f164bb14f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2404.	[port]		hpux: files unlimited support.
+
 2403.	[bug]		TSIG context leak. [RT #18341]
 
 2402.	[port]		Support Solaris 2.11 and over. [RT #18362]
diff --git a/lib/isc/unix/resource.c b/lib/isc/unix/resource.c
index f422cb1876..767d2ba98c 100644
--- a/lib/isc/unix/resource.c
+++ b/lib/isc/unix/resource.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.19 2008/07/21 03:37:17 marka Exp $ */
+/* $Id: resource.c,v 1.20 2008/07/28 22:36:36 marka Exp $ */
 
 #include 
 
@@ -32,6 +32,10 @@
 #include 	/* To get the large NR_OPEN. */
 #endif
 
+#ifdef __hpux
+#include 
+#endif
+
 #include "errno2result.h"
 
 static isc_result_t
@@ -166,7 +170,25 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) {
 		if (unixresult == 0)
 			return (ISC_R_SUCCESS);
 	}
+#elif defined(__hpux)
+	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
+		uint64_t maxfiles;
+		if (gettune("maxfiles_lim", &maxfiles) == 0) {
+			rl.rlim_cur = rl.rlim_max = maxfiles;
+			unixresult = setrlimit(unixresource, &rl);
+			if (unixresult == 0)
+				return (ISC_R_SUCCESS);
+		}
+	}
 #endif
+	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
+		if (getrlimit(unixresource, &rl) == 0) {
+			rl.rlim_cur = rl.rlim_max;
+			unixresult = setrlimit(unixresource, &rl);
+			if (unixresult == 0)
+				return (ISC_R_SUCCESS);
+		}
+	}
 	return (isc__errno2result(errno));
 }
 

From 87204328a41065c5889e532617fc07034dfe204b Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 28 Jul 2008 23:19:20 +0000
Subject: [PATCH 079/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index f6390821c1..a3437074da 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -146,6 +146,8 @@ rt18336				new	fdupont	// 2008-07-21 13:51 +0000
 rt18336p1			new	
 rt18344				new	
 rt18358				new	fdupont	// 2008-07-23 22:35 +0000
+rt18374				new	mayer	// 2008-07-28 02:48 +0000
+rt18374_v9_5			new	mayer	// 2008-07-28 13:32 +0000
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From 9d9989f4cca96bcc30e9f0da01c5b5b9d9cc9ca6 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Mon, 28 Jul 2008 23:47:22 +0000
Subject: [PATCH 080/135] update copyright notice

---
 lib/dns/xfrin.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index b3586d6f6b..681aede38f 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.161 2008/07/28 08:39:52 marka Exp $ */
+/* $Id: xfrin.c,v 1.162 2008/07/28 23:47:22 tbox Exp $ */
 
 /*! \file */
 
@@ -1215,7 +1215,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
 
 	msg->tsigctx = xfr->tsigctx;
 	xfr->tsigctx = NULL;
-	
+
 	if (xfr->nmsg > 0)
 		msg->tcp_continuation = 1;
 

From e43b095921450c34288cadc3406f49c84a0e4d46 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Tue, 29 Jul 2008 02:21:27 +0000
Subject: [PATCH 081/135] added note about dnssec-validation change

---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 5f164bb14f..6eeea1e2a8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2405.   [cleanup]       The default value for dnssec-validation was changed to
+                        "yes" in 9.5.0-P1 and all subsequent releases; this
+                        was inadvertently omitted from CHANGES at the time.
+
 2404.	[port]		hpux: files unlimited support.
 
 2403.	[bug]		TSIG context leak. [RT #18341]

From 6769ce7c7b38ae31887203aa1770692b3be92705 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 29 Jul 2008 22:09:53 +0000
Subject: [PATCH 082/135] typo

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 6eeea1e2a8..06f8007031 100644
--- a/CHANGES
+++ b/CHANGES
@@ -909,7 +909,7 @@
 2111.	[bug]		Fix a number of errors reported by Coverity.
 			[RT #16507]
 
-2110.	[bug]		"minimal-response yes;" interacted badly with BIND 8
+2110.	[bug]		"minimal-responses yes;" interacted badly with BIND 8
 			priming queries. [RT #16491]
 
 2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]

From ab48db2381cd5254309b0ec8b00984c5b8d50ba8 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 29 Jul 2008 23:19:07 +0000
Subject: [PATCH 083/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index a3437074da..b494bd00a4 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -146,6 +146,7 @@ rt18336				new	fdupont	// 2008-07-21 13:51 +0000
 rt18336p1			new	
 rt18344				new	
 rt18358				new	fdupont	// 2008-07-23 22:35 +0000
+rt18370				new	mayer	// 2008-07-29 01:55 +0000
 rt18374				new	mayer	// 2008-07-28 02:48 +0000
 rt18374_v9_5			new	mayer	// 2008-07-28 13:32 +0000
 shane_dbbackend			open	

From 749739f4bf31a8e0a4f6d7b509b93a17fe2ef8b9 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 31 Jul 2008 23:18:58 +0000
Subject: [PATCH 084/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index b494bd00a4..5b2f20f798 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -149,6 +149,7 @@ rt18358				new	fdupont	// 2008-07-23 22:35 +0000
 rt18370				new	mayer	// 2008-07-29 01:55 +0000
 rt18374				new	mayer	// 2008-07-28 02:48 +0000
 rt18374_v9_5			new	mayer	// 2008-07-28 13:32 +0000
+rt18411				new	
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From dbe9f900ecbefb34e960b69b41b9ecde36e0a256 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 1 Aug 2008 19:04:02 +0000
Subject: [PATCH 085/135] 2406.	[bug]		Sockets could be closed too
 early, leading to 			inconsistent states in the socket
 module. [RT #18298]

---
 CHANGES               |  3 ++
 lib/isc/unix/socket.c | 95 +++++++++++++++++++++++++++----------------
 2 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/CHANGES b/CHANGES
index 06f8007031..45c798c627 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2406.	[bug]		Sockets could be closed too early, leading to
+			inconsistent states in the socket module. [RT #18298]
+
 2405.   [cleanup]       The default value for dnssec-validation was changed to
                         "yes" in 9.5.0-P1 and all subsequent releases; this
                         was inadvertently omitted from CHANGES at the time.
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 09582d3028..82d643ab7b 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.294 2008/07/24 09:50:21 fdupont Exp $ */
+/* $Id: socket.c,v 1.295 2008/08/01 19:04:02 jinmei Exp $ */
 
 /*! \file */
 
@@ -333,7 +333,6 @@ static isc_socketmgr_t *socketmgr = NULL;
 #define CLOSED			0	/* this one must be zero */
 #define MANAGED			1
 #define CLOSE_PENDING		2
-#define MANAGER_CLOSE_PENDING	3
 
 /*
  * send() and recv() iovec counts
@@ -589,7 +588,6 @@ unwatch_fd(isc_socketmgr_t *manager, int fd, int msg) {
 static void
 wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) {
 	isc_result_t result;
-	isc_boolean_t needclose;
 	int lockid = FDLOCK_ID(fd);
 
 	/*
@@ -600,11 +598,18 @@ wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) {
 
 	INSIST(fd >= 0 && fd < (int)manager->maxsocks);
 
-	LOCK(&manager->fdlock[lockid]);
-	if (manager->fdstate[fd] == CLOSE_PENDING
-	    || manager->fdstate[fd] == MANAGER_CLOSE_PENDING) {
-		needclose = ISC_TF(manager->fdstate[fd] == CLOSE_PENDING);
+	if (msg == SELECT_POKE_CLOSE) {
+		/* No one should be updating fdstate, so no need to lock it */
+		INSIST(manager->fdstate[fd] == CLOSE_PENDING);
 		manager->fdstate[fd] = CLOSED;
+		(void)unwatch_fd(manager, fd, SELECT_POKE_READ);
+		(void)unwatch_fd(manager, fd, SELECT_POKE_WRITE);
+		(void)close(fd);
+		return;
+	}
+
+	LOCK(&manager->fdlock[lockid]);
+	if (manager->fdstate[fd] == CLOSE_PENDING) {
 		UNLOCK(&manager->fdlock[lockid]);
 
 		/*
@@ -617,8 +622,6 @@ wakeup_socket(isc_socketmgr_t *manager, int fd, int msg) {
 		 */
 		(void)unwatch_fd(manager, fd, SELECT_POKE_READ);
 		(void)unwatch_fd(manager, fd, SELECT_POKE_WRITE);
-		if (needclose)
-			(void)close(fd);
 		return;
 	}
 	if (manager->fdstate[fd] != MANAGED) {
@@ -1520,11 +1523,24 @@ closesocket(isc_socketmgr_t *manager, isc_sockettype_t type, int fd) {
 	LOCK(&manager->fdlock[lockid]);
 	manager->fds[fd] = NULL;
 	if (type == isc_sockettype_fdwatch)
-		manager->fdstate[fd] = MANAGER_CLOSE_PENDING;
+		manager->fdstate[fd] = CLOSED;
 	else
 		manager->fdstate[fd] = CLOSE_PENDING;
 	UNLOCK(&manager->fdlock[lockid]);
-	select_poke(manager, fd, SELECT_POKE_CLOSE);
+	if (type == isc_sockettype_fdwatch) {
+		/*
+		 * The caller may close the socket once this function returns,
+		 * and `fd' may be reassigned for a new socket.  So we do
+		 * unwatch_fd() here, rather than defer it via select_poke().
+		 * Note: this may complicate data protection among threads and
+		 * may reduce performance due to additional locks.  One way to
+		 * solve this would be to dup() the watched descriptor, but we
+		 * take a simpler approach at this moment.
+		 */
+		(void)unwatch_fd(manager, fd, SELECT_POKE_READ);
+		(void)unwatch_fd(manager, fd, SELECT_POKE_WRITE);
+	} else
+		select_poke(manager, fd, SELECT_POKE_CLOSE);
 
 	/*
 	 * update manager->maxfd here (XXX: this should be implemented more
@@ -2255,15 +2271,7 @@ dispatch_recv(isc_socket_t *sock) {
 	isc_socketevent_t *ev;
 	isc_task_t *sender;
 
-#if 0
-	/*
-	 * XXXJT: this assertion seems to strong, but leave it here for
-	 * reference.
-	 */
 	INSIST(!sock->pending_recv);
-#endif
-	if (sock->pending_recv != 0)
-		return;
 
 	if (sock->type != isc_sockettype_fdwatch) {
 		ev = ISC_LIST_HEAD(sock->recv_list);
@@ -2880,23 +2888,17 @@ process_fd(isc_socketmgr_t *manager, int fd, isc_boolean_t readable,
 {
 	isc_socket_t *sock;
 	isc_boolean_t unlock_sock;
-	isc_boolean_t needclose;
 	int lockid = FDLOCK_ID(fd);
 
 	/*
-	 * If we need to close the socket, do it now.
+	 * If the socket is going to be closed, don't do more I/O.
 	 */
 	LOCK(&manager->fdlock[lockid]);
-	if (manager->fdstate[fd] == CLOSE_PENDING
-	    || manager->fdstate[fd] == MANAGER_CLOSE_PENDING) {
-		needclose = ISC_TF(manager->fdstate[fd] == CLOSE_PENDING);
-		manager->fdstate[fd] = CLOSED;
+	if (manager->fdstate[fd] == CLOSE_PENDING) {
 		UNLOCK(&manager->fdlock[lockid]);
 
 		(void)unwatch_fd(manager, fd, SELECT_POKE_READ);
 		(void)unwatch_fd(manager, fd, SELECT_POKE_WRITE);
-		if (needclose)
-			(void)close(fd);
 		return;
 	}
 
@@ -2946,6 +2948,9 @@ process_fds(isc_socketmgr_t *manager, struct kevent *events, int nevents) {
 	int i;
 	isc_boolean_t readable, writable;
 	isc_boolean_t done = ISC_FALSE;
+#ifdef ISC_PLATFORM_USETHREADS
+	isc_boolean_t have_ctlevent = ISC_FALSE;
+#endif
 
 	if (nevents == manager->nevents) {
 		/*
@@ -2963,7 +2968,7 @@ process_fds(isc_socketmgr_t *manager, struct kevent *events, int nevents) {
 		REQUIRE(events[i].ident < manager->maxsocks);
 #ifdef ISC_PLATFORM_USETHREADS
 		if (events[i].ident == (uintptr_t)manager->pipe_fds[0]) {
-			done = process_ctlfd(manager);
+			have_ctlevent = ISC_TRUE;
 			continue;
 		}
 #endif
@@ -2972,6 +2977,11 @@ process_fds(isc_socketmgr_t *manager, struct kevent *events, int nevents) {
 		process_fd(manager, events[i].ident, readable, writable);
 	}
 
+#ifdef ISC_PLATFORM_USETHREADS
+	if (have_ctlevent)
+		done = process_ctlfd(manager);
+#endif
+
 	return (done);
 }
 #elif defined(USE_EPOLL)
@@ -2979,6 +2989,9 @@ static isc_boolean_t
 process_fds(isc_socketmgr_t *manager, struct epoll_event *events, int nevents) {
 	int i;
 	isc_boolean_t done = ISC_FALSE;
+#ifdef ISC_PLATFORM_USETHREADS
+	isc_boolean_t have_ctlevent = ISC_FALSE;
+#endif
 
 	if (nevents == manager->nevents) {
 		manager_log(manager, ISC_LOGCATEGORY_GENERAL,
@@ -2991,7 +3004,7 @@ process_fds(isc_socketmgr_t *manager, struct epoll_event *events, int nevents) {
 		REQUIRE(events[i].data.fd < (int)manager->maxsocks);
 #ifdef ISC_PLATFORM_USETHREADS
 		if (events[i].data.fd == manager->pipe_fds[0]) {
-			done = process_ctlfd(manager);
+			have_ctlevent = ISC_TRUE;
 			continue;
 		}
 #endif
@@ -3011,6 +3024,11 @@ process_fds(isc_socketmgr_t *manager, struct epoll_event *events, int nevents) {
 			   (events[i].events & EPOLLOUT) != 0);
 	}
 
+#ifdef ISC_PLATFORM_USETHREADS
+	if (have_ctlevent)
+		done = process_ctlfd(manager);
+#endif
+
 	return (done);
 }
 #elif defined(USE_DEVPOLL)
@@ -3018,6 +3036,9 @@ static isc_boolean_t
 process_fds(isc_socketmgr_t *manager, struct pollfd *events, int nevents) {
 	int i;
 	isc_boolean_t done = ISC_FALSE;
+#ifdef ISC_PLATFORM_USETHREADS
+	isc_boolean_t have_ctlevent = ISC_FALSE;
+#endif
 
 	if (nevents == manager->nevents) {
 		manager_log(manager, ISC_LOGCATEGORY_GENERAL,
@@ -3030,7 +3051,7 @@ process_fds(isc_socketmgr_t *manager, struct pollfd *events, int nevents) {
 		REQUIRE(events[i].fd < (int)manager->maxsocks);
 #ifdef ISC_PLATFORM_USETHREADS
 		if (events[i].fd == manager->pipe_fds[0]) {
-			done = process_ctlfd(manager);
+			have_ctlevent = ISC_TRUE;
 			continue;
 		}
 #endif
@@ -3039,6 +3060,11 @@ process_fds(isc_socketmgr_t *manager, struct pollfd *events, int nevents) {
 			   (events[i].events & POLLOUT) != 0);
 	}
 
+#ifdef ISC_PLATFORM_USETHREADS
+	if (have_ctlevent)
+		done = process_ctlfd(manager);
+#endif
+
 	return (done);
 }
 #elif defined(USE_SELECT)
@@ -3172,13 +3198,13 @@ watcher(void *uap) {
 #if defined(USE_KQUEUE) || defined (USE_EPOLL) || defined (USE_DEVPOLL)
 		done = process_fds(manager, manager->events, cc);
 #elif defined(USE_SELECT)
+		process_fds(manager, maxfd, &readfds, &writefds);
+
 		/*
 		 * Process reads on internal, control fd.
 		 */
 		if (FD_ISSET(ctlfd, &readfds))
 			done = process_ctlfd(manager);
-
-		process_fds(manager, maxfd, &readfds, &writefds);
 #endif
 	}
 
@@ -3684,7 +3710,7 @@ socket_recv(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task,
 		 * Enqueue the request.  If the socket was previously not being
 		 * watched, poke the watcher to start paying attention to it.
 		 */
-		if (ISC_LIST_EMPTY(sock->recv_list))
+		if (ISC_LIST_EMPTY(sock->recv_list) && !sock->pending_recv)
 			select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
 		ISC_LIST_ENQUEUE(sock->recv_list, dev, ev_link);
 
@@ -3881,7 +3907,8 @@ socket_send(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task,
 			 * not being watched, poke the watcher to start
 			 * paying attention to it.
 			 */
-			if (ISC_LIST_EMPTY(sock->send_list))
+			if (ISC_LIST_EMPTY(sock->send_list) &&
+			    !sock->pending_send)
 				select_poke(sock->manager, sock->fd,
 					    SELECT_POKE_WRITE);
 			ISC_LIST_ENQUEUE(sock->send_list, dev, ev_link);

From 146484aced3e6c1b9cc88db5e75b8cbfd166f701 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 5 Aug 2008 07:04:49 +0000
Subject: [PATCH 086/135] 2407.   [port]          hpux: test for sys/dyntune.h.
 [RT #18421]

---
 CHANGES     | 2 ++
 config.h.in | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 45c798c627..6731572f5d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]
+
 2406.	[bug]		Sockets could be closed too early, leading to
 			inconsistent states in the socket module. [RT #18298]
 
diff --git a/config.h.in b/config.h.in
index 692ead8cfd..567e844735 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h.in,v 1.99 2008/05/06 01:30:26 each Exp $ */
+/* $Id: config.h.in,v 1.100 2008/08/05 07:04:49 marka Exp $ */
 
 /*! \file */
 
@@ -232,6 +232,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_CAPABILITY_H
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SYS_DYNTUNE_H
+
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_PARAM_H
 

From 101a7960b7989a18d873f3302b3b2415aeafb108 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 5 Aug 2008 07:05:47 +0000
Subject: [PATCH 087/135] 2407.   [port]          hpux: test for sys/dyntune.h.
 [RT #18421]

---
 config.h.in             |   5 +-
 configure               | 155 +++++++++++++++++++++++++++++++++++++++-
 configure.in            |  16 ++++-
 lib/isc/unix/resource.c |   6 +-
 4 files changed, 174 insertions(+), 8 deletions(-)

diff --git a/config.h.in b/config.h.in
index 567e844735..6692cf954c 100644
--- a/config.h.in
+++ b/config.h.in
@@ -16,7 +16,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h.in,v 1.100 2008/08/05 07:04:49 marka Exp $ */
+/* $Id: config.h.in,v 1.105 2008/09/25 04:25:52 marka Exp $ */
 
 /*! \file */
 
@@ -232,6 +232,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_CAPABILITY_H
 
+/* Define to 1 if you have the  header file. */
+#undef HAVE_SYS_DEVPOLL_H
+
 /* Define to 1 if you have the  header file. */
 #undef HAVE_SYS_DYNTUNE_H
 
diff --git a/configure b/configure
index 94c4ba17f0..da6b6385e2 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.431 2008/07/25 20:40:05 fdupont Exp $
+# $Id: configure,v 1.432 2008/08/05 07:05:47 marka Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.444 .
+# From configure.in Revision: 1.446 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61.
 #
@@ -28687,6 +28687,157 @@ fi
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 
 
+#
+# Older HP-UX doesn't have gettune
+#
+case "$host" in
+  	*-hp-hpux*)
+
+for ac_header in sys/dyntune.h
+do
+as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  { echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
+echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header>
+_ACEOF
+rm -f conftest.$ac_objext
+if { (ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_compile") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then
+  ac_header_compiler=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_header_compiler=no
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
+echo "${ECHO_T}$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
+echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+#include <$ac_header>
+_ACEOF
+if { (ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then
+  ac_header_preproc=yes
+else
+  echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+  ac_header_preproc=no
+fi
+
+rm -f conftest.err conftest.$ac_ext
+{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
+echo "${ECHO_T}$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
+  yes:no: )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
+echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
+    ac_header_preproc=yes
+    ;;
+  no:yes:* )
+    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
+echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
+echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
+echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
+echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
+echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
+    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
+echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
+
+    ;;
+esac
+{ echo "$as_me:$LINENO: checking for $ac_header" >&5
+echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
+  echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+  eval "$as_ac_Header=\$ac_header_preproc"
+fi
+ac_res=`eval echo '${'$as_ac_Header'}'`
+	       { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+
+fi
+if test `eval echo '${'$as_ac_Header'}'` = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+		;;
+	*)
+		;;
+esac
+
+
 #
 # Compaq TruCluster requires more code for handling cluster IP aliases
 #
diff --git a/configure.in b/configure.in
index 452a91da1a..334951545f 100644
--- a/configure.in
+++ b/configure.in
@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.445 $)
+AC_REVISION($Revision: 1.446 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.59)
@@ -2014,6 +2014,18 @@ AC_MSG_RESULT(cannot determine type of rlim_cur when cross compiling - assuming
 ])
 AC_SUBST(ISC_PLATFORM_RLIMITTYPE)
 
+#
+# Older HP-UX doesn't have gettune
+#
+case "$host" in
+  	*-hp-hpux*)
+		AC_CHECK_HEADERS(sys/dyntune.h)
+		;;
+	*)
+		;;
+esac
+
+
 #
 # Compaq TruCluster requires more code for handling cluster IP aliases
 #
@@ -2072,7 +2084,7 @@ case "$host" in
 	[*-solaris2.[89]])
 		hack_shutup_pthreadonceinit=yes
 		;;
-	*-solaris2.1[0-9])
+	*-solaris2.1[[0-9]])
 		hack_shutup_pthreadonceinit=yes
 		;;
 esac
diff --git a/lib/isc/unix/resource.c b/lib/isc/unix/resource.c
index 767d2ba98c..0970e4ed33 100644
--- a/lib/isc/unix/resource.c
+++ b/lib/isc/unix/resource.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resource.c,v 1.20 2008/07/28 22:36:36 marka Exp $ */
+/* $Id: resource.c,v 1.21 2008/08/05 07:04:49 marka Exp $ */
 
 #include 
 
@@ -32,7 +32,7 @@
 #include 	/* To get the large NR_OPEN. */
 #endif
 
-#ifdef __hpux
+#if defined(__hpux) && defined(HAVE_SYS_DYNTUNE_H)
 #include 
 #endif
 
@@ -170,7 +170,7 @@ isc_resource_setlimit(isc_resource_t resource, isc_resourcevalue_t value) {
 		if (unixresult == 0)
 			return (ISC_R_SUCCESS);
 	}
-#elif defined(__hpux)
+#elif defined(__hpux) && defined(HAVE_SYS_DYNTUNE_H)
 	if (resource == isc_resource_openfiles && rlim_value == RLIM_INFINITY) {
 		uint64_t maxfiles;
 		if (gettune("maxfiles_lim", &maxfiles) == 0) {

From a9579d3386009446d7527ef52fa28251ab8c3c2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 5 Aug 2008 19:18:02 +0000
Subject: [PATCH 088/135] 2408.	[bug]		A duplicate TCP dispatch event
 could be sent, which 			could then trigger an assertion
 failure in 			resquery_response().  [RT #18275]

---
 CHANGES            | 4 ++++
 lib/dns/dispatch.c | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6731572f5d..74a3084a6d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2408.	[bug]		A duplicate TCP dispatch event could be sent, which
+			could then trigger an assertion failure in
+			resquery_response().  [RT #18275]
+
 2407.	[port]		hpux: test for sys/dyntune.h. [RT #18421]
 
 2406.	[bug]		Sockets could be closed too early, leading to
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 53916c07c1..1767c5523d 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.149 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: dispatch.c,v 1.150 2008/08/05 19:18:02 jinmei Exp $ */
 
 /*! \file */
 
@@ -3085,7 +3085,7 @@ do_cancel(dns_dispatch_t *disp) {
 	 */
 	LOCK(&qid->lock);
 	for (resp = linear_first(qid);
-	     resp != NULL && !resp->item_out;
+	     resp != NULL && resp->item_out;
 	     /* Empty. */)
 		resp = linear_next(qid, resp);
 

From 9b7f024220bff82b3a41d808a130d019e6cbc111 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 5 Aug 2008 23:18:21 +0000
Subject: [PATCH 089/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 5b2f20f798..df8f8f48d8 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -15,6 +15,7 @@ custom_AFIS_v9_4_0		private	marka	// 2007-04-23 05:08 +0000
 custom_ALLIANZ_v9_4_1_P1	private	marka	// 2007-08-03 04:51 +0000
 custom_ALLIANZ_v9_4_2		private	marka	// 2007-11-23 04:32 +0000
 custom_ALLIANZ_v9_4_2_P1	new	each	// 2008-05-27 23:33 +0000
+custom_ALLIANZ_v9_4_2_P2	new	each	// 2008-08-05 21:28 +0000
 custom_CISCO_v9_3_4_P1		private	marka	// 2007-11-23 04:19 +0000
 custom_NOM_v9_5_0a7		private	
 custom_NOM_v9_5_0b2		new	marka	// 2008-03-06 06:45 +0000
@@ -30,6 +31,7 @@ custom_WFB_v9_4_1_P1		private	marka	// 2007-08-01 22:49 +0000
 custom_WFB_v9_4_2		private	each	// 2007-12-05 18:10 +0000
 custom_WFB_v9_4_2_P1		new	each	// 2008-05-27 22:59 +0000
 custom_WFB_v9_5_0_P1		new	marka	// 2008-07-15 00:05 +0000
+custom_WFB_v9_5_0_P2		new	each	// 2008-08-05 21:06 +0000
 gsstsig4			open	sra	// head + gsstsig as of 12 may 2006
 gsstsig4_win32			open	danny	// sub-branch off gsstsig4 for windows development
 ietf71				new	marka	// 2008-03-12 04:10 +0000

From 4db36a15c5716050d40aa8e709e8c8e9475ea25b Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 6 Aug 2008 06:11:15 +0000
Subject: [PATCH 090/135] 2409.   [func]          Only log that we disabled
 EDNS processing if we were                         subsequently successful. 
 [RT #18029]

---
 CHANGES            |  3 +++
 lib/dns/resolver.c | 58 ++++++++++++++++++++++++++++++++--------------
 2 files changed, 43 insertions(+), 18 deletions(-)

diff --git a/CHANGES b/CHANGES
index 74a3084a6d..6dd477d477 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2409.	[func]		Only log that we disabled EDNS processing if we were
+			subsequently successful.  [RT #18029]
+
 2408.	[bug]		A duplicate TCP dispatch event could be sent, which
 			could then trigger an assertion failure in
 			resquery_response().  [RT #18275]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index fb46050ca7..c99f845f94 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.375 2008/07/24 04:54:44 jinmei Exp $ */
+/* $Id: resolver.c,v 1.376 2008/08/06 06:11:15 marka Exp $ */
 
 /*! \file */
 
@@ -233,6 +233,12 @@ struct fetchctx {
 	 * Number of queries that reference this context.
 	 */
 	unsigned int			nqueries;
+
+	/*%
+	 * The reason to print when logging a successful
+	 * response to a query.
+	 */
+	const char *			reason;
 };
 
 #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
@@ -877,6 +883,22 @@ fctx_sendevents(fetchctx_t *fctx, isc_result_t result) {
 	}
 }
 
+static inline void
+log_edns(fetchctx_t *fctx) {
+	char domainbuf[DNS_NAME_FORMATSIZE];
+
+	if (fctx->reason == NULL)
+		return;
+
+	dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
+	isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
+		      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+		      "success resolving '%s' (in '%s'?) after %s",
+		      fctx->info, domainbuf, fctx->reason);
+
+	fctx->reason = NULL;
+}
+
 static void
 fctx_done(fetchctx_t *fctx, isc_result_t result) {
 	dns_resolver_t *res;
@@ -886,10 +908,16 @@ fctx_done(fetchctx_t *fctx, isc_result_t result) {
 
 	res = fctx->res;
 
-	if (result == ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS) {
+		/*%
+		 * Log any deferred EDNS timeout messages.
+		 */
+		log_edns(fctx);
 		no_response = ISC_TRUE;
-	else
+	 } else
 		no_response = ISC_FALSE;
+
+	fctx->reason = NULL;
 	fctx_stopeverything(fctx, no_response);
 
 	LOCK(&res->buckets[fctx->bucketnum].lock);
@@ -1379,17 +1407,6 @@ add_triededns512(fetchctx_t *fctx, isc_sockaddr_t *address) {
 	ISC_LIST_INITANDAPPEND(fctx->edns512, sa, link);
 }
 
-static inline void
-log_edns(fetchctx_t *fctx) {
-	char domainbuf[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(&fctx->domain, domainbuf, sizeof(domainbuf));
-	isc_log_write(dns_lctx, DNS_LOGCATEGORY_EDNS_DISABLED,
-		      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
-		      "too many timeouts resolving '%s' (in '%s'?): "
-		      "disabling EDNS", fctx->info, domainbuf);
-}
-
 static isc_result_t
 resquery_send(resquery_t *query) {
 	fetchctx_t *fctx;
@@ -1530,12 +1547,15 @@ resquery_send(resquery_t *query) {
 	    !useedns)
 	{
 		query->options |= DNS_FETCHOPT_NOEDNS0;
-		dns_adb_changeflags(fctx->adb,
-				    query->addrinfo,
+		dns_adb_changeflags(fctx->adb, query->addrinfo,
 				    DNS_FETCHOPT_NOEDNS0,
 				    DNS_FETCHOPT_NOEDNS0);
 	}
 
+	/* Sync NOEDNS0 flag in addrinfo->flags and options now */
+	if ((query->addrinfo->flags & DNS_FETCHOPT_NOEDNS0) != 0)
+		query->options |= DNS_FETCHOPT_NOEDNS0;
+
 	/*
 	 * Use EDNS0, unless the caller doesn't want it, or we know that
 	 * the remote server doesn't like it.
@@ -1545,12 +1565,12 @@ resquery_send(resquery_t *query) {
 	     fctx->timeouts >= (MAX_EDNS0_TIMEOUTS * 2)) &&
 	    (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
 		query->options |= DNS_FETCHOPT_NOEDNS0;
-		log_edns(fctx);
+		fctx->reason = "disabling EDNS";
 	} else if ((triededns(fctx, &query->addrinfo->sockaddr) ||
 		    fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
 		   (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
 		query->options |= DNS_FETCHOPT_EDNS512;
-		FCTXTRACE("too many timeouts, setting EDNS size to 512");
+		fctx->reason = "reducing UDP packet size to 512";
 	}
 
 	if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
@@ -2795,6 +2815,7 @@ fctx_timeout(isc_task_t *task, isc_event_t *event) {
 	FCTXTRACE("timeout");
 
 	if (event->ev_type == ISC_TIMEREVENT_LIFE) {
+		fctx->reason = NULL;
 		fctx_done(fctx, ISC_R_TIMEDOUT);
 	} else {
 		isc_result_t result;
@@ -3130,6 +3151,7 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	fctx->attributes = 0;
 	fctx->spilled = ISC_FALSE;
 	fctx->nqueries = 0;
+	fctx->reason = NULL;
 
 	dns_name_init(&fctx->nsname, NULL);
 	fctx->nsfetch = NULL;

From b1f7d25ee1792838aa5e5d81f4433b474d4565a2 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 6 Aug 2008 06:18:24 +0000
Subject: [PATCH 091/135] func->bug

---
 CHANGES | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 6dd477d477..97b392fdbe 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,4 @@
-2409.	[func]		Only log that we disabled EDNS processing if we were
+2409.	[bug]		Only log that we disabled EDNS processing if we were
 			subsequently successful.  [RT #18029]
 
 2408.	[bug]		A duplicate TCP dispatch event could be sent, which

From ed072d6ef952d71dc31de9e84d7375a0f4b76eb6 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 6 Aug 2008 23:18:02 +0000
Subject: [PATCH 092/135] auto update

---
 doc/private/branches | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doc/private/branches b/doc/private/branches
index df8f8f48d8..b3b655681f 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -131,6 +131,7 @@ rt18018				new
 rt18020				new	fdupont	// FIPS 140-2
 rt18020a			new	fdupont	// 2008-05-15 14:50 +0000
 rt18029				new	each	// 2008-05-30 05:02 +0000
+rt18029a			new	marka	// 2008-08-06 05:31 +0000
 rt18033				new	fdupont	// HSM maintenance
 rt18040				new	marka	// 2008-05-08 02:25 +0000
 rt18042				new	fdupont	// 2008-05-09 13:27 +0000

From 04115a59c176759177545c72376e844e10dc557c Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 7 Aug 2008 01:21:12 +0000
Subject: [PATCH 093/135] 2410.   [bug]           Correctly delete
 m_versionInfo. [RT #18432]

---
 CHANGES                               | 2 ++
 bin/win32/BINDInstall/VersionInfo.cpp | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 97b392fdbe..a790ff0e6d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2410.	[bug]		Correctly delete m_versionInfo. [RT #18432]
+
 2409.	[bug]		Only log that we disabled EDNS processing if we were
 			subsequently successful.  [RT #18029]
 
diff --git a/bin/win32/BINDInstall/VersionInfo.cpp b/bin/win32/BINDInstall/VersionInfo.cpp
index f5bab198a5..e940e9e042 100644
--- a/bin/win32/BINDInstall/VersionInfo.cpp
+++ b/bin/win32/BINDInstall/VersionInfo.cpp
@@ -55,7 +55,7 @@ CVersionInfo::CVersionInfo(CString filename)
 		{
 			if(m_versionInfo)
 			{
-				delete m_versionInfo;
+				delete [] m_versionInfo;
 				m_versionInfo = NULL;
 			}
 			return;
@@ -68,7 +68,7 @@ CVersionInfo::CVersionInfo(CString filename)
 		{
 			if(m_versionInfo)
 			{
-				delete m_versionInfo;
+				delete [] m_versionInfo;
 				m_versionInfo = NULL;
 			}
 			return;
@@ -89,7 +89,7 @@ CVersionInfo::~CVersionInfo()
 	m_fixedInfo = NULL;
 	if(m_versionInfo)
 	{
-		delete m_versionInfo;
+		delete [] m_versionInfo;
 		m_versionInfo = NULL;
 	}
 }

From cd9bebfc4c225931391c7d9ce1cfd88394b23f20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Thu, 7 Aug 2008 21:28:13 +0000
Subject: [PATCH 094/135] 2411.	[bug]		Allow using a larger number of
 sockets than FD_SETSIZE 			for select().  To enable this,
 set ISC_SOCKET_MAXSOCKETS 			at compilation time.  [RT
 #18433]

---
 CHANGES               |   4 ++
 lib/isc/unix/socket.c | 155 ++++++++++++++++++++++++++++++++----------
 2 files changed, 122 insertions(+), 37 deletions(-)

diff --git a/CHANGES b/CHANGES
index a790ff0e6d..590c984e10 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
+			for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
+			at compilation time.  [RT #18433]
+
 2410.	[bug]		Correctly delete m_versionInfo. [RT #18432]
 
 2409.	[bug]		Only log that we disabled EDNS processing if we were
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 82d643ab7b..45242c3884 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.295 2008/08/01 19:04:02 jinmei Exp $ */
+/* $Id: socket.c,v 1.296 2008/08/07 21:28:13 jinmei Exp $ */
 
 /*! \file */
 
@@ -103,8 +103,8 @@ struct isc_socketwait {
 };
 #elif defined (USE_SELECT)
 struct isc_socketwait {
-	fd_set readset;
-	fd_set writeset;
+	fd_set *readset;
+	fd_set *writeset;
 	int nfds;
 	int maxfd;
 };
@@ -113,14 +113,42 @@ struct isc_socketwait {
 
 /*%
  * Maximum number of allowable open sockets.  This is also the maximum
- * allowable socket file descriptor.  This definition is meaningless with
- * USE_SELECT due to the API limitation of select(2).
+ * allowable socket file descriptor.
+ *
+ * Care should be taken before modifying this value for select():
+ * The API standard doesn't ensure select() accept more than (the system default
+ * of) FD_SETSIZE descriptors, and the default size should in fact be fine in
+ * the vast majority of cases.  This constant should therefore be increased only
+ * when absolutely necessary and possible, i.e., the server is exhausting all   
+ * available file descriptors (up to FD_SETSIZE) and the select() function
+ * and FD_xxx macros support larger values than FD_SETSIZE (which may not
+ * always by true, but we keep using some of them to ensure as much
+ * portability as possible).  Note also that overall server performance
+ * may be rather worsened with a larger value of this constant due to
+ * inherent scalability problems of select().
+ *
+ * As a special note, this value shouldn't have to be touched if
+ * this is a build for an authoritative only DNS server.
  */
-#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
 #ifndef ISC_SOCKET_MAXSOCKETS
+#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
 #define ISC_SOCKET_MAXSOCKETS 4096
-#endif
-#endif	/* USE_KQUEUE || USE_EPOLL || USE_DEVPOLL */
+#elif defined(USE_SELECT)
+#define ISC_SOCKET_MAXSOCKETS FD_SETSIZE
+#endif	/* USE_KQUEUE... */
+#endif	/* ISC_SOCKET_MAXSOCKETS */
+
+#ifdef USE_SELECT
+/*%
+ * Mac OS X needs a special definition to support larger values in select()
+ */
+#if ISC_SOCKET_MAXSOCKETS > FD_SETSIZE
+#ifdef __APPLE__
+#define _DARWIN_UNLIMITED_SELECT
+#endif	/* __APPLE__ */
+#endif	/* ISC_SOCKET_MAXSOCKETS > FD_SETSIZE */
+#endif	/* USE_SELECT */
+
 
 /*%
  * Size of per-FD lock buckets.
@@ -299,6 +327,9 @@ struct isc_socketmgr {
 	int			nevents;
 	struct pollfd		*events;
 #endif	/* USE_DEVPOLL */
+#ifdef USE_SELECT
+	int			fd_bufsize;
+#endif	/* USE_SELECT */
 	unsigned int		maxsocks;
 #ifdef ISC_PLATFORM_USETHREADS
 	int			pipe_fds[2];
@@ -314,8 +345,10 @@ struct isc_socketmgr {
 	/* Locked by manager lock. */
 	ISC_LIST(isc_socket_t)	socklist;
 #ifdef USE_SELECT
-	fd_set			read_fds;
-	fd_set			write_fds;
+	fd_set			*read_fds;
+	fd_set			*read_fds_copy;
+	fd_set			*write_fds;
+	fd_set			*write_fds_copy;
 	int			maxfd;
 #endif	/* USE_SELECT */
 #ifdef ISC_PLATFORM_USETHREADS
@@ -490,9 +523,9 @@ watch_fd(isc_socketmgr_t *manager, int fd, int msg) {
 #elif defined(USE_SELECT)
 	LOCK(&manager->lock);
 	if (msg == SELECT_POKE_READ)
-		FD_SET(fd, &manager->read_fds);
+		FD_SET(fd, manager->read_fds);
 	if (msg == SELECT_POKE_WRITE)
-		FD_SET(fd, &manager->write_fds);
+		FD_SET(fd, manager->write_fds);
 	UNLOCK(&manager->lock);
 
 	return (result);
@@ -576,9 +609,9 @@ unwatch_fd(isc_socketmgr_t *manager, int fd, int msg) {
 #elif defined(USE_SELECT)
 	LOCK(&manager->lock);
 	if (msg == SELECT_POKE_READ)
-		FD_CLR(fd, &manager->read_fds);
+		FD_CLR(fd, manager->read_fds);
 	else if (msg == SELECT_POKE_WRITE)
-		FD_CLR(fd, &manager->write_fds);
+		FD_CLR(fd, manager->write_fds);
 	UNLOCK(&manager->lock);
 
 	return (result);
@@ -3150,8 +3183,6 @@ watcher(void *uap) {
 	struct dvpoll dvp;
 #elif defined (USE_SELECT)
 	const char *fnname = "select()";
-	fd_set readfds;
-	fd_set writefds;
 	int maxfd;
 #endif
 	char strbuf[ISC_STRERRORSIZE];
@@ -3176,12 +3207,15 @@ watcher(void *uap) {
 			cc = ioctl(manager->devpoll_fd, DP_POLL, &dvp);
 #elif defined(USE_SELECT)
 			LOCK(&manager->lock);
-			readfds = manager->read_fds;
-			writefds = manager->write_fds;
+			memcpy(manager->read_fds_copy, manager->read_fds,
+			       manager->fd_bufsize);
+			memcpy(manager->write_fds_copy, manager->write_fds,
+			       manager->fd_bufsize);
 			maxfd = manager->maxfd + 1;
 			UNLOCK(&manager->lock);
 
-			cc = select(maxfd, &readfds, &writefds, NULL, NULL);
+			cc = select(maxfd, manager->read_fds_copy,
+				    manager->write_fds_copy, NULL, NULL);
 #endif	/* USE_KQUEUE */
 
 			if (cc < 0 && !SOFT_ERROR(errno)) {
@@ -3198,12 +3232,13 @@ watcher(void *uap) {
 #if defined(USE_KQUEUE) || defined (USE_EPOLL) || defined (USE_DEVPOLL)
 		done = process_fds(manager, manager->events, cc);
 #elif defined(USE_SELECT)
-		process_fds(manager, maxfd, &readfds, &writefds);
+		process_fds(manager, maxfd, manager->read_fds_copy,
+			    manager->write_fds_copy);
 
 		/*
 		 * Process reads on internal, control fd.
 		 */
-		if (FD_ISSET(ctlfd, &readfds))
+		if (FD_ISSET(ctlfd, manager->read_fds_copy))
 			done = process_ctlfd(manager);
 #endif
 	}
@@ -3333,11 +3368,52 @@ setup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	}
 #endif	/* ISC_PLATFORM_USETHREADS */
 #elif defined(USE_SELECT)
-	UNUSED(mctx);
 	UNUSED(result);
 
-	FD_ZERO(&manager->read_fds);
-	FD_ZERO(&manager->write_fds);
+#if ISC_SOCKET_MAXSOCKETS > FD_SETSIZE
+	/*
+	 * Note: this code should also cover the case of MAXSOCKETS <=
+	 * FD_SETSIZE, but we separate the cases to avoid possible portability
+	 * issues regarding howmany() and the actual representation of fd_set.
+	 */
+	manager->fd_bufsize = howmany(manager->maxsocks, NFDBITS) *
+		sizeof(fd_mask);
+#else
+	manager->fd_bufsize = sizeof(fd_set);
+#endif
+
+	manager->read_fds = NULL;
+	manager->read_fds_copy = NULL;
+	manager->write_fds = NULL;
+	manager->write_fds_copy = NULL;
+
+	manager->read_fds = isc_mem_get(mctx, manager->fd_bufsize);
+	if (manager->read_fds != NULL)
+		manager->read_fds_copy = isc_mem_get(mctx, manager->fd_bufsize);
+	if (manager->read_fds_copy != NULL)
+		manager->write_fds = isc_mem_get(mctx, manager->fd_bufsize);
+	if (manager->write_fds != NULL) {
+		manager->write_fds_copy = isc_mem_get(mctx,
+						      manager->fd_bufsize);
+	}
+	if (manager->write_fds_copy == NULL) {
+		if (manager->write_fds != NULL) {
+			isc_mem_put(mctx, manager->write_fds,
+				    manager->fd_bufsize);
+		}
+		if (manager->read_fds_copy != NULL) {
+			isc_mem_put(mctx, manager->read_fds_copy,
+				    manager->fd_bufsize);
+		}
+		if (manager->read_fds != NULL) {
+			isc_mem_put(mctx, manager->read_fds,
+				    manager->fd_bufsize);
+		}
+		return (ISC_R_NOMEMORY);
+	}
+	memset(manager->read_fds, 0, manager->fd_bufsize);
+	memset(manager->write_fds, 0, manager->fd_bufsize);
+
 #ifdef ISC_PLATFORM_USETHREADS
 	(void)watch_fd(manager, manager->pipe_fds[0], SELECT_POKE_READ);
 	manager->maxfd = manager->pipe_fds[0];
@@ -3378,8 +3454,14 @@ cleanup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 	isc_mem_put(mctx, manager->fdpollinfo,
 		    sizeof(pollinfo_t) * manager->maxsocks);
 #elif defined(USE_SELECT)
-	UNUSED(mctx);
-	UNUSED(manager);
+	if (manager->read_fds != NULL)
+		isc_mem_put(mctx, manager->read_fds, manager->fd_bufsize);
+	if (manager->read_fds_copy != NULL)
+		isc_mem_put(mctx, manager->read_fds_copy, manager->fd_bufsize);
+	if (manager->write_fds != NULL)
+		isc_mem_put(mctx, manager->write_fds, manager->fd_bufsize);
+	if (manager->write_fds_copy != NULL)
+		isc_mem_put(mctx, manager->write_fds_copy, manager->fd_bufsize);
 #endif	/* USE_KQUEUE */
 }
 
@@ -3408,13 +3490,7 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
 
 	/* zero-clear so that necessary cleanup on failure will be easy */
 	memset(manager, 0, sizeof(*manager));
-
-#if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
 	manager->maxsocks = ISC_SOCKET_MAXSOCKETS;
-#elif defined (USE_SELECT)
-	manager->maxsocks = FD_SETSIZE;
-#endif
-
 	manager->fds = isc_mem_get(mctx,
 				   manager->maxsocks * sizeof(isc_socket_t *));
 	if (manager->fds == NULL) {
@@ -4939,12 +5015,17 @@ isc__socketmgr_waitevents(struct timeval *tvp, isc_socketwait_t **swaitp) {
 	swait_private.nevents = ioctl(socketmgr->devpoll_fd, DP_POLL, &dvp);
 	n = swait_private.nevents;
 #elif defined(USE_SELECT)
-	swait_private.readset = socketmgr->read_fds;
-	swait_private.writeset = socketmgr->write_fds;
+	memcpy(socketmgr->read_fds_copy, socketmgr->read_fds,
+	       socketmgr->fd_bufsize);
+	memcpy(socketmgr->write_fds_copy, socketmgr->write_fds,
+	       socketmgr->fd_bufsize);
+
+	swait_private.readset = socketmgr->read_fds_copy;
+	swait_private.writeset = socketmgr->write_fds_copy;
 	swait_private.maxfd = socketmgr->maxfd + 1;
 
-	n = select(swait_private.maxfd, &swait_private.readset,
-		   &swait_private.writeset, NULL, tvp);
+	n = select(swait_private.maxfd, swait_private.readset,
+		   swait_private.writeset, NULL, tvp);
 #endif
 
 	*swaitp = &swait_private;
@@ -4962,7 +5043,7 @@ isc__socketmgr_dispatch(isc_socketwait_t *swait) {
 	(void)process_fds(socketmgr, socketmgr->events, swait->nevents);
 	return (ISC_R_SUCCESS);
 #elif defined(USE_SELECT)
-	process_fds(socketmgr, swait->maxfd, &swait->readset, &swait->writeset);
+	process_fds(socketmgr, swait->maxfd, swait->readset, swait->writeset);
 	return (ISC_R_SUCCESS);
 #endif
 }

From 7932a7637170550bc53b38c35db9a0187dcb3d3b Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 7 Aug 2008 23:30:26 +0000
Subject: [PATCH 095/135] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index e02503e34a..a01ac2edaa 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -872,7 +872,7 @@
 ./bin/win32/BINDInstall/DirBrowse.h		C.PORTION	2001,2004,2007
 ./bin/win32/BINDInstall/StdAfx.cpp		X	2001
 ./bin/win32/BINDInstall/StdAfx.h		X	2001,2006
-./bin/win32/BINDInstall/VersionInfo.cpp		X	2001
+./bin/win32/BINDInstall/VersionInfo.cpp		X	2001,2008
 ./bin/win32/BINDInstall/VersionInfo.h		X	2001
 ./bin/win32/BINDInstall/res/BINDInstall.ico	X	2001
 ./bin/win32/BINDInstall/res/BINDInstall.rc2	X	2001

From 13caac5ff814f6a6737ca6a8fc0f1681263c4d63 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 7 Aug 2008 23:47:34 +0000
Subject: [PATCH 096/135] update copyright notice

---
 lib/isc/unix/socket.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 45242c3884..975c707b03 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.296 2008/08/07 21:28:13 jinmei Exp $ */
+/* $Id: socket.c,v 1.297 2008/08/07 23:47:34 tbox Exp $ */
 
 /*! \file */
 
@@ -119,7 +119,7 @@ struct isc_socketwait {
  * The API standard doesn't ensure select() accept more than (the system default
  * of) FD_SETSIZE descriptors, and the default size should in fact be fine in
  * the vast majority of cases.  This constant should therefore be increased only
- * when absolutely necessary and possible, i.e., the server is exhausting all   
+ * when absolutely necessary and possible, i.e., the server is exhausting all
  * available file descriptors (up to FD_SETSIZE) and the select() function
  * and FD_xxx macros support larger values than FD_SETSIZE (which may not
  * always by true, but we keep using some of them to ensure as much

From dc842cdcb946b3f89448f07a9f024497a50c216a Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 8 Aug 2008 05:06:49 +0000
Subject: [PATCH 097/135] 2412.   [bug]           win32: address a resourse
 leak. [RT #18374]

---
 CHANGES                      |   2 +
 bin/named/statschannel.c     |   4 +-
 lib/isc/httpd.c              |   4 +-
 lib/isc/include/isc/httpd.h  |   4 +-
 lib/isc/include/isc/msgs.h   |   7 +-
 lib/isc/win32/errno2result.c |  20 +++-
 lib/isc/win32/net.c          |   5 +-
 lib/isc/win32/socket.c       | 203 ++++++++++++++++++++++++-----------
 8 files changed, 175 insertions(+), 74 deletions(-)

diff --git a/CHANGES b/CHANGES
index 590c984e10..9b908ff652 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2412.	[bug]		win32: address a resourse leak. [RT #18374]
+
 2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
 			for select().  To enable this, set ISC_SOCKET_MAXSOCKETS
 			at compilation time.  [RT #18433]
diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
index 0e0a43ec67..6dc4fc643f 100644
--- a/bin/named/statschannel.c
+++ b/bin/named/statschannel.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: statschannel.c,v 1.13 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: statschannel.c,v 1.14 2008/08/08 05:06:49 marka Exp $ */
 
 /*! \file */
 
@@ -110,7 +110,7 @@ set_desc(int counter, int maxcounter, const char *fdesc, const char **fdescs,
 }
 
 static void
-init_desc() {
+init_desc(void) {
 	int i;
 
 	/* Initialize name server statistics */
diff --git a/lib/isc/httpd.c b/lib/isc/httpd.c
index 96c78a8fd7..fa313253b3 100644
--- a/lib/isc/httpd.c
+++ b/lib/isc/httpd.c
@@ -14,10 +14,12 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: httpd.c,v 1.15 2008/01/18 23:46:58 tbox Exp $ */
+/* $Id: httpd.c,v 1.16 2008/08/08 05:06:49 marka Exp $ */
 
 /*! \file */
 
+#include 
+
 #include 
 #include 
 #include 
diff --git a/lib/isc/include/isc/httpd.h b/lib/isc/include/isc/httpd.h
index 95aa0d727e..ba7f900198 100644
--- a/lib/isc/include/isc/httpd.h
+++ b/lib/isc/include/isc/httpd.h
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: httpd.h,v 1.8 2008/01/17 23:47:00 tbox Exp $ */
+/* $Id: httpd.h,v 1.9 2008/08/08 05:06:49 marka Exp $ */
 
 #ifndef ISC_HTTPD_H
 #define ISC_HTTPD_H 1
@@ -47,7 +47,7 @@ isc_httpdmgr_shutdown(isc_httpdmgr_t **httpdp);
 
 isc_result_t
 isc_httpdmgr_addurl(isc_httpdmgr_t *httpdmgr, const char *url,
-		    isc_httpdaction_t func, void *arg);
+		    isc_httpdaction_t *func, void *arg);
 
 isc_result_t
 isc_httpd_response(isc_httpd_t *httpd);
diff --git a/lib/isc/include/isc/msgs.h b/lib/isc/include/isc/msgs.h
index 88b93a52de..88505a5465 100644
--- a/lib/isc/include/isc/msgs.h
+++ b/lib/isc/include/isc/msgs.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: msgs.h,v 1.15 2007/06/19 23:47:18 tbox Exp $ */
+/* $Id: msgs.h,v 1.16 2008/08/08 05:06:49 marka Exp $ */
 
 #ifndef ISC_MSGS_H
 #define ISC_MSGS_H 1
@@ -153,7 +153,10 @@
 #define ISC_MSG_ACCEPTRETURNED 1418 /*%< accept() returned %d/%s */
 #define ISC_MSG_TOOMANYFDS     1419 /*%< %s: too many open file descriptors */
 #define ISC_MSG_ZEROPORT       1420 /*%< dropping source port zero packet */
-#define ISC_MSG_FILTER	       1420 /*%< setsockopt(SO_ACCEPTFILTER): %s */
+#define ISC_MSG_FILTER	       1421 /*%< setsockopt(SO_ACCEPTFILTER): %s */
+
+#define ISC_MSG_TOOMANYHANDLES 1422 /*%< %s: too many open WSA event handles: %s */
+
 
 #define ISC_MSG_AWAKE	       1502 /*%< "awake" */
 #define ISC_MSG_WORKING	       1503 /*%< "working" */
diff --git a/lib/isc/win32/errno2result.c b/lib/isc/win32/errno2result.c
index b5e4dd833c..333c7c1591 100644
--- a/lib/isc/win32/errno2result.c
+++ b/lib/isc/win32/errno2result.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.c,v 1.14 2007/06/19 23:47:19 tbox Exp $ */
+/* $Id: errno2result.c,v 1.15 2008/08/08 05:06:49 marka Exp $ */
 
 #include 
 
@@ -61,14 +61,24 @@ isc__errno2resultx(int posixerrno, const char *file, int line) {
 	case EMFILE:
 	case WSAEMFILE:
 		return (ISC_R_TOOMANYOPENFILES);
-	case ERROR_OPERATION_ABORTED:
-		return (ISC_R_CONNECTIONRESET);
-	case ERROR_PORT_UNREACHABLE:
-		return (ISC_R_HOSTUNREACH);
+	case ERROR_CANCELLED:
+		return (ISC_R_CANCELED);
+	case ERROR_CONNECTION_REFUSED:
+		return (ISC_R_CONNREFUSED);
+	case ERROR_CONNECTION_INVALID:
+		return (ISC_R_NOTCONNECTED);
 	case ERROR_HOST_UNREACHABLE:
 		return (ISC_R_HOSTUNREACH);
 	case ERROR_NETWORK_UNREACHABLE:
 		return (ISC_R_NETUNREACH);
+	case ERROR_NO_NETWORK:
+		return (ISC_R_NETUNREACH);
+	case ERROR_OPERATION_ABORTED:
+		return (ISC_R_CONNECTIONRESET);
+	case ERROR_PORT_UNREACHABLE:
+		return (ISC_R_HOSTUNREACH);
+	case ERROR_REQUEST_ABORTED:
+		return (ISC_R_CONNECTIONRESET);
 	case WSAEADDRNOTAVAIL:
 		return (ISC_R_ADDRNOTAVAIL);
 	case WSAEHOSTUNREACH:
diff --git a/lib/isc/win32/net.c b/lib/isc/win32/net.c
index 5647c424bc..3785f8abdf 100644
--- a/lib/isc/win32/net.c
+++ b/lib/isc/win32/net.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: net.c,v 1.17 2008/07/01 03:55:10 each Exp $ */
+/* $Id: net.c,v 1.18 2008/08/08 05:06:49 marka Exp $ */
 
 #include 
 
@@ -242,7 +242,8 @@ try_ipv6pktinfo(void) {
 	optname = IPV6_PKTINFO;
 #endif
 	on = 1;
-	if (setsockopt(s, IPPROTO_IPV6, optname, &on, sizeof(on)) < 0) {
+	if (setsockopt(s, IPPROTO_IPV6, optname, (const char *) &on,
+		       sizeof(on)) < 0) {
 		ipv6pktinfo_result = ISC_R_NOTFOUND;
 		goto close;
 	}
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index ed6132eeff..b1edd845f9 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.62 2008/07/24 09:50:21 fdupont Exp $ */
+/* $Id: socket.c,v 1.63 2008/08/08 05:06:49 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -129,9 +129,9 @@
 #define PENDING_ERROR(e) ((e) == WSA_IO_PENDING || (e) == 0)
 
 #define DOIO_SUCCESS	  0       /* i/o ok, event sent */
-#define DOIO_SOFT	     1       /* i/o ok, soft error, no event sent */
-#define DOIO_HARD	     2       /* i/o error, event sent */
-#define DOIO_EOF	      3       /* EOF, no event sent */
+#define DOIO_SOFT	  1       /* i/o ok, soft error, no event sent */
+#define DOIO_HARD	  2       /* i/o error, event sent */
+#define DOIO_EOF	  3       /* EOF, no event sent */
 #define DOIO_PENDING	  4       /* status when i/o is in process */
 
 #define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x)
@@ -194,8 +194,8 @@ struct msghdr {
 	int	msg_totallen;		/* total length of this message */
 } msghdr;
 
-/*%
- * The size to raise the recieve buffer to.
+/*
+ * The size to raise the receive buffer to.
  */
 #define RCVBUFSIZE (32*1024)
 
@@ -540,10 +540,13 @@ iocompletionport_update(isc_socket_t *sock) {
 	}
 }
 
-void
+isc_result_t
 socket_event_minit(sock_event_list *evlist) {
 	BOOL bReset;
 	int i;
+	int stat;
+	WSAEVENT hEvent;
+	char strbuf[ISC_STRERRORSIZE];
 
 	REQUIRE(evlist != NULL);
 	/* Initialize the Event List */
@@ -554,9 +557,28 @@ socket_event_minit(sock_event_list *evlist) {
 		evlist->aEventList[i] = (WSAEVENT) 0;
 	}
 
-	evlist->aEventList[0] = WSACreateEvent();
+	/*
+	 * The event list needs its own event handle so that when we
+	 * want to change the list the event loop can be notified.
+	 */
+	hEvent = WSACreateEvent();
+	if (hEvent == WSA_INVALID_EVENT) {
+		stat = WSAGetLastError();
+		isc__strerror(stat, strbuf, sizeof(strbuf));
+		isc_log_iwrite(isc_lctx,
+				ISC_LOGCATEGORY_GENERAL,
+				ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+				isc_msgcat, ISC_MSGSET_SOCKET,
+			        ISC_MSG_TOOMANYHANDLES,
+				"%s: too many open WSA event handles: %s",
+			        "WSACreateEvent", strbuf);
+		return (ISC_R_UNEXPECTED);
+	}
+
+	evlist->aEventList[0] = hEvent;
 	(evlist->max_event)++;
 	bReset = WSAResetEvent(evlist->aEventList[0]);
+	return (ISC_R_SUCCESS);
 }
 /*
  * Event Thread Initialization
@@ -569,7 +591,10 @@ event_thread_create(events_thread_t **evthreadp, isc_socketmgr_t *manager) {
 	REQUIRE(evthreadp != NULL && *evthreadp == NULL);
 
 	evthread = isc_mem_get(manager->mctx, sizeof(*evthread));
-	socket_event_minit(&evthread->sockev_list);
+	if (socket_event_minit(&evthread->sockev_list) != ISC_R_SUCCESS) {
+		isc_mem_put(manager->mctx, evthread, sizeof(*evthread));
+		return (ISC_R_UNEXPECTED);
+	}
 	ISC_LINK_INIT(evthread, link);
 	evthread->manager = manager;
 
@@ -645,21 +670,25 @@ socket_eventlist_add(event_change_t *evchange, sock_event_list *evlist,
 		locate_available_thread(manager);
 		return (ISC_FALSE);
 	}
-
+	/*
+	 * Lock the socket before updating
+	 */
+	LOCK(&sock->lock);
 	evlist->aSockList[max_event] = sock;
 	evlist->aEventList[max_event] = sock->hEvent;
 	evlist->max_event++;
 	evlist->total_events++;
 	sock->hAlert = evlist->aEventList[0];
 	sock->evthread_id = GetCurrentThreadId();
+	UNLOCK(&sock->lock);
 	return (ISC_TRUE);
 }
 
 /*
- * Note that the eventLock is locked before calling this function.
+ * Delete the event from the list
  */
 isc_boolean_t
-socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
+eventlist_event_delete(isc_socket_t *sock, sock_event_list *evlist,
 			isc_socketmgr_t *manager)
 {
 	int i;
@@ -667,14 +696,11 @@ socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
 	int iEvent = -1;
 	isc_boolean_t dofree = ISC_FALSE;
 
-	REQUIRE(evchange != NULL);
-	/*  Make sure this is the right thread from which to delete the event */
-	if (evchange->evthread_id != GetCurrentThreadId())
-		return (ISC_FALSE);
-
+	REQUIRE(sock != NULL);
 	REQUIRE(evlist != NULL);
-	REQUIRE(evchange->hEvent != NULL);
-	hEvent = evchange->hEvent;
+	REQUIRE(manager != NULL);
+	REQUIRE(sock->hEvent != NULL);
+	hEvent = sock->hEvent;
 
 	/* Find the Event */
 	for (i = 1; i < evlist->max_event; i++) {
@@ -684,7 +710,10 @@ socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
 		}
 	}
 
-	/* Actual event start at 1 */
+	/*
+	 * Actual event start at 1
+	 * event at 0 is the thread wakeup
+	 */
 	if (iEvent < 1)
 		return (ISC_FALSE);
 
@@ -699,21 +728,25 @@ socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
 	/* Cleanup */
 	WSACloseEvent(hEvent);
 
-	LOCK(&evchange->sock->lock);
-	if (evchange->sock->pending_close) {
-		evchange->sock->pending_close = 0;
-		closesocket(evchange->fd);
+	LOCK(&sock->lock);
+	sock->hEvent = NULL;
+	sock->hAlert = NULL;
+	sock->wait_type = 0;
+
+	if (sock->pending_close) {
+		sock->pending_close = 0;
+		closesocket(sock->fd);
 	}
-	if (evchange->sock->pending_recv == 0 &&
-	    evchange->sock->pending_send == 0 &&
-	    evchange->sock->pending_free) {
-		evchange->sock->pending_free = 0;
-		ISC_LIST_UNLINK(manager->socklist, evchange->sock, link);
+	if (sock->pending_recv == 0 &&
+	    sock->pending_send == 0 &&
+	    sock->pending_free) {
+		sock->pending_free = 0;
+		ISC_LIST_UNLINK(manager->socklist, sock, link);
 		dofree = ISC_TRUE;
 	}
-	UNLOCK(&evchange->sock->lock);
+	UNLOCK(&sock->lock);
 	if (dofree)
-		free_socket(&evchange->sock);
+		free_socket(&sock);
 
 	if (ISC_LIST_EMPTY(manager->socklist))
 		SIGNAL(&manager->shutdown_ok);
@@ -724,6 +757,21 @@ socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
 	return (ISC_TRUE);
 }
 
+/*
+ * Note that the eventLock is locked before calling this function.
+ */
+isc_boolean_t
+socket_eventlist_delete(event_change_t *evchange, sock_event_list *evlist,
+			isc_socketmgr_t *manager)
+{
+
+	REQUIRE(evchange != NULL);
+	/*  Make sure this is the right thread from which to delete the event */
+	if (evchange->evthread_id != GetCurrentThreadId())
+		return (ISC_FALSE);
+
+	return (eventlist_event_delete(evchange->sock, evlist, manager));
+}
 /*
  * Get the event changes off of the list and apply the
  * requested changes. The manager lock is taken out at
@@ -850,10 +898,13 @@ socket_event_add(isc_socket_t *sock, long type) {
 	if (hEvent == WSA_INVALID_EVENT) {
 		stat = WSAGetLastError();
 		isc__strerror(stat, strbuf, sizeof(strbuf));
-		msg = isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-				     ISC_MSG_FAILED, "failed"),
-		UNEXPECTED_ERROR(__FILE__, __LINE__, "WSACreateEvent: %s: %s",
-				 msg, strbuf);
+		isc_log_iwrite(isc_lctx,
+				ISC_LOGCATEGORY_GENERAL,
+				ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+				isc_msgcat, ISC_MSGSET_SOCKET,
+			        ISC_MSG_TOOMANYHANDLES,
+				"%s: too many open WSA event handles: %s",
+			        "WSACreateEvent", strbuf);
 		return (ISC_R_UNEXPECTED);
 	}
 	if (WSAEventSelect(sock->fd, hEvent, type) != 0) {
@@ -873,7 +924,11 @@ socket_event_add(isc_socket_t *sock, long type) {
 }
 
 /*
- * Note that the socket is not locked before calling this function
+ * Note that the socket is locked before calling this function
+ * Note also that we cannot close the socket here or event handle being
+ * used since the event is being waited upon and any change to either
+ * will signal the change. The notify_eventlist will take care of
+ * these details.
  */
 void
 socket_event_delete(isc_socket_t *sock) {
@@ -884,8 +939,6 @@ socket_event_delete(isc_socket_t *sock) {
 	sock->wait_type = 0;
 	sock->pending_close = 1;
 	notify_eventlist(sock, sock->manager, EVENT_DELETE);
-	sock->hEvent = NULL;
-	sock->hAlert = NULL;
 	sock->evthread_id = 0;
 }
 
@@ -895,6 +948,7 @@ socket_event_delete(isc_socket_t *sock) {
  * with an event, otherwise the WSAWaitForMultipleEvents
  * may fail due to the fact that the the Wait should not
  * be running while closing an event or a socket.
+ * The socket is locked before calling this function
  */
 void
 socket_close(isc_socket_t *sock) {
@@ -958,7 +1012,7 @@ internal_sendmsg(isc_socket_t *sock, IoCompletionInfo *lpo,
 	int total_sent;
 
 	*Error = 0;
-	Result = WSASendTo((SOCKET) sock->fd, messagehdr->msg_iov,
+	Result = WSASendTo(sock->fd, messagehdr->msg_iov,
 			   messagehdr->msg_iovlen, &BytesSent,
 			   Flags, messagehdr->msg_name,
 			   messagehdr->msg_namelen, (LPOVERLAPPED) lpo,
@@ -1415,6 +1469,7 @@ completeio_recv(isc_socket_t *sock, isc_socketevent_t *dev,
 		SOFT_OR_HARD(WSAEDISCON, ISC_R_CONNECTIONRESET);
 		SOFT_OR_HARD(WSAENETDOWN, ISC_R_NETDOWN);
 		ALWAYS_HARD(ERROR_OPERATION_ABORTED, ISC_R_CONNECTIONRESET);
+		ALWAYS_HARD(ERROR_REQUEST_ABORTED, ISC_R_CONNECTIONRESET);
 		ALWAYS_HARD(ERROR_NETNAME_DELETED, ISC_R_CONNECTIONRESET);
 		ALWAYS_HARD(ERROR_PORT_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_HOST_UNREACHABLE, ISC_R_HOSTUNREACH);
@@ -1618,6 +1673,7 @@ completeio_send(isc_socket_t *sock, isc_socketevent_t *dev,
 		ALWAYS_HARD(ERROR_PORT_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_HOST_UNREACHABLE, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(ERROR_NETWORK_UNREACHABLE, ISC_R_NETUNREACH);
+		ALWAYS_HARD(ERROR_REQUEST_ABORTED, ISC_R_CONNECTIONRESET);
 		ALWAYS_HARD(WSAEADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
 		ALWAYS_HARD(WSAEHOSTUNREACH, ISC_R_HOSTUNREACH);
 		ALWAYS_HARD(WSAEHOSTDOWN, ISC_R_HOSTUNREACH);
@@ -1809,6 +1865,7 @@ allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type,
 	sock->hAlert = NULL;
 	sock->evthread_id = 0;
 	sock->wait_type = 0;
+	memset(sock->name, 0, sizeof(sock->name));
 
 	/*
 	 * initialize the lock
@@ -2045,10 +2102,7 @@ isc_socket_attach(isc_socket_t *sock, isc_socket_t **socketp) {
 	REQUIRE(VALID_SOCKET(sock));
 	REQUIRE(socketp != NULL && *socketp == NULL);
 
-	LOCK(&sock->lock);
-	sock->references++;
-	UNLOCK(&sock->lock);
-
+	InterlockedIncrement(&sock->references);
 	*socketp = sock;
 }
 
@@ -2149,6 +2203,8 @@ send_senddone_event(isc_socket_t *sock, isc_socketevent_t **dev) {
  * readable event, and the first item on the accept_list should be
  * the done event we want to send.  If the list is empty, this is a no-op,
  * so just unlock and return.
+ *
+ * Note the the socket is locked before entering here
  */
 static void
 internal_accept(isc_socket_t *sock, int accept_errno) {
@@ -2162,7 +2218,6 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 
 	INSIST(VALID_SOCKET(sock));
 
-	LOCK(&sock->lock);
 	socket_log(sock, NULL, TRACE,
 		   isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
 		   "internal_accept called, locked socket");
@@ -2197,7 +2252,6 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 					 strbuf);
 			break;
 		}
-		UNLOCK(&sock->lock);
 		return;
 	}
 
@@ -2214,7 +2268,34 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 		 */
 		addrlen = sizeof(from.type);
 		fd = accept(sock->fd, &from.type.sa, &addrlen);
-		if (fd != INVALID_SOCKET) {
+		if (fd == INVALID_SOCKET) {
+			accept_errno = WSAGetLastError();
+			if (accept_errno == WSAEMFILE) {
+				isc_log_iwrite(isc_lctx,
+					ISC_LOGCATEGORY_GENERAL,
+					ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
+					isc_msgcat, ISC_MSGSET_SOCKET,
+				        ISC_MSG_TOOMANYFDS,
+				        "%s: too many open file descriptors",
+				        "accept");
+				goto soft_error;
+			} else if (SOFT_ERROR(accept_errno) ||
+				   accept_errno == WSAECONNRESET) {
+				goto soft_error;
+			} else {
+				isc__strerror(accept_errno, strbuf, 
+					      sizeof(strbuf));
+				UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "internal_accept: accept() %s: %s",
+					 isc_msgcat_get(isc_msgcat,
+							ISC_MSGSET_GENERAL,
+							ISC_MSG_FAILED,
+							"failed"),
+					 strbuf);
+				fd = INVALID_SOCKET;
+				result = ISC_R_UNEXPECTED;
+			}
+		} else {
 			char addrbuf[ISC_SOCKADDR_FORMATSIZE];
 			isc_sockaddr_format(&from, addrbuf, sizeof(addrbuf));
 			UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -2223,7 +2304,6 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 					 addrbuf);
 			(void)closesocket(fd);
 		}
-		UNLOCK(&sock->lock);
 		return;
 	}
 
@@ -2296,7 +2376,7 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 	ISC_LIST_UNLINK(sock->accept_list, dev, ev_link);
 
 	/*
-	 * Stop listing for connects.
+	 * Stop listening for connects.
 	 */
 	if (ISC_LIST_EMPTY(sock->accept_list) &&
 	    WSAEventSelect(sock->fd, sock->hEvent, FD_CLOSE) != 0) {
@@ -2310,7 +2390,6 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 				 msg, strbuf);
 	}
 
-	UNLOCK(&sock->lock);
 
 	if (fd != INVALID_SOCKET) {
 		isc_result_t tresult;
@@ -2332,6 +2411,7 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 		dev->newsocket->fd = fd;
 		dev->newsocket->bound = 1;
 		dev->newsocket->connected = 1;
+		strncpy(sock->name, "acceptconnect", sizeof(sock->name) - 1);
 
 		/*
 		 * The accept socket inherits the listen socket's
@@ -2377,12 +2457,12 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 	return;
 
  soft_error:
-	UNLOCK(&sock->lock);
 	return;
 }
 
 /*
  * Called when a socket with a pending connect() finishes.
+ * Note that the socket is locked before entering.
  */
 static void
 internal_connect(isc_socket_t *sock, int connect_errno) {
@@ -2392,15 +2472,12 @@ internal_connect(isc_socket_t *sock, int connect_errno) {
 
 	INSIST(VALID_SOCKET(sock));
 
-	LOCK(&sock->lock);
-
 	/*
 	 * Has this event been canceled?
 	 */
 	dev = sock->connect_ev;
 	if (dev == NULL) {
 		INSIST(!sock->connecting);
-		UNLOCK(&sock->lock);
 		return;
 	}
 
@@ -2419,7 +2496,6 @@ internal_connect(isc_socket_t *sock, int connect_errno) {
 		    connect_errno == WSAEINPROGRESS)
 		{
 			sock->connecting = 1;
-			UNLOCK(&sock->lock);
 			return;
 		}
 
@@ -2452,12 +2528,11 @@ internal_connect(isc_socket_t *sock, int connect_errno) {
 		dev->result = ISC_R_SUCCESS;
 		sock->connected = 1;
 		sock->bound = 1;
+		strncpy(sock->name, "connected", sizeof(sock->name) - 1);
 	}
 
 	sock->connect_ev = NULL;
 
-	UNLOCK(&sock->lock);
-
 	task = dev->ev_sender;
 	dev->ev_sender = sock;
 	isc_task_sendanddetach(&task, (isc_event_t **)&dev);
@@ -2480,6 +2555,12 @@ internal_recv(isc_socket_t *sock, isc_socketevent_t *dev,
 
 	INSIST(sock->pending_recv > 0);
 	sock->pending_recv--;
+
+	if (sock->references == 0) {
+		UNLOCK(&sock->lock);
+		destroy_socket(&sock);
+		return;
+	}
 	/* If the event is no longer in the list we can just return */
 	ldev = ISC_LIST_HEAD(sock->recv_list);
 	while (ldev != NULL && ldev != dev) {
@@ -2557,7 +2638,6 @@ internal_send(isc_socket_t *sock, isc_socketevent_t *dev,
 		break;
 	}
 
-
  done:
 	UNLOCK(&sock->lock);
 }
@@ -2797,13 +2877,16 @@ event_wait(void *uap) {
 		}
 
 		if (wsock->references > 0 && wsock->pending_close == 0) {
+			LOCK(&wsock->lock);
 			if (wsock->listener == 1 &&
 			    wsock->pending_accept == 0) {
 				wsock->pending_accept = 1;
 				internal_accept(wsock, event_errno);
-			}
-			else {
+				UNLOCK(&wsock->lock);
+			} else {
 				internal_connect(wsock, event_errno);
+				UNLOCK(&wsock->lock);
+				eventlist_event_delete(wsock, evlist, manager);
 			}
 		}
 	}
@@ -3602,6 +3685,7 @@ isc_socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr,
 	if (cc == 0) {
 		sock->connected = 1;
 		sock->bound = 1;
+		strncpy(sock->name, "connect", sizeof(sock->name) - 1);
 		dev->result = ISC_R_SUCCESS;
 		isc_task_send(task, (isc_event_t **)&dev);
 
@@ -3855,7 +3939,6 @@ isc_socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes) {
 	int onoff = yes ? 1 : 0;
 #else
 	UNUSED(yes);
-	UNUSED(sock);
 #endif
 
 	REQUIRE(VALID_SOCKET(sock));

From 6a6965084d061016f7ba44637c7c50e096cac36a Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 8 Aug 2008 06:26:24 +0000
Subject: [PATCH 098/135] newcopyrights

---
 util/copyrights | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/util/copyrights b/util/copyrights
index a01ac2edaa..233c0e17dd 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -2131,7 +2131,7 @@
 ./lib/isc/include/isc/md5.h			C	2000,2001,2004,2005,2006,2007
 ./lib/isc/include/isc/mem.h			C	1997,1998,1999,2000,2001,2004,2005,2006,2007,2008
 ./lib/isc/include/isc/msgcat.h			C	1999,2000,2001,2004,2005,2007
-./lib/isc/include/isc/msgs.h			C	2000,2001,2002,2003,2004,2005,2006,2007
+./lib/isc/include/isc/msgs.h			C	2000,2001,2002,2003,2004,2005,2006,2007,2008
 ./lib/isc/include/isc/mutexblock.h		C	1999,2000,2001,2004,2005,2006,2007
 ./lib/isc/include/isc/netaddr.h			C	1998,1999,2000,2001,2002,2004,2005,2006,2007
 ./lib/isc/include/isc/netscope.h		C	2002,2004,2005,2006,2007
@@ -2309,7 +2309,7 @@
 ./lib/isc/win32/condition.c			C	1998,1999,2000,2001,2004,2006,2007
 ./lib/isc/win32/dir.c				C	1999,2000,2001,2004,2007
 ./lib/isc/win32/entropy.c			C	2000,2001,2002,2004,2007
-./lib/isc/win32/errno2result.c			C	2000,2001,2002,2004,2005,2007
+./lib/isc/win32/errno2result.c			C	2000,2001,2002,2004,2005,2007,2008
 ./lib/isc/win32/errno2result.h			C	2000,2001,2004,2005,2007
 ./lib/isc/win32/file.c				C	2000,2001,2002,2004,2007
 ./lib/isc/win32/fsaccess.c			C	2000,2001,2002,2004,2007

From cf5d7a50945386af1002d3fe556ade39160fb746 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 8 Aug 2008 06:28:59 +0000
Subject: [PATCH 099/135] update copyright notice

---
 lib/isc/include/isc/msgs.h   |  6 +++---
 lib/isc/win32/errno2result.c |  4 ++--
 lib/isc/win32/socket.c       | 18 +++++++++---------
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/lib/isc/include/isc/msgs.h b/lib/isc/include/isc/msgs.h
index 88505a5465..d8f2787a28 100644
--- a/lib/isc/include/isc/msgs.h
+++ b/lib/isc/include/isc/msgs.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: msgs.h,v 1.16 2008/08/08 05:06:49 marka Exp $ */
+/* $Id: msgs.h,v 1.17 2008/08/08 06:28:59 tbox Exp $ */
 
 #ifndef ISC_MSGS_H
 #define ISC_MSGS_H 1
@@ -57,7 +57,7 @@
 
 /*@{*/
 /*!
- * Message numbers  
+ * Message numbers
  * are only required to be unique per message set,
  * but are unique throughout the entire catalog to not be as confusing when
  * debugging.
diff --git a/lib/isc/win32/errno2result.c b/lib/isc/win32/errno2result.c
index 333c7c1591..bf25a2e188 100644
--- a/lib/isc/win32/errno2result.c
+++ b/lib/isc/win32/errno2result.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: errno2result.c,v 1.15 2008/08/08 05:06:49 marka Exp $ */
+/* $Id: errno2result.c,v 1.16 2008/08/08 06:28:59 tbox Exp $ */
 
 #include 
 
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index b1edd845f9..ede00c623a 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.63 2008/08/08 05:06:49 marka Exp $ */
+/* $Id: socket.c,v 1.64 2008/08/08 06:28:59 tbox Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -569,9 +569,9 @@ socket_event_minit(sock_event_list *evlist) {
 				ISC_LOGCATEGORY_GENERAL,
 				ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 				isc_msgcat, ISC_MSGSET_SOCKET,
-			        ISC_MSG_TOOMANYHANDLES,
+				ISC_MSG_TOOMANYHANDLES,
 				"%s: too many open WSA event handles: %s",
-			        "WSACreateEvent", strbuf);
+				"WSACreateEvent", strbuf);
 		return (ISC_R_UNEXPECTED);
 	}
 
@@ -902,9 +902,9 @@ socket_event_add(isc_socket_t *sock, long type) {
 				ISC_LOGCATEGORY_GENERAL,
 				ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 				isc_msgcat, ISC_MSGSET_SOCKET,
-			        ISC_MSG_TOOMANYHANDLES,
+				ISC_MSG_TOOMANYHANDLES,
 				"%s: too many open WSA event handles: %s",
-			        "WSACreateEvent", strbuf);
+				"WSACreateEvent", strbuf);
 		return (ISC_R_UNEXPECTED);
 	}
 	if (WSAEventSelect(sock->fd, hEvent, type) != 0) {
@@ -2275,15 +2275,15 @@ internal_accept(isc_socket_t *sock, int accept_errno) {
 					ISC_LOGCATEGORY_GENERAL,
 					ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 					isc_msgcat, ISC_MSGSET_SOCKET,
-				        ISC_MSG_TOOMANYFDS,
-				        "%s: too many open file descriptors",
-				        "accept");
+					ISC_MSG_TOOMANYFDS,
+					"%s: too many open file descriptors",
+					"accept");
 				goto soft_error;
 			} else if (SOFT_ERROR(accept_errno) ||
 				   accept_errno == WSAECONNRESET) {
 				goto soft_error;
 			} else {
-				isc__strerror(accept_errno, strbuf, 
+				isc__strerror(accept_errno, strbuf,
 					      sizeof(strbuf));
 				UNEXPECTED_ERROR(__FILE__, __LINE__,
 					 "internal_accept: accept() %s: %s",

From 387bca7a55c0581dc36edb4a5071cb5e1d1c34f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Sat, 9 Aug 2008 19:02:10 +0000
Subject: [PATCH 100/135] 2413.	[bug]		Fixed an unreachable code path
 in socket.c. [RT #18442]

---
 CHANGES               | 2 ++
 lib/isc/unix/socket.c | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9b908ff652..e3728c884d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2413.	[bug]		Fixed an unreachable code path in socket.c. [RT #18442]
+
 2412.	[bug]		win32: address a resourse leak. [RT #18374]
 
 2411.	[bug]		Allow using a larger number of sockets than FD_SETSIZE
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 975c707b03..c5913f4263 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.297 2008/08/07 23:47:34 tbox Exp $ */
+/* $Id: socket.c,v 1.298 2008/08/09 19:02:10 jinmei Exp $ */
 
 /*! \file */
 
@@ -3138,7 +3138,7 @@ process_ctlfd(isc_socketmgr_t *manager) {
 		 * Nothing to read?
 		 */
 		if (msg == SELECT_POKE_NOTHING)
-			return (ISC_FALSE);
+			break;
 
 		/*
 		 * Handle shutdown message.  We really should

From 2128c24c026cb9c2aa706be67588bfdd62ce7fec Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Sat, 9 Aug 2008 23:18:35 +0000
Subject: [PATCH 101/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index b3b655681f..a1e3e238ab 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -148,6 +148,7 @@ rt18335				new	fdupont	// 2008-07-20 11:50 +0000
 rt18336				new	fdupont	// 2008-07-21 13:51 +0000
 rt18336p1			new	
 rt18344				new	
+rt18348				new	fdupont	// 2008-08-09 08:31 +0000
 rt18358				new	fdupont	// 2008-07-23 22:35 +0000
 rt18370				new	mayer	// 2008-07-29 01:55 +0000
 rt18374				new	mayer	// 2008-07-28 02:48 +0000
@@ -191,6 +192,7 @@ v9_4				active
 v9_4_1_P1_lruttl		active	
 v9_4_1_patch			active		// security fixes 9.4.1 only
 v9_4_2_P1			new	each	// 2008-05-22 21:12 +0000
+v9_4_2_P2_W1			new	mayer	// 2008-08-09 19:33 +0000
 v9_4_2_patch			new	
 v9_5				new	marka	// 2008-01-02 04:47 +0000
 v9_5_0_patch			new	

From 2b9067ffb0e86a43e173313909e8a8a25c40495c Mon Sep 17 00:00:00 2001
From: Jeremy Reed 
Date: Tue, 12 Aug 2008 14:40:26 +0000
Subject: [PATCH 102/135] Remove an extra space before period at end of line.
 Reword one sentence (to not say "number" twice). Capitalize RDATA to be
 consistent. Fix one mispelled word.

---
 doc/arm/Bv9ARM-book.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index ad30cf4a80..bc2ea20995 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   BIND 9 Administrator Reference Manual
 
@@ -7430,7 +7430,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 		  field is specified in days if the base interval is
 		  greater than 7 days otherwise it is specified in hours.
 		  The default base interval is 30 days
-		  giving a re-signing interval of 7 1/2 days .  The maximum
+		  giving a re-signing interval of 7 1/2 days.  The maximum
 		  values are 10 years (3660 days).
 		
 		
@@ -7451,7 +7451,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 	      sig-signing-nodes
 	      
 		
-		  Specify the number of maximum number nodes to be
+		  Specify the maximum number of nodes to be
 		  examined in each quantum when signing a zone with
 		  a new DNSKEY. The default is
 		  100.
@@ -7475,7 +7475,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 	      sig-signing-type
 	      
 		
-		  Specify a private rdata type to be used when generating
+		  Specify a private RDATA type to be used when generating
 		  key signing records.  The default is
 		  65535.
 		
@@ -7584,7 +7584,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
               
 		These set the
 		  initial value (minimum) and maximum number of recursive
-		  simultanious clients for any given query
+		  simultaneous clients for any given query
 		  (<qname,qtype,qclass>) that the server will accept
 		  before dropping additional clients.  named will attempt to
 		  self tune this value and changes will be logged.  The

From 2914684df93e6c3aa4d402b5a14fbe6137f538ae Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 13 Aug 2008 01:12:16 +0000
Subject: [PATCH 103/135] regen

---
 doc/arm/Bv9ARM.ch06.html | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 38d0de4c21..4e8a1f5328 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -4154,7 +4154,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   field is specified in days if the base interval is
                   greater than 7 days otherwise it is specified in hours.
                   The default base interval is 30 days
-                  giving a re-signing interval of 7 1/2 days .  The maximum
+                  giving a re-signing interval of 7 1/2 days.  The maximum
                   values are 10 years (3660 days).
                 

 

@@ -4171,7 +4171,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
 
sig-signing-nodes

 

-                  Specify the number of maximum number nodes to be
+                  Specify the maximum number of nodes to be
                   examined in each quantum when signing a zone with
                   a new DNSKEY. The default is
                   100.
@@ -4186,7 +4186,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 
sig-signing-type

 

 

-                  Specify a private rdata type to be used when generating
+                  Specify a private RDATA type to be used when generating
                   key signing records.  The default is
                   65535.
                 

@@ -4274,7 +4274,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 

 
These set the
                   initial value (minimum) and maximum number of recursive
-                  simultanious clients for any given query
+                  simultaneous clients for any given query
                   (<qname,qtype,qclass>) that the server will accept
                   before dropping additional clients.  named will attempt to
                   self tune this value and changes will be logged.  The

From 515ada69db06a727ca1197e2aa1f6a286d278228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 13 Aug 2008 02:20:09 +0000
Subject: [PATCH 104/135] 2414.	[bug]		A masterdump context held the
 database lock too long, 			causing various troubles such
 as dead lock and 			recursive lock acquisition. [RT
 #18311, #18456]

---
 CHANGES              | 4 ++++
 lib/dns/masterdump.c | 5 ++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index e3728c884d..2d424fb08e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2414.	[bug]		A masterdump context held the database lock too long,
+			causing various troubles such as dead lock and
+			recursive lock acquisition. [RT #18311, #18456]
+
 2413.	[bug]		Fixed an unreachable code path in socket.c. [RT #18442]
 
 2412.	[bug]		win32: address a resourse leak. [RT #18374]
diff --git a/lib/dns/masterdump.c b/lib/dns/masterdump.c
index 7b9c12c2d5..2a41b883e8 100644
--- a/lib/dns/masterdump.c
+++ b/lib/dns/masterdump.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: masterdump.c,v 1.92 2008/04/09 21:39:46 explorer Exp $ */
+/* $Id: masterdump.c,v 1.93 2008/08/13 02:20:09 jinmei Exp $ */
 
 /*! \file */
 
@@ -1422,12 +1422,11 @@ dumptostreaminc(dns_dumpctx_t *dctx) {
 				      "dumptostreaminc(%p) new nodes -> %d\n",
 				      dctx, dctx->nodes);
 		}
-		result = dns_dbiterator_pause(dctx->dbiter);
-		RUNTIME_CHECK(result == ISC_R_SUCCESS);
 		result = DNS_R_CONTINUE;
 	} else if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
  fail:
+	RUNTIME_CHECK(dns_dbiterator_pause(dctx->dbiter) == ISC_R_SUCCESS);
 	isc_mem_put(dctx->mctx, buffer.base, buffer.length);
 	return (result);
 }

From 52d5489b9563ae7a0b89aafbce6829802255b151 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 13 Aug 2008 02:28:45 +0000
Subject: [PATCH 105/135] 2415.	[bug]		'rndc dumpdb' could trigger
 various assertion failures 			in rbtdb.c. [RT #18455]

---
 CHANGES         |  3 ++
 lib/dns/rbtdb.c | 90 ++++++++++++++++++++++++++++---------------------
 2 files changed, 54 insertions(+), 39 deletions(-)

diff --git a/CHANGES b/CHANGES
index 2d424fb08e..6ba860404d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2415.	[bug]		'rndc dumpdb' could trigger various assertion failures
+			in rbtdb.c. [RT #18455]
+
 2414.	[bug]		A masterdump context held the database lock too long,
 			causing various troubles such as dead lock and
 			recursive lock acquisition. [RT #18311, #18456]
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 135f9774de..3c6825ade8 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.261 2008/06/04 01:11:05 jinmei Exp $ */
+/* $Id: rbtdb.c,v 1.262 2008/08/13 02:28:45 jinmei Exp $ */
 
 /*! \file */
 
@@ -1439,6 +1439,49 @@ new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
 	INSIST(noderefs != 0);
 }
 
+/*
+ * This function is assumed to be called when a node is newly referenced
+ * and can be in the deadnode list.  In that case the node must be retrieved
+ * from the list because the it is going to be used.  In addition, if the caller
+ * happens to hold a write lock on the tree, it's a good chance to purge dead
+ * nodes.
+ * Note: while a new reference is gained in multiple places, there are only very
+ * few cases where the node can be in the deadnode list (only empty nodes can
+ * have been added to the list).
+ */
+static inline void
+reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+		isc_rwlocktype_t treelocktype)
+{
+	isc_boolean_t need_relock = ISC_FALSE;
+
+	NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock);
+	new_reference(rbtdb, node);
+
+	NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock,
+		      isc_rwlocktype_read);
+	if (ISC_LINK_LINKED(node, deadlink))
+		need_relock = ISC_TRUE;
+	else if (!ISC_LIST_EMPTY(rbtdb->deadnodes[node->locknum]) &&
+		 treelocktype == isc_rwlocktype_write)
+		need_relock = ISC_TRUE;
+	NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock,
+			isc_rwlocktype_read);
+	if (need_relock) {
+		NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock,
+			      isc_rwlocktype_write);
+		if (ISC_LINK_LINKED(node, deadlink))
+			ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum],
+					node, deadlink);
+		if (treelocktype == isc_rwlocktype_write)
+			cleanup_dead_nodes(rbtdb, node->locknum);
+		NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock,
+				isc_rwlocktype_write);
+	}
+
+	NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock);
+}
+
 /*
  * Caller must be holding the node lock; either the "strong", read or write
  * lock.  Note that the lock must be held even when node references are
@@ -1561,6 +1604,7 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 							   sizeof(printname)));
 		}
 
+		INSIST(!ISC_LINK_LINKED(node, deadlink));
 		result = dns_rbt_deletenode(rbtdb->tree, node, ISC_FALSE);
 		if (result != ISC_R_SUCCESS)
 			isc_log_write(dns_lctx, DNS_LOGCATEGORY_DATABASE,
@@ -2000,7 +2044,6 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 	dns_name_t nodename;
 	isc_result_t result;
 	isc_rwlocktype_t locktype = isc_rwlocktype_read;
-	isc_boolean_t need_relock;
 
 	REQUIRE(VALID_RBTDB(rbtdb));
 
@@ -2045,40 +2088,7 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 			return (result);
 		}
 	}
-	NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock);
-	new_reference(rbtdb, node);
-
-	/*
-	 * If the node just found is in the deadnode list, we need to retrieve
-	 * it from the list because we are going to use the node.  There are
-	 * other cases where a node is newly referenced, but this should be
-	 * the only case where it can be in the deadnode list.  Also, if we
-	 * happen to hold a write lock on the tree, it's a good chance to purge
-	 * dead nodes.
-	 */
-	need_relock = ISC_FALSE;
-	NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock,
-		      isc_rwlocktype_read);
-	if (ISC_LINK_LINKED(node, deadlink))
-		need_relock = ISC_TRUE;
-	else if (!ISC_LIST_EMPTY(rbtdb->deadnodes[node->locknum]) &&
-		 locktype == isc_rwlocktype_write)
-		need_relock = ISC_TRUE;
-	NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock,
-			isc_rwlocktype_read);
-	if (need_relock) {
-		NODE_WEAKLOCK(&rbtdb->node_locks[node->locknum].lock,
-			      isc_rwlocktype_write);
-		if (ISC_LINK_LINKED(node, deadlink))
-			ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum],
-					node, deadlink);
-		if (locktype == isc_rwlocktype_write)
-			cleanup_dead_nodes(rbtdb, node->locknum);
-		NODE_WEAKUNLOCK(&rbtdb->node_locks[node->locknum].lock,
-				isc_rwlocktype_write);
-	}
-
-	NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock);
+	reactivate_node(rbtdb, node, locktype);
 	RWUNLOCK(&rbtdb->tree_lock, locktype);
 
 	*nodep = (dns_dbnode_t *)node;
@@ -3475,6 +3485,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 		 * search->zonecut_rdataset will still be valid later.
 		 */
 		new_reference(search->rbtdb, node);
+		INSIST(!ISC_LINK_LINKED(node, deadlink));
 		search->zonecut = node;
 		search->zonecut_rdataset = dname_header;
 		search->zonecut_sigrdataset = sigdname_header;
@@ -4019,6 +4030,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 		if (nsheader != NULL) {
 			if (nodep != NULL) {
 				new_reference(search.rbtdb, node);
+				INSIST(!ISC_LINK_LINKED(node, deadlink));
 				*nodep = node;
 			}
 			bind_rdataset(search.rbtdb, node, nsheader, search.now,
@@ -4048,6 +4060,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
 
 	if (nodep != NULL) {
 		new_reference(search.rbtdb, node);
+		INSIST(!ISC_LINK_LINKED(node, deadlink));
 		*nodep = node;
 	}
 
@@ -4261,6 +4274,7 @@ cache_findzonecut(dns_db_t *db, dns_name_t *name, unsigned int options,
 
 	if (nodep != NULL) {
 		new_reference(search.rbtdb, node);
+		INSIST(!ISC_LINK_LINKED(node, deadlink));
 		*nodep = node;
 	}
 
@@ -6809,9 +6823,7 @@ reference_iter_node(rbtdb_dbiterator_t *rbtdbiter) {
 		return;
 
 	INSIST(rbtdbiter->tree_locked != isc_rwlocktype_none);
-	NODE_STRONGLOCK(&rbtdb->node_locks[node->locknum].lock);
-	new_reference(rbtdb, node);
-	NODE_STRONGUNLOCK(&rbtdb->node_locks[node->locknum].lock);
+	reactivate_node(rbtdb, node, rbtdbiter->tree_locked);
 }
 
 static inline void

From cf225ed6cd51f9acc901a60520a9368e14224a4d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 13 Aug 2008 23:44:18 +0000
Subject: [PATCH 106/135] 2416.	[func]		Log file descriptors that
 cause exceeding the 			internal maximum. [RT #18460]

---
 CHANGES               |  3 +++
 lib/isc/unix/socket.c | 10 ++++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6ba860404d..b22b621027 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2416.	[func]		Log file descriptors that cause exceeding the
+			internal maximum. [RT #18460]
+
 2415.	[bug]		'rndc dumpdb' could trigger various assertion failures
 			in rbtdb.c. [RT #18455]
 
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index c5913f4263..e600cdb17d 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.298 2008/08/09 19:02:10 jinmei Exp $ */
+/* $Id: socket.c,v 1.299 2008/08/13 23:44:18 jinmei Exp $ */
 
 /*! \file */
 
@@ -1874,7 +1874,8 @@ opensocket(isc_socketmgr_t *manager, isc_socket_t *sock) {
 			       ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 			       isc_msgcat, ISC_MSGSET_SOCKET,
 			       ISC_MSG_TOOMANYFDS,
-			       "%s: too many open file descriptors", "socket");
+			       "socket: file descriptor exceeds limit (%d/%u)",
+			       sock->fd, manager->maxsocks);
 		return (ISC_R_NORESOURCES);
 	}
 
@@ -2625,8 +2626,9 @@ internal_accept(isc_task_t *me, isc_event_t *ev) {
 				       ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
 				       isc_msgcat, ISC_MSGSET_SOCKET,
 				       ISC_MSG_TOOMANYFDS,
-				       "%s: too many open file descriptors",
-				       "accept");
+				       "accept: "
+				       "file descriptor exceeds limit (%d/%u)",
+				       fd, manager->maxsocks);
 			(void)close(fd);
 			goto soft_error;
 		}

From e2fe1fda755f24f593406dc26fed87e8ea1bb502 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 15 Aug 2008 17:29:52 +0000
Subject: [PATCH 107/135] 2417.	[bug]		Connecting UDP sockets for
 outgoing queries could 			unexpectedly fail with an
 'address already in use' 			error. [RT #18411]

---
 CHANGES            |   4 ++
 lib/dns/dispatch.c | 137 +++++++++++++++++++++++++++------------------
 2 files changed, 86 insertions(+), 55 deletions(-)

diff --git a/CHANGES b/CHANGES
index b22b621027..568a42e0ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2417.	[bug]		Connecting UDP sockets for outgoing queries could
+			unexpectedly fail with an 'address already in use'
+			error. [RT #18411]
+
 2416.	[func]		Log file descriptors that cause exceeding the
 			internal maximum. [RT #18460]
 
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 1767c5523d..9166a924a4 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.150 2008/08/05 19:18:02 jinmei Exp $ */
+/* $Id: dispatch.c,v 1.151 2008/08/15 17:29:52 jinmei Exp $ */
 
 /*! \file */
 
@@ -49,6 +49,9 @@
 
 typedef ISC_LIST(dns_dispentry_t)	dns_displist_t;
 
+typedef struct dispsocket dispsocket_t;
+typedef ISC_LIST(dispsocket_t)		dispsocketlist_t;
+
 /* ARC4 Random generator state */
 typedef struct arc4ctx {
 	isc_uint8_t	i;
@@ -65,7 +68,7 @@ typedef struct dns_qid {
 	unsigned int	qid_increment;	/*%< id increment on collision */
 	isc_mutex_t	lock;
 	dns_displist_t	*qid_table;	/*%< the table itself */
-	dns_displist_t	*addr_table;	/*%< address/port table */
+	dispsocketlist_t *sock_table;	/*%< socket table */
 } dns_qid_t;
 
 struct dns_dispatchmgr {
@@ -127,15 +130,12 @@ struct dns_dispatchmgr {
 
 #define IS_PRIVATE(d)	(((d)->attributes & DNS_DISPATCHATTR_PRIVATE) != 0)
 
-typedef struct dispsocket dispsocket_t;
-
 struct dns_dispentry {
 	unsigned int			magic;
 	dns_dispatch_t		       *disp;
 	dns_messageid_t			id;
 	in_port_t			port;
 	unsigned int			bucket;
-	unsigned int			abucket;
 	isc_sockaddr_t			host;
 	isc_task_t		       *task;
 	isc_taskaction_t		action;
@@ -144,7 +144,6 @@ struct dns_dispentry {
 	dispsocket_t			*dispsocket;
 	ISC_LIST(dns_dispatchevent_t)	items;
 	ISC_LINK(dns_dispentry_t)	link;
-	ISC_LINK(dns_dispentry_t)	alink;
 };
 
 /*%
@@ -172,9 +171,13 @@ struct dispsocket {
 	unsigned int			magic;
 	isc_socket_t			*socket;
 	dns_dispatch_t			*disp;
+	isc_sockaddr_t			host;
+	in_port_t			localport;
 	dns_dispentry_t			*resp;
 	isc_task_t			*task;
 	ISC_LINK(dispsocket_t)		link;
+	unsigned int			bucket;
+	ISC_LINK(dispsocket_t)		blink;
 };
 
 #define INVALID_BUCKET		(0xffffdead)
@@ -261,9 +264,8 @@ struct dns_dispatch {
 /*
  * Statics.
  */
-static dns_dispentry_t *bucket_search(dns_qid_t *, dns_displist_t *,
-				      isc_sockaddr_t *, dns_messageid_t,
-				      in_port_t, unsigned int, isc_boolean_t);
+static dns_dispentry_t *entry_search(dns_qid_t *, isc_sockaddr_t *,
+				     dns_messageid_t, in_port_t, unsigned int);
 static isc_boolean_t destroy_disp_ok(dns_dispatch_t *);
 static void destroy_disp(isc_task_t *task, isc_event_t *event);
 static void destroy_dispsocket(dns_dispatch_t *, dispsocket_t **);
@@ -677,6 +679,30 @@ destroy_disp(isc_task_t *task, isc_event_t *event) {
 		destroy_mgr(&mgr);
 }
 
+/*%
+ * Find a dispsocket for socket address 'dest', and port number 'port'.
+ * Return NULL if no such entry exists.
+ */
+static dispsocket_t *
+socket_search(dns_qid_t *qid, isc_sockaddr_t *dest, in_port_t port,
+	      unsigned int bucket)
+{
+	dispsocket_t *dispsock;
+
+	REQUIRE(bucket < qid->qid_nbuckets);
+
+	dispsock = ISC_LIST_HEAD(qid->sock_table[bucket]);
+
+	while (dispsock != NULL) {
+		if (isc_sockaddr_equal(dest, &dispsock->host) &&
+		    dispsock->localport == port)
+			return (dispsock);
+		dispsock = ISC_LIST_NEXT(dispsock, blink);
+	}
+
+	return (NULL);
+}
+
 /*%
  * Make a new socket for a single dispatch with a random port number.
  * The caller must hold the disp->lock and qid->lock.
@@ -684,8 +710,7 @@ destroy_disp(isc_task_t *task, isc_event_t *event) {
 static isc_result_t
 get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 	       isc_socketmgr_t *sockmgr, dns_qid_t *qid,
-	       dispsocket_t **dispsockp, unsigned int *abucketp,
-	       in_port_t *portp)
+	       dispsocket_t **dispsockp, in_port_t *portp)
 {
 	int i;
 	isc_uint32_t r;
@@ -694,7 +719,7 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 	isc_result_t result = ISC_R_FAILURE;
 	in_port_t port;
 	isc_sockaddr_t localaddr;
-	unsigned int abucket = 0;
+	unsigned int bucket = 0;
 	dispsocket_t *dispsock;
 	unsigned int nports;
 	in_port_t *ports;
@@ -727,6 +752,7 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 		dispsock->task = NULL;
 		isc_task_attach(disp->task[r % disp->ntasks], &dispsock->task);
 		ISC_LINK_INIT(dispsock, link);
+		ISC_LINK_INIT(dispsock, blink);
 		dispsock->magic = DISPSOCK_MAGIC;
 	}
 
@@ -741,11 +767,9 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 							nports)];
 		isc_sockaddr_setport(&localaddr, port);
 
-		abucket = dns_hash(qid, dest, 0, port);
-		if (bucket_search(qid, qid->addr_table, dest, 0, port, abucket,
-				  ISC_TRUE) != NULL) {
+		bucket = dns_hash(qid, dest, 0, port);
+		if (socket_search(qid, dest, port, bucket) != NULL)
 			continue;
-		}
 
 		result = open_socket(sockmgr, &localaddr, 0, &sock);
 		if (result == ISC_R_SUCCESS || result != ISC_R_ADDRINUSE)
@@ -754,8 +778,11 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 
 	if (result == ISC_R_SUCCESS) {
 		dispsock->socket = sock;
+		dispsock->host = *dest;
+		dispsock->localport = port;
+		dispsock->bucket = bucket;
+		ISC_LIST_APPEND(qid->sock_table[bucket], dispsock, blink);
 		*dispsockp = dispsock;
-		*abucketp = abucket;
 		*portp = port;
 	} else {
 		/*
@@ -777,6 +804,7 @@ get_dispsocket(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 static void
 destroy_dispsocket(dns_dispatch_t *disp, dispsocket_t **dispsockp) {
 	dispsocket_t *dispsock;
+	dns_qid_t *qid;
 
 	/*
 	 * The dispatch must be locked.
@@ -790,6 +818,13 @@ destroy_dispsocket(dns_dispatch_t *disp, dispsocket_t **dispsockp) {
 	dispsock->magic = 0;
 	if (dispsock->socket != NULL)
 		isc_socket_detach(&dispsock->socket);
+	if (ISC_LINK_LINKED(dispsock, blink)) {
+		qid = DNS_QID(disp);
+		LOCK(&qid->lock);
+		ISC_LIST_UNLINK(qid->sock_table[dispsock->bucket], dispsock,
+				blink);
+		UNLOCK(&qid->lock);
+	}
 	if (dispsock->task != NULL)
 		isc_task_detach(&dispsock->task);
 	isc_mempool_put(disp->mgr->spool, dispsock);
@@ -804,6 +839,7 @@ destroy_dispsocket(dns_dispatch_t *disp, dispsocket_t **dispsockp) {
 static void
 deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) {
 	isc_result_t result;
+	dns_qid_t *qid;
 
 	/*
 	 * The dispatch must be locked.
@@ -818,6 +854,13 @@ deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) {
 		destroy_dispsocket(disp, &dispsock);
 	else {
 		result = isc_socket_close(dispsock->socket);
+
+		qid = DNS_QID(disp);
+		LOCK(&qid->lock);
+		ISC_LIST_UNLINK(qid->sock_table[dispsock->bucket], dispsock,
+				blink);
+		UNLOCK(&qid->lock);
+
 		if (result == ISC_R_SUCCESS)
 			ISC_LIST_APPEND(disp->inactivesockets, dispsock, link);
 		else {
@@ -834,23 +877,21 @@ deactivate_dispsocket(dns_dispatch_t *disp, dispsocket_t *dispsock) {
 
 /*
  * Find an entry for query ID 'id', socket address 'dest', and port number
- * 'port' in 'table'.
+ * 'port'.
  * Return NULL if no such entry exists.
  */
 static dns_dispentry_t *
-bucket_search(dns_qid_t *qid, dns_displist_t *table, isc_sockaddr_t *dest,
-	      dns_messageid_t id, in_port_t port, unsigned int bucket,
-	      isc_boolean_t ignoreid)
+entry_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id,
+	     in_port_t port, unsigned int bucket)
 {
 	dns_dispentry_t *res;
 
 	REQUIRE(bucket < qid->qid_nbuckets);
 
-	res = ISC_LIST_HEAD(table[bucket]);
+	res = ISC_LIST_HEAD(qid->qid_table[bucket]);
 
 	while (res != NULL) {
-		if ((ignoreid || res->id == id) &&
-		    isc_sockaddr_equal(dest, &res->host) &&
+		if (res->id == id && isc_sockaddr_equal(dest, &res->host) &&
 		    res->port == port) {
 			return (res);
 		}
@@ -1116,8 +1157,8 @@ udp_recv(isc_event_t *ev_in, dns_dispatch_t *disp, dispsocket_t *dispsock) {
 		bucket = dns_hash(qid, &ev->address, id, disp->localport);
 		LOCK(&qid->lock);
 		qidlocked = ISC_TRUE;
-		resp = bucket_search(qid, qid->qid_table, &ev->address, id,
-				     disp->localport, bucket, ISC_FALSE);
+		resp = entry_search(qid, &ev->address, id, disp->localport,
+				    bucket);
 		dispatch_log(disp, LVL(90),
 			     "search for response in bucket %d: %s",
 			     bucket, (resp == NULL ? "not found" : "found"));
@@ -1374,8 +1415,7 @@ tcp_recv(isc_task_t *task, isc_event_t *ev_in) {
 	 */
 	bucket = dns_hash(qid, &tcpmsg->address, id, disp->localport);
 	LOCK(&qid->lock);
-	resp = bucket_search(qid, qid->qid_table, &tcpmsg->address, id,
-			     disp->localport, bucket, ISC_FALSE);
+	resp = entry_search(qid, &tcpmsg->address, id, disp->localport, bucket);
 	dispatch_log(disp, LVL(90),
 		     "search for response in bucket %d: %s",
 		     bucket, (resp == NULL ? "not found" : "found"));
@@ -2127,7 +2167,7 @@ dispatch_find(dns_dispatchmgr_t *mgr, isc_sockaddr_t *local,
 static isc_result_t
 qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 	     unsigned int increment, dns_qid_t **qidp,
-	     isc_boolean_t needaddrtable)
+	     isc_boolean_t needsocktable)
 {
 	dns_qid_t *qid;
 	unsigned int i;
@@ -2149,11 +2189,11 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 		return (ISC_R_NOMEMORY);
 	}
 
-	qid->addr_table = NULL;
-	if (needaddrtable) {
-		qid->addr_table = isc_mem_get(mgr->mctx,
-					      buckets * sizeof(dns_displist_t));
-		if (qid->addr_table == NULL) {
+	qid->sock_table = NULL;
+	if (needsocktable) {
+		qid->sock_table = isc_mem_get(mgr->mctx, buckets *
+					      sizeof(dispsocketlist_t));
+		if (qid->sock_table == NULL) {
 			isc_mem_put(mgr->mctx, qid, sizeof(*qid));
 			isc_mem_put(mgr->mctx, qid->qid_table,
 				    buckets * sizeof(dns_displist_t));
@@ -2163,8 +2203,8 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 
 	result = isc_mutex_init(&qid->lock);
 	if (result != ISC_R_SUCCESS) {
-		if (qid->addr_table != NULL) {
-			isc_mem_put(mgr->mctx, qid->addr_table,
+		if (qid->sock_table != NULL) {
+			isc_mem_put(mgr->mctx, qid->sock_table,
 				    buckets * sizeof(dns_displist_t));
 		}
 		isc_mem_put(mgr->mctx, qid->qid_table,
@@ -2175,8 +2215,8 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 
 	for (i = 0; i < buckets; i++) {
 		ISC_LIST_INIT(qid->qid_table[i]);
-		if (qid->addr_table != NULL)
-			ISC_LIST_INIT(qid->addr_table[i]);
+		if (qid->sock_table != NULL)
+			ISC_LIST_INIT(qid->sock_table[i]);
 	}
 
 	qid->qid_nbuckets = buckets;
@@ -2199,8 +2239,8 @@ qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp) {
 	qid->magic = 0;
 	isc_mem_put(mctx, qid->qid_table,
 		    qid->qid_nbuckets * sizeof(dns_displist_t));
-	if (qid->addr_table != NULL) {
-		isc_mem_put(mctx, qid->addr_table,
+	if (qid->sock_table != NULL) {
+		isc_mem_put(mctx, qid->sock_table,
 			    qid->qid_nbuckets * sizeof(dns_displist_t));
 	}
 	DESTROYLOCK(&qid->lock);
@@ -2739,7 +2779,6 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 {
 	dns_dispentry_t *res;
 	unsigned int bucket;
-	unsigned int abucket;
 	in_port_t localport = 0;
 	dns_messageid_t id;
 	int i;
@@ -2813,14 +2852,13 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 		 * Get a separate UDP socket with a random port number.
 		 */
 		result = get_dispsocket(disp, dest, sockmgr, qid, &dispsocket,
-					&abucket, &localport);
+					&localport);
 		if (result != ISC_R_SUCCESS) {
 			UNLOCK(&qid->lock);
 			UNLOCK(&disp->lock);
 			return (result);
 		}
 	} else {
-		abucket = 0;	/* meaningless, but set explicitly */
 		localport = disp->localport;
 	}
 
@@ -2831,8 +2869,7 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 	bucket = dns_hash(qid, dest, id, localport);
 	ok = ISC_FALSE;
 	for (i = 0; i < 64; i++) {
-		if (bucket_search(qid, qid->qid_table, dest, id, localport,
-				  bucket, ISC_FALSE) == NULL) {
+		if (entry_search(qid, dest, id, localport, bucket) == NULL) {
 			ok = ISC_TRUE;
 			break;
 		}
@@ -2864,7 +2901,6 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 	res->id = id;
 	res->port = localport;
 	res->bucket = bucket;
-	res->abucket = abucket;
 	res->host = *dest;
 	res->action = action;
 	res->arg = arg;
@@ -2874,11 +2910,8 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 	res->item_out = ISC_FALSE;
 	ISC_LIST_INIT(res->items);
 	ISC_LINK_INIT(res, link);
-	ISC_LINK_INIT(res, alink);
 	res->magic = RESPONSE_MAGIC;
 	ISC_LIST_APPEND(qid->qid_table[bucket], res, link);
-	if (dispsocket != NULL)
-		ISC_LIST_APPEND(qid->addr_table[abucket], res, alink);
 	UNLOCK(&qid->lock);
 
 	request_log(disp, res, LVL(90),
@@ -2890,10 +2923,6 @@ dns_dispatch_addresponse2(dns_dispatch_t *disp, isc_sockaddr_t *dest,
 		if (result != ISC_R_SUCCESS) {
 			LOCK(&qid->lock);
 			ISC_LIST_UNLINK(qid->qid_table[bucket], res, link);
-			if (ISC_LINK_LINKED(res, alink)) {
-				ISC_LIST_UNLINK(qid->addr_table[abucket], res,
-						alink);
-			}
 			UNLOCK(&qid->lock);
 
 			if (dispsocket != NULL)
@@ -3008,8 +3037,6 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
 
 	LOCK(&qid->lock);
 	ISC_LIST_UNLINK(qid->qid_table[bucket], res, link);
-	if (ISC_LINK_LINKED(res, alink))
-		ISC_LIST_UNLINK(qid->addr_table[res->abucket], res, alink);
 	UNLOCK(&qid->lock);
 
 	if (ev == NULL && res->item_out) {

From b55dc7da2e2d1b92e92fdb5da8991d73dcfc6819 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 15 Aug 2008 17:47:18 +0000
Subject: [PATCH 108/135] typo: s/dns_displist_t/dispsocketlist_t/

---
 lib/dns/dispatch.c | 6 +++---
 lib/dns/xfrin.c    | 3 ++-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index 9166a924a4..dd17d3524e 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.151 2008/08/15 17:29:52 jinmei Exp $ */
+/* $Id: dispatch.c,v 1.152 2008/08/15 17:47:18 jinmei Exp $ */
 
 /*! \file */
 
@@ -2205,7 +2205,7 @@ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
 	if (result != ISC_R_SUCCESS) {
 		if (qid->sock_table != NULL) {
 			isc_mem_put(mgr->mctx, qid->sock_table,
-				    buckets * sizeof(dns_displist_t));
+				    buckets * sizeof(dispsocketlist_t));
 		}
 		isc_mem_put(mgr->mctx, qid->qid_table,
 			    buckets * sizeof(dns_displist_t));
@@ -2241,7 +2241,7 @@ qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp) {
 		    qid->qid_nbuckets * sizeof(dns_displist_t));
 	if (qid->sock_table != NULL) {
 		isc_mem_put(mctx, qid->sock_table,
-			    qid->qid_nbuckets * sizeof(dns_displist_t));
+			    qid->qid_nbuckets * sizeof(dispsocketlist_t));
 	}
 	DESTROYLOCK(&qid->lock);
 	isc_mem_put(mctx, qid, sizeof(*qid));
diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index 681aede38f..f02d95b2e6 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.162 2008/07/28 23:47:22 tbox Exp $ */
+/* $Id: xfrin.c,v 1.163 2008/08/15 17:47:18 jinmei Exp $ */
 
 /*! \file */
 
@@ -874,6 +874,7 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
 	isc_socket_setname(xfr->socket, "xfrin", NULL);
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
 	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr,
+
 			      ISC_SOCKET_REUSEADDRESS));
 #endif
 	CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,

From 57f8a60b21af44293e0c8afd62c31aa5f53cee66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 15 Aug 2008 17:52:53 +0000
Subject: [PATCH 109/135] canceled the privious commit (which was made by
 accident)

---
 lib/dns/xfrin.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/dns/xfrin.c b/lib/dns/xfrin.c
index f02d95b2e6..06b539981c 100644
--- a/lib/dns/xfrin.c
+++ b/lib/dns/xfrin.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrin.c,v 1.163 2008/08/15 17:47:18 jinmei Exp $ */
+/* $Id: xfrin.c,v 1.164 2008/08/15 17:52:53 jinmei Exp $ */
 
 /*! \file */
 
@@ -874,7 +874,6 @@ xfrin_start(dns_xfrin_ctx_t *xfr) {
 	isc_socket_setname(xfr->socket, "xfrin", NULL);
 #ifndef BROKEN_TCP_BIND_BEFORE_CONNECT
 	CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr,
-
 			      ISC_SOCKET_REUSEADDRESS));
 #endif
 	CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,

From b049b8ce6a70f13f8cc8e33bfb16e1871282f700 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Fri, 15 Aug 2008 19:36:49 +0000
Subject: [PATCH 110/135] 2418.	[bug]		AXFR request on a DLZ could
 trigger a REQUIRE failure 			[RT #18430]

---
 CHANGES            | 3 +++
 bin/named/xfrout.c | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 568a42e0ed..cc950daf1c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2418.	[bug]		AXFR request on a DLZ could trigger a REQUIRE failure
+			[RT #18430]
+
 2417.	[bug]		Connecting UDP sockets for outgoing queries could
 			unexpectedly fail with an 'address already in use'
 			error. [RT #18411]
diff --git a/bin/named/xfrout.c b/bin/named/xfrout.c
index ba6ae3f227..befd09ef8a 100644
--- a/bin/named/xfrout.c
+++ b/bin/named/xfrout.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.c,v 1.128 2008/04/03 06:09:04 tbox Exp $ */
+/* $Id: xfrout.c,v 1.129 2008/08/15 19:36:49 jinmei Exp $ */
 
 #include 
 
@@ -1333,7 +1333,8 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
 	xfr->zone = NULL;
 	xfr->db = NULL;
 	xfr->ver = NULL;
-	dns_zone_attach(zone, &xfr->zone);
+	if (zone != NULL)	/* zone will be NULL if it's DLZ */
+		dns_zone_attach(zone, &xfr->zone);
 	dns_db_attach(db, &xfr->db);
 	dns_db_attachversion(db, ver, &xfr->ver);
 	xfr->end_of_stream = ISC_FALSE;

From 98fb3282eddf6479ea0305cb8c85abe7a6b248ea Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 15 Aug 2008 23:18:24 +0000
Subject: [PATCH 111/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index a1e3e238ab..12e7b537c2 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -154,6 +154,8 @@ rt18370				new	mayer	// 2008-07-29 01:55 +0000
 rt18374				new	mayer	// 2008-07-28 02:48 +0000
 rt18374_v9_5			new	mayer	// 2008-07-28 13:32 +0000
 rt18411				new	
+rt18441				new	each	// 2008-08-15 17:02 +0000
+rt18493				new	
 shane_dbbackend			open	
 skan				open	explorer
 skan-metazones1			private	explorer

From cf5b250294fdce85819e1e88e52e202f5edb0c31 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Sat, 16 Aug 2008 23:18:24 +0000
Subject: [PATCH 112/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 12e7b537c2..cc905ef915 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -189,6 +189,7 @@ v9_3_2_patch			active		// security fixes 9.3.2 only
 v9_3_4-cisco			active	
 v9_3_4_patch			active		// security fixes 9.3.4 only
 v9_3_5_P1			new	each	// 2008-05-22 20:42 +0000
+v9_3_5_P2_W1			new	mayer	// 2008-08-16 03:50 +0000
 v9_3_5_patch			new	
 v9_4				active	
 v9_4_1_P1_lruttl		active	
@@ -197,6 +198,7 @@ v9_4_2_P1			new	each	// 2008-05-22 21:12 +0000
 v9_4_2_P2_W1			new	mayer	// 2008-08-09 19:33 +0000
 v9_4_2_patch			new	
 v9_5				new	marka	// 2008-01-02 04:47 +0000
+v9_5_0_P2_W1			new	mayer	// 2008-08-16 21:14 +0000
 v9_5_0_patch			new	
 
 

From 2f420f33bbd5a84eee03b5f9b608e79acf06cb29 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 20 Aug 2008 06:16:07 +0000
Subject: [PATCH 113/135] 2419.   [cleanup]       Document that
 isc_socket_create() and isc_socket_open()                         should not
 be used for isc_sockettype_fdwatch sockets.                         [RT
 #18521]

---
 CHANGES                      |  8 ++++++++
 lib/isc/include/isc/socket.h | 17 ++++++++++++++++-
 lib/isc/unix/socket.c        | 10 ++++++++--
 lib/isc/win32/socket.c       |  5 ++++-
 4 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index cc950daf1c..d7691a70c7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
+			should not be used for isc_sockettype_fdwatch sockets.
+			[RT #18521]
+
 2418.	[bug]		AXFR request on a DLZ could trigger a REQUIRE failure
 			[RT #18430]
 
@@ -37,6 +41,10 @@
 2406.	[bug]		Sockets could be closed too early, leading to
 			inconsistent states in the socket module. [RT #18298]
 
+xxxx.	[bug]		Connecting UDP sockets for outgoing queries could
+			unexpectedly fail with an 'address already in use'
+			error.
+
 2405.   [cleanup]       The default value for dnssec-validation was changed to
                         "yes" in 9.5.0-P1 and all subsequent releases; this
                         was inadvertently omitted from CHANGES at the time.
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 600cf977a3..94155f2651 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.81 2008/07/23 23:47:07 tbox Exp $ */
+/* $Id: socket.h,v 1.82 2008/08/20 06:16:05 marka Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -245,6 +245,9 @@ isc_socket_create(isc_socketmgr_t *manager,
 /*%<
  * Create a new 'type' socket managed by 'manager'.
  *
+ * For isc_sockettype_fdwatch sockets you should use isc_socket_fdwatchcreate()
+ * rather than isc_socket_create().
+ *
  * Note:
  *
  *\li	'pf' is the desired protocol family, e.g. PF_INET or PF_INET6.
@@ -255,6 +258,8 @@ isc_socket_create(isc_socketmgr_t *manager,
  *
  *\li	'socketp' is a valid pointer, and *socketp == NULL
  *
+ *\li	'type' is not isc_sockettype_fdwatch
+ *
  * Ensures:
  *
  *	'*socketp' is attached to the newly created socket
@@ -378,12 +383,17 @@ isc_socket_open(isc_socket_t *sock);
  * one.  This optimization may not be available for some systems, in which
  * case this function will return ISC_R_NOTIMPLEMENTED and must not be used.
  *
+ * isc_socket_open() should not be called on sockets created by
+ * isc_socket_fdwatchcreate().
+ *
  * Requires:
  *
  * \li	there must be no other reference to this socket.
  *
  * \li	'socket' is a valid and previously closed by isc_socket_close()
  *
+ * \li  'sock->type' is not isc_sockettype_fdwatch
+ *
  * Returns:
  *	Same as isc_socket_create().
  * \li	ISC_R_NOTIMPLEMENTED
@@ -399,6 +409,9 @@ isc_socket_close(isc_socket_t *sock);
  * systems, in which case this function will return ISC_R_NOTIMPLEMENTED and
  * must not be used.
  *
+ * isc_socket_close() should not be called on sockets created by
+ * isc_socket_fdwatchcreate().
+ *
  * Requires:
  *
  * \li	The socket must have a valid descriptor.
@@ -407,6 +420,8 @@ isc_socket_close(isc_socket_t *sock);
  *
  * \li	There must be no pending I/O requests.
  *
+ * \li  'sock->type' is not isc_sockettype_fdwatch
+ *
  * Returns:
  * \li	#ISC_R_NOTIMPLEMENTED
  */
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index e600cdb17d..4c4f59edd3 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.299 2008/08/13 23:44:18 jinmei Exp $ */
+/* $Id: socket.c,v 1.300 2008/08/20 06:16:05 marka Exp $ */
 
 /*! \file */
 
@@ -1847,7 +1847,10 @@ opensocket(isc_socketmgr_t *manager, isc_socket_t *sock) {
 		sock->fd = socket(sock->pf, SOCK_STREAM, 0);
 		break;
 	case isc_sockettype_fdwatch:
-		INSIST(sock->type != isc_sockettype_fdwatch);
+		/*
+		 * We should not be called for isc_sockettype_fdwatch sockets.
+		 */
+		INSIST(0);
 		break;
 	}
 	if (sock->fd == -1 && errno == EINTR && tries++ < 42)
@@ -2062,6 +2065,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 
 	REQUIRE(VALID_MANAGER(manager));
 	REQUIRE(socketp != NULL && *socketp == NULL);
+	REQUIRE(type != isc_sockettype_fdwatch);
 
 	result = allocate_socket(manager, type, &sock);
 	if (result != ISC_R_SUCCESS)
@@ -2117,6 +2121,7 @@ isc_socket_open(isc_socket_t *sock) {
 
 	LOCK(&sock->lock);
 	REQUIRE(sock->references == 1);
+	REQUIRE(sock->type != isc_sockettype_fdwatch);
 	UNLOCK(&sock->lock);
 	/*
 	 * We don't need to retain the lock hereafter, since no one else has
@@ -2261,6 +2266,7 @@ isc_socket_close(isc_socket_t *sock) {
 
 	LOCK(&sock->lock);
 	REQUIRE(sock->references == 1);
+	REQUIRE(sock->type != isc_sockettype_fdwatch);
 	UNLOCK(&sock->lock);
 	/*
 	 * We don't need to retain the lock hereafter, since no one else has
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index ede00c623a..17c901f957 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.64 2008/08/08 06:28:59 tbox Exp $ */
+/* $Id: socket.c,v 1.65 2008/08/20 06:16:05 marka Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -1949,6 +1949,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 
 	REQUIRE(VALID_MANAGER(manager));
 	REQUIRE(socketp != NULL && *socketp == NULL);
+	REQUIRE(type != isc_sockettype_fdwatch);
 
 	result = allocate_socket(manager, type, &sock);
 	if (result != ISC_R_SUCCESS)
@@ -2090,6 +2091,7 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
 isc_result_t
 isc_socket_open(isc_socket_t *sock) {
 	REQUIRE(VALID_SOCKET(sock));
+	REQUIRE(sock->type != isc_sockettype_fdwatch);
 
 	return (ISC_R_NOTIMPLEMENTED);
 }
@@ -2135,6 +2137,7 @@ isc_socket_detach(isc_socket_t **socketp) {
 isc_result_t
 isc_socket_close(isc_socket_t *sock) {
 	REQUIRE(VALID_SOCKET(sock));
+	REQUIRE(sock->type != isc_sockettype_fdwatch);
 
 	return (ISC_R_NOTIMPLEMENTED);
 }

From 0cb666ecb4479eea9cafd24ededed747c33c6531 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Wed, 20 Aug 2008 23:18:32 +0000
Subject: [PATCH 114/135] auto update

---
 doc/private/branches | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index cc905ef915..584512bdba 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -190,15 +190,18 @@ v9_3_4-cisco			active
 v9_3_4_patch			active		// security fixes 9.3.4 only
 v9_3_5_P1			new	each	// 2008-05-22 20:42 +0000
 v9_3_5_P2_W1			new	mayer	// 2008-08-16 03:50 +0000
+v9_3_5_P2_danny			new	
 v9_3_5_patch			new	
 v9_4				active	
 v9_4_1_P1_lruttl		active	
 v9_4_1_patch			active		// security fixes 9.4.1 only
 v9_4_2_P1			new	each	// 2008-05-22 21:12 +0000
 v9_4_2_P2_W1			new	mayer	// 2008-08-09 19:33 +0000
+v9_4_2_P2_danny			new	
 v9_4_2_patch			new	
 v9_5				new	marka	// 2008-01-02 04:47 +0000
 v9_5_0_P2_W1			new	mayer	// 2008-08-16 21:14 +0000
+v9_5_0_P2_danny			new	
 v9_5_0_patch			new	
 
 

From 13d9b8ce94aee267761cd297a583e280df262d60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Wed, 20 Aug 2008 23:57:59 +0000
Subject: [PATCH 115/135] 2420.	[func]		Add new command line option
 '-S' for named to specify 			the max number of sockets. [RT
 #18493] 			Use caution: this option may not work for some
 			operating systems without rebuilding named.

---
 CHANGES                      |  9 +++++----
 bin/named/main.c             | 19 ++++++++++++++++---
 bin/named/named.docbook      | 30 +++++++++++++++++++++++++++++-
 lib/isc/include/isc/socket.h | 12 ++++++++++--
 lib/isc/unix/socket.c        | 24 ++++++++++++++++++------
 lib/isc/win32/libisc.def     |  1 +
 lib/isc/win32/socket.c       | 12 +++++++++++-
 7 files changed, 90 insertions(+), 17 deletions(-)

diff --git a/CHANGES b/CHANGES
index d7691a70c7..d40ee3c206 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+2420.	[func]		Add new command line option '-S' for named to specify
+			the max number of sockets. [RT #18493]
+			Use caution: this option may not work for some
+			operating systems without rebuilding named.
+
 2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
 			should not be used for isc_sockettype_fdwatch sockets.
 			[RT #18521]
@@ -41,10 +46,6 @@
 2406.	[bug]		Sockets could be closed too early, leading to
 			inconsistent states in the socket module. [RT #18298]
 
-xxxx.	[bug]		Connecting UDP sockets for outgoing queries could
-			unexpectedly fail with an 'address already in use'
-			error.
-
 2405.   [cleanup]       The default value for dnssec-validation was changed to
                         "yes" in 9.5.0-P1 and all subsequent releases; this
                         was inadvertently omitted from CHANGES at the time.
diff --git a/bin/named/main.c b/bin/named/main.c
index 50a44343e7..005485f619 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.162 2008/04/03 23:14:52 jinmei Exp $ */
+/* $Id: main.c,v 1.163 2008/08/20 23:57:59 jinmei Exp $ */
 
 /*! \file */
 
@@ -85,6 +85,7 @@ static char		program_name[ISC_DIR_NAMEMAX] = "named";
 static char		absolute_conffile[ISC_DIR_PATHMAX];
 static char		saved_command_line[512];
 static char		version[512];
+static unsigned int	maxsocks = 0;
 
 void
 ns_main_earlywarning(const char *format, ...) {
@@ -356,7 +357,8 @@ parse_command_line(int argc, char *argv[]) {
 
 	isc_commandline_errprint = ISC_FALSE;
 	while ((ch = isc_commandline_parse(argc, argv,
-				 "46c:C:d:fgi:lm:n:N:p:P:st:T:u:vx:")) != -1) {
+					   "46c:C:d:fgi:lm:n:N:p:P:"
+					   "sS:t:T:u:vx:")) != -1) {
 		switch (ch) {
 		case '4':
 			if (disable4)
@@ -435,6 +437,10 @@ parse_command_line(int argc, char *argv[]) {
 			/* XXXRTH temporary syntax */
 			want_stats = ISC_TRUE;
 			break;
+		case 'S':
+			maxsocks = parse_int(isc_commandline_argument,
+					     "max number of sockets");
+			break;
 		case 't':
 			/* XXXJAB should we make a copy? */
 			ns_g_chrootdir = isc_commandline_argument;
@@ -479,6 +485,7 @@ parse_command_line(int argc, char *argv[]) {
 static isc_result_t
 create_managers(void) {
 	isc_result_t result;
+	unsigned int socks;
 #ifdef ISC_PLATFORM_USETHREADS
 	unsigned int cpus_detected;
 #endif
@@ -510,13 +517,19 @@ create_managers(void) {
 		return (ISC_R_UNEXPECTED);
 	}
 
-	result = isc_socketmgr_create(ns_g_mctx, &ns_g_socketmgr);
+	result = isc_socketmgr_create2(ns_g_mctx, &ns_g_socketmgr, maxsocks);
 	if (result != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
 				 "isc_socketmgr_create() failed: %s",
 				 isc_result_totext(result));
 		return (ISC_R_UNEXPECTED);
 	}
+	result = isc_socketmgr_getmaxsockets(ns_g_socketmgr, &socks);
+	if (result == ISC_R_SUCCESS) {
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_SERVER,
+			      ISC_LOG_INFO, "using up to %u sockets", socks);
+	}
 
 	result = isc_entropy_create(ns_g_mctx, &ns_g_entropy);
 	if (result != ISC_R_SUCCESS) {
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index a60d149668..9273704601 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     June 30, 2000
@@ -64,6 +64,7 @@
       
       
       
+      
       
       
       
@@ -214,6 +215,33 @@
         
       
 
+      
+        -S #max-socks
+        
+	  
+	    Allow named to use up to
+	    #max-socks sockets.
+	  
+          
+            
+              This option should be unnecessary for the vast majority
+              of users.
+	      The use of this option could even be harmful because the
+              specified value may exceed the limitation of the
+              underlying system API.
+	      It is therefore set only when the default configuration
+              causes exhaustion of file descriptors and the
+              operational environment is known to support the
+              specified number of sockets.
+	      Note also that the actual maximum number is normally a little
+              fewer than the specified value because
+	      named reserves some file descriptors
+	      for its internal use.
+            
+          
+	
+      
+
       
         -t directory
         
diff --git a/lib/isc/include/isc/socket.h b/lib/isc/include/isc/socket.h
index 94155f2651..8c2271ebfc 100644
--- a/lib/isc/include/isc/socket.h
+++ b/lib/isc/include/isc/socket.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.h,v 1.82 2008/08/20 06:16:05 marka Exp $ */
+/* $Id: socket.h,v 1.83 2008/08/20 23:57:59 jinmei Exp $ */
 
 #ifndef ISC_SOCKET_H
 #define ISC_SOCKET_H 1
@@ -753,8 +753,15 @@ isc_socket_sendto2(isc_socket_t *sock, isc_region_t *region,
 
 isc_result_t
 isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp);
+
+isc_result_t
+isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
+		      unsigned int maxsocks);
 /*%<
- * Create a socket manager.
+ * Create a socket manager.  If "maxsocks" is non-zero, it specifies the
+ * maximum number of sockets that the created manager should handle.
+ * isc_socketmgr_create() is equivalent of isc_socketmgr_create2() with
+ * "maxsocks" being zero.
  *
  * Notes:
  *
@@ -775,6 +782,7 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp);
  *\li	#ISC_R_SUCCESS
  *\li	#ISC_R_NOMEMORY
  *\li	#ISC_R_UNEXPECTED
+ *\li	#ISC_R_NOTIMPLEMENTED
  */
 
 isc_result_t
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index 4c4f59edd3..c90503671b 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.300 2008/08/20 06:16:05 marka Exp $ */
+/* $Id: socket.c,v 1.301 2008/08/20 23:57:59 jinmei Exp $ */
 
 /*! \file */
 
@@ -140,16 +140,14 @@ struct isc_socketwait {
 
 #ifdef USE_SELECT
 /*%
- * Mac OS X needs a special definition to support larger values in select()
+ * Mac OS X needs a special definition to support larger values in select().
+ * We always define this because a larger value can be specified run-time.
  */
-#if ISC_SOCKET_MAXSOCKETS > FD_SETSIZE
 #ifdef __APPLE__
 #define _DARWIN_UNLIMITED_SELECT
 #endif	/* __APPLE__ */
-#endif	/* ISC_SOCKET_MAXSOCKETS > FD_SETSIZE */
 #endif	/* USE_SELECT */
 
-
 /*%
  * Size of per-FD lock buckets.
  */
@@ -3475,6 +3473,13 @@ cleanup_watcher(isc_mem_t *mctx, isc_socketmgr_t *manager) {
 
 isc_result_t
 isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
+	return (isc_socketmgr_create2(mctx, managerp, 0));
+}
+
+isc_result_t
+isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
+		      unsigned int maxsocks)
+{
 	int i;
 	isc_socketmgr_t *manager;
 #ifdef ISC_PLATFORM_USETHREADS
@@ -3486,19 +3491,26 @@ isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
 
 #ifndef ISC_PLATFORM_USETHREADS
 	if (socketmgr != NULL) {
+		/* Don't allow maxsocks to be updated */
+		if (maxsocks > 0 && socketmgr->maxsocks != maxsocks)
+			return (ISC_R_EXISTS);
+
 		socketmgr->refs++;
 		*managerp = socketmgr;
 		return (ISC_R_SUCCESS);
 	}
 #endif /* ISC_PLATFORM_USETHREADS */
 
+	if (maxsocks == 0)
+		maxsocks = ISC_SOCKET_MAXSOCKETS;
+
 	manager = isc_mem_get(mctx, sizeof(*manager));
 	if (manager == NULL)
 		return (ISC_R_NOMEMORY);
 
 	/* zero-clear so that necessary cleanup on failure will be easy */
 	memset(manager, 0, sizeof(*manager));
-	manager->maxsocks = ISC_SOCKET_MAXSOCKETS;
+	manager->maxsocks = maxsocks;
 	manager->fds = isc_mem_get(mctx,
 				   manager->maxsocks * sizeof(isc_socket_t *));
 	if (manager->fds == NULL) {
diff --git a/lib/isc/win32/libisc.def b/lib/isc/win32/libisc.def
index 94f1f2f336..2c46a1ae72 100644
--- a/lib/isc/win32/libisc.def
+++ b/lib/isc/win32/libisc.def
@@ -420,6 +420,7 @@ isc_socket_sendtov
 isc_socket_sendv
 isc_socket_setname
 isc_socketmgr_create
+isc_socketmgr_create2
 isc_socketmgr_destroy
 isc_socketmgr_getmaxsockets
 isc_stdio_close
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 17c901f957..d623cec906 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: socket.c,v 1.65 2008/08/20 06:16:05 marka Exp $ */
+/* $Id: socket.c,v 1.66 2008/08/20 23:57:59 jinmei Exp $ */
 
 /* This code has been rewritten to take advantage of Windows Sockets
  * I/O Completion Ports and Events. I/O Completion Ports is ONLY
@@ -2906,12 +2906,22 @@ event_wait(void *uap) {
  */
 isc_result_t
 isc_socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
+	return (isc_socketmgr_create2(mctx, managerp, maxsocks));
+}
+
+isc_result_t
+isc_socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
+		     unsigned int maxsocks)
+{
 	isc_socketmgr_t *manager;
 	events_thread_t *evthread = NULL;
 	isc_result_t result;
 
 	REQUIRE(managerp != NULL && *managerp == NULL);
 
+	if (maxsocks != 0)
+		return (ISC_R_NOTIMPLEMENTED);
+
 	manager = isc_mem_get(mctx, sizeof(*manager));
 	if (manager == NULL)
 		return (ISC_R_NOMEMORY);

From c4d99a62407cebca29653666ae11f87e4f56ebbc Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 21 Aug 2008 01:12:04 +0000
Subject: [PATCH 116/135] regen

---
 bin/named/named.8             | 19 ++++++++++++++--
 bin/named/named.html          | 43 +++++++++++++++++++++++++++--------
 doc/arm/man.named.html        | 43 +++++++++++++++++++++++++++--------
 doc/arm/man.nsupdate.html     | 14 ++++++------
 doc/arm/man.rndc-confgen.html | 12 +++++-----
 doc/arm/man.rndc.conf.html    | 12 +++++-----
 doc/arm/man.rndc.html         | 12 +++++-----
 7 files changed, 110 insertions(+), 45 deletions(-)

diff --git a/bin/named/named.8 b/bin/named/named.8
index f524901bdd..6eddf0e67b 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.8,v 1.34 2007/06/20 02:27:32 marka Exp $
+.\" $Id: named.8,v 1.35 2008/08/21 01:12:04 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,7 +33,7 @@
 named \- Internet domain name server
 .SH "SYNOPSIS"
 .HP 6
-\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-S\ \fR\fB\fI#max\-socks\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
 .SH "DESCRIPTION"
 .PP
 \fBnamed\fR
@@ -131,6 +131,21 @@ This option is mainly of interest to BIND 9 developers and may be removed or cha
 .RE
 .RE
 .PP
+\-S \fI#max\-socks\fR
+.RS 4
+Allow
+\fBnamed\fR
+to use up to
+\fI#max\-socks\fR
+sockets.
+.RS
+.B "Warning:"
+This option should be unnecessary for the vast majority of users. The use of this option could even be harmful because the specified value may exceed the limitation of the underlying system API. It is therefore set only when the default configuration causes exhaustion of file descriptors and the operational environment is known to support the specified number of sockets. Note also that the actual maximum number is normally a little fewer than the specified value because
+\fBnamed\fR
+reserves some file descriptors for its internal use.
+.RE
+.RE
+.PP
 \-t \fIdirectory\fR
 .RS 4
 Chroot to
diff --git a/bin/named/named.html b/bin/named/named.html
index cb89a6a07d..41e3756abc 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -29,10 +29,10 @@
 

 
Synopsis

-
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

+
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-x cache-file]

 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -47,7 +47,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -126,6 +126,31 @@
             

 

 
+
-S #max-socks

+

+

+	    Allow named to use up to
+	    #max-socks sockets.
+	  

+

+
Warning

+

+              This option should be unnecessary for the vast majority
+              of users.
+	      The use of this option could even be harmful because the
+              specified value may exceed the limitation of the
+              underlying system API.
+	      It is therefore set only when the default configuration
+              causes exhaustion of file descriptors and the
+              operational environment is known to support the
+              specified number of sockets.
+	      Note also that the actual maximum number is normally a little
+              fewer than the specified value because
+	      named reserves some file descriptors
+	      for its internal use.
+            

+

+

 
-t directory

 

 
Chroot
@@ -191,7 +216,7 @@
 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -212,7 +237,7 @@
     

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -221,7 +246,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -234,7 +259,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -247,7 +272,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 66032a1678..7c8d94b260 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -47,10 +47,10 @@
 

 
Synopsis

-
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-t directory] [-u user] [-v] [-x cache-file]

+
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-x cache-file]

 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -144,6 +144,31 @@
             

 

 
+
-S #max-socks

+

+

+	    Allow named to use up to
+	    #max-socks sockets.
+	  

+

+
Warning

+

+              This option should be unnecessary for the vast majority
+              of users.
+	      The use of this option could even be harmful because the
+              specified value may exceed the limitation of the
+              underlying system API.
+	      It is therefore set only when the default configuration
+              causes exhaustion of file descriptors and the
+              operational environment is known to support the
+              specified number of sockets.
+	      Note also that the actual maximum number is normally a little
+              fewer than the specified value because
+	      named reserves some file descriptors
+	      for its internal use.
+            

+

+

 
-t directory

 

 
Chroot
@@ -209,7 +234,7 @@
 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -230,7 +255,7 @@
     

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -239,7 +264,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -252,7 +277,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -265,7 +290,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 408557f463..5eb12964db 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [[-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -182,7 +182,7 @@
     

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -431,7 +431,7 @@
     

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -485,7 +485,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -504,7 +504,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2136,
       RFC3007,
       RFC2104,
@@ -517,7 +517,7 @@
     

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 235dd324bc..f3c9c9bb14 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index a22951087e..6c8b7b102c 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
rndc.conf 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index b15a38274d..0e4de77b9b 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From 1bfe8851c0a2eb1d7e15556bfa21291cd62ee2bc Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Thu, 21 Aug 2008 04:43:49 +0000
Subject: [PATCH 117/135] 2421.   [bug]           Handle the special return
 value of a empty node as                         if it was a NXRRSET in the
 validator. [RT #18447]

---
 CHANGES             | 3 +++
 lib/dns/validator.c | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index d40ee3c206..bc58180f8f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2421.	[bug]		Handle the special return value of a empty node as
+			if it was a NXRRSET in the validator. [RT #18447]
+
 2420.	[func]		Add new command line option '-S' for named to specify
 			the max number of sockets. [RT #18493]
 			Use caution: this option may not work for some
diff --git a/lib/dns/validator.c b/lib/dns/validator.c
index 3bbf0a12f4..87717401bb 100644
--- a/lib/dns/validator.c
+++ b/lib/dns/validator.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.160 2008/02/19 17:07:55 each Exp $ */
+/* $Id: validator.c,v 1.161 2008/08/21 04:43:49 marka Exp $ */
 
 #include 
 
@@ -939,6 +939,7 @@ view_find(dns_validator_t *val, dns_name_t *name, dns_rdatatype_t type) {
 	} else if (result != ISC_R_SUCCESS &&
 		   result != DNS_R_NCACHENXDOMAIN &&
 		   result != DNS_R_NCACHENXRRSET &&
+		   result != DNS_R_EMPTYNAME &&
 		   result != DNS_R_NXRRSET &&
 		   result != ISC_R_NOTFOUND) {
 		goto  notfound;
@@ -1196,6 +1197,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *siginfo) {
 		return (DNS_R_WAIT);
 	} else if (result ==  DNS_R_NCACHENXDOMAIN ||
 		   result == DNS_R_NCACHENXRRSET ||
+		   result == DNS_R_EMPTYNAME ||
 		   result == DNS_R_NXDOMAIN ||
 		   result == DNS_R_NXRRSET)
 	{
@@ -1803,8 +1805,9 @@ validatezonekey(dns_validator_t *val) {
 			if (result != ISC_R_SUCCESS)
 				return (result);
 			return (DNS_R_WAIT);
-		 } else if (result ==  DNS_R_NCACHENXDOMAIN ||
+		} else if (result ==  DNS_R_NCACHENXDOMAIN ||
 			   result == DNS_R_NCACHENXRRSET ||
+			   result == DNS_R_EMPTYNAME ||
 			   result == DNS_R_NXDOMAIN ||
 			   result == DNS_R_NXRRSET)
 		{
@@ -2462,6 +2465,7 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) {
 		}
 		if (result != DNS_R_NXRRSET &&
 		    result != DNS_R_NXDOMAIN &&
+		    result != DNS_R_EMPTYNAME &&
 		    result != DNS_R_NCACHENXRRSET &&
 		    result != DNS_R_NCACHENXDOMAIN)
 			return (result);

From 74d2d170a2ab1e1338f59e8ea24ba6439cc55b39 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 21 Aug 2008 23:18:31 +0000
Subject: [PATCH 118/135] auto update

---
 doc/private/branches | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/private/branches b/doc/private/branches
index 584512bdba..83cabcca37 100644
--- a/doc/private/branches
+++ b/doc/private/branches
@@ -191,6 +191,7 @@ v9_3_4_patch			active		// security fixes 9.3.4 only
 v9_3_5_P1			new	each	// 2008-05-22 20:42 +0000
 v9_3_5_P2_W1			new	mayer	// 2008-08-16 03:50 +0000
 v9_3_5_P2_danny			new	
+v9_3_5_P2_win32			new	each	// 2008-08-21 02:21 +0000
 v9_3_5_patch			new	
 v9_4				active	
 v9_4_1_P1_lruttl		active	
@@ -198,6 +199,7 @@ v9_4_1_patch			active		// security fixes 9.4.1 only
 v9_4_2_P1			new	each	// 2008-05-22 21:12 +0000
 v9_4_2_P2_W1			new	mayer	// 2008-08-09 19:33 +0000
 v9_4_2_P2_danny			new	
+v9_4_2_P2_win32			new	each	// 2008-08-21 00:20 +0000
 v9_4_2_patch			new	
 v9_5				new	marka	// 2008-01-02 04:47 +0000
 v9_5_0_P2_W1			new	mayer	// 2008-08-16 21:14 +0000

From c5a53da13bb2126dcbbd5b45ca4904eccafe6621 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 21 Aug 2008 23:30:27 +0000
Subject: [PATCH 119/135] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index 233c0e17dd..a6a69ac09e 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -141,7 +141,7 @@
 ./bin/named/named.conf.5			MAN	DOCBOOK
 ./bin/named/named.conf.docbook			SGML	2004,2005,2006,2007,2008
 ./bin/named/named.conf.html			HTML	DOCBOOK
-./bin/named/named.docbook			SGML	2000,2001,2003,2004,2005,2006,2007
+./bin/named/named.docbook			SGML	2000,2001,2003,2004,2005,2006,2007,2008
 ./bin/named/named.html				HTML	DOCBOOK
 ./bin/named/notify.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007
 ./bin/named/query.c				C	1999,2000,2001,2002,2003,2004,2005,2006,2007,2008

From 5422929ca0d62760b204f18cf830069ae3f3fc77 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 21 Aug 2008 23:47:18 +0000
Subject: [PATCH 120/135] update copyright notice

---
 bin/named/named.docbook | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index 9273704601..3948eb35cf 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       []>
 
 
-
+
 
   
     June 30, 2000
@@ -41,6 +41,7 @@
       2005
       2006
       2007
+      2008
       Internet Systems Consortium, Inc. ("ISC")
     
     

From 7278318053a0fb76238b7fa39e185c6c003b2722 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 22 Aug 2008 01:12:14 +0000
Subject: [PATCH 121/135] regen

---
 bin/named/named.8             |  6 +++---
 bin/named/named.html          | 18 +++++++++---------
 doc/arm/man.named.html        | 16 ++++++++--------
 doc/arm/man.nsupdate.html     | 14 +++++++-------
 doc/arm/man.rndc-confgen.html | 12 ++++++------
 doc/arm/man.rndc.conf.html    | 12 ++++++------
 doc/arm/man.rndc.html         | 12 ++++++------
 7 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/bin/named/named.8 b/bin/named/named.8
index 6eddf0e67b..54b1e00a9f 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.8,v 1.35 2008/08/21 01:12:04 tbox Exp $
+.\" $Id: named.8,v 1.36 2008/08/22 01:12:14 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -245,7 +245,7 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
 .br
diff --git a/bin/named/named.html b/bin/named/named.html
index 41e3756abc..eeef338fee 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,5 +1,5 @@
 
-
+
 
 
 
@@ -32,7 +32,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-x cache-file]

 

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -47,7 +47,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -216,7 +216,7 @@
 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -237,7 +237,7 @@
     

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -246,7 +246,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -259,7 +259,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -272,7 +272,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 7c8d94b260..7c18ed51da 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
named  [-4] [-6] [-c config-file] [-d debug-level] [-f] [-g] [-m flag] [-n #cpus] [-p port] [-s] [-S #max-socks] [-t directory] [-u user] [-v] [-x cache-file]

-
DESCRIPTION

+
DESCRIPTION

 
named
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-4

 

@@ -234,7 +234,7 @@
 

 

-
SIGNALS

+
SIGNALS

 

       In routine operation, signals should not be used to control
       the nameserver; rndc should be used
@@ -255,7 +255,7 @@
     

 

-
CONFIGURATION

+
CONFIGURATION

 

       The named configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -264,7 +264,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/named.conf

 

@@ -277,7 +277,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC 1033,
       RFC 1034,
       RFC 1035,
@@ -290,7 +290,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 5eb12964db..c4d6b4d8d0 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
@@ -50,7 +50,7 @@
 
nsupdate  [-d] [[-y [hmac:]keyname:secret] |  [-k keyfile]] [-t timeout] [-u udptimeout] [-r udpretries] [-R randomdev] [-v] [filename]

-
DESCRIPTION

+
DESCRIPTION

 
nsupdate
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -182,7 +182,7 @@
     

 

-
INPUT FORMAT

+
INPUT FORMAT

 
nsupdate
       reads input from
       filename
@@ -431,7 +431,7 @@
     

 

-
EXAMPLES

+
EXAMPLES

 

       The examples below show how
       nsupdate
@@ -485,7 +485,7 @@
     

 

-
FILES

+
FILES

 

 
/etc/resolv.conf

 

@@ -504,7 +504,7 @@
 

 

-
SEE ALSO

+
SEE ALSO

 
RFC2136,
       RFC3007,
       RFC2104,
@@ -517,7 +517,7 @@
     

 

-
BUGS

+
BUGS

 

       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index f3c9c9bb14..4094fc285f 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
 
 
 
@@ -48,7 +48,7 @@
 
rndc-confgen  [-a] [-b keysize] [-c keyfile] [-h] [-k keyname] [-p port] [-r randomfile] [-s address] [-t chrootdir] [-u user]

 

-
DESCRIPTION

+
DESCRIPTION

 
rndc-confgen
       generates configuration files
       for rndc.  It can be used as a
@@ -64,7 +64,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-a

 

@@ -171,7 +171,7 @@
 

 

-
EXAMPLES

+
EXAMPLES

 

       To allow rndc to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc.conf(5),
       named(8),
@@ -196,7 +196,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 6c8b7b102c..0b7983853c 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
rndc.conf 

-
DESCRIPTION

+
DESCRIPTION

 
rndc.conf is the configuration file
       for rndc, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     

 

-
EXAMPLE

+
EXAMPLE

 
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     

 

-
NAME SERVER CONFIGURATION

+
NAME SERVER CONFIGURATION

 

       The name server must be configured to accept rndc connections and
       to recognize the key specified in the rndc.conf
@@ -219,7 +219,7 @@
     

 

-
SEE ALSO

+
SEE ALSO

 
rndc(8),
       rndc-confgen(8),
       mmencode(1),
@@ -227,7 +227,7 @@
     

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 

diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 0e4de77b9b..ed7cb334bb 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
+
@@ -50,7 +50,7 @@
 
rndc  [-b source-address] [-c config-file] [-k key-file] [-s server] [-p port] [-V] [-y key_id] {command}

-
DESCRIPTION

+
DESCRIPTION

 
rndc
       controls the operation of a name
       server.  It supersedes the ndc utility
@@ -79,7 +79,7 @@
     

 

-
OPTIONS

+
OPTIONS

 

 
-b source-address

 

@@ -151,7 +151,7 @@
     

 

 

-
LIMITATIONS

+
LIMITATIONS

 
rndc
       does not yet support all the commands of
       the BIND 8 ndc utility.
@@ -165,7 +165,7 @@
     

 

 

-
SEE ALSO

+
SEE ALSO

 
rndc.conf(5),
       rndc-confgen(8),
       named(8),
@@ -175,7 +175,7 @@
     

 

 

-
AUTHOR

+
AUTHOR

 
Internet Systems Consortium
     

 


From a45f57a2d5fa5a4cb50c4232c09dd7676a256599 Mon Sep 17 00:00:00 2001
From: Evan Hunt 
Date: Fri, 22 Aug 2008 04:16:17 +0000
Subject: [PATCH 122/135] RTT banding. [rt18441]

---
 CHANGES            |  12 +++-
 lib/dns/resolver.c | 137 +++++++++++++++++++++++++++++++++------------
 2 files changed, 112 insertions(+), 37 deletions(-)

diff --git a/CHANGES b/CHANGES
index bc58180f8f..dbdc79457e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,11 +1,19 @@
-2421.	[bug]		Handle the special return value of a empty node as
+2423.   [security]      Randomize server selection on queries, so as to
+                        make forgery a little more difficult.  Instead of
+                        always preferring the server with the lowest RTT,
+                        pick a server with RTT within the same 128
+                        millisecond band.  [RT #18441]
+
+2422.	[bug]		Handle the special return value of a empty node as
 			if it was a NXRRSET in the validator. [RT #18447]
 
-2420.	[func]		Add new command line option '-S' for named to specify
+2421.	[func]		Add new command line option '-S' for named to specify
 			the max number of sockets. [RT #18493]
 			Use caution: this option may not work for some
 			operating systems without rebuilding named.
 
+2420.   [placeholder]
+
 2419.	[cleanup]	Document that isc_socket_create() and isc_socket_open()
 			should not be used for isc_sockettype_fdwatch sockets.
 			[RT #18521]
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index c99f845f94..c305b000c3 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.376 2008/08/06 06:11:15 marka Exp $ */
+/* $Id: resolver.c,v 1.377 2008/08/22 04:16:17 each Exp $ */
 
 /*! \file */
 
@@ -239,6 +239,12 @@ struct fetchctx {
 	 * response to a query.
 	 */
 	const char *			reason;
+
+	/*%
+	 * Random numbers to use for mixing up server addresses.
+	 */
+	isc_uint32_t                    rand_buf;
+	isc_uint32_t                    rand_bits;
 };
 
 #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
@@ -362,10 +368,13 @@ struct dns_resolver {
  */
 #define FCTX_ADDRINFO_MARK              0x0001
 #define FCTX_ADDRINFO_FORWARDER         0x1000
+#define FCTX_ADDRINFO_TRIED             0x2000
 #define UNMARKED(a)                     (((a)->flags & FCTX_ADDRINFO_MARK) \
 					 == 0)
 #define ISFORWARDER(a)                  (((a)->flags & \
 					 FCTX_ADDRINFO_FORWARDER) != 0)
+#define TRIED(a)                        (((a)->flags & \
+					 FCTX_ADDRINFO_TRIED) != 0)
 
 #define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
 
@@ -626,6 +635,12 @@ fctx_cancelquery(resquery_t **queryp, dns_dispatchevent_t **deventp,
 		dns_adb_adjustsrtt(fctx->adb, query->addrinfo, rtt, factor);
 	}
 
+	/* Remember that the server has been tried. */
+	if (!TRIED(query->addrinfo)) {
+		dns_adb_changeflags(fctx->adb, query->addrinfo,
+				    FCTX_ADDRINFO_TRIED, FCTX_ADDRINFO_TRIED);
+	}
+
 	/*
 	 * Age RTTs of servers not tried.
 	 */
@@ -2061,15 +2076,79 @@ add_bad(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, isc_result_t reason) {
 		      namebuf, typebuf, classbuf, addrbuf);
 }
 
+/*
+ * Return 'bits' bits of random entropy from fctx->rand_buf,
+ * refreshing it by calling isc_random_get() whenever the requested
+ * number of bits is greater than the number in the buffer.
+ */
+static inline isc_uint32_t
+random_bits(fetchctx_t *fctx, isc_uint32_t bits) {
+	isc_uint32_t ret = 0;
+
+	REQUIRE(VALID_FCTX(fctx));
+	REQUIRE(bits <= 32);
+	if (bits == 0)
+		return (0);
+
+	if (bits >= fctx->rand_bits) {
+		/* if rand_bits == 0, this is unnecessary but harmless */
+		bits -= fctx->rand_bits;
+		ret = fctx->rand_buf << bits;
+
+		/* refresh random buffer now */
+		isc_random_get(&fctx->rand_buf);
+		fctx->rand_bits = sizeof(fctx->rand_buf) * CHAR_BIT;
+	}
+
+	if (bits > 0) {
+		isc_uint32_t mask = 0xffffffff;
+		if (bits < 32) {
+			mask = (1 << bits) - 1;
+		}
+
+		ret |= fctx->rand_buf & mask;
+		fctx->rand_buf >>= bits;
+		fctx->rand_bits -= bits;
+	}
+
+	return (ret);
+}
+
+/*
+ * Add some random jitter to a server's RTT value so that the
+ * order of queries will be unpredictable.
+ * 
+ * RTT values of servers which have been tried are fuzzed by 128 ms.
+ * Servers that haven't been tried yet have their RTT set to a random 
+ * value between 0 ms and 7 ms; they should get to go first, but in
+ * unpredictable order.
+ */
+static inline void
+randomize_srtt(fetchctx_t *fctx, dns_adbaddrinfo_t *ai) {
+	if (TRIED(ai)) {
+		ai->srtt >>= 10; /* convert to milliseconds, near enough */
+		ai->srtt |= (ai->srtt & 0x80) | random_bits(fctx, 7);
+		ai->srtt <<= 10; /* now back to microseconds */
+	} else
+		ai->srtt = random_bits(fctx, 3) << 10;
+}
+
+/*
+ * Sort addrinfo list by RTT (with random jitter)
+ */
 static void
-sort_adbfind(dns_adbfind_t *find) {
+sort_adbfind(fetchctx_t *fctx, dns_adbfind_t *find) {
 	dns_adbaddrinfo_t *best, *curr;
 	dns_adbaddrinfolist_t sorted;
 
-	/*
-	 * Lame N^2 bubble sort.
-	 */
+	/* Add jitter to SRTT values */
+	curr = ISC_LIST_HEAD(find->list);
+	while (curr != NULL) {
+		randomize_srtt(fctx, curr);
+		curr = ISC_LIST_NEXT(curr, publink);
+	}
 
+	/* Lame N^2 bubble sort. */
 	ISC_LIST_INIT(sorted);
 	while (!ISC_LIST_EMPTY(find->list)) {
 		best = ISC_LIST_HEAD(find->list);
@@ -2085,19 +2164,25 @@ sort_adbfind(dns_adbfind_t *find) {
 	find->list = sorted;
 }
 
+/*
+ * Sort a list of finds by server RTT (with random jitter)
+ */
 static void
-sort_finds(fetchctx_t *fctx) {
+sort_finds(fetchctx_t *fctx, dns_adbfindlist_t *findlist) {
 	dns_adbfind_t *best, *curr;
 	dns_adbfindlist_t sorted;
 	dns_adbaddrinfo_t *addrinfo, *bestaddrinfo;
 
-	/*
-	 * Lame N^2 bubble sort.
-	 */
+	/* Sort each find's addrinfo list by SRTT (after adding jitter) */
+	for (curr = ISC_LIST_HEAD(*findlist);
+	     curr != NULL;
+	     curr = ISC_LIST_NEXT(curr, publink))
+		sort_adbfind(fctx, curr);
 
+	/* Lame N^2 bubble sort. */
 	ISC_LIST_INIT(sorted);
-	while (!ISC_LIST_EMPTY(fctx->finds)) {
-		best = ISC_LIST_HEAD(fctx->finds);
+	while (!ISC_LIST_EMPTY(*findlist)) {
+		best = ISC_LIST_HEAD(*findlist);
 		bestaddrinfo = ISC_LIST_HEAD(best->list);
 		INSIST(bestaddrinfo != NULL);
 		curr = ISC_LIST_NEXT(best, publink);
@@ -2110,30 +2195,10 @@ sort_finds(fetchctx_t *fctx) {
 			}
 			curr = ISC_LIST_NEXT(curr, publink);
 		}
-		ISC_LIST_UNLINK(fctx->finds, best, publink);
+		ISC_LIST_UNLINK(*findlist, best, publink);
 		ISC_LIST_APPEND(sorted, best, publink);
 	}
-	fctx->finds = sorted;
-
-	ISC_LIST_INIT(sorted);
-	while (!ISC_LIST_EMPTY(fctx->altfinds)) {
-		best = ISC_LIST_HEAD(fctx->altfinds);
-		bestaddrinfo = ISC_LIST_HEAD(best->list);
-		INSIST(bestaddrinfo != NULL);
-		curr = ISC_LIST_NEXT(best, publink);
-		while (curr != NULL) {
-			addrinfo = ISC_LIST_HEAD(curr->list);
-			INSIST(addrinfo != NULL);
-			if (addrinfo->srtt < bestaddrinfo->srtt) {
-				best = curr;
-				bestaddrinfo = addrinfo;
-			}
-			curr = ISC_LIST_NEXT(curr, publink);
-		}
-		ISC_LIST_UNLINK(fctx->altfinds, best, publink);
-		ISC_LIST_APPEND(sorted, best, publink);
-	}
-	fctx->altfinds = sorted;
+	*findlist = sorted;
 }
 
 static void
@@ -2184,7 +2249,6 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 		 * name.
 		 */
 		INSIST((find->options & DNS_ADBFIND_WANTEVENT) == 0);
-		sort_adbfind(find);
 		if (flags != 0 || port != 0) {
 			for (ai = ISC_LIST_HEAD(find->list);
 			     ai != NULL;
@@ -2453,7 +2517,8 @@ fctx_getaddresses(fetchctx_t *fctx) {
 		 * We've found some addresses.  We might still be looking
 		 * for more addresses.
 		 */
-		sort_finds(fctx);
+		sort_finds(fctx, &fctx->finds);
+		sort_finds(fctx, &fctx->altfinds);
 		result = ISC_R_SUCCESS;
 	}
 
@@ -3152,6 +3217,8 @@ fctx_create(dns_resolver_t *res, dns_name_t *name, dns_rdatatype_t type,
 	fctx->spilled = ISC_FALSE;
 	fctx->nqueries = 0;
 	fctx->reason = NULL;
+	fctx->rand_buf = 0;
+	fctx->rand_bits = 0;
 
 	dns_name_init(&fctx->nsname, NULL);
 	fctx->nsfetch = NULL;

From a0fb749d0ba0cf5058a34c3763337048543fbc24 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 22 Aug 2008 05:00:29 +0000
Subject: [PATCH 123/135] adjust log message added by change 2409. [RT #18497]

---
 lib/dns/resolver.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index c305b000c3..ba229a8b94 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.377 2008/08/22 04:16:17 each Exp $ */
+/* $Id: resolver.c,v 1.378 2008/08/22 05:00:29 marka Exp $ */
 
 /*! \file */
 
@@ -1585,7 +1585,8 @@ resquery_send(resquery_t *query) {
 		    fctx->timeouts >= MAX_EDNS0_TIMEOUTS) &&
 		   (query->options & DNS_FETCHOPT_NOEDNS0) == 0) {
 		query->options |= DNS_FETCHOPT_EDNS512;
-		fctx->reason = "reducing UDP packet size to 512";
+		fctx->reason = "reducing the advertised EDNS UDP packet "
+			       "size to 512 octets";
 	}
 
 	if ((query->options & DNS_FETCHOPT_NOEDNS0) == 0) {

From a7485cd61ddf576e874aee49497943c274479c95 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 22 Aug 2008 05:57:53 +0000
Subject: [PATCH 124/135] silence compiler warning

---
 lib/isc/timer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/isc/timer.c b/lib/isc/timer.c
index 7e81d8ff18..ca487cde35 100644
--- a/lib/isc/timer.c
+++ b/lib/isc/timer.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: timer.c,v 1.83 2008/06/23 23:47:11 tbox Exp $ */
+/* $Id: timer.c,v 1.84 2008/08/22 05:57:53 marka Exp $ */
 
 /*! \file */
 
@@ -660,7 +660,7 @@ dispatch(isc_timermgr_t *manager, isc_time_t *now) {
 				if (event != NULL) {
 					event->due = timer->due;
 					isc_task_send(timer->task,
-						      (isc_event_t **)&event);
+						      ISC_EVENT_PTR(&event));
 				} else
 					UNEXPECTED_ERROR(__FILE__, __LINE__,
 						 isc_msgcat_get(isc_msgcat,

From 3dfa202e4fea6b985bcf8761e2d11c176baa40d1 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 22 Aug 2008 13:17:56 +0000
Subject: [PATCH 125/135] 2424.   [port]          configure now probes for a
 working epoll                         implementation.  Allow the use of
 kqueue,                         epoll and /dev/poll to be selected at compile
                         time. [RT #18277]

---
 CHANGES      |   5 ++
 configure    | 212 +++++++++++++++++++++++++++------------------------
 configure.in |  61 +++++++++++----
 3 files changed, 165 insertions(+), 113 deletions(-)

diff --git a/CHANGES b/CHANGES
index dbdc79457e..6041858e68 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+2424.	[port]		configure now probes for a working epoll
+			implementation.  Allow the use of kqueue,
+			epoll and /dev/poll to be selected at compile
+			time. [RT #18277]
+			
 2423.   [security]      Randomize server selection on queries, so as to
                         make forgery a little more difficult.  Instead of
                         always preferring the server with the lowest RTT,
diff --git a/configure b/configure
index da6b6385e2..4091dbe51a 100755
--- a/configure
+++ b/configure
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 #
-# $Id: configure,v 1.432 2008/08/05 07:05:47 marka Exp $
+# $Id: configure,v 1.433 2008/08/22 13:17:56 marka Exp $
 #
 # Portions Copyright (C) 1996-2001  Nominum, Inc.
 #
@@ -29,7 +29,7 @@
 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-# From configure.in Revision: 1.446 .
+# From configure.in Revision: 1.447 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61.
 #
@@ -1625,6 +1625,9 @@ if test -n "$ac_init_help"; then
 Optional Features:
   --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-kqueue         use BSD kqueue when available [default=yes]
+  --enable-epoll          use Linux epoll when available [default=yes]
+  --enable-devpoll        use /dev/poll when available [default=yes]
   --enable-openssl-version-check
                           Check OpenSSL Version [default=yes]
   --enable-threads	enable multithreading
@@ -5290,7 +5293,16 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 #
 # check if we have kqueue
 #
-{ echo "$as_me:$LINENO: checking for kqueue" >&5
+# Check whether --enable-kqueue was given.
+if test "${enable_kqueue+set}" = set; then
+  enableval=$enable_kqueue; want_kqueue="$enableval"
+else
+  want_kqueue="yes"
+fi
+
+case $want_kqueue in
+yes)
+	{ echo "$as_me:$LINENO: checking for kqueue" >&5
 echo $ECHO_N "checking for kqueue... $ECHO_C" >&6; }
 if test "${ac_cv_func_kqueue+set}" = set; then
   echo $ECHO_N "(cached) $ECHO_C" >&6
@@ -5377,9 +5389,14 @@ else
   ac_cv_have_kqueue=no
 fi
 
-case $ac_cv_have_kqueue in
-yes)
-	ISC_PLATFORM_HAVEKQUEUE="#define ISC_PLATFORM_HAVEKQUEUE 1"
+	case $ac_cv_have_kqueue in
+	yes)
+		ISC_PLATFORM_HAVEKQUEUE="#define ISC_PLATFORM_HAVEKQUEUE 1"
+		;;
+	*)
+		ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
+		;;
+	esac
 	;;
 *)
 	ISC_PLATFORM_HAVEKQUEUE="#undef ISC_PLATFORM_HAVEKQUEUE"
@@ -5388,12 +5405,26 @@ esac
 
 
 #
-# check if we have epoll
+# check if we have epoll.  Linux kernel 2.4 has epoll_create() which fails,
+# so we need to try running the code, not just test its existence.
 #
-{ echo "$as_me:$LINENO: checking for epoll_create" >&5
-echo $ECHO_N "checking for epoll_create... $ECHO_C" >&6; }
-if test "${ac_cv_func_epoll_create+set}" = set; then
-  echo $ECHO_N "(cached) $ECHO_C" >&6
+# Check whether --enable-epoll was given.
+if test "${enable_epoll+set}" = set; then
+  enableval=$enable_epoll; want_epoll="$enableval"
+else
+  want_epoll="yes"
+fi
+
+case $want_epoll in
+yes)
+	{ echo "$as_me:$LINENO: checking epoll support" >&5
+echo $ECHO_N "checking epoll support... $ECHO_C" >&6; }
+	if test "$cross_compiling" = yes; then
+  { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&5
+echo "$as_me: error: cannot run test program while cross compiling
+See \`config.log' for more details." >&2;}
+   { (exit 1); exit 1; }; }
 else
   cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
@@ -5401,85 +5432,52 @@ _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
-/* Define epoll_create to an innocuous variant, in case  declares epoll_create.
-   For example, HP-UX 11i  declares gettimeofday.  */
-#define epoll_create innocuous_epoll_create
 
-/* System header to define __stub macros and hopefully few prototypes,
-    which can conflict with char epoll_create (); below.
-    Prefer  to  if __STDC__ is defined, since
-     exists even on freestanding compilers.  */
-
-#ifdef __STDC__
-# include 
-#else
-# include 
-#endif
-
-#undef epoll_create
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char epoll_create ();
-/* The GNU C library defines this for functions which it implements
-    to always fail with ENOSYS.  Some functions are actually named
-    something starting with __ and the normal name is an alias.  */
-#if defined __stub_epoll_create || defined __stub___epoll_create
-choke me
-#endif
-
-int
-main ()
-{
-return epoll_create ();
-  ;
-  return 0;
+#include 
+int main() {
+	if (epoll_create(1) < 0)
+		return (1);
+	return (0);
 }
+
 _ACEOF
-rm -f conftest.$ac_objext conftest$ac_exeext
+rm -f conftest$ac_exeext
 if { (ac_try="$ac_link"
 case "(($ac_try" in
   *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
   *) ac_try_echo=$ac_try;;
 esac
 eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
-  (eval "$ac_link") 2>conftest.er1
+  (eval "$ac_link") 2>&5
   ac_status=$?
-  grep -v '^ *+' conftest.er1 >conftest.err
-  rm -f conftest.er1
-  cat conftest.err >&5
   echo "$as_me:$LINENO: \$? = $ac_status" >&5
-  (exit $ac_status); } && {
-	 test -z "$ac_c_werror_flag" ||
-	 test ! -s conftest.err
-       } && test -s conftest$ac_exeext &&
-       $as_test_x conftest$ac_exeext; then
-  ac_cv_func_epoll_create=yes
+  (exit $ac_status); } && { ac_try='./conftest$ac_exeext'
+  { (case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); }; }; then
+  { echo "$as_me:$LINENO: result: yes" >&5
+echo "${ECHO_T}yes" >&6; }
+	ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"
 else
-  echo "$as_me: failed program was:" >&5
+  echo "$as_me: program exited with status $ac_status" >&5
+echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_cv_func_epoll_create=no
+( exit $ac_status )
+{ echo "$as_me:$LINENO: result: no" >&5
+echo "${ECHO_T}no" >&6; }
+	ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
 fi
 
-rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
-      conftest$ac_exeext conftest.$ac_ext
-fi
-{ echo "$as_me:$LINENO: result: $ac_cv_func_epoll_create" >&5
-echo "${ECHO_T}$ac_cv_func_epoll_create" >&6; }
-if test $ac_cv_func_epoll_create = yes; then
-  ac_cv_have_epoll=yes
-else
-  ac_cv_have_epoll=no
-fi
 
-case $ac_cv_have_epoll in
-yes)
-	ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"
 	;;
 *)
 	ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
@@ -5490,6 +5488,15 @@ esac
 #
 # check if we support /dev/poll
 #
+# Check whether --enable-devpoll was given.
+if test "${enable_devpoll+set}" = set; then
+  enableval=$enable_devpoll; want_devpoll="$enableval"
+else
+  want_devpoll="yes"
+fi
+
+case $want_devpoll in
+yes)
 
 for ac_header in sys/devpoll.h
 do
@@ -5634,6 +5641,11 @@ fi
 
 done
 
+	;;
+*)
+	ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
+	;;
+esac
 
 
 #
@@ -9975,7 +9987,7 @@ ia64-*-hpux*)
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 9978 "configure"' > conftest.$ac_ext
+  echo '#line 9990 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -12097,11 +12109,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:12100: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:12112: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:12104: \$? = $ac_status" >&5
+   echo "$as_me:12116: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -12340,11 +12352,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:12343: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:12355: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:12347: \$? = $ac_status" >&5
+   echo "$as_me:12359: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -12400,11 +12412,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:12403: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:12415: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:12407: \$? = $ac_status" >&5
+   echo "$as_me:12419: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -14548,7 +14560,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+   (eval echo "\"\$as_me:16854: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:16846: \$? = $ac_status" >&5
+   echo "$as_me:16858: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -16899,11 +16911,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:16902: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:16914: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:16906: \$? = $ac_status" >&5
+   echo "$as_me:16918: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -18227,7 +18239,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <&5)
+   (eval echo "\"\$as_me:19177: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:19169: \$? = $ac_status" >&5
+   echo "$as_me:19181: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -19222,11 +19234,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:19225: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:19237: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:19229: \$? = $ac_status" >&5
+   echo "$as_me:19241: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -21256,11 +21268,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:21259: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:21271: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:21263: \$? = $ac_status" >&5
+   echo "$as_me:21275: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -21499,11 +21511,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:21502: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:21514: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:21506: \$? = $ac_status" >&5
+   echo "$as_me:21518: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings
@@ -21559,11 +21571,11 @@ else
    -e 's:.*FLAGS}? :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:21562: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:21574: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:21566: \$? = $ac_status" >&5
+   echo "$as_me:21578: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -23707,7 +23719,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext < conftest.$ac_ext <
+int main() {
+	if (epoll_create(1) < 0)
+		return (1);
+	return (0);
+}
+],
+	[AC_MSG_RESULT(yes)
+	ISC_PLATFORM_HAVEEPOLL="#define ISC_PLATFORM_HAVEEPOLL 1"],
+	[AC_MSG_RESULT(no)
+	ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"])
 	;;
 *)
 	ISC_PLATFORM_HAVEEPOLL="#undef ISC_PLATFORM_HAVEEPOLL"
@@ -348,11 +373,21 @@ AC_SUBST(ISC_PLATFORM_HAVEEPOLL)
 #
 # check if we support /dev/poll
 #
-AC_CHECK_HEADERS(sys/devpoll.h,
-ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1"
-,
-ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
-)
+AC_ARG_ENABLE(devpoll,
+	[  --enable-devpoll        use /dev/poll when available [[default=yes]]],
+	      want_devpoll="$enableval",  want_devpoll="yes")
+case $want_devpoll in
+yes)
+	AC_CHECK_HEADERS(sys/devpoll.h,
+	ISC_PLATFORM_HAVEDEVPOLL="#define ISC_PLATFORM_HAVEDEVPOLL 1"
+	,
+	ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
+	)
+	;;
+*)
+	ISC_PLATFORM_HAVEDEVPOLL="#undef ISC_PLATFORM_HAVEDEVPOLL"
+	;;
+esac
 AC_SUBST(ISC_PLATFORM_HAVEDEVPOLL)
 
 #

From e6a6d0778cfa9ea83a6ae0c37f50d5cd8bb111f7 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Fri, 22 Aug 2008 23:47:17 +0000
Subject: [PATCH 126/135] update copyright notice

---
 lib/dns/resolver.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index ba229a8b94..30465ecb67 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.378 2008/08/22 05:00:29 marka Exp $ */
+/* $Id: resolver.c,v 1.379 2008/08/22 23:47:17 tbox Exp $ */
 
 /*! \file */
 
@@ -2118,9 +2118,9 @@ random_bits(fetchctx_t *fctx, isc_uint32_t bits) {
 /*
  * Add some random jitter to a server's RTT value so that the
  * order of queries will be unpredictable.
- * 
+ *
  * RTT values of servers which have been tried are fuzzed by 128 ms.
- * Servers that haven't been tried yet have their RTT set to a random 
+ * Servers that haven't been tried yet have their RTT set to a random
  * value between 0 ms and 7 ms; they should get to go first, but in
  * unpredictable order.
  */

From ebacb7908afe3d62fe341f7ef9efed63d0c651a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tatuya=20JINMEI=20=E7=A5=9E=E6=98=8E=E9=81=94=E5=93=89?=
 
Date: Tue, 26 Aug 2008 02:04:20 +0000
Subject: [PATCH 127/135] 2425.	[bug]		named didn't detect
 unavailable query source addresses 			at load time. [RT
 #18536]

---
 CHANGES            |  3 +++
 lib/dns/dispatch.c | 19 ++++++++++++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 6041858e68..63d898e1cb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2425.	[bug]		named didn't detect unavailable query source addresses
+			at load time. [RT #18536]
+
 2424.	[port]		configure now probes for a working epoll
 			implementation.  Allow the use of kqueue,
 			epoll and /dev/poll to be selected at compile
diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
index dd17d3524e..cfe6cdef7b 100644
--- a/lib/dns/dispatch.c
+++ b/lib/dns/dispatch.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dispatch.c,v 1.152 2008/08/15 17:47:18 jinmei Exp $ */
+/* $Id: dispatch.c,v 1.153 2008/08/26 02:04:20 jinmei Exp $ */
 
 /*! \file */
 
@@ -2654,6 +2654,23 @@ dispatch_createudp(dns_dispatchmgr_t *mgr, isc_socketmgr_t *sockmgr,
 				       0xffffU);
 		if (result != ISC_R_SUCCESS)
 			goto deallocate_dispatch;
+	} else {
+		isc_sockaddr_t sa_any;
+
+		/*
+		 * For dispatches using exclusive sockets with a specific
+		 * source address, we only check if the specified address is
+		 * available on the system.  Query sockets will be created later
+		 * on demand.
+		 */
+		isc_sockaddr_anyofpf(&sa_any, isc_sockaddr_pf(localaddr));
+		if (!isc_sockaddr_eqaddr(&sa_any, localaddr)) {
+			result = open_socket(sockmgr, localaddr, 0, &sock);
+			if (sock != NULL)
+				isc_socket_detach(&sock);
+			if (result != ISC_R_SUCCESS)
+				goto deallocate_dispatch;
+		}
 	}
 	disp->socktype = isc_sockettype_udp;
 	disp->socket = sock;

From 5e3f390f057801d245680b07dc2b2d64939183d4 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 26 Aug 2008 03:53:04 +0000
Subject: [PATCH 128/135] 2426.   [bug]           libbind: inet_net_pton() can
 sometimes return the                         wrong value if excessively large
 netmasks are                         supplied. [RT #18512]

---
 CHANGES                       | 4 ++++
 lib/bind/inet/inet_net_pton.c | 6 +++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 63d898e1cb..c0a40085ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+2426.	[bug]		libbind: inet_net_pton() can sometimes return the
+			wrong value if excessively large netmasks are
+			supplied. [RT #18512]
+
 2425.	[bug]		named didn't detect unavailable query source addresses
 			at load time. [RT #18536]
 
diff --git a/lib/bind/inet/inet_net_pton.c b/lib/bind/inet/inet_net_pton.c
index 154ff65275..0970a937ec 100644
--- a/lib/bind/inet/inet_net_pton.c
+++ b/lib/bind/inet/inet_net_pton.c
@@ -16,7 +16,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$Id: inet_net_pton.c,v 1.8 2005/04/27 04:56:20 sra Exp $";
+static const char rcsid[] = "$Id: inet_net_pton.c,v 1.9 2008/08/26 03:53:04 marka Exp $";
 #endif
 
 #include "port_before.h"
@@ -133,11 +133,11 @@ inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) {
 			INSIST(n >= 0 && n <= 9);
 			bits *= 10;
 			bits += n;
+			if (bits > 32)
+				goto enoent;
 		} while ((ch = *src++) != '\0' && isascii(ch) && isdigit(ch));
 		if (ch != '\0')
 			goto enoent;
-		if (bits > 32)
-			goto emsgsize;
 	}
 
 	/* Firey death and destruction unless we prefetched EOS. */

From 1e0209137159d4e16e4459cc8e804d657aad1af1 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 26 Aug 2008 06:09:18 +0000
Subject: [PATCH 129/135] 2427.   [func]          Treat DNSKEY queries as if
 "minimal-response yes;"                         was set. [RT #18528]

---
 CHANGES           | 3 +++
 bin/named/query.c | 9 ++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index c0a40085ed..36ee0d9b86 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2427.	[func]		Treat DNSKEY queries as if "minimal-response yes;"
+			was set. [RT #18528]
+
 2426.	[bug]		libbind: inet_net_pton() can sometimes return the
 			wrong value if excessively large netmasks are
 			supplied. [RT #18512]
diff --git a/bin/named/query.c b/bin/named/query.c
index ccd4a036fb..1f1b052f2c 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.307 2008/04/29 00:54:28 marka Exp $ */
+/* $Id: query.c,v 1.308 2008/08/26 06:09:18 marka Exp $ */
 
 /*! \file */
 
@@ -4609,6 +4609,13 @@ ns_query_start(ns_client_t *client) {
 		}
 	}
 
+	/*
+	 * Turn on minimal response for DNSKEY queries.
+	 */
+	if (qtype == dns_rdatatype_dnskey)
+		client->query.attributes |= (NS_QUERYATTR_NOAUTHORITY |
+					     NS_QUERYATTR_NOADDITIONAL);
+
 	/*
 	 * If the client has requested that DNSSEC checking be disabled,
 	 * allow lookups to return pending data and instruct the resolver

From abfc643b4024709560781351c50416f190c94095 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Tue, 26 Aug 2008 14:55:37 +0000
Subject: [PATCH 130/135] missing pair of '[]'. [RT#18422]

---
 lib/bind/configure    | 2 +-
 lib/bind/configure.in | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/bind/configure b/lib/bind/configure
index 077268f677..88ac3a14dd 100644
--- a/lib/bind/configure
+++ b/lib/bind/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# From configure.in Revision: 1.135 .
+# From configure.in Revision: 1.137 .
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.61.
 #
diff --git a/lib/bind/configure.in b/lib/bind/configure.in
index 616a19abd3..7d17f8afde 100644
--- a/lib/bind/configure.in
+++ b/lib/bind/configure.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-AC_REVISION($Revision: 1.136 $)
+AC_REVISION($Revision: 1.137 $)
 
 AC_INIT(resolv/herror.c)
 AC_PREREQ(2.13)
@@ -2778,7 +2778,7 @@ case "$host" in
 	*-solaris2.9)
 		hack_shutup_in6addr_init_macros=yes
 		;;
-	*-solaris2.1[0-9])
+	*-solaris2.1[[0-9]])
 		hack_shutup_in6addr_init_macros=yes
 		;;
 esac

From 6d7d20116e41ad1a486d779cc3979ee308185822 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Tue, 26 Aug 2008 23:30:26 +0000
Subject: [PATCH 131/135] newcopyrights

---
 util/copyrights | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/copyrights b/util/copyrights
index a6a69ac09e..ad9e83a1df 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1398,7 +1398,7 @@
 ./lib/bind/inet/inet_lnaof.c			X	2001,2005
 ./lib/bind/inet/inet_makeaddr.c			X	2001,2004,2005
 ./lib/bind/inet/inet_net_ntop.c			X	2001,2004,2005,2006
-./lib/bind/inet/inet_net_pton.c			X	2001,2004,2005
+./lib/bind/inet/inet_net_pton.c			X	2001,2004,2005,2008
 ./lib/bind/inet/inet_neta.c			X	2001,2004,2005
 ./lib/bind/inet/inet_netof.c			X	2001,2005
 ./lib/bind/inet/inet_network.c			X	2001,2004,2005,2008

From 8c1602bd243ac85615ba2599ad514554e9b87c93 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 27 Aug 2008 02:34:48 +0000
Subject: [PATCH 132/135] Q: I want to use IPv6 locally but I don't have a
 external IPv6 connection.    External lookups are slow.

---
 FAQ.xml | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/FAQ.xml b/FAQ.xml
index 2fe6d29df1..b944487b23 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
 

   Frequently Asked Questions about BIND 9
@@ -391,6 +391,11 @@ named-checkzone example.com tmp
 	  of input where 99 is the last line of named.conf.
 	
       
+      
+	
+	  There are unbalanced quotes in named.conf.
+	
+      
       
 	
 	  Some text editors (notepad and wordpad) fail to put a line
@@ -661,6 +666,25 @@ zone "list.dsbl.org" {
 	
       
     
+
+    
+      
+	
+	  I want to use IPv6 locally but I don't have a external IPv6
+	  connection.  External lookups are slow.
+	
+      
+      
+	
+	  You can use server clauses to stop named making external lookups
+	  over IPv6.
+	
+        
+server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
+server ::/0 { bogus yes; };
+
+      
+    
     
      
     

From c6a1797aff73b707b4b7a71fdaa303136953d2a3 Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Wed, 27 Aug 2008 04:44:18 +0000
Subject: [PATCH 133/135] 2428.   [bug]           dns_iptable_merge()
 mishandled merges of negative                         tables. [RT #18409]

---
 CHANGES           | 3 +++
 lib/dns/iptable.c | 9 +++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 36ee0d9b86..ece09ed6e1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2428.	[bug]		dns_iptable_merge() mishandled merges of negative
+			tables. [RT #18409]
+
 2427.	[func]		Treat DNSKEY queries as if "minimal-response yes;"
 			was set. [RT #18528]
 
diff --git a/lib/dns/iptable.c b/lib/dns/iptable.c
index 4823bccc23..80587689ff 100644
--- a/lib/dns/iptable.c
+++ b/lib/dns/iptable.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: iptable.c,v 1.9 2008/01/21 20:38:54 each Exp $ */
+/* $Id: iptable.c,v 1.10 2008/08/27 04:44:18 marka Exp $ */
 
 #include 
 #include 
@@ -62,7 +62,7 @@ dns_iptable_addprefix(dns_iptable_t *tab, isc_netaddr_t *addr,
 {
 	isc_result_t result;
 	isc_prefix_t pfx;
-	isc_radix_node_t *node;
+	isc_radix_node_t *node = NULL;
 	int family;
 
 	INSIST(DNS_IPTABLE_VALID(tab));
@@ -100,6 +100,7 @@ dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, isc_boolean_t pos)
 	int max_node = 0;
 
 	RADIX_WALK (source->radix->head, node) {
+		new_node = NULL;
 		result = isc_radix_insert (tab->radix, &new_node, node, NULL);
 
 		if (result != ISC_R_SUCCESS)
@@ -117,14 +118,10 @@ dns_iptable_merge(dns_iptable_t *tab, dns_iptable_t *source, isc_boolean_t pos)
 			if (node->data[0] &&
 			    *(isc_boolean_t *) node->data[0] == ISC_TRUE)
 				new_node->data[0] = &dns_iptable_neg;
-			else
-				new_node->data[0] = node->data[0];
 
 			if (node->data[1] &&
 			    *(isc_boolean_t *) node->data[1] == ISC_TRUE)
 				new_node->data[1] = &dns_iptable_neg;
-			else
-				new_node->data[1] = node->data[0];
 		}
 
 		if (node->node_num[0] > max_node)

From 8fedc9e968a4bac416540ea077522a5f95b41a89 Mon Sep 17 00:00:00 2001
From: Automatic Updater 
Date: Thu, 28 Aug 2008 01:12:23 +0000
Subject: [PATCH 134/135] regen

---
 FAQ | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/FAQ b/FAQ
index 2e93100737..62a997cf09 100644
--- a/FAQ
+++ b/FAQ
@@ -205,6 +205,8 @@ A: These indicate a malformed master zone. You can identify the exact
 Q: I get error messages like "named.conf:99: unexpected end of input"
    where 99 is the last line of named.conf.
 
+A: There are unbalanced quotes in named.conf.
+
 A: Some text editors (notepad and wordpad) fail to put a line title
    indication (e.g. CR/LF) on the last line of a text file. This can be
    fixed by "adding" a blank line to the end of the file. Named expects to
@@ -375,6 +377,15 @@ A: When reloading a zone named my have multiple copies of the zone in
    other errors in the master file as it still has an in-core copy of the
    old contents.
 
+Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
+   External lookups are slow.
+
+A: You can use server clauses to stop named making external lookups over
+   IPv6.
+
+   server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
+   server ::/0 { bogus yes; };
+
 3. Operations Questions
 
 Q: How to change the nameservers for a zone?

From a8f6b2aa46f882c7c680b7bdab1dfb78a76787ea Mon Sep 17 00:00:00 2001
From: Mark Andrews 
Date: Fri, 29 Aug 2008 03:16:14 +0000
Subject: [PATCH 135/135] 2429.   [doc]           nsupdate should be in section
 1 of the man pages.                         [RT #18283]

---
 CHANGES                       |   3 +
 bin/nsupdate/Makefile.in      |   8 +-
 bin/nsupdate/nsupdate.1       | 547 ++++++++++++++++++++++++++++++++++
 bin/nsupdate/nsupdate.8       | 358 ----------------------
 bin/nsupdate/nsupdate.docbook |   4 +-
 5 files changed, 556 insertions(+), 364 deletions(-)
 create mode 100644 bin/nsupdate/nsupdate.1
 delete mode 100644 bin/nsupdate/nsupdate.8

diff --git a/CHANGES b/CHANGES
index ece09ed6e1..38fa2414ec 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2429.	[doc]		nsupdate should be in section 1 of the man pages.
+			[RT #18283]
+
 2428.	[bug]		dns_iptable_merge() mishandled merges of negative
 			tables. [RT #18409]
 
diff --git a/bin/nsupdate/Makefile.in b/bin/nsupdate/Makefile.in
index aa55fb49eb..9740bfdc72 100644
--- a/bin/nsupdate/Makefile.in
+++ b/bin/nsupdate/Makefile.in
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.27 2007/06/19 23:46:59 tbox Exp $
+# $Id: Makefile.in,v 1.28 2008/08/29 03:16:14 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -55,7 +55,7 @@ UOBJS =
 
 SRCS =		nsupdate.c
 
-MANPAGES =	nsupdate.8
+MANPAGES =	nsupdate.1
 
 HTMLPAGES =	nsupdate.html
 
@@ -76,8 +76,8 @@ clean distclean::
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
 install:: nsupdate@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nsupdate@EXEEXT@ ${DESTDIR}${bindir}
-	${INSTALL_DATA} ${srcdir}/nsupdate.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/nsupdate.1 ${DESTDIR}${mandir}/man1
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
new file mode 100644
index 0000000000..1a581ba276
--- /dev/null
+++ b/bin/nsupdate/nsupdate.1
@@ -0,0 +1,547 @@
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: nsupdate.1,v 1.1 2008/08/29 03:16:14 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: nsupdate
+.\"    Author: [FIXME: author] [see http://docbook.sf.net/el/author]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 
+.\"      Date: Jun 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"  Language: English
+.\"
+.TH "NSUPDATE" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+nsupdate \- Dynamic DNS update utility
+.SH "Synopsis"
+.HP 9
+\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
+.SH "DESCRIPTION"
+.PP
+\fBnsupdate\fR
+is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server\&. This allows resource records to be added or removed from a zone without manually editing the zone file\&. A single update request can contain requests to add or remove more than one resource record\&.
+.PP
+Zones that are under dynamic control via
+\fBnsupdate\fR
+or a DHCP server should not be edited by hand\&. Manual edits could conflict with dynamic updates and cause data to be lost\&.
+.PP
+The resource records that are dynamically added or removed with
+\fBnsupdate\fR
+have to be in the same zone\&. Requests are sent to the zone\'s master server\&. This is identified by the MNAME field of the zone\'s SOA record\&.
+.PP
+The
+\fB\-d\fR
+option makes
+\fBnsupdate\fR
+operate in debug mode\&. This provides tracing information about the update requests that are made and the replies received from the name server\&.
+.PP
+Transaction signatures can be used to authenticate the Dynamic DNS updates\&. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931\&. TSIG relies on a shared secret that should only be known to
+\fBnsupdate\fR
+and the name server\&. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104\&. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other\&. For instance, suitable
+\fBkey\fR
+and
+\fBserver\fR
+statements would be added to
+\FC/etc/named\&.conf\F[]
+so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication\&. SIG(0) uses public key cryptography\&. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server\&.
+\fBnsupdate\fR
+does not read
+\FC/etc/named\&.conf\F[]\&.
+.PP
+\fBnsupdate\fR
+uses the
+\fB\-y\fR
+or
+\fB\-k\fR
+option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5\&. These options are mutually exclusive\&. With the
+\fB\-k\fR
+option,
+\fBnsupdate\fR
+reads the shared secret from the file
+\fIkeyfile\fR, whose name is of the form
+\FCK{name}\&.+157\&.+{random}\&.private\F[]\&. For historical reasons, the file
+\FCK{name}\&.+157\&.+{random}\&.key\F[]
+must also be present\&. When the
+\fB\-y\fR
+option is used, a signature is generated from
+[\fIhmac:\fR]\fIkeyname:secret\&.\fR
+\fIkeyname\fR
+is the name of the key, and
+\fIsecret\fR
+is the base64 encoded shared secret\&. Use of the
+\fB\-y\fR
+option is discouraged because the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from
+\fBps\fR(1)
+or in a history file maintained by the user\'s shell\&.
+.PP
+The
+\fB\-k\fR
+may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests\&. In this case, the key specified is not an HMAC\-MD5 key\&.
+.PP
+By default
+\fBnsupdate\fR
+uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used\&. The
+\fB\-v\fR
+option makes
+\fBnsupdate\fR
+use a TCP connection\&. This may be preferable when a batch of update requests is made\&.
+.PP
+The
+\fB\-t\fR
+option sets the maximum time an update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&.
+.PP
+The
+\fB\-u\fR
+option sets the UDP retry interval\&. The default is 3 seconds\&. If zero, the interval will be computed from the timeout interval and number of UDP retries\&.
+.PP
+The
+\fB\-r\fR
+option sets the number of UDP retries\&. The default is 3\&. If zero, only one update request will be made\&.
+.PP
+The
+\fB\-R \fR\fB\fIrandomdev\fR\fR
+option specifies a source of randomness\&. If the operating system does not provide a
+\FC/dev/random\F[]
+or equivalent device, the default source of randomness is keyboard input\&.
+\FCrandomdev\F[]
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+\FCkeyboard\F[]
+indicates that keyboard input should be used\&. This option may be specified multiple times\&.
+.SH "INPUT FORMAT"
+.PP
+\fBnsupdate\fR
+reads input from
+\fIfilename\fR
+or standard input\&. Each command is supplied on exactly one line of input\&. Some commands are for administrative purposes\&. The others are either update instructions or prerequisite checks on the contents of the zone\&. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone\&. These conditions must be met if the entire update request is to succeed\&. Updates will be rejected if the tests for the prerequisite conditions fail\&.
+.PP
+Every update request consists of zero or more prerequisites and zero or more updates\&. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone\&. A blank input line (or the
+\fBsend\fR
+command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server\&.
+.PP
+The command formats and their meaning are as follows:
+.PP
+\fBserver\fR {servername} [port]
+.RS 4
+Sends all dynamic update requests to the name server
+\fIservername\fR\&. When no server statement is provided,
+\fBnsupdate\fR
+will send updates to the master server of the correct zone\&. The MNAME field of that zone\'s SOA record will identify the master server for that zone\&.
+\fIport\fR
+is the port number on
+\fIservername\fR
+where the dynamic update requests get sent\&. If no port number is specified, the default DNS port number of 53 is used\&.
+.RE
+.PP
+\fBlocal\fR {address} [port]
+.RS 4
+Sends all dynamic update requests using the local
+\fIaddress\fR\&. When no local statement is provided,
+\fBnsupdate\fR
+will send updates using an address and port chosen by the system\&.
+\fIport\fR
+can additionally be used to make requests come from a specific port\&. If no port number is specified, the system will assign one\&.
+.RE
+.PP
+\fBzone\fR {zonename}
+.RS 4
+Specifies that all updates are to be made to the zone
+\fIzonename\fR\&. If no
+\fIzone\fR
+statement is provided,
+\fBnsupdate\fR
+will attempt determine the correct zone to update based on the rest of the input\&.
+.RE
+.PP
+\fBclass\fR {classname}
+.RS 4
+Specify the default class\&. If no
+\fIclass\fR
+is specified, the default class is
+\fIIN\fR\&.
+.RE
+.PP
+\fBkey\fR {name} {secret}
+.RS 4
+Specifies that all updates are to be TSIG\-signed using the
+\fIkeyname\fR
+\fIkeysecret\fR
+pair\&. The
+\fBkey\fR
+command overrides any key specified on the command line via
+\fB\-y\fR
+or
+\fB\-k\fR\&.
+.RE
+.PP
+\fBprereq nxdomain\fR {domain\-name}
+.RS 4
+Requires that no resource record of any type exists with name
+\fIdomain\-name\fR\&.
+.RE
+.PP
+\fBprereq yxdomain\fR {domain\-name}
+.RS 4
+Requires that
+\fIdomain\-name\fR
+exists (has as at least one resource record, of any type)\&.
+.RE
+.PP
+\fBprereq nxrrset\fR {domain\-name} [class] {type}
+.RS 4
+Requires that no resource record exists of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR\&. If
+\fIclass\fR
+is omitted, IN (internet) is assumed\&.
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type}
+.RS 4
+This requires that a resource record of the specified
+\fItype\fR,
+\fIclass\fR
+and
+\fIdomain\-name\fR
+must exist\&. If
+\fIclass\fR
+is omitted, IN (internet) is assumed\&.
+.RE
+.PP
+\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
+.RS 4
+The
+\fIdata\fR
+from each set of prerequisites of this form sharing a common
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR
+are combined to form a set of RRs\&. This set of RRs must exactly match the set of RRs existing in the zone at the given
+\fItype\fR,
+\fIclass\fR, and
+\fIdomain\-name\fR\&. The
+\fIdata\fR
+are written in the standard text representation of the resource record\'s RDATA\&.
+.RE
+.PP
+\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
+.RS 4
+Deletes any resource records named
+\fIdomain\-name\fR\&. If
+\fItype\fR
+and
+\fIdata\fR
+is provided, only matching resource records will be removed\&. The internet class is assumed if
+\fIclass\fR
+is not supplied\&. The
+\fIttl\fR
+is ignored, and is only allowed for compatibility\&.
+.RE
+.PP
+\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
+.RS 4
+Adds a new resource record with the specified
+\fIttl\fR,
+\fIclass\fR
+and
+\fIdata\fR\&.
+.RE
+.PP
+\fBshow\fR
+.RS 4
+Displays the current message, containing all of the prerequisites and updates specified since the last send\&.
+.RE
+.PP
+\fBsend\fR
+.RS 4
+Sends the current message\&. This is equivalent to entering a blank line\&.
+.RE
+.PP
+\fBanswer\fR
+.RS 4
+Displays the answer\&.
+.RE
+.PP
+Lines beginning with a semicolon are comments and are ignored\&.
+.SH "EXAMPLES"
+.PP
+The examples below show how
+\fBnsupdate\fR
+could be used to insert and delete resource records from the
+\fBexample\&.com\fR
+zone\&. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
+\fBexample\&.com\fR\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
+.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+# nsupdate
+> update delete oldhost\&.example\&.com A
+> update add newhost\&.example\&.com 86400 A 172\&.16\&.1\&.1
+> send
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
+.fi
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.PP
+Any A records for
+\fBoldhost\&.example\&.com\fR
+are deleted\&. And an A record for
+\fBnewhost\&.example\&.com\fR
+with IP address 172\&.16\&.1\&.1 is added\&. The newly\-added record has a 1 day TTL (86400 seconds)\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.fam C
+.ps -1
+.nf
+.if t \{\
+.sp -1
+.\}
+.BB lightgray adjust-for-leading-newline
+.sp -1
+# nsupdate
+> prereq nxdomain nickname\&.example\&.com
+> update add nickname\&.example\&.com 86400 CNAME somehost\&.example\&.com
+> send
+.EB lightgray adjust-for-leading-newline
+.if t \{\
+.sp 1
+.\}
+.fi
+.fam
+.ps +1
+.if n \{\
+.RE
+.\}
+.PP
+The prerequisite condition gets the name server to check that there are no resource records of any type for
+\fBnickname\&.example\&.com\fR\&. If there are, the update request fails\&. If this name does not exist, a CNAME for it is added\&. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME\&. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records\&.)
+.SH "FILES"
+.PP
+\fB/etc/resolv\&.conf\fR
+.RS 4
+used to identify default name server
+.RE
+.PP
+\fBK{name}\&.+157\&.+{random}\&.key\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec-keygen\fR(8)\&.
+.RE
+.PP
+\fBK{name}\&.+157\&.+{random}\&.private\fR
+.RS 4
+base\-64 encoding of HMAC\-MD5 key created by
+\fBdnssec-keygen\fR(8)\&.
+.RE
+.SH "SEE ALSO"
+.PP
+\fBRFC2136\fR(),
+\fBRFC3007\fR(),
+\fBRFC2104\fR(),
+\fBRFC2845\fR(),
+\fBRFC1034\fR(),
+\fBRFC2535\fR(),
+\fBRFC2931\fR(),
+\fBnamed\fR(8),
+\fBdnssec-keygen\fR(8)\&.
+.SH "BUGS"
+.PP
+The TSIG key is redundantly stored in two separate files\&. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases\&.
+.SH "Copyright"
+.br
+Copyright \(co 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
+.br
diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8
deleted file mode 100644
index 74bfa1a7f3..0000000000
--- a/bin/nsupdate/nsupdate.8
+++ /dev/null
@@ -1,358 +0,0 @@
-.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: nsupdate.8,v 1.46 2008/06/18 01:12:16 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: nsupdate
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-nsupdate \- Dynamic DNS update utility
-.SH "SYNOPSIS"
-.HP 9
-\fBnsupdate\fR [\fB\-d\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
-.SH "DESCRIPTION"
-.PP
-\fBnsupdate\fR
-is used to submit Dynamic DNS Update requests as defined in RFC2136 to a name server. This allows resource records to be added or removed from a zone without manually editing the zone file. A single update request can contain requests to add or remove more than one resource record.
-.PP
-Zones that are under dynamic control via
-\fBnsupdate\fR
-or a DHCP server should not be edited by hand. Manual edits could conflict with dynamic updates and cause data to be lost.
-.PP
-The resource records that are dynamically added or removed with
-\fBnsupdate\fR
-have to be in the same zone. Requests are sent to the zone's master server. This is identified by the MNAME field of the zone's SOA record.
-.PP
-The
-\fB\-d\fR
-option makes
-\fBnsupdate\fR
-operate in debug mode. This provides tracing information about the update requests that are made and the replies received from the name server.
-.PP
-Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to
-\fBnsupdate\fR
-and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
-\fBkey\fR
-and
-\fBserver\fR
-statements would be added to
-\fI/etc/named.conf\fR
-so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server.
-\fBnsupdate\fR
-does not read
-\fI/etc/named.conf\fR.
-.PP
-\fBnsupdate\fR
-uses the
-\fB\-y\fR
-or
-\fB\-k\fR
-option to provide the shared secret needed to generate a TSIG record for authenticating Dynamic DNS update requests, default type HMAC\-MD5. These options are mutually exclusive. With the
-\fB\-k\fR
-option,
-\fBnsupdate\fR
-reads the shared secret from the file
-\fIkeyfile\fR, whose name is of the form
-\fIK{name}.+157.+{random}.private\fR. For historical reasons, the file
-\fIK{name}.+157.+{random}.key\fR
-must also be present. When the
-\fB\-y\fR
-option is used, a signature is generated from
-[\fIhmac:\fR]\fIkeyname:secret.\fR
-\fIkeyname\fR
-is the name of the key, and
-\fIsecret\fR
-is the base64 encoded shared secret. Use of the
-\fB\-y\fR
-option is discouraged because the shared secret is supplied as a command line argument in clear text. This may be visible in the output from
-\fBps\fR(1)
-or in a history file maintained by the user's shell.
-.PP
-The
-\fB\-k\fR
-may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key.
-.PP
-By default
-\fBnsupdate\fR
-uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The
-\fB\-v\fR
-option makes
-\fBnsupdate\fR
-use a TCP connection. This may be preferable when a batch of update requests is made.
-.PP
-The
-\fB\-t\fR
-option sets the maximum time an update request can take before it is aborted. The default is 300 seconds. Zero can be used to disable the timeout.
-.PP
-The
-\fB\-u\fR
-option sets the UDP retry interval. The default is 3 seconds. If zero, the interval will be computed from the timeout interval and number of UDP retries.
-.PP
-The
-\fB\-r\fR
-option sets the number of UDP retries. The default is 3. If zero, only one update request will be made.
-.PP
-The
-\fB\-R \fR\fB\fIrandomdev\fR\fR
-option specifies a source of randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used. This option may be specified multiple times.
-.SH "INPUT FORMAT"
-.PP
-\fBnsupdate\fR
-reads input from
-\fIfilename\fR
-or standard input. Each command is supplied on exactly one line of input. Some commands are for administrative purposes. The others are either update instructions or prerequisite checks on the contents of the zone. These checks set conditions that some name or set of resource records (RRset) either exists or is absent from the zone. These conditions must be met if the entire update request is to succeed. Updates will be rejected if the tests for the prerequisite conditions fail.
-.PP
-Every update request consists of zero or more prerequisites and zero or more updates. This allows a suitably authenticated update request to proceed if some specified resource records are present or missing from the zone. A blank input line (or the
-\fBsend\fR
-command) causes the accumulated commands to be sent as one Dynamic DNS update request to the name server.
-.PP
-The command formats and their meaning are as follows:
-.PP
-\fBserver\fR {servername} [port]
-.RS 4
-Sends all dynamic update requests to the name server
-\fIservername\fR. When no server statement is provided,
-\fBnsupdate\fR
-will send updates to the master server of the correct zone. The MNAME field of that zone's SOA record will identify the master server for that zone.
-\fIport\fR
-is the port number on
-\fIservername\fR
-where the dynamic update requests get sent. If no port number is specified, the default DNS port number of 53 is used.
-.RE
-.PP
-\fBlocal\fR {address} [port]
-.RS 4
-Sends all dynamic update requests using the local
-\fIaddress\fR. When no local statement is provided,
-\fBnsupdate\fR
-will send updates using an address and port chosen by the system.
-\fIport\fR
-can additionally be used to make requests come from a specific port. If no port number is specified, the system will assign one.
-.RE
-.PP
-\fBzone\fR {zonename}
-.RS 4
-Specifies that all updates are to be made to the zone
-\fIzonename\fR. If no
-\fIzone\fR
-statement is provided,
-\fBnsupdate\fR
-will attempt determine the correct zone to update based on the rest of the input.
-.RE
-.PP
-\fBclass\fR {classname}
-.RS 4
-Specify the default class. If no
-\fIclass\fR
-is specified, the default class is
-\fIIN\fR.
-.RE
-.PP
-\fBkey\fR {name} {secret}
-.RS 4
-Specifies that all updates are to be TSIG\-signed using the
-\fIkeyname\fR
-\fIkeysecret\fR
-pair. The
-\fBkey\fR
-command overrides any key specified on the command line via
-\fB\-y\fR
-or
-\fB\-k\fR.
-.RE
-.PP
-\fBprereq nxdomain\fR {domain\-name}
-.RS 4
-Requires that no resource record of any type exists with name
-\fIdomain\-name\fR.
-.RE
-.PP
-\fBprereq yxdomain\fR {domain\-name}
-.RS 4
-Requires that
-\fIdomain\-name\fR
-exists (has as at least one resource record, of any type).
-.RE
-.PP
-\fBprereq nxrrset\fR {domain\-name} [class] {type}
-.RS 4
-Requires that no resource record exists of the specified
-\fItype\fR,
-\fIclass\fR
-and
-\fIdomain\-name\fR. If
-\fIclass\fR
-is omitted, IN (internet) is assumed.
-.RE
-.PP
-\fBprereq yxrrset\fR {domain\-name} [class] {type}
-.RS 4
-This requires that a resource record of the specified
-\fItype\fR,
-\fIclass\fR
-and
-\fIdomain\-name\fR
-must exist. If
-\fIclass\fR
-is omitted, IN (internet) is assumed.
-.RE
-.PP
-\fBprereq yxrrset\fR {domain\-name} [class] {type} {data...}
-.RS 4
-The
-\fIdata\fR
-from each set of prerequisites of this form sharing a common
-\fItype\fR,
-\fIclass\fR, and
-\fIdomain\-name\fR
-are combined to form a set of RRs. This set of RRs must exactly match the set of RRs existing in the zone at the given
-\fItype\fR,
-\fIclass\fR, and
-\fIdomain\-name\fR. The
-\fIdata\fR
-are written in the standard text representation of the resource record's RDATA.
-.RE
-.PP
-\fBupdate delete\fR {domain\-name} [ttl] [class] [type\ [data...]]
-.RS 4
-Deletes any resource records named
-\fIdomain\-name\fR. If
-\fItype\fR
-and
-\fIdata\fR
-is provided, only matching resource records will be removed. The internet class is assumed if
-\fIclass\fR
-is not supplied. The
-\fIttl\fR
-is ignored, and is only allowed for compatibility.
-.RE
-.PP
-\fBupdate add\fR {domain\-name} {ttl} [class] {type} {data...}
-.RS 4
-Adds a new resource record with the specified
-\fIttl\fR,
-\fIclass\fR
-and
-\fIdata\fR.
-.RE
-.PP
-\fBshow\fR
-.RS 4
-Displays the current message, containing all of the prerequisites and updates specified since the last send.
-.RE
-.PP
-\fBsend\fR
-.RS 4
-Sends the current message. This is equivalent to entering a blank line.
-.RE
-.PP
-\fBanswer\fR
-.RS 4
-Displays the answer.
-.RE
-.PP
-Lines beginning with a semicolon are comments and are ignored.
-.SH "EXAMPLES"
-.PP
-The examples below show how
-\fBnsupdate\fR
-could be used to insert and delete resource records from the
-\fBexample.com\fR
-zone. Notice that the input in each example contains a trailing blank line so that a group of commands are sent as one dynamic update request to the master name server for
-\fBexample.com\fR.
-.sp
-.RS 4
-.nf
-# nsupdate
-> update delete oldhost.example.com A
-> update add newhost.example.com 86400 A 172.16.1.1
-> send
-.fi
-.RE
-.sp
-.PP
-Any A records for
-\fBoldhost.example.com\fR
-are deleted. And an A record for
-\fBnewhost.example.com\fR
-with IP address 172.16.1.1 is added. The newly\-added record has a 1 day TTL (86400 seconds).
-.sp
-.RS 4
-.nf
-# nsupdate
-> prereq nxdomain nickname.example.com
-> update add nickname.example.com 86400 CNAME somehost.example.com
-> send
-.fi
-.RE
-.sp
-.PP
-The prerequisite condition gets the name server to check that there are no resource records of any type for
-\fBnickname.example.com\fR. If there are, the update request fails. If this name does not exist, a CNAME for it is added. This ensures that when the CNAME is added, it cannot conflict with the long\-standing rule in RFC1034 that a name must not exist as any other record type if it exists as a CNAME. (The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have RRSIG, DNSKEY and NSEC records.)
-.SH "FILES"
-.PP
-\fB/etc/resolv.conf\fR
-.RS 4
-used to identify default name server
-.RE
-.PP
-\fBK{name}.+157.+{random}.key\fR
-.RS 4
-base\-64 encoding of HMAC\-MD5 key created by
-\fBdnssec\-keygen\fR(8).
-.RE
-.PP
-\fBK{name}.+157.+{random}.private\fR
-.RS 4
-base\-64 encoding of HMAC\-MD5 key created by
-\fBdnssec\-keygen\fR(8).
-.RE
-.SH "SEE ALSO"
-.PP
-\fBRFC2136\fR(),
-\fBRFC3007\fR(),
-\fBRFC2104\fR(),
-\fBRFC2845\fR(),
-\fBRFC1034\fR(),
-\fBRFC2535\fR(),
-\fBRFC2931\fR(),
-\fBnamed\fR(8),
-\fBdnssec\-keygen\fR(8).
-.SH "BUGS"
-.PP
-The TSIG key is redundantly stored in two separate files. This is a consequence of nsupdate using the DST library for its cryptographic operations, and may change in future releases.
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook
index 3f9766a8ec..7b6814abcc 100644
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -18,14 +18,14 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-
+
 
   
     Jun 30, 2000
   
   
     nsupdate
-    8
+    1
     BIND9
   
   


                       

                         Mismatch responses received.
-                        When shown via an HTTP statistics channel,
-                        this counter is shown in the
-                        Name Server Statistics section for brevity.