This commit was manufactured by cvs2git to create tag 'v9_0_0rc1'.

Removed some debugging cruft.
Fixed handling of octal/hexadecimal numbers on input.

CHANGES

@@ -1,85 +1,5 @@
 
- 352.	[bug]		Race condition in dns_client_t startup could cause
-			an assertion failure.
-
- 351.	[bug]		Constructing a response with rcode SERVFAIL to a TSIG
-			signed query could crash the server.
-
- 350.	[bug]		Also-notify lists specified in the global options
-			block were not correctly reference counted, causing
-			a memory leak.
-
- 349.	[func]		Processing a query with the CD bit set now works
-			as expected.
-
- 348.	[func]		New named.conf boolean values 'glue-from-auth' and
-			'glue-from-cache' now supported in view and global
-			options statement.
-
- 347.	[bug]		Don't crash if when an argument is left off
-			options in dig.
-
- 346.	[func]		Add support for .digrc config file, in the
-			user's current directory
-
- 345.	[bug]		Large-scale changes/cleanups to dig:
-			* Significantly improve structure handling
-			* Don't pre-load entire batch files
-			* Add name/rr counting/limiting
-			* Fix SIGINT handling
-			* Shorten timeouts to match v8's behavior
-
- 344.	[bug]		When shutting down, lwresd sometimes tried
-			to shut down its client tasks twice, 
-			triggering an assertion.
-
- 343.	[bug]		Although zone maintenance SOA queries and
-			notify requests were signed with TSIG keys
-			when configured for the server in case,
-			the TSIG was not verified on the response.
-
- 342.	[bug]		The wrong name was being passed to
-			dns_name_dup() when generating a TSIG
-			key using TKEY.
-
- 341.	[func]		Support 'key' clause in named.conf zone masters 
-			statement:
-
-				masters { 
-					10.0.0.1 port 666 key "foo";
-					10.0.0.2 ;
-				};
-
- 340.	[bug]		The top-level COPYRIGHT file was missing from
-			the distribution.
-
- 339.	[bug]		DNSSEC validation of the response to an ANY
-			query at a name with a CNAME RR in a secure
-			zone triggered an assertion failure.
-
- 338.	[bug]		lwresd logged to syslog as named, not lwresd.
-
- 337.	[bug]		"dig" did not recognize "nsap-ptr" as an RR type
-			on the command line.
-
- 336.	[bug]		"dig -f" used 64 k of memory for each line in
-			the file.  It now uses much less, though still
-			proportionally to the file size.
-
- 335.	[bug]		named would occasionally attempt recursion when
-			it was disallowed or undesired.
-
- 334.	[func]		Added hmac-md5 to libisc.
-
- 333.	[bug]		The resolver incorrectly accepted referrals to
-			domains that were not parents of the query name,
-			causing assertion failures.
-
- 332.	[func]		New function dns_name_reset().
-
- 331.	[bug]		Only log "recursion denied" if RD is set. (RT #178)
-
- 330.	[func]		New function isc_log_wouldlog().
+	--- 9.0.0rc1 released ---
 
  329.	[func]		omapi_auth_register() now takes a size_t argument for
 			the length of a key's secret data.  Previously
@@ -87,14 +7,6 @@
 
  328.	[func]		Added isc_base64_decodestring().
 
- 327.	[bug]		rndc.conf parser wasn't correctly recognising an IP
-			address where a host specification was required.
-
- 326.	[func]		'keys' in an 'inet' control statement is now
-			required and must have at least one item in it.
-			A "not supported" warning is now issued if a 'unix'
-			control channel is defined.
-
  325.	[bug]		isc_lex_gettoken was processing octal strings when
 			ISC_LEXOPT_CNUMBER was not set.
 
@@ -189,7 +101,7 @@
 
  306.	[bug]		Reading HMAC-MD5 private key files didn't work.
 
- 305.	[bug]		When reloading the server with a config file 
+ 305.	[bug]		When reloading the server with a config file
 			containing a syntax error, it could catch an
 			assertion failure trying to perform zone
 			maintenance on tentatively created zones whose
@@ -200,7 +112,7 @@
 			are listed in resolv.conf, silently ignore them
 			instead of returning failure.
 
- 303.	[bug]		Add additional sanity checks to differentiate a AXFR
+ 303.	[bug]		add additional sanity checks to differentiate a AXFR
 			response vs a IXFR response. (RT #157)
 
  302.	[bug]		In dig, host, and nslookup, MXNAME should be large 
@@ -220,6 +132,8 @@
 			keep a copy of the user and group databases in the
 			chroot'ed environment.	Suggested by Hakan Olsson.
 
+	--- 9.0.0b5 released ---
+
  298.	[bug]		A mutex deadlock occurred during shutdown of the
 			interface manager under certain conditions.
 			Digital Unix systems were the most affected.
@@ -245,8 +159,6 @@
 			reverts to "name_current" instead of staying as
 			"name_glue".
 
- 293.	[port]		Add support for FreeBSD 4.0 system tests.
-
  292.	[bug]		Due to problems with the way some operating systems
 			handle simultaneous listening on IPv4 and IPv6
 			addresses, the server no longer listens on IPv6

Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.26 2000/07/20 00:41:50 gson Exp $
+# $Id: Makefile.in,v 1.21.2.4 2000/07/12 17:06:01 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -23,13 +23,14 @@ top_srcdir =	@top_srcdir@
 
 SUBDIRS =	make lib bin
 TARGETS =
-DISTFILES =	CHANGES COPYRIGHT Makefile.in README \
+DISTFILES =	CHANGES Makefile.in README \
 		acconfig.h aclocal.m4 config.guess config.h.in config.h.win32 \
 		config.status.win32 config.sub configure configure.in \
 		isc-config.sh.in install-sh libtool.m4 ltconfig ltmain.sh \
 		lib make contrib \
 		version
 DOCDISTFILES =	arm draft misc rfc
+DOCMANDISTFILES = bin
 BINDISTFILES =	Makefile.in dig dnssec named nsupdate rndc tests
 
 @BIND9_MAKE_RULES@
@@ -39,6 +40,8 @@ distclean::
 	rm -f libtool isc-config.sh
 	rm -f util/conf.sh
 
+cleandir: distclean
+
 install:: isc-config.sh
 	${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
 
@@ -48,6 +51,9 @@ kit: kitclean
 	mkdir bind-${VERSION}/doc
 	@(cd bind-${VERSION}/doc; for i in ${DOCDISTFILES}; do \
 		ln -s ../../doc/$$i $$i; done)
+	mkdir bind-${VERSION}/doc/man
+	@(cd bind-${VERSION}/doc/man; for i in ${DOCMANDISTFILES}; do \
+		ln -s ../../../doc/man/$$i $$i; done)
 	mkdir bind-${VERSION}/bin
 	@(cd bind-${VERSION}/bin; for i in ${BINDISTFILES}; do \
 		ln -s ../../bin/$$i $$i; done)

README

@@ -68,12 +68,71 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 
 
-BIND 9.1.0a1
+BIND 9.0.0rc1
 
-	This is an unreleased alpha version of BIND 9.1.0.
+	BIND 9.0.0rc1 is a release candidate for the upcoming
+	9.0.0 release.  The only changes expected between
+	rc1 and the final release are bug fixes and documentation
+	updates.
 
-	For a detailed list of user-visible changes from
-	previous releases, see the CHANGES file.	
+	The 9.0.0 release, and this release candidate, is aimed at
+	early adopters and those who wish to make use of new 9.0
+	features, such as IPv6 and DNSSEC secure resolution support.
+
+	We are running 9.0.0rc1 in production, and it has been
+	used as a root name server.
+
+	The distribution includes a new lightweight resolver library
+	and associated resolver daemon.  These should still be considered
+	experimental.
+
+	The server-side support for DNSSEC secured zones is stable and
+	complete with the exception of the handling of wildcard records.
+	The support for secure resolution is still to be considered
+	experimental.
+
+	There have been some changes since beta 5; the highlights are:
+
+		The communication between "rndc" and "named" is now
+		authenticated using digital signatures.  Because of
+		this, rndc now requires a configuration file "rndc.conf"
+		containing a shared secret, with a corresponding
+		"controls" clause in named.conf.
+
+		When the server is chrooted using the -t option,
+		it no longer needs copies of the passwd and group
+		files in the chroot environment.
+
+		Various bug fixes and cleanups, especially
+		in the dig, host, nslookup, and nsupdate
+		programs.
+
+	There are a few known bugs:
+
+		The option "query-source * port 53;" will not work as
+		expected.  Instead of the wildcard address "*", you need 
+		to use an explicit source IP address.
+
+		On some systems, IPv6 and IPv4 sockets interact in
+		unexpected ways.  For details, see doc/misc/ipv6.
+		To reduce the impact of these problems, the server
+		no longer listens for requests on IPv6 addresses
+		by default.  If you need to accept DNS queries over
+		IPv6, you must specify "listen-on-v6 { any; };"
+		in the named.conf options statement.
+
+		There are known problems with thread signal handling 
+		under Solaris 2.6.
+
+		The "isc_timer_reset" test sometimes fails on HP-UX 11
+		for unknown reasons, but the server itself seems to
+		run fine.
+
+	If you are upgrading from BIND 8, please read the migration
+	notes in doc/misc/migration.
+
+	For a detailed list of user-visible changes since beta 5, see
+	the CHANGES file.	
 
 
 Building
@@ -89,7 +148,7 @@ Building
 		FreeBSD 3.4-STABLE
 		HP-UX 11
 		IRIX64 6.5
-		NetBSD-current (with "unproven" pthreads)
+		NetBSD-current (with unproven-pthreads-0.17)
 		Red Hat Linux 6.0, 6.1, 6.2
 		Solaris 2.6, 7, 8 (beta)
 

bin/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.17 2000/06/28 23:55:28 gson Exp $
+# $Id: Makefile.in,v 1.15.2.2 2000/06/29 00:05:25 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.11 2000/06/28 16:32:41 tale Exp $
+# $Id: Makefile.in,v 1.10.2.1 2000/06/28 16:33:42 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/host.1

@@ -1,218 +0,0 @@
-.\" Copyright (C) @YEARS@  Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" 
-.\" $Id: host.1,v 1.1 2000/07/12 17:17:03 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt HOST 1
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm host
-.Nd DNS lookup utility
-.Sh SYNOPSIS
-.Nm host
-.Op Fl aCdlrTwv
-.Op Fl c Ar class
-.Op Fl N Ar ndots
-.Op Fl R Ar number
-.Op Fl t Ar type
-.Op Fl W Ar wait
-.Ar name
-.Op Ar server
-.Sh DESCRIPTION
-.Nm host
-is a simple utility for performing DNS lookups.
-It is normally used to convert names to IP addresses and vice versa.
-When no arguments or options are given,
-.Nm host
-prints a short summary of its command line arguments and options.
-.Pp
-.Ar name
-is the domain name that is to be looked up.
-It can also be a dotted-decimal string representing an IPv4 address, 
-in which case
-.Nm host
-will by default perform a reverse lookup for that address.
-.Ar server
-is an optional argument which is either the name or IP address of the
-name server that
-.Nm host
-should query instead of the server or servers listed in
-.Pa /etc/resolv.conf .
-.Pp
-The
-.Fl a
-(all) option is equivalent to setting the
-.Fl v
-option and asking 
-.Nm host
-to make a query of type ANY.
-.Pp
-When the
-.Fl C
-option is used,
-.Nm host
-will attempt to display the SOA records for zone
-.Ar name
-from all the listed authoritative name servers for that zone.
-The list of name servers is defined by the NS records that are found for
-the zone.
-.Pp
-The
-.Fl c
-option instructs to make a DNS query of class
-.Ar class .
-This can be used to lookup Hesiod or Chaosnet class resource records.
-The default class is IN: Internet.
-.Pp
-Verbose output is generated by
-.Nm host
-when the
-.Fl d
-or
-.Fl v
-option is used.
-The two options are equivalent.
-They have been provided for backwards compatibility.
-In previous versions, the
-.Fl d
-option switched on debugging traces and
-.Fl v
-enabled verbose output.
-.Pp
-List mode is selected by the
-.Fl l
-option.
-This makes 
-.Nm host
-perform a zone transfer for zone
-.Ar name .
-The argument is provided for compatibility with older implemementations.
-This option is equivalent to making a query of type AXFR.
-.Pp
-The
-.Fl N
-option sets the number of dots that have to be in
-.Ar name
-before the root name servers are queried for that name.
-The default number of dots is zero.
-Unlike previous versions of
-.Nm host ,
-the BIND9 implementation does not append domain names from the
-.Dv domain
-or
-.Dv search
-directives in 
-.Pa /etc/resolv.conf .
-Therefore
-.Ar name
-should be a fully-qualified domain name.
-.Pp
-The number of UDP retries for a lookup can be changed with the
-.Fl R
-option.
-.Ar number
-indicates how many times
-.Nm host
-will repeat a query that does not get answered.
-The default number of retries is 1.
-If
-.Ar number
-is negative or zero, the number of retries will default to 1.
-.Pp
-Non-recursive queries can be made via the
-.Fl r
-option.
-Setting this option clears the
-.Dv RD
-- recursion desired - bit in the query which
-.Nm host
-makes.
-This should mean that the name server receiving the query will not attemp
-to resolve
-.Ar name .
-The
-.Fl r
-option enables
-.Nm host
-to mimic the behaviour of a name server by making non-recursive queries
-and expecting to receive answers to those queries that are usually
-referrals to other name servers.
-.Pp
-By default
-.Nm host
-uses UDP when making queries.
-The
-.Fl T
-option makes it use a TCP connection when querying the name server.
-TCP queries will be automatically made when the query type requires
-that a TCP connection: zone transfer (AXFR) requests for example.
-.Pp
-The
-.Fl t
-option is used to select the query type.
-.Ar type
-can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc.
-When no query type is specified, 
-.Nm host
-automatically selects an appropriate query type.
-By default it looks for A records unless the
-.Fl C
-option is supplied or
-.Ar name
-is a dotted-decimal IPv4 address.
-These will make
-.Nm host
-look for SOA and PTR records respectively.
-.Pp
-The time to wait for a reply can be controlled through the
-.Fl W
-and
-.Fl w
-options.
-The
-.Fl W
-option makes
-.Nm host
-wait for 
-.Ar wait
-seconds.
-If
-.Ar wait
-is less than one,
-the wait interval is set to one second.
-When the
-.Fl w
-option is used,
-.Nm host
-will effectively wait forever for a reply.
-The time to wait for a response will be set to the number of seconds
-given by the hardware's maximum value for an integer quantity.
-.Sh FILES
-.Pa /etc/resolv.conf
-.Sh SEE ALSO
-.Xr dig 1 ,
-.Xr resolver 5
-.Xr named 8 .
-.Sh BUGS
-.Nm host
-does not yet know how to handle command line arguments that are IPv6
-addresses, even though the record types for those addresses are
-fully supported by the BIND9 DNS library.
-.Pp
-Apart from this self-contradicting sentence, the
-.Fl D
-option is undocumented.

bin/dig/host.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: host.c,v 1.43 2000/07/19 17:52:27 mws Exp $ */
+/* $Id: host.c,v 1.29.2.3 2000/07/10 19:11:37 bwelling Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
@@ -32,9 +32,7 @@ extern int h_errno;
 #include <dns/message.h>
 #include <dns/name.h>
 #include <dns/rdata.h>
-#include <dns/rdataclass.h>
 #include <dns/rdataset.h>
-#include <dns/rdatatype.h>
 
 #include <dig/dig.h>
 
@@ -60,7 +58,10 @@ extern char *progname;
 extern isc_task_t *global_task;
 
 isc_boolean_t 
-short_form = ISC_TRUE;
+	short_form = ISC_TRUE,
+	filter = ISC_FALSE,
+	showallsoa = ISC_FALSE,
+	tcpmode = ISC_FALSE;
 
 static const char *opcodetext[] = {
 	"QUERY",
@@ -230,6 +231,7 @@ show_usage(void) {
 
 void
 dighost_shutdown(void) {
+	free_lists();
 	isc_app_shutdown();
 }
 
@@ -536,60 +538,40 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 
 static void
 parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
+	isc_boolean_t recursion = ISC_TRUE;
 	char hostname[MXNAME];
+	char querytype[32] = "";
+	char queryclass[32] = "";
 	dig_server_t *srv;
 	dig_lookup_t *lookup;
 	int i, c, n, adrs[4];
 	char store[MXNAME];
-	isc_textregion_t tr;
-	isc_result_t result;
-	dns_rdatatype_t rdtype;
-	dns_rdataclass_t rdclass;
 
 	UNUSED(is_batchfile);
 
-	lookup = make_empty_lookup();
-
 	while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:D"))
 	       != EOF) {
 		switch (c) {
 		case 'l':
-			lookup->tcp_mode = ISC_TRUE;
-			lookup->rdtype = dns_rdatatype_axfr;
+			tcpmode = ISC_TRUE;
+			filter = ISC_TRUE;
+			strcpy(querytype, "axfr");
 			break;
 		case 'v':
 		case 'd':
 			short_form = ISC_FALSE;
 			break;
 		case 'r':
-			lookup->recurse = ISC_FALSE;
+			recursion = ISC_FALSE;
 			break;
 		case 't':
-			tr.base = isc_commandline_argument;
-			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdatatype_fromtext(&rdtype,
-						   (isc_textregion_t *)&tr);
-			
-			if (result != ISC_R_SUCCESS)
-				fprintf (stderr,"Warning: invalid type: %s\n",
-					 isc_commandline_argument);
-			else
-				lookup->rdtype = rdtype;
+			strncpy (querytype, isc_commandline_argument, 32);
 			break;
 		case 'c':
-			tr.base = isc_commandline_argument;
-			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdataclass_fromtext(&rdclass,
-						   (isc_textregion_t *)&tr);
-			
-			if (result != ISC_R_SUCCESS)
-				fprintf (stderr,"Warning: invalid class: %s\n",
-					 isc_commandline_argument);
-			else
-				lookup->rdclass = rdclass;
+			strncpy (queryclass, isc_commandline_argument, 32);
 			break;
 		case 'a':
-			lookup->rdtype = dns_rdatatype_any;
+			strcpy (querytype, "any");
 			short_form = ISC_FALSE;
 			break;
 		case 'w':
@@ -610,14 +592,15 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				tries = 1;
 			break;
 		case 'T':
-			lookup->tcp_mode = ISC_TRUE;
+			tcpmode = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
-			lookup->rdtype = dns_rdatatype_soa;
-			lookup->rdclass = dns_rdataclass_in;
-			lookup->ns_search_only = ISC_TRUE;
-			lookup->trace_root = ISC_TRUE;
+			if (querytype[0] == 0)
+				strcpy(querytype, "soa");
+			if (queryclass[0] == 0)
+				strcpy(queryclass, "in");
+			showallsoa = ISC_TRUE;
 			show_details = ISC_TRUE;
 			break;
 		case 'N':
@@ -635,11 +618,18 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	}
 	strncpy(hostname, argv[isc_commandline_index], MXNAME);
 	if (argc > isc_commandline_index + 1) {
-		srv = make_server(argv[isc_commandline_index+1]);
+		srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
+		if (srv == NULL)
+			fatal("Memory allocation failure.");
+		strncpy(srv->servername,
+			argv[isc_commandline_index+1], MXNAME-1);
 		debug("server is %s", srv->servername);
 		ISC_LIST_APPEND(server_list, srv, link);
 	}
 	
+	lookup = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
+	if (lookup == NULL)	
+		fatal("Memory allocation failure.");
 	lookup->pending = ISC_FALSE;
 	/* 
 	 * XXXMWS Add IPv6 translation here, probably using inet_pton
@@ -659,12 +649,47 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			strncat(lookup->textname, store, MXNAME);
 		}
 		strncat(lookup->textname, "in-addr.arpa.", MXNAME);
-		lookup->rdtype = dns_rdatatype_ptr;
+		if (querytype[0] == 0)
+			strcpy(querytype, "ptr");
 	} else {
 		strncpy(lookup->textname, hostname, MXNAME);
 	}
+	if (querytype[0] == 0)
+		strcpy(querytype, "a");
+	if (queryclass[0] == 0)
+		strcpy(queryclass, "in");
+	strncpy(lookup->rttext, querytype, 32);
+	strncpy(lookup->rctext, queryclass, 32);
+	lookup->namespace[0] = 0;
+	lookup->sendspace[0] = 0;
+	lookup->sendmsg = NULL;
+	lookup->name = NULL;
+	lookup->oname = NULL;
+	lookup->timer = NULL;
+	lookup->xfr_q = NULL;
+	lookup->origin = NULL;
+	lookup->querysig = NULL;
+	lookup->doing_xfr = ISC_FALSE;
+	lookup->ixfr_serial = 0;
+	lookup->defname = ISC_FALSE;
+	lookup->identify = ISC_FALSE;
+	lookup->recurse = recursion;
+	lookup->ns_search_only = showallsoa;
+	lookup->use_my_server_list = ISC_FALSE;
+	lookup->retries = tries;
+	lookup->udpsize = 0;
+	lookup->nsfound = 0;
+	lookup->trace = ISC_FALSE;
+	lookup->trace_root = showallsoa;
+	lookup->tcp_mode = tcpmode;
 	lookup->new_search = ISC_TRUE;
+	lookup->aaonly = ISC_FALSE;
+	lookup->adflag = ISC_FALSE;
+	lookup->cdflag = ISC_FALSE;
+	ISC_LIST_INIT(lookup->q);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
+	lookup->origin = NULL;
+	ISC_LIST_INIT(lookup->my_server_list);
 }
 
 int
@@ -677,17 +702,28 @@ main(int argc, char **argv) {
 
 	debug("main()");
 	progname = argv[0];
-	result = isc_app_start();
-	check_result(result, "isc_app_start");
 	setup_libs();
 	parse_args(ISC_FALSE, argc, argv);
 	setup_system();
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();
-	cancel_all();
-	destroy_libs();
+	/*
+	 * XXXMWS This code should really NOT be bypassed.  However,
+	 * until the proper code can be added to handle SIGTERM/INT
+	 * correctly, just exit out "hard" and deal as best we can.
+	 */
+#if 0
+	if (taskmgr != NULL) {
+		debug("freeing taskmgr");
+		isc_taskmgr_destroy(&taskmgr);
+        }
+	if (isc_mem_debugging)
+		isc_mem_stats(mctx, stderr);
 	isc_app_finish();
+	if (mctx != NULL)
+		isc_mem_destroy(&mctx);	
+#endif
 	return (0);
 }
 

bin/dig/include/dig/dig.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.37 2000/07/20 19:41:44 mws Exp $ */
+/* $Id: dig.h,v 1.25.2.2 2000/07/10 19:11:40 bwelling Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -32,7 +32,7 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#define MXSERV 6
+#define MXSERV 4
 #define MXNAME 1005
 #define MXRD 32
 #define BUFSIZE 512
@@ -43,8 +43,8 @@
 /*
  * Default timeout values
  */
-#define TCP_TIMEOUT 10
-#define UDP_TIMEOUT 5
+#define TCP_TIMEOUT 60
+#define UDP_TIMEOUT 30
 
 #define LOOKUP_LIMIT 64
 /*
@@ -66,7 +66,6 @@ ISC_LANG_BEGINDECLS
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
-typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
 struct dig_lookup {
@@ -75,6 +74,7 @@ struct dig_lookup {
 		waiting_connect,
 		doing_xfr,
 		ns_search_only,
+		use_my_server_list,
 		identify,
 		recurse,
 		aaonly,
@@ -92,14 +92,14 @@ struct dig_lookup {
 		section_additional,
 		new_search;
 	char textname[MXNAME]; /* Name we're going to be looking up */
-	dns_rdatatype_t rdtype;
-	dns_rdataclass_t rdclass;
+	char rttext[MXRD]; /* rdata type text */
+	char rctext[MXRD]; /* rdata class text */
 	char namespace[BUFSIZE];
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
 	isc_buffer_t sendbuf;
-	char *sendspace;
+	char sendspace[COMMSIZE];
 	dns_name_t *name;
 	isc_timer_t *timer;
 	isc_interval_t interval;
@@ -107,7 +107,7 @@ struct dig_lookup {
 	dns_name_t *oname;
 	ISC_LINK(dig_lookup_t) link;
 	ISC_LIST(dig_query_t) q;
-	dig_serverlist_t my_server_list;
+	ISC_LIST(dig_server_t) my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
 	int retries;
@@ -131,8 +131,7 @@ struct dig_query {
 		first_repeat_rcvd;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
-	isc_uint32_t rr_count;
-	isc_uint32_t name_count;
+	int retries;
 	char *servname;
 	isc_bufferlist_t sendlist,
 		recvlist,
@@ -140,7 +139,7 @@ struct dig_query {
 	isc_buffer_t recvbuf,
 		lengthbuf,
 		slbuf;
-	char *recvspace,
+	char recvspace[COMMSIZE],
 		lengthspace[4],
 		slspace[4];
 	isc_socket_t *sock;
@@ -174,6 +173,12 @@ debug(const char *format, ...);
 void
 check_result(isc_result_t result, const char *msg);
 
+isc_boolean_t
+isclass(char *text);
+
+isc_boolean_t
+istype(char *text);
+
 void
 setup_lookup(dig_lookup_t *lookup);
 
@@ -186,6 +191,9 @@ start_lookup(void);
 void
 onrun_callback(isc_task_t *task, isc_event_t *event);
 
+void
+send_udp(dig_lookup_t *lookup);
+
 int
 dhmain(int argc, char **argv);
 
@@ -195,27 +203,12 @@ setup_libs(void);
 void
 setup_system(void);
 
+void
+free_lists(void);
+
 dig_lookup_t *
 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
-dig_lookup_t *
-make_empty_lookup(void);
-
-dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
-
-dig_server_t *
-make_server(const char *servname);
-
-void
-clone_server_list(dig_serverlist_t src, 
-		  dig_serverlist_t *dest);
-
-void
-cancel_all(void);
-
-void
-destroy_libs(void);
 
 /*
  * Routines needed in dig.c and host.c.

bin/dig/nslookup.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.26 2000/07/18 01:28:19 mws Exp $ */
+/* $Id: nslookup.c,v 1.20.2.1 2000/07/10 19:11:38 bwelling Exp $ */
 
 #include <config.h>
 
@@ -23,6 +23,11 @@
 
 extern int h_errno;
 
+#include <dns/message.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdataset.h>
+#include <dns/rdatatype.h>
 #include <isc/app.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -33,13 +38,6 @@ extern int h_errno;
 #include <isc/util.h>
 #include <isc/task.h>
 
-#include <dns/message.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatatype.h>
-
 #include <dig/dig.h>
 
 extern ISC_LIST(dig_lookup_t) lookup_list;
@@ -535,7 +533,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	printsection(query, msg, headers, DNS_SECTION_ANSWER);
 	
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
-	    (query->lookup->rdtype != dns_rdatatype_a)) {
+	    (strcasecmp(query->lookup->rttext,"a") != 0)) {
 		puts ("\nAuthorative answers can be found from:");
 		printsection(query, msg, headers,
 			     DNS_SECTION_AUTHORITY);
@@ -572,44 +570,19 @@ show_settings(isc_boolean_t full) {
 	printf ("\t  %s\t\t\t%s\t\t%s\n",
 		tcpmode?"vc":"novc", short_form?"nodebug":"debug",
 		debugging?"d2":"nod2");
-	printf ("\t  %s\t\t%s\t%s\n",
+	printf ("\t  %s\t\t%s\t\t%s\n",
 		defname?"defname":"nodefname",
-		usesearch?"search  ":"nosearch",
+		usesearch?"search":"nosearch",
 		recurse?"recurse":"norecurse");
 	printf ("\t  timeout = %d\t\tretry = %d\tport = %d\n",
 		timeout, tries, port);
-	printf ("\t  querytype = %-8s\tclass = %s\n",deftype, defclass);
+	printf ("\t  querytype = %-8s\tclass=%s\n",deftype, defclass);
 #if 0
 	printf ("\t  domain = %s\n", fixeddomain);
 #endif
 
 }
 
-static isc_boolean_t
-testtype(char *typetext) {
-	isc_result_t result;
-	isc_textregion_t tr;
-	dns_rdatatype_t rdtype;
-
-	tr.base = typetext;
-	tr.length = strlen(typetext);
-	result = dns_rdatatype_fromtext(&rdtype, &tr);
-	return (result == ISC_R_SUCCESS);
-}
-
-static isc_boolean_t
-testclass(char *typetext) {
-	isc_result_t result;
-	isc_textregion_t tr;
-	dns_rdataclass_t rdclass;
-
-	tr.base = typetext;
-	tr.length = strlen(typetext);
-	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	return (result == ISC_R_SUCCESS);
-}
-
-
 static void
 setoption(char *opt) {
 
@@ -620,11 +593,9 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
 		strncpy(defclass, &opt[3], MXRD);
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
-		if (testtype(&opt[5]))
-			strncpy(deftype, &opt[5], MXRD);
+		strncpy(deftype, &opt[5], MXRD);
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
-		if (testclass(&opt[3]))
-			strncpy(defclass, &opt[3], MXRD);
+		strncpy(deftype, &opt[3], MXRD);
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
 		strncpy(deftype, &opt[10], MXRD);
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
@@ -670,32 +641,39 @@ setoption(char *opt) {
 static void
 addlookup(char *opt) {
 	dig_lookup_t *lookup;
-	isc_result_t result;
-	isc_textregion_t tr;
-	dns_rdatatype_t rdtype;
-	dns_rdataclass_t rdclass;
 
 	debug ("addlookup()");
-	tr.base = deftype;
-	tr.length = strlen(deftype);
-	result = dns_rdatatype_fromtext(&rdtype, &tr);
-	INSIST(result == ISC_R_SUCCESS);
-	tr.base = defclass;
-	tr.length = strlen(defclass);
-	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	INSIST(result == ISC_R_SUCCESS);
-	lookup = make_empty_lookup();
+	lookup = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
+	if (lookup == NULL)
+		fatal("Memory allocation failure.");
+	lookup->pending = ISC_FALSE;
 	strncpy(lookup->textname, opt, MXNAME-1);
-	lookup->rdtype = rdtype;
-	lookup->rdclass = rdclass;
+	strncpy (lookup->rttext, deftype, MXNAME);
+	strncpy (lookup->rctext, defclass, MXNAME);
+	lookup->namespace[0]=0;
+	lookup->sendspace[0]=0;
+	lookup->sendmsg=NULL;
+	lookup->name=NULL;
+	lookup->oname=NULL;
+	lookup->timer = NULL;
+	lookup->xfr_q = NULL;
+	lookup->origin = NULL;
+	lookup->querysig = NULL;
+	lookup->use_my_server_list = ISC_FALSE;
+	lookup->doing_xfr = ISC_FALSE;
+	lookup->ixfr_serial = 0;
+	lookup->defname = ISC_FALSE;
 	lookup->trace = ISC_TF(trace || ns_search_only);
 	lookup->trace_root = trace;
 	lookup->ns_search_only = ns_search_only;
 	lookup->identify = identify;
 	lookup->recurse = recurse;
 	lookup->aaonly = aaonly;
+	lookup->adflag = ISC_FALSE;
+	lookup->cdflag = ISC_FALSE;
 	lookup->retries = tries;
 	lookup->udpsize = bufsize;
+	lookup->nsfound = 0;
 	lookup->comments = comments;
 	lookup->tcp_mode = tcpmode;
 	lookup->stats = stats;
@@ -824,13 +802,15 @@ flush_lookup_list(void) {
 			ISC_LIST_DEQUEUE(l->q, qp, link);
 			isc_mem_free(mctx, qp);
 		}
-		s = ISC_LIST_HEAD(l->my_server_list);
-		while (s != NULL) {
-			sp = s;
-			s = ISC_LIST_NEXT(s, link);
-			ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
-			isc_mem_free(mctx, sp);
-			
+		if (l->use_my_server_list) {
+			s = ISC_LIST_HEAD(l->my_server_list);
+			while (s != NULL) {
+				sp = s;
+				s = ISC_LIST_NEXT(s, link);
+				ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
+				isc_mem_free(mctx, sp);
+
+			}
 		}
 		if (l->sendmsg != NULL)
 			dns_message_destroy(&l->sendmsg);
@@ -900,7 +880,7 @@ main(int argc, char **argv) {
 
 	puts ("");
 	debug ("done, and starting to shut down");
-	destroy_libs();
+	free_lists();
 	isc_mutex_destroy(&lock);
 	isc_condition_destroy(&cond);
 	if (taskmgr != NULL) {

bin/dnssec/dnssec-keygen.8

@@ -1,304 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keygen.8,v 1.5 2000/07/26 18:52:05 gson Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-KEYGEN 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-keygen
-.Nd key generation tool for DNSSEC
-.Sh SYNOPSIS
-.Nm dnssec-keygen
-.Fl a Ar algorithm
-.Fl b Ar keysize
-.Op Fl e
-.Op Fl g Ar generator
-.Op Fl h
-.Fl n Ar nametype
-.Op Fl p Ar protocol-value
-.Op Fl r Ar randomdev
-.Op Fl s Ar strength-value
-.Op Fl t Ar type
-.Op Fl v Ar level
-.Ar name
-.Sh DESCRIPTION
-.Nm dnssec-keygen
-generates keys for DNSSEC, Secure DNS, as defined in RFC2535.
-It also generates keys for use in Transaction Signatures, TSIG, which
-is defined in RFC2845.
-.Pp
-A short summary of the options and arguments to
-.Nm dnssec-keygen
-is printed by the
-.Fl h
-(help) option.
-.Pp
-The
-.Fl a ,
-.Fl b ,
-and
-.Fl n
-options and their arguments must be supplied when generating keys.
-The domain name that the key has to be generated for is given by
-.Ar name .
-.Pp
-The choice of encryption algorithm is selected by the
-.Fl a
-option to
-.Nm dnssec-keygen .
-.Ar algorithm
-must be one of
-.Dv RSAMD5 ,
-.Dv DH ,
-.Dv DSA
-or
-.Dv HMAC-MD5
-to indicate that an RSA, Diffie-Hellman, Digital Signature
-Algorithm or HMAC-MD5 key is required.
-An argument of
-.Dv RSA
-can also be given, which is equivalent to
-.Dv RSAMD5 .
-The argument identifying the encryption algorithm is case-insensitive.
-DNSSEC specifies DSA as a mandatory algorithm and RSA as a recommended one.
-Implementations of TSIG must support HMAC-MD5.
-.Pp
-The number of bits in the key is determined by the
-.Ar keysize
-argument following the
-.Fl b
-option.
-The choice of key size depends on the algorithm that is used.
-RSA keys must be between 512 and 2048 bits.
-Diffie-Hellman keys must be between 128 and 4096 bits.
-For DSA, the key size must be between 512 and 1024 bits and a multiple
-of 64.
-The length of an HMAC-MD5 key can be between 1 and 512 bits.
-.Pp
-The
-.Fl n
-option specifies how the generated key will be used.
-.Ar nametype
-can be either
-.Dv ZONE ,
-.Dv HOST , 
-.Dv ENTITY ,
-or
-.Dv USER
-to indicate that the key will be used for signing a zone, host,
-entity or user respectively.
-In this context
-.Dv HOST
-and
-.Dv ENTITY
-are identical.
-.Ar nametype
-is case-insensitive.
-.Pp
-The
-.Fl e
-option can only be used when generating RSA keys.
-It tells
-.Nm dnssec-keygen
-to use a large exponent.
-When creating Diffie-Hellman keys, the
-.Fl g
-option selects the Diffie-Hellman generator
-.Ar generator
-that is to be used.
-The only supported values value of
-.Ar generator
-are 2 and 5.
-If no Diffie-Hellman generator is supplied, a known prime 
-from RFC2539 will be used if possible; otherwise 2 will be used as the
-generator.
-.Pp
-The
-.Fl p
-option sets the protocol value for the generated key to
-.Ar protocol-value .
-The default is 2 (email) for keys of type
-.Dv USER 
-and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in RFC2535 and its
-successors.
-.Pp
-.Nm dnssec-keygen
-uses random numbers to seed the process
-of generating keys.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-keygen
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making 
-.Nm dnssec-keygen
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The key's strength value can be set with the
-.Fl s
-option.
-The generated key will sign DNS resource records
-with a strength value of
-.Ar strength-value .
-It should be a number between 0 and 15.
-The default strength is zero.
-The key strength field currently has no defined purpose in DNSSEC.
-.Pp
-The
-.Fl t
-option indicates if the key is to be used for authentication or
-confidentiality.
-.Ar type
-can be one of
-.Dv AUTHCONF ,
-.Dv NOAUTHCONF ,
-.Dv NOAUTH 
-or
-.Dv NOCONF .
-The default is
-.Dv AUTHCONF .
-If type is
-.Dv AUTHCONF 
-the key can be used for authentication and confidentialty.
-Setting
-.Ar type 
-to
-.Dv NOAUTHCONF
-indicates that the key cannot be used for authentication or confidentialty.
-A value of
-.Dv NOAUTH
-means the key can be used for confidentiality but not for
-authentication.
-Similarly,
-.Dv NOCONF
-defines that the key cannot be used for confidentiality though it can
-be used for authentication.
-.Pp
-The 
-.Fl v
-option can be used to make
-.Nm dnssec-keygen
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases, 
-.Nm dnssec-keygen
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh GENERATED KEYS
-When
-.Nm dnssec-keygen
-completes it prints a string of the form
-.Ar Knnnn.+aaa+iiiii
-on the standard output.
-This is an identification string for the key it has generated.
-These strings can be supplied as arguments to
-.Xr dnssec-makekeyset 8 .
-.Pp
-The
-.Ar nnnn.
-part is the dot-terminated domain name given by
-.Ar name .
-The DNSSEC algorithm identifier is indicated by
-.Ar aaa -
-001 for RSA, 002 for Diffie-Hellman, 003 for DSA or 157 for HMAC-MD5.
-.Ar iiiii
-is a five-digit number identifying the key.
-.Pp
-.Nm dnssec-keygen
-creates two files.
-The file names are adapted from the key identification string above.
-They have names of the form:
-.Ar Knnnn.+aaa+iiiii.key
-and
-.Ar Knnnn.+aaa+iiiii.private .
-These contain the public and private parts of the key respectively.
-The files generated by
-.Nm dnssec-keygen
-obey this naming convention to
-make it easy for the signing tool
-.Xr dnssec-signzone 8
-to identify which file(s) have to be read to find the necessary
-key(s) for generating or validating signatures.
-.Pp
-The
-.Ar .key
-file contains a KEY resource record that can be inserted into a zone file
-with a 
-.Dv $INCLUDE
-statement.
-The private part of the key is in the
-.Ar .private
-file.
-It contains details of the encryption algorithm that was used and any
-relevant parameters: prime number, exponent, modulus, subprime, etc.
-For obvious security reasons, this file does not have general read
-permission.
-The private part of the key is used by
-.Xr dnssec-signzone 8
-to generate signatures and the public part is used to verify the
-signatures.
-Both 
-.Ar .key
-and
-.Ar .private
-key files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
-.Sh EXAMPLE
-To generate a 768-bit DSA key for the domain
-.Dv example.com ,
-the following command would be issued:
-.Pp
-.Dl # dnssec-keygen -a DSA -b 768 -n ZONE example.com
-.Dl Kexample.com.+003+26160
-.Pp
-.Nm dnssec-keygen
-has printed the key identification string
-.Dv Kexample.com.+003+26160 ,
-indicating a DSA key with identifier 26160.
-It will also have created the files
-.Pa Kexample.com.+003+26160.key 
-and
-.Pa Kexample.com.+003+26160.private
-containing respectively the public and private keys for the generated
-DSA key.
-.Sh FILES
-.Pa /dev/random 
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr RFC2845,
-.Xr RFC2539,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 ,
-.Xr dnssec-signzone 8 .
-.Sh BUGS
-The naming convention for the public and private key files is a little
-clumsy.
-It won't work for domain names that are longer than 236 characters
-because of the 
-.Ar .+aaa+iiiii.private
-suffix results in filenames that are too long for most
-.Ux
-systems.

bin/dnssec/dnssec-makekeyset.8

@@ -1,202 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-makekeyset.8,v 1.4 2000/07/26 00:47:14 bwelling Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-MAKEKEYSET 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-makekeyset
-.Nd produce a set of DNSSEC keys
-.Sh SYNOPSIS
-.Nm dnssec-makekeyset
-.Op Fl h
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl t Ar TTL
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar keyfile ....
-.Sh DESCRIPTION
-.Nm dnssec-makekeyset
-generates a key set from one or more keys created by
-.Xr dnssec-keygen 8 .
-It creates a file containing KEY and SIG records for some zone which
-can then be signed by the zone's parent if the parent zone is
-DNSSEC-aware.
-.Ar keyfile
-should be a key identification string as reported by
-.Xr dnssec-keygen 8 :
-i.e.
-.Ar Knnnn.+aaa+iiiii
-where
-.Ar nnnn
-is the name of the key,
-.Ar aaa
-is the encryption algorithm and
-.Ar iiiii
-is the key identifier.
-Multiple
-.Ar keyfile
-arguments can be supplied when there are several keys to be combined
-by
-.Nm dnssec-makekeyset
-into a key set.
-.Pp
-For any SIG records that are in the key set, the start time when the
-SIG records become valid is specified with the
-.Fl s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Fl s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Fl e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is written as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-makekeyset
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-An alternate source of random data can be specified with the
-.Fl r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Fl r
-option is used,
-.Nm dnssec-makekeyset
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-The
-.Fl t
-option is followed by a time-to-live argument
-.Ar TTL
-which indicates the TTL value that will be assigned to the assembled KEY
-and SIG records in the output file.
-.Ar TTL
-is expressed in seconds.
-If no
-.Fl t
-option is provided,
-.Nm dnssec-makekeyset
-prints a warning and uses a default TTL of 3600 seconds.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-makekeyset
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-makekeyset
-generates increasingly detailed reports about what it is doing.
-The default level is zero. 
-.Pp
-The
-.Fl h
-option makes
-.Nm dnssec-makekeyset
-to print a short summary of its options and arguments.
-.Pp
-If
-.Nm dnssec-makekeyset
-is successful, it creates a file name of the form
-.Ar nnnn.keyset .
-This file contains the KEY and SIG records for domain
-.Dv nnnn ,
-the domain name part from the key file identifier produced when
-.Nm dnssec-keygen
-created the domain's public and private keys.
-The
-.Ar .keyset
-file can then be transferred to the DNS administrator of the parent
-zone for them to sign the contents with
-.Xr dnssec-signkey 8 .
-.Sh EXAMPLE
-The following command generates a key set for the DSA key for
-.Dv example.com
-that was shown in the
-.Xr dnssec-keygen 8
-man page.
-The backslash is for typographic reasons and would not be provided on
-the command line when running
-.Nm dnssec-makekeyset .
-.nf
-.Dl # dnssec-makekeyset -t 86400 -s 20000701120000 \e\p 
-.Dl -e +2592000 Kexample.com.+003+26160
-.fi
-.Pp
-.Nm dnssec-makekeyset
-will create a file called
-.Pa example.com.keyset
-containing a SIG and KEY record for
-.Dv example.com.
-These records will have a TTL of 86400 seconds (1 day).
-The SIG record becomes valid at noon UTC on July 1st 2000 and expires
-30 days (2592000 seconds) later.
-.Pp
-The DNS administrator for
-.Dv example.com
-could then send
-.Pa example.com.keyset
-to the DNS administrator for
-.Dv .com
-so that they could sign the resource records in the file.
-This assumes that the
-.Dv .com 
-zone is DNSSEC-aware and the administrators of the two zones have some
-mechanism for authenticating each other and exchanging the keys and
-signatures securely.
-.Sh FILES
-.Pa /dev/random .
-.Sh SEE ALSO
-.Xr RFC2535 ,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-signkey 8 .

bin/dnssec/dnssec-signkey.8

@@ -1,159 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signkey.8,v 1.5 2000/07/26 19:13:18 gson Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNKEY 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signkey
-.Nd DNSSEC keyset signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signkey
-.Op Fl h
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar keyset
-.Ar keyfile ...
-.Sh DESCRIPTION
-.Nm dnssec-signkey
-is used to sign a key set for a child zone.
-Typically this would be provided by a 
-.Ar .keyset
-file generated by
-.Xr dnssec-makekeyset 8 .
-This provides a mechanism for a DNSSEC-aware zone to sign the keys of
-any DNSSEC-aware child zones.
-The child zone's key set gets signed with the zone keys for its parent
-zone.
-.Ar keyset
-will be the pathname of the child zone's
-.Ar .keyset
-file.
-Each
-.Ar keyfile
-argument will be a key identification string as reported by
-.Xr dnssec-keygen 8
-for the parent zone.
-This allows the child's keys to be signed by more than one 
-parent zone key.
-.Pp
-The
-.Fl h
-option makes
-.Nm dnssec-signkey
-print a short summary of its command line options
-and arguments.
-.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys.  This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign or if the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require as much protection against cryptanalysis, such as when the key
-will be discarded long before it could be compromised.
-.Nm dnssec-signkey
-may need random numbers in the process of generating keys.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-signkey
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making
-.Nm dnssec-signkey
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-signkey
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signkey
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-When
-.Nm dnssec-signkey
-completes successfully, it generates a file called
-.Ar nnnn.signedkey
-containing the signed keys for child zone
-.Ar nnnn .
-The keys from the
-.Ar keyset
-file will have been signed by the parent zone's key or keys which were
-supplied as
-.Ar keyfile
-arguments.
-This file should be sent to the DNS administrator of the child zone.
-They arrange for its contents to be incorporated into the zone file
-when it next gets signed with
-.Xr dnssec-signzone 8 .
-A copy of the generated
-.Ar signedkey
-file should be kept by the parent zone's DNS administrator, since
-it will be needed when signing the parent zone.
-.Sh EXAMPLE
-The DNS administrator for a DNSSEC-aware
-.Dv .com
-zone would use the following command to make
-.Nm dnssec-signkey
-sign the
-.Ar .keyset
-file for
-.Dv example.com
-created in the example shown in the man page for
-.Xr dnssec-makekeyset 8 :
-.Pp
-.Dl # dnssec-signkey example.com.keyset Kcom.+003+51944
-.Pp
-where
-.Dv Kcom.+003+51944
-was a key file identifier that was produced when
-.Xr dnssec-keygen 8
-generated a key for the
-.Dv .com
-zone.
-.Pp
-.Nm dnssec-signkey
-will produce a file called
-.Dv example.com.signedkey
-which has the keys for
-.Dv example.com
-signed by the
-.Dv com
-zone's zone key.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signzone 8 .

bin/dnssec/dnssec-signzone.8

@@ -1,263 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signzone.8,v 1.7 2000/07/26 21:36:43 gson Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNZONE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signzone
-.Nd DNSSEC zone signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signzone
-.Op Fl a
-.Op Fl c Ar cycle-time
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl o Ar origin
-.Op Fl f Ar output-file
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar zonefile
-.Op keyfile ....
-.Sh DESCRIPTION
-.Pp
-.Nm dnssec-signzone
-is used to sign a zone.
-Any
-.Ar .signedkey
-files for the zone to be signed should be present in the current
-directory, along with the keys that will be used to sign the zone.
-If no
-.Ar keyfile
-arguments are supplied, the default behaviour is to use all of the zone's
-keys that are present in the current directory.
-Providing specific
-.Ar keyfile
-arguments constrains
-.Nm dnssec-signzone
-to only use those keys for signing the zone.
-Each
-.Ar keyfile
-argument would be an identification string for a key created with
-.Xr dnssec-keygen 8 .
-If the zone to be signed has any secure subzones, the
-.Ar .signedkey
-files for those subzones need to be available in the
-current working directory used by
-.Nm dnssec-signzone .
-.Pp
-.Ar zonefile
-is the name of the unsigned zone file.
-Unless the file name is the same as the name of the zone, the
-.Fl o
-option should be given.
-.Ar origin
-will be the fully qualified domain origin for the zone.
-.Pp
-.Nm dnssec-signzone
-will generate NXT and SIG records for the zone and produce a signed
-version of the zone.
-If there is a
-.Ar signedkey
-file from the zone's parent, the parent's signatures will be
-incorporated into the generated signed zone file.
-The security status of delegations from the the signed zone 
-- i.e. whether the child zones are DNSSEC-aware or not - is
-set according to the presence or absence of a
-.Ar signedkey
-file for the child in case.
-.Pp
-By default,
-.Nm dnssec-signzone
-generates a file called
-.Ar zonefile.signed
-containing the signed zone file.
-The output file name can be overridden usign the
-.Fl f
-option.
-.\" Don't hyphenate YYYYMMDDHHMMSS
-.nh YYYYMMDDHHMMSS
-.Pp
-.Nm dnssec-signzone
-does not verify the signatures by default.
-The
-.Fl a
-option makes it verify the signatures it generated.
-.Pp
-The date and time when the generated
-SIG records become valid can be specified with the
-.Fl s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Fl s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Fl e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is supplied as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-signzone
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-When a previously signed zone is passed as input to
-.Nm dnssec-signzone ,
-records may be resigned.  Whether or not to resign records is configurable
-by using the
-.Fl c
-option, which specifies the cycle period as an offset from the current time
-(in seconds).  If a SIG record expires after the cycle period, it is retained.
-Otherwise, it is considered to be expiring soon, and
-.Nm dnssec-signzone
-will remove it and generate a new SIG record to replace it.
-.Pp
-The default cycle period is one quarter of the difference between the
-specified signature end and start dates.  So if the 
-.Fl e
-and 
-.Fl s
-options are not specified,
-.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current date
-by default, with a cycle period of 7.5 days.  Therefore, if any SIG records
-are due to expire in less than 7.5 days, they would be replaced
-with new ones.
-.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys.  This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign or if the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require as much protection against cryptanalysis, such as when the key
-will be discarded long before it could be compromised.
-.Pp
-.Nm dnssec-signzone
-may need random numbers in the process of signing the zone.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-signzone
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making
-.Nm dnssec-signzone
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-An option of
-.Fl h
-makes
-.Nm dnssec-signzone
-print a short summary of its command line options
-and arguments.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-signzone
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signzone
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh EXAMPLE
-The example below shows how
-.Nm dnssec-signzone
-could be used to sign the
-.Dv example.com
-zone with the key that was generated in the example given in the
-man page for
-.Xr dnssec-keygen 8 .
-The zone file for this zone is
-.Dv example.com ,
-which is the same as the origin, so there is no need to use the
-.Fl o
-option to set the origin.
-This zone file contains the keyset for
-.Dv example.com
-that was created by
-.Xr dnssec-makekeyset 8 .
-The zone's keys were either appended to the zone file or
-incorporated using a 
-.Dv $INCLUDE 
-statement.
-If there was a
-.Ar .signedkey
-file from the parent zone - i.e. 
-.Dv example.com.signedkey 
-- it should be present in the current directory.
-This allows the parent zone's signature to be included in the signed
-version of the
-.Dv example.com
-zone.
-.Pp
-.Dl # dnssec-signzone example.com Kexample.com.+003+26160
-.Pp
-.Nm dnssec-signzone
-will create a file called
-.Dv example.com.signed ,
-the signed version of the
-.Dv example.com
-zone.
-This file can then be referenced in a
-.Dv zone{}
-statement in
-.Pa /etc/named.conf
-so that it can be loaded by the name server.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 .

bin/named/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.51 2000/07/10 11:34:55 tale Exp $
+# $Id: Makefile.in,v 1.49.2.2 2000/07/11 17:23:01 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/named/aclconf.c

@@ -1,199 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: aclconf.c,v 1.18 2000/06/22 21:54:17 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/aclconf.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx) {
-	ISC_LIST_INIT(ctx->named_acl_cache);
-}
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx) {
-     	dns_acl_t *dacl, *next;	
-	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
-	     dacl != NULL;
-	     dacl = next)
-	{
-		next = ISC_LIST_NEXT(dacl, nextincache);
-		dacl->name = NULL;
-		dns_acl_detach(&dacl);
-	}
-}
-
-static isc_result_t
-convert_named_acl(char *aclname, dns_c_ctx_t *cctx,
-		  dns_aclconfctx_t *ctx, isc_mem_t *mctx,
-		  dns_acl_t **target)
-{
-	isc_result_t result;
-	dns_c_acl_t *cacl;
-	dns_acl_t *dacl;
-
-	/* Look for an already-converted version. */
-	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
-	     dacl != NULL;
-	     dacl = ISC_LIST_NEXT(dacl, nextincache))
-	{
-		if (strcmp(aclname, dacl->name) == 0) {
-			dns_acl_attach(dacl, target);
-			return ISC_R_SUCCESS;
-		}
-	}
-	/* Not yet converted.  Convert now. */
-	result = dns_c_acltable_getacl(cctx->acls, aclname, &cacl);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-			      "undefined ACL '%s'", aclname);
-		return (result);
-	}
-	result = dns_acl_fromconfig(cacl->ipml, cctx, ctx, mctx, &dacl);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	dacl->name = aclname;
-	ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache);
-	dns_acl_attach(dacl, target);
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) {
-	isc_result_t result;
-	isc_buffer_t buf;
-	dns_fixedname_t fixname;
-	unsigned int keylen;
-
-	keylen = strlen(txtname);
-	isc_buffer_init(&buf, txtname, keylen);
-	isc_buffer_add(&buf, keylen);
-	dns_fixedname_init(&fixname);
-	result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
-				   dns_rootname, ISC_FALSE, NULL);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-			      "key name \"%s\" is not a valid domain name",
-			      txtname);
-		return (result);
-	}
-	return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
-}
-	       
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
-		   dns_c_ctx_t *cctx,
-		   dns_aclconfctx_t *ctx,
-		   isc_mem_t *mctx,
-		   dns_acl_t **target)
-{
-	isc_result_t result;
-	unsigned int count;
-	dns_acl_t *dacl = NULL;
-	dns_aclelement_t *de;
-	dns_c_ipmatchelement_t *ce;
-
-	REQUIRE(target != NULL && *target == NULL);
-	
-	count = 0;
-	for (ce = ISC_LIST_HEAD(caml->elements);
-	     ce != NULL;
-	     ce = ISC_LIST_NEXT(ce, next))
-		count++;
-
-	result = dns_acl_create(mctx, count, &dacl);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	
-	de = dacl->elements;
-	for (ce = ISC_LIST_HEAD(caml->elements);
-	     ce != NULL;
-	     ce = ISC_LIST_NEXT(ce, next))
-	{
-		de->negative = dns_c_ipmatchelement_isneg(ce);
-		switch (ce->type) {
-		case dns_c_ipmatch_pattern:
-			de->type = dns_aclelementtype_ipprefix;
-			isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
-						 &ce->u.direct.address);
-			/* XXX "mask" is a misnomer */
-			de->u.ip_prefix.prefixlen = ce->u.direct.mask;
-			break;
-		case dns_c_ipmatch_key:
-			de->type = dns_aclelementtype_keyname;
-			dns_name_init(&de->u.keyname, NULL);
-			result = convert_keyname(ce->u.key, mctx,
-						 &de->u.keyname);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		case dns_c_ipmatch_indirect:
-			de->type = dns_aclelementtype_nestedacl;
-			result = dns_acl_fromconfig(ce->u.indirect.list,
-						    cctx, ctx, mctx,
-						    &de->u.nestedacl);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		case dns_c_ipmatch_localhost:
-			de->type = dns_aclelementtype_localhost;
-			break;
-
-		case dns_c_ipmatch_any:
-			de->type = dns_aclelementtype_any;
-			break;
-
-		case dns_c_ipmatch_localnets:
-			de->type = dns_aclelementtype_localnets;
-			break;
-		case dns_c_ipmatch_acl:
-			de->type = dns_aclelementtype_nestedacl;
-			result = convert_named_acl(ce->u.aclname,
-						   cctx, ctx, mctx,
-						   &de->u.nestedacl);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		default:
-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-				      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-				      "address match list contains "
-				      "unsupported element type");
-			result = ISC_R_FAILURE;
-			goto cleanup;
-		}
-		de++;
-		dacl->length++;
-	}
-
-	*target = dacl;
-	return (ISC_R_SUCCESS);
-	
- cleanup:
-	dns_acl_detach(&dacl);
-	return (result);
-}

bin/named/client.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: client.c,v 1.103 2000/07/26 17:39:09 gson Exp $ */
+/* $Id: client.c,v 1.98 2000/06/22 23:48:07 marka Exp $ */
 
 #include <config.h>
 
@@ -163,8 +163,6 @@ static void clientmgr_destroy(ns_clientmgr_t *manager);
 static isc_boolean_t exit_check(ns_client_t *client);
 static void ns_client_endrequest(ns_client_t *client);
 static void ns_client_checkactive(ns_client_t *client);
-static void client_start(isc_task_t *task, isc_event_t *event);
-static void client_request(isc_task_t *task, isc_event_t *event);
 
 /*
  * Enter the inactive state.
@@ -270,7 +268,7 @@ set_timeout(ns_client_t *client, unsigned int seconds) {
 	if (result != ISC_R_SUCCESS) {
 		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
-			      "setting timeout: %s",
+			      "setting timouet: %s",
 			      isc_result_totext(result));
 		/* Continue anyway. */
 	}
@@ -433,45 +431,6 @@ exit_check(ns_client_t *client) {
 	return (ISC_TRUE);
 }
 
-/*
- * The client's task has received the client's control event
- * as part of the startup process.
- */
-static void
-client_start(isc_task_t *task, isc_event_t *event) {
-	ns_client_t *client = (ns_client_t *) event->ev_arg;
-	isc_result_t result;
-
-	INSIST(task == client->task);
-	
-	UNUSED(task);
-
-	if (TCP_CLIENT(client)) {
-		client_accept(client);
-	} else {
-		result = dns_dispatch_addrequest(client->dispatch,
-						 client->task,
-						 client_request,
-						 client,
-						 &client->dispentry);
-		
-		if (result != ISC_R_SUCCESS) {
-			ns_client_log(client,
-				      DNS_LOGCATEGORY_SECURITY,
-				      NS_LOGMODULE_CLIENT,
-				      ISC_LOG_DEBUG(3),
-				      "dns_dispatch_addrequest() "
-				      "failed: %s",
-				      isc_result_totext(result));
-			/*
-			 * Not much we can do here but log the failure; 
-			 * the client will effectively go idle.
-			 */
-		}
-	}
-}
-
-
 /*
  * The client's task has received a shutdown event.
  */
@@ -529,12 +488,6 @@ ns_client_endrequest(ns_client_t *client) {
 
 	if (client->recursionquota != NULL)
 		isc_quota_detach(&client->recursionquota);
-
-	/*
-	 * Clear all client attributes that are specific to 
-	 * the request; that's all except the TCP flag.
-	 */
-	client->attributes &= NS_CLIENTATTR_TCP;
 }
 
 static void
@@ -606,14 +559,14 @@ client_senddone(isc_task_t *task, isc_event_t *event) {
 	ns_client_t *client;
 	isc_socketevent_t *sevent = (isc_socketevent_t *) event;
 
+	UNUSED(task);
+
 	REQUIRE(sevent != NULL);
 	REQUIRE(sevent->ev_type == ISC_SOCKEVENT_SENDDONE);
 	client = sevent->ev_arg;
 	REQUIRE(NS_CLIENT_VALID(client));
 	REQUIRE(task == client->task);
 
-	UNUSED(task);
-
 	CTRACE("senddone");
 
 	if (sevent->result != ISC_R_SUCCESS)
@@ -863,7 +816,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	dns_view_t *view;
 	dns_rdataset_t *opt;
 	isc_boolean_t ra; 	/* Recursion available. */
-	isc_boolean_t rd; 	/* Recursion desired. */
 
 	REQUIRE(event != NULL);
 	client = event->ev_arg;
@@ -894,9 +846,13 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		if ((devent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
 			client->attributes |= NS_CLIENTATTR_PKTINFO;
 			client->pktinfo = devent->pktinfo;
+		} else {
+			client->attributes &= ~NS_CLIENTATTR_PKTINFO;
 		}
 		if ((devent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
 			client->attributes |= NS_CLIENTATTR_MULTICAST;
+		else
+			client->attributes &= ~NS_CLIENTATTR_MULTICAST;
 	} else {
 		INSIST(TCP_CLIENT(client));
 		REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
@@ -1085,13 +1041,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	 * responses to ordinary queries.
 	 */
 	ra = ISC_FALSE;
-	rd = ISC_TF((client->message->flags & DNS_MESSAGEFLAG_RD) != 0);
 	if (client->view->resolver != NULL &&
 	    client->view->recursion == ISC_TRUE &&
 	    /* XXX this will log too much too early */
 	    ns_client_checkacl(client, "recursion",
 			       client->view->recursionacl,
-			       ISC_TRUE, rd) == ISC_R_SUCCESS)
+			       ISC_TRUE, ISC_TRUE) == ISC_R_SUCCESS)
 		ra = ISC_TRUE;
 
 	if (ra == ISC_TRUE)
@@ -1236,9 +1191,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 	client->recursionquota = NULL;
 	client->interface = NULL;
 	client->peeraddr_valid = ISC_FALSE;
-	ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
-		       DNS_EVENT_CLIENTCONTROL, client_start, client, client,
-		       NULL, NULL);
 	ISC_LINK_INIT(client, link);
 	client->list = NULL;
 
@@ -1316,7 +1268,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 	UNUSED(task);
 
 	INSIST(client->state == NS_CLIENTSTATE_READY);
-
+	
 	INSIST(client->naccepts == 1);
 	client->naccepts--;
 
@@ -1573,7 +1525,6 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 	LOCK(&manager->lock);
 
 	for (i = 0; i < n; i++) {
-		isc_event_t *ev;
 		/*
 		 * Allocate a client.  First try to get a recycled one;
 		 * if that fails, make a new one.
@@ -1598,16 +1549,30 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 			client->attributes |= NS_CLIENTATTR_TCP;
 			isc_socket_attach(ifp->tcpsocket,
 					  &client->tcplistener);
+			client_accept(client);
 		} else {
 			dns_dispatch_attach(ifp->udpdispatch,
 					    &client->dispatch);
+			result = dns_dispatch_addrequest(client->dispatch,
+							 client->task,
+							 client_request,
+							 client,
+							 &client->dispentry);
+			if (result != ISC_R_SUCCESS) {
+				ns_client_log(client,
+					      DNS_LOGCATEGORY_SECURITY,
+					      NS_LOGMODULE_CLIENT,
+					      ISC_LOG_DEBUG(3),
+					      "dns_dispatch_addrequest() "
+					      "failed: %s",
+					      isc_result_totext(result));
+				isc_task_shutdown(client->task);
+				break;
+			}
 		}
 		client->manager = manager;
 		ISC_LIST_APPEND(manager->active, client, link);
 		client->list = &manager->active;
-
-		ev = &client->ctlevent;
-		isc_task_send(client->task, &ev);
 	}
 	if (i != 0) {
 		/*
@@ -1694,9 +1659,6 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 {
 	va_list ap;
 
-	if (isc_log_wouldlog(ns_g_lctx, level) == ISC_FALSE)
-		return;
-
 	va_start(ap, fmt);
 	ns_client_logv(client, category, module, level, fmt, ap);
 	va_end(ap);

bin/named/include/named/aclconf.h

@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: aclconf.h,v 1.7 2000/06/22 21:55:06 tale Exp $ */
-
-#ifndef DNS_ACLCONF_H
-#define DNS_ACLCONF_H 1
-
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-#include <dns/types.h>
-
-typedef struct dns_aclconfctx {
-	ISC_LIST(dns_acl_t) named_acl_cache;
-} dns_aclconfctx_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx);
-/*
- * Initialize an ACL configuration context.
- */
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx);
-/*
- * Destroy an ACL configuration context.
- */
-
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
-		   dns_c_ctx_t *cctx,
-		   dns_aclconfctx_t *ctx,
-		   isc_mem_t *mctx,
-		   dns_acl_t **target);
-/*
- * Construct a new dns_acl_t from configuration data in 'caml' and
- * 'cctx'.  Memory is allocated through 'mctx'.
- *
- * Any named ACLs referred to within 'caml' will be be converted
- * inte nested dns_acl_t objects.  Multiple references to the same
- * named ACLs will be converted into shared references to a single
- * nested dns_acl_t object when the referring objects were created
- * passing the same ACL configuration context 'ctx'.
- *
- * On success, attach '*target' to the new dns_acl_t object.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ACLCONF_H */

bin/named/include/named/client.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: client.h,v 1.38 2000/07/26 17:39:11 gson Exp $ */
+/* $Id: client.h,v 1.37 2000/06/22 21:49:38 tale Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -122,7 +122,6 @@ struct ns_client {
 	isc_sockaddr_t		peeraddr;
 	isc_boolean_t		peeraddr_valid;
 	struct in6_pktinfo	pktinfo;
-	isc_event_t		ctlevent;
 	ISC_LINK(ns_client_t)	link;
 	/*
 	 * The list 'link' is part of, or NULL if not on any list.

bin/named/include/named/lwdclient.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.3 2000/06/26 20:50:00 bwelling Exp $ */
+/* $Id: lwdclient.h,v 1.2.2.1 2000/06/26 21:47:36 gson Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1

bin/named/include/named/lwresd.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.3 2000/06/28 00:06:25 bwelling Exp $ */
+/* $Id: lwresd.h,v 1.2.2.1 2000/06/28 00:19:06 gson Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1

bin/named/include/named/omapi.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi.h,v 1.8 2000/07/10 11:35:02 tale Exp $ */
+/* $Id: omapi.h,v 1.7.2.1 2000/07/11 17:23:07 gson Exp $ */
 
 #ifndef NAMED_OMAPI_H
 #define NAMED_OMAPI_H 1

bin/named/include/named/query.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: query.h,v 1.18 2000/07/25 21:37:05 bwelling Exp $ */
+/* $Id: query.h,v 1.17 2000/06/22 21:49:50 tale Exp $ */
 
 #ifndef NAMED_QUERY_H
 #define NAMED_QUERY_H 1
@@ -42,7 +42,6 @@ struct ns_query {
 	dns_name_t *			origqname;
 	dns_rdataset_t *		qrdataset;
 	unsigned int			dboptions;
-	unsigned int			fetchoptions;
 	dns_db_t *			gluedb;
 	dns_fetch_t *			fetch;
 	dns_a6context_t			a6ctx;

bin/named/include/named/tkeyconf.h

@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tkeyconf.h,v 1.4 2000/06/22 21:56:16 tale Exp $ */
-
-#ifndef DNS_TKEYCONF_H
-#define DNS_TKEYCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
-		       dns_tkeyctx_t **tctxp);
-/*
- * 	Create a TKEY context and configure it, including the default DH key
- *	and default domain, according to 'cfg'.
- *
- *	Requires:
- *		'cfg' is a valid configuration context.
- *		'mctx' is not NULL
- *		'ectx' is not NULL
- *		'tctx' is not NULL
- *		'*tctx' is NULL
- *
- *	Returns:
- *		ISC_R_SUCCESS
- *		ISC_R_NOMEMORY
- */
- 
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TKEYCONF_H */

bin/named/include/named/tsigconf.h

@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tsigconf.h,v 1.4 2000/06/22 21:56:18 tale Exp $ */
-
-#ifndef DNS_TSIGCONF_H
-#define DNS_TSIGCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
-			   isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
-/*
- * Create a TSIG key ring and configure it according to the 'key'
- * statements in 'confview' and 'confctx'.
- *
- *	Requires:
- *		'confctx' is a valid configuration context.
- *		'mctx' is not NULL
- *		'ring' is not NULL, and '*ring' is NULL
- *
- *	Returns:
- *		ISC_R_SUCCESS
- *		ISC_R_NOMEMORY
- */
- 
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TSIGCONF_H */

bin/named/include/named/zoneconf.h

@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: zoneconf.h,v 1.11 2000/06/22 21:56:26 tale Exp $ */
-
-#ifndef DNS_ZONECONF_H
-#define DNS_ZONECONF_H 1
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-#include <dns/aclconf.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, dns_c_zone_t *czone,
-		   dns_aclconfctx_t *ac, dns_zone_t *zone);
-/*
- * Configure or reconfigure a zone according to the named.conf
- * data in 'cctx' and 'czone'.
- *
- * The zone origin is not configured, it is assumed to have been set
- * at zone creation time.
- *
- * Require:
- *	'lctx' to be initalised or NULL.
- *	'cctx' to be initalised or NULL.
- *	'ac' to point to an initialized ns_aclconfctx_t.
- *	'czone' to be initalised.
- *	'zone' to be initalised.
- */
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone);
-/*
- * If 'zone' can be safely reconfigured according to the configuration
- * data in 'czone', return ISC_TRUE.  If the configuration data is so
- * different from the current zone state that the zone needs to be destroyed
- * and recreated, return ISC_FALSE.
- */
-
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zonemgr);
-/*
- * Configure the zone manager according to the named.conf data
- * in 'cctx'.
- */
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ZONECONF_H */

bin/named/interfacemgr.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.46 2000/07/19 20:34:14 gson Exp $ */
+/* $Id: interfacemgr.c,v 1.44.2.2 2000/07/10 23:32:02 gson Exp $ */
 
 #include <config.h>
 
@@ -369,6 +369,7 @@ ns_interface_destroy(ns_interface_t *ifp) {
 	if (ifp->udpdispatch != NULL)
 		dns_dispatch_detach(&ifp->udpdispatch);
 	if (ifp->tcpsocket != NULL) {
+		isc_socket_cancel(ifp->tcpsocket, NULL, ISC_SOCKCANCEL_ALL);
 		isc_socket_detach(&ifp->tcpsocket);
 	}
 

bin/named/lwdclient.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdclient.c,v 1.4 2000/06/26 20:49:56 bwelling Exp $ */
+/* $Id: lwdclient.c,v 1.3.2.1 2000/06/26 21:47:32 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwdgabn.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.4 2000/06/26 20:49:57 bwelling Exp $ */
+/* $Id: lwdgabn.c,v 1.3.2.1 2000/06/26 21:47:33 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwdgnba.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdgnba.c,v 1.4 2000/06/26 20:49:59 bwelling Exp $ */
+/* $Id: lwdgnba.c,v 1.3.2.1 2000/06/26 21:47:35 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwresd.8

@@ -1,166 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: lwresd.8,v 1.4 2000/07/17 17:49:25 gson Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt LWRESD 8
-.Os BIND9 9
-.ds vT BIND 9 Programmer's Manual
-.Sh NAME
-.Nm lwresd
-.Nd lightweight resolver daemon
-.Sh SYNOPSIS
-.Nm lwresd
-.Op Fl C Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl i Ar pid-file
-.Op Fl n Ar #cpus
-.Op Fl P Ar query-port#
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Sh DESCRIPTION
-.Nm lwresd
-is the daemon providing name lookup services to clients that use
-the BIND 9 lightweight resolver library.
-It is essentially a stripped-down, caching-only name server that
-answers queries using the BIND 9 lightweight resolver protocol 
-rather than the DNS protocol.
-.Pp
-.Nm lwresd
-listens for resolver queries on a UDP port on the IPv4 loopback 
-interface, 127.0.0.1.
-This means that
-.Nm lwresd
-can only be used by processes running on the local machine.
-By default UDP port number 921 is used for lightweight resolver
-requests and responses.
-.Pp
-Incoming lightweight resolver requests are decoded by
-.Nm lwresd
-which then resolves them using the DNS protocol.
-When the DNS lookup completes,
-.Nm lwresd
-encodes the answers from the name servers in the lightweight
-resolver format and returns them to the client that made the original
-request.
-.Pp
-If
-.Pa /etc/resolv.conf
-contains any
-.Sy nameserver
-entries,
-.Nm lwresd
-sends recursive DNS queries to those servers.  This
-is similar to the use of forwarders in a chaching name
-server.  If no
-.Sy nameserver
-entries are  present, or if forwarding fails,
-.Nm lwresd
-resolves the queries autonomously starting at the 
-root name servers, using a compiled-in list of root 
-servers hints.
-.Pp
-The options to
-.Nm lwresd
-are as follows:
-.Bl -tag -width Ds
-.It Fl C
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm lwresd
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm lwresd
-in the foreground.
-.It Fl g
-run
-.Nm lwresd
-in the foreground and force all logging to
-.Dv stderr .
-.It Fl i
-write the daemon's process id to
-.Ar pid-file
-instead of the default pathname.
-.It Fl n
-create 
-.Ar #cpus
-worker threads to take advantage of multiple CPUs.
-If no option is given,
-.Nm lwresd
-will try to determine the number of CPUs present and create
-one thread per CPU.  If
-.Nm lwresd
-is unable to determine the number of CPUs, a single worker thread
-is created.
-.It Fl P
-send DNS lookups to port number
-.Ar query-port#
-when querying name servers.
-This provides a way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard port number.
-.It Fl p
-listen for lightweight resolver queries on the loopback interface
-using UDP port
-.Ar port#
-instead of the default port number, 921.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is only of interest to BIND 9 developers and may be
-removed or changed in a future release.
-.It Fl t
-tells
-.Nm lwresd
-to chroot() to
-.Ar directory
-immediately after reading its configuration file.
-.It Fl u
-run
-.Nm lwresd
-as
-.Ar user-id ,
-which is a user name or numeric id that must be present in the
-password file.
-The lightweight resolver daemon will change its user-id after it has
-carried out any privileged operations, such as writing the process-id
-file or binding a socket to a privileged port (typically any port
-less than 1024).
-.El
-.Sh FILES
-.Bl -tag -width  /var/run/lwresd.pid -compact
-.It Pa /etc/resolv.conf
-default configuration file
-.It Pa /var/run/lwresd.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr lwres 3 .
-.Sh NOTES
-.Nm lwresd
-is a daemon for lightweight resolvers, not a lightweight daemon
-for resolvers.

bin/named/lwresd.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.11 2000/07/12 19:03:08 bwelling Exp $ */
+/* $Id: lwresd.c,v 1.8.2.2 2000/06/28 00:19:05 gson Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.
@@ -89,11 +89,15 @@ mem_free(void *arg, void *mem, size_t size) {
 static void
 shutdown_lwresd(isc_task_t *task, isc_event_t *event) {
 	ns_lwresd_t *lwresd = event->ev_arg;
+	unsigned int i;
 
 	UNUSED(task);
 
 	dns_dispatchmgr_destroy(&lwresd->dispmgr);
 
+	for (i = 0; i < lwresd->ntasks; i++)
+		isc_task_shutdown(lwresd->cmgr[i].task);
+
 	/*
 	 * Wait for everything to die off by waiting for the sockets
 	 * to be detached.

bin/named/main.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: main.c,v 1.74 2000/07/18 17:49:59 bwelling Exp $ */
+/* $Id: main.c,v 1.71.2.2 2000/07/11 17:23:02 gson Exp $ */
 
 #include <config.h>
 
@@ -483,7 +483,7 @@ main(int argc, char *argv[]) {
 	isc_error_setfatal(library_fatal_error);
 	isc_error_setunexpected(library_unexpected_error);
 
-	ns_os_init(program_name);
+	ns_os_init();
 
 	result = isc_app_start();
 	if (result != ISC_R_SUCCESS)

bin/named/named.8

@@ -1,171 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: named.8,v 1.3 2000/07/12 02:07:32 gson Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt NAMED 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named
-.Nd Internet domain name server (DNS)
-.Sh SYNOPSIS
-.Nm named
-.Op Fl c Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl n Ar #cpus
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Op Fl x Ar cache-file
-.Sh DESCRIPTION
-.Nm named
-is the ISC implementation of an Internet domain name server.
-See RFCs 1033, 1034, and 1035 for more information on the Internet
-domain name system.
-For historical reasons, the ISC's DNS software is known as BIND -
-Berkeley Internet Name Daemon - because it was originally
-supplied with BSD
-.Ux
-releases.
-.Pp
-Without any arguments,
-.Nm named
-will read the default configuration file
-.Pa /etc/named.conf ,
-read any initial data, and listen for queries.
-It is also possible to use the BIND9 name server
-as a lightweight resolver server
-.Nm lwresd .
-However when operating as a lightweight resolver server,
-.Nm named
-is functionally and logically distinct from a
-conventional name server.
-More information can be found in 
-.Xr lwresd 8 .
-.Pp
-Although some command-line options can be used with
-.Nm named ,
-the name server's behaviour is mainly controlled by its configuration file, 
-.Pa /etc/named.conf .
-Refer to the BIND9 Administrator Reference Manual for further details.
-.Pp
-The options to
-.Nm named
-are as follows:
-.Bl -tag -width Ds
-.It Fl c
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/named.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm named
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm named
-in the foreground.
-.It Fl g
-run
-.Nm named
-in the foreground and force all logging to
-.Dv stderr .
-.It Fl n
-create 
-.Ar #cpus
-worker threads to take advantage of multiple CPUs.
-If no option is given,
-.Nm named
-will try to determine the number of CPUs present and create
-one thread per CPU.  If
-.Nm named
-is unable to determine the number of CPUs, a single worker thread
-is created.
-.It Fl p
-listen for queries on  port
-.Ar port#
-instead of the default port number, 53.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is mainly of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm named
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-.It Fl u
-run
-.Nm named
-as UID
-.Ar user-id .
-.Nm named
-will change its UID after it has
-carried out any privileged operations, such as 
-creating sockets that listen on privileged ports.
-.It Fl x
-load data from
-.Ar cache-file .
-into the cache of the default view.
-This option must not be used.
-It is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.El
-.Sh SIGNALS
-In routine operation, signals should not be used to \*qcontrol\*q the
-name server.
-.Nm rndc
-should be used instead.
-Sending the name server a
-.Dv SIGHUP
-signal forces a reload of the server.
-A
-.Dv SIGINT
-or
-.Dv SIGTERM
-signal can be used to gracefully shut down the server.
-Sending any other signals to the name server
-will have an undefined outcome.
-.\".Sh CONFIGURATION FILE FORMAT
-.\".Nm named 's
-.\"configuration file is too complex to describe in detail here.
-.\"A complete description is provided in the BIND9 Administrator
-.\"Reference Manual.
-.Sh FILES
-.Bl -tag -width  /var/run/named.pid -compact
-.It Pa /etc/named.conf
-default configuration file
-.It Pa /var/run/named.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr RFC1033 ,
-.Xr RFC1034 ,
-.Xr RFC1035 ,
-.Xr named.conf 5 ,
-.Xr zonefile 5 ,
-.Xr rndc 8 ,
-.Xr lwresd 8 ,
-BIND9 Administrator Reference Manual, June 2000.

bin/named/omapi.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi.c,v 1.14 2000/07/10 11:34:57 tale Exp $ */
+/* $Id: omapi.c,v 1.13.2.1 2000/07/11 17:23:04 gson Exp $ */
 
 /*
  * Principal Author: DCL

bin/named/omapiconf.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapiconf.c,v 1.8 2000/07/14 14:57:24 tale Exp $ */
+/* $Id: omapiconf.c,v 1.4.2.3 2000/07/12 16:37:06 gson Exp $ */
 
 /*
  * Principal Author: DCL
@@ -199,7 +199,7 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
 {
 	dns_c_kid_t *keyid;
 	dns_c_kdef_t *keydef;
-	char secret[1024];
+	const char secret[1024];
 	isc_buffer_t b;
 	isc_result_t result;
 

bin/named/query.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: query.c,v 1.117 2000/07/25 21:37:03 bwelling Exp $ */
+/* $Id: query.c,v 1.109.2.4 2000/07/10 21:59:34 gson Exp $ */
 
 #include <config.h>
 
@@ -169,7 +169,6 @@ query_reset(ns_client_t *client, isc_boolean_t everything) {
 	client->query.qname = NULL;
 	client->query.qrdataset = NULL;
 	client->query.dboptions = 0;
-	client->query.fetchoptions = 0;
 	client->query.gluedb = NULL;
 }
 
@@ -1415,8 +1414,7 @@ query_addsoa(ns_client_t *client, dns_db_t *db) {
 	/*
 	 * Find the SOA.
 	 */
-	result = dns_db_find(db, name, NULL, dns_rdatatype_soa,
-			     client->query.dboptions, 0, &node,
+	result = dns_db_find(db, name, NULL, dns_rdatatype_soa, 0, 0, &node,
 			     fname, rdataset, sigrdataset);
 	if (result != ISC_R_SUCCESS) {
 		/*
@@ -1481,8 +1479,7 @@ query_addns(ns_client_t *client, dns_db_t *db) {
 	 * Find the NS rdataset.
 	 */
 	CTRACE("query_addns: calling dns_db_find");
-	result = dns_db_find(db, name, NULL, dns_rdatatype_ns,
-			     client->query.dboptions, 0, &node,
+	result = dns_db_find(db, name, NULL, dns_rdatatype_ns, 0, 0, &node,
 			     fname, rdataset, sigrdataset);
 	CTRACE("query_addns: dns_db_find complete");
 	if (result != ISC_R_SUCCESS) {
@@ -1624,7 +1621,7 @@ query_addbestns(ns_client_t *client) {
 	 */
 	if (is_zone) {
 		result = dns_db_find(db, client->query.qname, version,
-				     dns_rdatatype_ns, client->query.dboptions,
+				     dns_rdatatype_ns, 0,
 				     client->now, &node, fname,
 				     rdataset, sigrdataset);
 		if (result != DNS_R_DELEGATION)
@@ -1643,8 +1640,7 @@ query_addbestns(ns_client_t *client) {
 			goto db_find;
 		}
 	} else {
-		result = dns_db_findzonecut(db, client->query.qname,
-					    client->query.dboptions,
+		result = dns_db_findzonecut(db, client->query.qname, 0,
 					    client->now, &node, fname,
 					    rdataset, sigrdataset);
 		if (result == ISC_R_SUCCESS) {
@@ -1685,9 +1681,8 @@ query_addbestns(ns_client_t *client) {
 		zsigrdataset = NULL;
 	}
 
-	if ((client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0 &&
-	    (rdataset->trust == dns_trust_pending ||
-	     sigrdataset->trust == dns_trust_pending))
+	if ((client->message->flags & DNS_MESSAGEFLAG_CD) == 0 &&
+	    rdataset->trust == dns_trust_pending)
 		goto cleanup;
 
 	query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
@@ -1819,6 +1814,7 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 {
 	isc_result_t result;
 	dns_rdataset_t *rdataset, *sigrdataset;
+	unsigned int options = 0;
 
 	/*
 	 * We are about to recurse, which means that this client will
@@ -1860,8 +1856,7 @@ query_recurse(ns_client_t *client, dns_rdatatype_t qtype, dns_name_t *qdomain,
 	result = dns_resolver_createfetch(client->view->resolver,
 					  client->query.qname,
 					  qtype, qdomain, nameservers,
-					  NULL, client->query.fetchoptions,
-					  client->task,
+					  NULL, options, client->task,
 					  query_resume, client,
 					  rdataset, sigrdataset,
 					  &client->query.fetch);
@@ -1921,8 +1916,7 @@ query_findparentkey(ns_client_t *client, dns_name_t *name,
 		goto cleanup;
 	}
 		
-	result = dns_db_find(pdb, name, pversion, dns_rdatatype_key,
-			     client->query.dboptions,
+	result = dns_db_find(pdb, name, pversion, dns_rdatatype_key, 0,
 			     client->now, &pnode,
 			     dns_fixedname_name(&pfoundname),
 			     &prdataset, &psigrdataset);
@@ -2156,9 +2150,9 @@ query_find(ns_client_t *client, dns_fetchevent_t *event) {
 	/*
 	 * Now look for an answer in the database.
 	 */
-	result = dns_db_find(db, client->query.qname, version, type,
-			     client->query.dboptions, client->now,
-			     &node, fname, rdataset, sigrdataset);
+	result = dns_db_find(db, client->query.qname, version, type, 0,
+			     client->now, &node, fname, rdataset,
+			     sigrdataset);
 
 	/*
 	 * We interrupt our normal query processing to bring you this special
@@ -2956,16 +2950,6 @@ ns_query_start(ns_client_t *client) {
 		}
 	}
 
-	/*
-	 * If the client has requested that DNSSEC checking be disabled,
-	 * allow lookups to return pending data and instruct the resolver
-	 * to return data before validation has completed.
-	 */
-	if (message->flags & DNS_MESSAGEFLAG_CD) {
-		client->query.dboptions |= DNS_DBFIND_PENDINGOK;
-		client->query.fetchoptions |= DNS_FETCHOPT_NOVALIDATE;
-	}
-
 	/*
 	 * This is an ordinary query.
 	 */
@@ -2984,6 +2968,9 @@ ns_query_start(ns_client_t *client) {
 	/*
 	 * Set AD.  We need only clear it if we add "pending" data to
 	 * a response.
+	 *
+	 * Note: as currently written, the server does not return "pending"
+	 * data even if a client says it's OK to do so.
 	 */
 	message->flags |= DNS_MESSAGEFLAG_AD;
 

bin/named/server.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: server.c,v 1.204 2000/07/24 18:45:50 gson Exp $ */
+/* $Id: server.c,v 1.200.2.2 2000/07/11 17:23:06 gson Exp $ */
 
 #include <config.h>
 
@@ -1149,7 +1149,7 @@ load_configuration(const char *filename, ns_server_t *server,
 	configure_server_quota(cctx, dns_c_ctx_gettcpclients,
 				     &server->tcpquota, 100);
 	configure_server_quota(cctx, dns_c_ctx_getrecursiveclients,
-				     &server->recursionquota, 1000);
+				     &server->recursionquota, 100);
 
 	/*
 	 * Configure the zone manager.

bin/named/tkeyconf.c

@@ -1,97 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tkeyconf.c,v 1.11 2000/06/22 21:54:50 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/buffer.h>
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/mem.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-#include <dns/tkey.h>
-#include <dns/tkeyconf.h>
-
-#define RETERR(x) do { \
-	result = (x); \
-	if (result != ISC_R_SUCCESS) \
-		goto failure; \
-	} while (0)
-
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
-		       dns_tkeyctx_t **tctxp)
-{
-	isc_result_t result;
-	dns_tkeyctx_t *tctx = NULL;
-	char *s;
-	isc_uint32_t n;
-	isc_buffer_t b, namebuf;
-	unsigned char data[1024];
-	dns_name_t domain, keyname;
-
-	result = dns_tkeyctx_create(mctx, ectx, &tctx);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	s = NULL;
-	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
-	if (result == ISC_R_NOTFOUND) {
-		*tctxp = tctx;
-		return (ISC_R_SUCCESS);
-	}
-	isc_buffer_init(&namebuf, data, sizeof(data));
-	dns_name_init(&keyname, NULL);
-	isc_buffer_init(&b, s, strlen(s));
-	isc_buffer_add(&b, strlen(s));
-	dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf);
-	RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH,
-				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				NULL, mctx, &tctx->dhkey));
-	s = NULL;
-	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
-	dns_name_init(&domain, NULL);
-	tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
-	if (tctx->domain == NULL) {
-		result = ISC_R_NOMEMORY;
-		goto failure;
-	}
-	dns_name_init(tctx->domain, NULL);
-	isc_buffer_init(&b, s, strlen(s));
-	isc_buffer_add(&b, strlen(s));
-	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
-				 &namebuf));
-	RETERR(dns_name_dup(&domain, mctx, tctx->domain));
-
-	*tctxp = tctx;
-	return (ISC_R_SUCCESS);
-
- failure:
-	if (tctx->dhkey != NULL)
-		dst_key_free(&tctx->dhkey);
-	if (tctx->domain != NULL) {
-		dns_name_free(tctx->domain, mctx);
-		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
-		tctx->domain = NULL;
-	}
-	dns_tkeyctx_destroy(&tctx);
-	return (result);
-}
-

bin/named/tsigconf.c

@@ -1,154 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tsigconf.c,v 1.9 2000/07/18 01:14:17 bwelling Exp $ */
-
-#include <config.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/mem.h>
-#include <isc/string.h>
-
-#include <dns/tsig.h>
-#include <dns/tsigconf.h>
-
-static isc_result_t
-add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
-		 isc_mem_t *mctx)
-{
-	dns_c_kdef_t *key;
-	unsigned char *secret = NULL;
-	int secretalloc = 0;
-	int secretlen = 0;
-	isc_result_t ret;
-	isc_stdtime_t now;
-
-	key = ISC_LIST_HEAD(list->keydefs);
-	while (key != NULL) {
-		dns_name_t keyname;
-		dns_name_t *alg, tempalg;
-		char keynamedata[1024], algdata[1024];
-		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
-		isc_buffer_t secretbuf;
-
-		dns_name_init(&keyname, NULL);
-
-		/*
-		 * Create the key name.
-		 */
-		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid));
-		isc_buffer_add(&keynamesrc, strlen(key->keyid));
-		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
-		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
-					ISC_TRUE, &keynamebuf);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-
-		/*
-		 * Create the algorithm.
-		 */
-		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
-			alg = dns_tsig_hmacmd5_name;
-		else {
-			dns_name_init(&tempalg, NULL);
-			isc_buffer_init(&algsrc, key->algorithm,
-					strlen(key->algorithm));
-			isc_buffer_add(&algsrc, strlen(key->algorithm));
-			isc_buffer_init(&algbuf, algdata, sizeof(algdata));
-			ret = dns_name_fromtext(&tempalg, &algsrc,
-						dns_rootname,
-						ISC_TRUE, &algbuf);
-			if (ret != ISC_R_SUCCESS)
-				goto failure;
-			alg = &tempalg;
-		}
-
-		if (strlen(key->secret) % 4 != 0) {
-			ret = ISC_R_BADBASE64;
-			goto failure;
-		}
-		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
-		secret = isc_mem_get(mctx, secretlen);
-		if (secret == NULL) {
-			ret = ISC_R_NOMEMORY;
-			goto failure;
-		}
-		isc_buffer_init(&secretbuf, secret, secretlen);
-		ret = isc_base64_decodestring(mctx, key->secret, &secretbuf);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		secretlen = isc_buffer_usedlength(&secretbuf);
-
-		isc_stdtime_get(&now);
-		ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,
-					 ISC_FALSE, NULL, now, now,
-					 mctx, ring, NULL);
-		isc_mem_put(mctx, secret, secretalloc);
-		secret = NULL;
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		key = ISC_LIST_NEXT(key, next);
-	}
-	return (ISC_R_SUCCESS);
-
- failure:
-	if (secret != NULL)
-		isc_mem_put(mctx, secret, secretalloc);
-	return (ret);
-
-}
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
-			   isc_mem_t *mctx, dns_tsig_keyring_t **ringp)
-{
-	dns_c_kdeflist_t *keylist;
-	dns_tsig_keyring_t *ring = NULL;
-	isc_result_t result;
-
-	result = dns_tsigkeyring_create(mctx, &ring);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	keylist = NULL;
-	result = dns_c_ctx_getkdeflist(confctx, &keylist);
-	if (result == ISC_R_SUCCESS)
-		result = add_initial_keys(keylist, ring, mctx);
-	else if (result == ISC_R_NOTFOUND)
-		result = ISC_R_SUCCESS;
-	if (result != ISC_R_SUCCESS)
-		goto failure;
-
-	if (confview != NULL) {
-		keylist = NULL;	
-		result = dns_c_view_getkeydefs(confview, &keylist);
-		if (result == ISC_R_SUCCESS)
-			result = add_initial_keys(keylist, ring, mctx);
-		else if (result == ISC_R_NOTFOUND)
-			result = ISC_R_SUCCESS;
-		if (result != ISC_R_SUCCESS)
-			goto failure;
-	}
-
-	*ringp = ring;
-	return (ISC_R_SUCCESS);
-
- failure:
-	dns_tsigkeyring_destroy(&ring);
-	return (result);
-}

bin/named/unix/include/named/os.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: os.h,v 1.9 2000/07/18 17:50:02 bwelling Exp $ */
+/* $Id: os.h,v 1.7.2.1 2000/07/10 22:07:58 gson Exp $ */
 
 #ifndef NS_OS_H
 #define NS_OS_H 1
@@ -23,7 +23,7 @@
 #include <isc/types.h>
 
 void
-ns_os_init(const char *progname);
+ns_os_init(void);
 
 void
 ns_os_daemonize(void);

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: os.c,v 1.27 2000/07/18 17:50:01 bwelling Exp $ */
+/* $Id: os.c,v 1.18.2.2 2000/07/10 21:35:38 gson Exp $ */
 
 #include <config.h>
 
@@ -175,7 +175,7 @@ linux_keepcaps(void) {
 
 
 static void
-setup_syslog(const char *progname) {
+setup_syslog(void) {
 	int options;
 
 	options = LOG_PID;
@@ -183,12 +183,12 @@ setup_syslog(const char *progname) {
 	options |= LOG_NDELAY;
 #endif
 
-	openlog(progname, options, LOG_DAEMON);
+	openlog("named", options, LOG_DAEMON);
 }
 
 void
-ns_os_init(const char *progname) {
-	setup_syslog(progname);
+ns_os_init(void) {
+	setup_syslog();
 #ifdef HAVE_LINUX_CAPABILITY_H
 	linux_initialprivs();
 #endif

bin/named/zoneconf.c

@@ -1,369 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: zoneconf.c,v 1.48 2000/07/26 18:47:34 mws Exp $ */
-
-#include <config.h>
-
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/zone.h>
-#include <dns/zoneconf.h>
-#include <dns/ssu.h>
-
-/*
- * These are BIND9 server defaults, not necessarily identical to the
- * library defaults defined in zone.c.
- */
-#define MAX_XFER_TIME (2*3600)	/* Documented default is 2 hours. */
-#define DNS_DEFAULT_IDLEIN 3600		/* 1 hour */
-#define DNS_DEFAULT_IDLEOUT 3600	/* 1 hour */
-
-#define RETERR(x) do { \
-	isc_result_t _r = (x); \
-	if (_r != ISC_R_SUCCESS) \
-		return (_r); \
-	} while (0)
-
-/*
- * Convenience function for configuring a single zone ACL.
- */
-static isc_result_t
-configure_zone_acl(dns_c_zone_t *czone, dns_c_ctx_t *cctx, dns_c_view_t *cview,
-		   dns_aclconfctx_t *aclconfctx, dns_zone_t *zone,
-		   isc_result_t (*getcacl)(dns_c_zone_t *,
-					   dns_c_ipmatchlist_t **),
-		   isc_result_t (*getviewcacl)(dns_c_view_t *
-					       , dns_c_ipmatchlist_t **),
-		   isc_result_t (*getglobalcacl)(dns_c_ctx_t *,
-						 dns_c_ipmatchlist_t **),
-		   void (*setzacl)(dns_zone_t *, dns_acl_t *),
-		   void (*clearzacl)(dns_zone_t *))
-{
-	isc_result_t result;
-	dns_c_ipmatchlist_t *cacl;
-	dns_acl_t *dacl = NULL;
-	result = (*getcacl)(czone, &cacl);
-	if (result == ISC_R_NOTFOUND && getviewcacl != NULL && cview != NULL) {
-		result = (*getviewcacl)(cview, &cacl);
-	}
-	if (result == ISC_R_NOTFOUND && getglobalcacl != NULL) {
-		result = (*getglobalcacl)(cctx, &cacl);
-	}
-	if (result == ISC_R_SUCCESS) {
-		result = dns_acl_fromconfig(cacl, cctx, aclconfctx,
-					   dns_zone_getmctx(zone), &dacl);
-		dns_c_ipmatchlist_detach(&cacl);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-		(*setzacl)(zone, dacl);
-		dns_acl_detach(&dacl);
-		return (ISC_R_SUCCESS);
-	} else if (result == ISC_R_NOTFOUND) {
-		(*clearzacl)(zone);
-		return (ISC_R_SUCCESS);
-	} else {
-		return (result);
-	}
-}
-
-/*
- * Conver a config file zone type into a server zone type.
- */
-static dns_zonetype_t
-dns_zonetype_fromconf(dns_c_zonetype_t cztype) {
-	switch (cztype) {
-	case dns_c_zone_master:
-		return dns_zone_master;
-	case dns_c_zone_slave:
-		return dns_zone_slave;
-	case dns_c_zone_stub:
-		return dns_zone_stub;
-	default:
-		/*
-		 * Hint and forward zones are not really zones;
-		 * they should never get this far.
-		 */
-		INSIST(0);
-		return (dns_zone_none); /*NOTREACHED*/
-	}
-}
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, 
-		   dns_c_zone_t *czone, dns_aclconfctx_t *ac, 
-		   dns_zone_t *zone)
-{
-	isc_result_t result;
-	isc_boolean_t boolean;
-	const char *filename = NULL;
-	dns_notifytype_t notifytype;
-#ifdef notyet
-	dns_c_severity_t severity;
-#endif
-	dns_c_iplist_t *iplist;
-	isc_sockaddr_t sockaddr;
-	isc_uint32_t uintval;
-	isc_sockaddr_t sockaddr_any4, sockaddr_any6;
-	dns_ssutable_t *ssutable = NULL;
-
-	isc_sockaddr_any(&sockaddr_any4);	
-	isc_sockaddr_any6(&sockaddr_any6);
-	
-	/*
-	 * Configure values common to all zone types.
-	 */
-
-	dns_zone_setclass(zone, czone->zclass);
-
-	dns_zone_settype(zone, dns_zonetype_fromconf(czone->ztype));
-
-	/* XXX needs to be an zone option */
-	RETERR(dns_zone_setdbtype(zone, "rbt"));
-
-	result = dns_c_zone_getfile(czone, &filename);
-	if (result == ISC_R_SUCCESS)
-		RETERR(dns_zone_setdatabase(zone, filename));
-	else if (czone->ztype != dns_c_zone_slave &&
-		 czone->ztype != dns_c_zone_stub)
-		return (result);
-
-#ifdef notyet
-	result = dns_c_zone_getchecknames(czone, &severity);
-	if (result == ISC_R_SUCCESS)
-		dns_zone_setchecknames(zone, severity);
-	else
-		dns_zone_setchecknames(zone, dns_c_severity_warn);
-#endif
-
-	/*
-	 * XXXAG This probably does not make sense for stubs.
-	 */
-	RETERR(configure_zone_acl(czone, cctx, cview, ac, zone,
-				  dns_c_zone_getallowquery,
-				  dns_c_view_getallowquery,
-				  dns_c_ctx_getallowquery,
-				  dns_zone_setqueryacl,
-				  dns_zone_clearqueryacl));
-
-	result = dns_c_zone_getdialup(czone, &boolean);
-	if (result != ISC_R_SUCCESS)
-		result = dns_c_ctx_getdialup(cctx, &boolean);
-	if (result != ISC_R_SUCCESS)
-		boolean = ISC_FALSE;
-	dns_zone_setoption(zone, DNS_ZONEOPT_DIALUP, boolean);
-
-	/*
-	 * Configure master functionality.  This applies
-	 * to primary masters (type "master") and slaves
-	 * acting as masters (type "slave"), but not to stubs.
-	 */
-	if (czone->ztype != dns_c_zone_stub) {
-		result = dns_c_zone_getnotify(czone, &notifytype);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getnotify(cview, &notifytype);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getnotify(cctx, &notifytype);
-		if (result != ISC_R_SUCCESS)
-			notifytype = dns_notifytype_yes;
-		dns_zone_setnotifytype(zone, notifytype);
-
-		iplist = NULL;
-		result = dns_c_zone_getalsonotify(czone, &iplist);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getalsonotify(cview, &iplist);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getalsonotify(cctx, &iplist);
-		if (result == ISC_R_SUCCESS) {
-			result = dns_zone_setalsonotify(zone, iplist->ips,
-						        iplist->nextidx);
-			dns_c_iplist_detach(&iplist);
-			if (result != ISC_R_SUCCESS)
-				return (result);
-
-		} else
-			RETERR(dns_zone_setalsonotify(zone, NULL, 0));
-		
-		RETERR(configure_zone_acl(czone, cctx, cview, ac, zone,
-					  dns_c_zone_getallowtransfer,
-					  dns_c_view_gettransferacl,
-					  dns_c_ctx_getallowtransfer,
-					  dns_zone_setxfracl,
-					  dns_zone_clearxfracl));
-
-		result = dns_c_zone_getmaxtranstimeout(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getmaxtransfertimeout(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getmaxtransfertimeout(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = MAX_XFER_TIME;
-		dns_zone_setmaxxfrout(zone, uintval);
-
-		result = dns_c_zone_getmaxtransidleout(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL) 
-			result = dns_c_view_getmaxtransferidleout(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransferidleout(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = DNS_DEFAULT_IDLEOUT;
-		dns_zone_setidleout(zone, uintval);
-	}
-
-	/*
-	 * Configure update-related options.  These apply to
-	 * primary masters only.
-	 */
-	if (czone->ztype == dns_c_zone_master) {
-		RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
-					  dns_c_zone_getallowupd,
-					  NULL, NULL,
-					  dns_zone_setupdateacl,
-					  dns_zone_clearupdateacl));
-
-		dns_zone_getssutable(zone, &ssutable);
-		if (ssutable != NULL)
-			dns_ssutable_detach(&ssutable);
-		result = dns_c_zone_getssuauth(czone, &ssutable);
-		if (result == ISC_R_SUCCESS) {
-			dns_ssutable_t *newssutable = NULL;
-			dns_ssutable_attach(ssutable, &newssutable);
-			dns_zone_setssutable(zone, newssutable);
-		}
-
-		result = dns_c_zone_getsigvalidityinterval(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getsigvalidityinterval(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getsigvalidityinterval(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = 30 * 24 * 3600;
-		dns_zone_setsigvalidityinterval(zone, uintval);
-	}
-
-	/*
-	 * Configure slave functionality.
-	 */
-	switch (czone->ztype) {
-	case dns_c_zone_slave:
-	case dns_c_zone_stub:
-		iplist = NULL;
-		result = dns_c_zone_getmasterips(czone, &iplist);
-		if (result == ISC_R_SUCCESS)
-#ifndef NOMINUM_PUBLIC
-			result = dns_zone_setmasterswithkeys(zone,
-							     iplist->ips,
-							     iplist->keys,
-							     iplist->nextidx);
-#else /* NOMINUM_PUBLIC */
-			result = dns_zone_setmasters(zone, iplist->ips,
-						     iplist->nextidx);
-#endif /* NOMINUM_PUBLIC */		    
-		else
-			result = dns_zone_setmasters(zone, NULL, 0);
-		RETERR(result);
-
-		result = dns_c_zone_getmaxtranstimein(czone, &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransfertimein(cctx,
-								&uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = MAX_XFER_TIME;
-		dns_zone_setmaxxfrin(zone, uintval);
-
-		result = dns_c_zone_getmaxtransidlein(czone, &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransferidlein(cctx,
-								&uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = DNS_DEFAULT_IDLEIN;
-		dns_zone_setidlein(zone, uintval);
-
-		result = dns_c_zone_gettransfersource(czone, &sockaddr);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_gettransfersource(cview,
-							      &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_gettransfersource(cctx, &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			sockaddr = sockaddr_any4;
-		dns_zone_setxfrsource4(zone, &sockaddr);
-
-		result = dns_c_zone_gettransfersourcev6(czone, &sockaddr);
-		if (result != ISC_R_SUCCESS && cview != NULL) 
-			result = dns_c_view_gettransfersourcev6(cview,
-								&sockaddr);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_gettransfersourcev6(cctx,
-							       &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			sockaddr = sockaddr_any6;
-		dns_zone_setxfrsource6(zone, &sockaddr);
-
-		break;
-		
-	default:
-		break;
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone) {
-	const char *cfilename;
-	const char *zfilename;
-
-	if (dns_zonetype_fromconf(czone->ztype) != dns_zone_gettype(zone))
-		return (ISC_FALSE);
-
-	cfilename = NULL;
-	(void) dns_c_zone_getfile(czone, &cfilename);
-	zfilename = dns_zone_getdatabase(zone);
-	if (cfilename == NULL || zfilename == NULL ||
-	    strcmp(cfilename, zfilename) != 0)
-		return (ISC_FALSE);
-
-	return (ISC_TRUE);
-}
-	
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zmgr) {
-	isc_uint32_t val;
-	isc_result_t result;
-	
-	result = dns_c_ctx_gettransfersin(cctx, &val);
-	if (result != ISC_R_SUCCESS)
-		val = 10;
-	dns_zonemgr_settransfersin(zmgr, val);
-
-	result = dns_c_ctx_gettransfersperns(cctx, &val);
-	if (result != ISC_R_SUCCESS)
-		val = 2;
-	dns_zonemgr_settransfersperns(zmgr, val);
-
-	return (ISC_R_SUCCESS);
-}
-

bin/nsupdate/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.4 2000/06/30 21:47:34 bwelling Exp $
+# $Id: Makefile.in,v 1.2.2.2 2000/07/10 19:10:32 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/nsupdate/nsupdate.8

@@ -1,336 +0,0 @@
-.\" Copyright (C) @YEARS@  Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" 
-.\" $Id: nsupdate.8,v 1.2 2000/07/12 18:29:33 jim Exp $
-.\" 
-.Dd Jun 30, 2000
-.Dt NSUPDATE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm nsupdate
-.Nd Dynamic DNS update utility
-.Sh SYNOPSIS
-.Nm nsupdate
-.Op Fl d
-.Oo
-.Fl y Ar keyname:secret |
-.Fl k Ar keyfile
-.Oc
-.Op Fl v
-.Sh DESCRIPTION
-.Nm nsupdate
-is used to submit Dynamic DNS Update requests as defined in RFC2136
-to a name server.
-This allows resource records to be added or removed from a zone
-without manually editing the zone file.
-A single update request could contain requests to add or remove more than one
-resource record.
-.Pp
-Zones that are under dynamic control via
-.Nm nsupdate
-or a DHCP server should not be edited by hand.
-Manual edits could
-conflict with dynamic updates or the name server's transaction log
-activities which keep the file copy of the zone consistent with its
-internal representation in the name server's memory.
-.Pp
-The names of resource records that are dynamically added or removed with
-.Nm nsupdate
-have to be in the same zone.
-Requests are sent to the zone's master server.
-This is identified by the MNAME field of the zone's SOA record.
-.Pp
-The
-.Fl d
-option makes
-.Nm nsupdate
-operate in debug mode.
-This provides tracing information about the update requests that are
-made and the replies received from the name server.
-.Pp
-Transaction signatures can be used to authenticate the Dynamic DNS
-updates.
-These use the TSIG resource record type described in RFC2845.
-The signatures rely on a shared secret that should only be known to
-.Nm nsupdate
-and the name server.
-Currently, the only supported encryption algorithm for TSIG is 
-HMAC-MD5, which is defined in RFC 2104.
-Once other algorithms are defined for TSIG, applications will need to
-ensure they select the appropriate algorithm as well as the key when
-authenticating each other.
-For instance suitable
-.Dv key{}
-and
-.Dv server{}
-statements would be added to
-.Pa /etc/named.conf
-so that the name server can associate the appropriate secret key
-and algorithm with the IP address of the
-client application that will be using TSIG authentication.
-.Nm nsupdate
-does not read
-.Pa /etc/named.conf .
-.Pp
-.Nm nsupdate
-uses the
-.Fl y
-and
-.Fl k
-options to provide the shared secret needed to generate a TSIG record
-for authenticating Dynamic DNS update requests.
-These options are mutually exclusive.
-The
-.Fl k
-option gets
-.Nm nsupdate
-to read the shared secret from the file
-.Ar keyfile .
-When the
-.Fl y
-is used, a signature is generated from
-.Ar keyname:secret.
-.Ar keyname
-is the name of the key,
-and
-.Ar secret
-is a string comprising the shared secret, typically written in base-64
-encoding.
-Use of the
-.Fl y
-option is discouraged because the shared secret is supplied as a command
-line argument in clear text.
-This may be visible in the output from
-.Xr ps 1
-or in a history file maintained by the user's shell.
-.Pp
-By default
-.Nm nsupdate
-uses UDP to send update requests to the name server.
-The
-.Fl v
-option makes
-.Nm nsupdate
-use a TCP connection.
-This may be preferable when a batch of update requests are made.
-.Sh INPUT FORMAT
-.Nm nsupdate
-reads commands from its standard input.
-Each command is supplied on exactly one line of input.
-Some commands are for administrative purposes.
-The others are either update instructions or prerequisite checks on the
-contents of the zone.
-These checks set conditions that some name or set of
-resource records (RRset) either exists or is absent from the zone.
-These conditions must be met if the entire update request is to succeed.
-Updates will be rejected if the tests for the prerequisite conditions fail.
-.Pp
-Every update request consists of zero or more prerequisites
-and one or more updates.
-This allows a suitably authenticated update request to proceed if some
-specified resource records are present or missing from the zone. 
-A blank input line causes the accumulated commands to be sent as one Dynamic
-DNS update request to the name server.
-.Pp
-The command formats and their meaning are as follows:
-.Bl -ohang indent
-.It Xo
-.Ic server Va servername Op port
-.Xc
-.sp 1
-Sends all dynamic update requests to the name server
-.Va servername .
-When no server statement is provided,
-.Nm nsupdate
-will send updates to the master server of the correct zone.
-The MNAME field of that zone's SOA record will identify the master
-server for that zone.
-.Va port
-is the port number on
-.Va servername
-where the dynamic update requests get sent.
-If no port number is specified, the default DNS port number of 53 is
-used.
-.It Xo
-.Ic zone Va zonename
-.Xc
-.sp 1
-Specifies that all updates are to be made to the zone
-.Va zonename .
-.Nm nsupdate
-will determine the correct zone to update based on the rest of the input
-data if no
-.Va zone
-statement is provided.
-.It Xo
-.Ic prereq nxdomain Va domain-name
-.Xc
-.sp 1
-Requires that no resource record of any type exists with name
-.Va domain-name .
-.It Xo
-.Ic prereq yxdomain Va domain-name
-.Xc
-.sp 1
-Requires that
-.Va domain-name
-exists as at least one resource record of any type.
-.It Xo
-.Ic prereq nxrrset Va domain-name Op class
-.Va type
-.Xc
-.sp 1
-Requires that no resource record exists of the specified
-.Va type ,
-.Va class
-and
-.Va domain-name .
-If
-.Va class
-is omitted, IN (internet) is assumed.
-.It Xo
-.Ic prereq yxrrset
-.Va domain-name Op class
-.Va type Op data...
-.Xc
-.sp 1
-This requires that a resource record of the specified type
-.Va type ,
-.Va class
-and name
-.Va domain-name
-must exist.
-If
-.Va class
-is omitted, IN (internet) is assumed.
-If
-.Va data
-is supplied, it has to exactly match the corresponding RDATA for
-.Va name .
-.Va data
-is written in the standard text representation of the resource record's
-RDATA.
-.It Xo
-.Ic update delete
-.Va domain-name Op class
-.Va Op type Op data...
-.Xc
-.sp 1
-Deletes any resource records named
-.Va domain-name .
-If
-.Va type
-and
-.Va data
-is provided, only matching resource records will be removed.
-The internet class is assumed if
-.Va class
-is not supplied.
-.It Xo
-.Ic update add
-.Va domain-name ttl Op class
-.Va type data..
-.Xc
-.sp 1
-Adds a new resource record with the specified
-.Va ttl ,
-.Va class
-and
-.Va data .
-.El
-.Sh EXAMPLES
-The examples below show how
-.Nm nsupdate
-could be used to insert and delete resource records from the
-.Dv example.com
-zone.
-Notice that the input in each example contains a trailing blank line so that
-a group of commands are sent as one dynamic update request to the
-master name server for 
-.Dv example.com .
-.Bd -literal -offset indent
-# nsupdate
-> update delete oldhost.example.com A
-> update add newhost.example.com 86400 A 172.16.1.1
->
-.Ed
-.Pp
-Any A records for
-.Dv oldhost.example.com
-are deleted.
-and an A record for
-.Dv newhost.example.com 
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
-.Bd -literal -offset indent 
-# nsupdate
-> prereq nxdomain nickname.example.com
-> update add nickname.example.com CNAME somehost.example.com
->
-.Ed
-.Pp
-The prerequisite condition gets the name server to check that there
-are no resource records of any type for
-.Dv nickname.example.com .
-If there are, the update request fails.
-If this name does not exist, a CNAME for it is added.
-This ensures that when the CNAME is added, it cannot conflict with the
-long-standing rule in RFC1034 that a name must not exist as any other
-record type if it exists as a CNAME.
-(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
-SIG, KEY and NXT records.)
-.Pp
-.Sh NAME SERVER PROCESSING
-.Pp
-When a successful update request is made, the BIND9 name server
-increments the serial number in the zone's SOA record.
-A transaction log file is written containing details of the resource
-records that have been added or removed.
-This allows the name server to roll forward to the current state of the
-zone if it is restarted before a fresh copy of the zone file is written
-out by the name server.
-XXXJR WHEN DOES IT DO THAT???
-It then sends a NOTIFY message to the zone's slave servers to inform
-them that the zone's contents have changed.
-.Sh FILES
-.Bl -tag -width K{name}.+157.+{random}.private -compact
-.It Pa /etc/named.conf
-name server configuration file
-.It Pa K{name}.+157.+{random}.key
-base-64 encoding of HMAC-MD5 key created by
-.Xr dnssec-keygen 8 .
-.It Pa K{name}.+157.+{random}.private 
-base-64 encoding of HMAC-MD5 key created by
-.Xr dnssec-keygen 8 .
-.El
-.Sh SEE ALSO
-.Xr RFC2136 ,
-.Xr RFC2137 ,
-.Xr RFC2104 ,
-.Xr RFC2845 ,
-.Xr RFC1034 ,
-.Xr RFC2535 ,
-.Xr named 8 ,
-.Xr dnssec-keygen 8 .
-.Sh BUGS 
-The
-.Fl D
-and
-.Fl M
-options are not documented apart from this self-referential paragraph.
-They provide additional debugging information which is primarily of interest
-to the BIND9 developers.
-These options might be changed or removed in future releases. 

bin/nsupdate/nsupdate.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: nsupdate.c,v 1.33 2000/07/21 20:38:30 bwelling Exp $ */
+/* $Id: nsupdate.c,v 1.8.2.3 2000/07/10 17:23:25 bwelling Exp $ */
 
 #include <config.h>
 
@@ -95,6 +95,7 @@ static dns_name_t *origin; /* Points to one of above, or dns_rootname */
 static dns_fixedname_t fuserzone;
 static dns_name_t *userzone = NULL;
 static dns_tsigkey_t *key = NULL;
+static dns_tsig_keyring_t *keyring = NULL;
 static lwres_context_t *lwctx = NULL;
 static lwres_conf_t *lwconf;
 static isc_sockaddr_t *servers;
@@ -241,9 +242,14 @@ setup_key() {
 	dns_fixedname_t fkeyname;
 	dns_name_t *keyname;
 
+	result = dns_tsigkeyring_create(mctx, &keyring);
+	check_result(result, "dns_tsigkeyringcreate");
+
 	if (keystr != NULL) {
 		isc_buffer_t keynamesrc;
 		char *secretstr;
+		isc_buffer_t secretsrc;
+		isc_lex_t *lex = NULL;
 		char *s;
 
 		debug("Creating key...");
@@ -269,16 +275,27 @@ setup_key() {
 		if (secret == NULL)
 			fatal("out of memory");
 
+		isc_buffer_init(&secretsrc, secretstr, strlen(secretstr));
+		isc_buffer_add(&secretsrc, strlen(secretstr));
+
 		isc_buffer_init(&secretbuf, secret, secretlen);
-		result = isc_base64_decodestring(mctx, secretstr, &secretbuf);
+
+		result = isc_lex_create(mctx, strlen(secretstr), &lex);
+		check_result(result, "isc_lex_create");
+		result = isc_lex_openbuffer(lex, &secretsrc);
+		check_result(result, "isc_lex_openbuffer");
+		result = isc_base64_tobuffer(lex, &secretbuf, -1);
 		if (result != ISC_R_SUCCESS) {
 			fprintf(stderr, "Couldn't create key from %s: %s\n",
 				keystr, isc_result_totext(result));
+			isc_lex_close(lex);
+			isc_lex_destroy(&lex);
 			goto failure;
 		}
-
 		secretlen = isc_buffer_usedlength(&secretbuf);
 		debug("close");
+		isc_lex_close(lex);
+		isc_lex_destroy(&lex);
 	} else {
 		dst_key_t *dstkey = NULL;
 
@@ -306,7 +323,7 @@ setup_key() {
 	debug("keycreate");
 	result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name,
 				    secret, secretlen, ISC_TRUE, NULL, 0, 0,
-				    mctx, NULL, &key);
+				    mctx, keyring, &key);
 	if (result != ISC_R_SUCCESS) {
 		char *str;
 		if (keystr != NULL)
@@ -323,6 +340,7 @@ setup_key() {
 
 	if (secret != NULL)
 		isc_mem_free(mctx, secret);
+	dns_tsigkeyring_destroy(&keyring);
 }
 
 static void
@@ -335,6 +353,15 @@ setup_system(void) {
 
 	ddebug("setup_system()");
 
+	/*
+	 * Warning: This is not particularly good randomness.  We'll
+	 * just use random() now for getting id values, but doing so
+	 * does NOT insure that id's can't be guessed.
+	 *
+	 * XXX Shouldn't random() be called somewhere if this is here?
+	 */
+	srandom(getpid() + (int)&setup_system);
+
 	result = isc_net_probeipv4();
 	check_result(result, "isc_net_probeipv4");
 
@@ -1307,9 +1334,15 @@ cleanup(void) {
 
 	if (key != NULL) {
 		debug("Freeing key");
+		dns_tsigkey_setdeleted(key);
 		dns_tsigkey_detach(&key);
 	}
 
+	if (keyring != NULL) {
+		debug("Freeing keyring %lx", keyring);
+		dns_tsigkeyring_destroy(&keyring);
+	}
+
 	if (updatemsg != NULL)
 		dns_message_destroy(&updatemsg);
 

bin/rndc/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.10 2000/07/12 01:15:00 bwelling Exp $
+# $Id: Makefile.in,v 1.7.2.3 2000/07/12 01:18:43 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/rndc/rndc.8

@@ -1,166 +0,0 @@
-.\" Copyright (C) @YEARS@  Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" 
-.\" $Id: rndc.8,v 1.6 2000/07/12 16:48:19 gson Exp $
-.\" 
-.Dd Jun 30, 2000
-.Dt RDNC 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm rdnc
-.Nd name server control utility
-.Sh SYNOPSIS
-.Nm rndc
-.Op Fl c Ar config-file
-.Op Fl M
-.Op Fl m
-.Op Fl p Ar port#
-.Op Fl s Ar server
-.Op Fl v
-.Op Fl y Ar key_id
-.Ar command .... 
-.Sh DESCRIPTION
-This command allows the system administrator to control the operation
-of a name server.
-It supersedes the
-.Xr ndc 8
-utility that was provided in old BIND releases.
-If
-.Nm rndc
-is invoked with no command line options or arguments, it
-prints a short summary of the supported commands and the available
-options and their arguments.
-.Pp
-.Nm rndc
-communicates with the name server over a TCP connection, 
-sending commands authenticated with digital signatures. 
-In the current versions of
-.Nm rndc
-and 
-.Xr named 8
-the only supported encryption algorithm is HMAC-MD5, which uses a
-shared secret on each end of the connection.
-This provides TSIG-style authentication for the command request
-and the name server's response. 
-All commands sent over the channel
-must be signed by a key_id known to the server.
-.Pp
-.Nm rndc
-reads its default configuration file,
-.Pa /etc/rndc.conf
-to determine how to contact the name server and decide what algorithm
-and keys is should use.
-The
-.Fl c
-option can be used to specify an alternate configuration file.
-.Pp
-.Ar server
-is the name or address of the server which matches a
-.Dv server{}
-statement in the configuration file for
-.Nm rndc .
-If no
-.Ar server
-is supplied on the command line, the host named by the
-.Dv default-server
-clause in the
-.Dv options{}
-statement of the configuration file will be used.
-.Pp
-The
-.Fl p
-option can be used to make
-.Nm rndc
-send commands to TCP port number
-.Ar port#
-on the system running the name server instead of BIND 9's 
-default control channel port of 953.
-.Pp
-The
-.Fl y
-option identifies the
-.Ar key_id
-to use from the configuration file.
-.Ar key_id
-must be known by
-.Xr named
-with the same algorithm and secret string in order for
-control message validation to succeed.
-If no
-.Fl y
-option is provided,
-.Nm rndc
-will first look for a 
-.Dv key
-clause in the
-.Dv server{}
-statement of the server being used, or if no
-.Dv server{}
-statement is present for that host, then the
-.Dv default-key
-clause of the
-.Dv options{}
-statement.
-Note that the configuration file for
-.Nm rdnc
-contains shared secrets which are used to send authenticated
-control commands to name servers.
-It should therefore not have general read or write access.
-.Pp
-The
-.Fl M ,
-.Fl m ,
-and
-.Fl v
-options provided debugging information and are primarily of interest
-only to the BIND 9 developers.
-They might be changed or removed in future releases.
-.Pp
-The only valid value for
-.Ar command
-is \*qreload\*q, which forces the name server to reload its configuation
-file and zones.
-Further commands will be provided in future releases as the management
-capabilities of
-.Nm rndc
-are extended.
-.Sh LIMITATIONS
-.Nm rndc
-currently only supports the
-.Dv reload
-command.
-Future releases will provide more commands so that
-.Nm rndc
-offers at least as many management capabilities as the old
-.Xr ndc
-utility.
-.Pp
-There is currently no way to provide the shared secret for a key_id 
-without using the configuration file.
-.Pp
-Several error messages could be clearer.
-For example, trying to connect
-from an address that is not in the list of acceptable addresses
-configured into
-.Xr named
-will result in the error message "end of file" when the server
-unceremoniously closes the connection.
-.Sh SEE ALSO
-.Xr rndc.conf 5 ,
-.Xr named 8 ,
-.Xr named.conf 5 ,
-.Xr RFC2845 ,
-.Xr ndc 8 .

bin/rndc/rndc.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.19 2000/07/12 01:15:34 bwelling Exp $ */
+/* $Id: rndc.c,v 1.12.2.5 2000/07/12 01:18:55 gson Exp $ */
 
 /* 
  * Principal Author: DCL

bin/rndc/rndc.conf

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: rndc.conf,v 1.4 2000/07/11 01:31:06 tale Exp $ */
+/* $Id: rndc.conf,v 1.3.2.1 2000/07/11 19:36:05 gson Exp $ */
 
 /*
  * Sample rndc configuration file.

bin/rndc/rndc.conf.5

@@ -1,202 +0,0 @@
-.\" Copyright (C) @YEARS@  Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-.\" SOFTWARE.
-.\" 
-.\" $Id: rndc.conf.5,v 1.4 2000/07/12 17:37:57 gson Exp $
-.\" 
-.Dd Jun 30, 2000
-.Dt RDNC.CONF 5
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm rdnc.conf
-.Nd rdnc configuration file
-.Sh SYNOPSIS
-.Nm rdnc.conf
-.Sh DESCRIPTION 
-The BIND9 utility for controlling the name server,
-.Nm rndc ,
-has its own configuration file
-.Pa /etc/rndc.conf .
-This file has a similar structure and syntax to
-.Pa named.conf ,
-the file used to configure the name server.
-Statements are enclosed in braces and terminated with a semi-colon.
-Clauses in the statements are also semi-colon terminated.
-The usual comment styles are supported:
-.Bl -tag -width UNIX-style:
-.It C style: /* */
-.It C++ style: // to end of line
-.It Unix style: # to end of line
-.El
-.Pp
-.Pa rndc.conf
-is much simpler than
-.Pa named.conf .
-The file uses three statements: an
-.Dv options{}
-statement, a
-.Dv server{}
-statement and a
-.Dv key{}
-statement.
-.Pp
-The
-.Dv options{}
-statement contains two clauses.
-The
-.Dv default-server
-clause
-is followed by the name or address of a name server.
-This host will
-be used when no name server is given as an argument to
-.Nm rndc .
-The
-.Dv default-key
-clause
-is followed by the name of a key which is identified by a 
-.Dv key{}
-statement.
-If no 
-.Fl y
-option is provided on the
-.Xr rndc 
-command line, and no
-.Dv key
-clause is found in a a matching
-.Dv server{}
-statement, this default key will be used to authenticate the server's
-commands and responses.
-.Pp
-After the keyword
-.Dv server ,
-the 
-.Dv server{}
-statement is followed by a string which is the hostname or address for a
-name server.
-The statement has a single clause,
-.Dv key .
-The key name must match the name of a
-.Dv key{}
-statement in the file.
-.Pp
-The
-.Dv key{}
-statement begins with an identifying string, the name of the key.
-The statement has two clauses.
-.Dv algorithm
-identifies the encryption algorithm for
-.Nm rndc
-to use; currently only HMAC-MD5 is supported.
-This is followed by a 
-.Dv secret
-clause which contains the base-64 encoding of the
-algorithm's encryption key.
-The base-64 string is enclosed in double quotes.
-.Pp
-There are two common ways to generate the base-64 string for the
-.Dv secret .
-The BIND 9 program
-.Xr dnssec-keygen 8
-can be used to generate a random key, or the
-.Xr mmencode 1
-program, also known as
-.Xr mimencode 1 ,
-can be used to generate a base-64 string from known input.
-.Xr mmencode
-does not ship with BIND 9 but is available on many systems.
-See the
-.Sx EXAMPLES
-section for sample command lines for each.
-.Pp
-Host and key names must be quoted using double quotes if they
-match a keyword, such as having a key named "key".
-.Sh EXAMPLE
-.Bd -literal indent
-options {
-    default-server  localhost;
-    default-key     samplekey;
-};
-
-server localhost {
-    key     samplekey;
-};
-
-key samplekey {
-    algorithm hmac-md5;
-    secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
-};
-.Ed
-.Pp
-In the above example,
-.Nm rndc
-will by default use the server at localhost (127.0.0.1) and the key called
-.Dv samplekey .
-Commands to the localhost server will use the
-.Dv samplekey
-key.
-The
-.Dv key{}
-statement indicates that
-.Dv samplekey
-uses the HMAC-MD5 algorithm and its
-.Dv secret
-clause contains the base-64 encoding of the HMAC-MD5 secret enclosed
-in double quotes.
-.Pp
-To generate a random secret with
-.Xr dnssec-keygen :
-.Bd -literal indent
-$ dnssec-keygen -a hmac-md5 -b 128 -n user rndc
-.Ed
-.Pp
-The base-64 string will appear in two files, 
-.Pa Krndc.+157.+{random}.key
-and 
-.Pa Krndc.+157.+{random}.private .
-After extracting the key to be
-placed in the
-.Nm rndc.conf
-and
-.Xr named.conf
-.Dv key{}
-statements, the
-.Pa .key
-and
-.Pa .private
-files can be removed.
-.Pp
-To generate a secret from known input with
-.Xr mmenode :
-.Bd -literal indent
-$ echo "known plaintext for a secret" | mmencode
-.Ed
-.Sh LIMITATIONS
-There is currently no way to specify the port for
-.Xr rndc
-to use.  This will be remedied in future releases by allowing a
-.Dv port
-clause to the
-.Dv server{}
-statement and a
-.Dv default-port
-clause to the
-.Dv options{}
-statement.
-.Sh SEE ALSO
-.Xr rndc 8 ,
-.Xr named.conf 8 ,
-.Xr dnssec-keygen 8 ,
-.Xr mmencode 1 ,
-"BIND9 Administrators Manual".

bin/tests/adb_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: adb_test.c,v 1.55 2000/06/28 16:19:52 explorer Exp $ */
+/* $Id: adb_test.c,v 1.54.2.1 2000/06/28 16:45:22 gson Exp $ */
 
 #include <config.h>
 

bin/tests/byaddr_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: byaddr_test.c,v 1.17 2000/06/28 16:19:53 explorer Exp $ */
+/* $Id: byaddr_test.c,v 1.16.2.1 2000/06/28 16:45:24 gson Exp $ */
 
 /*
  * Principal Author: Bob Halley

bin/tests/byname_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: byname_test.c,v 1.19 2000/06/28 16:19:54 explorer Exp $ */
+/* $Id: byname_test.c,v 1.18.2.1 2000/06/28 16:45:25 gson Exp $ */
 
 /*
  * Principal Author: Bob Halley

bin/tests/db/dns_db_load_25.data

@@ -1,6 +0,0 @@
-$TTL 5
-@ 	IN	SOA	ns1 hostmaster 1 3600 1200 3600000 3600
-@	IN	NS	ns1
-ns1	IN	A	10.0.0.1
-sub 	IN	SOA	ns2 hostmaster 1 3600 1200 3600000 3600
-ns2	IN	A	10.0.0.2

bin/tests/db/dns_db_load_soa_not_top

@@ -1,7 +0,0 @@
-#
-# test data for dns_db_load_soa_not_top
-#
-# format:
-# filename type origin cache class findname expected_result
-#
-dns_db_load_25.data	rbt	.	zone	in	DNS_R_NOTZONETOP	a.	A	DNS_R_DELEGATION

bin/tests/db/t_db.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: t_db.c,v 1.23 2000/07/05 00:35:36 marka Exp $ */
+/* $Id: t_db.c,v 1.22 2000/06/22 21:51:03 tale Exp $ */
 
 #include <config.h>
 
@@ -156,10 +156,6 @@ t_dns_db_load(char **av) {
 		isc_mem_destroy(&mctx);
 		return(T_FAIL);
 	}
-	if (dns_result != ISC_R_SUCCESS) {
-		result = T_PASS;
-		goto cleanup_db;
-	}
 
 	dns_fixedname_init(&dns_findname);
 	len = strlen(findname);
@@ -221,7 +217,6 @@ t_dns_db_load(char **av) {
 
 	if (dns_db_iszone(db))
 		dns_db_closeversion(db, &versionp, ISC_FALSE);
- cleanup_db:
 	dns_db_detach(&db);
 	isc_mem_destroy(&mctx);
 	return(result);
@@ -2709,19 +2704,6 @@ t24(void) {
 	t_result(result);
 }
 
-static const char *a25 =
-	"A call to dns_db_load(db, filename) returns DNS_R_NOTZONETOP "
-	"when the zone data contains a SOA not at the zone apex.";
-
-static void
-t25(void) {
-	int	result;
-
-	t_assert("dns_db_load", 25, T_REQUIRED, a25);
-	result = t_eval("dns_db_load_soa_not_top", t_dns_db_load, 9); 
-	t_result(result);
-}
-
 testspec_t	T_testlist[] = {
 	{	t1,		"dns_db_load"		},
 	{	t2,		"dns_db_iscache"	},
@@ -2747,6 +2729,5 @@ testspec_t	T_testlist[] = {
 	{	t22,		"dns_db_find"		},
 	{	t23,		"dns_db_find"		},
 	{	t24,		"dns_db_find"		},
-	{	t25,		"dns_db_load"		},
 	{	NULL,		NULL			}
 };

bin/tests/dispatch_tcp_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dispatch_tcp_test.c,v 1.33 2000/06/28 16:19:55 explorer Exp $ */
+/* $Id: dispatch_tcp_test.c,v 1.32.2.1 2000/06/28 16:45:26 gson Exp $ */
 
 #include <config.h>
 

bin/tests/dispatch_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dispatch_test.c,v 1.44 2000/06/28 16:19:56 explorer Exp $ */
+/* $Id: dispatch_test.c,v 1.43.2.1 2000/06/28 16:45:27 gson Exp $ */
 
 #include <config.h>
 

bin/tests/hash_test.c

@@ -15,14 +15,12 @@
  * SOFTWARE.
  */
 
-/* $Id: hash_test.c,v 1.5 2000/07/17 17:33:39 bwelling Exp $ */
+/* $Id: hash_test.c,v 1.4 2000/06/23 16:18:56 tale Exp $ */
 
 #include <config.h>
 
 #include <stdio.h>
-#include <string.h>
 
-#include <isc/hmacmd5.h>
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/util.h>
@@ -47,11 +45,9 @@ int
 main(int argc, char **argv) {
 	isc_sha1_t sha1;
 	isc_md5_t md5;
-	isc_hmacmd5_t hmacmd5;
 	unsigned char digest[20];
 	unsigned char buffer[1024];
 	const unsigned char *s;
-	unsigned char key[20];
 
 	UNUSED(argc);
 	UNUSED(argv);
@@ -77,36 +73,5 @@ main(int argc, char **argv) {
 	isc_md5_final(&md5, digest);
 	print_digest(buffer, "md5", digest, 4);
 
-	/*
-	 * The 3 HMAC-MD5 examples from RFC 2104
-	 */
-	s = "Hi There";
-	memset(key, 0x0b, 16);
-	isc_hmacmd5_init(&hmacmd5, key, 16);
-	strcpy(buffer, s);
-	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
-	isc_hmacmd5_sign(&hmacmd5, digest);
-	print_digest(buffer, "hmacmd5", digest, 4);
-
-	s = "what do ya want for nothing?";
-	strcpy(key, "Jefe");
-	isc_hmacmd5_init(&hmacmd5, key, 4);
-	strcpy(buffer, s);
-	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
-	isc_hmacmd5_sign(&hmacmd5, digest);
-	print_digest(buffer, "hmacmd5", digest, 4);
-
-	s = "\335\335\335\335\335\335\335\335\335\335"
-	    "\335\335\335\335\335\335\335\335\335\335"
-	    "\335\335\335\335\335\335\335\335\335\335"
-	    "\335\335\335\335\335\335\335\335\335\335"
-	    "\335\335\335\335\335\335\335\335\335\335";
-	memset(key, 0xaa, 16);
-	isc_hmacmd5_init(&hmacmd5, key, 16);
-	strcpy(buffer, s);
-	isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
-	isc_hmacmd5_sign(&hmacmd5, digest);
-	print_digest(buffer, "hmacmd5", digest, 4);
-
 	return (0);
 }

bin/tests/keyboard_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: keyboard_test.c,v 1.4 2000/06/28 16:19:57 explorer Exp $ */
+/* $Id: keyboard_test.c,v 1.3.2.1 2000/06/28 16:45:29 gson Exp $ */
 
 #include <config.h>
 

bin/tests/master/dns_master_load_10_data

@@ -1,12 +0,0 @@
-#
-# test data for dns_master_load test 9
-#
-# format is:
-#	masterfile origin class expected_result
-# where
-#	masterfile name is the name of a file containing master data
-#	origin is the origin
-#	class is the zone's class
-# 	expected_result is a text representation of a dns_result_t
-#
-master10.data	test	in	ISC_R_SUCCESS

bin/tests/master/dns_master_load_11_data

@@ -1,12 +0,0 @@
-#
-# test data for dns_master_load test 11
-#
-# format is:
-#	masterfile origin class expected_result
-# where
-#	masterfile name is the name of a file containing master data
-#	origin is the origin
-#	class is the zone's class
-# 	expected_result is a text representation of a dns_result_t
-#
-master11.data	test	in	ISC_R_SUCCESS

bin/tests/master/dns_master_load_8_data

@@ -1,12 +0,0 @@
-#
-# test data for dns_master_load test 8
-#
-# format is:
-#	masterfile origin class expected_result
-# where
-#	masterfile name is the name of a file containing master data
-#	origin is the origin
-#	class is the zone's class
-# 	expected_result is a text representation of a dns_result_t
-#
-master8.data	test	in	ISC_R_SUCCESS

bin/tests/master/dns_master_load_9_data

@@ -1,12 +0,0 @@
-#
-# test data for dns_master_load test 9
-#
-# format is:
-#	masterfile origin class expected_result
-# where
-#	masterfile name is the name of a file containing master data
-#	origin is the origin
-#	class is the zone's class
-# 	expected_result is a text representation of a dns_result_t
-#
-master9.data	test	in	DNS_R_BADCLASS

bin/tests/master/master10.data

@@ -1,7 +0,0 @@
-;
-;	the following black line contains spaces
-     
-;
-@	300	IN	A	10.0.0.1
-	;
-;

bin/tests/master/master11.data

@@ -1,6 +0,0 @@
-;
-;	The following serial number contains a leading 0 and a 9 so the
-;	we can catch cases where it is incorrectly treated as a octal
-;	number.
-;
-@	300	IN	SOA ns hostmaster 00090000 1200 3600 604800 300

bin/tests/master/master8.data

@@ -1,4 +0,0 @@
-;
-; master7.data contains a good zone file
-;
-$include master7.data

bin/tests/master/master9.data

@@ -1,4 +0,0 @@
-;
-;	master5.data is bad
-;
-$include master5.data

bin/tests/master/t_master.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: t_master.c,v 1.26 2000/07/11 02:40:58 marka Exp $ */
+/* $Id: t_master.c,v 1.23 2000/06/22 21:51:09 tale Exp $ */
 
 #include <config.h>
 
@@ -263,59 +263,6 @@ t7() {
 	t_result(result);
 }
 
-static const char *a8 =
-	"dns_master_loadfile understands $INCLUDE";
-
-static void
-t8() {
-	int	result;
-
-	t_assert("dns_master_loadfile", 8, T_REQUIRED, a8);
-	result = test_master_x("dns_master_load_8_data");
-
-	t_result(result);
-}
-
-static const char *a9 =
-	"dns_master_loadfile understands $INCLUDE with failure";
-
-static void
-t9() {
-	int	result;
-
-	t_assert("dns_master_loadfile", 9, T_REQUIRED, a9);
-	result = test_master_x("dns_master_load_9_data");
-
-	t_result(result);
-}
-
-static const char *a10 =
-	"dns_master_loadfile non-empty blank lines";
-
-static void
-t10() {
-	int	result;
-
-	t_assert("dns_master_loadfile", 10, T_REQUIRED, a10);
-	result = test_master_x("dns_master_load_10_data");
-
-	t_result(result);
-}
-
-static const char *a11 =
-	"dns_master_loadfile allow leading zeros in SOA";
-
-static void
-t11() {
-	int	result;
-
-	t_assert("dns_master_loadfile", 11, T_REQUIRED, a11);
-	result = test_master_x("dns_master_load_11_data");
-
-	t_result(result);
-}
-
-
 testspec_t	T_testlist[] = {
 	{	t1,	"ISC_R_SUCCESS"		},
 	{	t2,	"ISC_R_UNEXPECTEDEND"	},
@@ -324,10 +271,6 @@ testspec_t	T_testlist[] = {
 	{	t5,	"DNS_BADCLASS"		},
 	{	t6,	"KEY RR 1"		},
 	{	t7,	"KEY RR 2"		},
-	{	t8,	"$INCLUDE"		},
-	{	t9,	"$INCLUDE w/ DNS_BADCLASS"	},
-	{	t10,	"non empty blank lines"	},
-	{	t11,	"leading zeros in serial"	},
 	{	NULL,	NULL			}
 };
 

bin/tests/mempool_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: mempool_test.c,v 1.8 2000/07/26 19:07:36 explorer Exp $ */
+/* $Id: mempool_test.c,v 1.7 2000/06/22 21:50:32 tale Exp $ */
 
 #include <config.h>
 
@@ -36,8 +36,6 @@ main(int argc, char *argv[]) {
 	UNUSED(argc);
 	UNUSED(argv);
 
-	isc_mem_debugging = 2;
-
 	RUNTIME_CHECK(isc_mutex_init(&lock) == ISC_R_SUCCESS);
 
 	mctx = NULL;
@@ -93,7 +91,7 @@ main(int argc, char *argv[]) {
 	 */
 	isc_mempool_setfreemax(mp2, 25);
 	isc_mempool_setfillcount(mp2, 25);
-	for (j = 0 ; j < 5000 ; j++) {
+	for (j = 0 ; j < 500000 ; j++) {
 		for (i = 0 ; i < 50 ; i++) {
 			items2[i] = isc_mempool_get(mp2);
 			RUNTIME_CHECK(items2[i] != NULL);

bin/tests/named.conf

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.43 2000/07/25 17:55:35 brister Exp $ */
+/* $Id: named.conf,v 1.38.2.1 2000/07/11 17:23:12 gson Exp $ */
 
 /*
  * This is a worthless, nonrunnable example of a named.conf file that has
@@ -34,9 +34,6 @@
 // watch out for ";" -- it's important!
 
 options {
-	glue-from-auth true;
-	glue-from-cache false;
-
 	version "my version string";
 	random-device "/dev/random";
 	random-seed-file "/random/seed/file";
@@ -201,12 +198,10 @@ options {
  * Control listeners, for "ndc".  Every nameserver needs at least one.
  */
 controls {
-	// 'inet' lines without a 'port' defaults to 'port 953'
-	// 'keys' must be used and the list must have at least one entry
-	inet * port 52 allow { any; } keys { "key2"; };		
-	inet 10.0.0.1 allow { any; } keys { "key4";};
-	inet 10.0.0.2 allow { none; } keys { "key-1"; "key-2"; };
-	unix "/var/run/ndc" perm 0600 owner 0 group 0;	// ignored by named.
+	inet * port 52 allow { any; };			// a bad idea
+	inet 10.0.0.1 allow { any; };			// a bad idea
+	inet 10.0.0.2 allow { none; } keys "foo"; 	// a bad idea
+	unix "/var/run/ndc" perm 0600 owner 0 group 0;	// the default
 };
 
 zone "master.demo.zone" {
@@ -235,9 +230,8 @@ zone "slave.demo.zone" {
 	file "slave.demo.zone";
 	ixfr-base  "slave.demo.zone.ixfr";  // File name for IXFR transaction log file
 	masters {
-		1.2.3.4 port 10 key "foo"; // where to zone transfer from
+		1.2.3.4;		// where to zone transfer from
 		5.6.7.8;
-		6.7.8.9 key "zippo";
 	};
 	transfer-source 10.0.0.53;	// fixes multihoming problems
 	check-names warn;
@@ -265,8 +259,6 @@ view "test-view" in {
 	sig-validity-interval 45;
 	max-cache-size 100000;
 	allow-query { 10.0.0.30;};
-	glue-from-cache false;
-	glue-from-auth no;
 	match-clients { 10.0.0.1 ; };
 	check-names master warn;
 	check-names slave ignore;

bin/tests/names/dns_name_fromwire_4_data

@@ -29,4 +29,4 @@
 #		ISC_R_UNEXPECTEDEND
 #		DNS_R_TOOMANYHOPS
 #		
-wire_test4.data	550	1	DNS_COMPRESS_ALL	vix.com.	DNS_R_NAMETOOLONG
+wire_test4.data	550	1	DNS_COMPRESS_ALL	vix.com.	DNS_R_FORMERR

bin/tests/names/t_names.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: t_names.c,v 1.26 2000/07/14 22:21:14 bwelling Exp $ */
+/* $Id: t_names.c,v 1.25 2000/06/22 21:51:14 tale Exp $ */
 
 #include <config.h>
 
@@ -2235,8 +2235,6 @@ t_dns_name_fromwire_x(const char *testfile, size_t buflen) {
 					exp_result = DNS_R_TOOMANYHOPS;
 				else if (! strcmp(tok, "DNS_R_DISALLOWED"))
 					exp_result = DNS_R_DISALLOWED;
-				else if (! strcmp(tok, "DNS_R_NAMETOOLONG"))
-					exp_result = DNS_R_NAMETOOLONG;
 
 				tok = Tokens[3];
 				dc_method = DNS_COMPRESS_NONE;

bin/tests/omapi_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi_test.c,v 1.25 2000/07/12 17:29:58 tale Exp $ */
+/* $Id: omapi_test.c,v 1.22.2.3 2000/07/13 02:33:43 gson Exp $ */
 
 /* 
  * Test code for OMAPI.

bin/tests/ratelimiter_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: ratelimiter_test.c,v 1.12 2000/06/28 16:27:36 gson Exp $ */
+/* $Id: ratelimiter_test.c,v 1.11.2.1 2000/06/28 17:59:06 gson Exp $ */
 
 #include <config.h>
 

bin/tests/rbt_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: rbt_test.c,v 1.33 2000/07/21 21:13:40 gson Exp $ */
+/* $Id: rbt_test.c,v 1.31 2000/06/22 21:50:44 tale Exp $ */
 
 #include <config.h>
 
@@ -93,9 +93,17 @@ delete_name(void *data, void *arg) {
 
 static void
 print_name(dns_name_t *name) {
-	char buffer[1024];
-	dns_name_format(name, buffer, sizeof(buffer));
-	printf("%s", buffer);
+	isc_buffer_t target;
+	char *buffer[256];
+
+	isc_buffer_init(&target, buffer, sizeof(buffer));
+
+	/*
+	 * ISC_FALSE means absolute names have the final dot added.
+	 */
+	dns_name_totext(name, ISC_FALSE, &target);
+
+	printf("%.*s", (int)target.used, (char *)target.base);
 }
 
 static void
@@ -252,12 +260,12 @@ iterate(dns_rbt_t *rbt, isc_boolean_t forward) {
 				printf("... %s\n", dns_result_totext(r));
 
 int
-main(int argc, char **argv) {
+main (int argc, char **argv) {
 	char *command, *arg, buffer[1024];
 	const char *whitespace;
 	dns_name_t *name, *foundname;
 	dns_fixedname_t fixedname;
-	dns_rbt_t *rbt = NULL;
+	dns_rbt_t *rbt;
 	int length, ch;
 	isc_boolean_t show_final_mem = ISC_FALSE;
 	isc_result_t result;

bin/tests/system/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.17 2000/07/09 15:54:21 tale Exp $
+# $Id: Makefile.in,v 1.10.2.2 2000/07/10 04:51:41 gson Exp $
 
 @BIND9_INCLUDES@
 SUBDIRS =	lwresd

bin/tests/system/cleanall.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: cleanall.sh,v 1.2 2000/07/06 19:54:02 mws Exp $
+# $Id: cleanall.sh,v 1.1.2.1 2000/07/10 04:51:43 gson Exp $
 
 #
 # Clean up after system tests.

bin/tests/system/conf.sh.in

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: conf.sh.in,v 1.10 2000/07/20 19:38:05 mws Exp $
+# $Id: conf.sh.in,v 1.4.2.1 2000/07/10 04:51:44 gson Exp $
 
 # 
 # Common configuration data for system tests, to be sourced into
@@ -31,17 +31,15 @@ TOP=`cd $TOP && pwd`
 NAMED=$TOP/bin/named/named
 LWRESD=$TOP/bin/named/lwresd
 DIG=$TOP/bin/dig/dig
-RNDC=$TOP/bin/rndc/rndc
 NSUPDATE=$TOP/bin/nsupdate/nsupdate
 KEYGEN=$TOP/bin/dnssec/dnssec-keygen
 SIGNER=$TOP/bin/dnssec/dnssec-signzone
 KEYSIGNER=$TOP/bin/dnssec/dnssec-signkey
 KEYSETTOOL=$TOP/bin/dnssec/dnssec-makekeyset
-SUBDIRS="dnssec glue limits lwresd notify nsupdate resolver stub views xfer \
-    xferquota"
+SUBDIRS="dnssec glue limits lwresd notify nsupdate stub views xfer xferquota"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@
 
 export NAMED LWRESD DIG NSUPDATE KEYGEN SIGNER KEYSIGNER KEYSETTOOL PERL \
-    SUBDIRS RNDC
+    SUBDIRS

bin/tests/system/digcomp.pl

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: digcomp.pl,v 1.8 2000/07/08 16:37:43 tale Exp $
+# $Id: digcomp.pl,v 1.4.2.1 2000/07/10 04:51:46 gson Exp $
 
 # Compare two files, each with the output from dig, for differences.
 # Ignore "unimportant" differences, like ordering of NS lines, TTL's,

bin/tests/system/dnssec/ns3/secure.example.db.in

@@ -13,7 +13,7 @@
 ; ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 ; SOFTWARE.
 
-; $Id: secure.example.db.in,v 1.5 2000/07/07 22:33:20 gson Exp $
+; $Id: secure.example.db.in,v 1.4.2.1 2000/07/10 04:51:55 gson Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (

bin/tests/system/dnssec/tests.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: tests.sh,v 1.22 2000/07/19 19:54:50 gson Exp $
+# $Id: tests.sh,v 1.15.2.4 2000/07/11 00:43:45 bwelling Exp $
 
 #
 # Perform tests
@@ -65,8 +65,8 @@ status=`expr $status + $ret`
 
 echo "I:checking multi-stage positive validation"
 ret=0
-$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
-$DIG $DIGOPTS +noauth a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
+$DIG $DIGOPTS a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
+$DIG $DIGOPTS a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
 $PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi

bin/tests/system/ifconfig.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: ifconfig.sh,v 1.18 2000/06/29 15:28:23 marka Exp $
+# $Id: ifconfig.sh,v 1.17.2.1 2000/07/10 04:51:47 gson Exp $
 
 #
 # Set up interface aliases for bind9 system tests.

bin/tests/system/limits/clean.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: clean.sh,v 1.3 2000/07/09 16:18:37 tale Exp $
+# $Id: clean.sh,v 1.1.2.2 2000/07/10 04:51:56 gson Exp $
 
 #
 # Clean up after limits tests.

bin/tests/system/limits/tests.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: tests.sh,v 1.7 2000/07/08 16:36:29 tale Exp $
+# $Id: tests.sh,v 1.2.2.2 2000/07/10 04:51:57 gson Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh

bin/tests/system/lwresd/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.5 2000/06/28 23:19:02 bwelling Exp $
+# $Id: Makefile.in,v 1.4.2.1 2000/06/28 23:22:34 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/tests/system/lwresd/lwtest.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwtest.c,v 1.10 2000/07/06 22:28:44 bwelling Exp $ */
+/* $Id: lwtest.c,v 1.6.2.3 2000/07/10 04:52:01 gson Exp $ */
 
 #include <config.h>
 

bin/tests/system/lwresd/ns1/example1.db

@@ -13,7 +13,7 @@
 ; ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 ; SOFTWARE.
 
-; $Id: example1.db,v 1.5 2000/06/28 21:56:13 bwelling Exp $
+; $Id: example1.db,v 1.4.2.1 2000/06/28 22:01:42 gson Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (

bin/tests/system/lwresd/tests.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: tests.sh,v 1.5 2000/07/07 18:25:12 bwelling Exp $
+# $Id: tests.sh,v 1.2.2.1 2000/07/10 04:52:02 gson Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh

bin/tests/system/notify/tests.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: tests.sh,v 1.23 2000/07/12 17:59:07 bwelling Exp $
+# $Id: tests.sh,v 1.16.2.2 2000/07/12 18:02:32 gson Exp $
 
 #
 # Perform tests

bin/tests/system/nsupdate/.cvsignore

@@ -1,2 +0,0 @@
-dig.out.ns1
-dig.out.ns2

bin/tests/system/nsupdate/clean.sh

@@ -15,14 +15,13 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: clean.sh,v 1.2 2000/07/24 22:53:33 mws Exp $
+# $Id: clean.sh,v 1.1 2000/07/06 00:54:02 mws Exp $
 
 #
 # Clean up after zone transfer tests.
 #
 
-rm -f dig.out.ns1 dig.out.ns2 ns1/*.jnl ns2/*.jnl ns1/*.db
-
+rm -f dig.out.ns1 dig.out.ns2 ns1/*.jnl ns2/*.jnl
 
 
 

bin/tests/system/nsupdate/ns1/.cvsignore

@@ -1,3 +1,2 @@
 example.db
 named.run
-update.db

bin/tests/system/nsupdate/ns1/named.conf

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.3 2000/07/24 23:54:59 mws Exp $ */
+/* $Id: named.conf,v 1.1 2000/07/06 00:54:03 mws Exp $ */
 
 options {
 	query-source address 10.53.0.1;
@@ -33,11 +33,3 @@ zone "example.nil" {
 	allow-update { any; };
 	allow-transfer { any; };
 };
-
-zone "update.nil" {
-	type master;
-	file "update.db";
-	allow-update { any; };
-	allow-transfer { any; };
-	also-notify { 10.53.0.2; };
-};

bin/tests/system/nsupdate/ns1/update.orig

@@ -1,28 +0,0 @@
-; Copyright (C) 2000  Internet Software Consortium.
-; 
-; Permission to use, copy, modify, and distribute this software for any
-; purpose with or without fee is hereby granted, provided that the above
-; copyright notice and this permission notice appear in all copies.
-; 
-; THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-; ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-; OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-; CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-; DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-; PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-; ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-; SOFTWARE.
-
-; $Id: update.orig,v 1.1 2000/07/24 22:53:39 mws Exp $
-
-$ORIGIN .
-$TTL 300	; 5 minutes
-update.nil		IN SOA	ns1.example.nil. hostmaster.example.nil. (
-				1	   ; serial
-				2000       ; refresh (2000 seconds)
-				2000       ; retry (2000 seconds)
-				1814400    ; expire (3 weeks)
-				3600       ; minimum (1 hour)
-				)
-update.nil.		NS	ns1.update.nil.
-ns1.update.nil.		A	10.53.0.2

bin/tests/system/nsupdate/ns2/.cvsignore

@@ -1,3 +1,2 @@
 example.bk
 named.run
-update.bk

bin/tests/system/nsupdate/ns2/named.conf

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.2 2000/07/24 22:53:40 mws Exp $ */
+/* $Id: named.conf,v 1.1 2000/07/06 00:54:03 mws Exp $ */
 
 options {
 	query-source address 10.53.0.2;
@@ -35,11 +35,4 @@ zone "example.nil" {
 	allow-transfer { any; };
 };
 
-zone "update.nil" {
-	type slave;
-	masters { 10.53.0.1; };
-	file "update.bk";
-	allow-transfer { any; };
-};
-
 

bin/tests/system/nsupdate/setup.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: setup.sh,v 1.2 2000/07/24 22:53:34 mws Exp $
+# $Id: setup.sh,v 1.1 2000/07/06 00:54:02 mws Exp $
 
 #
 # jnl and database files MUST be removed before we start
@@ -23,6 +23,5 @@
 
 rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk
 cp ns1/example.orig ns1/example.db
-cp ns1/update.orig ns1/update.db