Merge branch 'remove-bind9-bugs-references' into 'v9_10_7_patch'

Update documentation to remove obsolete bind9-bugs@isc.org email address

See merge request isc-projects/bind9!111

.dir-locals.el

@@ -1,117 +0,0 @@
-;;; Directory Local Variables
-;;; For more information see (info "(emacs) Directory Variables")
-
-((c-mode .
-  ((eval .
-	 (set (make-local-variable 'directory-of-current-dir-locals-file)
-	      (file-name-directory (locate-dominating-file default-directory ".dir-locals.el"))
-	      )
-	 )
-   (eval .
-	 (set (make-local-variable 'include-directories)
-	      (list
-
-	       ;; top directory
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "./"))
-
-	       ;; libisc
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/unix/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/pthreads/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/netmgr"))
-
-	       ;; libdns
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/dns/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/dns"))
-
-	       ;; libisccc
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isccc/include"))
-
-	       ;; libisccfg
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isccfg/include"))
-
-	       ;; libns
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/ns/include"))
-
-	       ;; libirs
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/irs/include"))
-
-	       ;; libbind9
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/bind9/include"))
-
-	       ;; bin
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/check"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))	       
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dig/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/unix/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dnssec/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-
-	       (expand-file-name "/usr/include/libxml2")
-	       (expand-file-name "/usr/include/json-c")
-	       
-	       (expand-file-name "/usr/local/opt/openssl@1.1/include")
-	       (expand-file-name "/usr/local/opt/libxml2/include/libxml2")
-	       (expand-file-name "/usr/local/opt/json-c/include/json-c/")
-	       (expand-file-name "/usr/local/include")
-	       )
-	      )
-	 )
-
-   (eval setq flycheck-clang-include-path include-directories)
-   (eval setq flycheck-cppcheck-include-path include-directories)
-   (eval setq flycheck-gcc-include-path include-directories)
-   (eval setq flycheck-clang-args
-	 (list
-	  "-include"
-	  (expand-file-name
-	   (concat directory-of-current-dir-locals-file "config.h"))
-	  )
-	 )
-   (eval setq flycheck-gcc-args
-	 (list
-	  "-include"
-	  (expand-file-name
-	   (concat directory-of-current-dir-locals-file "config.h"))
-	  )
-	 )
-   (eval setq flycheck-cppcheck-args
-	 (list
-	  "--enable=all"
-	  "--suppress=missingIncludeSystem"
-	  (concat "-include=" (expand-file-name
-			       (concat directory-of-current-dir-locals-file "config.h")))
-	  )
-	 )
-   )
-  ))

.gitattributes

@@ -1,19 +1,3 @@
 *.sln.in eol=crlf
 *.vcxproj.in eol=crlf
 *.vcxproj.filters.in eol=crlf
-*.dsw eol=crlf
-win32utils/**.txt eol=crlf
-
-.gitignore			 export-ignore
-/EXCLUDED			 export-ignore
-/conftools			 export-ignore
-/doc/design			 export-ignore
-/doc/dev			 export-ignore
-/doc/draft			 export-ignore
-/doc/expired			 export-ignore
-/doc/rfc			 export-ignore
-/lib/lwres/man/resolver.5	 export-ignore
-/util/**			 export-ignore
-/util/bindkeys.pl		-export-ignore
-/util/check-make-install.in	-export-ignore
-/util/mksymtbl.pl		-export-ignore

.gitignore

@@ -1,60 +1,56 @@
-*-symtbl.c
-*.a
-*.gcda
-*.gcno
-*.la
-*.lo
+Makefile
+config.log
+config.h
+config.cache
+config.status
+libtool
+/isc-config.sh
+/configure.lineno
+autom4te.cache/
 *.o
-*.orig
-*.plist/ # ccc-analyzer store its results in .plist directories
-*.rej
+*.lo
 *.so
+*.a
+*.la
 *_test
-*~
-.ccache/
-.cproject
+*-symtbl.c
+timestamp
+ans.run
+lwresd.run
+named.run
+named.memstats
+gen.dSYM/
+.libs/
 .deps/
 .dirstamp
-.libs/
-.project
-.settings
-/aclocal.m4
-/ar-lib
-/autom4te.cache/
-/bind.keys.h
-/compile
-/config.cache
-/config.guess
-/config.h
-/config.h.in
-/config.log
-/config.status
-/config.sub
-/configure
-/configure.lineno
-/depcomp
-/install-sh
-/isc-config.sh
-/libltdl/*
-/libtool
-/ltmain.sh
-/m4/libtool.m4
-/m4/ltargz.m4
-/m4/ltdl.m4
-/m4/ltoptions.m4
-/m4/ltsugar.m4
-/m4/ltversion.m4
-/m4/lt~obsolete.m4
-/missing
-/py-compile
-/stamp-h1
-/test-driver
-Makefile
-ans.run
-gen.dSYM/
-kyua.log
-named.memstats
-named.run
-timestamp
-/compile_commands.json
-/util/check-make-install
+unit/atf-src/atf-c++/atf-c++.pc
+unit/atf-src/atf-c/atf-c.pc
+unit/atf-src/atf-c/defs.h
+unit/atf-src/atf-c/detail/process_helpers
+unit/atf-src/atf-config/atf-config
+unit/atf-src/atf-report/atf-report
+unit/atf-src/atf-report/fail_helper
+unit/atf-src/atf-report/misc_helpers
+unit/atf-src/atf-report/pass_helper
+unit/atf-src/atf-run/atf-run
+unit/atf-src/atf-run/bad_metadata_helper
+unit/atf-src/atf-run/expect_helpers
+unit/atf-src/atf-run/misc_helpers
+unit/atf-src/atf-run/pass_helper
+unit/atf-src/atf-run/several_tcs_helper
+unit/atf-src/atf-run/zero_tcs_helper
+unit/atf-src/atf-sh/atf-check
+unit/atf-src/atf-sh/atf-sh
+unit/atf-src/atf-sh/misc_helpers
+unit/atf-src/atf-version/atf-version
+unit/atf-src/atf-version/revision.h
+unit/atf-src/atf-version/revision.h.stamp
+unit/atf-src/bconfig.h
+unit/atf-src/bootstrap/atconfig
+unit/atf-src/doc/atf.7
+unit/atf-src/stamp-h1
+unit/atf-src/test-programs/c_helpers
+unit/atf-src/test-programs/cpp_helpers
+unit/atf-src/test-programs/sh_helpers
+# ccc-analyzer store its results in .plist directories
+*.plist/

.gitlab-ci.yml

@@ -1,878 +0,0 @@
-variables:
-  # Not normally needed, but may be if some script uses `apt-get install`.
-  DEBIAN_FRONTEND: noninteractive
-  # Locale settings do not affect the build, but might affect tests.
-  LC_ALL: C
-
-  CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
-  CCACHE_DIR: "/ccache"
-  SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
-
-  # VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml
-  KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results"
-
-  GIT_DEPTH: 1
-
-  # The following values may be overwritten in GitLab's CI/CD Variables Settings.
-  BUILD_PARALLEL_JOBS: 6
-  TEST_PARALLEL_JOBS: 4
-
-  CONFIGURE: ./configure
-  CLANG: clang-19
-  ASAN_SYMBOLIZER_PATH: /usr/lib/llvm-19/bin/llvm-symbolizer
-
-  CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra
-
-  # Pass run-time flags to AddressSanitizer to get core dumps on error.
-  ASAN_OPTIONS_COMMON: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1
-
-  TARBALL_COMPRESSOR: gzip
-  TARBALL_EXTENSION: gz
-
-  INSTALL_PATH: "${CI_PROJECT_DIR}/.local"
-
-# Allow all running CI jobs to be automatically canceled when a new
-# version of a branch is pushed.
-#
-# See: https://docs.gitlab.com/ee/ci/pipelines/settings.html#auto-cancel-redundant-pipelines
-default:
-  interruptible: true
-
-  # AWS can interrupt the spot instance anytime, so let's retry the job when
-  # the interruption event happens to avoid a pipeline failure.
-  retry:
-    max: 2
-    when:
-      - runner_system_failure
-
-stages:
-  - precheck
-  - build
-  - unit
-  - system
-  - performance
-  - docs
-  - push
-  - postcheck
-  - postmerge
-  - release
-
-### Runner Tag Templates
-
-.linux-amd64: &linux_amd64
-  tags:
-    - linux
-    - aws
-    - runner-manager
-    - amd64
-
-.linux-i386: &linux_i386
-  tags:
-    - linux
-    - i386
-
-### Docker Image Templates
-
-# Alpine Linux
-
-.alpine-3.15-amd64: &alpine_3_15_amd64_image
-  image: "$CI_REGISTRY_IMAGE:alpine-3.15-amd64"
-  <<: *linux_amd64
-
-# Oracle Linux
-
-.centos-centos6-i386: &centos_centos6_i386_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos6-i386"
-  <<: *linux_i386
-
-.centos-centos6-amd64: &centos_centos6_amd64_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64"
-  <<: *linux_amd64
-
-.oraclelinux-8-amd64: &oraclelinux_8_amd64_image
-  image: "$CI_REGISTRY_IMAGE:oraclelinux-8-amd64"
-  <<: *linux_amd64
-
-# Debian
-
-.debian-stretch-amd64: &debian_stretch_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
-  <<: *linux_amd64
-
-.debian-buster-amd64: &debian_buster_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
-  <<: *linux_amd64
-
-.debian-bookworm-amd64: &debian_bookworm_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64"
-  <<: *linux_amd64
-
-# Ubuntu
-
-.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64"
-  <<: *linux_amd64
-
-.ubuntu-focal-amd64: &ubuntu_focal_amd64_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-focal-amd64"
-  <<: *linux_amd64
-
-# Base image
-# This is a meta image that is used as a base for non-specific jobs
-
-.base: &base_image
-  <<: *debian_bookworm_amd64_image
-
-### Job Templates
-
-.default-triggering-rules: &default_triggering_rules
-  only:
-    - api
-    - merge_requests
-    - pipelines
-    - tags
-    - triggers
-    - web
-    - schedules
-
-.release-branch-triggering-rules: &release_branch_triggering_rules
-  only:
-    - api
-    - merge_requests
-    - pipelines
-    - tags
-    - triggers
-    - web
-    - schedules
-    - main@isc-projects/bind9
-    - /^v9_[1-9][0-9]$/@isc-projects/bind9
-
-.schedules-tags-web-triggering-rules: &schedules_tags_web_triggering_rules
-  only:
-    - api
-    - pipelines
-    - schedules
-    - tags
-    - triggers
-    - web
-
-.precheck: &precheck_job
-  <<: *default_triggering_rules
-  <<: *base_image
-  stage: precheck
-
-.autoconf: &autoconf_job
-  <<: *release_branch_triggering_rules
-  <<: *base_image
-  stage: precheck
-  script:
-    - autoreconf -fi
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-
-.configure: &configure
-    - ${CONFIGURE}
-      --enable-developer
-      --with-randomdev=/dev/urandom
-      --with-libtool
-      --with-geoip2=auto
-      --disable-static
-      --enable-option-checking=fatal
-      --disable-dnstap
-      --with-cmocka
-      --with-libxml2
-      --with-libjson
-      --prefix=/usr/local
-      --without-make-clean
-      $EXTRA_CONFIGURE
-      || (test -s config.log && cat config.log; exit 1)
-
-.build: &build_job
-  <<: *default_triggering_rules
-  stage: build
-  before_script:
-    - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
-    - test -n "${OOT_BUILD_WORKSPACE}" && mkdir "${OOT_BUILD_WORKSPACE}" && cd "${OOT_BUILD_WORKSPACE}"
-  script:
-    - *configure
-    - test -n "${SKIP_MAKE_DEPEND}" || make -j${BUILD_PARALLEL_JOBS:-1} depend 2>&1 | tee make-depend.log
-    - test -n "${SKIP_MAKE_DEPEND}" || ( ! grep -F "error:" make-depend.log )
-    - make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
-    - test -z "${RUN_MAKE_INSTALL}" || make DESTDIR="${INSTALL_PATH}" install
-    - test -z "${RUN_MAKE_INSTALL}" || DESTDIR="${INSTALL_PATH}" sh util/check-make-install
-    - if [[ "${CFLAGS}" == *"-fsanitize=address"* ]]; then ( ! grep -F AddressSanitizer config.log ); fi
-  needs:
-    - job: autoreconf
-      artifacts: true
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-    when: always
-
-.setup_interfaces: &setup_interfaces
-    - if [ "$(id -u)" -eq "0" ]; then
-        sh -x bin/tests/system/ifconfig.sh up;
-      else
-        sudo sh -x bin/tests/system/ifconfig.sh up;
-      fi
-
-.setup_softhsm: &setup_softhsm
-    - export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh)
-    - test -n "${SLOT}" && test "${SLOT}" -gt 0
-
-.system_test_common: &system_test_common
-  <<: *default_triggering_rules
-  stage: system
-  before_script:
-    - *setup_interfaces
-    - *setup_softhsm
-  script:
-    - ( cd bin/tests/system && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 )
-    - test -s bin/tests/system/systests.output
-    - if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" bin/tests/system/systests.output ); fi
-
-.system_test: &system_test_job
-  <<: *system_test_common
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-    when: on_failure
-
-.system_test_gcov: &system_test_gcov_job
-  <<: *system_test_common
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-    when: always
-
-.kyua_report: &kyua_report_html
-  - kyua --logfile /dev/null report-html
-         --force
-         --results-file "$KYUA_RESULT"
-         --results-filter ""
-         --output kyua_html > /dev/null
-
-.unit_test_common: &unit_test_common
-  <<: *default_triggering_rules
-  stage: unit
-  before_script:
-    - *setup_softhsm
-  script:
-    - make unit
-  after_script:
-    - *kyua_report_html
-
-.unit_test: &unit_test_job
-  <<: *unit_test_common
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-    when: on_failure
-
-.unit_test_gcov: &unit_test_gcov_job
-  <<: *unit_test_common
-  artifacts:
-    untracked: true
-    expire_in: "1 day"
-    when: always
-
-### Job Definitions
-
-# Jobs in the precheck stage
-
-autoreconf:
-  <<: *autoconf_job
-
-misc:
-  <<: *precheck_job
-  script:
-    - sh util/check-ans-prereq.sh
-    - sh util/checklibs.sh > checklibs.out
-    - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
-    - sh util/xmllint-html.sh
-    - sh util/check-win32util-configure
-    - sh util/check-categories.sh
-  needs: []
-  artifacts:
-    paths:
-      - util/newcopyrights
-      - checklibs.out
-    expire_in: "1 day"
-    when: on_failure
-
-changes:
-  <<: *precheck_job
-  except:
-    - pipelines
-  script:
-    - sh util/tabify-changes < CHANGES > CHANGES.tmp
-    - diff -urNap CHANGES CHANGES.tmp
-    - perl util/check-changes CHANGES
-    - sh util/check-line-length.sh CHANGES
-    - rm CHANGES.tmp
-  needs: []
-
-coccinelle:
-  <<: *precheck_job
-  needs: []
-  script:
-    - util/check-cocci
-    - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
-
-danger:
-  <<: *precheck_job
-  needs: []
-  script:
-    - pip install git+https://gitlab.isc.org/isc-projects/hazard.git
-    - hazard
-  only:
-    refs:
-      - merge_requests
-
-tarball-create:
-  stage: precheck
-  <<: *base_image
-  <<: *default_triggering_rules
-  script:
-    - source version
-    - export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
-    - git archive --prefix="${BIND_DIRECTORY}/" --output="${BIND_DIRECTORY}.tar" HEAD
-    - mkdir "${BIND_DIRECTORY}"
-    - echo "SRCID=$(git rev-list --max-count=1 HEAD | cut -b1-7)" > "${BIND_DIRECTORY}/srcid"
-    - tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/srcid"
-    - ${TARBALL_COMPRESSOR} "${BIND_DIRECTORY}.tar"
-  artifacts:
-    paths:
-      - bind-*.tar.${TARBALL_EXTENSION}
-
-# Jobs for doc builds on Debian 11 "bookworm" (amd64)
-
-docs:
-  <<: *release_branch_triggering_rules
-  <<: *debian_bookworm_amd64_image
-  stage: docs
-  script:
-    - ./configure || cat config.log
-    - make -C doc/misc docbook
-    - make -C doc/arm Bv9ARM.html
-    - find bin/ lib/ isc-config.sh.1 -not -path "bin/tests/*" -name "*.[0-9]" -exec mandoc -T lint -Werror "{}" \;
-  needs:
-    - job: autoreconf
-      artifacts: true
-  artifacts:
-    paths:
-      - doc/arm/
-    expire_in: "1 month"
-
-push:docs:
-  <<: *base_image
-  stage: push
-  needs:
-    - job: docs
-      artifacts: false
-  script:
-    - curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=main $GITLAB_PAGES_DOCS_TRIGGER_URL
-  only:
-    - main@isc-projects/bind9
-    - /^v9_[1-9][0-9]$/@isc-projects/bind9
-
-# Jobs for regular GCC builds on Alpine Linux 3.15 (amd64)
-
-gcc:alpine3.15:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -DOPENSSL_SUPPRESS_DEPRECATED"
-  <<: *alpine_3_15_amd64_image
-  <<: *build_job
-
-system:gcc:alpine3.15:amd64:
-  <<: *alpine_3_15_amd64_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:alpine3.15:amd64
-      artifacts: true
-
-unit:gcc:alpine3.15:amd64:
-  <<: *alpine_3_15_amd64_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:alpine3.15:amd64
-      artifacts: true
-
-# Jobs for regular GCC builds on CentOS 6 (i386)
-
-gcc:centos6:i386:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON}"
-    EXTRA_CONFIGURE: "--with-libidn2 --without-python --disable-warn-error"
-  <<: *centos_centos6_i386_image
-  <<: *build_job
-
-system:gcc:centos6:i386:
-  <<: *centos_centos6_i386_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:centos6:i386
-      artifacts: true
-
-unit:gcc:centos6:i386:
-  <<: *centos_centos6_i386_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:centos6:i386
-      artifacts: true
-
-# Jobs for regular GCC builds on CentOS 6 (amd64)
-
-gcc:centos6:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON}"
-    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
-  <<: *centos_centos6_amd64_image
-  <<: *build_job
-
-system:gcc:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:centos6:amd64
-      artifacts: true
-
-unit:gcc:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:centos6:amd64
-      artifacts: true
-
-# Jobs for regular GCC builds on Oracle Linux 8 (amd64)
-
-gcc:oraclelinux8:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON}"
-    EXTRA_CONFIGURE: "--enable-buffer-useinline --with-libidn2"
-  <<: *oraclelinux_8_amd64_image
-  <<: *build_job
-
-system:gcc:oraclelinux8:amd64:
-  <<: *oraclelinux_8_amd64_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:oraclelinux8:amd64
-      artifacts: true
-
-unit:gcc:oraclelinux8:amd64:
-  <<: *oraclelinux_8_amd64_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:oraclelinux8:amd64
-      artifacts: true
-
-# Jobs for regular GCC builds on Debian 9 Stretch (amd64)
-
-gcc:stretch:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -O2"
-    EXTRA_CONFIGURE: "--without-gssapi --enable-dnstap"
-  <<: *debian_stretch_amd64_image
-  <<: *build_job
-  <<: *schedules_tags_web_triggering_rules
-
-system:gcc:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *system_test_job
-  <<: *schedules_tags_web_triggering_rules
-  needs:
-    - job: gcc:stretch:amd64
-      artifacts: true
-  allow_failure: true
-
-unit:gcc:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *unit_test_job
-  <<: *schedules_tags_web_triggering_rules
-  needs:
-    - job: gcc:stretch:amd64
-      artifacts: true
-
-# Jobs for regular GCC builds on Debian 10 Buster (amd64)
-
-gcc:buster:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON}"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_buster_amd64_image
-  <<: *build_job
-  <<: *schedules_tags_web_triggering_rules
-
-system:gcc:buster:amd64:
-  <<: *debian_buster_amd64_image
-  <<: *system_test_job
-  <<: *schedules_tags_web_triggering_rules
-  needs:
-    - job: gcc:buster:amd64
-      artifacts: true
-
-unit:gcc:buster:amd64:
-  <<: *debian_buster_amd64_image
-  <<: *unit_test_job
-  <<: *schedules_tags_web_triggering_rules
-  needs:
-    - job: gcc:buster:amd64
-      artifacts: true
-
-# Jobs for tarball GCC builds on Debian 11 "bookworm" (amd64)
-
-gcc:tarball:
-  variables:
-    CC: gcc
-    EXTRA_CONFIGURE: "--with-libidn2"
-    RUN_MAKE_INSTALL: 1
-    CFLAGS: "${CFLAGS_COMMON} -DOPENSSL_SUPPRESS_DEPRECATED"
-  <<: *base_image
-  <<: *build_job
-  before_script:
-    - tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
-    - rm -f bind-*.tar.${TARBALL_EXTENSION}
-    - cd bind-*
-  needs:
-    - job: tarball-create
-      artifacts: true
-
-system:gcc:tarball:
-  <<: *base_image
-  <<: *system_test_job
-  <<: *schedules_tags_web_triggering_rules
-  before_script:
-    - cd bind-*
-    - *setup_interfaces
-  needs:
-    - job: gcc:tarball
-      artifacts: true
-
-unit:gcc:tarball:
-  <<: *base_image
-  <<: *unit_test_job
-  <<: *schedules_tags_web_triggering_rules
-  before_script:
-    - cd bind-*
-  needs:
-    - job: gcc:tarball
-      artifacts: true
-
-# Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64)
-
-gcc:bionic:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -O2"
-    EXTRA_CONFIGURE: "--without-geoip2 --with-geoip --with-gssapi"
-  <<: *ubuntu_bionic_amd64_image
-  <<: *build_job
-
-system:gcc:bionic:amd64:
-  <<: *ubuntu_bionic_amd64_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:bionic:amd64
-      artifacts: true
-
-unit:gcc:bionic:amd64:
-  <<: *ubuntu_bionic_amd64_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:bionic:amd64
-      artifacts: true
-
-# Jobs for regular GCC builds on Ubuntu 20.04 Focal Fossa (amd64)
-
-gcc:focal:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -Og"
-    EXTRA_CONFIGURE: "--with-libidn2 --with-gssapi=/usr"
-  <<: *ubuntu_focal_amd64_image
-  <<: *build_job
-
-system:gcc:focal:amd64:
-  <<: *ubuntu_focal_amd64_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:focal:amd64
-      artifacts: true
-
-# Jobs for builds with ASAN enabled
-
-# "--disable-warn-error" ./configure option disables compiler warnings. This
-# ensures that the job will not fail because of warnings (e.g., null
-# destination pointer in lib/lwres/print.c) we don't want to fix on BIND 9.11
-# because the version is in security-fixes-only mode.
-gcc:asan:
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    LDFLAGS: "-fsanitize=address,undefined"
-    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
-  <<: *base_image
-  <<: *build_job
-
-system:gcc:asan:
-  variables:
-    ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
-  <<: *base_image
-  <<: *system_test_job
-  needs:
-    - job: gcc:asan
-      artifacts: true
-
-unit:gcc:asan:
-  variables:
-    ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
-  <<: *base_image
-  <<: *unit_test_job
-  needs:
-    - job: gcc:asan
-      artifacts: true
-
-clang:asan:
-  variables:
-    CC: ${CLANG}
-    CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    LDFLAGS: "-fsanitize=address,undefined"
-    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
-  <<: *base_image
-  <<: *build_job
-
-system:clang:asan:
-  variables:
-    ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
-  <<: *base_image
-  <<: *system_test_job
-  needs:
-    - job: clang:asan
-      artifacts: true
-
-unit:clang:asan:
-  variables:
-    ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
-  <<: *base_image
-  <<: *unit_test_job
-  needs:
-    - job: clang:asan
-      artifacts: true
-
-# Job producing a release tarball
-
-release:
-  <<: *base_image
-  stage: release
-  script:
-    # Determine BIND version
-    - source version
-    - export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
-    # Prepare release tarball contents (tarballs + zips + documentation)
-    - mkdir -p release/doc/arm
-    - pushd release
-    - mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip .
-    - tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}"
-    - mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README,srcid} .
-    - mv "${BIND_DIRECTORY}"/doc/arm/{Bv9ARM{*.html,.pdf},man.*,notes.{html,pdf,txt}} doc/arm/
-    - rm -rf "${BIND_DIRECTORY}"
-    - cp doc/arm/notes.html "RELEASE-NOTES-${BIND_DIRECTORY}.html"
-    - cp doc/arm/notes.pdf "RELEASE-NOTES-${BIND_DIRECTORY}.pdf"
-    - cp doc/arm/notes.txt "RELEASE-NOTES-${BIND_DIRECTORY}.txt"
-    - popd
-    # Create release tarball
-    - tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/
-  needs:
-    - job: tarball-create
-      artifacts: true
-  only:
-    - tags
-  artifacts:
-    paths:
-      - "*.tar.gz"
-    expire_in: "1 day"
-
-# Coverity Scan analysis upload
-
-.coverity_cache_prep: &coverity_cache_prep
-  - test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || (
-    curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64
-         --form project=$COVERITY_SCAN_PROJECT_NAME
-         --form token=$COVERITY_SCAN_TOKEN
-         --form md5=1;
-    curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
-         --form project=$COVERITY_SCAN_PROJECT_NAME
-         --form token=$COVERITY_SCAN_TOKEN;
-    )
-  - test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
-  - tar --extract --gzip --file=cov-analysis-linux64.tgz
-  - test -d cov-analysis-linux64-2021.12.1
-
-.coverity_build: &coverity_build
-  - cov-analysis-linux64-2021.12.1/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
-  - tar --create --gzip --file=cov-int.tar.gz cov-int/
-  - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
-        --form token=$COVERITY_SCAN_TOKEN
-        --form email=bind-changes@isc.org
-        --form file=@cov-int.tar.gz
-        --form version="$(git rev-parse --short HEAD)"
-        --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1
-        | tee curl-response.txt
-  - grep -q 'Build successfully submitted' curl-response.txt
-
-coverity:
-  <<: *base_image
-  stage: postcheck
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -Og"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  script:
-    - *coverity_cache_prep
-    - *configure
-    - *coverity_build
-  needs:
-    - job: autoreconf
-      artifacts: true
-  artifacts:
-    paths:
-      - curl-response.txt
-      - cov-int.tar.gz
-    expire_in: "1 week"
-    when: on_failure
-  only:
-    variables:
-      - $COVERITY_SCAN_PROJECT_NAME
-      - $COVERITY_SCAN_TOKEN
-  cache:
-    key: cov-analysis-linux64-2021.12.1
-    paths:
-      - cov-analysis-linux64.md5
-      - cov-analysis-linux64.tgz
-
-# Respdiff tests
-
-respdiff:
-  <<: *debian_bookworm_amd64_image
-  <<: *schedules_tags_web_triggering_rules
-  stage: system
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -Og -DOPENSSL_SUPPRESS_DEPRECATED"
-    MAX_DISAGREEMENTS_PERCENTAGE: "0.1"
-  script:
-    - *configure
-    - make -j${BUILD_PARALLEL_JOBS:-1} V=1
-    - *setup_interfaces
-    - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git
-    - cd bind9-qa/respdiff
-    - bash respdiff.sh -s named -q "${PWD}/100k_mixed.txt" -c 3 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}" "/usr/local/respdiff-reference-bind/sbin/named"
-  needs: []
-  artifacts:
-    paths:
-      - refserver
-      - bind9-qa/respdiff
-    exclude:
-      - bind9-qa/respdiff/rspworkdir/data.mdb # Exclude a 10 GB file.
-    untracked: true
-    expire_in: "1 day"
-    when: always
-
-respdiff-third-party:
-  <<: *debian_bookworm_amd64_image
-  <<: *schedules_tags_web_triggering_rules
-  stage: system
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -Og -DOPENSSL_SUPPRESS_DEPRECATED"
-    MAX_DISAGREEMENTS_PERCENTAGE: "0.2"
-  script:
-    - *configure
-    - make -j${BUILD_PARALLEL_JOBS:-1} V=1
-    - *setup_interfaces
-    - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git
-    - cd bind9-qa/respdiff
-    - bash respdiff.sh -s third_party -q "${PWD}/100k_mixed.txt" -c 1 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}"
-  needs: []
-  artifacts:
-    paths:
-      - bind9-qa/respdiff
-    exclude:
-      - bind9-qa/respdiff/rspworkdir/data.mdb # Exclude a 10 GB file.
-    untracked: true
-    expire_in: "1 day"
-    when: always
-
-# ABI check
-
-abi-check:
-  <<: *base_image
-  stage: build
-  needs:
-    - job: autoreconf
-      artifacts: true
-  variables:
-    CC: gcc
-    CFLAGS: "${CFLAGS_COMMON} -Og"
-    EXTRA_CONFIGURE: "--with-libidn2"
-    BIND_BASELINE_VERSION: v9_11_36
-  script:
-    - *configure
-    - make -j${BUILD_PARALLEL_JOBS:-1} V=1
-    - git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
-    - cd refbind/
-    - *configure
-    - make -j${BUILD_PARALLEL_JOBS:-1} V=1
-    - cd ..
-    - util/api-checker.sh . refbind
-  artifacts:
-    paths:
-      - "*-lib*.html"
-      - "*-lib*.txt"
-      - "abi-*.dump"
-    expire_in: "1 week"
-  only:
-    - main@isc-projects/bind9
-    - /^v9_[1-9][0-9]$/@isc-projects/bind9
-
-.post_merge_template: &post_merge
-  <<: *base_image
-  stage: postmerge
-  needs: []
-  # post-merge processes should run even if another MR was merged while the job was running (or queued)
-  interruptible: false
-  variables:
-    # automated commits will inherit identification from the user who pressed Merge button
-    GIT_COMMITTER_NAME: $GITLAB_USER_NAME
-    GIT_COMMITTER_EMAIL: $GITLAB_USER_EMAIL
-    # avoid leftover branches from previous jobs
-    GIT_STRATEGY: clone
-    # assumed max depth of a MR for backport or a rebased force-push
-    GIT_DEPTH: 1000
-  before_script:
-    # force-pushes should not trigger process automation (happens only in -sub branches)
-    - >
-      echo "previous branch tip: $CI_COMMIT_BEFORE_SHA"
-    - set +o pipefail; git log --format='%H' | grep --silent "$CI_COMMIT_BEFORE_SHA" && PREVIOUS_TIP_REACHABLE=1
-    - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 1
-    # non-fast-forward merges are disabled so we have to have merge commit on top
-    - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")"
-    - >
-      : stop if this is not a merge request in the current project\'s namespace
-    - test -n "$MERGE_REQUEST_ID"
-    - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git
-
-merged-metadata:
-  <<: *post_merge
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && ($CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+(-sub)?$/ || $CI_COMMIT_REF_NAME =~ /^bind-9.[0-9]+.[0-9]+-release$/ || $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH)'
-  script:
-    - bind9-qa/releng/after_merge.py "$CI_PROJECT_ID" "$MERGE_REQUEST_ID"

.pylintrc

@@ -1,7 +0,0 @@
-[MASTER]
-disable=
-    C0114, # missing-module-docstring
-    C0115, # missing-class-docstring
-    C0116, # missing-function-docstring
-    C0209, # consider-using-f-string
-    R0801, # duplicate-code

Atffile

@@ -0,0 +1,5 @@
+Content-Type: application/X-atf-atffile; version="1"
+
+prop: test-suite = bind9
+
+tp: lib

CONTRIBUTING

@@ -1,5 +1,3 @@
-CONTRIBUTING
-
 BIND Source Access and Contributor Guidelines
 
 Feb 22, 2018
@@ -31,18 +29,20 @@ BIND is maintained by the Internet Systems Consortium, a public-benefit
 see the source, but only ISC employees have commit access. Until recently,
 the source could only be seen once ISC had published a release: read
 access to the source repository was restricted just as commit access was.
-That's now changing, with the opening of a public git repository of the
-BIND source tree (see below).
+That's now changing, with the opening of a public git mirror to the BIND
+source tree (see below).
 
 Access to source code
 
 Public BIND releases are always available from the ISC FTP site.
 
-A public-access git repository is also available at https://gitlab.isc.org
-. This repository contains all public release branches. Upcoming releases
-can be viewed in their current state at any time. Short-lived development
-branches contain unreviewed work in progress. Commits which address
-security vulnerablilities are withheld until after public disclosure.
+A public-access GIT repository is also available at https://gitlab.isc.org
+. This repository is a mirror, updated several times per day, of the
+source repository maintained by ISC. It contains all the public release
+branches; upcoming releases can be viewed in their current state at any
+time. It does not contain development branches or unreviewed work in
+progress. Commits which address security vulnerablilities are withheld
+until after public disclosure.
 
 You can browse the source online via https://gitlab.isc.org/isc-projects/
 bind9
@@ -61,7 +61,7 @@ Whenever a branch is ready for publication, a tag will be placed of the
 form v9_X_Y. The 9.12.0 release, for instance, is tagged as v9_12_0.
 
 The branch in which the next major release is being developed is called
-main.
+master.
 
 Reporting bugs
 
@@ -89,19 +89,19 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the ISC Security Officer public key.
 
-Do not discuss undisclosed security vulnerabilities on any public mailing
+Do not discuss undisclosed security vulnerabilites on any public mailing
 list. ISC has a long history of handling reported vulnerabilities promptly
 and effectively and we respect and acknowledge responsible reporters.
 
-ISC's Security Vulnerability Disclosure Policy is documented at
-https://kb.isc.org/docs/aa-00861.
+ISC's Security Vulnerability Disclosure Policy is documented at https://
+kb.isc.org/article/AA-00861/0.
 
-If you have a crash, you may want to consult ‘What to do if your BIND or
-DHCP server has crashed.’
+If you have a crash, you may want to consult ?What to do if your BIND or
+DHCP server has crashed.?
 
 Contributing code
 
-BIND is licensed under the Mozilla Public License 2.0. Earlier versions
+BIND is licensed under the Mozilla Public License 2.0. Earier versions
 (BIND 9.10 and earlier) were licensed under the ISC License
 
 ISC does not require an explicit copyright assignment for patch
@@ -117,7 +117,7 @@ Patches for BIND may be submitted directly via merge requests in ISC's
 Gitlab source repository for BIND.
 
 Patches can also be submitted as diffs against a specific version of BIND
--- preferably the current top of the main branch. Diffs may be generated
+-- preferably the current top of the master branch. Diffs may be generated
 using either git format-patch or git diff.
 
 Those wanting to write code for BIND may be interested in the developer
@@ -135,12 +135,12 @@ we're busy with other work, it may take us a long time to get to it.
 
 To ensure your patch is acted on as promptly as possible, please:
 
-  • Try to adhere to the BIND 9 coding style.
-  • Run make check to ensure your change hasn't caused any functional
+  * Try to adhere to the BIND 9 coding style.
+  * Run make check to ensure your change hasn't caused any functional
     regressions.
-  • Document your work, both in the patch itself and in the accompanying
+  * Document your work, both in the patch itself and in the accompanying
     email.
-  • In patches that make non-trivial functional changes, include system
+  * In patches that make non-trivial functional changes, include system
     tests if possible; when introducing or substantially altering a
     library API, include unit tests. See Testing for more information.
 
@@ -159,12 +159,12 @@ Documentation
 All functional changes should be documented. There are three types of
 documentation in the BIND source tree:
 
-  • Man pages are kept alongside the source code for the commands they
+  * Man pages are kept alongside the source code for the commands they
     document, in files ending in .docbook; for example, the named man page
     is bin/named/named.docbook.
-  • The BIND 9 Administrator Reference Manual is mostly in doc/arm/
+  * The BIND 9 Administrator Reference Manual is mostly in doc/arm/
     Bv9ARM-book.xml, plus a few other XML files that are included in it.
-  • API documentation is in the header file describing the API, in
+  * API documentation is in the header file describing the API, in
     Doxygen-formatted comments.
 
 It is not necessary to edit any documentation files other than these; all

CONTRIBUTING.md

@@ -3,7 +3,7 @@
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
  -
  - See the COPYRIGHT file distributed with this work for additional
  - information regarding copyright ownership.
@@ -39,19 +39,21 @@ anyone can see the source, but only ISC employees have commit access.
 Until recently, the source could only be seen once ISC had published
 a release: read access to the source repository was restricted just
 as commit access was.  That's now changing, with the opening of a
-public git repository of the BIND source tree (see below).
+public git mirror to the BIND source tree (see below).
 
 ### <a name="access"></a>Access to source code
 
 Public BIND releases are always available from the
 [ISC FTP site](ftp://ftp.isc.org/isc/bind9).
 
-A public-access git repository is also available at
-[https://gitlab.isc.org](https://gitlab.isc.org).  This repository
-contains all public release branches. Upcoming releases can be viewed in
-their current state at any time.  Short-lived development branches
-contain unreviewed work in progress.  Commits which address security
-vulnerablilities are withheld until after public disclosure.
+A public-access GIT repository is also available at
+[https://gitlab.isc.org](https://gitlab.isc.org).
+This repository is a mirror, updated several times per day, of the
+source repository maintained by ISC.  It contains all the public release
+branches; upcoming releases can be viewed in their current state at any
+time.  It does *not* contain development branches or unreviewed work in
+progress.  Commits which address security vulnerablilities are withheld
+until after public disclosure.
 
 You can browse the source online via
 [https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9)
@@ -70,7 +72,7 @@ Whenever a branch is ready for publication, a tag will be placed of the
 form `v9_X_Y`.  The 9.12.0 release, for instance, is tagged as `v9_12_0`.
 
 The branch in which the next major release is being developed is called
-`main`.
+`master`.
 
 ### <a name="bugs"></a>Reporting bugs
 
@@ -90,7 +92,6 @@ use credentials from an existing account at GitHub, GitLab, Google,
 Twitter, or Facebook.
 
 ### Reporting possible security issues
-
 If you think you may be seeing a potential security vulnerability in BIND
 (for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
 report it immediately by emailing to security-officer@isc.org. Plain-text
@@ -98,12 +99,11 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
 
-Do not discuss undisclosed security vulnerabilities on any public mailing list.
+Do not discuss undisclosed security vulnerabilites on any public mailing list.
 ISC has a long history of handling reported vulnerabilities promptly and
 effectively and we respect and acknowledge responsible reporters.
 
-ISC's Security Vulnerability Disclosure Policy is documented at
-[https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
+ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/article/AA-00861/0](https://kb.isc.org/article/AA-00861/0).
 
 If you have a crash, you may want to consult
 [‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
@@ -112,8 +112,7 @@ If you have a crash, you may want to consult
 
 BIND is licensed under the
 [Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).
-Earlier versions (BIND 9.10 and earlier) were licensed under the
-[ISC License](https://www.isc.org/licenses/)
+Earier versions (BIND 9.10 and earlier) were licensed under the [ISC License](http://www.isc.org/downloads/software-support-policy/isc-license/)
 
 ISC does not require an explicit copyright assignment for patch
 contributions.  However, by submitting a patch to ISC, you implicitly
@@ -129,7 +128,7 @@ Patches for BIND may be submitted directly via merge requests in
 repository for BIND.
 
 Patches can also be submitted as diffs against a specific version of
-BIND -- preferably the current top of the `main` branch.  Diffs may
+BIND -- preferably the current top of the `master` branch.  Diffs may
 be generated using either `git format-patch` or `git diff`.
 
 Those wanting to write code for BIND may be interested in the

COPYRIGHT

@@ -1,10 +1,17 @@
-Copyright (C) 1996-2022  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2018  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2003  Internet Software Consortium.
 
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, you can obtain one at https://mozilla.org/MPL/2.0/.
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
 
- -----------------------------------------------------------------------------
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
 
 	Portions of this code release fall under one or more of the
 	following Copyright notices.  Please see individual source
@@ -529,66 +536,3 @@ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
 
------------------------------------------------------------------------------
-
-Copyright (C) 2008-2011  Red Hat, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND Red Hat DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL Red Hat BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2013-2014, Farsight Security, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2014 by Farsight Security, Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.

EXCLUDED

@@ -1,18 +1,130 @@
-4607.	[bug]		The memory context's malloced and maxmalloced counters
-			were being updated without the appropriate lock being
-			held.  [RT #44869]
+4639.	[bug]		Fix a regression in --with-tuning reporting introduced
+			by change 4488. [RT #45396]
 
-4605.	[performance]	Improve performance for delegation heavy answers
-			and also general query performance. Removes the
-			acache feature that didn't significantly improve
-			performance. Adds a glue cache. Removes
-			additional-from-cache and additional-from-auth
-			features. Enables minimal-responses by
-			default. Improves performance of compression
-			code, owner case restoration, hash function,
-			etc. Uses inline buffer implementation by
-			default. Many other performance changes and fixes.
-			[RT #44029]
+4638.	[bug]		Reloading or reconfiguring named could fail on
+			some platforms when LMDB was in use. [RT #45203]
+
+4630.	[bug]		"dyndb" is dependent on dlopen existing / being
+			enabled. [RT #45291]
+
+4625.	[bug]		Running "rndc addzone" and "rndc delzone" at close
+			to the same time could trigger a deadlock if using
+			LMDB. [RT #45209]
+
+4619.	[bug]		Call isc_mem_put instead of isc_mem_free in
+			bin/named/server.c:setup_newzones. [RT #45202]
+
+4618.	[bug]		Check isc_mem_strdup results in dns_view_setnewzones.
+			Add logging for lmdb call failures. [RT #45204]
+
+4540.	[bug]		Correctly handle ecs entries in dns_acl_isinsecure.
+			[RT #43601]
+
+4531.	[security]	'is_zone' was not being properly updated by redirect2
+			and subsequently preserved leading to an assertion
+			failure. (CVE-2016-9778) [RT #43837]
+
+4520.	[cleanup]	Alphabetize more of the grammar when printing it
+			out. Fix unbalanced indenting. [RT #43755]
+
+4471.	[cleanup]	Render client/query logging format consistent for
+			ease of log file parsing. (Note that this affects
+			"querylog" format: there is now an additional field
+			indicating the client object address.) [RT #43238]
+
+4425.	[bug]		arpaname, dnstap-read and named-rrchecker were not
+			being installed into ${prefix}/bin.  Tidy up
+			installation issues with CHANGE 4421. [RT #42910]
+
+4348.	[func]		dnssec-keymgr: A new python-based DNSSEC key
+			management utility, which reads a policy definition
+			file and can create or update DNSSEC keys as needed
+			to ensure that a zone's keys match policy, roll over
+			correctly on schedule, etc.  Thanks to Sebastian
+			Castro for assistance in development. [RT #39211]
+
+4307.	[bug]		"dig +subnet" and "mdig +subnet" could send
+			incorrectly-formatted Client Subnet options
+			if the prefix length was not divisible by 8.
+			Also fixed a memory leak in "mdig". [RT #45178]
+
+4303.	[bug]		"dig +subnet" was unable to send a prefix length of
+			zero, as it was incorrectly changed to 32 for v4
+			prefixes or 128 for v6 prefixes. In addition to
+			fixing this, "dig +subnet=0" has been added as a
+			short form for 0.0.0.0/0. The same changes have
+			also been made in "mdig". [RT #41553]
+
+4300.	[bug]		A flag could be set in the wrong field when setting
+			up non-recursive queries; this could cause the
+			SERVFAIL cache to cache responses it shouldn't.
+			New querytrace logging has been added which
+			identified this error. [RT #41155]
+
+4161.	[test]		Add JSON test for traffic size stats; also test
+			for consistency between "rndc stats" and the XML
+			and JSON statistics channel contents. [RT #38700]
+
+4135.	[cleanup]	Log expired NTA at startup. [RT #39680]
+
+4056.	[bug]		Expanded automatic testing of trust anchor
+			management and fixed several small bugs including
+			a memory leak and a possible loss of key state
+			information. [RT #38458]
+
+3983.	[bug]		Change #3940 was incomplete: negative trust anchors
+			could be set to last up to a week, but the
+			"nta-lifetime" and "nta-recheck" options were
+			still limited to one day. [RT #37522]
+
+3979.	[bug]		Negative trust anchor fetches were not properly
+			managed. [RT #37488]
+
+3977.	[cleanup]	"rndc secroots" reported a "not found" error when
+			there were no negative trust anchors set. [RT #37506]
+
+3949.	[experimental]	Experimental support for draft-andrews-edns1 by sending
+			EDNS(1) queries (define DRAFT_ANDREWS_EDNS1 when
+			building).  Add support for limiting the EDNS version
+			advertised to servers: server { edns-version 0; };
+			Log the EDNS version received in the query log.
+			[RT #35864]
+
+3938.	[func]		Added quotas to be used in recursive resolvers
+			that are under high query load for names in zones
+			whose authoritative servers are nonresponsive or
+			are experiencing a denial of service attack.
+
+			- "fetches-per-server" limits the number of
+			  simultaneous queries that can be sent to any
+			  single authoritative server.  The configured
+			  value is a starting point; it is automatically
+			  adjusted downward if the server is partially or
+			  completely non-responsive. The algorithm used to
+			  adjust the quota can be configured via the
+			  "fetch-quota-params" option.
+			- "fetches-per-zone" limits the number of
+			  simultaneous queries that can be sent for names
+			  within a single domain.  (Note: Unlike
+			  "fetches-per-server", this value is not
+			  self-tuning.)
+			- New stats counters have been added to count
+			  queries spilled due to these quotas.
+
+			See the ARM for details of these options. [RT #37125]
+
+3930.	[bug]		"rndc nta -r" could cause a server hang if the
+			NTA was not found. [RT #36909]
+
+3920.	[doc]		Added doc for masterfile-style. [RT #36823]
+
+3876.	[bug]		Improve efficiency of DLZ redirect zones by
+			suppressing unnecessary database lookups. [RT #35835]
+
+3875.	[cleanup]	Clarify log message when unable to read private
+			key files. [RT #24702]
+
+3821.	[contrib]	Added a new "mysqldyn" DLZ module with dynamic
+			update and transaction support. Thanks to Marty
+			Lee for the contribution. [RT #35656]
 
-4556.	[bug]		Sending an EDNS Padding option using "dig
-			+ednsopt" could cause a crash in dig. [RT #44462]

HISTORY

@@ -1,192 +1,72 @@
-HISTORY
-
 Functional enhancements from prior major releases of BIND 9
 
-BIND 9.10.0
-
-BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
-releases. New features include:
-
-  • DNS Response-rate limiting (DNS RRL), which blunts the impact of
-    reflection and amplification attacks, is always compiled in and no
-    longer requires a compile-time option to enable it.
-  • An experimental "Source Identity Token" (SIT) EDNS option is now
-    available. Similar to DNS Cookies as invented by Donald Eastlake 3rd,
-    these are designed to enable clients to detect off-path spoofed
-    responses, and to enable servers to detect spoofed-source queries.
-    Servers can be configured to send smaller responses to clients that
-    have not identified themselves using a SIT option, reducing the
-    effectiveness of amplification attacks. RRL processing has also been
-    updated; clients proven to be legitimate via SIT are not subject to
-    rate limiting. Use "configure --enable-sit" to enable this feature in
-    BIND.
-  • A new zone file format, "map", stores zone data in a format that can
-    be mapped directly into memory, allowing significantly faster zone
-    loading.
-  • "delv" (domain entity lookup and validation) is a new tool with
-    dig-like semantics for looking up DNS data and performing internal
-    DNSSEC validation. This allows easy validation in environments where
-    the resolver may not be trustworthy, and assists with troubleshooting
-    of DNSSEC problems. (NOTE: In previous development releases of BIND
-    9.10, this utility was called "delve". The spelling has been changed
-    to avoid confusion with the "delve" utility included with the Xapian
-    search engine.)
-  • Improved EDNS(0) processing for better resolver performance and
-    reliability over slow or lossy connections.
-  • A new "configure --with-tuning=large" option tunes certain compiled-in
-    constants and default settings to values better suited to large
-    servers with abundant memory. This can improve performance on such
-    servers, but will consume more memory and may degrade performance on
-    smaller systems.
-  • Substantial improvement in response-policy zone (RPZ) performance. Up
-    to 32 response-policy zones can be configured with minimal performance
-    loss.
-  • To improve recursive resolver performance, cache records which are
-    still being requested by clients can now be automatically refreshed
-    from the authoritative server before they expire, reducing or
-    eliminating the time window in which no answer is available in the
-    cache.
-  • New "rpz-client-ip" triggers and drop policies allowing response
-    policies based on the IP address of the client.
-  • ACLs can now be specified based on geographic location using the
-    MaxMind GeoIP databases. Use "configure --with-geoip" to enable.
-  • Zone data can now be shared between views, allowing multiple views to
-    serve the same zones authoritatively without storing multiple copies
-    in memory.
-  • New XML schema (version 3) for the statistics channel includes many
-    new statistics and uses a flattened XML tree for faster parsing. The
-    older schema is now deprecated.
-  • A new stylesheet, based on the Google Charts API, displays XML
-    statistics in charts and graphs on javascript-enabled browsers.
-  • The statistics channel can now provide data in JSON format as well as
-    XML.
-  • New stats counters track TCP and UDP queries received per zone, and
-    EDNS options received in total.
-  • The internal and export versions of the BIND libraries (libisc,
-    libdns, etc) have been unified so that external library clients can
-    use the same libraries as BIND itself.
-  • A new compile-time option, "configure --enable-native-pkcs11", allows
-    BIND 9 cryptography functions to use the PKCS#11 API natively, so that
-    BIND can drive a cryptographic hardware service module (HSM) directly
-    instead of using a modified OpenSSL as an intermediary. (Note: This
-    feature requires an HSM to have a full implementation of the PKCS#11
-    API; many current HSMs only have partial implementations. The new
-    "pkcs11-tokens" command can be used to check API completeness. Native
-    PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
-    version 2 from the Open DNSSEC project.)
-  • The new "max-zone-ttl" option enforces maximum TTLs for zones. This
-    can simplify the process of rolling DNSSEC keys by guaranteeing that
-    cached signatures will have expired within the specified amount of
-    time.
-  • "dig +subnet" sends an EDNS CLIENT-SUBNET option when querying.
-  • "dig +expire" sends an EDNS EXPIRE option when querying. When this
-    option is sent with an SOA query to a server that supports it, it will
-    report the expiry time of a slave zone.
-  • New "dnssec-coverage" tool to check DNSSEC key coverage for a zone and
-    report if a lapse in signing coverage has been inadvertently
-    scheduled.
-  • Signing algorithm flexibility and other improvements for the "rndc"
-    control channel.
-  • "named-checkzone" and "named-compilezone" can now read journal files,
-    allowing them to process dynamic zones.
-  • Multiple DLZ databases can now be configured. Individual zones can be
-    configured to be served from a specific DLZ database. DLZ databases
-    now serve zones of type "master" and "redirect".
-  • "rndc zonestatus" reports information about a specified zone.
-  • "named" now listens on IPv6 as well as IPv4 interfaces by default.
-  • "named" now preserves the capitalization of names when responding to
-    queries: for instance, a query for "example.com" may be answered with
-    "example.COM" if the name was configured that way in the zone file.
-    Some clients have a bug causing them to depend on the older behavior,
-    in which the case of the answer always matched the case of the query,
-    rather than the case of the name configured in the DNS. Such clients
-    can now be specified in the new "no-case-compress" ACL; this will
-    restore the older behavior of "named" for those clients only.
-  • new "dnssec-importkey" command allows the use of offline DNSSEC keys
-    with automatic DNSKEY management.
-  • New "named-rrchecker" tool to verify the syntactic correctness of
-    individual resource records.
-  • When re-signing a zone, the new "dnssec-signzone -Q" option drops
-    signatures from keys that are still published but are no longer
-    active.
-  • "named-checkconf -px" will print the contents of configuration files
-    with the shared secrets obscured, making it easier to share
-    configuration (e.g. when submitting a bug report) without revealing
-    private information.
-  • "rndc scan" causes named to re-scan network interfaces for changes in
-    local addresses.
-  • On operating systems with support for routing sockets, network
-    interfaces are re-scanned automatically whenever they change.
-  • "tsig-keygen" is now available as an alternate command name to use for
-    "ddns-confgen".
-
 BIND 9.9.0
 
 BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
 releases. New features include:
 
-  • Inline signing, allowing automatic DNSSEC signing of master zones
+  * Inline signing, allowing automatic DNSSEC signing of master zones
     without modification of the zonefile, or "bump in the wire" signing in
     slaves.
-  • NXDOMAIN redirection.
-  • New 'rndc flushtree' command clears all data under a given name from
+  * NXDOMAIN redirection.
+  * New 'rndc flushtree' command clears all data under a given name from
     the DNS cache.
-  • New 'rndc sync' command dumps pending changes in a dynamic zone to
+  * New 'rndc sync' command dumps pending changes in a dynamic zone to
     disk without a freeze/thaw cycle.
-  • New 'rndc signing' command displays or clears signing status records
+  * New 'rndc signing' command displays or clears signing status records
     in 'auto-dnssec' zones.
-  • NSEC3 parameters for 'auto-dnssec' zones can now be set prior to
+  * NSEC3 parameters for 'auto-dnssec' zones can now be set prior to
     signing, eliminating the need to initially sign with NSEC.
-  • Startup time improvements on large authoritative servers.
-  • Slave zones are now saved in raw format by default.
-  • Several improvements to response policy zones (RPZ).
-  • Improved hardware scalability by using multiple threads to listen for
+  * Startup time improvements on large authoritative servers.
+  * Slave zones are now saved in raw format by default.
+  * Several improvements to response policy zones (RPZ).
+  * Improved hardware scalability by using multiple threads to listen for
     queries and using finer-grained client locking
-  • The 'also-notify' option now takes the same syntax as 'masters', so it
+  * The 'also-notify' option now takes the same syntax as 'masters', so it
     can used named masterlists and TSIG keys.
-  • 'dnssec-signzone -D' writes an output file containing only DNSSEC
+  * 'dnssec-signzone -D' writes an output file containing only DNSSEC
     data, which can be included by the primary zone file.
-  • 'dnssec-signzone -R' forces removal of signatures that are not expired
+  * 'dnssec-signzone -R' forces removal of signatures that are not expired
     but were created by a key which no longer exists.
-  • 'dnssec-signzone -X' allows a separate expiration date to be specified
+  * 'dnssec-signzone -X' allows a separate expiration date to be specified
     for DNSKEY signatures from other signatures.
-  • New '-L' option to dnssec-keygen, dnssec-settime, and
+  * New '-L' option to dnssec-keygen, dnssec-settime, and
     dnssec-keyfromlabel sets the default TTL for the key.
-  • dnssec-dsfromkey now supports reading from standard input, to make it
+  * dnssec-dsfromkey now supports reading from standard input, to make it
     easier to convert DNSKEY to DS.
-  • RFC 1918 reverse zones have been added to the empty-zones table per
+  * RFC 1918 reverse zones have been added to the empty-zones table per
     RFC 6303.
-  • Dynamic updates can now optionally set the zone's SOA serial number to
+  * Dynamic updates can now optionally set the zone's SOA serial number to
     the current UNIX time.
-  • DLZ modules can now retrieve the source IP address of the querying
+  * DLZ modules can now retrieve the source IP address of the querying
     client.
-  • 'request-ixfr' option can now be set at the per-zone level.
-  • 'dig +rrcomments' turns on comments about DNSKEY records, indicating
+  * 'request-ixfr' option can now be set at the per-zone level.
+  * 'dig +rrcomments' turns on comments about DNSKEY records, indicating
     their key ID, algorithm and function
-  • Simplified nsupdate syntax and added readline support
+  * Simplified nsupdate syntax and added readline support
 
 BIND 9.8.0
 
 BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
 releases. New features include:
 
-  • Built-in trust anchor for the root zone, which can be switched on via
+  * Built-in trust anchor for the root zone, which can be switched on via
     "dnssec-validation auto;"
-  • Support for DNS64.
-  • Support for response policy zones (RPZ).
-  • Support for writable DLZ zones.
-  • Improved ease of configuration of GSS/TSIG for interoperability with
+  * Support for DNS64.
+  * Support for response policy zones (RPZ).
+  * Support for writable DLZ zones.
+  * Improved ease of configuration of GSS/TSIG for interoperability with
     Active Directory
-  • Support for GOST signing algorithm for DNSSEC.
-  • Removed RTT Banding from server selection algorithm.
-  • New "static-stub" zone type.
-  • Allow configuration of resolver timeouts via "resolver-query-timeout"
+  * Support for GOST signing algorithm for DNSSEC.
+  * Removed RTT Banding from server selection algorithm.
+  * New "static-stub" zone type.
+  * Allow configuration of resolver timeouts via "resolver-query-timeout"
     option.
-  • The DLZ "dlopen" driver is now built by default.
-  • Added a new include file with function typedefs for the DLZ "dlopen"
+  * The DLZ "dlopen" driver is now built by default.
+  * Added a new include file with function typedefs for the DLZ "dlopen"
     driver.
-  • Made "--with-gssapi" default.
-  • More verbose error reporting from DLZ LDAP.
+  * Made "--with-gssapi" default.
+  * More verbose error reporting from DLZ LDAP.
 
 BIND 9.7.0
 
@@ -194,192 +74,192 @@ BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
 releases. Most are intended to simplify DNSSEC configuration. New features
 include:
 
-  • Fully automatic signing of zones by "named".
-  • Simplified configuration of DNSSEC Lookaside Validation (DLV).
-  • Simplified configuration of Dynamic DNS, using the "ddns-confgen"
+  * Fully automatic signing of zones by "named".
+  * Simplified configuration of DNSSEC Lookaside Validation (DLV).
+  * Simplified configuration of Dynamic DNS, using the "ddns-confgen"
     command line tool or the "local" update-policy option. (As a side
     effect, this also makes it easier to configure automatic zone
     re-signing.)
-  • New named option "attach-cache" that allows multiple views to share a
+  * New named option "attach-cache" that allows multiple views to share a
     single cache.
-  • DNS rebinding attack prevention.
-  • New default values for dnssec-keygen parameters.
-  • Support for RFC 5011 automated trust anchor maintenance
-  • Smart signing: simplified tools for zone signing and key maintenance.
-  • The "statistics-channels" option is now available on Windows.
-  • A new DNSSEC-aware libdns API for use by non-BIND9 applications
-  • On some platforms, named and other binaries can now print out a stack
+  * DNS rebinding attack prevention.
+  * New default values for dnssec-keygen parameters.
+  * Support for RFC 5011 automated trust anchor maintenance
+  * Smart signing: simplified tools for zone signing and key maintenance.
+  * The "statistics-channels" option is now available on Windows.
+  * A new DNSSEC-aware libdns API for use by non-BIND9 applications
+  * On some platforms, named and other binaries can now print out a stack
     backtrace on assertion failure, to aid in debugging.
-  • A "tools only" installation mode on Windows, which only installs dig,
+  * A "tools only" installation mode on Windows, which only installs dig,
     host, nslookup and nsupdate.
-  • Improved PKCS#11 support, including Keyper support and explicit
+  * Improved PKCS#11 support, including Keyper support and explicit
     OpenSSL engine selection.
 
 BIND 9.6.0
 
-  • Full NSEC3 support
-  • Automatic zone re-signing
-  • New update-policy methods tcp-self and 6to4-self
-  • The BIND 8 resolver library, libbind, has been removed from the BIND 9
+  * Full NSEC3 support
+  * Automatic zone re-signing
+  * New update-policy methods tcp-self and 6to4-self
+  * The BIND 8 resolver library, libbind, has been removed from the BIND 9
     distribution and is now available as a separate download.
-  • Change the default pid file location from /var/run to /var/run/
+  * Change the default pid file location from /var/run to /var/run/
     {named,lwresd} for improved chroot/setuid support.
 
 BIND 9.5.0
 
-  • GSS-TSIG support (RFC 3645).
-  • DHCID support.
-  • Experimental http server and statistics support for named via xml.
-  • More detailed statistics counters including those supported in BIND 8.
-  • Faster ACL processing.
-  • Use Doxygen to generate internal documentation.
-  • Efficient LRU cache-cleaning mechanism.
-  • NSID support.
+  * GSS-TSIG support (RFC 3645).
+  * DHCID support.
+  * Experimental http server and statistics support for named via xml.
+  * More detailed statistics counters including those supported in BIND 8.
+  * Faster ACL processing.
+  * Use Doxygen to generate internal documentation.
+  * Efficient LRU cache-cleaning mechanism.
+  * NSID support.
 
 BIND 9.4.0
 
-  • Implemented "additional section caching (or acache)", an internal
+  * Implemented "additional section caching (or acache)", an internal
     cache framework for additional section content to improve response
     performance. Several configuration options were provided to control
     the behavior.
-  • New notify type 'master-only'. Enable notify for master zones only.
-  • Accept 'notify-source' style syntax for query-source.
-  • rndc now allows addresses to be set in the server clauses.
-  • New option "allow-query-cache". This lets "allow-query" be used to
+  * New notify type 'master-only'. Enable notify for master zones only.
+  * Accept 'notify-source' style syntax for query-source.
+  * rndc now allows addresses to be set in the server clauses.
+  * New option "allow-query-cache". This lets "allow-query" be used to
     specify the default zone access level rather than having to have every
     zone override the global value. "allow-query-cache" can be set at both
     the options and view levels. If "allow-query-cache" is not set then
     "allow-recursion" is used if set, otherwise "allow-query" is used if
     set unless "recursion no;" is set in which case "none;" is used,
     otherwise the default (localhost; localnets;) is used.
-  • rndc: the source address can now be specified.
-  • ixfr-from-differences now takes master and slave in addition to yes
+  * rndc: the source address can now be specified.
+  * ixfr-from-differences now takes master and slave in addition to yes
     and no at the options and view levels.
-  • Allow the journal's name to be changed via named.conf.
-  • 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
+  * Allow the journal's name to be changed via named.conf.
+  * 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
     specified zone.
-  • 'dig +trace' now randomly selects the next servers to try. Report if
+  * 'dig +trace' now randomly selects the next servers to try. Report if
     there is a bad delegation.
-  • Improve check-names error messages.
-  • Make public the function to read a key file, dst_key_read_public().
-  • dig now returns the byte count for axfr/ixfr.
-  • allow-update is now settable at the options / view level.
-  • named-checkconf now checks the logging configuration.
-  • host now can turn on memory debugging flags with '-m'.
-  • Don't send notify messages to self.
-  • Perform sanity checks on NS records which refer to 'in zone' names.
-  • New zone option "notify-delay". Specify a minimum delay between sets
+  * Improve check-names error messages.
+  * Make public the function to read a key file, dst_key_read_public().
+  * dig now returns the byte count for axfr/ixfr.
+  * allow-update is now settable at the options / view level.
+  * named-checkconf now checks the logging configuration.
+  * host now can turn on memory debugging flags with '-m'.
+  * Don't send notify messages to self.
+  * Perform sanity checks on NS records which refer to 'in zone' names.
+  * New zone option "notify-delay". Specify a minimum delay between sets
     of NOTIFY messages.
-  • Extend adjusting TTL warning messages.
-  • Named and named-checkzone can now both check for non-terminal wildcard
+  * Extend adjusting TTL warning messages.
+  * Named and named-checkzone can now both check for non-terminal wildcard
     records.
-  • "rndc freeze/thaw" now freezes/thaws all zones.
-  • named-checkconf now check acls to verify that they only refer to
+  * "rndc freeze/thaw" now freezes/thaws all zones.
+  * named-checkconf now check acls to verify that they only refer to
     existing acls.
-  • The server syntax has been extended to support a range of servers.
-  • Report differences between hints and real NS rrset and associated
+  * The server syntax has been extended to support a range of servers.
+  * Report differences between hints and real NS rrset and associated
     address records.
-  • Preserve the case of domain names in rdata during zone transfers.
-  • Restructured the data locking framework using architecture dependent
+  * Preserve the case of domain names in rdata during zone transfers.
+  * Restructured the data locking framework using architecture dependent
     atomic operations (when available), improving response performance on
     multi-processor machines significantly. x86, x86_64, alpha, powerpc,
     and mips are currently supported.
-  • UNIX domain controls are now supported.
-  • Add support for additional zone file formats for improving loading
+  * UNIX domain controls are now supported.
+  * Add support for additional zone file formats for improving loading
     performance. The masterfile-format option in named.conf can be used to
     specify a non-default format. A separate command named-compilezone was
     provided to generate zone files in the new format. Additionally, the
     -I and -O options for dnssec-signzone specify the input and output
     formats.
-  • dnssec-signzone can now randomize signature end times (dnssec-signzone
+  * dnssec-signzone can now randomize signature end times (dnssec-signzone
     -j jitter).
-  • Add support for CH A record.
-  • Add additional zone data constancy checks. named-checkzone has
+  * Add support for CH A record.
+  * Add additional zone data constancy checks. named-checkzone has
     extended checking of NS, MX and SRV record and the hosts they
     reference. named has extended post zone load checks. New zone options:
     check-mx and integrity-check.
-  • edns-udp-size can now be overridden on a per server basis.
-  • dig can now specify the EDNS version when making a query.
-  • Added framework for handling multiple EDNS versions.
-  • Additional memory debugging support to track size and mctx arguments.
-  • Detect duplicates of UDP queries we are recursing on and drop them.
+  * edns-udp-size can now be overridden on a per server basis.
+  * dig can now specify the EDNS version when making a query.
+  * Added framework for handling multiple EDNS versions.
+  * Additional memory debugging support to track size and mctx arguments.
+  * Detect duplicates of UDP queries we are recursing on and drop them.
     New stats category "duplicates".
-  • "USE INTERNAL MALLOC" is now runtime selectable.
-  • The lame cache is now done on a <qname,qclass,qtype> basis as some
-    servers only appear to be lame for certain query types.
-  • Limit the number of recursive clients that can be waiting for a single
-    query (<qname,qtype,qclass>) to resolve. New options clients-per-query
-    and max-clients-per-query.
-  • dig: report the number of extra bytes still left in the packet after
+  * "USE INTERNAL MALLOC" is now runtime selectable.
+  * The lame cache is now done on a basis as some servers only appear to
+    be lame for certain query types.
+  * Limit the number of recursive clients that can be waiting for a single
+    query () to resolve. New options clients-per-query and
+    max-clients-per-query.
+  * dig: report the number of extra bytes still left in the packet after
     processing all the records.
-  • Support for IPSECKEY rdata type.
-  • Raise the UDP receive buffer size to 32k if it is less than 32k.
-  • x86 and x86_64 now have separate atomic locking implementations.
-  • named-checkconf now validates update-policy entries.
-  • Attempt to make the amount of work performed in a iteration self
+  * Support for IPSECKEY rdata type.
+  * Raise the UDP recieve buffer size to 32k if it is less than 32k.
+  * x86 and x86_64 now have seperate atomic locking implementations.
+  * named-checkconf now validates update-policy entries.
+  * Attempt to make the amount of work performed in a iteration self
     tuning. The covers nodes clean from the cache per iteration, nodes
     written to disk when rewriting a master file and nodes destroyed per
     iteration when destroying a zone or a cache.
-  • ISC string copy API.
-  • Automatic empty zone creation for D.F.IP6.ARPA and friends. Note: RFC
+  * ISC string copy API.
+  * Automatic empty zone creation for D.F.IP6.ARPA and friends. Note: RFC
     1918 zones are not yet covered by this but are likely to be in a
     future release.
-  • New options: empty-server, empty-contact, empty-zones-enable and
+  * New options: empty-server, empty-contact, empty-zones-enable and
     disable-empty-zone.
-  • dig now has a '-q queryname' and '+showsearch' options.
-  • host/nslookup now continue (default)/fail on SERVFAIL.
-  • dig now warns if 'RA' is not set in the answer when 'RD' was set in
+  * dig now has a '-q queryname' and '+showsearch' options.
+  * host/nslookup now continue (default)/fail on SERVFAIL.
+  * dig now warns if 'RA' is not set in the answer when 'RD' was set in
     the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
     is set unless a server is explicitly set.
-  • Integrate contributed DLZ code into named.
-  • Integrate contributed IDN code from JPNIC.
-  • libbind: corresponds to that from BIND 8.4.7.
+  * Integrate contibuted DLZ code into named.
+  * Integrate contibuted IDN code from JPNIC.
+  * libbind: corresponds to that from BIND 8.4.7.
 
 BIND 9.3.0
 
-  • DNSSEC is now DS based (RFC 3658).
-  • DNSSEC lookaside validation.
-  • check-names is now implemented.
-  • rrset-order is more complete.
-  • IPv4/IPv6 transition support, dual-stack-servers.
-  • IXFR deltas can now be generated when loading master files,
+  * DNSSEC is now DS based (RFC 3658).
+  * DNSSEC lookaside validation.
+  * check-names is now implemented.
+  * rrset-order is more complete.
+  * IPv4/IPv6 transition support, dual-stack-servers.
+  * IXFR deltas can now be generated when loading master files,
     ixfr-from-differences.
-  • It is now possible to specify the size of a journal, max-journal-size.
-  • It is now possible to define a named set of master servers to be used
+  * It is now possible to specify the size of a journal, max-journal-size.
+  * It is now possible to define a named set of master servers to be used
     in masters clause, masters.
-  • The advertised EDNS UDP size can now be set, edns-udp-size.
-  • allow-v6-synthesis has been obsoleted.
-  • Zones containing MD and MF will now be rejected.
-  • dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
+  * The advertised EDNS UDP size can now be set, edns-udp-size.
+  * allow-v6-synthesis has been obsoleted.
+  * Zones containing MD and MF will now be rejected.
+  * dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
     NOTIMPL. This will have impact on scripts that are looking for
     NOTIMPL.
-  • libbind: corresponds to that from BIND 8.4.5.
+  * libbind: corresponds to that from BIND 8.4.5.
 
 BIND 9.2.0
 
-  • The size of the cache can now be limited using the "max-cache-size"
+  * The size of the cache can now be limited using the "max-cache-size"
     option.
-  • The server can now automatically convert RFC1886-style recursive
+  * The server can now automatically convert RFC1886-style recursive
     lookup requests into RFC2874-style lookups, when enabled using the new
     option "allow-v6-synthesis". This allows stub resolvers that support
     AAAA records but not A6 record chains or binary labels to perform
     lookups in domains that make use of these IPv6 DNS features.
-  • Performance has been improved.
-  • The man pages now use the more portable "man" macros rather than the
+  * Performance has been improved.
+  * The man pages now use the more portable "man" macros rather than the
     "mandoc" macros, and are installed by "make install".
-  • The named.conf parser has been completely rewritten. It now supports
+  * The named.conf parser has been completely rewritten. It now supports
     "include" directives in more places such as inside "view" statements,
     and it no longer has any reserved words.
-  • The "rndc status" command is now implemented.
-  • rndc can now be configured automatically.
-  • A BIND 8 compatible stub resolver library is now included in lib/bind.
-  • OpenSSL has been removed from the distribution. This means that to use
+  * The "rndc status" command is now implemented.
+  * rndc can now be configured automatically.
+  * A BIND 8 compatible stub resolver library is now included in lib/bind.
+  * OpenSSL has been removed from the distribution. This means that to use
     DNSSEC, OpenSSL must be installed and the --with-openssl option must
     be supplied to configure. This does not apply to the use of TSIG,
     which does not require OpenSSL.
-  • The source distribution now builds on Windows. See win32utils/
+  * The source distribution now builds on Windows. See win32utils/
     readme1.txt and win32utils/win32-build.txt for details.
-  • This distribution also includes a new lightweight stub resolver
+  * This distribution also includes a new lightweight stub resolver
     library and associated resolver daemon that fully support forward and
     reverse lookups of both IPv4 and IPv6 addresses. This library is
     considered experimental and is not a complete replacement for the BIND
@@ -387,12 +267,13 @@ BIND 9.2.0
     to perform DNS lookups or dynamic updates still need to be linked
     against the BIND 8 libraries. For DNS lookups, they can also use the
     new "getrrsetbyname()" API.
-  • BIND 9.2 is capable of acting as an authoritative server for DNSSEC
+  * BIND 9.2 is capable of acting as an authoritative server for DNSSEC
     secured zones. This functionality is believed to be stable and
     complete except for lacking support for verifications involving
     wildcard records in secure zones.
-  • When acting as a caching server, BIND 9.2 can be configured to perform
+  * When acting as a caching server, BIND 9.2 can be configured to perform
     DNSSEC secure resolution on behalf of its clients. This part of the
     DNSSEC implementation is still considered experimental. For detailed
     information about the state of the DNSSEC implementation, see the file
     doc/misc/dnssec.
+

HISTORY.md

@@ -1,146 +1,20 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 ### Functional enhancements from prior major releases of BIND 9
 
-#### BIND 9.10.0
-
-BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
-releases.  New features include:
-
- - DNS Response-rate limiting (DNS RRL), which blunts the
-   impact of reflection and amplification attacks, is always
-   compiled in and no longer requires a compile-time option
-   to enable it.
- - An experimental "Source Identity Token" (SIT) EDNS option
-   is now available.  Similar to DNS Cookies as invented by
-   Donald Eastlake 3rd, these are designed to enable clients
-   to detect off-path spoofed responses, and to enable servers
-   to detect spoofed-source queries.  Servers can be configured
-   to send smaller responses to clients that have not identified
-   themselves using a SIT option, reducing the effectiveness of
-   amplification attacks.  RRL processing has also been updated;
-   clients proven to be legitimate via SIT are not subject to
-   rate limiting.  Use "configure --enable-sit" to enable this
-   feature in BIND.
- - A new zone file format, "map", stores zone data in a
-   format that can be mapped directly into memory, allowing
-   significantly faster zone loading.
- - "delv" (domain entity lookup and validation) is a new tool
-   with dig-like semantics for looking up DNS data and performing
-   internal DNSSEC validation.  This allows easy validation in
-   environments where the resolver may not be trustworthy, and
-   assists with troubleshooting of DNSSEC problems. (NOTE:
-   In previous development releases of BIND 9.10, this utility
-   was called "delve". The spelling has been changed to avoid
-   confusion with the "delve" utility included with the Xapian
-   search engine.)
- - Improved EDNS(0) processing for better resolver performance
-   and reliability over slow or lossy connections.
- - A new "configure --with-tuning=large" option tunes certain
-   compiled-in constants and default settings to values better
-   suited to large servers with abundant memory.  This can
-   improve performance on such servers, but will consume more
-   memory and may degrade performance on smaller systems.
- - Substantial improvement in response-policy zone (RPZ)
-   performance.  Up to 32 response-policy zones can be
-   configured with minimal performance loss.
- - To improve recursive resolver performance, cache records
-   which are still being requested by clients can now be
-   automatically refreshed from the authoritative server
-   before they expire, reducing or eliminating the time
-   window in which no answer is available in the cache.
- - New "rpz-client-ip" triggers and drop policies allowing
-   response policies based on the IP address of the client.
- - ACLs can now be specified based on geographic location
-   using the MaxMind GeoIP databases.  Use "configure
-   --with-geoip" to enable.
- - Zone data can now be shared between views, allowing
-   multiple views to serve the same zones authoritatively
-   without storing multiple copies in memory.
- - New XML schema (version 3) for the statistics channel
-   includes many new statistics and uses a flattened XML tree
-   for faster parsing. The older schema is now deprecated.
- - A new stylesheet, based on the Google Charts API, displays
-   XML statistics in charts and graphs on javascript-enabled
-   browsers.
- - The statistics channel can now provide data in JSON
-   format as well as XML.
- - New stats counters track TCP and UDP queries received
-   per zone, and EDNS options received in total.
- - The internal and export versions of the BIND libraries
-   (libisc, libdns, etc) have been unified so that external
-   library clients can use the same libraries as BIND itself.
- - A new compile-time option, "configure --enable-native-pkcs11",
-   allows BIND 9 cryptography functions to use the PKCS#11 API
-   natively, so that BIND can drive a cryptographic hardware
-   service module (HSM) directly instead of using a modified
-   OpenSSL as an intermediary. (Note: This feature requires an
-   HSM to have a full implementation of the PKCS#11 API; many
-   current HSMs only have partial implementations. The new
-   "pkcs11-tokens" command can be used to check API completeness.
-   Native PKCS#11 is known to work with the Thales nShield HSM
-   and with SoftHSM version 2 from the Open DNSSEC project.)
- - The new "max-zone-ttl" option enforces maximum TTLs for
-   zones. This can simplify the process of rolling DNSSEC keys
-   by guaranteeing that cached signatures will have expired
-   within the specified amount of time.
- - "dig +subnet" sends an EDNS CLIENT-SUBNET option when
-   querying.
- - "dig +expire" sends an EDNS EXPIRE option when querying.
-   When this option is sent with an SOA query to a server
-   that supports it, it will report the expiry time of
-   a slave zone.
- - New "dnssec-coverage" tool to check DNSSEC key coverage
-   for a zone and report if a lapse in signing coverage has
-   been inadvertently scheduled.
- - Signing algorithm flexibility and other improvements
-   for the "rndc" control channel.
- - "named-checkzone" and "named-compilezone" can now read
-   journal files, allowing them to process dynamic zones.
- - Multiple DLZ databases can now be configured.  Individual
-   zones can be configured to be served from a specific DLZ
-   database.  DLZ databases now serve zones of type "master"
-   and "redirect".
- - "rndc zonestatus" reports information about a specified zone.
- - "named" now listens on IPv6 as well as IPv4 interfaces
-   by default.
- - "named" now preserves the capitalization of names
-   when responding to queries: for instance, a query for
-   "example.com" may be answered with "example.COM" if the
-   name was configured that way in the zone file.  Some
-   clients have a bug causing them to depend on the older
-   behavior, in which the case of the answer always matched
-   the case of the query, rather than the case of the name
-   configured in the DNS.  Such clients can now be specified
-   in the new "no-case-compress" ACL; this will restore the
-   older behavior of "named" for those clients only.
- - new "dnssec-importkey" command allows the use of offline
-   DNSSEC keys with automatic DNSKEY management.
- - New "named-rrchecker" tool to verify the syntactic
-   correctness of individual resource records.
- - When re-signing a zone, the new "dnssec-signzone -Q" option
-   drops signatures from keys that are still published but are
-   no longer active.
- - "named-checkconf -px" will print the contents of configuration
-   files with the shared secrets obscured, making it easier to
-   share configuration (e.g. when submitting a bug report)
-   without revealing private information.
- - "rndc scan" causes named to re-scan network interfaces for
-   changes in local addresses.
- - On operating systems with support for routing sockets,
-   network interfaces are re-scanned automatically whenever
-   they change.
- - "tsig-keygen" is now available as an alternate command
-   name to use for "ddns-confgen".
-
 #### BIND 9.9.0
 
 BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
@@ -333,8 +207,8 @@ BIND 9.4.0
 - dig: report the number of extra bytes still left in the packet after
   processing all the records.
 - Support for IPSECKEY rdata type.
-- Raise the UDP receive buffer size to 32k if it is less than 32k.
-- x86 and x86_64 now have separate atomic locking implementations.
+- Raise the UDP recieve buffer size to 32k if it is less than 32k.
+- x86 and x86_64 now have seperate atomic locking implementations.
 - named-checkconf now validates update-policy entries.
 - Attempt to make the amount of work performed in a iteration self tuning.
   The covers nodes clean from the cache per iteration, nodes written to
@@ -351,8 +225,8 @@ BIND 9.4.0
 - dig now warns if 'RA' is not set in the answer when 'RD' was set in the
   query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
   unless a server is explicitly set.
-- Integrate contributed DLZ code into named.
-- Integrate contributed IDN code from JPNIC.
+- Integrate contibuted DLZ code into named.
+- Integrate contibuted IDN code from JPNIC.
 - libbind: corresponds to that from BIND 8.4.7.
 
 #### BIND 9.3.0

LICENSE

@@ -1,362 +0,0 @@
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. "Contributor"
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-
-     means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the terms of
-        a Secondary License.
-
-1.6. "Executable Form"
-
-     means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-
-     means a work that combines Covered Software with other material, in a
-     separate file or files, that is not Covered Software.
-
-1.8. "License"
-
-     means this document.
-
-1.9. "Licensable"
-
-     means having the right to grant, to the maximum extent possible, whether
-     at the time of the initial grant or subsequently, any and all of the
-     rights conveyed by this License.
-
-1.10. "Modifications"
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. "Patent Claims" of a Contributor
-
-      means any patent claim(s), including without limitation, method,
-      process, and apparatus claims, in any patent Licensable by such
-      Contributor that would be infringed, but for the grant of the License,
-      by the making, using, selling, offering for sale, having made, import,
-      or transfer of either its Contributions or its Contributor Version.
-
-1.12. "Secondary License"
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. "Source Code Form"
-
-      means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, "You" includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, "control" means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or
-        as part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its
-        Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution
-     become effective for each Contribution on the date the Contributor first
-     distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under
-     this License. No additional rights or licenses will be implied from the
-     distribution or licensing of Covered Software under this License.
-     Notwithstanding Section 2.1(b) above, no patent license is granted by a
-     Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party's
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of
-        its Contributions.
-
-     This License does not grant any rights in the trademarks, service marks,
-     or logos of any Contributor (except as may be necessary to comply with
-     the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this
-     License (see Section 10.2) or under the terms of a Secondary License (if
-     permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its
-     Contributions are its original creation(s) or it has sufficient rights to
-     grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under
-     applicable copyright doctrines of fair use, fair dealing, or other
-     equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under
-     the terms of this License. You must inform recipients that the Source
-     Code Form of the Covered Software is governed by the terms of this
-     License, and how they can obtain a copy of this License. You may not
-     attempt to alter or restrict the recipients' rights in the Source Code
-     Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this
-        License, or sublicense it under different terms, provided that the
-        license for the Executable Form does not attempt to limit or alter the
-        recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for
-     the Covered Software. If the Larger Work is a combination of Covered
-     Software with a work governed by one or more Secondary Licenses, and the
-     Covered Software is not Incompatible With Secondary Licenses, this
-     License permits You to additionally distribute such Covered Software
-     under the terms of such Secondary License(s), so that the recipient of
-     the Larger Work may, at their option, further distribute the Covered
-     Software under the terms of either this License or such Secondary
-     License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices
-     (including copyright notices, patent notices, disclaimers of warranty, or
-     limitations of liability) contained within the Source Code Form of the
-     Covered Software, except that You may alter any license notices to the
-     extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on
-     behalf of any Contributor. You must make it absolutely clear that any
-     such warranty, support, indemnity, or liability obligation is offered by
-     You alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute,
-   judicial order, or regulation then You must: (a) comply with the terms of
-   this License to the maximum extent possible; and (b) describe the
-   limitations and the code they affect. Such description must be placed in a
-   text file included with all distributions of the Covered Software under
-   this License. Except to the extent prohibited by statute or regulation,
-   such description must be sufficiently detailed for a recipient of ordinary
-   skill to be able to understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing
-     basis, if such Contributor fails to notify You of the non-compliance by
-     some reasonable means prior to 60 days after You have come back into
-     compliance. Moreover, Your grants from a particular Contributor are
-     reinstated on an ongoing basis if such Contributor notifies You of the
-     non-compliance by some reasonable means, this is the first time You have
-     received notice of non-compliance with this License from such
-     Contributor, and You become compliant prior to 30 days after Your receipt
-     of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions,
-     counter-claims, and cross-claims) alleging that a Contributor Version
-     directly or indirectly infringes any patent, then the rights granted to
-     You by any and all Contributors for the Covered Software under Section
-     2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an "as is" basis,
-   without warranty of any kind, either expressed, implied, or statutory,
-   including, without limitation, warranties that the Covered Software is free
-   of defects, merchantable, fit for a particular purpose or non-infringing.
-   The entire risk as to the quality and performance of the Covered Software
-   is with You. Should any Covered Software prove defective in any respect,
-   You (not any Contributor) assume the cost of any necessary servicing,
-   repair, or correction. This disclaimer of warranty constitutes an essential
-   part of this License. No use of  any Covered Software is authorized under
-   this License except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from
-   such party's negligence to the extent applicable law prohibits such
-   limitation. Some jurisdictions do not allow the exclusion or limitation of
-   incidental or consequential damages, so this exclusion and limitation may
-   not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts
-   of a jurisdiction where the defendant maintains its principal place of
-   business and such litigation shall be governed by laws of that
-   jurisdiction, without reference to its conflict-of-law provisions. Nothing
-   in this Section shall prevent a party's ability to bring cross-claims or
-   counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject
-   matter hereof. If any provision of this License is held to be
-   unenforceable, such provision shall be reformed only to the extent
-   necessary to make it enforceable. Any law or regulation which provides that
-   the language of a contract shall be construed against the drafter shall not
-   be used to construe this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version
-      of the License under which You originally received the Covered Software,
-      or under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a
-      modified version of this License if you rename the license and remove
-      any references to the name of the license steward (except to note that
-      such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-      Licenses If You choose to distribute Source Code Form that is
-      Incompatible With Secondary Licenses under the terms of this version of
-      the License, the notice described in Exhibit B of this License must be
-      attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file,
-then You may include the notice in a location (such as a LICENSE file in a
-relevant directory) where a recipient would be likely to look for such a
-notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
-
-      This Source Code Form is "Incompatible
-      With Secondary Licenses", as defined by
-      the Mozilla Public License, v. 2.0.

Makefile.in

@@ -1,20 +1,25 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2009, 2011-2017  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002  Internet Software Consortium.
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
-top_builddir =  @top_builddir@
 
 VERSION=@BIND9_VERSION@
 
-SUBDIRS =	make lib bin doc
+SUBDIRS =	make unit lib bin doc
 TARGETS =
 PREREQS =	bind.keys.h
 
@@ -74,7 +79,7 @@ tags:
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
 
 test check:
-	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>/dev/null || echo fail`"; then \
+	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
 	echo I: NOTE: The tests were not run because they require that; \
 	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
 	echo I:	as alias addresses on the loopback interface.  Please run; \
@@ -90,31 +95,30 @@ force-test: test-force
 test-force:
 	status=0; \
 	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
-	(test -f ${top_builddir}/unit/unittest.sh && \
-		$(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \
+	(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
 	exit $$status
 
 README: README.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="README" -f markdown-smart -t html README.md | \
-		${W3M} -dump -cols 75 -O utf-8 -T text/html | \
+	${PANDOC} --email-obfuscation=none -s -t html README.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 HISTORY: HISTORY.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="HISTORY" -f markdown-smart -t html HISTORY.md | \
-		${W3M} -dump -cols 75 -O utf-8 -T text/html | \
+	${PANDOC} --email-obfuscation=none -s -t html HISTORY.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 OPTIONS: OPTIONS.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="OPTIONS" -f markdown-smart -t html OPTIONS.md | \
-		${W3M} -dump -cols 75 -O utf-8 -T text/html | \
+	${PANDOC} --email-obfuscation=none -s -t html OPTIONS.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 CONTRIBUTING: CONTRIBUTING.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="CONTRIBUTING" -f markdown-smart -t html CONTRIBUTING.md | \
-		${W3M} -dump -cols 75 -O utf-8 -T text/html | \
+	${PANDOC} --email-obfuscation=none -s -t html CONTRIBUTING.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 unit::
-	sh ${top_builddir}/unit/unittest.sh
+	sh ${top_srcdir}/unit/unittest.sh
 
 clean::

OPTIONS

@@ -1,12 +1,10 @@
-OPTIONS
-
 Setting the STD_CDEFINES environment variable before running configure can
 be used to enable certain compile-time options that are not explicitly
 defined in configure.
 
 Some of these settings are:
 
-         Setting                            Description
+Setting                   Description
                           Don't ovewrite memory when allocating or freeing
 -DISC_MEM_FILL=0          it; this improves performance but makes
                           debugging more difficult.
@@ -29,6 +27,4 @@ Some of these settings are:
                           highest possible setting
 -DISC_HEAP_CHECK          Test heap consistency after every heap
                           operation; used when debugging
-                          Disable the use of inline functions to implement
--DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
-                          may be useful when debugging
+

OPTIONS.md

@@ -1,12 +1,17 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 Setting the `STD_CDEFINES` environment variable before running `configure`
 can be used to enable certain compile-time options that are not explicitly
@@ -26,4 +31,3 @@ Some of these settings are:
 |`-DDIG_SIGCHASE=1`|Enable DNSSEC signature chasing support in `dig`.  (Note: This feature is deprecated. Use `delv` instead.)|
 |`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
 |`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|
-|`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |

README

@@ -1,5 +1,3 @@
-README
-
 BIND 9
 
 Contents
@@ -7,15 +5,14 @@ Contents
  1. Introduction
  2. Reporting bugs and getting help
  3. Contributing to BIND
- 4. BIND 9.11 features
+ 4. BIND 9.10 features
  5. Building BIND
  6. macOS
- 7. Dependencies
- 8. Compile-time options
- 9. Automated testing
-10. Documentation
-11. Change log
-12. Acknowledgments
+ 7. Compile-time options
+ 8. Automated testing
+ 9. Documentation
+10. Change log
+11. Acknowledgments
 
 Introduction
 
@@ -39,9 +36,9 @@ versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501
 (c)(3) public benefit corporation dedicated to providing software and
 services in support of the Internet infrastructure, developed BIND 9 and
 is responsible for its ongoing maintenance and improvement. BIND is open
-source software licensed under the terms of ISC License for all versions
-up to and including BIND 9.10, and the Mozilla Public License version 2.0
-for all subsequent versions.
+source software licenced under the terms of the ISC License for all
+versions up to and including BIND 9.10, and the Mozilla Public License
+version 2.0 for all subsequent verisons.
 
 For a summary of features introduced in past major releases of BIND, see
 the file HISTORY.
@@ -49,8 +46,8 @@ the file HISTORY.
 For a detailed list of changes made throughout the history of BIND 9, see
 the file CHANGES. See below for details on the CHANGES file format.
 
-For up-to-date versions and release notes, see https://www.isc.org/
-download/.
+For up-to-date release notes and errata, see http://www.isc.org/software/
+bind9/releasenotes
 
 Reporting bugs and getting help
 
@@ -68,13 +65,7 @@ named-checkconf -px.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in named, please do NOT use GitLab to
-report it. Instead, send mail to security-officer@isc.org using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at https://www.isc.org/pgpkey.) Please do not
-discuss the bug on any public mailing list.
-
-For a general overview of ISC security policies, read the Knowledge Base
-article at https://kb.isc.org/docs/aa-00861.
+report it. Instead, please send mail to security-officer@isc.org.
 
 Professional support and training for BIND are available from ISC at
 https://www.isc.org/support.
@@ -89,13 +80,14 @@ mailman/listinfo/bind-workers.
 Contributing to BIND
 
 ISC maintains a public git repository for BIND; details can be found at
-http://www.isc.org/git/.
+http://www.isc.org/git/, and also on Github at https://github.com/
+isc-projects.
 
 Information for BIND contributors can be found in the following files: -
 General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
 style.md - BIND architecture and developer guide: doc/dev/dev.md
 
-Patches for BIND may be submitted as merge requests in the ISC GitLab
+Patches for BIND may be submitted as Merge Requests in the ISC GitLab
 server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
 
 By default, external contributors don't have ability to fork BIND in the
@@ -107,323 +99,200 @@ If you prefer, you may also submit code by opening a GitLab Issue and
 including your patch as an attachment, preferably generated by git
 format-patch.
 
-BIND 9.11 features
+BIND 9.10 features
 
-BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
+BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
 releases. New features include:
 
-  • Added support for Catalog Zones, a new method for provisioning
-    servers: a list of zones to be served is stored in a DNS zone, along
-    with their configuration parameters. Changes to the catalog zone are
-    propagated to slaves via normal AXFR/IXFR, whereupon the zones that
-    are listed in it are automatically added, deleted or reconfigured.
-  • Added support for "dnstap", a fast and flexible method of capturing
-    and logging DNS traffic.
-  • Added support for "dyndb", a new API for loading zone data from an
-    external database, developed by Red Hat for the FreeIPA project.
-  • "fetchlimit" quotas are now compiled in by default. These are for the
-    use of recursive resolvers that are are under high query load for
-    domains whose authoritative servers are nonresponsive or are
-    experiencing a denial of service attack:
-      □ fetches-per-server limits the number of simultaneous queries that
+  * DNS Response-rate limiting (DNS RRL), which blunts the impact of
+    reflection and amplification attacks, is always compiled in and no
+    longer requires a compile-time option to enable it.
+  * An experimental "Source Identity Token" (SIT) EDNS option is now
+    available. Similar to DNS Cookies as invented by Donald Eastlake 3rd,
+    these are designed to enable clients to detect off-path spoofed
+    responses, and to enable servers to detect spoofed-source queries.
+    Servers can be configured to send smaller responses to clients that
+    have not identified themselves using a SIT option, reducing the
+    effectiveness of amplification attacks. RRL processing has also been
+    updated; clients proven to be legitimate via SIT are not subject to
+    rate limiting. Use configure --enable-sit to enable this feature in
+    BIND.
+  * A new zone file format, map, stores zone data in a format that can be
+    mapped directly into memory, allowing significantly faster zone
+    loading.
+  * delv (domain entity lookup and validation) is a new tool with dig-like
+    semantics for looking up DNS data and performing internal DNSSEC
+    validation. This allows easy validation in environments where the
+    resolver may not be trustworthy, and assists with troubleshooting of
+    DNSSEC problems. (NOTE: In previous development releases of BIND 9.10,
+    this utility was called delve. The spelling has been changed to avoid
+    confusion with the delve utility included with the Xapian search
+    engine.)
+  * Improved EDNS(0) processing for better resolver performance and
+    reliability over slow or lossy connections.
+  * A new configure --with-tuning=large option tunes certain compiled-in
+    constants and default settings to values better suited to large
+    servers with abundant memory. This can improve performance on such
+    servers, but will consume more memory and may degrade performance on
+    smaller systems.
+  * Substantial improvement in response-policy zone (RPZ) performance. Up
+    to 32 response-policy zones can be configured with minimal performance
+    loss.
+  * To improve recursive resolver performance, cache records which are
+    still being requested by clients can now be automatically refreshed
+    from the authoritative server before they expire, reducing or
+    eliminating the time window in which no answer is available in the
+    cache.
+  * New rpz-client-ip triggers and drop policies allowing response
+    policies based on the IP address of the client.
+  * ACLs can now be specified based on geographic location using the
+    MaxMind GeoIP databases. Use configure --with-geoip to enable.
+  * Zone data can now be shared between views, allowing multiple views to
+    serve the same zones authoritatively without storing multiple copies
+    in memory.
+  * New XML schema (version 3) for the statistics channel includes many
+    new statistics and uses a flattened XML tree for faster parsing. The
+    older schema is now deprecated.
+  * A new stylesheet, based on the Google Charts API, displays XML
+    statistics in charts and graphs on javascript-enabled browsers.
+  * The statistics channel can now provide data in JSON format as well as
+    XML.
+  * New stats counters track TCP and UDP queries received per zone, and
+    EDNS options received in total.
+  * The internal and export versions of the BIND libraries (libisc,
+    libdns, etc) have been unified so that external library clients can
+    use the same libraries as BIND itself.
+  * A new compile-time option, configure --enable-native-pkcs11, allows
+    BIND 9 cryptography functions to use the PKCS#11 API natively, so that
+    BIND can drive a cryptographic hardware service module (HSM) directly
+    instead of using a modified OpenSSL as an intermediary. (Note: This
+    feature requires an HSM to have a full implementation of the PKCS#11
+    API; many current HSMs only have partial implementations. The new
+    pkcs11-tokens command can be used to check API completeness. Native
+    PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
+    version 2 from the Open DNSSEC project.)
+  * The new max-zone-ttl option enforces maximum TTLs for zones. This can
+    simplify the process of rolling DNSSEC keys by guaranteeing that
+    cached signatures will have expired within the specified amount of
+    time.
+  * dig +subnet sends an EDNS CLIENT-SUBNET option when querying.
+  * dig +expire sends an EDNS EXPIRE option when querying. When this
+    option is sent with an SOA query to a server that supports it, it will
+    report the expiry time of a slave zone.
+  * New dnssec-coverage tool to check DNSSEC key coverage for a zone and
+    report if a lapse in signing coverage has been inadvertently
+    scheduled.
+  * Signing algorithm flexibility and other improvements for the rndc
+    control channel.
+  * named-checkzone and named-compilezone can now read journal files,
+    allowing them to process dynamic zones.
+  * Multiple DLZ databases can now be configured. Individual zones can be
+    configured to be served from a specific DLZ database. DLZ databases
+    now serve zones of type master and redirect.
+  * rndc zonestatus reports information about a specified zone.
+  * named now listens on IPv6 as well as IPv4 interfaces by default.
+  * named now preserves the capitalization of names when responding to
+    queries: for instance, a query for "example.com" may be answered with
+    "example.COM" if the name was configured that way in the zone file.
+    Some clients have a bug causing them to depend on the older behavior,
+    in which the case of the answer always matched the case of the query,
+    rather than the case of the name configured in the DNS. Such clients
+    can now be specified in the new no-case-compress ACL; this will
+    restore the older behavior of named for those clients only.
+  * new dnssec-importkey command allows the use of offline DNSSEC keys
+    with automatic DNSKEY management.
+  * New named-rrchecker tool to verify the syntactic correctness of
+    individual resource records.
+  * When re-signing a zone, the new dnssec-signzone -Q option drops
+    signatures from keys that are still published but are no longer
+    active.
+  * named-checkconf -px will print the contents of configuration files
+    with the shared secrets obscured, making it easier to share
+    configuration (e.g. when submitting a bug report) without revealing
+    private information.
+  * rndc scan causes named to re-scan network interfaces for changes in
+    local addresses.
+  * On operating systems with support for routing sockets, network
+    interfaces are re-scanned automatically whenever they change.
+  * tsig-keygen is now available as an alternate command name to use for
+    ddns-confgen.
+
+BIND 9.10.1
+
+BIND 9.10.1 is a maintenance release, and addresses the security flaws
+described in CVE-2014-3214 and CVE-2014-3859.
+
+BIND 9.10.2
+
+BIND 9.10.2 is a maintenance release, and addresses the security flaws
+described in CVE-2014-8500, CVE-2014-8680 and CVE-2015-1349.
+
+BIND 9.10.3
+
+BIND 9.10.3 is a maintenance release, and addresses the security flaws
+described in CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, and
+CVE-2015-5986.
+
+It also makes the following new features available:
+
+  * New "fetchlimit" quotas are now available for the use of recursive
+    resolvers that are are under high query load for domains whose
+    authoritative servers are nonresponsive or are experiencing a denial
+    of service attack.
+
+      + fetches-per-server limits the number of simultaneous queries that
         can be sent to any single authoritative server. The configured
         value is a starting point; it is automatically adjusted downward
         if the server is partially or completely non-responsive. The
         algorithm used to adjust the quota can be configured via the
-        "fetch-quota-params" option.
-      □ fetches-per-zone limits the number of simultaneous queries that
+        fetch-quota-params option.
+      + fetches-per-zone limits the number of simultaneous queries that
         can be sent for names within a single domain. (Note: Unlike
         fetches-per-server, this value is not self-tuning.)
-      □ New stats counters have been added to count queries spilled due to
+      + New stats counters have been added to count queries spilled due to
         these quotas.
-  • Added a new dnssec-keymgr key maintenance utility, which can generate
-    or update keys as needed to ensure that a zone's keys match a defined
-    DNSSEC policy.
-  • The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE"
-    and is no longer optional. EDNS COOKIE is a mechanism enabling clients
-    to detect off-path spoofed responses, and servers to detect
-    spoofed-source queries. Clients that identify themselves using COOKIE
-    options are not subject to response rate limiting (RRL) and can
-    receive larger UDP responses.
-  • SERVFAIL responses can now be cached for a limited time (defaulting to
-    1 second, with an upper limit of 30). This can reduce the frequency of
-    retries when a query is persistently failing.
-  • Added an nsip-wait-recurse switch to RPZ. This causes NSIP rules to be
-    skipped if a name server IP address isn't in the cache yet; the
-    address will be looked up and the rule will be applied on future
-    queries.
-  • Added a Python RNDC module. This allows multiple commands to sent over
-    a persistent RNDC channel, which saves time.
-  • The controls block in named.conf can now grant read-only rndc access
-    to specified clients or keys. Read-only clients could, for example,
-    check rndc status but could not reconfigure or shut down the server.
-  • rndc commands can now return arbitrarily large amounts of text to the
-    caller.
-  • The zone serial number of a dynamically updatable zone can now be set
-    via rndc signing -serial <number> <zonename>. This allows
-    inline-signing zones to be set to a specific serial number.
-  • The new rndc nta command can be used to set a Negative Trust Anchor
-    (NTA), disabling DNSSEC validation for a specific domain; this can be
-    used when responses from a domain are known to be failing validation
-    due to administrative error rather than because of a spoofing attack.
-    Negative trust anchors are strictly temporary; by default they expire
-    after one hour, but can be configured to last up to one week.
-  • rndc delzone can now be used on zones that were not originally created
-    by "rndc addzone".
-  • rndc modzone reconfigures a single zone, without requiring the entire
-    server to be reconfigured.
-  • rndc showzone displays the current configuration of a zone.
-  • rndc managed-keys can be used to check the status of RFC 5001 managed
-    trust anchors, or to force trust anchors to be refreshed.
-  • max-cache-size can now be set to a percentage of available memory. The
-    default is 90%.
-  • Update forwarding performance has been improved by allowing a single
-    TCP connection to be shared by multiple updates.
-  • The EDNS Client Subnet (ECS) option is now supported for authoritative
-    servers; if a query contains an ECS option then ACLs containing geoip
-    or ecs elements can match against the the address encoded in the
-    option. This can be used to select a view for a query, so that
-    different answers can be provided depending on the client network.
-  • The EDNS EXPIRE option has been implemented on the client side,
-    allowing a slave server to set the expiration timer correctly when
-    transferring zone data from another slave server.
-  • The key generation and manipulation tools (dnssec-keygen,
-    dnssec-settime, dnssec-importkey, dnssec-keyfromlabel) now take -Psync
-    and -Dsync options to set the publication and deletion times of CDS
-    and CDNSKEY parent-synchronization records. Both named and
-    dnssec-signzone can now publish and remove these records at the
-    scheduled times.
-  • A new minimal-any option reduces the size of UDP responses for query
-    type ANY by returning a single arbitrarily selected RRset instead of
-    all RRsets.
-  • A new masterfile-style zone option controls the formatting of text
-    zone files: When set to full, a zone file is dumped in
-    single-line-per-record format.
-  • serial-update-method can now be set to date. On update, the serial
-    number will be set to the current date in YYYYMMDDNN format.
-  • dnssec-signzone -N date sets the serial number to YYYYMMDDNN.
-  • named -L <filename> causes named to send log messages to the specified
-    file by default instead of to the system log.
-  • dig +ttlunits prints TTL values with time-unit suffixes: w, d, h, m, s
-    for weeks, days, hours, minutes, and seconds.
-  • dig +unknownformat prints dig output in RFC 3597 "unknown record"
-    presentation format.
-  • dig +ednsopt allows dig to set arbitrary EDNS options on requests.
-  • dig +ednsflags allows dig to set yet-to-be-defined EDNS flags on
-    requests.
-  • mdig is an alternate version of dig which sends multiple pipelined TCP
-    queries to a server. Instead of waiting for a response after sending a
-    query, it sends all queries immediately and displays responses in the
-    order received.
-  • serial-query-rate no longer controls NOTIFY messages. These are
-    separately controlled by notify-rate and startup-notify-rate.
-  • nsupdate now performs check-names processing by default on records to
-    be added. This can be disabled with check-names no.
-  • The statistics channel now supports DEFLATE compression, reducing the
-    size of the data sent over the network when querying statistics.
-  • New counters have been added to the statistics channel to track the
-    sizes of incoming queries and outgoing responses in histogram buckets,
-    as specified in RSSAC002.
-  • A new NXDOMAIN redirect method (option nxdomain-redirect) has been
-    added, allowing redirection to a specified DNS namespace instead of a
-    single redirect zone.
-  • When starting up, named now ensures that no other named process is
-    already running.
-  • Files created by named to store information, including mkeys and nzf
-    files, are now named after their corresponding views unless the view
-    name contains characters incompatible with use as a filename. Old
-    style filenames (based on the hash of the view name) will still work.
 
-BIND 9.11.1
+NOTE: These features are NOT built in by default; use configure
+--enable-fetchlimit to enable them.
 
-BIND 9.11.1 is a maintenance release, and addresses the security flaws
-disclosed in CVE-2016-6170, CVE-2016-8864, CVE-2016-9131, CVE-2016-9147,
-CVE-2016-9444, CVE-2016-9778, CVE-2017-3135, CVE-2017-3136, CVE-2017-3137
-and CVE-2017-3138.
+  * dig now supports sending of arbitrary EDNS options by specifying them
+    on the command line.
 
-BIND 9.11.2
+BIND 9.10.4
 
-BIND 9.11.2 is a maintenance release, and addresses the security flaws
-disclosed in CVE-2017-3140, CVE-2017-3141, CVE-2017-3142 and
-CVE-2017-3143. It also addresses several bugs related to the use of an
-LMDB database to store data related to zones added via rndc addzone or
-catalog zones.
+BIND 9.10.4 is a maintenance release, and addresses the security flaws
+described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704, CVE-2015-8705,
+CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, CVE-2016-2775 and
+CVE-2016-2776.
 
-BIND 9.11.3
+BIND 9.10.5
 
-BIND 9.11.3 is a maintenance release, and addresses the security flaw
+BIND 9.10.5 is a maintenance release, and addresses the security flaws
+disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
+CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
+CVE-2017-3137, and CVE-2017-3138.
+
+BIND 9.10.6
+
+BIND 9.10.6 is a maintenance release, and addresses the security flaws
+disclosed in CVE-2017-3140 and CVE-2017-3141, CVE-2017-3142 and
+CVE-2017-3143.
+
+BIND 9.10.7
+
+BIND 9.10.7 is a maintenance release, and addresses the security flaw
 disclosed in CVE-2017-3145.
 
-BIND 9.11.4
-
-BIND 9.11.4 is a maintenance release, and addresses the security flaw
-disclosed in CVE-2018-5738. It also introduces "root key sentinel"
-support, enabling validating resolvers to indicate via a special query
-which trust anchors are configured for the root zone.
-
-BIND 9.11.5
-
-BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741 by
-correcting faulty documentation and introducing the following new feature:
-
-  • New krb5-selfsub and ms-selfsub rule types for update-policy
-    statements allow updating of subdomains based on a Kerberos or Active
-    Directory machine principal.
-
-BIND 9.11.6
-
-BIND 9.11.6 is a maintenance release, and also addresses the security
-flaws disclosed in CVE-2018-5743, CVE-2018-5745, CVE-2018-5744, and
-CVE-2019-6465.
-
-BIND 9.11.7
-
-BIND 9.11.7 is a maintenance release, and also addresses the security flaw
-disclosed in CVE-2018-5743.
-
-BIND 9.11.8
-
-BIND 9.11.8 is a maintenance release, and also addresses the security flaw
-disclosed in CVE-2019-6471.
-
-BIND 9.11.9
-
-BIND 9.11.9 is a maintenance release, and also adds support for the new
-MaxMind GeoIP2 geolocation API when built with configure --with-geoip2.
-
-BIND 9.11.10
-
-BIND 9.11.10 is a maintenance release.
-
-BIND 9.11.11
-
-BIND 9.11.11 is a maintenance release.
-
-BIND 9.11.12
-
-BIND 9.11.12 is a maintenance release.
-
-BIND 9.11.13
-
-BIND 9.11.13 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2019-6477.
-
-BIND 9.11.14
-
-BIND 9.11.14 is a maintenance release.
-
-BIND 9.11.15
-
-BIND 9.11.15 is a maintenance release.
-
-BIND 9.11.16
-
-BIND 9.11.16 is a maintenance release.
-
-BIND 9.11.17
-
-BIND 9.11.17 is a maintenance release.
-
-BIND 9.11.18
-
-BIND 9.11.18 is a maintenance release.
-
-BIND 9.11.19
-
-BIND 9.11.19 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
-
-BIND 9.11.20
-
-BIND 9.11.20 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2020-8619.
-
-BIND 9.11.21
-
-BIND 9.11.21 is a maintenance release.
-
-BIND 9.11.22
-
-BIND 9.11.22 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2020-8622, CVE-2020-8623, and
-CVE-2020-8624.
-
-BIND 9.11.23
-
-BIND 9.11.23 is a maintenance release.
-
-BIND 9.11.24
-
-BIND 9.11.24 is a maintenance release.
-
-BIND 9.11.25
-
-BIND 9.11.25 is a maintenance release.
-
-BIND 9.11.26
-
-BIND 9.11.26 is a maintenance release.
-
-BIND 9.11.27
-
-BIND 9.11.27 is a maintenance release.
-
-BIND 9.11.28
-
-BIND 9.11.28 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2020-8625.
-
-BIND 9.11.29
-
-BIND 9.11.29 is a maintenance release.
-
-BIND 9.11.30
-
-This release was withdrawn.
-
-BIND 9.11.31
-
-BIND 9.11.31 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2021-25214, CVE-2021-25215, and
-CVE-2021-25216.
-
-BIND 9.11.32
-
-BIND 9.11.32 is a maintenance release.
-
-BIND 9.11.33
-
-BIND 9.11.33 is a maintenance release.
-
-BIND 9.11.34
-
-BIND 9.11.34 is a maintenance release.
-
-BIND 9.11.35
-
-BIND 9.11.35 is a maintenance release.
-
-BIND 9.11.36
-
-BIND 9.11.36 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2021-25219.
-
-BIND 9.11.37
-
-BIND 9.11.37 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2021-25220.
-
 Building BIND
 
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have
-been observed on many versions of Linux and UNIX, including RHEL/CentOS/
-Oracle Linux, Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware, Alpine,
-FreeBSD, NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE, HP-UX,
-and OpenWRT.
+BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
+support, and a 64-bit integer type. Successful builds have been observed
+on many versions of Linux and UNIX, including RedHat, Fedora, Debian,
+Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris,
+HP-UX, AIX, SCO OpenServer, and OpenWRT.
 
-BIND is also available for Windows Server 2008 and higher. See win32utils/
-build.txt for details on building for Windows systems.
+BIND is also available for Windows XP, 2003, 2008, and higher. See
+win32utils/readme1st.txt for details on building for Windows systems.
 
 To build on a UNIX or Linux system, use:
 
@@ -434,9 +303,9 @@ If you're planning on making changes to the BIND 9 source, you should run
 make depend. If you're using Emacs, you might find make tags helpful.
 
 Several environment variables that can be set before running configure
-will affect compilation. Significant ones are:
+will affect compilation:
 
-   Variable                            Description
+Variable       Description
 CC             The C compiler to use. configure tries to figure out the
                right one for supported systems.
                C compiler flags. Defaults to include -g and/or -O2 as
@@ -451,37 +320,18 @@ STD_CDEFINES   Defaults to empty string. For a list of possible settings,
 LDFLAGS        Linker flags. Defaults to empty string.
 BUILD_CC       Needed when cross-compiling: the native C compiler to use
                when building for the target system.
-BUILD_CFLAGS   CFLAGS for the target system during cross-compiling.
-BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
-BUILD_LDFLAGS  LDFLAGS for the target system during cross-compiling.
-BUILD_LIBS     LIBS for the target system during cross-compiling.
-
-Additional environment variables affecting the build are listed at the end
-of the configure help text, which can be obtained by running the command:
-
-$ ./configure --help
-
-On platforms where neither the C11 Atomic operations library nor custom
-ISC atomic operations are available, updating the statistics counters is
-not locked due to performance reasons and therefore the counters might be
-inaccurate. Anybody building BIND 9 is strongly advised to use a modern
-C11 compiler with C11 Atomic operations library support.
+BUILD_CFLAGS   Optional, used for cross-compiling
+BUILD_CPPFLAGS
+BUILD_LDFLAGS
+BUILD_LIBS
 
 macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from https://developer.apple.com/download/more/ or,
-if you have Xcode already installed, you can run xcode-select --install.
-(Note that an Apple ID may be required to access the download page.)
-
-Dependencies
-
-Portions of BIND that are written in Python, including dnssec-keymgr,
-dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-argparse, ply and distutils.core modules to be available. argparse is a
-standard module as of Python 2.7 and Python 3.2. ply is available from
-https://pypi.python.org/pypi/ply. distutils.core is required for
-installation.
+This can be downloaded from https://developer.apple.com/download/more/ or
+if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and
+other tools so that they can be easily found.
 
 Compile-time options
 
@@ -500,40 +350,6 @@ may be necessary to specify a user with the -u option when running named.)
 To build shared libraries, specify --with-libtool on the configure command
 line.
 
-For the server to support DNSSEC, you need to build it with crypto
-support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
-installed. If the OpenSSL library is installed in a nonstandard location,
-specify the prefix using --with-openssl=<PREFIX> on the configure command
-line. To use a PKCS#11 hardware service module for cryptographic
-operations, specify the path to the PKCS#11 provider library using
---with-pkcs11=<PREFIX>, and configure BIND with "--enable-native-pkcs11".
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following libraries: libxml2 http://xmlsoft.org or json-c
-https://github.com/json-c/json-c. If these are installed at a nonstandard
-location, then:
-
-  • for libxml2, specify the prefix using --with-libxml2=/prefix,
-  • for json-c, adjust PKG_CONFIG_PATH.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against libzlib. If this is installed in a nonstandard location,
-specify the prefix using --with-zlib=/prefix.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in
-a nonstandard location, specify the prefix using with-lmdb=/prefix.
-
-To support GeoIP location-based ACLs, the server must be linked with
-libGeoIP. This is not turned on by default; BIND must be configured with
-"--with-geoip". If the library is installed in a nonstandard location, use
-specify the prefix using "--with-geoip=/prefix".
-
-For DNSTAP packet logging, you must have installed libfstrm https://
-github.com/farsightsec/fstrm and libprotobuf-c https://
-developers.google.com/protocol-buffers, and BIND must be configured with
---enable-dnstap.
-
 Certain compiled-in constants and default settings can be increased to
 values better suited to large servers with abundant memory resources (e.g,
 64-bit servers with 12G or more of memory) by specifying --with-tuning=
@@ -541,6 +357,30 @@ large on the configure command line. This can improve performance on big
 servers, but will consume more memory and may degrade performance on
 smaller systems.
 
+For the server to support DNSSEC, you need to build it with crypto
+support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
+installed. If the OpenSSL library is installed in a nonstandard location,
+specify the prefix using "--with-openssl=<PREFIX>" on the configure
+command line. To use a PKCS#11 hardware service module for cryptographic
+operations, specify the path to the PKCS#11 provider library using
+"--with-pkcs11=<PREFIX>", and configure BIND with
+"--enable-native-pkcs11".
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location,
+specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+"--with-geoip". If the library is installed in a nonstandard location, use
+specify the prefix using "--with-geoip=/prefix".
+
+Portions of BIND that are written in Python, including dnssec-coverage,
+dnssec-checkds, and some of the system tests, require the 'argparse'
+module to be available. 'argparse' is a standard module as of Python 2.7
+and Python 3.2.
+
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB. This can be done by using
 --enable-largefile on the configure command line.
@@ -554,10 +394,6 @@ If your operating system has integrated support for IPv6, it will be used
 automatically. If you have installed KAME IPv6 separately, use --with-kame
 [=PATH] to specify its location.
 
-The --enable-querytrace option causes named to log every step of
-processing every query. This should only be enabled when debugging,
-because it has a significant negative impact on query performance.
-
 make install will install named and the various BIND 9 libraries. By
 default, installation is into /usr/local, but this can be changed with the
 --prefix option when running configure.
@@ -578,20 +414,18 @@ multiple servers to run locally and communicate with one another). These
 IP addresses can be configured by running the command bin/tests/system/
 ifconfig.sh up as root.
 
-Some tests require Perl and the Net::DNS and/or IO::Socket::IP modules,
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
 and will be skipped if these are not available. Some tests require Python
-and the dnspython module and will be skipped if these are not available.
+and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the CMocka unit testing framework. To
-build them, use configure --with-cmocka. Execution of tests is done by the
-Kyua test execution engine; if the kyua command is available, then unit
-tests can be run via make test or make unit.
+Unit tests are implemented using Automated Testing Framework (ATF). To run
+them, use configure --with-atf, then run make test or make unit.
 
 Documentation
 
 The BIND 9 Administrator Reference Manual is included with the source
-distribution, in DocBook XML, HTML, and PDF format, in the doc/arm
+distribution, in DocBook XML, HTML and PDF format, in the doc/arm
 directory.
 
 Some of the programs in the BIND 9 distribution have man pages in their
@@ -611,7 +445,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
 changes listed first. Change notes include tags indicating the category of
 the change that was made; these categories are:
 
-   Category                            Description
+Category       Description
 [func]         New feature
 [bug]          General bug fix
 [security]     Fix for a significant security flaw
@@ -639,46 +473,26 @@ releases (i.e., those with version numbers ending in zero). Some new
 functionality may be backported to older releases on a case-by-case basis.
 All other change types may be applied to all currently-supported releases.
 
-Bug report identifiers
-
-Most notes in the CHANGES file include a reference to a bug report or
-issue number. Prior to 2018, these were usually of the form [RT #NNN] and
-referred to entries in the "bind9-bugs" RT database, which was not open to
-the public. More recent entries use the form [GL #NNN] or, less often, [GL
-!NNN], which, respectively, refer to issues or merge requests in the
-GitLab database. Most of these are publicly readable, unless they include
-information which is confidential or security sensitive.
-
-To look up a GitLab issue by its number, use the URL https://
-gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
-use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
-
-In rare cases, an issue or merge request number may be followed with the
-letter "P". This indicates that the information is in the private ISC
-GitLab instance, which is not visible to the public.
-
 Acknowledgments
 
-  • The original development of BIND 9 was underwritten by the following
+  * The original development of BIND 9 was underwritten by the following
     organizations:
 
-      Sun Microsystems, Inc.
-      Hewlett Packard
-      Compaq Computer Corporation
-      IBM
-      Process Software Corporation
-      Silicon Graphics, Inc.
-      Network Associates, Inc.
-      U.S. Defense Information Systems Agency
-      USENIX Association
-      Stichting NLnet - NLnet Foundation
-      Nominum, Inc.
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
 
-  • This product includes software developed by the OpenSSL Project for
+  * This product includes software developed by the OpenSSL Project for
     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
-  • This product includes cryptographic software written by Eric Young
+  * This product includes cryptographic software written by Eric Young
     (eay@cryptsoft.com)
-
-  • This product includes software written by Tim Hudson
+  * This product includes software written by Tim Hudson
     (tjh@cryptsoft.com)

README.md

@@ -1,12 +1,17 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017, 2018  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 # BIND 9
 
@@ -15,10 +20,9 @@
 1. [Introduction](#intro)
 1. [Reporting bugs and getting help](#help)
 1. [Contributing to BIND](#contrib)
-1. [BIND 9.11 features](#features)
+1. [BIND 9.10 features](#features)
 1. [Building BIND](#build)
 1. [macOS](#macos)
-1. [Dependencies](#dependencies)
 1. [Compile-time options](#opts)
 1. [Automated testing](#testing)
 1. [Documentation](#doc)
@@ -48,9 +52,9 @@ versions 4 and 8.  Internet Systems Consortium
 corporation dedicated to providing software and services in support of the
 Internet infrastructure, developed BIND 9 and is responsible for its
 ongoing maintenance and improvement.  BIND is open source software
-licensed under the terms of ISC License for all versions up to and
+licenced under the terms of the ISC License for all versions up to and
 including BIND 9.10, and the Mozilla Public License version 2.0 for all
-subsequent versions.
+subsequent verisons.
 
 For a summary of features introduced in past major releases of BIND,
 see the file [HISTORY](HISTORY.md).
@@ -59,8 +63,8 @@ For a detailed list of changes made throughout the history of BIND 9, see
 the file [CHANGES](CHANGES). See [below](#changes) for details on the
 CHANGES file format.
 
-For up-to-date versions and release notes, see
-[https://www.isc.org/download/](https://www.isc.org/download/).
+For up-to-date release notes and errata, see
+[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
 
 ### <a name="help"/> Reporting bugs and getting help
 
@@ -79,15 +83,8 @@ using `named-checkconf -px`.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in `named`, please do *NOT* use GitLab to
-report it. Instead, send mail to
-[security-officer@isc.org](mailto:security-officer@isc.org) using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at
-[https://www.isc.org/pgpkey](https://www.isc.org/pgpkey).) Please do not
-discuss the bug on any public mailing list.
-
-For a general overview of ISC security policies, read the Knowledge Base
-article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
+report it. Instead, please send mail to
+[security-officer@isc.org](mailto:security-officer@isc.org).
 
 Professional support and training for BIND are available from
 ISC at [https://www.isc.org/support](https://www.isc.org/support).
@@ -102,7 +99,8 @@ may also want to join the __BIND Workers__ mailing list, at
 ### <a name="contrib"/> Contributing to BIND
 
 ISC maintains a public git repository for BIND; details can be found
-at [http://www.isc.org/git/](http://www.isc.org/git/).
+at [http://www.isc.org/git/](http://www.isc.org/git/), and also on Github
+at [https://github.com/isc-projects](https://github.com/isc-projects).
 
 Information for BIND contributors can be found in the following files:
 - General information: [doc/dev/contrib.md](doc/dev/contrib.md)
@@ -110,7 +108,7 @@ Information for BIND contributors can be found in the following files:
 - BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
 
 Patches for BIND may be submitted as
-[merge requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
+[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
 in the [ISC GitLab server](https://gitlab.isc.org) at
 at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
 
@@ -124,323 +122,193 @@ If you prefer, you may also submit code by opening a
 including your patch as an attachment, preferably generated by
 `git format-patch`.
 
-### <a name="features"/> BIND 9.11 features
+### <a name="features"/> BIND 9.10 features
 
-BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
+BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
 releases.  New features include:
 
-* Added support for Catalog Zones, a new method for provisioning servers: a
-  list of zones to be served is stored in a DNS zone, along with their
-  configuration parameters. Changes to the catalog zone are propagated to
-  slaves via normal AXFR/IXFR, whereupon the zones that are listed in it
-  are automatically added, deleted or reconfigured.
-* Added support for "dnstap", a fast and flexible method of capturing and
-  logging DNS traffic.
-* Added support for "dyndb", a new API for loading zone data from an
-  external database, developed by Red Hat for the FreeIPA project.
-* "fetchlimit" quotas are now compiled in by default.  These are for the
-  use of recursive resolvers that are are under high query load for domains
-  whose authoritative servers are nonresponsive or are experiencing a
-  denial of service attack:
+ * DNS Response-rate limiting (DNS RRL), which blunts the impact of
+   reflection and amplification attacks, is always compiled in and no
+   longer requires a compile-time option to enable it.
+ * An experimental "Source Identity Token" (SIT) EDNS option is now
+   available.  Similar to DNS Cookies as invented by Donald Eastlake 3rd,
+   these are designed to enable clients to detect off-path spoofed
+   responses, and to enable servers to detect spoofed-source queries.
+   Servers can be configured to send smaller responses to clients that have
+   not identified themselves using a SIT option, reducing the effectiveness
+   of amplification attacks.  RRL processing has also been updated; clients
+   proven to be legitimate via SIT are not subject to rate limiting.  Use
+   `configure --enable-sit` to enable this feature in BIND.
+ * A new zone file format, `map`, stores zone data in a format that can be
+   mapped directly into memory, allowing significantly faster zone loading.
+ * `delv` (domain entity lookup and validation) is a new tool with dig-like
+   semantics for looking up DNS data and performing internal DNSSEC
+   validation.  This allows easy validation in environments where the
+   resolver may not be trustworthy, and assists with troubleshooting of
+   DNSSEC problems. (NOTE: In previous development releases of BIND 9.10,
+   this utility was called `delve`. The spelling has been changed to avoid
+   confusion with the `delve` utility included with the Xapian search
+   engine.)
+ * Improved EDNS(0) processing for better resolver performance and
+   reliability over slow or lossy connections.
+ * A new `configure --with-tuning=large` option tunes certain compiled-in
+   constants and default settings to values better suited to large servers
+   with abundant memory.  This can improve performance on such servers, but
+   will consume more memory and may degrade performance on smaller systems.
+ * Substantial improvement in response-policy zone (RPZ) performance.  Up
+   to 32 response-policy zones can be configured with minimal performance
+   loss.
+ * To improve recursive resolver performance, cache records which are still
+   being requested by clients can now be automatically refreshed from the
+   authoritative server before they expire, reducing or eliminating the
+   time window in which no answer is available in the cache.
+ * New `rpz-client-ip` triggers and drop policies allowing response
+   policies based on the IP address of the client.
+ * ACLs can now be specified based on geographic location using the MaxMind
+   GeoIP databases.  Use `configure --with-geoip` to enable.
+ * Zone data can now be shared between views, allowing multiple views to
+   serve the same zones authoritatively without storing multiple copies in
+   memory.
+ * New XML schema (version 3) for the statistics channel includes many new
+   statistics and uses a flattened XML tree for faster parsing. The older
+   schema is now deprecated.
+ * A new stylesheet, based on the Google Charts API, displays XML
+   statistics in charts and graphs on javascript-enabled browsers.
+ * The statistics channel can now provide data in JSON format as well as
+   XML.
+ * New stats counters track TCP and UDP queries received per zone, and EDNS
+   options received in total.
+ * The internal and export versions of the BIND libraries (libisc, libdns,
+   etc) have been unified so that external library clients can use the same
+   libraries as BIND itself.
+ * A new compile-time option, `configure --enable-native-pkcs11`, allows
+   BIND 9 cryptography functions to use the PKCS#11 API natively, so that
+   BIND can drive a cryptographic hardware service module (HSM) directly
+   instead of using a modified OpenSSL as an intermediary. (Note: This
+   feature requires an HSM to have a full implementation of the PKCS#11
+   API; many current HSMs only have partial implementations. The new
+   `pkcs11-tokens` command can be used to check API completeness.  Native
+   PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
+   version 2 from the Open DNSSEC project.)
+ * The new `max-zone-ttl` option enforces maximum TTLs for zones. This can
+   simplify the process of rolling DNSSEC keys by guaranteeing that cached
+   signatures will have expired within the specified amount of time.
+ * `dig +subnet` sends an EDNS CLIENT-SUBNET option when querying.
+ * `dig +expire` sends an EDNS EXPIRE option when querying.  When this
+   option is sent with an SOA query to a server that supports it, it will
+   report the expiry time of a slave zone.
+ * New `dnssec-coverage` tool to check DNSSEC key coverage for a zone and
+   report if a lapse in signing coverage has been inadvertently scheduled.
+ * Signing algorithm flexibility and other improvements for the `rndc`
+   control channel.
+ * `named-checkzone` and `named-compilezone` can now read journal files,
+   allowing them to process dynamic zones.
+ * Multiple DLZ databases can now be configured.  Individual zones can be
+   configured to be served from a specific DLZ database.  DLZ databases now
+   serve zones of type `master` and `redirect`.
+ * `rndc zonestatus` reports information about a specified zone.
+ * `named` now listens on IPv6 as well as IPv4 interfaces by default.
+ * `named` now preserves the capitalization of names when responding to
+   queries: for instance, a query for "example.com" may be answered with
+   "example.COM" if the name was configured that way in the zone file.
+   Some clients have a bug causing them to depend on the older behavior, in
+   which the case of the answer always matched the case of the query,
+   rather than the case of the name configured in the DNS.  Such clients
+   can now be specified in the new `no-case-compress` ACL; this will
+   restore the older behavior of `named` for those clients only.
+ * new `dnssec-importkey` command allows the use of offline DNSSEC keys
+   with automatic DNSKEY management.
+ * New `named-rrchecker` tool to verify the syntactic correctness of
+   individual resource records.
+ * When re-signing a zone, the new `dnssec-signzone -Q` option drops
+   signatures from keys that are still published but are no longer active.
+ * `named-checkconf -px` will print the contents of configuration files
+   with the shared secrets obscured, making it easier to share
+   configuration (e.g. when submitting a bug report) without revealing
+   private information.
+ * `rndc scan` causes named to re-scan network interfaces for changes in
+   local addresses.
+ * On operating systems with support for routing sockets, network
+   interfaces are re-scanned automatically whenever they change.
+ * `tsig-keygen` is now available as an alternate command name to use for
+   `ddns-confgen`.
+
+#### BIND 9.10.1
+
+BIND 9.10.1 is a maintenance release, and addresses the security flaws
+described in CVE-2014-3214 and CVE-2014-3859.
+
+#### BIND 9.10.2
+
+BIND 9.10.2 is a maintenance release, and addresses the security flaws
+described in CVE-2014-8500, CVE-2014-8680 and CVE-2015-1349.
+
+#### BIND 9.10.3
+
+BIND 9.10.3 is a maintenance release, and addresses the security flaws
+described in CVE-2015-4620, CVE-2015-5477, CVE-2015-5722, and
+CVE-2015-5986.
+
+It also makes the following new features available:
+
+* New "fetchlimit" quotas are now available for the use of
+  recursive resolvers that are are under high query load for
+  domains whose authoritative servers are nonresponsive or are
+  experiencing a denial of service attack.
+
     * `fetches-per-server` limits the number of simultaneous queries that
       can be sent to any single authoritative server.  The configured value
       is a starting point; it is automatically adjusted downward if the
       server is partially or completely non-responsive. The algorithm used
-      to adjust the quota can be configured via the "fetch-quota-params"
+      to adjust the quota can be configured via the `fetch-quota-params`
       option.
     * `fetches-per-zone` limits the number of simultaneous queries that can
       be sent for names within a single domain.  (Note: Unlike
       `fetches-per-server`, this value is not self-tuning.)
     * New stats counters have been added to count queries spilled due to
       these quotas.
-* Added a new `dnssec-keymgr` key maintenance utility, which can generate or
-  update keys as needed to ensure that a zone's keys match a defined DNSSEC
-  policy.
-* The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE" and
-  is no longer optional. EDNS COOKIE is a mechanism enabling clients to
-  detect off-path spoofed responses, and servers to detect spoofed-source
-  queries.  Clients that identify themselves using COOKIE options are not
-  subject to response rate limiting (RRL) and can receive larger UDP
-  responses.
-* SERVFAIL responses can now be cached for a limited time (defaulting to 1
-  second, with an upper limit of 30).  This can reduce the frequency of
-  retries when a query is persistently failing.
-* Added an `nsip-wait-recurse` switch to RPZ. This causes NSIP rules to be
-  skipped if a name server IP address isn't in the cache yet; the address
-  will be looked up and the rule will be applied on future queries.
-* Added a Python RNDC module. This allows multiple commands to sent over a
-  persistent RNDC channel, which saves time.
-* The `controls` block in named.conf can now grant read-only `rndc` access
-  to specified clients or keys. Read-only clients could, for example, check
-  `rndc status` but could not reconfigure or shut down the server.
-* `rndc` commands can now return arbitrarily large amounts of text to the
-  caller.
-* The zone serial number of a dynamically updatable zone can now be set via
-  `rndc signing -serial <number> <zonename>`.  This allows inline-signing
-  zones to be set to a specific serial number.
-* The new `rndc nta` command can be used to set a Negative Trust Anchor
-  (NTA), disabling DNSSEC validation for a specific domain; this can be
-  used when responses from a domain are known to be failing validation due
-  to administrative error rather than because of a spoofing attack.
-  Negative trust anchors are strictly temporary; by default they expire
-  after one hour, but can be configured to last up to one week.
-* `rndc delzone` can now be used on zones that were not originally created
-  by "rndc addzone".
-* `rndc modzone` reconfigures a single zone, without requiring the entire
-  server to be reconfigured.
-* `rndc showzone` displays the current configuration of a zone.
-* `rndc managed-keys` can be used to check the status of RFC 5001 managed
-  trust anchors, or to force trust anchors to be refreshed.
-* `max-cache-size` can now be set to a percentage of available memory. The
-  default is 90%.
-* Update forwarding performance has been improved by allowing a single TCP
-  connection to be shared by multiple updates.
-* The EDNS Client Subnet (ECS) option is now supported for authoritative
-  servers; if a query contains an ECS option then ACLs containing `geoip`
-  or `ecs` elements can match against the the address encoded in the
-  option.  This can be used to select a view for a query, so that different
-  answers can be provided depending on the client network.
-* The EDNS EXPIRE option has been implemented on the client side, allowing
-  a slave server to set the expiration timer correctly when transferring
-  zone data from another slave server.
-* The key generation and manipulation tools (`dnssec-keygen`,
-  `dnssec-settime`, `dnssec-importkey`, `dnssec-keyfromlabel`) now take
-  `-Psync` and `-Dsync` options to set the publication and deletion times
-  of CDS and CDNSKEY parent-synchronization records.  Both `named` and
-  `dnssec-signzone` can now publish and remove these records at the
-  scheduled times.
-* A new `minimal-any` option reduces the size of UDP responses for query
-  type ANY by returning a single arbitrarily selected RRset instead of all
-  RRsets.
-* A new `masterfile-style` zone option controls the formatting of text zone
-  files:  When set to `full`, a zone file is dumped in
-  single-line-per-record format.
-* `serial-update-method` can now be set to `date`. On update, the serial
-  number will be set to the current date in YYYYMMDDNN format.
-* `dnssec-signzone -N date` sets the serial number to YYYYMMDDNN.
-* `named -L <filename>` causes named to send log messages to the specified
-  file by default instead of to the system log.
-* `dig +ttlunits` prints TTL values with time-unit suffixes: w, d, h, m, s
-  for weeks, days, hours, minutes, and seconds.
-* `dig +unknownformat` prints dig output in RFC 3597 "unknown record"
-  presentation format.
-* `dig +ednsopt` allows dig to set arbitrary EDNS options on requests.
-* `dig +ednsflags` allows dig to set yet-to-be-defined EDNS flags on
-  requests.
-* `mdig` is an alternate version of dig which sends multiple pipelined TCP
-  queries to a server.  Instead of waiting for a response after sending a
-  query, it sends all queries immediately and displays responses in the
-  order received.
-* `serial-query-rate` no longer controls NOTIFY messages.  These are
-  separately controlled by `notify-rate` and `startup-notify-rate`.
-* `nsupdate` now performs `check-names` processing by default on records to
-  be added.  This can be disabled with `check-names no`.
-* The statistics channel now supports DEFLATE compression, reducing the
-  size of the data sent over the network when querying statistics.
-* New counters have been added to the statistics channel to track the sizes
-  of incoming queries and outgoing responses in histogram buckets, as
-  specified in RSSAC002.
-* A new NXDOMAIN redirect method (option `nxdomain-redirect`) has been
-  added, allowing redirection to a specified DNS namespace instead of a
-  single redirect zone.
-* When starting up, named now ensures that no other named process is
-  already running.
-* Files created by named to store information, including `mkeys` and `nzf`
-  files, are now named after their corresponding views unless the view name
-  contains characters incompatible with use as a filename. Old style
-  filenames (based on the hash of the view name) will still work.
 
-#### BIND 9.11.1
+  NOTE: These features are NOT built in by default; use
+  `configure --enable-fetchlimit` to enable them.
+
+* `dig` now supports sending of arbitrary EDNS options by specifying
+  them on the command line.
+
+#### BIND 9.10.4
+
+BIND 9.10.4 is a maintenance release, and addresses the security flaws
+described in CVE-2015-8000, CVE-2015-8461, CVE-2015-8704, CVE-2015-8705,
+CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, CVE-2016-2775 and
+CVE-2016-2776.
+
+#### BIND 9.10.5
 	
-BIND 9.11.1 is a maintenance release, and addresses the security
-flaws disclosed in CVE-2016-6170, CVE-2016-8864, CVE-2016-9131,
-CVE-2016-9147, CVE-2016-9444, CVE-2016-9778, CVE-2017-3135,
-CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138.
+BIND 9.10.5 is a maintenance release, and addresses the security flaws
+disclosed in CVE-2016-2775, CVE-2016-2776, CVE-2016-6170, CVE-2016-8864,
+CVE-2016-9131, CVE-2016-9147, CVE-2016-9444, CVE-2017-3135, CVE-2017-3136,
+CVE-2017-3137, and CVE-2017-3138.
 
-#### BIND 9.11.2
+#### BIND 9.10.6
 
-BIND 9.11.2 is a maintenance release, and addresses the security flaws
-disclosed in CVE-2017-3140, CVE-2017-3141, CVE-2017-3142 and CVE-2017-3143.
-It also addresses several bugs related to the use of an LMDB database to
-store data related to zones added via `rndc addzone` or catalog zones.
+BIND 9.10.6 is a maintenance release, and addresses the security
+flaws disclosed in CVE-2017-3140 and CVE-2017-3141, CVE-2017-3142
+and CVE-2017-3143.
 
-#### BIND 9.11.3
+#### BIND 9.10.7
 
-BIND 9.11.3 is a maintenance release, and addresses the security flaw
-disclosed in CVE-2017-3145.
-
-#### BIND 9.11.4
-
-BIND 9.11.4 is a maintenance release, and addresses the security flaw
-disclosed in CVE-2018-5738. It also introduces "root key sentinel" support,
-enabling validating resolvers to indicate via a special query which trust
-anchors are configured for the root zone.
-
-#### BIND 9.11.5
-
-BIND 9.11.5 is a maintenance release, and also addresses CVE-2018-5741
-by correcting faulty documentation and introducing the following new
-feature:
-
-* New `krb5-selfsub` and `ms-selfsub` rule types for `update-policy`
-  statements allow updating of subdomains based on a Kerberos or
-  Active Directory machine principal.
-
-#### BIND 9.11.6
-
-BIND 9.11.6 is a maintenance release, and also addresses the security
-flaws disclosed in CVE-2018-5743, CVE-2018-5745, CVE-2018-5744,
-and CVE-2019-6465.
-
-#### BIND 9.11.7
-
-BIND 9.11.7 is a maintenance release, and also addresses the security
-flaw disclosed in CVE-2018-5743.
-
-#### BIND 9.11.8
-
-BIND 9.11.8 is a maintenance release, and also addresses the security
-flaw disclosed in CVE-2019-6471.
-
-#### BIND 9.11.9
-
-BIND 9.11.9 is a maintenance release, and also adds support for
-the new MaxMind GeoIP2 geolocation API when built with
-`configure --with-geoip2`.
-
-#### BIND 9.11.10
-
-BIND 9.11.10 is a maintenance release.
-
-#### BIND 9.11.11
-
-BIND 9.11.11 is a maintenance release.
-
-#### BIND 9.11.12
-
-BIND 9.11.12 is a maintenance release.
-
-#### BIND 9.11.13
-
-BIND 9.11.13 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2019-6477.
-
-#### BIND 9.11.14
-
-BIND 9.11.14 is a maintenance release.
-
-#### BIND 9.11.15
-
-BIND 9.11.15 is a maintenance release.
-
-#### BIND 9.11.16
-
-BIND 9.11.16 is a maintenance release.
-
-#### BIND 9.11.17
-
-BIND 9.11.17 is a maintenance release.
-
-#### BIND 9.11.18
-
-BIND 9.11.18 is a maintenance release.
-
-#### BIND 9.11.19
-
-BIND 9.11.19 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2020-8616 and CVE-2020-8617.
-
-#### BIND 9.11.20
-
-BIND 9.11.20 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2020-8619.
-
-#### BIND 9.11.21
-
-BIND 9.11.21 is a maintenance release.
-
-#### BIND 9.11.22
-
-BIND 9.11.22 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2020-8622, CVE-2020-8623, and
-CVE-2020-8624.
-
-#### BIND 9.11.23
-
-BIND 9.11.23 is a maintenance release.
-
-#### BIND 9.11.24
-
-BIND 9.11.24 is a maintenance release.
-
-#### BIND 9.11.25
-
-BIND 9.11.25 is a maintenance release.
-
-#### BIND 9.11.26
-
-BIND 9.11.26 is a maintenance release.
-
-#### BIND 9.11.27
-
-BIND 9.11.27 is a maintenance release.
-
-#### BIND 9.11.28
-
-BIND 9.11.28 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2020-8625.
-
-#### BIND 9.11.29
-
-BIND 9.11.29 is a maintenance release.
-
-#### BIND 9.11.30
-
-This release was withdrawn.
-
-#### BIND 9.11.31
-
-BIND 9.11.31 is a maintenance release, and also addresses the security
-vulnerabilities disclosed in CVE-2021-25214, CVE-2021-25215, and
-CVE-2021-25216.
-
-#### BIND 9.11.32
-
-BIND 9.11.32 is a maintenance release.
-
-#### BIND 9.11.33
-
-BIND 9.11.33 is a maintenance release.
-
-#### BIND 9.11.34
-
-BIND 9.11.34 is a maintenance release.
-
-#### BIND 9.11.35
-
-BIND 9.11.35 is a maintenance release.
-
-#### BIND 9.11.36
-
-BIND 9.11.36 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2021-25219.
-
-#### BIND 9.11.37
-
-BIND 9.11.37 is a maintenance release, and also addresses the security
-vulnerability disclosed in CVE-2021-25220.
+BIND 9.10.7 is a maintenance release, and addresses the security
+flaw disclosed in CVE-2017-3145.
 
 ### <a name="build"/> Building BIND
 
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have been
-observed on many versions of Linux and UNIX, including RHEL/CentOS/Oracle Linux,
-Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware, Alpine, FreeBSD, NetBSD,
-OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
+BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
+support, and a 64-bit integer type. Successful builds have been observed on
+many versions of Linux and UNIX, including RedHat, Fedora, Debian, Ubuntu,
+SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, HP-UX, AIX,
+SCO OpenServer, and OpenWRT. 
 
-BIND is also available for Windows Server 2008 and higher.  See
-`win32utils/build.txt` for details on building for Windows
-systems.
+BIND is also available for Windows XP, 2003, 2008, and higher.  See
+`win32utils/readme1st.txt` for details on building for Windows systems.
 
 To build on a UNIX or Linux system, use:
 
@@ -451,7 +319,7 @@ If you're planning on making changes to the BIND 9 source, you should run
 `make depend`.  If you're using Emacs, you might find `make tags` helpful.
 
 Several environment variables that can be set before running `configure` will
-affect compilation.  Significant ones are:
+affect compilation:
 
 |Variable|Description |
 |--------------------|-----------------------------------------------|
@@ -461,41 +329,19 @@ affect compilation.  Significant ones are:
 |`STD_CDEFINES`|Any additional preprocessor symbols you want defined.  Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
 |`LDFLAGS`|Linker flags. Defaults to empty string.|
 |`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
-|`BUILD_CFLAGS`|`CFLAGS` for the target system during cross-compiling.|
-|`BUILD_CPPFLAGS`|`CPPFLAGS` for the target system during cross-compiling.|
-|`BUILD_LDFLAGS`|`LDFLAGS` for the target system during cross-compiling.|
-|`BUILD_LIBS`|`LIBS` for the target system during cross-compiling.|
-
-Additional environment variables affecting the build are listed at the
-end of the `configure` help text, which can be obtained by running the
-command:
-
-    $ ./configure --help
-
-On platforms where neither the C11 Atomic operations library nor custom ISC
-atomic operations are available, updating the statistics counters is not
-locked due to performance reasons and therefore the counters might be
-inaccurate.  Anybody building BIND 9 is strongly advised to use a modern
-C11 compiler with C11 Atomic operations library support.
+|`BUILD_CFLAGS`|Optional, used for cross-compiling|
+|`BUILD_CPPFLAGS`||
+|`BUILD_LDFLAGS`||
+|`BUILD_LIBS`||
 
 #### <a name="macos"> macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from
-[https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
-or, if you have Xcode already installed, you can run `xcode-select
---install`.  (Note that an Apple ID may be required to access the download
-page.)
+This can be downloaded from https://developer.apple.com/download/more/
+or if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and other
+tools so that they can be easily found.
 
-### <a name="dependencies"/> Dependencies
-
-Portions of BIND that are written in Python, including
-`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
-system tests, require the `argparse`, `ply` and `distutils.core` modules
-to be available.
-`argparse` is a standard module as of Python 2.7 and Python 3.2.
-`ply` is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
-`distutils.core` is required for installation.
 
 #### <a name="opts"/> Compile-time options
 
@@ -514,42 +360,6 @@ specify a user with the -u option when running `named`.)
 To build shared libraries, specify `--with-libtool` on the `configure`
 command line.
 
-For the server to support DNSSEC, you need to build it with crypto support.
-To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
-OpenSSL library is installed in a nonstandard location, specify the prefix
-using `--with-openssl=<PREFIX>` on the configure command line. To use a
-PKCS#11 hardware service module for cryptographic operations, specify the
-path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
-configure BIND with "--enable-native-pkcs11".
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following libraries: `libxml2`
-[http://xmlsoft.org](http://xmlsoft.org) or `json-c`
-[https://github.com/json-c/json-c](https://github.com/json-c/json-c).
-If these are installed at a nonstandard location, then:
-
-* for `libxml2`, specify the prefix using `--with-libxml2=/prefix`,
-* for `json-c`, adjust `PKG_CONFIG_PATH`.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against `libzlib`.  If this is installed in a nonstandard location,
-specify the prefix using `--with-zlib=/prefix`.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in a
-nonstandard location, specify the prefix using `with-lmdb=/prefix`.
-
-To support GeoIP location-based ACLs, the server must be linked with
-libGeoIP. This is not turned on by default; BIND must be configured with
-"--with-geoip". If the library is installed in a nonstandard location, use
-specify the prefix using "--with-geoip=/prefix".
-
-For DNSTAP packet logging, you must have installed `libfstrm`
-[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
-and `libprotobuf-c`
-[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
-and BIND must be configured with `--enable-dnstap`.
-
 Certain compiled-in constants and default settings can be increased to
 values better suited to large servers with abundant memory resources (e.g,
 64-bit servers with 12G or more of memory) by specifying
@@ -557,6 +367,31 @@ values better suited to large servers with abundant memory resources (e.g,
 performance on big servers, but will consume more memory and may degrade
 performance on smaller systems.
 
+For the server to support DNSSEC, you need to build it with crypto support.
+To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
+OpenSSL library is installed in a nonstandard location, specify the prefix
+using "--with-openssl=&lt;PREFIX&gt;" on the configure command line. To use a
+PKCS#11 hardware service module for cryptographic operations, specify the
+path to the PKCS#11 provider library using "--with-pkcs11=&lt;PREFIX&gt;", and
+configure BIND with "--enable-native-pkcs11".
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2
+[http://xmlsoft.org](http://xmlsoft.org) or json-c
+[https://github.com/json-c](https://github.com/json-c).  If these are
+installed at a nonstandard location, specify the prefix using
+`--with-libxml2=/prefix` or `--with-libjson=/prefix`.
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+"--with-geoip". If the library is installed in a nonstandard location, use
+specify the prefix using "--with-geoip=/prefix".
+
+Portions of BIND that are written in Python, including
+`dnssec-coverage`, `dnssec-checkds`, and some of the
+system tests, require the 'argparse' module to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2.
+
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB.  This can be done by using
 `--enable-largefile` on the `configure` command line.
@@ -570,10 +405,6 @@ If your operating system has integrated support for IPv6, it will be used
 automatically.  If you have installed KAME IPv6 separately, use
 `--with-kame[=PATH]` to specify its location.
 
-The `--enable-querytrace` option causes `named` to log every step of
-processing every query. This should only be enabled when debugging, because
-it has a significant negative impact on query performance.
-
 `make install` will install `named` and the various BIND 9 libraries.  By
 default, installation is into /usr/local, but this can be changed with the
 `--prefix` option when running `configure`.
@@ -594,21 +425,19 @@ multiple servers to run locally and communicate with one another).  These
 IP addresses can be configured by running the command
 `bin/tests/system/ifconfig.sh up` as root.
 
-Some tests require Perl and the `Net::DNS` and/or `IO::Socket::IP` modules,
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
 and will be skipped if these are not available. Some tests require Python
-and the `dnspython` module and will be skipped if these are not available.
+and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the [CMocka unit testing framework](https://cmocka.org/).
-To build them, use `configure --with-cmocka`. Execution of tests is done
-by the [Kyua test execution engine](https://github.com/jmmv/kyua); if the
-`kyua` command is available, then unit tests can be run via `make test`
-or `make unit`.
+Unit tests are implemented using Automated Testing Framework (ATF).
+To run them, use `configure --with-atf`, then run `make test` or
+`make unit`.
 
 ### <a name="doc"/> Documentation
 
 The *BIND 9 Administrator Reference Manual* is included with the source
-distribution, in DocBook XML, HTML, and PDF format, in the `doc/arm`
+distribution, in DocBook XML, HTML and PDF format, in the `doc/arm`
 directory.
 
 Some of the programs in the BIND 9 distribution have man pages in their
@@ -651,25 +480,6 @@ releases (i.e., those with version numbers ending in zero).  Some new
 functionality may be backported to older releases on a case-by-case basis.
 All other change types may be applied to all currently-supported releases.
 
-#### Bug report identifiers
-
-Most notes in the CHANGES file include a reference to a bug report or
-issue number. Prior to 2018, these were usually of the form `[RT #NNN]`
-and referred to entries in the "bind9-bugs" RT database, which was not open
-to the public. More recent entries use the form `[GL #NNN]` or, less often,
-`[GL !NNN]`, which, respectively, refer to issues or merge requests in the
-GitLab database. Most of these are publicly readable, unless they include
-information which is confidential or security sensitive.
-
-To look up a GitLab issue by its number, use the URL
-[https://gitlab.isc.org/isc-projects/bind9/issues/NNN](https://gitlab.isc.org/isc-projects/bind9/issues).
-To look up a merge request, use
-[https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
-
-In rare cases, an issue or merge request number may be followed with the
-letter "P". This indicates that the information is in the private ISC
-GitLab instance, which is not visible to the public.
-
 ### <a name="ack"/> Acknowledgments
 
 * The original development of BIND 9 was underwritten by the

acconfig.h

@@ -1,12 +1,18 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2008, 2012, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */

aclocal.m4

@@ -1,297 +1,17 @@
-# generated automatically by aclocal 1.16.3 -*- Autoconf -*-
+sinclude(libtool.m4/libtool.m4)dnl
+sinclude(libtool.m4/ltoptions.m4)dnl
+sinclude(libtool.m4/ltsugar.m4)dnl
+sinclude(libtool.m4/ltversion.m4)dnl
+sinclude(libtool.m4/lt~obsolete.m4)dnl
 
-# Copyright (C) 1996-2020 Free Software Foundation, Inc.
+m4_divert_text(HELP_CANON, [[
+  NOTE: If PREFIX is not set, then the default values for --sysconfdir
+  and --localstatedir are /etc and /var, respectively.]])
+m4_divert_text(HELP_END, [[
+Professional support for BIND is provided by Internet Systems Consortium,
+Inc.  Information about paid support and training options is available at
+https://www.isc.org/support.
 
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
-# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
-# serial 12 (pkg-config-0.29.2)
-
-dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-dnl General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-dnl 02111-1307, USA.
-dnl
-dnl As a special exception to the GNU General Public License, if you
-dnl distribute this file as part of a program that contains a
-dnl configuration script generated by Autoconf, you may include it under
-dnl the same distribution terms that you use for the rest of that
-dnl program.
-
-dnl PKG_PREREQ(MIN-VERSION)
-dnl -----------------------
-dnl Since: 0.29
-dnl
-dnl Verify that the version of the pkg-config macros are at least
-dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
-dnl installed version of pkg-config, this checks the developer's version
-dnl of pkg.m4 when generating configure.
-dnl
-dnl To ensure that this macro is defined, also add:
-dnl m4_ifndef([PKG_PREREQ],
-dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
-dnl
-dnl See the "Since" comment for each macro you use to see what version
-dnl of the macros you require.
-m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.2])
-m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
-    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
-])dnl PKG_PREREQ
-
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
-dnl Since: 0.16
-dnl
-dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
-dnl first found in the path. Checks that the version of pkg-config found
-dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
-dnl used since that's the first version where most current features of
-dnl pkg-config existed.
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=m4_default([$1], [0.9.0])
-	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-		PKG_CONFIG=""
-	fi
-fi[]dnl
-])dnl PKG_PROG_PKG_CONFIG
-
-dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------------------------------
-dnl Since: 0.18
-dnl
-dnl Check to see whether a particular set of modules exists. Similar to
-dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
-dnl
-dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
-dnl it's called might be skipped (such as if it is within an "if", you
-dnl have to call PKG_CHECK_EXISTS manually
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
-    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_default([$2], [:])
-m4_ifvaln([$3], [else
-  $3])dnl
-fi])
-
-dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-dnl ---------------------------------------------
-dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
-dnl pkg_failed based on the result.
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
-    pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
-    PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes ],
-		     [pkg_failed=yes])
- else
-    pkg_failed=untried
-fi[]dnl
-])dnl _PKG_CONFIG
-
-dnl _PKG_SHORT_ERRORS_SUPPORTED
-dnl ---------------------------
-dnl Internal check to see if pkg-config supports short errors.
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi[]dnl
-])dnl _PKG_SHORT_ERRORS_SUPPORTED
-
-
-dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl --------------------------------------------------------------
-dnl Since: 0.4.0
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
-dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
-        AC_MSG_RESULT([no])
-        _PKG_SHORT_ERRORS_SUPPORTED
-        if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
-	m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
-        ])
-elif test $pkg_failed = untried; then
-        AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
-        ])
-else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-        AC_MSG_RESULT([yes])
-	$3
-fi[]dnl
-])dnl PKG_CHECK_MODULES
-
-
-dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl ---------------------------------------------------------------------
-dnl Since: 0.29
-dnl
-dnl Checks for existence of MODULES and gathers its build flags with
-dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
-dnl and VARIABLE-PREFIX_LIBS from --libs.
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
-dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
-dnl configure.ac.
-AC_DEFUN([PKG_CHECK_MODULES_STATIC],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])dnl PKG_CHECK_MODULES_STATIC
-
-
-dnl PKG_INSTALLDIR([DIRECTORY])
-dnl -------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable pkgconfigdir as the location where a module
-dnl should install pkg-config .pc files. By default the directory is
-dnl $libdir/pkgconfig, but the default can be changed by passing
-dnl DIRECTORY. The user can override through the --with-pkgconfigdir
-dnl parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
-    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
-    [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_INSTALLDIR
-
-
-dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
-dnl --------------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable noarch_pkgconfigdir as the location where a
-dnl module should install arch-independent pkg-config .pc files. By
-dnl default the directory is $datadir/pkgconfig, but the default can be
-dnl changed by passing DIRECTORY. The user can override through the
-dnl --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
-    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
-    [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_NOARCH_INSTALLDIR
-
-
-dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------
-dnl Since: 0.28
-dnl
-dnl Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])dnl PKG_CHECK_VAR
-
-m4_include([libtool.m4/ax_restore_flags.m4])
-m4_include([libtool.m4/ax_save_flags.m4])
-m4_include([libtool.m4/libtool.m4])
-m4_include([libtool.m4/ltoptions.m4])
-m4_include([libtool.m4/ltsugar.m4])
-m4_include([libtool.m4/ltversion.m4])
-m4_include([libtool.m4/lt~obsolete.m4])
+Help can also often be found on the BIND Users mailing list
+(https://lists.isc.org/mailman/listinfo/bind-users) or in the #bind
+channel of the Freenode IRC service.]])

autogen.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# Run this script after modifying configure.in to generate configure
-autoreconf -f -i

bin/Makefile.in

@@ -1,18 +1,26 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2007, 2009, 2012-2014  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2001  Internet Software Consortium.
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig delv dnssec tools nsupdate check confgen \
-		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
+SUBDIRS =	named rndc dig delv dnssec tools tests nsupdate \
+		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/Makefile.in

@@ -1,11 +1,19 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009, 2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2003  Internet Software Consortium.
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,7 +29,7 @@ CINCLUDES =	${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
 CDEFINES = 	@CRYPTO@ -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
@@ -85,12 +93,12 @@ install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
 
 uninstall::
 	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
-	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
 	rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@

bin/check/check-tool.c

@@ -1,22 +1,27 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2015, 2017  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
-#include <stdbool.h>
 #include <stdio.h>
-#include <inttypes.h>
 
 #ifdef _WIN32
 #include <Winsock2.h>
@@ -88,15 +93,15 @@ static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
 const char *journal = NULL;
-bool nomerge = true;
+isc_boolean_t nomerge = ISC_TRUE;
 #if CHECK_LOCAL
-bool docheckmx = true;
-bool dochecksrv = true;
-bool docheckns = true;
+isc_boolean_t docheckmx = ISC_TRUE;
+isc_boolean_t dochecksrv = ISC_TRUE;
+isc_boolean_t docheckns = ISC_TRUE;
 #else
-bool docheckmx = false;
-bool dochecksrv = false;
-bool docheckns = false;
+isc_boolean_t docheckmx = ISC_FALSE;
+isc_boolean_t dochecksrv = ISC_FALSE;
+isc_boolean_t docheckns = ISC_FALSE;
 #endif
 unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
 			    DNS_ZONEOPT_CHECKMX |
@@ -150,7 +155,7 @@ add(char *key, int value) {
 
 	if (symtab == NULL) {
 		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   false, &symtab);
+					   ISC_FALSE, &symtab);
 		if (result != ISC_R_SUCCESS)
 			return;
 	}
@@ -166,20 +171,20 @@ add(char *key, int value) {
 		isc_mem_free(sym_mctx, key);
 }
 
-static bool
+static isc_boolean_t
 logged(char *key, int value) {
 	isc_result_t result;
 
 	if (symtab == NULL)
-		return (false);
+		return (ISC_FALSE);
 
 	result = isc_symtab_lookup(symtab, key, value, NULL);
 	if (result == ISC_R_SUCCESS)
-		return (true);
-	return (false);
+		return (ISC_TRUE);
+	return (ISC_FALSE);
 }
 
-static bool
+static isc_boolean_t
 checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
 {
@@ -190,8 +195,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
-	bool answer = true;
-	bool match;
+	isc_boolean_t answer = ISC_TRUE;
+	isc_boolean_t match;
 	const char *type;
 	void *ptr = NULL;
 	int result;
@@ -240,7 +245,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				     ownerbuf, namebuf,
 				     cur->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
@@ -256,7 +261,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0 */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -265,7 +270,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
 
 	/*
@@ -276,13 +281,13 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	result = dns_rdataset_first(a);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(a, &rdata);
-		match = false;
+		match = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			if (cur->ai_family != AF_INET)
 				continue;
 			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
+				match = ISC_TRUE;
 				break;
 			}
 		}
@@ -294,7 +299,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(a);
@@ -306,13 +311,13 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	result = dns_rdataset_first(aaaa);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(aaaa, &rdata);
-		match = false;
+		match = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			if (cur->ai_family != AF_INET6)
 				continue;
 			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
+				match = ISC_TRUE;
 				break;
 			}
 		}
@@ -324,7 +329,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(aaaa);
@@ -335,7 +340,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	 * Check that all addresses appear in the glue.
 	 */
 	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		bool missing_glue = false;
+		isc_boolean_t missing_glue = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			switch (cur->ai_family) {
 			case AF_INET:
@@ -351,7 +356,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 			default:
 				 continue;
 			}
-			match = false;
+			match = ISC_FALSE;
 			if (dns_rdataset_isassociated(rdataset))
 				result = dns_rdataset_first(rdataset);
 			else
@@ -359,7 +364,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 			while (result == ISC_R_SUCCESS && !match) {
 				dns_rdataset_current(rdataset, &rdata);
 				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = true;
+					match = ISC_TRUE;
 				dns_rdata_reset(&rdata);
 				result = dns_rdataset_next(rdataset);
 			}
@@ -370,8 +375,8 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 					     inet_ntop(cur->ai_family, ptr,
 						       addrbuf, sizeof(addrbuf)));
 				/* XXX950 make fatal for 9.5.0. */
-				/* answer = false; */
-				missing_glue = true;
+				/* answer = ISC_FALSE; */
+				missing_glue = ISC_TRUE;
 			}
 		}
 		if (missing_glue)
@@ -380,11 +385,11 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	freeaddrinfo(ai);
 	return (answer);
 #else
-	return (true);
+	return (ISC_TRUE);
 #endif
 }
 
-static bool
+static isc_boolean_t
 checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
@@ -392,7 +397,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
 	int level = ISC_LOG_ERROR;
-	bool answer = true;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -436,7 +441,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 					add(namebuf, ERR_IS_MXCNAME);
 				}
 				if (level == ISC_LOG_ERROR)
-					answer = false;
+					answer = ISC_FALSE;
 			}
 		}
 		freeaddrinfo(ai);
@@ -454,7 +459,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0. */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -463,14 +468,14 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
 #else
-	return (true);
+	return (ISC_TRUE);
 #endif
 }
 
-static bool
+static isc_boolean_t
 checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
@@ -478,7 +483,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
 	int level = ISC_LOG_ERROR;
-	bool answer = true;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -521,7 +526,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 					add(namebuf, ERR_IS_SRVCNAME);
 				}
 				if (level == ISC_LOG_ERROR)
-					answer = false;
+					answer = ISC_FALSE;
 			}
 		}
 		freeaddrinfo(ai);
@@ -539,7 +544,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0. */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -548,10 +553,10 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
 #else
-	return (true);
+	return (ISC_TRUE);
 #endif
 }
 
@@ -595,7 +600,8 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	dns_rdataset_t rdataset;
 	dns_fixedname_t fname;
 	dns_name_t *name;
-	name = dns_fixedname_initname(&fname);
+	dns_fixedname_init(&fname);
+	name = dns_fixedname_name(&fname);
 	dns_rdataset_init(&rdataset);
 
 	CHECK(dns_zone_getdb(zone, &db));
@@ -657,7 +663,7 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	if (dbiter != NULL)
 		dns_dbiterator_destroy(&dbiter);
 	if (version != NULL)
-		dns_db_closeversion(db, &version, false);
+		dns_db_closeversion(db, &version, ISC_FALSE);
 	if (db != NULL)
 		dns_db_detach(&db);
 
@@ -690,7 +696,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
 	isc_buffer_add(&buffer, strlen(zonename));
-	origin = dns_fixedname_initname(&fixorigin);
+	dns_fixedname_init(&fixorigin);
+	origin = dns_fixedname_name(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
@@ -703,8 +710,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	CHECK(dns_rdataclass_fromtext(&rdclass, &region));
 
 	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, zone_options, true);
-	dns_zone_setoption2(zone, zone_options2, true);
+	dns_zone_setoption(zone, zone_options, ISC_TRUE);
+	dns_zone_setoption2(zone, zone_options2, ISC_TRUE);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
 
 	dns_zone_setmaxttl(zone, maxttl);
@@ -741,13 +748,13 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion)
+	  const isc_uint32_t rawversion)
 {
 	isc_result_t result;
 	FILE *output = stdout;
 	const char *flags;
 
-	flags = (fileformat == dns_masterformat_text) ? "w" : "wb";
+	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
 
 	if (debug) {
 		if (filename != NULL && strcmp(filename, "-") != 0)
@@ -796,3 +803,4 @@ DestroySockets(void) {
 	WSACleanup();
 }
 #endif
+

bin/check/check-tool.h

@@ -1,23 +1,27 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010, 2011, 2013, 2014  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
 
 /*! \file */
 
-#include <inttypes.h>
-#include <stdbool.h>
-
 #include <isc/lang.h>
 #include <isc/stdio.h>
 #include <isc/types.h>
@@ -38,7 +42,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion);
+	  const isc_uint32_t rawversion);
 
 #ifdef _WIN32
 void InitSockets(void);
@@ -47,10 +51,10 @@ void DestroySockets(void);
 
 extern int debug;
 extern const char *journal;
-extern bool nomerge;
-extern bool docheckmx;
-extern bool docheckns;
-extern bool dochecksrv;
+extern isc_boolean_t nomerge;
+extern isc_boolean_t docheckmx;
+extern isc_boolean_t docheckns;
+extern isc_boolean_t dochecksrv;
 extern unsigned int zone_options;
 extern unsigned int zone_options2;
 

bin/check/named-checkconf.8

@@ -1,15 +1,24 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: named-checkconf
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-01-10
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -131,5 +140,7 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
 .br

bin/check/named-checkconf.c

@@ -1,21 +1,27 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2002  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
 #include <errno.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdio.h>
 
@@ -93,18 +99,18 @@ directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	return (ISC_R_SUCCESS);
 }
 
-static bool
+static isc_boolean_t
 get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
 	int i;
 	for (i = 0;; i++) {
 		if (maps[i] == NULL)
-			return (false);
+			return (ISC_FALSE);
 		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (true);
+			return (ISC_TRUE);
 	}
 }
 
-static bool
+static isc_boolean_t
 get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 	const cfg_listelt_t *element;
 	const cfg_obj_t *checknames;
@@ -115,14 +121,14 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 
 	for (i = 0;; i++) {
 		if (maps[i] == NULL)
-			return (false);
+			return (ISC_FALSE);
 		checknames = NULL;
 		result = cfg_map_get(maps[i], "check-names", &checknames);
 		if (result != ISC_R_SUCCESS)
 			continue;
 		if (checknames != NULL && !cfg_obj_islist(checknames)) {
 			*obj = checknames;
-			return (true);
+			return (ISC_TRUE);
 		}
 		for (element = cfg_list_first(checknames);
 		     element != NULL;
@@ -132,7 +138,7 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 			if (strcasecmp(cfg_obj_asstring(type), "master") != 0)
 				continue;
 			*obj = cfg_tuple_get(value, "mode");
-			return (true);
+			return (ISC_TRUE);
 		}
 	}
 }
@@ -265,10 +271,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
 			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
 		zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
@@ -285,10 +289,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKMX;
 			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKMX;
 		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
@@ -314,10 +316,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
 			zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_WARNMXCNAME;
 		zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
@@ -334,10 +334,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
 			zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
 		zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
@@ -357,10 +355,8 @@ configure_zone(const char *vclass, const char *view,
 			zone_options |= DNS_ZONEOPT_CHECKSPF;
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKSPF;
 	}
@@ -376,10 +372,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
 			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
 	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
@@ -389,16 +383,14 @@ configure_zone(const char *vclass, const char *view,
 	fmtobj = NULL;
 	if (get_maps(maps, "masterfile-format", &fmtobj)) {
 		const char *masterformatstr = cfg_obj_asstring(fmtobj);
-		if (strcasecmp(masterformatstr, "text") == 0) {
+		if (strcasecmp(masterformatstr, "text") == 0)
 			masterformat = dns_masterformat_text;
-		} else if (strcasecmp(masterformatstr, "raw") == 0) {
+		else if (strcasecmp(masterformatstr, "raw") == 0)
 			masterformat = dns_masterformat_raw;
-		} else if (strcasecmp(masterformatstr, "map") == 0) {
+		else if (strcasecmp(masterformatstr, "map") == 0)
 			masterformat = dns_masterformat_map;
-		} else {
+		else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	}
 
 	obj = NULL;
@@ -490,15 +482,10 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
 			continue;
 
 		classobj = cfg_tuple_get(vconfig, "class");
-		tresult = config_getclass(classobj, dns_rdataclass_in,
-					  &viewclass);
-		if (tresult != ISC_R_SUCCESS) {
-			CHECK(tresult);
-		}
-
-		if (dns_rdataclass_ismeta(viewclass)) {
+		CHECK(config_getclass(classobj, dns_rdataclass_in,
+					 &viewclass));
+		if (dns_rdataclass_ismeta(viewclass))
 			CHECK(ISC_R_FAILURE);
-		}
 
 		dns_rdataclass_format(viewclass, buf, sizeof(buf));
 		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
@@ -537,11 +524,11 @@ main(int argc, char **argv) {
 	isc_result_t result;
 	int exit_status = 0;
 	isc_entropy_t *ectx = NULL;
-	bool load_zones = false;
-	bool print = false;
+	isc_boolean_t load_zones = ISC_FALSE;
+	isc_boolean_t print = ISC_FALSE;
 	unsigned int flags = 0;
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	/*
 	 * Process memory debugging argument first.
@@ -565,7 +552,7 @@ main(int argc, char **argv) {
 			break;
 		}
 	}
-	isc_commandline_reset = true;
+	isc_commandline_reset = ISC_TRUE;
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
@@ -576,7 +563,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'j':
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'm':
@@ -592,7 +579,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'p':
-			print = true;
+			print = ISC_TRUE;
 			break;
 
 		case 'v':
@@ -604,10 +591,10 @@ main(int argc, char **argv) {
 			break;
 
 		case 'z':
-			load_zones = true;
-			docheckmx = false;
-			docheckns = false;
-			dochecksrv = false;
+			load_zones = ISC_TRUE;
+			docheckmx = ISC_FALSE;
+			docheckns = ISC_FALSE;
+			dochecksrv = ISC_FALSE;
 			break;
 
 		case '?':

bin/check/named-checkconf.docbook

@@ -1,18 +1,24 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
   <info>
     <date>2014-01-10</date>
   </info>
@@ -29,9 +35,6 @@
 
   <docinfo>
     <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -39,13 +42,14 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
   </docinfo>
 
   <refnamediv>

bin/check/named-checkconf.html

@@ -1,39 +1,67 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.named-checkconf"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
+<p>
+    <span class="application">named-checkconf</span>
+     &#8212; named configuration file syntax checking tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-hjvz</code>] [<code class="option">-p</code>
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-checkconf</code> 
+       [<code class="option">-hjvz</code>]
+       [<code class="option">-p</code>
 	 [<code class="option">-x</code>
-      ]] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
-</div>
-<div class="refsection">
+      ]]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       {filename}
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>named-checkconf</strong></span>
+
+    <p><span class="command"><strong>named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a
       <span class="command"><strong>named</strong></span> configuration file.  The file is parsed
       and checked for syntax errors, along with all files included by it.
       If no file is specified, <code class="filename">/etc/named.conf</code> is read
       by default.
     </p>
-<p>
+    <p>
       Note: files that <span class="command"><strong>named</strong></span> reads in separate
       parser contexts, such as <code class="filename">rndc.key</code> and
       <code class="filename">bind.keys</code>, are not automatically read
@@ -43,37 +71,50 @@
       successful.  <span class="command"><strong>named-checkconf</strong></span> can be run
       on these files explicitly, however.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the usage summary and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-j</span></dt>
-<dd><p>
+<dd>
+          <p>
             When loading a zonefile read the journal if it exists.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-p</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    Print out the <code class="filename">named.conf</code> and included files
 	    in canonical form if no errors were detected.
             See also the <code class="option">-x</code> option.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Chroot to <code class="filename">directory</code> so that include
             directives in the configuration file are processed as if
             run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the version of the <span class="command"><strong>named-checkconf</strong></span>
             program and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-x</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    When printing the configuration files in canonical
             form, obscure shared secrets by replacing them with
             strings of question marks ('?'). This allows the
@@ -81,32 +122,46 @@
             files to be shared &#8212; for example, when submitting
             bug reports &#8212; without compromising private data.
             This option cannot be used without <code class="option">-p</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-z</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    Perform a test load of all master zones found in
 	    <code class="filename">named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">filename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The name of the configuration file to be checked.  If not
             specified, it defaults to <code class="filename">/etc/named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>RETURN VALUES</h2>
-<p><span class="command"><strong>named-checkconf</strong></span>
+
+    <p><span class="command"><strong>named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named-checkzone</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
 </div></body>
 </html>

bin/check/named-checkzone.8

@@ -1,15 +1,24 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: named-checkzone
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-02-19
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -267,8 +276,7 @@ Check if a SRV record refers to a CNAME\&. Possible modes are
 .RS 4
 Chroot to
 directory
-so that include directives in the configuration file are processed as if run by a similarly chrooted
-\fBnamed\fR\&.
+so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
 .RE
 .PP
 \-T \fImode\fR
@@ -325,5 +333,7 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
 .br

bin/check/named-checkzone.c

@@ -1,22 +1,27 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2015  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: named-checkzone.c,v 1.65.32.2 2012/02/07 02:45:21 each Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
-#include <stdbool.h>
 #include <stdlib.h>
-#include <inttypes.h>
 
 #include <isc/app.h>
 #include <isc/commandline.h>
@@ -75,9 +80,9 @@ usage(void) {
 	fprintf(stderr,
 		"usage: %s [-djqvD] [-c class] "
 		"[-f inputformat] [-F outputformat] [-J filename] "
-		"[-s (full|relative)] [-t directory] [-w directory] "
-		"[-k (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-n (ignore|warn|fail)] [-r (ignore|warn|fail)] "
+		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
+		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
+		"[-r (ignore|warn|fail)] "
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
@@ -110,10 +115,10 @@ main(int argc, char **argv) {
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
 	dns_masterrawheader_t header;
-	uint32_t rawversion = 1, serialnum = 0;
+	isc_uint32_t rawversion = 1, serialnum = 0;
 	dns_ttl_t maxttl = 0;
-	bool snset = false;
-	bool logdump = false;
+	isc_boolean_t snset = ISC_FALSE;
+	isc_boolean_t logdump = ISC_FALSE;
 	FILE *errout = stdout;
 	char *endp;
 
@@ -141,14 +146,12 @@ main(int argc, char **argv) {
 #define PROGCMP(X) \
 	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
 
-	if (PROGCMP("named-checkzone")) {
+	if (PROGCMP("named-checkzone"))
 		progmode = progmode_check;
-	} else if (PROGCMP("named-compilezone")) {
+	else if (PROGCMP("named-compilezone"))
 		progmode = progmode_compile;
-	} else {
+	else
 		INSIST(0);
-		ISC_UNREACHABLE();
-	}
 
 	/* Compilation specific defaults */
 	if (progmode == progmode_compile) {
@@ -165,7 +168,7 @@ main(int argc, char **argv) {
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv,
 			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
@@ -183,33 +186,33 @@ main(int argc, char **argv) {
 			if (ARGCMP("full")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
 						DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
 			} else if (ARGCMP("full-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
 			} else if (ARGCMP("local")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else if (ARGCMP("local-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else if (ARGCMP("none")) {
 				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else {
 				fprintf(stderr, "invalid argument to -i: %s\n",
 					isc_commandline_argument);
@@ -226,12 +229,12 @@ main(int argc, char **argv) {
 			break;
 
 		case 'j':
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'J':
 			journal = isc_commandline_argument;
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'k':
@@ -252,7 +255,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'L':
-			snset = true;
+			snset = ISC_TRUE;
 			endp = NULL;
 			serialnum = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0') {
@@ -502,7 +505,7 @@ main(int argc, char **argv) {
 		dumpzone = 1;
 
 	/*
-	 * If we are printing to stdout then send the informational
+	 * If we are outputing to stdout then send the informational
 	 * output to stderr.
 	 */
 	if (dumpzone &&
@@ -511,7 +514,7 @@ main(int argc, char **argv) {
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
 	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
-		logdump = false;
+		logdump = ISC_FALSE;
 	}
 
 	if (isc_commandline_index + 2 != argc)

bin/check/named-checkzone.docbook

@@ -1,16 +1,22 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
   <info>
     <date>2014-02-19</date>
   </info>
@@ -27,9 +33,6 @@
 
   <docinfo>
     <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
@@ -42,13 +45,14 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
   </docinfo>
 
   <refnamediv>
@@ -431,7 +435,7 @@
             Chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
-            run by a similarly chrooted <command>named</command>.
+            run by a similarly chrooted named.
           </para>
         </listitem>
       </varlistentry>

bin/check/named-checkzone.html

@@ -1,37 +1,116 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.named-checkzone"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> &#8212; zone file validity checking or converting tool</p>
+<p>
+    <span class="application">named-checkzone</span>, 
+    <span class="application">named-compilezone</span>
+     &#8212; zone file validity checking or converting tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-checkzone</code> 
+       [<code class="option">-d</code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-j</code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-v</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
+       [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
+       [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-D</code>]
+       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
+       {zonename}
+       {filename}
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-compilezone</code> 
+       [<code class="option">-d</code>]
+       [<code class="option">-j</code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-v</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-D</code>]
+       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
+       {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>}
+       {zonename}
+       {filename}
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>named-checkzone</strong></span>
+
+    <p><span class="command"><strong>named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span class="command"><strong>named</strong></span> does when loading a
       zone.  This makes <span class="command"><strong>named-checkzone</strong></span> useful for
       checking zone files before configuring them into a name server.
     </p>
-<p>
+    <p>
         <span class="command"><strong>named-compilezone</strong></span> is similar to
 	<span class="command"><strong>named-checkzone</strong></span>, but it always dumps the
         zone contents to a specified file in a specified format.
@@ -42,45 +121,62 @@
         least be as strict as those specified in the
 	<span class="command"><strong>named</strong></span> configuration file.
      </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-d</span></dt>
-<dd><p>
+<dd>
+          <p>
             Enable debugging.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the usage summary and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-q</span></dt>
-<dd><p>
+<dd>
+          <p>
             Quiet mode - exit code only.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the version of the <span class="command"><strong>named-checkzone</strong></span>
             program and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-j</span></dt>
-<dd><p>
+<dd>
+          <p>
             When loading a zone file, read the journal if it exists.
             The journal file name is assumed to be the zone file name
 	    appended with the string <code class="filename">.jnl</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-J <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             When loading the zone file read the journal from the given
             file, if it exists. (Implies -j.)
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify the class of the zone.  If not specified, "IN" is assumed.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	      Perform post-load zone integrity checks.  Possible modes are
 	      <span class="command"><strong>"full"</strong></span> (default),
 	      <span class="command"><strong>"full-sibling"</strong></span>,
@@ -88,19 +184,19 @@
 	      <span class="command"><strong>"local-sibling"</strong></span> and
 	      <span class="command"><strong>"none"</strong></span>.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that MX records
 	      refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
 	      checks MX records which refer to in-zone hostnames.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that SRV records
 	      refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
 	      checks SRV records which refer to in-zone hostnames.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  It also checks that glue address records
@@ -109,31 +205,33 @@
 	      refer to in-zone hostnames or that some required glue exists,
 	      that is when the nameserver is in a child zone.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full-sibling"</strong></span> and
 	      <span class="command"><strong>"local-sibling"</strong></span> disable sibling glue
 	      checks but are otherwise the same as <span class="command"><strong>"full"</strong></span>
 	      and <span class="command"><strong>"local"</strong></span> respectively.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"none"</strong></span> disables the checks.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specify the format of the zone file.
 	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
 	    <span class="command"><strong>"raw"</strong></span>, and <span class="command"><strong>"map"</strong></span>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Specify the format of the output file specified.
 	    For <span class="command"><strong>named-checkzone</strong></span>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
 	  </p>
-<p>
+	  <p>
 	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
 	    which is the standard textual representation of the zone,
 	    and <span class="command"><strong>"map"</strong></span>, <span class="command"><strong>"raw"</strong></span>,
@@ -144,9 +242,10 @@
             any version of <span class="command"><strong>named</strong></span>; if N is 1, the file
             can be read by release 9.9.0 or higher; the default is 1.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Perform <span class="command"><strong>"check-names"</strong></span> checks with the
 	    specified failure mode.
             Possible modes are <span class="command"><strong>"fail"</strong></span>
@@ -154,38 +253,48 @@
             <span class="command"><strong>"warn"</strong></span>
 	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-l <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Sets a maximum permissible TTL for the input file.
             Any record with a TTL higher than this value will cause
             the zone to be rejected.  This is similar to using the
             <span class="command"><strong>max-zone-ttl</strong></span> option in
             <code class="filename">named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             When compiling a zone to "raw" or "map" format, set the
             "source serial" value in the header to the specified serial
             number.  (This is expected to be used primarily for testing
             purposes.)
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether MX records should be checked to see if they
             are addresses.  Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if a MX record refers to a CNAME.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether NS records should be checked to see if they
             are addresses.
 	    Possible modes are <span class="command"><strong>"fail"</strong></span>
@@ -193,24 +302,30 @@
             <span class="command"><strong>"warn"</strong></span>
 	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Write zone output to <code class="filename">filename</code>.
 	    If <code class="filename">filename</code> is <code class="filename">-</code> then
 	    write to standard out.
 	    This is mandatory for <span class="command"><strong>named-compilezone</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             Check for records that are treated as different by DNSSEC but
 	    are semantically equal in plain DNS.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specify the style of the dumped zone file.
 	    Possible styles are <span class="command"><strong>"full"</strong></span> (default)
 	    and <span class="command"><strong>"relative"</strong></span>.
@@ -223,74 +338,101 @@
 	    contents.
 	    It also does not have any meaning if the output format
 	    is not text.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if a SRV record refers to a CNAME.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
-            run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+            run by a similarly chrooted named.
+          </p>
+        </dd>
 <dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if Sender Policy Framework (SPF) records exist
 	    and issues a warning if an SPF-formatted TXT record is
 	    not also present.  Possible modes are <span class="command"><strong>"warn"</strong></span>
 	    (default), <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             chdir to <code class="filename">directory</code> so that
             relative
             filenames in master file $INCLUDE directives work.  This
             is similar to the directory clause in
             <code class="filename">named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-D</span></dt>
-<dd><p>
+<dd>
+          <p>
             Dump zone file in canonical format.
 	    This is always enabled for <span class="command"><strong>named-compilezone</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether to check for non-terminal wildcards.
             Non-terminal wildcards are almost always the result of a
             failure to understand the wildcard matching algorithm (RFC 1034).
             Possible modes are <span class="command"><strong>"warn"</strong></span> (default)
             and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">zonename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The domain name of the zone being checked.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">filename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The name of the zone file.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>RETURN VALUES</h2>
-<p><span class="command"><strong>named-checkzone</strong></span>
+
+    <p><span class="command"><strong>named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named-checkconf</span>(8)
+      </span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/check/win32/checkconf.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{03A96113-CB14-43AA-AEB2-48950E3915C5}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkconf</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -81,8 +75,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/check/win32/checktool.dsw

@@ -1,29 +1,29 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/check/win32/checktool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -17,21 +17,18 @@
     <ProjectGuid>{2C1F7096-C5B5-48D4-846F-A7ACA454335D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checktool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -48,21 +45,18 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <OutDir>.\$(Configuration)\</OutDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -80,8 +74,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/check/win32/checkzone.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{66028555-7DD5-4016-B601-9EF9A1EE8BFA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkzone</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -68,15 +62,15 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -87,8 +81,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>
@@ -102,7 +95,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
@@ -111,8 +104,8 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
     <PostBuildEvent>

bin/confgen/Makefile.in

@@ -1,11 +1,18 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012, 2014-2017  Internet Systems Consortium, Inc. ("ISC")
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -29,7 +36,7 @@ ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@

bin/confgen/ddns-confgen.8

@@ -1,15 +1,23 @@
-.\" Copyright (C) 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: ddns-confgen
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-03-06
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -155,5 +163,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -1,12 +1,17 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011, 2014  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */
@@ -19,7 +24,6 @@
 
 #include <config.h>
 
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdarg.h>
 
@@ -58,7 +62,7 @@
 static char program[256];
 const char *progname;
 static enum { progmode_keygen, progmode_confgen} progmode;
-bool verbose = false; /* needed by util.c but not used here */
+isc_boolean_t verbose = ISC_FALSE; /* needed by util.c but not used here */
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(int status) ISC_PLATFORM_NORETURN_POST;
@@ -91,8 +95,8 @@ Usage:\n\
 int
 main(int argc, char **argv) {
 	isc_result_t result = ISC_R_SUCCESS;
-	bool show_final_mem = false;
-	bool quiet = false;
+	isc_boolean_t show_final_mem = ISC_FALSE;
+	isc_boolean_t quiet = ISC_FALSE;
 	isc_buffer_t key_txtbuffer;
 	char key_txtsecret[256];
 	isc_mem_t *mctx = NULL;
@@ -129,15 +133,13 @@ main(int argc, char **argv) {
 
 	if (PROGCMP("tsig-keygen")) {
 		progmode = progmode_keygen;
-		quiet = true;
-	} else if (PROGCMP("ddns-confgen")) {
+		quiet = ISC_TRUE;
+	} else if (PROGCMP("ddns-confgen"))
 		progmode = progmode_confgen;
-	} else {
+	else
 		INSIST(0);
-		ISC_UNREACHABLE();
-	}
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((ch = isc_commandline_parse(argc, argv,
 					   "a:hk:Mmr:qs:y:z:")) != -1) {
@@ -162,11 +164,11 @@ main(int argc, char **argv) {
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
 			break;
 		case 'm':
-			show_final_mem = true;
+			show_final_mem = ISC_TRUE;
 			break;
 		case 'q':
 			if (progmode == progmode_confgen)
-				quiet = true;
+				quiet = ISC_TRUE;
 			else
 				usage(1);
 			break;

bin/confgen/ddns-confgen.docbook

@@ -1,16 +1,21 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
   <info>
     <date>2014-03-06</date>
   </info>
@@ -36,11 +41,6 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/ddns-confgen.html

@@ -1,44 +1,84 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.ddns-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">ddns-confgen</span> &#8212; ddns key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>
-<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ]</p></div>
-</div>
-<div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
 <p>
+    <span class="application">ddns-confgen</span>
+     &#8212; ddns key generation tool
+  </p>
+</div>
+
+  
+
+  <div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+    <div class="cmdsynopsis"><p>
+      <code class="command">tsig-keygen</code> 
+       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
+       [name]
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">ddns-confgen</code> 
+       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
+       [
+         -s <em class="replaceable"><code>name</code></em> 
+         |   -z <em class="replaceable"><code>zone</code></em> 
+      ]
+    </p></div>
+  </div>
+
+  <div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+
+    <p>
       <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
       are invocation methods for a utility that generates keys for use
       in TSIG signing.  The resulting keys can be used, for example,
       to secure dynamic DNS updates to a zone or for the
       <span class="command"><strong>rndc</strong></span> command channel.
     </p>
-<p>
+
+    <p>
       When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
       can be specified on the command line which will be used as
       the name of the generated key.  If no name is specified,
       the default is <code class="constant">tsig-key</code>.
     </p>
-<p>
+
+    <p>
       When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
       key is accompanied by configuration text and instructions
       that can be used with <span class="command"><strong>nsupdate</strong></span> and
@@ -48,7 +88,8 @@
       <span class="command"><strong>rndc-confgen</strong></span> command for setting
       up command channel security.)
     </p>
-<p>
+
+    <p>
       Note that <span class="command"><strong>named</strong></span> itself can configure a
       local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
       it does this when a zone is configured with
@@ -58,24 +99,32 @@
       if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
       system.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
             hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
             Options are case-insensitive, and the "hmac-" prefix
             may be omitted.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Prints a short summary of options and arguments.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specifies the key name of the DDNS authentication key.
 	    The default is <code class="constant">ddns-key</code> when neither
 	    the <code class="option">-s</code> nor <code class="option">-z</code> option is
@@ -85,15 +134,19 @@
 	    <code class="constant">ddns-key.example.com.</code>
 	    The key name must have the format of a valid domain name,
 	    consisting of letters, digits, hyphens and periods.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-q</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode:  Print
             only the key, with no explanatory text or usage examples;
             This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             Specifies a source of random data for generating the
             authorization.  If the operating system does not provide a
             <code class="filename">/dev/random</code> or equivalent device, the
@@ -103,9 +156,11 @@
             instead of the default.  The special value
             <code class="filename">keyboard</code> indicates that keyboard input
             should be used.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             (<span class="command"><strong>ddns-confgen</strong></span> only.)
 	    Generate configuration example to allow dynamic updates
             of a single hostname.  The example <span class="command"><strong>named.conf</strong></span>
@@ -116,9 +171,11 @@
 	    Note that the "self" nametype cannot be used, since
 	    the name to be updated may differ from the key name.
 	    This option cannot be used with the <code class="option">-z</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             (<span class="command"><strong>ddns-confgen</strong></span> only.)
 	    Generate configuration example to allow dynamic updates
             of a zone:  The example <span class="command"><strong>named.conf</strong></span> text
@@ -128,16 +185,26 @@
             all subdomain names within that
             <em class="replaceable"><code>zone</code></em>.
 	    This option cannot be used with the <code class="option">-s</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+	<span class="refentrytitle">nsupdate</span>(1)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named.conf</span>(5)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/confgen/include/confgen/os.h

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/keygen.c

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2012-2016  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
 
 /*! \file */
 
@@ -226,3 +232,4 @@ write_key_file(const char *keyfile, const char *user,
 		fatal("fclose(%s) failed\n", keyfile);
 	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }
+

bin/confgen/keygen.h

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1

bin/confgen/rndc-confgen.8

@@ -1,15 +1,24 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: rndc-confgen
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2013-03-14
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -217,5 +226,7 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2001, 2003 Internet Software Consortium.
 .br

bin/confgen/rndc-confgen.c

@@ -1,14 +1,22 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011, 2013, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
+
 /*! \file */
 
 /**
@@ -22,7 +30,6 @@
 
 #include <config.h>
 
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdarg.h>
 
@@ -59,7 +66,7 @@
 static char program[256];
 const char *progname;
 
-bool verbose = false;
+isc_boolean_t verbose = ISC_FALSE;
 
 const char *keyfile, *keydef;
 
@@ -108,7 +115,7 @@ Usage:\n\
 
 int
 main(int argc, char **argv) {
-	bool show_final_mem = false;
+	isc_boolean_t show_final_mem = ISC_FALSE;
 	isc_buffer_t key_txtbuffer;
 	char key_txtsecret[256];
 	isc_mem_t *mctx = NULL;
@@ -126,7 +133,7 @@ main(int argc, char **argv) {
 	struct in6_addr addr6_dummy;
 	char *chrootdir = NULL;
 	char *user = NULL;
-	bool keyonly = false;
+	isc_boolean_t keyonly = ISC_FALSE;
 	int len;
 
 	keydef = keyfile = RNDC_KEYFILE;
@@ -145,14 +152,14 @@ main(int argc, char **argv) {
 	serveraddr = DEFAULT_SERVER;
 	port = DEFAULT_PORT;
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((ch = isc_commandline_parse(argc, argv,
 					   "aA:b:c:hk:Mmp:r:s:t:u:Vy")) != -1)
 	{
 		switch (ch) {
 		case 'a':
-			keyonly = true;
+			keyonly = ISC_TRUE;
 			break;
 		case 'A':
 			algname = isc_commandline_argument;
@@ -179,7 +186,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'm':
-			show_final_mem = true;
+			show_final_mem = ISC_TRUE;
 			break;
 		case 'p':
 			port = strtol(isc_commandline_argument, &p, 10);
@@ -203,7 +210,7 @@ main(int argc, char **argv) {
 			user = isc_commandline_argument;
 			break;
 		case 'V':
-			verbose = true;
+			verbose = ISC_TRUE;
 			break;
 		case '?':
 			if (isc_commandline_option != '?') {

bin/confgen/rndc-confgen.docbook

@@ -1,16 +1,22 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2013-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003  Internet Software Consortium.
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
   <info>
     <date>2013-03-14</date>
   </info>
@@ -32,8 +38,6 @@
 
   <docinfo>
     <copyright>
-      <year>2001</year>
-      <year>2003</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -42,13 +46,13 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
+    <copyright>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
   </docinfo>
 
   <refsynopsisdiv>

bin/confgen/rndc-confgen.html

@@ -1,30 +1,65 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003 Internet Software Consortium.
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.rndc-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
+<p>
+    <span class="application">rndc-confgen</span>
+     &#8212; rndc key generation tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">rndc-confgen</code> 
+       [<code class="option">-a</code>]
+       [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
+       [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
+       [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
+       [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>rndc-confgen</strong></span>
+
+    <p><span class="command"><strong>rndc-confgen</strong></span>
       generates configuration files
       for <span class="command"><strong>rndc</strong></span>.  It can be used as a
       convenient alternative to writing the
@@ -37,13 +72,17 @@
       avoid the need for a <code class="filename">rndc.conf</code> file
       and a <span class="command"><strong>controls</strong></span> statement altogether.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a</span></dt>
 <dd>
-<p>
+          <p>
             Do automatic <span class="command"><strong>rndc</strong></span> configuration.
             This creates a file <code class="filename">rndc.key</code>
             in <code class="filename">/etc</code> (or whatever
@@ -58,7 +97,7 @@
             <span class="command"><strong>named</strong></span> on the local host
             with no further configuration.
           </p>
-<p>
+          <p>
             Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
             BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
             drop-in
@@ -66,7 +105,7 @@
             with no changes to the existing BIND 8
             <code class="filename">named.conf</code> file.
           </p>
-<p>
+          <p>
             If a more elaborate configuration than that
             generated by <span class="command"><strong>rndc-confgen -a</strong></span>
             is required, for example if rndc is to be used remotely,
@@ -77,44 +116,57 @@
             <code class="filename">named.conf</code>
             as directed.
           </p>
-</dd>
+        </dd>
 <dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
             hmac-sha384 and hmac-sha512.  The default is hmac-md5 or
             if MD5 was disabled hmac-sha256.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the size of the authentication key in bits.
             Must be between 1 and 512 bits; the default is the
             hash size.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to specify
             an alternate location for <code class="filename">rndc.key</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Prints a short summary of the options and arguments to
             <span class="command"><strong>rndc-confgen</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the key name of the rndc authentication key.
             This must be a valid domain name.
             The default is <code class="constant">rndc-key</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the command channel port where <span class="command"><strong>named</strong></span>
             listens for connections from <span class="command"><strong>rndc</strong></span>.
             The default is 953.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies a source of random data for generating the
             authorization.  If the operating
             system does not provide a <code class="filename">/dev/random</code>
@@ -125,24 +177,30 @@
             data to be used instead of the default.  The special value
             <code class="filename">keyboard</code> indicates that keyboard
             input should be used.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the IP address where <span class="command"><strong>named</strong></span>
             listens for command channel connections from
             <span class="command"><strong>rndc</strong></span>.  The default is the loopback
             address 127.0.0.1.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to specify
             a directory where <span class="command"><strong>named</strong></span> will run
             chrooted.  An additional copy of the <code class="filename">rndc.key</code>
             will be written relative to this directory so that
             it will be found by the chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to set the
             owner
             of the <code class="filename">rndc.key</code> file generated.
@@ -150,33 +208,45 @@
             <span class="command"><strong>-t</strong></span> is also specified only the file
             in
             the chroot area has its owner changed.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>EXAMPLES</h2>
-<p>
+
+    <p>
       To allow <span class="command"><strong>rndc</strong></span> to be used with
       no manual configuration, run
     </p>
-<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
+    <p><strong class="userinput"><code>rndc-confgen -a</code></strong>
     </p>
-<p>
+    <p>
       To print a sample <code class="filename">rndc.conf</code> file and
       corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
       statements to be manually inserted into <code class="filename">named.conf</code>,
       run
     </p>
-<p><strong class="userinput"><code>rndc-confgen</code></strong>
+    <p><strong class="userinput"><code>rndc-confgen</code></strong>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">rndc</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">rndc.conf</span>(5)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/confgen/unix/Makefile.in

@@ -1,11 +1,18 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/confgen/unix/os.c

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/util.c

@@ -1,29 +1,35 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2015  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
 #include <stdarg.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdio.h>
 
+#include <isc/boolean.h>
 #include <isc/print.h>
 
 #include "util.h"
 
-extern bool verbose;
+extern isc_boolean_t verbose;
 extern const char *progname;
 
 void

bin/confgen/util.h

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
 
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1

bin/confgen/win32/confgentool.dsw

@@ -1,29 +1,29 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "confgentool"=".\confgentool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "confgentool"=".\confgentool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/confgen/win32/confgentool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{64964B03-4815-41F0-9057-E766A94AF197}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>confgentool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -76,8 +70,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>ddnsconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>ddns-confgen</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>ddns-confgen</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -87,8 +81,7 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/confgen/win32/os.c

@@ -1,14 +1,20 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 #include <config.h>
 

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1E2C1635-3093-4D59-80E7-4743AC10F22F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>rndcconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>rndc-confgen</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>rndc-confgen</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -81,8 +75,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/delv/Makefile.in

@@ -1,11 +1,16 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2014-2017  Internet Systems Consortium, Inc. ("ISC")
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -23,7 +28,7 @@ CDEFINES =	@CRYPTO@ -DVERSION=\"${VERSION}\" \
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 IRSLIBS =	../../lib/irs/libirs.@A@

bin/delv/delv.1

@@ -1,15 +1,23 @@
-.\" Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: delv
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-04-23
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -312,7 +320,7 @@ Toggle message logging\&. This produces a detailed dump of the responses receive
 \fBdelv\fR
 in the process of carrying out the resolution and validation process\&.
 .sp
-This is equivalent to setting the debug level to 10 for the "packets" module of the "resolver" logging category\&. Setting the systemwide debug level to 10 using the
+This is equivalent to setting the debug level to 10 for the the "packets" module of the "resolver" logging category\&. Setting the systemwide debug level to 10 using the
 \fB\-d\fR
 option will produce the same output (but will affect other logging categories as well)\&.
 .RE
@@ -321,7 +329,7 @@ option will produce the same output (but will affect other logging categories as
 .RS 4
 Toggle validation logging\&. This shows the internal process of the validator as it determines whether an answer is validly signed, unsigned, or invalid\&.
 .sp
-This is equivalent to setting the debug level to 3 for the "validator" module of the "dnssec" logging category\&. Setting the systemwide debug level to 3 using the
+This is equivalent to setting the debug level to 3 for the the "validator" module of the "dnssec" logging category\&. Setting the systemwide debug level to 3 using the
 \fB\-d\fR
 option will produce the same output (but will affect other logging categories as well)\&.
 .RE
@@ -408,16 +416,6 @@ Indicates whether to perform DNSSEC lookaside validation, and if so, specifies t
 \fB\-a\fR
 option must also be used to specify a file containing the DLV key\&.
 .RE
-.PP
-\fB+[no]tcp\fR
-.RS 4
-Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&.
-.RE
-.PP
-\fB+[no]unknownformat\fR
-.RS 4
-Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
-.RE
 .SH "FILES"
 .PP
 /etc/bind\&.keys
@@ -437,5 +435,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.c

@@ -1,12 +1,17 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2014-2017  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <config.h>
@@ -24,9 +29,7 @@
 #include <netdb.h>
 #endif
 
-#include <stdbool.h>
 #include <stdio.h>
-#include <inttypes.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -85,12 +88,6 @@
 
 #define MAXNAME (DNS_NAME_MAXTEXT+1)
 
-/*
- * Default maximum number of chained queries before we give up
- * to prevent CNAME loops.
- */
-#define MAX_RESTARTS 11
-
 /* Variables used internally by delv. */
 char *progname;
 static isc_mem_t *mctx = NULL;
@@ -102,40 +99,37 @@ static const char *port = "53";
 static isc_sockaddr_t *srcaddr4 = NULL, *srcaddr6 = NULL;
 static isc_sockaddr_t a4, a6;
 static char *curqname = NULL, *qname = NULL;
-static bool classset = false;
+static isc_boolean_t classset = ISC_FALSE;
 static dns_rdatatype_t qtype = dns_rdatatype_none;
-static bool typeset = false;
+static isc_boolean_t typeset = ISC_FALSE;
 
 static unsigned int styleflags = 0;
-static uint32_t splitwidth = 0xffffffff;
-static bool
-	showcomments = true,
-	showdnssec = true,
-	showtrust = true,
-	rrcomments = true,
-	noclass = false,
-	nocrypto = false,
-	nottl = false,
-	multiline = false,
-	short_form = false,
-	print_unknown_format = false;
+static isc_uint32_t splitwidth = 0xffffffff;
+static isc_boolean_t
+	showcomments = ISC_TRUE,
+	showdnssec = ISC_TRUE,
+	showtrust = ISC_TRUE,
+	rrcomments = ISC_TRUE,
+	noclass = ISC_FALSE,
+	nocrypto = ISC_FALSE,
+	nottl = ISC_FALSE,
+	multiline = ISC_FALSE,
+	short_form = ISC_FALSE;
 
-static bool
-	resolve_trace = false,
-	validator_trace = false,
-	message_trace = false;
+static isc_boolean_t
+	resolve_trace = ISC_FALSE,
+	validator_trace = ISC_FALSE,
+	message_trace = ISC_FALSE;
 
-static bool
-	use_ipv4 = true,
-	use_ipv6 = true;
+static isc_boolean_t
+	use_ipv4 = ISC_TRUE,
+	use_ipv6 = ISC_TRUE;
 
-static bool
-	cdflag = false,
-	no_sigs = false,
-	root_validation = true,
-	dlv_validation = true;
-
-static bool use_tcp = false;
+static isc_boolean_t
+	cdflag = ISC_FALSE,
+	no_sigs = ISC_FALSE,
+	root_validation = ISC_TRUE,
+	dlv_validation = ISC_TRUE;
 
 static char *anchorfile = NULL;
 static char *trust_anchor = NULL;
@@ -152,10 +146,10 @@ static char anchortext[] = MANAGED_KEYS;
  * Static function prototypes
  */
 static isc_result_t
-get_reverse(char *reverse, size_t len, char *value, bool strict);
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t strict);
 
 static isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max,
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc);
 
 static void
@@ -166,43 +160,40 @@ usage(void) {
 "        q-class  is one of (in,hs,ch,...) [default: in]\n"
 "        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
 "        q-opt    is one of:\n"
-"                 -4                  (use IPv4 query transport only)\n"
-"                 -6                  (use IPv6 query transport only)\n"
+"                 -x dot-notation     (shortcut for reverse lookups)\n"
+"                 -d level            (set debugging level)\n"
 "                 -a anchor-file      (specify root and dlv trust anchors)\n"
 "                 -b address[#port]   (bind to source address/port)\n"
-"                 -c class            (option included for compatibility;\n"
-"                 -d level            (set debugging level)\n"
-"                 -h                  (print help and exit)\n"
-"                 -i                  (disable DNSSEC validation)\n"
-"                 -m                  (enable memory usage debugging)\n"
 "                 -p port             (specify port number)\n"
 "                 -q name             (specify query name)\n"
 "                 -t type             (specify query type)\n"
+"                 -c class            (option included for compatibility;\n"
 "                                      only IN is supported)\n"
-"                 -v                  (print version and exit)\n"
-"                 -x dot-notation     (shortcut for reverse lookups)\n"
+"                 -4                  (use IPv4 query transport only)\n"
+"                 -6                  (use IPv6 query transport only)\n"
+"                 -i                  (disable DNSSEC validation)\n"
+"                 -m                  (enable memory usage debugging)\n"
 "        d-opt    is of the form +keyword[=value], where keyword is:\n"
 "                 +[no]all            (Set or clear all display flags)\n"
 "                 +[no]class          (Control display of class)\n"
-"                 +[no]comments       (Control display of comment lines)\n"
 "                 +[no]crypto         (Control display of cryptographic\n"
 "                                      fields in records)\n"
-"                 +[no]dlv            (DNSSEC lookaside validation anchor)\n"
-"                 +[no]dnssec         (Display DNSSEC records)\n"
-"                 +[no]mtrace         (Trace messages received)\n"
 "                 +[no]multiline      (Print records in an expanded format)\n"
-"                 +[no]root           (DNSSEC validation trust anchor)\n"
+"                 +[no]comments       (Control display of comment lines)\n"
 "                 +[no]rrcomments     (Control display of per-record "
 				       "comments)\n"
-"                 +[no]rtrace         (Trace resolver fetches)\n"
 "                 +[no]short          (Short form answer)\n"
 "                 +[no]split=##       (Split hex/base64 fields into chunks)\n"
-"                 +[no]tcp            (TCP mode)\n"
 "                 +[no]ttl            (Control display of ttls in records)\n"
 "                 +[no]trust          (Control display of trust level)\n"
-"                 +[no]unknownformat  (Print RDATA in RFC 3597 "
-					"\"unknown\" format)\n"
-"                 +[no]vtrace         (Trace validation process)\n",
+"                 +[no]rtrace         (Trace resolver fetches)\n"
+"                 +[no]mtrace         (Trace messages received)\n"
+"                 +[no]vtrace         (Trace validation process)\n"
+"                 +[no]dlv            (DNSSEC lookaside validation anchor)\n"
+"                 +[no]root           (DNSSEC validation trust anchor)\n"
+"                 +[no]dnssec         (Display DNSSEC records)\n"
+"        -h                           (print help and exit)\n"
+"        -v                           (print version and exit)\n",
 	stderr);
 	exit(1);
 }
@@ -417,7 +408,7 @@ printdata(dns_rdataset_t *rdataset, dns_name_t *owner,
 {
 	isc_result_t result = ISC_R_SUCCESS;
 	static dns_trust_t trust;
-	static bool first = true;
+	static isc_boolean_t first = ISC_TRUE;
 	isc_buffer_t target;
 	isc_region_t r;
 	char *t = NULL;
@@ -439,7 +430,7 @@ printdata(dns_rdataset_t *rdataset, dns_name_t *owner,
 			putchar('\n');
 		print_status(rdataset);
 		trust = rdataset->trust;
-		first = false;
+		first = ISC_FALSE;
 	}
 
 	do {
@@ -509,13 +500,11 @@ setup_style(dns_master_style_t **stylep) {
 	isc_result_t result;
 	dns_master_style_t *style = NULL;
 
-	REQUIRE(stylep != NULL && *stylep == NULL);
+	REQUIRE(stylep != NULL || *stylep == NULL);
 
 	styleflags |= DNS_STYLEFLAG_REL_OWNER;
 	if (showcomments)
 		styleflags |= DNS_STYLEFLAG_COMMENT;
-	if (print_unknown_format)
-		styleflags |= DNS_STYLEFLAG_UNKNOWNFORMAT;
 	if (rrcomments)
 		styleflags |= DNS_STYLEFLAG_RRCOMMENT;
 	if (nottl)
@@ -559,7 +548,8 @@ convert_name(dns_fixedname_t *fn, dns_name_t **name, const char *text) {
 
 	isc_buffer_constinit(&b, text, len);
 	isc_buffer_add(&b, len);
-	n = dns_fixedname_initname(fn);
+	dns_fixedname_init(fn);
+	n = dns_fixedname_name(fn);
 
 	result = dns_name_fromtext(n, &b, dns_rootname, 0, NULL);
 	if (result != ISC_R_SUCCESS) {
@@ -575,7 +565,7 @@ convert_name(dns_fixedname_t *fn, dns_name_t **name, const char *text) {
 static isc_result_t
 key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
 	dns_rdata_dnskey_t keystruct;
-	uint32_t flags, proto, alg;
+	isc_uint32_t flags, proto, alg;
 	const char *keystr, *keynamestr;
 	unsigned char keydata[4096];
 	isc_buffer_t keydatabuf;
@@ -585,7 +575,7 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
 	dns_fixedname_t fkeyname;
 	dns_name_t *keyname;
 	isc_result_t result;
-	bool match_root = false, match_dlv = false;
+	isc_boolean_t match_root = ISC_FALSE, match_dlv = ISC_FALSE;
 
 	keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
 	CHECK(convert_name(&fkeyname, &keyname, keynamestr));
@@ -630,9 +620,9 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
 	if (alg > 0xff)
 		CHECK(ISC_R_RANGE);
 
-	keystruct.flags = (uint16_t)flags;
-	keystruct.protocol = (uint8_t)proto;
-	keystruct.algorithm = (uint8_t)alg;
+	keystruct.flags = (isc_uint16_t)flags;
+	keystruct.protocol = (isc_uint8_t)proto;
+	keystruct.algorithm = (isc_uint8_t)alg;
 
 	isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
 	isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
@@ -772,14 +762,7 @@ setup_dnsseckeys(dns_client_t *client) {
 	if (dlv_validation)
 		dns_client_setdlv(client, dns_rdataclass_in, dlv_anchor);
 
-
  cleanup:
-	if (bindkeys != NULL) {
-		cfg_obj_destroy(parser, &bindkeys);
-	}
-	if (parser != NULL) {
-		cfg_parser_destroy(&parser);
-	}
 	if (result != ISC_R_SUCCESS)
 		delv_log(ISC_LOG_ERROR, "setup_dnsseckeys: %s",
 			  isc_result_totext(result));
@@ -794,7 +777,7 @@ addserver(dns_client_t *client) {
 	struct in6_addr in6;
 	isc_sockaddr_t *sa;
 	isc_sockaddrlist_t servers;
-	uint32_t destport;
+	isc_uint32_t destport;
 	isc_result_t result;
 	dns_name_t *name = NULL;
 
@@ -885,7 +868,7 @@ findserver(dns_client_t *client) {
 	irs_resconf_t *resconf = NULL;
 	isc_sockaddrlist_t *nameservers;
 	isc_sockaddr_t *sa, *next;
-	uint32_t destport;
+	isc_uint32_t destport;
 
 	result = parse_uint(&destport, port, 0xffff, "port");
 	if (result != ISC_R_SUCCESS)
@@ -972,9 +955,9 @@ next_token(char **stringp, const char *delim) {
 }
 
 static isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max,
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = isc_parse_uint32(&n, value, 10);
 	if (result == ISC_R_SUCCESS && n > max)
 		result = ISC_R_RANGE;
@@ -992,7 +975,7 @@ plus_option(char *option) {
 	isc_result_t result;
 	char option_store[256];
 	char *cmd, *value, *ptr;
-	bool state = true;
+	isc_boolean_t state = ISC_TRUE;
 
 	strlcpy(option_store, option, sizeof(option_store));
 	ptr = option_store;
@@ -1004,7 +987,7 @@ plus_option(char *option) {
 	value = ptr;
 	if (strncasecmp(cmd, "no", 2)==0) {
 		cmd += 2;
-		state = false;
+		state = ISC_FALSE;
 	}
 
 #define FULLCHECK(A) \
@@ -1029,7 +1012,7 @@ plus_option(char *option) {
 			break;
 		case 'l': /* class */
 			FULLCHECK("class");
-			noclass = !state;
+			noclass = ISC_TF(!state);
 			break;
 		case 'o': /* comments */
 			FULLCHECK("comments");
@@ -1037,7 +1020,7 @@ plus_option(char *option) {
 			break;
 		case 'r': /* crypto */
 			FULLCHECK("crypto");
-			nocrypto = !state;
+			nocrypto = ISC_TF(!state);
 			break;
 		default:
 			goto invalid_option;
@@ -1110,10 +1093,10 @@ plus_option(char *option) {
 			FULLCHECK("short");
 			short_form = state;
 			if (short_form) {
-				multiline = false;
-				showcomments = false;
-				showtrust = false;
-				showdnssec = false;
+				multiline = ISC_FALSE;
+				showcomments = ISC_FALSE;
+				showtrust = ISC_FALSE;
+				showdnssec = ISC_FALSE;
 			}
 			break;
 		case 'p': /* split */
@@ -1149,23 +1132,15 @@ plus_option(char *option) {
 			goto invalid_option;
 		}
 		break;
-	case 'u':
-		FULLCHECK("unknownformat");
-		print_unknown_format = state;
-		break;
 	case 't':
 		switch (cmd[1]) {
-		case 'c': /* tcp */
-			FULLCHECK("tcp");
-			use_tcp = state;
-			break;
 		case 'r': /* trust */
 			FULLCHECK("trust");
 			showtrust = state;
 			break;
 		case 't': /* ttl */
 			FULLCHECK("ttl");
-			nottl = !state;
+			nottl = ISC_TF(!state);
 			break;
 		default:
 			goto invalid_option;
@@ -1193,13 +1168,11 @@ plus_option(char *option) {
  * options: "46a:b:c:d:himp:q:t:vx:";
  */
 static const char *single_dash_opts = "46himv";
-static const char *dash_opts = "46abcdhimpqtvx";
-
-static bool
-dash_option(char *option, char *next, bool *open_type_class) {
+static isc_boolean_t
+dash_option(char *option, char *next, isc_boolean_t *open_type_class) {
 	char opt, *value;
 	isc_result_t result;
-	bool value_from_next;
+	isc_boolean_t value_from_next;
 	isc_textregion_t tr;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
@@ -1207,7 +1180,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 	struct in_addr in4;
 	struct in6_addr in6;
 	in_port_t srcport;
-	uint32_t num;
+	isc_uint32_t num;
 	char *hash;
 
 	while (strpbrk(option, single_dash_opts) == &option[0]) {
@@ -1223,7 +1196,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 				fatal("IPv4 networking not available");
 			if (use_ipv6) {
 				isc_net_disableipv6();
-				use_ipv6 = false;
+				use_ipv6 = ISC_FALSE;
 			}
 			break;
 		case '6':
@@ -1231,7 +1204,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 				fatal("IPv6 networking not available");
 			if (use_ipv4) {
 				isc_net_disableipv4();
-				use_ipv4 = false;
+				use_ipv4 = ISC_FALSE;
 			}
 			break;
 		case 'h':
@@ -1239,9 +1212,9 @@ dash_option(char *option, char *next, bool *open_type_class) {
 			exit(0);
 			/* NOTREACHED */
 		case 'i':
-			no_sigs = true;
-			dlv_validation = false;
-			root_validation = false;
+			no_sigs = ISC_TRUE;
+			dlv_validation = ISC_FALSE;
+			root_validation = ISC_FALSE;
 			break;
 		case 'm':
 			/* handled in preparse_args() */
@@ -1252,19 +1225,18 @@ dash_option(char *option, char *next, bool *open_type_class) {
 			/* NOTREACHED */
 		default:
 			INSIST(0);
-			ISC_UNREACHABLE();
 		}
 		if (strlen(option) > 1U)
 			option = &option[1];
 		else
-			return (false);
+			return (ISC_FALSE);
 	}
 	opt = option[0];
 	if (strlen(option) > 1U) {
-		value_from_next = false;
+		value_from_next = ISC_FALSE;
 		value = &option[1];
 	} else {
-		value_from_next = true;
+		value_from_next = ISC_TRUE;
 		value = next;
 	}
 	if (value == NULL)
@@ -1310,13 +1282,13 @@ dash_option(char *option, char *next, bool *open_type_class) {
 		if (classset)
 			warn("extra query class");
 
-		*open_type_class = false;
+		*open_type_class = ISC_FALSE;
 		tr.base = value;
 		tr.length = strlen(value);
 		result = dns_rdataclass_fromtext(&rdclass,
 						 (isc_textregion_t *)&tr);
 		if (result == ISC_R_SUCCESS)
-			classset = true;
+			classset = ISC_TRUE;
 		else if (rdclass != dns_rdataclass_in)
 			warn("ignoring non-IN query class");
 		else
@@ -1341,7 +1313,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 			fatal("out of memory");
 		return (value_from_next);
 	case 't':
-		*open_type_class = false;
+		*open_type_class = ISC_FALSE;
 		tr.base = value;
 		tr.length = strlen(value);
 		result = dns_rdatatype_fromtext(&rdtype,
@@ -1353,13 +1325,13 @@ dash_option(char *option, char *next, bool *open_type_class) {
 			    rdtype == dns_rdatatype_axfr)
 				fatal("Transfer not supported");
 			qtype = rdtype;
-			typeset = true;
+			typeset = ISC_TRUE;
 		} else
 			warn("ignoring invalid type");
 		return (value_from_next);
 	case 'x':
 		result = get_reverse(textname, sizeof(textname), value,
-				     false);
+				     ISC_FALSE);
 		if (result == ISC_R_SUCCESS) {
 			if (curqname != NULL) {
 				isc_mem_free(mctx, curqname);
@@ -1371,7 +1343,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 			if (typeset)
 				warn("extra query type");
 			qtype = dns_rdatatype_ptr;
-			typeset = true;
+			typeset = ISC_TRUE;
 		} else {
 			fprintf(stderr, "Invalid IP address %s\n", value);
 			exit(1);
@@ -1383,7 +1355,7 @@ dash_option(char *option, char *next, bool *open_type_class) {
 		usage();
 	}
 	/* NOTREACHED */
-	return (false);
+	return (ISC_FALSE);
 }
 
 /*
@@ -1392,14 +1364,12 @@ dash_option(char *option, char *next, bool *open_type_class) {
  */
 static void
 preparse_args(int argc, char **argv) {
-	bool ipv4only = false, ipv6only = false;
+	isc_boolean_t ipv4only = ISC_FALSE, ipv6only = ISC_FALSE;
 	char *option;
 
 	for (argc--, argv++; argc > 0; argc--, argv++) {
-		if (argv[0][0] != '-') {
+		if (argv[0][0] != '-')
 			continue;
-		}
-
 		option = &argv[0][1];
 		while (strpbrk(option, single_dash_opts) == &option[0]) {
 			switch (option[0]) {
@@ -1411,38 +1381,17 @@ preparse_args(int argc, char **argv) {
 				if (ipv6only) {
 					fatal("only one of -4 and -6 allowed");
 				}
-				ipv4only = true;
+				ipv4only = ISC_TRUE;
 				break;
 			case '6':
 				if (ipv4only) {
 					fatal("only one of -4 and -6 allowed");
 				}
-				ipv6only = true;
+				ipv6only = ISC_TRUE;
 				break;
 			}
 			option = &option[1];
 		}
-
-		if (strlen(option) == 0U) {
-			continue;
-		}
-
-		/* Look for dash value option. */
-		if (strpbrk(option, dash_opts) != &option[0] ||
-		    strlen(option) > 1U)
-		{
-			/* Error or value in option. */
-			continue;
-		}
-
-		/* Dash value is next argument so we need to skip it. */
-		argc--;
-		argv++;
-
-		/* Handle missing argument */
-		if (argc == 0) {
-			break;
-		}
 	}
 }
 
@@ -1458,7 +1407,7 @@ parse_args(int argc, char **argv) {
 	isc_textregion_t tr;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
-	bool open_type_class = true;
+	isc_boolean_t open_type_class = ISC_TRUE;
 
 	for (; argc > 0; argc--, argv++) {
 		if (argv[0][0] == '@') {
@@ -1497,7 +1446,7 @@ parse_args(int argc, char **argv) {
 					    rdtype == dns_rdatatype_axfr)
 						fatal("Transfer not supported");
 					qtype = rdtype;
-					typeset = true;
+					typeset = ISC_TRUE;
 					continue;
 				}
 				result = dns_rdataclass_fromtext(&rdclass,
@@ -1566,7 +1515,7 @@ reverse_octets(const char *in, char **p, char *end) {
 }
 
 static isc_result_t
-get_reverse(char *reverse, size_t len, char *value, bool strict) {
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t strict) {
 	int r;
 	isc_result_t result;
 	isc_netaddr_t addr;
@@ -1579,7 +1528,8 @@ get_reverse(char *reverse, size_t len, char *value, bool strict) {
 		dns_name_t *name;
 		unsigned int options = 0;
 
-		name = dns_fixedname_initname(&fname);
+		dns_fixedname_init(&fname);
+		name = dns_fixedname_name(&fname);
 		result = dns_byaddr_createptrname2(&addr, options, name);
 		if (result != ISC_R_SUCCESS)
 			return (result);
@@ -1672,8 +1622,6 @@ main(int argc, char *argv[]) {
 		goto cleanup;
 	}
 
-	dns_client_setmaxrestarts(client, MAX_RESTARTS);
-
 	/* Set the nameserver */
 	if (server != NULL)
 		addserver(client);
@@ -1693,8 +1641,6 @@ main(int argc, char *argv[]) {
 		resopt |= DNS_CLIENTRESOPT_NOVALIDATE;
 	if (cdflag)
 		resopt &= ~DNS_CLIENTRESOPT_NOCDFLAG;
-	if (use_tcp)
-		resopt |= DNS_CLIENTRESOPT_TCP;
 
 	/* Perform resolution */
 	ISC_LIST_INIT(namelist);

bin/delv/delv.docbook

@@ -1,18 +1,23 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2017  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
   <info>
     <date>2014-04-23</date>
   </info>
@@ -38,11 +43,6 @@
       <year>2015</year>
       <year>2016</year>
       <year>2017</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -486,7 +486,7 @@
 	    </para>
 	    <para>
 	      This is equivalent to setting the debug level to 10
-	      for the "packets" module of the "resolver" logging
+	      for the the "packets" module of the "resolver" logging
 	      category. Setting the systemwide debug level to 10 using
 	      the <option>-d</option> option will produce the same output
 	      (but will affect other logging categories as well).
@@ -504,7 +504,7 @@
 	    </para>
 	    <para>
 	      This is equivalent to setting the debug level to 3
-	      for the "validator" module of the "dnssec" logging
+	      for the the "validator" module of the "dnssec" logging
 	      category. Setting the systemwide debug level to 3 using
 	      the <option>-d</option> option will produce the same output
 	      (but will affect other logging categories as well).
@@ -652,28 +652,6 @@
 	    </para>
 	  </listitem>
 	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]tcp</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to use TCP when sending queries.
-	      The default is to use UDP unless a truncated
-	      response has been received.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]unknownformat</option></term>
-	  <listitem>
-	    <para>
-	      Print all RDATA in unknown RR type presentation format
-	      (RFC 3597). The default is to print RDATA for known types
-	      in the type's presentation format.
-	    </para>
-	  </listitem>
-	</varlistentry>
       </variablelist>
 
     </para>

bin/delv/delv.html

@@ -1,38 +1,93 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>delv</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.delv"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>delv &#8212; DNS lookup and validation utility</p>
+<p>
+    delv
+     &#8212; DNS lookup and validation utility
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [@server] [[<code class="option">-4</code>] |  [<code class="option">-6</code>]] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [<code class="option">-h</code>]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [<code class="option">-v</code>]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [queryopt...] [query...]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [@server]
+       [
+	[<code class="option">-4</code>]
+	 |  [<code class="option">-6</code>]
+      ]
+       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
+       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-i</code>]
+       [<code class="option">-m</code>]
+       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
+       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
+       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
+       [name]
+       [type]
+       [class]
+       [queryopt...]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [<code class="option">-h</code>]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [<code class="option">-v</code>]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [queryopt...]
+       [query...]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>delv</strong></span>
+
+    <p><span class="command"><strong>delv</strong></span>
       is a tool for sending
       DNS queries and validating the results, using the same internal
       resolver and validator logic as <span class="command"><strong>named</strong></span>.
     </p>
-<p>
+    <p>
       <span class="command"><strong>delv</strong></span> will send to a specified name server all
       queries needed to fetch and validate the requested data; this
       includes the original requested query, subsequent queries to follow
@@ -42,7 +97,7 @@
       behavior of a name server configured for DNSSEC validating and
       forwarding.
     </p>
-<p>
+    <p>
       By default, responses are validated using built-in DNSSEC trust
       anchor for the root zone (".").  Records returned by
       <span class="command"><strong>delv</strong></span> are either fully validated or
@@ -53,7 +108,7 @@
       be used to check the validity of DNS responses in environments
       where local name servers may not be trustworthy.
     </p>
-<p>
+    <p>
       Unless it is told to query a specific name server,
       <span class="command"><strong>delv</strong></span> will try each of the servers listed in
       <code class="filename">/etc/resolv.conf</code>. If no usable server
@@ -61,15 +116,18 @@
       queries to the localhost addresses (127.0.0.1 for IPv4, ::1
       for IPv6).
     </p>
-<p>
+    <p>
       When no command line arguments or options are given,
       <span class="command"><strong>delv</strong></span> will perform an NS query for "."
       (the root zone).
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
-<p>
+
+
+    <p>
       A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
       </p>
 <pre class="programlisting"> delv @server name type </pre>
@@ -80,7 +138,7 @@
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">server</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      is the name or IP address of the name server to query.  This
 	      can be an IPv4 address in dotted-decimal notation or an IPv6
 	      address in colon-delimited notation.  When the supplied
@@ -90,7 +148,7 @@
 	      initial lookup is <span class="emphasis"><em>not</em></span> validated
 	      by DNSSEC).
 	    </p>
-<p>
+	    <p>
 	      If no <em class="parameter"><code>server</code></em> argument is
 	      provided, <span class="command"><strong>delv</strong></span> consults
 	      <code class="filename">/etc/resolv.conf</code>; if an
@@ -103,13 +161,16 @@
 	      the localhost addresses (127.0.0.1 for IPv4,
 	      ::1 for IPv6).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="constant">name</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      is the domain name to be looked up.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="constant">type</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      indicates what type of query is required &#8212;
 	      ANY, A, MX, etc.
 	      <em class="parameter"><code>type</code></em> can be any valid query
@@ -117,23 +178,27 @@
 	      <em class="parameter"><code>type</code></em> argument is supplied,
 	      <span class="command"><strong>delv</strong></span> will perform a lookup for an
 	      A record.
-	    </p></dd>
+	    </p>
+	  </dd>
 </dl></div>
 <p>
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Specifies a file from which to read DNSSEC trust anchors.
 	    The default is <code class="filename">/etc/bind.keys</code>, which
 	    is included with <acronym class="acronym">BIND</acronym> 9 and contains
 	    one or more trust anchors for the root zone (".").
 	  </p>
-<p>
+	  <p>
 	    Keys that do not match the root zone name are ignored.
             An alternate key name can be specified using the
 	    <code class="option">+root=NAME</code> options. DNSSEC Lookaside
@@ -141,7 +206,7 @@
 	    <code class="option">+dlv=NAME</code> to specify the name of a
             zone containing DLV records.
 	  </p>
-<p>
+	  <p>
 	    Note: When reading the trust anchor file,
 	    <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
 	    statements and <code class="option">trusted-keys</code> statements
@@ -155,23 +220,28 @@
 	    <code class="filename">/etc/bind.keys</code> to use DNSSEC
 	    validation in <span class="command"><strong>delv</strong></span>.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the source IP address of the query to
 	    <em class="parameter"><code>address</code></em>.  This must be a valid address
 	    on one of the host's network interfaces or "0.0.0.0" or "::".
 	    An optional source port may be specified by appending
 	    "#&lt;port&gt;"
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the query class for the requested data. Currently,
 	    only class "IN" is supported in <span class="command"><strong>delv</strong></span>
 	    and any other value is ignored.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Set the systemwide debug level to <code class="option">level</code>.
 	    The allowed range is from 0 to 99.
 	    The default is 0 (no debugging).
@@ -180,13 +250,17 @@
 	    See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
 	    and <code class="option">+vtrace</code> options below for additional
 	    debugging details.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-i</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Insecure mode. This disables internal DNSSEC validation.
 	    (Note, however, this does not set the CD bit on upstream
 	    queries. If the server being queried is performing DNSSEC
@@ -194,30 +268,37 @@
 	    can cause <span class="command"><strong>delv</strong></span> to time out. When it
 	    is necessary to examine invalid data to debug a DNSSEC
 	    problem, use <span class="command"><strong>dig +cd</strong></span>.)
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-m</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Enables memory usage debugging.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specifies a destination port to use for queries instead of
 	    the standard DNS port number 53.  This option would be used
 	    with a name server that has been configured to listen
 	    for queries on a non-standard port number.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the query name to <em class="parameter"><code>name</code></em>.
 	    While the query name can be specified without using the
 	    <code class="option">-q</code>, it is sometimes necessary to disambiguate
 	    names from types or classes (for example, when looking up the
 	    name "ns", which could be misinterpreted as the type NS,
 	    or "ch", which could be misinterpreted as class CH).
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Sets the query type to <em class="parameter"><code>type</code></em>, which
 	    can be any valid query type supported in BIND 9 except
 	    for zone transfer types AXFR and IXFR. As with
@@ -225,18 +306,21 @@
 	    query name type or class when they are ambiguous.
 	    it is sometimes necessary to disambiguate names from types.
 	  </p>
-<p>
+	  <p>
 	    The default query type is "A", unless the <code class="option">-x</code>
 	    option is supplied to indicate a reverse lookup, in which case
 	    it is "PTR".
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print the <span class="command"><strong>delv</strong></span> version and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Performs a reverse lookup, mapping an addresses to
 	    a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
 	    dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -246,24 +330,33 @@
 	    lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
 	    and sets the query type to PTR.  IPv6 addresses are looked up
 	    using nibble format under the IP6.ARPA domain.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-4</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-6</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
-	  </p></dd>
+	  </p>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
-<p><span class="command"><strong>delv</strong></span>
+
+
+    <p><span class="command"><strong>delv</strong></span>
       provides a number of query options which affect the way results are
       displayed, and in some cases the way lookups are performed.
     </p>
-<p>
+
+    <p>
       Each query option is identified by a keyword preceded by a plus sign
       (<code class="literal">+</code>).  Some keywords set or reset an
       option.  These may be preceded by the string
@@ -275,7 +368,8 @@
       </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to set the CD (checking disabled) bit in
 	      queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
 	      when troubleshooting DNSSEC problems from behind a validating
@@ -284,20 +378,25 @@
 	      the CD flag on queries will cause the resolver to return
 	      invalid responses, which <span class="command"><strong>delv</strong></span> can then
 	      validate internally and report the errors in detail.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]class</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the CLASS when printing
 	      a record. The default is to display the CLASS.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the TTL when printing
 	      a record. The default is to display the TTL.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle resolver fetch logging. This reports the
 	      name and type of each query sent by <span class="command"><strong>delv</strong></span>
 	      in the process of carrying out the resolution and validation
@@ -305,62 +404,69 @@
 	      all subsequent queries to follow CNAMEs and to establish a
 	      chain of trust for DNSSEC validation.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 1 in
 	      the "resolver" logging category. Setting the systemwide
 	      debug level to 1 using the <code class="option">-d</code> option will
 	      product the same output (but will affect other logging
 	      categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle message logging. This produces a detailed dump of
 	      the responses received by <span class="command"><strong>delv</strong></span> in the
 	      process of carrying out the resolution and validation process.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 10
-	      for the "packets" module of the "resolver" logging
+	      for the the "packets" module of the "resolver" logging
 	      category. Setting the systemwide debug level to 10 using
 	      the <code class="option">-d</code> option will produce the same output
 	      (but will affect other logging categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle validation logging. This shows the internal
 	      process of the validator as it determines whether an
 	      answer is validly signed, unsigned, or invalid.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 3
-	      for the "validator" module of the "dnssec" logging
+	      for the the "validator" module of the "dnssec" logging
 	      category. Setting the systemwide debug level to 3 using
 	      the <code class="option">-d</code> option will produce the same output
 	      (but will affect other logging categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]short</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Provide a terse answer.  The default is to print the answer in a
 	      verbose form.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of comment lines in the output.  The default
 	      is to print comments.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of per-record comments in the output (for
 	      example, human-readable key information about DNSKEY records).
 	      The default is to print per-record comments.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of cryptographic fields in DNSSEC records.
 	      The contents of these field are unnecessary to debug most DNSSEC
 	      validation failures and removing them makes it easier to see
@@ -368,14 +474,18 @@
 	      When omitted they are replaced by the string "[omitted]" or
 	      in the DNSKEY case the key id is displayed as the replacement,
 	      e.g. "[ key id = value ]".
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]trust</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the trust level when printing
 	      a record. The default is to display the trust level.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Split long hex- or base64-formatted fields in resource
 	      records into chunks of <em class="parameter"><code>W</code></em> characters
 	      (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
@@ -384,24 +494,30 @@
 	      <em class="parameter"><code>+split=0</code></em> causes fields not to be
 	      split at all.  The default is 56 characters, or 44 characters
 	      when multiline mode is active.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]all</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Set or clear the display options
 	      <code class="option">+[no]comments</code>,
 	      <code class="option">+[no]rrcomments</code>, and
 	      <code class="option">+[no]trust</code> as a group.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Print long records (such as RRSIG, DNSKEY, and SOA records)
 	      in a verbose multi-line format with human-readable comments.
 	      The default is to print each record on a single line, to
 	      facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
 	      output.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to display RRSIG records in the
 	      <span class="command"><strong>delv</strong></span> output.  The default is to
 	      do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
@@ -411,9 +527,11 @@
 	      will always occur unless suppressed by the use of
 	      <code class="option">-i</code> or <code class="option">+noroot</code> and
 	      <code class="option">+nodlv</code>.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to perform conventional (non-lookaside)
 	      DNSSEC validation, and if so, specifies the
 	      name of a trust anchor.  The default is to validate using
@@ -421,46 +539,46 @@
 	      a built-in key.  If specifying a different trust anchor,
 	      then <code class="option">-a</code> must be used to specify a file
 	      containing the key.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to perform DNSSEC lookaside validation,
 	      and if so, specifies the name of the DLV trust anchor.
 	      The <code class="option">-a</code> option must also be used to specify
               a file containing the DLV key.
-	    </p></dd>
-<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
-<dd><p>
-	      Controls whether to use TCP when sending queries.
-	      The default is to use UDP unless a truncated
-	      response has been received.
-	    </p></dd>
-<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
-<dd><p>
-	      Print all RDATA in unknown RR type presentation format
-	      (RFC 3597). The default is to print RDATA for known types
-	      in the type's presentation format.
-	    </p></dd>
+	    </p>
+	  </dd>
 </dl></div>
 <p>
 
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>FILES</h2>
-<p><code class="filename">/etc/bind.keys</code></p>
-<p><code class="filename">/etc/resolv.conf</code></p>
-</div>
-<div class="refsection">
+
+    <p><code class="filename">/etc/bind.keys</code></p>
+    <p><code class="filename">/etc/resolv.conf</code></p>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.12"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+	<span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">RFC4034</em>,
       <em class="citetitle">RFC4035</em>,
       <em class="citetitle">RFC4431</em>,
       <em class="citetitle">RFC5074</em>,
       <em class="citetitle">RFC5155</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/delv/win32/delv.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BE172EFE-C1DC-4812-BFB9-8C5F8ADB7E9F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>delv</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -79,8 +73,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/Makefile.in

@@ -1,11 +1,19 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007, 2009, 2012-2017  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.47 2009/12/05 23:31:40 each Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -19,13 +27,13 @@ READLINE_LIB = @READLINE_LIB@
 
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
 		${BIND9_INCLUDES} ${ISC_INCLUDES} \
-		${LWRES_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@
+		${LWRES_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@
 
 CDEFINES =	-DVERSION=\"${VERSION}\" @CRYPTO@
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
@@ -41,10 +49,10 @@ DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \
 		${ISCCFGDEPLIBS} ${LWRESDEPLIBS}
 
 LIBS =		${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@
+		${ISCLIBS} @IDNLIBS@ @LIBS@
 
 NOSYMLIBS =	${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCNOSYMLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@
+		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
 
 SUBDIRS =
 
@@ -99,12 +107,12 @@ install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
 		nslookup@EXEEXT@ ${DESTDIR}${bindir}
 	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
-	done
+		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
+		done
 
 uninstall::
 	for m in ${MANPAGES}; do \
-		rm -f ${DESTDIR}${mandir}/man1/$$m || exit 1; \
+		rm -f ${DESTDIR}${mandir}/man1/$$m ; \
 	done
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@

bin/dig/dig.1

@@ -1,15 +1,24 @@
-.\" Copyright (C) 2000-2011, 2013-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: dig
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-02-19
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -74,9 +83,7 @@ will perform an NS query for "\&." (the root)\&.
 It is possible to set per\-user defaults for
 \fBdig\fR
 via
-${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&. The
-\fB\-r\fR
-option disables this feature, for scripts that need predictable behaviour\&.
+${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&.
 .PP
 The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
 \fB\-t\fR
@@ -178,7 +185,7 @@ using the command\-line interface\&.
 .PP
 \-i
 .RS 4
-Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
+Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
 .RE
 .PP
 \-k \fIkeyfile\fR
@@ -200,7 +207,7 @@ Enable memory usage debugging\&.
 .PP
 \-p \fIport\fR
 .RS 4
-Send the query to a non\-standard port on the server, instead of the default port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
+Send the query to a non\-standard port on the server, instead of the defaut port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
 .RE
 .PP
 \-q \fIname\fR
@@ -210,23 +217,15 @@ The domain name to query\&. This is useful to distinguish the
 from other arguments\&.
 .RE
 .PP
-\-r
-.RS 4
-Do not read options from
-${HOME}/\&.digrc\&. This is useful for scripts that need predictable behaviour\&.
-.RE
-.PP
 \-t \fItype\fR
 .RS 4
-The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
 \fItype\fR
 to
 ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
 \fIN\fR\&.
-.sp
-All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
 .RE
 .PP
 \-u
@@ -339,11 +338,6 @@ Display [do not display] the answer section of a reply\&. The default is to disp
 Display [do not display] the authority section of a reply\&. The default is to display it\&.
 .RE
 .PP
-\fB+[no]badcookie\fR
-.RS 4
-Retry lookup with the new server cookie if a BADCOOKIE response is received\&.
-.RE
-.PP
 \fB+[no]besteffort\fR
 .RS 4
 Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
@@ -351,15 +345,9 @@ Attempt to display the contents of messages which are malformed\&. The default i
 .PP
 \fB+bufsize=B\fR
 .RS 4
-This option sets the UDP message buffer size advertised using EDNS0 to
+Set the UDP message buffer size advertised using EDNS0 to
 \fIB\fR
-bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0, respectively\&.
-+bufsize=0
-disables EDNS (use
-+bufsize=0 +edns
-to send a EDNS messages with a advertised size of 0 bytes)\&.
-+bufsize
-restores the default buffer size\&.
+bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
 .RE
 .PP
 \fB+[no]cdflag\fR
@@ -374,29 +362,34 @@ Display [do not display] the CLASS when printing the record\&.
 .PP
 \fB+[no]cmd\fR
 .RS 4
-Toggles the printing of the initial comment in the output, identifying the version of
+Toggles the printing of the initial comment in the output identifying the version of
 \fBdig\fR
-and the query options that have been applied\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&. The default is to print this comment\&.
+and the query options that have been applied\&. This comment is printed by default\&.
 .RE
 .PP
 \fB+[no]comments\fR
 .RS 4
-Toggles the display of some comment lines in the output, containing information about the packet header and OPT pseudosection, and the names of the response section\&. The default is to print these comments\&.
-.sp
-Other types of comments in the output are not affected by this option, but can be controlled using other command line switches\&. These include
-\fB+[no]cmd\fR,
-\fB+[no]question\fR,
-\fB+[no]stats\fR, and
-\fB+[no]rrcomments\fR\&.
+Toggle the display of comment lines in the output\&. The default is to print comments\&.
 .RE
 .PP
 \fB+[no]cookie\fR\fB[=####]\fR
 .RS 4
-Send a COOKIE EDNS option, with optional value\&. Replaying a COOKIE from a previous response will allow the server to identify a previous client\&. The default is
-\fB+cookie\fR\&.
+Send an COOKIE EDNS option, containing an optional
+\fIvalue\fR\&. Replaying a COOKIE from a previous response will allow the server to identify a previous client\&. The default is
+\fB+nocookie\fR\&.
 .sp
 \fB+cookie\fR
-is also set when +trace is set to better emulate the default queries from a nameserver\&.
+is automatically set when +trace is in use, to better emulate the default queries from a nameserver\&.
+.sp
+This option was formerly called
+\fB+[no]sit\fR
+(Server Identity Token)\&. In BIND 9\&.10\&.0 through BIND 9\&.10\&.2, it sent the experimental option code 65001\&. This was changed to option code 10 in BIND 9\&.10\&.3 when the DNS COOKIE option was allocated\&.
+.sp
+The
+\fB+[no]sit\fR
+is now deprecated, but has been retained as a synonym for
+\fB+[no]cookie\fR
+for backward compatibility within the BIND 9\&.10 branch\&.
 .RE
 .PP
 \fB+[no]crypto\fR
@@ -426,11 +419,6 @@ directive in
 option were given\&.
 .RE
 .PP
-\fB+dscp=value\fR
-.RS 4
-Set the DSCP code point to be used when sending the query\&. Valid DSCP code points are in the range [0\&.\&.63]\&. By default no code point is explicitly set\&.
-.RE
-.PP
 \fB+[no]edns[=#]\fR
 .RS 4
 Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&.
@@ -474,11 +462,6 @@ Send an EDNS Expire option\&.
 Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
 .RE
 .PP
-\fB+[no]header\-only\fR
-.RS 4
-Send a query with a DNS header without a question section\&. The default is to add a question section\&. The query type and query name are ignored when this is set\&.
-.RE
-.PP
 \fB+[no]identify\fR
 .RS 4
 Show [or do not show] the IP address and port number that supplied the answer when the
@@ -486,18 +469,9 @@ Show [or do not show] the IP address and port number that supplied the answer wh
 option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
 .RE
 .PP
-\fB+[no]idnin\fR
-.RS 4
-Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process IDN input when standard output is a tty\&. The IDN processing on input is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
-.RE
-.PP
 \fB+[no]idnout\fR
 .RS 4
-Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process puny code on output when standard output is a tty\&. The puny code processing on output is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
+Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
 .RE
 .PP
 \fB+[no]ignore\fR
@@ -511,12 +485,6 @@ Keep the TCP socket open between queries and reuse it rather than creating a new
 \fB+nokeepopen\fR\&.
 .RE
 .PP
-\fB+[no]mapped\fR
-.RS 4
-Allow mapped IPv4 over IPv6 addresses to be used\&. The default is
-\fB+mapped\fR\&.
-.RE
-.PP
 \fB+[no]multiline\fR
 .RS 4
 Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
@@ -566,12 +534,12 @@ Set [restore] the DNS message opcode to the specified value\&. The default value
 .PP
 \fB+[no]qr\fR
 .RS 4
-Toggles the display of the query message as it is sent\&. By default, the query is not printed\&.
+Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
 .RE
 .PP
 \fB+[no]question\fR
 .RS 4
-Toggles the display of the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
+Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
 .RE
 .PP
 \fB+[no]rdflag\fR
@@ -584,11 +552,11 @@ A synonym for
 .RS 4
 Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
 \fBdig\fR
-normally sends recursive queries\&. Recursion is automatically disabled when using the
+normally sends recursive queries\&. Recursion is automatically disabled when the
 \fI+nssearch\fR
-option, and when using
+or
 \fI+trace\fR
-except for an initial recursive query to get the list of root servers\&.
+query options are used\&.
 .RE
 .PP
 \fB+retry=T\fR
@@ -619,7 +587,7 @@ determines if the name will be treated as relative or not and hence whether a se
 .PP
 \fB+[no]short\fR
 .RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&.
+Provide a terse answer\&. The default is to print the answer in a verbose form\&.
 .RE
 .PP
 \fB+[no]showsearch\fR
@@ -634,6 +602,16 @@ Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&
 instead\&.
 .RE
 .PP
+\fB+[no]sit\fR\fB[=####]\fR
+.RS 4
+This option is a synonym for
+\fB+[no]cookie\fR\&.
+.sp
+The
+\fB+[no]sit\fR
+is deprecated\&.
+.RE
+.PP
 \fB+split=W\fR
 .RS 4
 Split long hex\- or base64\-formatted fields in resource records into chunks of
@@ -649,7 +627,7 @@ causes fields not to be split at all\&. The default is 56 characters, or 44 char
 .PP
 \fB+[no]stats\fR
 .RS 4
-Toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics as a comment after each lookup\&.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
 .RE
 .PP
 \fB+[no]subnet=addr[/prefix\-length]\fR
@@ -665,14 +643,12 @@ be used when resolving this query\&.
 .PP
 \fB+[no]tcp\fR
 .RS 4
-Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
-any
-or
+Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless an
 ixfr=N
 query is requested, in which case the default is TCP\&. AXFR queries always use TCP\&.
 .RE
 .PP
-\fB+timeout=T\fR
+\fB+time=T\fR
 .RS 4
 Sets the timeout for a query to
 \fIT\fR
@@ -732,27 +708,12 @@ instead\&.
 Display [do not display] the TTL when printing the record\&.
 .RE
 .PP
-\fB+[no]ttlunits\fR
-.RS 4
-Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks\&. Implies +ttlid\&.
-.RE
-.PP
-\fB+[no]unknownformat\fR
-.RS 4
-Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
-.RE
-.PP
 \fB+[no]vc\fR
 .RS 4
 Use [do not use] TCP when querying name servers\&. This alternate syntax to
 \fI+[no]tcp\fR
 is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
 .RE
-.PP
-\fB+[no]zflag\fR
-.RS 4
-Set [do not set] the last unassigned DNS header flag in a DNS query\&. This flag is off by default\&.
-.RE
 .SH "MULTIPLE QUERIES"
 .PP
 The BIND 9 implementation of
@@ -799,10 +760,11 @@ If
 \fBdig\fR
 has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
 \fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
-\fI+noidnin\fR
-and
-\fI+noidnout\fR\&.
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
+\fBIDN_DISABLE\fR
+environment variable\&. The IDN support is disabled if the variable is set when
+\fBdig\fR
+runs\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -814,7 +776,7 @@ ${HOME}/\&.digrc
 \fBhost\fR(1),
 \fBnamed\fR(8),
 \fBdnssec-keygen\fR(8),
-RFC 1035\&.
+RFC1035\&.
 .SH "BUGS"
 .PP
 There are probably too many query options\&.
@@ -823,5 +785,7 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2011, 2013-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
 .br

bin/dig/dig.docbook

@@ -1,18 +1,24 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011, 2013-2018  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
   <info>
     <date>2014-02-19</date>
   </info>
@@ -34,10 +40,6 @@
 
   <docinfo>
     <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
@@ -52,12 +54,15 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
   </docinfo>
 
   <refsynopsisdiv>
@@ -135,10 +140,9 @@
 
     <para>
       It is possible to set per-user defaults for <command>dig</command> via
-      <filename>${HOME}/.digrc</filename>. This file is read and any
-      options in it are applied before the command line arguments.
-      The <option>-r</option> option disables this feature, for
-      scripts that need predictable behaviour.
+      <filename>${HOME}/.digrc</filename>.  This file is read and
+      any options in it
+      are applied before the command line arguments.
     </para>
 
     <para>
@@ -222,49 +226,49 @@
 
     <variablelist>
       <varlistentry>
-	<term>-4</term>
-	<listitem>
+        <term>-4</term>
+        <listitem>
 	  <para>
 	    Use IPv4 only.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-6</term>
-	<listitem>
+        <term>-6</term>
+        <listitem>
 	  <para>
 	    Use IPv6 only.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
-	<listitem>
+        <term>-b <replaceable class="parameter">address<optional>#port</optional></replaceable></term>
+        <listitem>
 	  <para>
 	    Set the source IP address of the query.
 	    The <parameter>address</parameter> must be a valid address on
 	    one of the host's network interfaces, or "0.0.0.0" or "::". An
 	    optional port may be specified by appending "#&lt;port&gt;"
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
+        <term>-c <replaceable class="parameter">class</replaceable></term>
+        <listitem>
 	  <para>
 	    Set the query class. The
 	    default <parameter>class</parameter> is IN; other classes
 	    are HS for Hesiod records or CH for Chaosnet records.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-f <replaceable class="parameter">file</replaceable></term>
-	<listitem>
+        <term>-f <replaceable class="parameter">file</replaceable></term>
+        <listitem>
 	  <para>
 	    Batch mode: <command>dig</command> reads a list of lookup
 	    requests to process from the
@@ -273,23 +277,23 @@
 	    presented as queries to
 	    <command>dig</command> using the command-line interface.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-i</term>
-	<listitem>
+        <term>-i</term>
+        <listitem>
 	  <para>
-	    Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
+	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
 	    domain, which is no longer in use. Obsolete bit string
-	    label queries (RFC 2874) are not attempted.
+	    label queries (RFC2874) are not attempted.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-k <replaceable class="parameter">keyfile</replaceable></term>
-	<listitem>
+        <term>-k <replaceable class="parameter">keyfile</replaceable></term>
+        <listitem>
 	  <para>
 	    Sign queries using TSIG using a key read from the given file.
 	    Key files can be generated using
@@ -303,62 +307,51 @@
 	    and <command>server</command> statements in
 	    <filename>named.conf</filename>.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-m</term>
-	<listitem>
+        <term>-m</term>
+        <listitem>
 	  <para>
 	    Enable memory usage debugging.
 	    <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
 		 documented in include/isc/mem.h -->
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
+        <term>-p <replaceable class="parameter">port</replaceable></term>
+        <listitem>
 	  <para>
 	    Send the query to a non-standard port on the server,
-	    instead of the default port 53. This option would be used
+	    instead of the defaut port 53. This option would be used
 	    to test a name server that has been configured to listen
 	    for queries on a non-standard port number.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-q <replaceable class="parameter">name</replaceable></term>
-	<listitem>
+        <term>-q <replaceable class="parameter">name</replaceable></term>
+        <listitem>
 	  <para>
 	    The domain name to query. This is useful to distinguish
 	    the <parameter>name</parameter> from other arguments.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-r</term>
-	<listitem>
+        <term>-t <replaceable class="parameter">type</replaceable></term>
+        <listitem>
 	  <para>
-	    Do not read options from <filename>${HOME}/.digrc</filename>.
-	    This is useful for scripts that need predictable behaviour.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	    The resource record type to query. It can be any valid query
-	    type.  If it is a resource record type supported in BIND 9, it
-	    can be given by the type mnemonic (such as "NS" or "AAAA").
-	    The default query type is "A", unless the <option>-x</option>
-	    option is supplied to indicate a reverse lookup.  A zone
-	    transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query type
+	    which is
+	    supported in BIND 9.  The default query type is "A", unless the
+	    <option>-x</option> option is supplied to indicate a reverse lookup.
+	    A zone transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <parameter>type</parameter> to <literal>ixfr=N</literal>.
 	    The incremental zone transfer will contain the changes
@@ -366,13 +359,7 @@
 	    record was
 	    <parameter>N</parameter>.
 	  </para>
-	  <para>
-	    All resource record types can be expressed as "TYPEnn", where
-	    "nn" is the number of the type. If the resource record type is
-	    not supported in BIND 9, the result will be displayed as
-	    described in RFC 3597.
-	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
@@ -390,12 +377,12 @@
 	  <para>
 	    Print the version number and exit.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-x <replaceable class="parameter">addr</replaceable></term>
-	<listitem>
+        <term>-x <replaceable class="parameter">addr</replaceable></term>
+        <listitem>
 	  <para>
 	    Simplified reverse lookups, for mapping addresses to
 	    names. The <parameter>addr</parameter> is an IPv4 address
@@ -412,12 +399,12 @@
 	    IP6.ARPA domain (but see also the <option>-i</option>
 	    option).
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
-	<listitem>
+        <term>-y <replaceable class="parameter"><optional>hmac:</optional>keyname:secret</replaceable></term>
+        <listitem>
 	  <para>
 	    Sign queries using TSIG with the given authentication key.
 	    <parameter>keyname</parameter> is the name of the key, and
@@ -437,11 +424,11 @@
 	    a command line argument in clear text. This may be visible
 	    in the output from
 	    <citerefentry>
-	      <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
+              <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
 	    </citerefentry>
 	    or in a history file maintained by the user's shell.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
     </variablelist>
@@ -547,16 +534,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]badcookie</option></term>
-	  <listitem>
-	    <para>
-	      Retry lookup with the new server cookie if a
-	      BADCOOKIE response is received.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]besteffort</option></term>
 	  <listitem>
@@ -572,14 +549,12 @@
 	  <term><option>+bufsize=B</option></term>
 	  <listitem>
 	    <para>
-              This option sets the UDP message buffer size advertised
-              using EDNS0 to <parameter>B</parameter> bytes.  The
-              maximum and minimum sizes of this buffer are 65535
-              and 0, respectively.  <literal>+bufsize=0</literal>
-              disables EDNS (use <literal>+bufsize=0 +edns</literal>
-              to send a EDNS messages with a advertised size of 0
-              bytes). <literal>+bufsize</literal> restores the
-              default buffer size.
+	      Set the UDP message buffer size advertised using EDNS0
+	      to <parameter>B</parameter> bytes.  The maximum and
+	      minimum sizes of this buffer are 65535 and 0 respectively.
+	      Values outside this range are rounded up or down
+	      appropriately.  Values other than zero will cause a
+	      EDNS query to be sent.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -610,11 +585,9 @@
 	  <listitem>
 	    <para>
 	      Toggles the printing of the initial comment in the
-	      output, identifying the version of <command>dig</command>
-	      and the query options that have been applied.  This option
-	      always has global effect; it cannot be set globally
-	      and then overridden on a per-lookup basis.  The default
-	      is to print this comment.
+	      output identifying the version of <command>dig</command>
+	      and the query options that have been applied.  This
+	      comment is printed by default.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -623,18 +596,8 @@
 	  <term><option>+[no]comments</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of some comment lines in the output,
-	      containing information about the packet header and
-	      OPT pseudosection, and the names of the response
-	      section.  The default is to print these comments.
-	    </para>
-	    <para>
-	      Other types of comments in the output are not affected by
-	      this option, but can be controlled using other command
-	      line switches. These include <command>+[no]cmd</command>,
-	      <command>+[no]question</command>,
-	      <command>+[no]stats</command>, and
-	      <command>+[no]rrcomments</command>.
+	      Toggle the display of comment lines in the output.
+	      The default is to print comments.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -643,16 +606,29 @@
 	  <term><option>+[no]cookie<optional>=####</optional></option></term>
 	  <listitem>
 	    <para>
-	      Send a COOKIE EDNS option, with optional
-	      value.  Replaying a COOKIE from a previous response will
-	      allow the server to identify a previous client.  The
-	      default is <option>+cookie</option>.
+	      Send an COOKIE EDNS option, containing an optional
+	      <replaceable>value</replaceable>.  Replaying a COOKIE
+	      from a previous response will allow the server to
+	      identify a previous client.  The default is
+	      <option>+nocookie</option>.
 	    </para>
 	    <para>
-	      <command>+cookie</command> is also set when +trace
-	      is set to better emulate the default queries from a
+	      <command>+cookie</command> is automatically set when +trace
+	      is in use, to better emulate the default queries from a
 	      nameserver.
 	    </para>
+	    <para>
+	      This option was formerly called <option>+[no]sit</option>
+              (Server Identity Token). In BIND 9.10.0 through BIND 9.10.2,
+              it sent the experimental option code 65001.  This was
+              changed to option code 10 in BIND 9.10.3 when the DNS
+              COOKIE option was allocated.
+	    </para>
+	    <para>
+	      The <option>+[no]sit</option> is now deprecated, but has
+              been retained as a synonym for <option>+[no]cookie</option>
+              for backward compatibility within the BIND 9.10 branch.
+	    </para>
 	  </listitem>
 	</varlistentry>
 
@@ -707,16 +683,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+dscp=value</option></term> <listitem>
-	    <para>
-	      Set the DSCP code point to be used when sending the
-	      query.  Valid DSCP code points are in the range
-	      [0..63].  By default no code point is explicitly set.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]edns[=#]</option></term>
 	  <listitem>
@@ -787,17 +753,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]header-only</option></term>
-	  <listitem>
-	    <para>
-	      Send a query with a DNS header without a question section.
-	      The default is to add a question section.  The query type
-	      and query name are ignored when this is set.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]identify</option></term>
 	  <listitem>
@@ -812,36 +767,13 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]idnin</option></term>
-	  <listitem>
-	    <para>
-	      Process [do not process] IDN domain names on input.
-	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </para>
-	    <para>
-	      The default is to process IDN input when standard output
-	      is a tty.  The IDN processing on input is disabled when
-	      dig output is redirected to files, pipes, and other
-	      non-tty file descriptors.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]idnout</option></term>
 	  <listitem>
 	    <para>
 	      Convert [do not convert] puny code on output.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </para>
-	    <para>
-	      The default is to process puny code on output when
-	      standard output is a tty.  The puny code processing on
-	      output is disabled when dig output is redirected to
-	      files, pipes, and other non-tty file descriptors.
+	      compile time.  The default is to convert output.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -867,16 +799,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]mapped</option></term>
-	  <listitem>
-	    <para>
-	      Allow mapped IPv4 over IPv6 addresses to be used.  The
-	      default is <option>+mapped</option>.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]multiline</option></term>
 	  <listitem>
@@ -957,8 +879,8 @@
 	  <term><option>+[no]qr</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of the query message as it is sent.
-	      By default, the query is not printed.
+	      Print [do not print] the query as it is sent.  By
+	      default, the query is not printed.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -967,7 +889,7 @@
 	  <term><option>+[no]question</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of the question section of a query
+	      Print [do not print] the question section of a query
 	      when an answer is returned.  The default is to print
 	      the question section as a comment.
 	    </para>
@@ -991,10 +913,8 @@
 	      in the query.  This bit is set by default, which means
 	      <command>dig</command> normally sends recursive
 	      queries.  Recursion is automatically disabled when
-	      using the <parameter>+nssearch</parameter> option, and
-	      when using <parameter>+trace</parameter> except for
-	      an initial recursive query to get the list of root
-	      servers.
+	      the <parameter>+nssearch</parameter> or
+	      <parameter>+trace</parameter> query options are used.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1047,9 +967,7 @@
 	  <listitem>
 	    <para>
 	      Provide a terse answer.  The default is to print the
-	      answer in a verbose form.  This option always has global
-	      effect; it cannot be set globally and then overridden on
-	      a per-lookup basis.
+	      answer in a verbose form.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1075,6 +993,18 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]sit<optional>=####</optional></option></term>
+	  <listitem>
+	    <para>
+	      This option is a synonym for <option>+[no]cookie</option>.
+	    </para>
+	    <para>
+	      The <option>+[no]sit</option> is deprecated.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+split=W</option></term>
 	  <listitem>
@@ -1095,9 +1025,10 @@
 	  <term><option>+[no]stats</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the printing of statistics: when the query was made,
-	      the size of the reply and so on.  The default behavior is to
-	      print the query statistics as a comment after each lookup.
+	      This query option toggles the printing of statistics:
+	      when the query was made, the size of the reply and
+	      so on.  The default behavior is to print the query
+	      statistics.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1126,16 +1057,16 @@
 	  <listitem>
 	    <para>
 	      Use [do not use] TCP when querying name servers. The
-	      default behavior is to use UDP unless a type
-	      <literal>any</literal> or <literal>ixfr=N</literal>
-	      query is requested, in which case the default is TCP.
-	      AXFR queries always use TCP.
+	      default behavior is to use UDP unless an
+	      <literal>ixfr=N</literal> query is requested, in which
+	      case the default is TCP.  AXFR queries always use
+	      TCP.
 	    </para>
 	  </listitem>
 	</varlistentry>
 
 	<varlistentry>
-	  <term><option>+timeout=T</option></term>
+	  <term><option>+time=T</option></term>
 	  <listitem>
 	    <para>
 
@@ -1224,28 +1155,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]ttlunits</option></term>
-	  <listitem>
-	    <para>
-	      Display [do not display] the TTL in friendly human-readable
-	      time units of "s", "m", "h", "d", and "w", representing
-	      seconds, minutes, hours, days and weeks.  Implies +ttlid.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]unknownformat</option></term>
-	  <listitem>
-	    <para>
-	      Print all RDATA in unknown RR type presentation format
-	      (RFC 3597). The default is to print RDATA for known types
-	      in the type's presentation format.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]vc</option></term>
 	  <listitem>
@@ -1258,16 +1167,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]zflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the last unassigned DNS header flag in a
-	      DNS query.  This flag is off by default.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
       </variablelist>
 
     </para>
@@ -1330,9 +1229,10 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <command>dig</command> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, use
-      parameters <parameter>+noidnin</parameter> and
-      <parameter>+noidnout</parameter>.
+      If you'd like to turn off the IDN support for some reason, defines
+      the <envar>IDN_DISABLE</envar> environment variable.
+      The IDN support is disabled if the variable is set when
+      <command>dig</command> runs.
     </para>
   </refsection>
 
@@ -1358,7 +1258,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <citerefentry>
 	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citetitle>RFC 1035</citetitle>.
+      <citetitle>RFC1035</citetitle>.
     </para>
   </refsection>
 

bin/dig/host.1

@@ -1,15 +1,24 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: host
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2009-01-20
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -39,7 +48,7 @@
 host \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP \w'\fBhost\fR\ 'u
-\fBhost\fR [\fB\-aCdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
+\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
 .SH "DESCRIPTION"
 .PP
 \fBhost\fR
@@ -134,11 +143,6 @@ directive in
 /etc/resolv\&.conf\&.
 .RE
 .PP
-\-p \fIport\fR
-.RS 4
-Specify the port on the server to query\&. The default is 53\&.
-.RE
-.PP
 \-r
 .RS 4
 Non\-recursive query: Setting this option clears the RD (recursion desired) bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
@@ -153,10 +157,7 @@ to mimic the behavior of a name server by making non\-recursive queries and expe
 .RS 4
 Number of retries for UDP queries: If
 \fInumber\fR
-is negative or zero, the number of retries will default to 1\&. The default value is 1, or the value of the
-\fIattempts\fR
-option in
-/etc/resolv\&.conf, if set\&.
+is negative or zero, the number of retries will default to 1\&. The default value is 1\&.
 .RE
 .PP
 \-s
@@ -186,14 +187,13 @@ If a query type of IXFR is chosen the starting serial number can be specified by
 \fB\-t \fR\fBIXFR=12345678\fR)\&.
 .RE
 .PP
-\-T, \-U
+\-T
 .RS 4
-TCP/UDP: By default,
+TCP: By default,
 \fBhost\fR
 uses UDP when making queries\&. The
 \fB\-T\fR
-option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&. Type ANY queries default to TCP but can be forced to UDP initially using
-\fB\-U\fR\&.
+option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&.
 .RE
 .PP
 \-m \fIflag\fR
@@ -210,10 +210,7 @@ option more than once to set multiple flags\&.
 .RS 4
 Verbose output\&. Equivalent to the
 \fB\-d\fR
-debug option\&. Verbose output can also be enabled by setting the
-\fIdebug\fR
-option in
-/etc/resolv\&.conf\&.
+debug option\&.
 .RE
 .PP
 \-V
@@ -238,10 +235,7 @@ is less than one, the wait interval is set to one second\&.
 .sp
 By default,
 \fBhost\fR
-will wait for 5 seconds for UDP responses and 10 seconds for TCP connections\&. These defaults can be overridden by the
-\fItimeout\fR
-option in
-/etc/resolv\&.conf\&.
+will wait for 5 seconds for UDP responses and 10 seconds for TCP connections\&.
 .sp
 See also the
 \fB\-w\fR
@@ -270,5 +264,7 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2002 Internet Software Consortium.
 .br

bin/dig/host.c

@@ -1,20 +1,23 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2017  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */
 
 #include <config.h>
-
-#include <inttypes.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <limits.h>
 
@@ -22,7 +25,7 @@
 #include <locale.h>
 #endif
 
-#ifdef WITH_IDNKIT
+#ifdef WITH_IDN
 #include <idn/result.h>
 #include <idn/log.h>
 #include <idn/resconf.h>
@@ -50,13 +53,12 @@
 
 #include <dig/dig.h>
 
-static bool short_form = true, listed_server = false;
-static bool default_lookups = true;
+static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
+static isc_boolean_t default_lookups = ISC_TRUE;
 static int seen_error = -1;
-static bool list_addresses = true;
+static isc_boolean_t list_addresses = ISC_TRUE;
 static dns_rdatatype_t list_type = dns_rdatatype_a;
-static bool printed_server = false;
-static bool ipv4only = false, ipv6only = false;
+static isc_boolean_t printed_server = ISC_FALSE;
 
 static const char *opcodetext[] = {
 	"QUERY",
@@ -153,13 +155,11 @@ show_usage(void) {
 "       -l lists all hosts in a domain, using AXFR\n"
 "       -m set memory debugging flag (trace|record|usage)\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
-"       -p specifies the port on the server to query\n"
 "       -r disables recursive processing\n"
 "       -R specifies number of retries for UDP packets\n"
 "       -s a SERVFAIL response should stop query\n"
 "       -t specifies the query type\n"
 "       -T enables TCP/IP mode\n"
-"       -U enables UDP mode\n"
 "       -v enables verbose output\n"
 "       -V print version number and exit\n"
 "       -w specifies to wait forever for a reply\n"
@@ -175,7 +175,7 @@ host_shutdown(void) {
 }
 
 static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 	isc_time_t now;
 	int diff;
 
@@ -240,12 +240,12 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
   UNUSED(owner_name);
   UNUSED(rdataset);
   UNUSED(target);
-  return(false);
+  return(ISC_FALSE);
 }
 #endif
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers,
+	     const char *section_name, isc_boolean_t headers,
 	     dig_query_t *query)
 {
 	dns_name_t *name, *print_name;
@@ -256,13 +256,13 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	isc_region_t r;
 	dns_name_t empty_name;
 	char tbuf[4096];
-	bool first;
-	bool no_rdata;
+	isc_boolean_t first;
+	isc_boolean_t no_rdata;
 
 	if (sectionid == DNS_SECTION_QUESTION)
-		no_rdata = true;
+		no_rdata = ISC_TRUE;
 	else
-		no_rdata = false;
+		no_rdata = ISC_FALSE;
 
 	if (headers)
 		printf(";; %s SECTION:\n", section_name);
@@ -280,7 +280,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		dns_message_currentname(msg, sectionid, &name);
 
 		isc_buffer_init(&target, tbuf, sizeof(tbuf));
-		first = true;
+		first = ISC_TRUE;
 		print_name = name;
 
 		for (rdataset = ISC_LIST_HEAD(name->list);
@@ -299,7 +299,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
 							     print_name,
-							     false,
+							     ISC_FALSE,
 							     no_rdata,
 							     &target);
 				if (result != ISC_R_SUCCESS)
@@ -307,7 +307,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 #ifdef USEINITALWS
 				if (first) {
 					print_name = &empty_name;
-					first = false;
+					first = ISC_FALSE;
 				}
 #else
 				UNUSED(first); /* Shut up compiler. */
@@ -365,7 +365,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 
 static isc_result_t
 printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
-	   const char *set_name, bool headers)
+	   const char *set_name, isc_boolean_t headers)
 {
 	isc_buffer_t target;
 	isc_result_t result;
@@ -378,7 +378,7 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
 
 	isc_buffer_init(&target, tbuf, sizeof(tbuf));
 
-	result = dns_rdataset_totext(rdataset, owner, false, false,
+	result = dns_rdataset_totext(rdataset, owner, ISC_FALSE, ISC_FALSE,
 				     &target);
 	if (result != ISC_R_SUCCESS)
 		return (result);
@@ -415,8 +415,8 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
-	bool did_flag = false;
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
+	isc_boolean_t did_flag = ISC_FALSE;
 	dns_rdataset_t *opt, *tsig = NULL;
 	dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
@@ -439,7 +439,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
-		printed_server = true;
+		printed_server = ISC_TRUE;
 	}
 
 	if (msg->rcode != 0) {
@@ -467,26 +467,27 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 		dns_name_t *name;
 
 		/* Add AAAA and MX lookups. */
-		name = dns_fixedname_initname(&fixed);
+		dns_fixedname_init(&fixed);
+		name = dns_fixedname_name(&fixed);
 		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, false);
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
 			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
 			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
 		}
-		lookup = clone_lookup(query->lookup, false);
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
 			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
 			lookup->rdtype = dns_rdatatype_mx;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -500,31 +501,31 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 		printf(";; flags: ");
 		if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
 			printf("qr");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) {
 			printf("%saa", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
 			printf("%stc", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) {
 			printf("%srd", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) {
 			printf("%sra", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) {
 			printf("%sad", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
 			printf("%scd", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 			POST(did_flag);
 		}
 		printf("; QUERY: %u, ANSWER: %u, "
@@ -547,7 +548,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
-				      true, query);
+				      ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -555,7 +556,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 		if (!short_form)
 			printf("\n");
 		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
-				      !short_form, query);
+				      ISC_TF(!short_form), query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -564,7 +565,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
-				      true, query);
+				      ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -572,14 +573,14 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_ADDITIONAL,
-				      "ADDITIONAL", true, query);
+				      "ADDITIONAL", ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
 	if ((tsig != NULL) && !short_form) {
 		printf("\n");
 		result = printrdata(msg, tsig, tsigname,
-				    "PSEUDOSECTION TSIG", true);
+				    "PSEUDOSECTION TSIG", ISC_TRUE);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -599,7 +600,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 	return (result);
 }
 
-static const char * optstring = "46ac:dilnm:p:rst:vVwCDN:R:TUW:";
+static const char * optstring = "46ac:dilnm:rst:vVwCDN:R:TW:";
 
 /*% version */
 static void
@@ -614,7 +615,7 @@ pre_parse_args(int argc, char **argv) {
 	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'm':
-			memdebugging = true;
+			memdebugging = ISC_TRUE;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
 			else if (strcasecmp("record",
@@ -625,53 +626,43 @@ pre_parse_args(int argc, char **argv) {
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
 			break;
 
-		case '4':
-			if (ipv6only)
-				fatal("only one of -4 and -6 allowed");
-			ipv4only = true;
-			break;
-		case '6':
-			if (ipv4only)
-				fatal("only one of -4 and -6 allowed");
-			ipv6only = true;
-			break;
+		case '4': break;
+		case '6': break;
 		case 'a': break;
 		case 'c': break;
-		case 'C': break;
 		case 'd': break;
-		case 'D':
-			if (debugging)
-				debugtiming = true;
-			debugging = true;
-			break;
 		case 'i': break;
 		case 'l': break;
 		case 'n': break;
-		case 'N': break;
-		case 'p': break;
 		case 'r': break;
-		case 'R': break;
 		case 's': break;
 		case 't': break;
-		case 'T': break;
-		case 'U': break;
 		case 'v': break;
 		case 'V':
 			  version();
 			  exit(0);
 			  break;
 		case 'w': break;
+		case 'C': break;
+		case 'D':
+			if (debugging)
+				debugtiming = ISC_TRUE;
+			debugging = ISC_TRUE;
+			break;
+		case 'N': break;
+		case 'R': break;
+		case 'T': break;
 		case 'W': break;
 		default:
 			show_usage();
 		}
 	}
-	isc_commandline_reset = true;
+	isc_commandline_reset = ISC_TRUE;
 	isc_commandline_index = 1;
 }
 
 static void
-parse_args(bool is_batchfile, int argc, char **argv) {
+parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	char hostname[MXNAME];
 	dig_lookup_t *lookup;
 	int c;
@@ -680,31 +671,29 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
-	uint32_t serial = 0;
+	isc_uint32_t serial = 0;
 
 	UNUSED(is_batchfile);
 
 	lookup = make_empty_lookup();
 
-	lookup->servfail_stops = false;
-	lookup->besteffort = false;
-	lookup->comments = false;
-	short_form = !verbose;
+	lookup->servfail_stops = ISC_FALSE;
+	lookup->comments = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'l':
-			lookup->tcp_mode = true;
+			lookup->tcp_mode = ISC_TRUE;
 			lookup->rdtype = dns_rdatatype_axfr;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			fatalexit = 3;
 			break;
 		case 'v':
 		case 'd':
-			short_form = false;
+			short_form = ISC_FALSE;
 			break;
 		case 'r':
-			lookup->recurse = false;
+			lookup->recurse = ISC_FALSE;
 			break;
 		case 't':
 			if (strncasecmp(isc_commandline_argument,
@@ -729,23 +718,20 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			lookup->rdtypeset = true;
-#ifdef WITH_IDNKIT
+			lookup->rdtypeset = ISC_TRUE;
+#ifdef WITH_IDN
 			idnoptions = 0;
 #endif
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
-				short_form = false;
-				lookup->tcp_mode = true;
+				short_form = ISC_FALSE;
+				lookup->tcp_mode = ISC_TRUE;
 			} else if (rdtype == dns_rdatatype_ixfr) {
 				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = true;
+				lookup->tcp_mode = ISC_TRUE;
 				list_type = rdtype;
-			} else if (rdtype == dns_rdatatype_any) {
-				if (!lookup->tcp_mode_set)
-					lookup->tcp_mode = true;
-#ifdef WITH_IDNKIT
+#ifdef WITH_IDN
 			} else if (rdtype == dns_rdatatype_a ||
 				   rdtype == dns_rdatatype_aaaa ||
 				   rdtype == dns_rdatatype_mx) {
@@ -754,8 +740,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 #endif
 			} else
 				list_type = rdtype;
-			list_addresses = false;
-			default_lookups = false;
+			list_addresses = ISC_FALSE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
@@ -769,25 +755,25 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				      isc_commandline_argument);
 			} else {
 				lookup->rdclass = rdclass;
-				lookup->rdclassset = true;
+				lookup->rdclassset = ISC_TRUE;
 			}
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'a':
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
-#ifdef WITH_IDNKIT
+#ifdef WITH_IDN
 			idnoptions = 0;
 #endif
 			list_type = dns_rdatatype_any;
-			list_addresses = false;
-			lookup->rdtypeset = true;
-			short_form = false;
-			default_lookups = false;
+			list_addresses = ISC_FALSE;
+			lookup->rdtypeset = ISC_TRUE;
+			short_form = ISC_FALSE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'i':
-			lookup->ip6_int = true;
+			lookup->ip6_int = ISC_TRUE;
 			break;
 		case 'n':
 			/* deprecated */
@@ -813,23 +799,18 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				tries = 2;
 			break;
 		case 'T':
-			lookup->tcp_mode = true;
-			lookup->tcp_mode_set = true;
-			break;
-		case 'U':
-			lookup->tcp_mode = false;
-			lookup->tcp_mode_set = true;
+			lookup->tcp_mode = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
 			lookup->rdtype = dns_rdatatype_ns;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->rdclass = dns_rdataclass_in;
-			lookup->rdclassset = true;
-			lookup->ns_search_only = true;
-			lookup->trace_root = true;
-			lookup->identify_previous_line = true;
-			default_lookups = false;
+			lookup->rdclassset = ISC_TRUE;
+			lookup->ns_search_only = ISC_TRUE;
+			lookup->trace_root = ISC_TRUE;
+			lookup->identify_previous_line = ISC_TRUE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",
@@ -840,16 +821,21 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			/* Handled by pre_parse_args(). */
 			break;
 		case '4':
-			/* Handled by pre_parse_args(). */
+			if (have_ipv4) {
+				isc_net_disableipv6();
+				have_ipv6 = ISC_FALSE;
+			} else
+				fatal("can't find IPv4 networking");
 			break;
 		case '6':
-			/* Handled by pre_parse_args(). */
+			if (have_ipv6) {
+				isc_net_disableipv4();
+				have_ipv4 = ISC_FALSE;
+			} else
+				fatal("can't find IPv6 networking");
 			break;
 		case 's':
-			lookup->servfail_stops = true;
-			break;
-		case 'p':
-			port = atoi(isc_commandline_argument);
+			lookup->servfail_stops = ISC_TRUE;
 			break;
 		}
 	}
@@ -864,22 +850,22 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	if (argc > isc_commandline_index + 1) {
 		set_nameserver(argv[isc_commandline_index+1]);
 		debug("server is %s", argv[isc_commandline_index+1]);
-		listed_server = true;
+		listed_server = ISC_TRUE;
 	} else
-		check_ra = true;
+		check_ra = ISC_TRUE;
 
-	lookup->pending = false;
+	lookup->pending = ISC_FALSE;
 	if (get_reverse(store, sizeof(store), hostname,
-			lookup->ip6_int, true) == ISC_R_SUCCESS) {
+			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = true;
-		default_lookups = false;
+		lookup->rdtypeset = ISC_TRUE;
+		default_lookups = ISC_FALSE;
 	} else {
 		strlcpy(lookup->textname, hostname, sizeof(lookup->textname));
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	}
-	lookup->new_search = true;
+	lookup->new_search = ISC_TRUE;
 	ISC_LIST_APPEND(lookup_list, lookup, link);
 }
 
@@ -894,7 +880,7 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(search_list);
 
 	fatalexit = 1;
-#ifdef WITH_IDNKIT
+#ifdef WITH_IDN
 	idnoptions = IDN_ASCCHECK;
 #endif
 
@@ -913,12 +899,8 @@ main(int argc, char **argv) {
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
 	setup_libs();
-	setup_system(ipv4only, ipv6only);
-	parse_args(false, argc, argv);
-	if (keyfile[0] != 0)
-		setup_file_key();
-	else if (keysecret[0] != 0)
-		setup_text_key();
+	parse_args(ISC_FALSE, argc, argv);
+	setup_system();
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();

bin/dig/host.docbook

@@ -1,18 +1,24 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014-2017  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
   <info>
     <date>2009-01-20</date>
   </info>
@@ -34,9 +40,6 @@
 
   <docinfo>
     <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -46,22 +49,22 @@
       <year>2015</year>
       <year>2016</year>
       <year>2017</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
   </docinfo>
 
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>host</command>
-      <arg choice="opt" rep="norepeat"><option>-aCdlnrsTUwv</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-aCdlnrsTwv</option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="port">port</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
@@ -218,15 +221,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the port on the server to query.  The default is 53.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-r</term>
 	<listitem>
@@ -251,9 +245,7 @@
 	  <para>
 	    Number of retries for UDP queries:
 	    If <parameter>number</parameter> is negative or zero, the
-	    number of retries will default to 1. The default value is
-	    1, or the value of the <parameter>attempts</parameter>
-	    option in <filename>/etc/resolv.conf</filename>, if set.
+	    number of retries will default to 1. The default value is 1.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -300,16 +292,14 @@
 
       <varlistentry>
 	<term>-T</term>
-	<term>-U</term>
 	<listitem>
 	  <para>
-	    TCP/UDP:
+	    TCP:
 	    By default, <command>host</command> uses UDP when making
 	    queries. The <option>-T</option> option makes it use a TCP
 	    connection when querying the name server. TCP will be
 	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.  Type ANY queries default
-	    to TCP but can be forced to UDP initially using <option>-U</option>.
+	    as zone transfer (AXFR) requests.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -333,9 +323,6 @@
 	  <para>
 	    Verbose output.
 	    Equivalent to the <option>-d</option> debug option.
-	    Verbose output can also be enabled by setting
-	    the <parameter>debug</parameter> option
-	    in <filename>/etc/resolv.conf</filename>.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -370,9 +357,7 @@
 	  <para>
 	    By default, <command>host</command> will wait for 5
 	    seconds for UDP responses and 10 seconds for TCP
-	    connections. These defaults can be overridden by
-	    the <parameter>timeout</parameter> option
-	    in <filename>/etc/resolv.conf</filename>.
+	    connections.
 	  </para>
 	  <para>
 	    See also the <option>-w</option> option.

bin/dig/host.html

@@ -1,37 +1,78 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.host"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>host &#8212; DNS lookup utility</p>
+<p>
+    host
+     &#8212; DNS lookup utility
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTUwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [[<code class="option">-4</code>] |  [<code class="option">-6</code>]] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">host</code> 
+       [<code class="option">-aCdlnrsTwv</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>]
+       [<code class="option">-R <em class="replaceable"><code>number</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
+       [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>]
+       [
+	[<code class="option">-4</code>]
+	 |  [<code class="option">-6</code>]
+      ]
+       [<code class="option">-v</code>]
+       [<code class="option">-V</code>]
+       {name}
+       [server]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>host</strong></span>
+
+
+    <p><span class="command"><strong>host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
       When no arguments or options are given,
       <span class="command"><strong>host</strong></span>
       prints a short summary of its command line arguments and options.
     </p>
-<p><em class="parameter"><code>name</code></em> is the domain name that is to be
+
+    <p><em class="parameter"><code>name</code></em> is the domain name that is to be
       looked
       up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
       IPv6 address, in which case <span class="command"><strong>host</strong></span> will by
@@ -43,68 +84,86 @@
       should query instead of the server or servers listed in
       <code class="filename">/etc/resolv.conf</code>.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-4</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Use IPv4 only for query transport.
 	    See also the <code class="option">-6</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-6</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Use IPv6 only for query transport.
 	    See also the <code class="option">-4</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-a</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    "All". The <code class="option">-a</code> option is normally equivalent
 	    to <code class="option">-v -t <code class="literal">ANY</code></code>.
 	    It also affects the behaviour of the <code class="option">-l</code>
 	    list zone option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Query class: This can be used to lookup HS (Hesiod) or CH
 	    (Chaosnet) class resource records. The default class is IN
 	    (Internet).
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-C</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check consistency: <span class="command"><strong>host</strong></span> will query the
 	    SOA records for zone <em class="parameter"><code>name</code></em> from all
 	    the listed authoritative name servers for that zone. The
 	    list of name servers is defined by the NS records that are
 	    found for the zone.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-d</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print debugging traces.
 	    Equivalent to the <code class="option">-v</code> verbose option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-i</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Obsolete.
 	    Use the IP6.INT domain for reverse lookups of IPv6
 	    addresses as defined in RFC1886 and deprecated in RFC4159.
 	    The default is to use IP6.ARPA as specified in RFC3596.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-l</span></dt>
 <dd>
-<p>
+	  <p>
 	    List zone:
 	    The <span class="command"><strong>host</strong></span> command performs a zone transfer of
 	    zone <em class="parameter"><code>name</code></em> and prints out the NS,
 	    PTR and address records (A/AAAA).
 	  </p>
-<p>
+	  <p>
 	    Together, the <code class="option">-l -a</code>
 	    options print all records in the zone.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-N <em class="replaceable"><code>ndots</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    The number of dots that have to be
 	    in <em class="parameter"><code>name</code></em> for it to be considered
 	    absolute. The default value is that defined using the
@@ -114,13 +173,11 @@
 	    searched for in the domains listed in
 	    the <span class="type">search</span> or <span class="type">domain</span> directive
 	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
-<dd><p>
-	    Specify the port on the server to query.  The default is 53.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-r</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Non-recursive query:
 	    Setting this option clears the RD (recursion desired) bit
 	    in the query. This should mean that the name server
@@ -131,30 +188,33 @@
 	    name server by making non-recursive queries and expecting
 	    to receive answers to those queries that can be
 	    referrals to other name servers.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-R <em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Number of retries for UDP queries:
 	    If <em class="parameter"><code>number</code></em> is negative or zero, the
-	    number of retries will default to 1. The default value is
-	    1, or the value of the <em class="parameter"><code>attempts</code></em>
-	    option in <code class="filename">/etc/resolv.conf</code>, if set.
-	  </p></dd>
+	    number of retries will default to 1. The default value is 1.
+	  </p>
+	</dd>
 <dt><span class="term">-s</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Do <span class="emphasis"><em>not</em></span> send the query to the next
 	    nameserver if any server responds with a SERVFAIL
 	    response, which is the reverse of normal stub resolver
 	    behavior.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Query type:
 	    The <em class="parameter"><code>type</code></em> argument can be any
 	    recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
 	  </p>
-<p>
+	  <p>
 	    When no query type is specified, <span class="command"><strong>host</strong></span>
 	    automatically selects an appropriate query type. By default, it
 	    looks for A, AAAA, and MX records.
@@ -165,73 +225,78 @@
 	    address, <span class="command"><strong>host</strong></span> will query for PTR
 	    records.
 	  </p>
-<p>
+	  <p>
 	    If a query type of IXFR is chosen the starting serial
 	    number can be specified by appending an equal followed by
 	    the starting serial number
 	    (like <code class="option">-t <code class="literal">IXFR=12345678</code></code>).
 	  </p>
-</dd>
-<dt>
-<span class="term">-T, </span><span class="term">-U</span>
-</dt>
-<dd><p>
-	    TCP/UDP:
+	</dd>
+<dt><span class="term">-T</span></dt>
+<dd>
+	  <p>
+	    TCP:
 	    By default, <span class="command"><strong>host</strong></span> uses UDP when making
 	    queries. The <code class="option">-T</code> option makes it use a TCP
 	    connection when querying the name server. TCP will be
 	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.  Type ANY queries default
-	    to TCP but can be forced to UDP initially using <code class="option">-U</code>.
-	  </p></dd>
+	    as zone transfer (AXFR) requests.
+	  </p>
+	</dd>
 <dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Memory usage debugging: the flag can
 	    be <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em>,
 	    or <em class="parameter"><code>trace</code></em>. You can specify
 	    the <code class="option">-m</code> option more than once to set
 	    multiple flags.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Verbose output.
 	    Equivalent to the <code class="option">-d</code> debug option.
-	    Verbose output can also be enabled by setting
-	    the <em class="parameter"><code>debug</code></em> option
-	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-V</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print the version number and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-w</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Wait forever: The query timeout is set to the maximum possible.
 	    See also the <code class="option">-W</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Timeout: Wait for up to <em class="parameter"><code>wait</code></em>
 	    seconds for a reply. If <em class="parameter"><code>wait</code></em> is
 	    less than one, the wait interval is set to one second.
 	  </p>
-<p>
+	  <p>
 	    By default, <span class="command"><strong>host</strong></span> will wait for 5
 	    seconds for UDP responses and 10 seconds for TCP
-	    connections. These defaults can be overridden by
-	    the <em class="parameter"><code>timeout</code></em> option
-	    in <code class="filename">/etc/resolv.conf</code>.
+	    connections.
 	  </p>
-<p>
+	  <p>
 	    See also the <code class="option">-w</code> option.
 	  </p>
-</dd>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>IDN SUPPORT</h2>
-<p>
+
+    <p>
       If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
       <span class="command"><strong>host</strong></span> appropriately converts character encoding of
@@ -242,17 +307,26 @@
       The IDN support is disabled if the variable is set when
       <span class="command"><strong>host</strong></span> runs.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
+
+    <p><code class="filename">/etc/resolv.conf</code>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/dig/include/dig/dig.h

@@ -1,12 +1,18 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009, 2011-2017  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 #ifndef DIG_H
@@ -14,13 +20,11 @@
 
 /*! \file */
 
-#include <inttypes.h>
-#include <stdbool.h>
-
 #include <dns/rdatalist.h>
 
 #include <dst/dst.h>
 
+#include <isc/boolean.h>
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
 #include <isc/formatcheck.h>
@@ -63,10 +67,6 @@
 #define SERVER_TIMEOUT 1
 
 #define LOOKUP_LIMIT 64
-
-#define DEFAULT_EDNS_VERSION 0
-#define DEFAULT_EDNS_BUFSIZE 4096
-
 /*%
  * Lookup_limit is just a limiter, keeping too many lookups from being
  * created.  It's job is mainly to prevent the program from running away
@@ -99,7 +99,7 @@ typedef struct dig_searchlist dig_searchlist_t;
 
 /*% The dig_lookup structure */
 struct dig_lookup {
-	bool
+	isc_boolean_t
 		pending, /*%< Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
@@ -112,7 +112,6 @@ struct dig_lookup {
 		aaonly,
 		adflag,
 		cdflag,
-		zflag,
 		trace, /*% dig +trace */
 		trace_root, /*% initial query for either +trace or +nssearch */
 		tcp_mode,
@@ -131,20 +130,17 @@ struct dig_lookup {
 		besteffort,
 		dnssec,
 		expire,
-		sendcookie,
-		seenbadcookie,
-		badcookie,
+#ifdef ISC_PLATFORM_USESIT
+		sit,
+#endif
 		nsid,   /*% Name Server ID (RFC 5001) */
-		header_only,
 		ednsneg,
 		mapped,
-		print_unknown_format,
-		idnin,
 		idnout;
 #ifdef DIG_SIGCHASE
-bool	sigchase;
+isc_boolean_t	sigchase;
 #if DIG_SIGCHASE_TD
-	bool do_topdown,
+	isc_boolean_t do_topdown,
 		trace_root_sigchase,
 		rdtype_sigchaseset,
 		rdclass_sigchaseset;
@@ -163,8 +159,8 @@ bool	sigchase;
 	dns_rdataclass_t rdclass_sigchase;
 #endif
 	dns_rdataclass_t rdclass;
-	bool rdtypeset;
-	bool rdclassset;
+	isc_boolean_t rdtypeset;
+	isc_boolean_t rdclassset;
 	char name_space[BUFSIZE];
 	char oname_space[BUFSIZE];
 	isc_buffer_t namebuf;
@@ -182,22 +178,23 @@ bool	sigchase;
 	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
-	uint32_t retries;
+	isc_uint32_t retries;
 	int nsfound;
-	int16_t udpsize;
-	int16_t edns;
-	uint32_t ixfr_serial;
+	isc_uint16_t udpsize;
+	isc_int16_t edns;
+	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
-	uint32_t msgcounter;
+	isc_uint32_t msgcounter;
 	dns_fixedname_t fdomain;
 	isc_sockaddr_t *ecs_addr;
-	char *cookie;
+#ifdef ISC_PLATFORM_USESIT
+	char *sitvalue;
+#endif
 	dns_ednsopt_t *ednsopts;
 	unsigned int ednsoptscnt;
-	isc_dscp_t dscp;
 	unsigned int ednsflags;
 	dns_opcode_t opcode;
 	unsigned int eoferr;
@@ -206,7 +203,7 @@ bool	sigchase;
 /*% The dig_query structure */
 struct dig_query {
 	dig_lookup_t *lookup;
-	bool waiting_connect,
+	isc_boolean_t waiting_connect,
 		pending_free,
 		waiting_senddone,
 		first_pass,
@@ -216,11 +213,11 @@ struct dig_query {
 		recv_made,
 		warn_id,
 		timedout;
-	uint32_t first_rr_serial;
-	uint32_t second_rr_serial;
-	uint32_t msg_count;
-	uint32_t rr_count;
-	bool ixfr_axfr;
+	isc_uint32_t first_rr_serial;
+	isc_uint32_t second_rr_serial;
+	isc_uint32_t msg_count;
+	isc_uint32_t rr_count;
+	isc_boolean_t ixfr_axfr;
 	char *servname;
 	char *userarg;
 	isc_bufferlist_t sendlist,
@@ -238,7 +235,7 @@ struct dig_query {
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
 	isc_time_t time_recv;
-	uint64_t byte_count;
+	isc_uint64_t byte_count;
 	isc_buffer_t sendbuf;
 	isc_timer_t *timer;
 };
@@ -272,7 +269,7 @@ extern dig_serverlist_t server_list;
 extern dig_searchlistlist_t search_list;
 extern unsigned int extrabytes;
 
-extern bool check_ra, have_ipv4, have_ipv6, specified_source,
+extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
 	usesearch, showsearch, qr;
 extern in_port_t port;
 extern unsigned int timeout;
@@ -290,19 +287,18 @@ extern unsigned int digestbits;
 #ifdef DIG_SIGCHASE
 extern char trustedkey[MXNAME];
 #endif
-extern dns_tsigkey_t *tsigkey;
-extern bool validated;
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
 extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *global_task;
-extern bool free_now;
-extern bool debugging, debugtiming, memdebugging;
-extern bool keep_open;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, debugtiming, memdebugging;
+extern isc_boolean_t keep_open;
 
 extern char *progname;
 extern int tries;
 extern int fatalexit;
-extern bool verbose;
-#ifdef WITH_IDNKIT
+#ifdef WITH_IDN
 extern int idnoptions;
 #endif
 
@@ -310,14 +306,14 @@ extern int idnoptions;
  * Routines in dighost.c.
  */
 isc_result_t
-get_address(char *host, in_port_t myport, isc_sockaddr_t *sockaddr);
+get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
 int
 getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp);
 
 isc_result_t
-get_reverse(char *reverse, size_t len, char *value, bool ip6_int,
-	    bool strict);
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+	    isc_boolean_t strict);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
@@ -329,7 +325,7 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 void
 check_result(isc_result_t result, const char *msg);
 
-bool
+isc_boolean_t
 setup_lookup(dig_lookup_t *lookup);
 
 void
@@ -351,14 +347,14 @@ void
 setup_libs(void);
 
 void
-setup_system(bool ipv4only, bool ipv6only);
+setup_system(void);
 
 isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max,
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc);
 
 isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max,
+parse_xint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc);
 
 isc_result_t
@@ -368,13 +364,13 @@ void
 parse_hmac(const char *hmacstr);
 
 dig_lookup_t *
-requeue_lookup(dig_lookup_t *lookold, bool servers);
+requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_lookup_t *
 make_empty_lookup(void);
 
 dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, bool servers);
+clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_server_t *
 make_server(const char *servname, const char *userarg);
@@ -417,13 +413,13 @@ extern isc_result_t
 #endif
 
 extern isc_result_t
-(*dighost_printmessage)(dig_query_t *query, dns_message_t *msg, bool headers);
+(*dighost_printmessage)(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
 /*%<
  * Print the final result of the lookup.
  */
 
 extern void
-(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query);
+(*dighost_received)(int bytes, isc_sockaddr_t *from, dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
@@ -464,7 +460,7 @@ dig_setup(int argc, char **argv);
  * Call to supply new parameters for the next lookup
  */
 void
-dig_query_setup(bool, bool, int argc, char **argv);
+dig_query_setup(isc_boolean_t, isc_boolean_t, int argc, char **argv);
 
 /*%<
  * set the main application event cycle running

bin/dig/nslookup.1

@@ -1,15 +1,23 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: nslookup
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2014-01-24
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -85,7 +93,6 @@ nslookup \-query=hinfo  \-timeout=10
 .if n \{\
 .RE
 .\}
-.sp
 .PP
 The
 \fB\-version\fR
@@ -190,7 +197,7 @@ The class specifies the protocol group of the information\&.
 (Default = IN; abbreviation = cl)
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBdebug\fR
+\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
 .RS 4
 Turn on or off the display of the full response packet and any intermediate response packets when searching\&.
 .sp
@@ -198,7 +205,7 @@ Turn on or off the display of the full response packet and any intermediate resp
 [no]deb)
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBd2\fR
+\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
 .RS 4
 Turn debugging mode on or off\&. This displays more about what nslookup is doing\&.
 .sp
@@ -211,7 +218,7 @@ Sets the search list to
 \fIname\fR\&.
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBsearch\fR
+\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
 .RS 4
 If the lookup request contains at least one period but doesn\*(Aqt end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&.
 .sp
@@ -234,13 +241,10 @@ Change the default TCP/UDP name server port to
 .RS 4
 Change the type of the information query\&.
 .sp
-(Default = A and then AAAA; abbreviations = q, ty)
-.sp
-\fBNote:\fR
-It is only possible to specify one query type, only the default behavior looks up both when an alternative is not specified\&.
+(Default = A; abbreviations = q, ty)
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBrecurse\fR
+\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
 .RS 4
 Tell the name server to query other servers if it does not have the information\&.
 .sp
@@ -262,14 +266,14 @@ Set the number of retries to number\&.
 Change the initial timeout interval for waiting for a reply to number seconds\&.
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBvc\fR
+\fB \fR\fB\fI[no]\fR\fR\fBvc\fR
 .RS 4
 Always use a virtual circuit when sending requests to the server\&.
 .sp
 (Default = novc)
 .RE
 .PP
-\fB\fI[no]\fR\fR\fBfail\fR
+\fB \fR\fB\fI[no]\fR\fR\fBfail\fR
 .RS 4
 Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response\&.
 .sp
@@ -281,17 +285,6 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .PP
 \fBnslookup\fR
 returns with an exit status of 1 if any query failed, and 0 otherwise\&.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBnslookup\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
-\fBnslookup\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBnslookup\fR
-runs or when the standard output is not a tty\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -305,5 +298,5 @@ runs or when the standard output is not a tty\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -1,18 +1,22 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2017  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include <config.h>
 
-#include <inttypes.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -48,11 +52,6 @@
 #elif defined(HAVE_EDITLINE_READLINE_H)
 #include <editline/readline.h>
 #elif defined(HAVE_READLINE_READLINE_H)
-/* Prevent deprecated functions being declared. */
-#define _FUNCTION_DEF 1
-/* Ensure rl_message() gets prototype. */
-#define USE_VARARGS   1
-#define PREFER_STDARG 1
 #include <readline/readline.h>
 #if defined (HAVE_READLINE_HISTORY_H)
 #include <readline/history.h>
@@ -60,18 +59,17 @@
 #endif
 #endif
 
-static bool short_form = true,
-	tcpmode = false, tcpmode_set = false,
-	identify = false, stats = true,
-	comments = true, section_question = true,
-	section_answer = true, section_authority = true,
-	section_additional = true, recurse = true,
-	aaonly = false, nofail = true,
-	default_lookups = true, a_noanswer = false;
+static isc_boolean_t short_form = ISC_TRUE,
+	tcpmode = ISC_FALSE,
+	identify = ISC_FALSE, stats = ISC_TRUE,
+	comments = ISC_TRUE, section_question = ISC_TRUE,
+	section_answer = ISC_TRUE, section_authority = ISC_TRUE,
+	section_additional = ISC_TRUE, recurse = ISC_TRUE,
+	aaonly = ISC_FALSE, nofail = ISC_TRUE;
 
-static bool interactive;
+static isc_boolean_t interactive;
 
-static bool in_use = false;
+static isc_boolean_t in_use = ISC_FALSE;
 static char defclass[MXRD] = "IN";
 static char deftype[MXRD] = "A";
 static isc_event_t *global_event = NULL;
@@ -203,9 +201,9 @@ printsoa(dns_rdata_t *rdata) {
 }
 
 static void
-printaddr(dns_rdata_t *rdata) {
+printa(dns_rdata_t *rdata) {
 	isc_result_t result;
-	char text[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+	char text[sizeof("255.255.255.255")];
 	isc_buffer_t b;
 
 	isc_buffer_init(&b, text, sizeof(text));
@@ -214,7 +212,6 @@ printaddr(dns_rdata_t *rdata) {
 	printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b),
 	       (char *)isc_buffer_base(&b));
 }
-
 #ifdef DIG_SIGCHASE
 /* Just for compatibility : not use in host program */
 static isc_result_t
@@ -224,7 +221,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
 	UNUSED(owner_name);
 	UNUSED(rdataset);
 	UNUSED(target);
-	return(false);
+	return(ISC_FALSE);
 }
 #endif
 static void
@@ -232,7 +229,7 @@ printrdata(dns_rdata_t *rdata) {
 	isc_result_t result;
 	isc_buffer_t *b = NULL;
 	unsigned int size = 1024;
-	bool done = false;
+	isc_boolean_t done = ISC_FALSE;
 
 	if (rdata->type < N_KNOWN_RRTYPES)
 		printf("%s", rtypetext[rdata->type]);
@@ -247,7 +244,7 @@ printrdata(dns_rdata_t *rdata) {
 		if (result == ISC_R_SUCCESS) {
 			printf("%.*s\n", (int)isc_buffer_usedlength(b),
 			       (char *)isc_buffer_base(b));
-			done = true;
+			done = ISC_TRUE;
 		} else if (result != ISC_R_NOSPACE)
 			check_result(result, "dns_rdata_totext");
 		isc_buffer_free(&b);
@@ -256,7 +253,7 @@ printrdata(dns_rdata_t *rdata) {
 }
 
 static isc_result_t
-printsection(dig_query_t *query, dns_message_t *msg, bool headers,
+printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
@@ -286,13 +283,12 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 				dns_rdataset_current(rdataset, &rdata);
 				switch (rdata.type) {
 				case dns_rdatatype_a:
-				case dns_rdatatype_aaaa:
 					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
 					dns_name_format(name, namebuf,
 							sizeof(namebuf));
 					printf("Name:\t%s\n", namebuf);
-					printaddr(&rdata);
+					printa(&rdata);
 					break;
 				case dns_rdatatype_soa:
 					dns_name_format(name, namebuf,
@@ -323,7 +319,7 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static isc_result_t
-detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
+detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
@@ -409,7 +405,7 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query)
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
 {
 	UNUSED(bytes);
 	UNUSED(from);
@@ -422,33 +418,8 @@ trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 }
 
-static void
-chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
-	isc_result_t result;
-	dns_rdataset_t *rdataset;
-	dns_rdata_cname_t cname;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
-
-	while (i-- > 0) {
-		rdataset = NULL;
-		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-				dns_rdatatype_cname, 0, NULL, &rdataset);
-		if (result != ISC_R_SUCCESS)
-			return;
-		result = dns_rdataset_first(rdataset);
-		check_result(result, "dns_rdataset_first");
-		dns_rdata_reset(&rdata);
-		dns_rdataset_current(rdataset, &rdata);
-		result = dns_rdata_tostruct(&rdata, &cname, NULL);
-		check_result(result, "dns_rdata_tostruct");
-		dns_name_copy(&cname.cname, qname, NULL);
-		dns_rdata_freestruct(&cname);
-	}
-}
-
 static isc_result_t
-printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
 	/* I've we've gotten this far, we've reached a server. */
@@ -456,21 +427,19 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 
 	debug("printmessage()");
 
-	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
-		isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
-		printf("Server:\t\t%s\n", query->userarg);
-		printf("Address:\t%s\n", servtext);
+	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
+	printf("Server:\t\t%s\n", query->userarg);
+	printf("Address:\t%s\n", servtext);
 
-		puts("");
-	}
+	puts("");
 
 	if (!short_form) {
 		puts("------------");
 		/*		detailheader(query, msg);*/
-		detailsection(query, msg, true, DNS_SECTION_QUESTION);
-		detailsection(query, msg, true, DNS_SECTION_ANSWER);
-		detailsection(query, msg, true, DNS_SECTION_AUTHORITY);
-		detailsection(query, msg, true, DNS_SECTION_ADDITIONAL);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_QUESTION);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_ANSWER);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_AUTHORITY);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_ADDITIONAL);
 		puts("------------");
 	}
 
@@ -487,48 +456,16 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 		return (ISC_R_SUCCESS);
 	}
 
-	if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dig_lookup_t *lookup;
-		dns_fixedname_t fixed;
-		dns_name_t *name;
-
-		/* Add AAAA lookup. */
-		name = dns_fixedname_initname(&fixed);
-		dns_name_copy(query->lookup->name, name, NULL);
-		chase_cnamechain(msg, name);
-		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, false);
-		if (lookup != NULL) {
-			strlcpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = true;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-	}
-
-	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
-	    ( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
+	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0)
 		puts("Non-authoritative answer:");
 	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
-	else {
-		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
-			a_noanswer = true;
-
-		else if (!default_lookups ||
-			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
-			 a_noanswer ) )
-			printf("*** Can't find %s: No answer\n",
-				query->lookup->textname);
-	}
+	else
+		printf("*** Can't find %s: No answer\n",
+		       query->lookup->textname);
 
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
-	    (query->lookup->rdtype != dns_rdatatype_a) &&
-	    (query->lookup->rdtype != dns_rdatatype_aaaa) ) {
+	    (query->lookup->rdtype != dns_rdatatype_a)) {
 		puts("\nAuthoritative answers can be found from:");
 		printsection(query, msg, headers,
 			     DNS_SECTION_AUTHORITY);
@@ -539,7 +476,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
 }
 
 static void
-show_settings(bool full, bool serv_only) {
+show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	dig_server_t *srv;
 	isc_sockaddr_t sockaddr;
 	dig_searchlist_t *listent;
@@ -570,7 +507,7 @@ show_settings(bool full, bool serv_only) {
 	printf("  %s\t\t%s\n",
 	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n",
+	printf("  timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
 	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
@@ -584,7 +521,7 @@ show_settings(bool full, bool serv_only) {
 	printf("\n");
 }
 
-static bool
+static isc_boolean_t
 testtype(char *typetext) {
 	isc_result_t result;
 	isc_textregion_t tr;
@@ -594,14 +531,14 @@ testtype(char *typetext) {
 	tr.length = strlen(typetext);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
 	if (result == ISC_R_SUCCESS)
-		return (true);
+		return (ISC_TRUE);
 	else {
 		printf("unknown query type: %s\n", typetext);
-		return (false);
+		return (ISC_FALSE);
 	}
 }
 
-static bool
+static isc_boolean_t
 testclass(char *typetext) {
 	isc_result_t result;
 	isc_textregion_t tr;
@@ -611,24 +548,24 @@ testclass(char *typetext) {
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
 	if (result == ISC_R_SUCCESS)
-		return (true);
+		return (ISC_TRUE);
 	else {
 		printf("unknown query class: %s\n", typetext);
-		return (false);
+		return (ISC_FALSE);
 	}
 }
 
 static void
 set_port(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 65535, "port");
 	if (result == ISC_R_SUCCESS)
-		port = (uint16_t) n;
+		port = (isc_uint16_t) n;
 }
 
 static void
 set_timeout(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
 	if (result == ISC_R_SUCCESS)
 		timeout = n;
@@ -636,7 +573,7 @@ set_timeout(const char *value) {
 
 static void
 set_tries(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
 	if (result == ISC_R_SUCCESS)
 		tries = n;
@@ -644,7 +581,7 @@ set_tries(const char *value) {
 
 static void
 set_ndots(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 128, "ndots");
 	if (result == ISC_R_SUCCESS)
 		ndots = n;
@@ -663,7 +600,7 @@ setoption(char *opt) {
 	((l >= N) && (l < sizeof(A)) && (strncasecmp(opt, A, l) == 0))
 
 	if (CHECKOPT("all", 3)) {
-		show_settings(true, false);
+		show_settings(ISC_TRUE, ISC_FALSE);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
 		if (testclass(&opt[6]))
 			strlcpy(defclass, &opt[6], sizeof(defclass));
@@ -671,43 +608,31 @@ setoption(char *opt) {
 		if (testclass(&opt[3]))
 			strlcpy(defclass, &opt[3], sizeof(defclass));
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
-		if (testtype(&opt[5])) {
+		if (testtype(&opt[5]))
 			strlcpy(deftype, &opt[5], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
-		if (testtype(&opt[3])) {
+		if (testtype(&opt[3]))
 			strlcpy(deftype, &opt[3], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
-		if (testtype(&opt[10])) {
+		if (testtype(&opt[10]))
 			strlcpy(deftype, &opt[10], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
-		if (testtype(&opt[6])) {
+		if (testtype(&opt[6]))
 			strlcpy(deftype, &opt[6], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "qu=", 3) == 0) {
-		if (testtype(&opt[3])) {
+		if (testtype(&opt[3]))
 			strlcpy(deftype, &opt[3], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "q=", 2) == 0) {
-		if (testtype(&opt[2])) {
+		if (testtype(&opt[2]))
 			strlcpy(deftype, &opt[2], sizeof(deftype));
-			default_lookups = false;
-		}
 	} else if (strncasecmp(opt, "domain=", 7) == 0) {
 		strlcpy(domainopt, &opt[7], sizeof(domainopt));
 		set_search_domain(domainopt);
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "do=", 3) == 0) {
 		strlcpy(domainopt, &opt[3], sizeof(domainopt));
 		set_search_domain(domainopt);
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "port=", 5) == 0) {
 		set_port(&opt[5]);
 	} else if (strncasecmp(opt, "po=", 3) == 0) {
@@ -717,43 +642,41 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "t=", 2) == 0) {
 		set_timeout(&opt[2]);
 	} else if (CHECKOPT("recurse", 3)) {
-		recurse = true;
+		recurse = ISC_TRUE;
 	} else if (CHECKOPT("norecurse", 5)) {
-		recurse = false;
+		recurse = ISC_FALSE;
 	} else if (strncasecmp(opt, "retry=", 6) == 0) {
 		set_tries(&opt[6]);
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
 		set_tries(&opt[4]);
 	} else if (CHECKOPT("defname", 3)) {
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (CHECKOPT("nodefname", 5)) {
-		usesearch = false;
-	} else if (CHECKOPT("vc", 2)) {
-		tcpmode = true;
-		tcpmode_set = true;
-	} else if (CHECKOPT("novc", 4)) {
-		tcpmode = false;
-		tcpmode_set = true;
-	} else if (CHECKOPT("debug", 3)) {
-		short_form = false;
-		showsearch = true;
-	} else if (CHECKOPT("nodebug", 5)) {
-		short_form = true;
-		showsearch = false;
-	} else if (CHECKOPT("d2", 2)) {
-		debugging = true;
-	} else if (CHECKOPT("nod2", 4)) {
-		debugging = false;
-	} else if (CHECKOPT("search", 3)) {
-		usesearch = true;
-	} else if (CHECKOPT("nosearch", 5)) {
-		usesearch = false;
-	} else if (CHECKOPT("sil", 3)) {
-		/* deprecation_msg = false; */
-	} else if (CHECKOPT("fail", 3)) {
-		nofail=false;
-	} else if (CHECKOPT("nofail", 5)) {
-		nofail=true;
+		usesearch = ISC_FALSE;
+	} else if (CHECKOPT("vc", 2) == 0) {
+		tcpmode = ISC_TRUE;
+	} else if (CHECKOPT("novc", 4) == 0) {
+		tcpmode = ISC_FALSE;
+	} else if (CHECKOPT("debug", 3) == 0) {
+		short_form = ISC_FALSE;
+		showsearch = ISC_TRUE;
+	} else if (CHECKOPT("nodebug", 5) == 0) {
+		short_form = ISC_TRUE;
+		showsearch = ISC_FALSE;
+	} else if (CHECKOPT("d2", 2) == 0) {
+		debugging = ISC_TRUE;
+	} else if (CHECKOPT("nod2", 4) == 0) {
+		debugging = ISC_FALSE;
+	} else if (CHECKOPT("search", 3) == 0) {
+		usesearch = ISC_TRUE;
+	} else if (CHECKOPT("nosearch", 5) == 0) {
+		usesearch = ISC_FALSE;
+	} else if (CHECKOPT("sil", 3) == 0) {
+		/* deprecation_msg = ISC_FALSE; */
+	} else if (CHECKOPT("fail", 3) == 0) {
+		nofail=ISC_FALSE;
+	} else if (CHECKOPT("nofail", 5) == 0) {
+		nofail=ISC_TRUE;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
 	} else {
@@ -771,9 +694,6 @@ addlookup(char *opt) {
 	char store[MXNAME];
 
 	debug("addlookup()");
-
-	a_noanswer = false;
-
 	tr.base = deftype;
 	tr.length = strlen(deftype);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
@@ -789,40 +709,36 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, true)
+	if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
 	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = true;
+		lookup->rdtypeset = ISC_TRUE;
 	} else {
 		strlcpy(lookup->textname, opt, sizeof(lookup->textname));
 		lookup->rdtype = rdtype;
-		lookup->rdtypeset = true;
+		lookup->rdtypeset = ISC_TRUE;
 	}
 	lookup->rdclass = rdclass;
-	lookup->rdclassset = true;
-	lookup->trace = false;
+	lookup->rdclassset = ISC_TRUE;
+	lookup->trace = ISC_FALSE;
 	lookup->trace_root = lookup->trace;
-	lookup->ns_search_only = false;
+	lookup->ns_search_only = ISC_FALSE;
 	lookup->identify = identify;
 	lookup->recurse = recurse;
 	lookup->aaonly = aaonly;
 	lookup->retries = tries;
+	lookup->udpsize = 0;
 	lookup->comments = comments;
-	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
-		lookup->tcp_mode = true;
-	else
-		lookup->tcp_mode = tcpmode;
+	lookup->tcp_mode = tcpmode;
 	lookup->stats = stats;
 	lookup->section_question = section_question;
 	lookup->section_answer = section_answer;
 	lookup->section_authority = section_authority;
 	lookup->section_additional = section_additional;
-	lookup->new_search = true;
-	lookup->besteffort = false;
-	if (nofail) {
-		lookup->servfail_stops = false;
-	}
+	lookup->new_search = ISC_TRUE;
+	if (nofail)
+		lookup->servfail_stops = ISC_FALSE;
 	ISC_LIST_INIT(lookup->q);
 	ISC_LINK_INIT(lookup, link);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -846,11 +762,11 @@ do_next_command(char *input) {
 		 (strcasecmp(ptr, "lserver") == 0)) {
 		isc_app_block();
 		set_nameserver(arg);
-		check_ra = false;
+		check_ra = ISC_FALSE;
 		isc_app_unblock();
-		show_settings(true, true);
+		show_settings(ISC_TRUE, ISC_TRUE);
 	} else if (strcasecmp(ptr, "exit") == 0) {
-		in_use = false;
+		in_use = ISC_FALSE;
 	} else if (strcasecmp(ptr, "help") == 0 ||
 		   strcasecmp(ptr, "?") == 0) {
 		printf("The '%s' command is not yet implemented.\n", ptr);
@@ -887,7 +803,7 @@ get_next_command(void) {
 		ptr = fgets(buf, COMMSIZE, stdin);
 	isc_app_unblock();
 	if (ptr == NULL) {
-		in_use = false;
+		in_use = ISC_FALSE;
 	} else
 		do_next_command(ptr);
 #ifdef HAVE_READLINE
@@ -897,29 +813,12 @@ get_next_command(void) {
 	isc_mem_free(mctx, buf);
 }
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-    fprintf(stderr, "Usage:\n");
-    fprintf(stderr,
-"   nslookup [-opt ...]             # interactive mode using default server\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] - server    # interactive mode using 'server'\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] host        # just look up 'host' using default server\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] host server # just look up 'host' using 'server'\n");
-    exit(1);
-}
-
 static void
 parse_args(int argc, char **argv) {
-	bool have_lookup = false;
+	isc_boolean_t have_lookup = ISC_FALSE;
 
-	usesearch = true;
-	for (argc--, argv++; argc > 0 && argv[0] != NULL; argc--, argv++) {
+	usesearch = ISC_TRUE;
+	for (argc--, argv++; argc > 0; argc--, argv++) {
 		debug("main parsing %s", argv[0]);
 		if (argv[0][0] == '-') {
 			if (strncasecmp(argv[0], "-ver", 4) == 0) {
@@ -928,18 +827,15 @@ parse_args(int argc, char **argv) {
 			} else if (argv[0][1] != 0) {
 				setoption(&argv[0][1]);
 			} else
-				have_lookup = true;
+				have_lookup = ISC_TRUE;
 		} else {
 			if (!have_lookup) {
-				have_lookup = true;
-				in_use = true;
+				have_lookup = ISC_TRUE;
+				in_use = ISC_TRUE;
 				addlookup(argv[0]);
 			} else {
-				if (argv[1] != NULL) {
-					usage();
-				}
 				set_nameserver(argv[0]);
-				check_ra = false;
+				check_ra = ISC_FALSE;
 			}
 		}
 	}
@@ -983,7 +879,7 @@ flush_lookup_list(void) {
 
 		}
 		if (l->sendmsg != NULL)
-			dns_message_detach(&l->sendmsg);
+			dns_message_destroy(&l->sendmsg);
 		lp = l;
 		l = ISC_LIST_NEXT(l, link);
 		ISC_LIST_DEQUEUE(lookup_list, lp, link);
@@ -1010,13 +906,13 @@ int
 main(int argc, char **argv) {
 	isc_result_t result;
 
-	interactive = isatty(0);
+	interactive = ISC_TF(isatty(0));
 
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
-	check_ra = true;
+	check_ra = ISC_TRUE;
 
 	/* setup dighost callbacks */
 #ifdef DIG_SIGCHASE
@@ -1033,12 +929,9 @@ main(int argc, char **argv) {
 	setup_libs();
 	progname = argv[0];
 
-	setup_system(false, false);
 	parse_args(argc, argv);
-	if (keyfile[0] != 0)
-		setup_file_key();
-	else if (keysecret[0] != 0)
-		setup_text_key();
+
+	setup_system();
 	if (domainopt[0] != '\0')
 		set_search_domain(domainopt);
 	if (in_use)
@@ -1047,7 +940,7 @@ main(int argc, char **argv) {
 	else
 		result = isc_app_onrun(mctx, global_task, getinput, NULL);
 	check_result(result, "isc_app_onrun");
-	in_use = !in_use;
+	in_use = ISC_TF(!in_use);
 
 	(void)isc_app_run();
 

bin/dig/nslookup.docbook

@@ -1,12 +1,17 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2016  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!--
@@ -38,7 +43,7 @@
  - SUCH DAMAGE.
 -->
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nslookup">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nslookup">
   <info>
     <date>2014-01-24</date>
   </info>
@@ -69,12 +74,6 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2017</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -310,33 +309,35 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </para>
-                  <para>
+		  <para>
                     (Default = IN; abbreviation = cl)
                   </para>
                 </listitem>
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </para>
-                  <para>
+		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
                   </para>
                 </listitem>
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>d2</constant></term>
                 <listitem>
                   <para>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </para>
-                  <para>
+		  <para>
                     (Default = nod2)
                   </para>
                 </listitem>
@@ -352,7 +353,8 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>search</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>search</constant></term>
                 <listitem>
                   <para>
                     If the lookup request contains at least one period but
@@ -360,7 +362,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </para>
-                  <para>
+		  <para>
                     (Default = search)
                   </para>
                 </listitem>
@@ -372,7 +374,7 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
                   </para>
-                  <para>
+		  <para>
                     (Default = 53; abbreviation = po)
                   </para>
                 </listitem>
@@ -391,27 +393,22 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the type of the information query.
                   </para>
-                  <para>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <para>
+                    (Default = A; abbreviations = q, ty)
                   </para>
-                    <para>
-                      <emphasis role="bold">Note:</emphasis> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </para>
                 </listitem>
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>recurse</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>recurse</constant></term>
                 <listitem>
                   <para>
                     Tell the name server to query other servers if it does not
                     have the
                     information.
                   </para>
-                  <para>
+		  <para>
                     (Default = recurse; abbreviation = [no]rec)
                   </para>
                 </listitem>
@@ -421,9 +418,9 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant>ndots=</constant><replaceable>number</replaceable></term>
                 <listitem>
                   <para>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </para>
                 </listitem>
               </varlistentry>
@@ -448,31 +445,33 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>vc</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>vc</constant></term>
                 <listitem>
                   <para>
                     Always use a virtual circuit when sending requests to the
                     server.
                   </para>
-                  <para>
+		  <para>
                     (Default = novc)
                   </para>
                 </listitem>
               </varlistentry>
 
               <varlistentry>
-                <term><constant><replaceable><optional>no</optional></replaceable>fail</constant></term>
+                <term><constant>
+                    <replaceable><optional>no</optional></replaceable>fail</constant></term>
                 <listitem>
                   <para>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </para>
-                  <para>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </para>
+		  <para>
                     (Default = nofail)
                   </para>
-                </listitem>
-              </varlistentry>
+	        </listitem>
+	      </varlistentry>
 
             </variablelist>
           </para>
@@ -488,22 +487,6 @@ nslookup -query=hinfo  -timeout=10
     </para>
   </refsection>
 
-  <refsection><info><title>IDN SUPPORT</title></info>
-
-    <para>
-      If <command>nslookup</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <command>nslookup</command> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when
-      <command>nslookup</command> runs or when the standard output is not
-      a tty.
-    </para>
-  </refsection>
-
   <refsection><info><title>FILES</title></info>
 
     <para><filename>/etc/resolv.conf</filename>

bin/dig/nslookup.html

@@ -1,30 +1,56 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.nslookup"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>nslookup &#8212; query Internet name servers interactively</p>
+<p>
+    nslookup
+     &#8212; query Internet name servers interactively
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">nslookup</code> 
+       [<code class="option">-option</code>]
+       [name | -]
+       [server]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>Nslookup</strong></span>
+
+    <p><span class="command"><strong>Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span class="command"><strong>Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
       the user to query name servers for information about various hosts and
@@ -33,29 +59,37 @@
       used to print just the name and requested information for a host or
       domain.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>ARGUMENTS</h2>
-<p>
+
+    <p>
       Interactive mode is entered in the following cases:
       </p>
 <div class="orderedlist"><ol class="orderedlist" type="a">
-<li class="listitem"><p>
+<li class="listitem">
+          <p>
             when no arguments are given (the default name server will be used)
-          </p></li>
-<li class="listitem"><p>
+          </p>
+        </li>
+<li class="listitem">
+          <p>
             when the first argument is a hyphen (-) and the second argument is
             the host name or Internet address of a name server.
-          </p></li>
+          </p>
+        </li>
 </ol></div>
 <p>
     </p>
-<p>
+
+    <p>
       Non-interactive mode is used when the name or Internet address of the
       host to be looked up is given as the first argument. The optional second
       argument specifies the host name or address of a name server.
     </p>
-<p>
+
+    <p>
       Options can also be specified on the command line if they precede the
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
@@ -68,261 +102,299 @@ nslookup -query=hinfo  -timeout=10
 <p>
       
     </p>
-<p>
+    <p>
       The <code class="option">-version</code> option causes
       <span class="command"><strong>nslookup</strong></span> to print the version
       number and immediately exits.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>INTERACTIVE COMMANDS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
 <dd>
-<p>
+          <p>
             Look up information for host using the current default server or
             using server, if specified.  If host is an Internet address and
             the query type is A or PTR, the name of the host is returned.
             If host is a name and does not have a trailing period, the
             search list is used to qualify the name.
           </p>
-<p>
+
+          <p>
             To look up a host not in the current domain, append a period to
             the name.
           </p>
-</dd>
+        </dd>
 <dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p></p></dd>
+<dd>
+          <p></p>
+        </dd>
 <dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
             server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
             the current default server.  If an authoritative answer can't be
             found, the names of servers that might have the answer are
             returned.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">root</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">finger</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">ls</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">view</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">help</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">?</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">exit</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             Exits the program.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">set</code>
           <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
 <dd>
-<p>
+          <p>
             This command is used to change state information that affects
             the lookups.  Valid keywords are:
             </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">all</code></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Prints the current values of the frequently used
                     options to <span class="command"><strong>set</strong></span>.
                     Information about the  current default
                     server and host is also printed.
-                  </p></dd>
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the query class to one of:
                     </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">IN</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Internet class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">CH</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Chaos class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">HS</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Hesiod class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">ANY</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             wildcard
-                          </p></dd>
+                          </p>
+                        </dd>
 </dl></div>
 <p>
                     The class specifies the protocol group of the information.
 
                   </p>
-<p>
+		  <p>
                     (Default = IN; abbreviation = cl)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
-<p>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+                  <p>
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </p>
-<p>
+		  <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </p>
-<p>
+		  <p>
                     (Default = nod2)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
-                    Sets the search list to <em class="replaceable"><code>name</code></em>.
-                  </p></dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
 <dd>
-<p>
+                  <p>
+                    Sets the search list to <em class="replaceable"><code>name</code></em>.
+                  </p>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+                  <p>
                     If the lookup request contains at least one period but
                     doesn't end with a trailing period, append the domain
                     names in the domain search list to the request until an
                     answer is received.
                   </p>
-<p>
+		  <p>
                     (Default = search)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
                   </p>
-<p>
+		  <p>
                     (Default = 53; abbreviation = po)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd><p></p></dd>
+<dd>
+                  <p></p>
+                </dd>
 <dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the type of the information query.
                   </p>
-<p>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <p>
+                    (Default = A; abbreviations = q, ty)
                   </p>
-<p>
-                      <span class="bold"><strong>Note:</strong></span> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </p>
-</dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Tell the name server to query other servers if it does not
                     have the
                     information.
                   </p>
-<p>
+		  <p>
                     (Default = recurse; abbreviation = [no]rec)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
-                  </p></dd>
+<dd>
+                  <p>
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Set the number of retries to number.
-                  </p></dd>
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Change the initial timeout interval for waiting for a
                     reply to number seconds.
-                  </p></dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+                  </p>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Always use a virtual circuit when sending requests to the
                     server.
                   </p>
-<p>
+		  <p>
                     (Default = novc)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant">
+                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
 <dd>
-<p>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </p>
-<p>
+                  <p>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </p>
+		  <p>
                     (Default = nofail)
                   </p>
-</dd>
+	        </dd>
 </dl></div>
 <p>
           </p>
-</dd>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>RETURN VALUES</h2>
-<p>
+    <p>
       <span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
       if any query failed, and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
-<a name="id-1.11"></a><h2>IDN SUPPORT</h2>
-<p>
-      If <span class="command"><strong>nslookup</strong></span> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <span class="command"><strong>nslookup</strong></span> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span class="command"><strong>nslookup</strong></span> runs or when the standard output is not
-      a tty.
+  </div>
+
+  <div class="refsection">
+<a name="id-1.11"></a><h2>FILES</h2>
+
+    <p><code class="filename">/etc/resolv.conf</code>
     </p>
-</div>
-<div class="refsection">
-<a name="id-1.12"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
+  </div>
+
+  <div class="refsection">
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">host</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>.
     </p>
-</div>
-<div class="refsection">
-<a name="id-1.13"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
-    </p>
-</div>
+  </div>
 </div></body>
 </html>

bin/dig/win32/dig.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{F938F9B8-D395-4A40-BEC7-0122D289C692}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dig</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -79,8 +73,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/win32/dighost.dsw

@@ -1,29 +1,29 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/dig/win32/dighost.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{140DE800-E552-43CC-B0C7-A33A92E368CA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dighost</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -77,8 +71,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/win32/host.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BA1048A8-6961-4A20-BE12-08BE20611C9D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>host</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -79,8 +73,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/win32/nslookup.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{C15A6E1A-94CE-4686-99F9-6BC5FD623EB5}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>nslookup</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;@CRYPTO@USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -79,8 +73,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dnssec/Makefile.in

@@ -1,11 +1,19 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005, 2007-2009, 2012-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
 #
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: Makefile.in,v 1.42.332.1 2011/03/16 06:37:51 each Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,7 +29,7 @@ CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
 		@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
 ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 
@@ -109,12 +117,12 @@ installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
 install:: ${TARGETS} installdirs
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
+	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 
 uninstall::
-	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
+	for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t ; done
 
 clean distclean::
 	rm -f ${TARGETS}

bin/dnssec/dnssec-dsfromkey.8

@@ -1,15 +1,23 @@
-.\" Copyright (C) 2008-2012, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: dnssec-dsfromkey
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date: 2012-05-02
 .\"    Manual: BIND9
 .\"    Source: ISC
@@ -39,104 +47,61 @@
 dnssec-dsfromkey \- DNSSEC DS RR generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {keyfile}
+\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
 .HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-A\fR] {\fB\-f\ \fR\fB\fIfile\fR\fR} [dnsname]
+\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
 .HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-1\fR | \fB\-2\fR | \fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-C\fR | \fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] {\-s} {dnsname}
-.HP \w'\fBdnssec\-dsfromkey\fR\ 'u
-\fBdnssec\-dsfromkey\fR [\fB\-h\fR | \fB\-V\fR]
+\fBdnssec\-dsfromkey\fR [\fB\-h\fR] [\fB\-V\fR]
 .SH "DESCRIPTION"
 .PP
-The
 \fBdnssec\-dsfromkey\fR
-command outputs DS (Delegation Signer) resource records (RRs) and other similarly\-constructed RRs: with the
-\fB\-l\fR
-option it outputs DLV (DNSSEC Lookaside Validation) RRs; or with the
-\fB\-C\fR
-it outputs CDS (Child DS) RRs\&.
-.PP
-The input keys can be specified in a number of ways:
-.PP
-By default,
-\fBdnssec\-dsfromkey\fR
-reads a key file named like
-Knnnn\&.+aaa+iiiii\&.key, as generated by
-\fBdnssec\-keygen\fR\&.
-.PP
-With the
-\fB\-f \fR\fB\fIfile\fR\fR
-option,
-\fBdnssec\-dsfromkey\fR
-reads keys from a zone file or partial zone file (which can contain just the DNSKEY records)\&.
-.PP
-With the
-\fB\-s\fR
-option,
-\fBdnssec\-dsfromkey\fR
-reads a
-keyset\-
-file, as generated by
-\fBdnssec\-keygen\fR
-\fB\-C\fR\&.
+outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s)\&.
 .SH "OPTIONS"
 .PP
 \-1
 .RS 4
-An abbreviation for
-\fB\-a SHA1\fR
+Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256)\&.
 .RE
 .PP
 \-2
 .RS 4
-An abbreviation for
-\fB\-a SHA\-256\fR
+Use SHA\-256 as the digest algorithm\&.
 .RE
 .PP
 \-a \fIalgorithm\fR
 .RS 4
-Specify a digest algorithm to use when converting DNSKEY records to DS records\&. This option can be repeated, so that multiple DS records are created for each DNSKEY record\&.
-.sp
-The
-\fIalgorithm\fR
-must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is to use both SHA\-1 and SHA\-256\&.
-.RE
-.PP
-\-A
-.RS 4
-Include ZSKs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in
-\fB\-f\fR
-zone file mode\&.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class (default is IN)\&. Useful only in
-\fB\-s\fR
-keyset or
-\fB\-f\fR
-zone file mode\&.
+Select the digest algorithm\&. The value of
+\fBalgorithm\fR
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384)\&. These values are case insensitive\&.
 .RE
 .PP
 \-C
 .RS 4
-Generate CDS records rather than DS records\&. This is mutually exclusive with the
-\fB\-l\fR
-option for generating DLV records\&.
+Generate CDS records rather than DS records\&. This is mutually exclusive with generating lookaside records\&.
+.RE
+.PP
+\-T \fITTL\fR
+.RS 4
+Specifies the TTL of the DS records\&.
+.RE
+.PP
+\-K \fIdirectory\fR
+.RS 4
+Look for key files (or, in keyset mode,
+keyset\-
+files) in
+\fBdirectory\fR\&.
 .RE
 .PP
 \-f \fIfile\fR
 .RS 4
-Zone file mode:
-\fBdnssec\-dsfromkey\fR\*(Aqs final
-\fIdnsname\fR
-argument is the DNS domain name of a zone whose master file can be read from
+Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
 \fBfile\fR\&. If the zone name is the same as
 \fBfile\fR, then it may be omitted\&.
 .sp
 If
-\fIfile\fR
-is
+\fBfile\fR
+is set to
 "\-", then the zone data is read from the standard input\&. This makes it possible to use the output of the
 \fBdig\fR
 command as input, as in:
@@ -144,41 +109,26 @@ command as input, as in:
 \fBdig dnskey example\&.com | dnssec\-dsfromkey \-f \- example\&.com\fR
 .RE
 .PP
-\-h
+\-A
 .RS 4
-Prints usage information\&.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Look for key files or
-keyset\-
-files in
-\fBdirectory\fR\&.
+Include ZSK\*(Aqs when generating DS records\&. Without this option, only keys which have the KSK flag set will be converted to DS records and printed\&. Useful only in zone file mode\&.
 .RE
 .PP
 \-l \fIdomain\fR
 .RS 4
 Generate a DLV set instead of a DS set\&. The specified
-\fIdomain\fR
-is appended to the name for each record in the set\&. This is mutually exclusive with the
-\fB\-C\fR
-option for generating CDS records\&.
+\fBdomain\fR
+is appended to the name for each record in the set\&. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431\&. This is mutually exclusive with generating CDS records\&.
 .RE
 .PP
 \-s
 .RS 4
-Keyset mode:
-\fBdnssec\-dsfromkey\fR\*(Aqs final
-\fIdnsname\fR
-argument is the DNS domain name used to locate a
-keyset\-
-file\&.
+Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file\&.
 .RE
 .PP
-\-T \fITTL\fR
+\-c \fIclass\fR
 .RS 4
-Specifies the TTL of the DS records\&. By default the TTL is omitted\&.
+Specifies the DNS class (default is IN)\&. Useful only in keyset or zone file mode\&.
 .RE
 .PP
 \-v \fIlevel\fR
@@ -186,6 +136,11 @@ Specifies the TTL of the DS records\&. By default the TTL is omitted\&.
 Sets the debugging level\&.
 .RE
 .PP
+\-h
+.RS 4
+Prints usage information\&.
+.RE
+.PP
 \-V
 .RS 4
 Prints version information\&.
@@ -194,16 +149,16 @@ Prints version information\&.
 .PP
 To build the SHA\-256 DS RR from the
 \fBKexample\&.com\&.+003+26160\fR
-keyfile name, you can issue the following command:
+keyfile name, the following command would be issued:
 .PP
 \fBdnssec\-dsfromkey \-2 Kexample\&.com\&.+003+26160\fR
 .PP
 The command would print something like:
 .PP
-\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94\fR
+\fBexample\&.com\&. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
 .SH "FILES"
 .PP
-The keyfile can be designated by the key identification
+The keyfile can be designed by the key identification
 Knnnn\&.+aaa+iiiii
 or the full file name
 Knnnn\&.+aaa+iiiii\&.key
@@ -223,20 +178,13 @@ A keyfile error can give a "file not found" even if the file exists\&.
 \fBdnssec-keygen\fR(8),
 \fBdnssec-signzone\fR(8),
 BIND 9 Administrator Reference Manual,
-RFC 3658
-(DS RRs),
-RFC 4431
-(DLV RRs),
-RFC 4509
-(SHA\-256 for DS RRs),
-RFC 6605
-(SHA\-384 for DS RRs),
-RFC 7344
-(CDS and CDNSKEY RRs)\&.
+RFC 3658,
+RFC 4431\&.
+RFC 4509\&.
 .SH "AUTHOR"
 .PP
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,20 +1,23 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2012, 2014, 2015, 2017  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */
 
 #include <config.h>
 
-#include <inttypes.h>
-#include <stdbool.h>
 #include <stdlib.h>
 
 #include <isc/buffer.h>
@@ -22,7 +25,6 @@
 #include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/mem.h>
-#include <isc/platform.h>
 #include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -51,6 +53,10 @@
 
 #include "dnssectool.h"
 
+#ifndef PATH_MAX
+#define PATH_MAX 1024   /* AIX, WIN32, and others don't define this. */
+#endif
+
 const char *program = "dnssec-dsfromkey";
 int verbose;
 
@@ -58,15 +64,16 @@ static dns_rdataclass_t rdclass;
 static dns_fixedname_t	fixed;
 static dns_name_t	*name = NULL;
 static isc_mem_t	*mctx = NULL;
-static uint32_t	ttl;
-static bool	emitttl = false;
+static isc_uint32_t	ttl;
+static isc_boolean_t	emitttl = ISC_FALSE;
 
 static isc_result_t
 initname(char *setname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 
-	name = dns_fixedname_initname(&fixed);
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 
 	isc_buffer_init(&buf, setname, strlen(setname));
 	isc_buffer_add(&buf, strlen(setname));
@@ -118,7 +125,7 @@ loadset(const char *filename, dns_rdataset_t *rdataset) {
 			      isc_result_totext(result));
 	}
 
-	result = dns_db_findnode(db, name, false, &node);
+	result = dns_db_findnode(db, name, ISC_FALSE, &node);
 	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
 
@@ -159,7 +166,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
 		return (ISC_R_NOSPACE);
 	isc_buffer_putstr(&buf, "keyset-");
 
-	result = dns_name_tofilenametext(name, false, &buf);
+	result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
 	check_result(result, "dns_name_tofilenametext()");
 	if (isc_buffer_availablelength(&buf) == 0)
 		return (ISC_R_NOSPACE);
@@ -204,7 +211,8 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 
 	rdclass = dst_key_class(key);
 
-	name = dns_fixedname_initname(&fixed);
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 	result = dns_name_copy(dst_key_name(key), name, NULL);
 	if (result != ISC_R_SUCCESS)
 		fatal("can't copy name");
@@ -233,8 +241,8 @@ logkey(dns_rdata_t *rdata)
 }
 
 static void
-emit(dns_dsdigest_t dtype, bool showall, char *lookaside,
-     bool cds, dns_rdata_t *rdata)
+emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
+     isc_boolean_t cds, dns_rdata_t *rdata)
 {
 	isc_result_t result;
 	unsigned char buf[DNS_DS_BUFFERSIZE];
@@ -263,7 +271,7 @@ emit(dns_dsdigest_t dtype, bool showall, char *lookaside,
 	if (result != ISC_R_SUCCESS)
 		fatal("can't build record");
 
-	result = dns_name_totext(name, false, &nameb);
+	result = dns_name_totext(name, ISC_FALSE, &nameb);
 	if (result != ISC_R_SUCCESS)
 		fatal("can't print name");
 
@@ -316,27 +324,30 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
-	fprintf(stderr, "    %s [options] -f zonefile [zonename]\n\n", program);
-	fprintf(stderr, "    %s [options] -s dnsname\n\n", program);
-	fprintf(stderr, "    %s [-h|-V]\n\n", program);
+	fprintf(stderr,	"    %s options [-K dir] keyfile\n\n", program);
+	fprintf(stderr, "    %s options [-K dir] [-c class] -s dnsname\n\n",
+		program);
+	fprintf(stderr, "    %s options -f zonefile (as zone name)\n\n", program);
+	fprintf(stderr, "    %s options -f zonefile zonename\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Options:\n"
-"    -1: digest algorithm SHA-1\n"
-"    -2: digest algorithm SHA-256\n"
-"    -a algorithm: digest algorithm (SHA-1, SHA-256, SHA-384 or GOST)\n"
-"    -A: include all keys in DS set, not just KSKs (-f only)\n"
-"    -c class: rdata class for DS set (default IN) (-f or -s only)\n"
-"    -C: print CDS records\n"
-"    -f zonefile: read keys from a zone file\n"
-"    -h: print help information\n"
-"    -K directory: where to find key or keyset files\n"
-"    -l zone: print DLV records in the given lookaside zone\n"
-"    -s: read keys from keyset-<dnsname> file\n"
-"    -T: TTL of output records (omitted by default)\n"
-"    -v level: verbosity\n"
-"    -V: print version information\n");
-	fprintf(stderr, "Output: DS, DLV, or CDS RRs\n");
+	fprintf(stderr, "Options:\n");
+	fprintf(stderr, "    -v <verbose level>\n");
+	fprintf(stderr, "    -V: print version information\n");
+	fprintf(stderr, "    -K <directory>: directory in which to find "
+			"key file or keyset file\n");
+	fprintf(stderr, "    -a algorithm: digest algorithm "
+			"(SHA-1, SHA-256, GOST or SHA-384)\n");
+	fprintf(stderr, "    -1: use SHA-1\n");
+	fprintf(stderr, "    -2: use SHA-256\n");
+	fprintf(stderr, "    -C: print CDS record\n");
+	fprintf(stderr, "    -l: add lookaside zone and print DLV records\n");
+	fprintf(stderr, "    -s: read keyset from keyset-<dnsname> file\n");
+	fprintf(stderr, "    -c class: rdata class for DS set (default: IN)\n");
+	fprintf(stderr, "    -T TTL\n");
+	fprintf(stderr, "    -f file: read keyset from zone file\n");
+	fprintf(stderr, "    -A: when used with -f, "
+			"include all keys in DS set, not just KSKs\n");
+	fprintf(stderr, "Output: DS or DLV RRs\n");
 
 	exit (-1);
 }
@@ -346,13 +357,13 @@ main(int argc, char **argv) {
 	char		*algname = NULL, *classname = NULL;
 	char		*filename = NULL, *dir = NULL, *namestr;
 	char		*lookaside = NULL;
-	char		*endp, *arg1;
+	char		*endp;
 	int		ch;
-	dns_dsdigest_t	dtype = DNS_DSDIGEST_SHA1;
-	bool	cds = false;
-	bool	both = true;
-	bool	usekeyset = false;
-	bool	showall = false;
+	unsigned int	dtype = DNS_DSDIGEST_SHA1;
+	isc_boolean_t	cds = ISC_FALSE;
+	isc_boolean_t	both = ISC_TRUE;
+	isc_boolean_t	usekeyset = ISC_FALSE;
+	isc_boolean_t	showall = ISC_FALSE;
 	isc_result_t	result;
 	isc_log_t	*log = NULL;
 	isc_entropy_t	*ectx = NULL;
@@ -373,31 +384,31 @@ main(int argc, char **argv) {
 #endif
 	dns_result_register();
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 #define OPTIONS "12Aa:Cc:d:Ff:K:l:sT:v:hV"
 	while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
 		switch (ch) {
 		case '1':
 			dtype = DNS_DSDIGEST_SHA1;
-			both = false;
+			both = ISC_FALSE;
 			break;
 		case '2':
 			dtype = DNS_DSDIGEST_SHA256;
-			both = false;
+			both = ISC_FALSE;
 			break;
 		case 'A':
-			showall = true;
+			showall = ISC_TRUE;
 			break;
 		case 'a':
 			algname = isc_commandline_argument;
-			both = false;
+			both = ISC_FALSE;
 			break;
 		case 'C':
 			if (lookaside != NULL)
 				fatal("lookaside and CDS are mutually"
 				      " exclusive");
-			cds = true;
+			cds = ISC_TRUE;
 			break;
 		case 'c':
 			classname = isc_commandline_argument;
@@ -423,10 +434,10 @@ main(int argc, char **argv) {
 				fatal("lookaside must be a non-empty string");
 			break;
 		case 's':
-			usekeyset = true;
+			usekeyset = ISC_TRUE;
 			break;
 		case 'T':
-			emitttl = true;
+			emitttl = ISC_TRUE;
 			ttl = atol(isc_commandline_argument);
 			break;
 		case 'v':
@@ -482,19 +493,12 @@ main(int argc, char **argv) {
 
 	/* When not using -f, -A is implicit */
 	if (filename == NULL)
-		showall = true;
+		showall = ISC_TRUE;
 
-	/*
-	 * Use local variable arg1 so that clang can correctly analyse
-	 * reachable paths rather than 'argc < isc_commandline_index + 1'.
-	 */
-	arg1 = argv[isc_commandline_index];
-	if (arg1 == NULL && filename == NULL) {
+	if (argc < isc_commandline_index + 1 && filename == NULL)
 		fatal("the key file name was not specified");
-	}
-	if (arg1 != NULL && argv[isc_commandline_index + 1] != NULL) {
+	if (argc > isc_commandline_index + 1)
 		fatal("extraneous arguments");
-	}
 
 	if (ectx == NULL)
 		setup_entropy(mctx, NULL, &ectx);
@@ -513,29 +517,24 @@ main(int argc, char **argv) {
 	dns_rdataset_init(&rdataset);
 
 	if (usekeyset || filename != NULL) {
-		if (arg1 == NULL) {
-			/* using file name as the zone name */
+		if (argc < isc_commandline_index + 1 && filename != NULL) {
+			/* using zone name as the zone file name */
 			namestr = filename;
-		} else {
-			namestr = arg1;
-		}
+		} else
+			namestr = argv[isc_commandline_index];
 
 		result = initname(namestr);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not initialize name %s", namestr);
-		}
 
-		if (usekeyset) {
+		if (usekeyset)
 			result = loadkeyset(dir, &rdataset);
-		} else {
-			INSIST(filename != NULL);
+		else
 			result = loadset(filename, &rdataset);
-		}
 
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not load DNSKEY set: %s\n",
 			      isc_result_totext(result));
-		}
 
 		for (result = dns_rdataset_first(&rdataset);
 		     result == ISC_R_SUCCESS;
@@ -543,32 +542,30 @@ main(int argc, char **argv) {
 			dns_rdata_init(&rdata);
 			dns_rdataset_current(&rdataset, &rdata);
 
-			if (verbose > 2) {
+			if (verbose > 2)
 				logkey(&rdata);
-			}
 
 			if (both) {
 				emit(DNS_DSDIGEST_SHA1, showall, lookaside,
 				     cds, &rdata);
 				emit(DNS_DSDIGEST_SHA256, showall, lookaside,
 				     cds, &rdata);
-			} else {
+			} else
 				emit(dtype, showall, lookaside, cds, &rdata);
-			}
 		}
 	} else {
 		unsigned char key_buf[DST_KEY_MAXSIZE];
 
-		loadkey(arg1, key_buf, DST_KEY_MAXSIZE, &rdata);
+		loadkey(argv[isc_commandline_index], key_buf,
+			DST_KEY_MAXSIZE, &rdata);
 
 		if (both) {
 			emit(DNS_DSDIGEST_SHA1, showall, lookaside, cds,
 			     &rdata);
 			emit(DNS_DSDIGEST_SHA256, showall, lookaside, cds,
 			     &rdata);
-		} else {
+		} else
 			emit(dtype, showall, lookaside, cds, &rdata);
-		}
 	}
 
 	if (dns_rdataset_isassociated(&rdataset))

bin/dnssec/dnssec-dsfromkey.docbook

@@ -1,16 +1,21 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-dsfromkey">
   <info>
     <date>2012-05-02</date>
   </info>
@@ -40,11 +45,6 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -52,262 +52,202 @@
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>dnssec-dsfromkey</command>
-      <group choice="opt">
-	<arg choice="plain"><option>-1</option></arg>
-	<arg choice="plain"><option>-2</option></arg>
-	<arg choice="plain"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      </group>
-      <group>
-	<arg choice="plain" rep="norepeat"><option>-C</option></arg>
-	<arg choice="plain" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      </group>
-      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-C</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
       <arg choice="req" rep="norepeat">keyfile</arg>
     </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
       <command>dnssec-dsfromkey</command>
-      <group choice="opt">
-	<arg choice="plain"><option>-1</option></arg>
-	<arg choice="plain"><option>-2</option></arg>
-	<arg choice="plain"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      </group>
-      <group>
-	<arg choice="plain" rep="norepeat"><option>-C</option></arg>
-	<arg choice="plain" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      </group>
-      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-A</option></arg>
-      <arg choice="req" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat">dnsname</arg>
-    </cmdsynopsis>
-    <cmdsynopsis sepchar=" ">
-      <command>dnssec-dsfromkey</command>
-      <group choice="opt">
-	<arg choice="plain"><option>-1</option></arg>
-	<arg choice="plain"><option>-2</option></arg>
-	<arg choice="plain"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      </group>
-      <group>
-	<arg choice="plain" rep="norepeat"><option>-C</option></arg>
-	<arg choice="plain" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      </group>
-      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="req" rep="norepeat">-s</arg>
+      <arg choice="opt" rep="norepeat"><option>-1</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-2</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-s</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">file</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-A</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
       <arg choice="req" rep="norepeat">dnsname</arg>
-    </cmdsynopsis>
+   </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
       <command>dnssec-dsfromkey</command>
-      <group choice="opt">
-	<arg choice="plain" rep="norepeat"><option>-h</option></arg>
-	<arg choice="plain" rep="norepeat"><option>-V</option></arg>
-      </group>
-    </cmdsynopsis>
+      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
+   </cmdsynopsis>
   </refsynopsisdiv>
 
   <refsection><info><title>DESCRIPTION</title></info>
 
-    <para>
-      The <command>dnssec-dsfromkey</command> command outputs DS (Delegation
-      Signer) resource records (RRs) and other similarly-constructed RRs:
-      with the <option>-l</option> option it outputs DLV (DNSSEC Lookaside
-      Validation) RRs; or with the <option>-C</option> it outputs CDS (Child
-      DS) RRs.
+    <para><command>dnssec-dsfromkey</command>
+      outputs the Delegation Signer (DS) resource record (RR), as defined in
+      RFC 3658 and RFC 4509, for the given key(s).
     </para>
-
-    <para>
-      The input keys can be specified in a number of ways:
-    </para>
-
-    <para>
-      By default, <command>dnssec-dsfromkey</command> reads a key file
-      named like <filename>Knnnn.+aaa+iiiii.key</filename>, as generated
-      by <command>dnssec-keygen</command>.
-    </para>
-
-    <para>
-      With the <option>-f <replaceable>file</replaceable></option>
-      option, <command>dnssec-dsfromkey</command> reads keys from a zone file
-      or partial zone file (which can contain just the DNSKEY records).
-    </para>
-
-    <para>
-      With the <option>-s</option>
-      option, <command>dnssec-dsfromkey</command> reads
-      a <filename>keyset-</filename> file, as generated
-      by <command>dnssec-keygen</command> <option>-C</option>.
-    </para>
-
   </refsection>
 
   <refsection><info><title>OPTIONS</title></info>
 
+
     <variablelist>
       <varlistentry>
-	<term>-1</term>
-	<listitem>
-	  <para>
-	    An abbreviation for <option>-a SHA1</option>
-	  </para>
-	</listitem>
+        <term>-1</term>
+        <listitem>
+          <para>
+            Use SHA-1 as the digest algorithm (the default is to use
+            both SHA-1 and SHA-256).
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-2</term>
-	<listitem>
-	  <para>
-	    An abbreviation for <option>-a SHA-256</option>
-	  </para>
-	</listitem>
+        <term>-2</term>
+        <listitem>
+          <para>
+            Use SHA-256 as the digest algorithm.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify a digest algorithm to use when converting DNSKEY
-	    records to DS records. This option can be repeated, so
-	    that multiple DS records are created for each DNSKEY
-	    record.
+        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
+        <listitem>
+          <para>
+            Select the digest algorithm. The value of
+            <option>algorithm</option> must be one of SHA-1 (SHA1),
+            SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+            These values are case insensitive.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-C</term>
+        <listitem>
+          <para>
+            Generate CDS records rather than DS records.  This is mutually
+	    exclusive with generating lookaside records.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-T <replaceable class="parameter">TTL</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the TTL of the DS records.
+          </para>
+	  </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-K <replaceable class="parameter">directory</replaceable></term>
+        <listitem>
+          <para>
+            Look for key files (or, in keyset mode,
+            <filename>keyset-</filename> files) in
+            <option>directory</option>.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-f <replaceable class="parameter">file</replaceable></term>
+        <listitem>
+          <para>
+            Zone file mode: in place of the keyfile name, the argument is
+            the DNS domain name of a zone master file, which can be read
+            from <option>file</option>.  If the zone name is the same as
+            <option>file</option>, then it may be omitted.
           </para>
           <para>
-	    The <replaceable>algorithm</replaceable> must be one of
-	    SHA-1, SHA-256, or SHA-384.  These values are case insensitive,
-	    and the hyphen may be omitted.  If no algorithm is specified,
-	    the default is to use both SHA-1 and SHA-256.
-	  </para>
-	</listitem>
+            If <option>file</option> is set to <literal>"-"</literal>, then
+            the zone data is read from the standard input.  This makes it
+            possible to use the output of the <command>dig</command>
+            command as input, as in:
+          </para>
+          <para>
+            <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
         <term>-A</term>
         <listitem>
           <para>
-            Include ZSKs when generating DS records. Without this option, only
-            keys which have the KSK flag set will be converted to DS records
-            and printed. Useful only in <option>-f</option> zone file mode.
+            Include ZSK's when generating DS records.  Without this option,
+            only keys which have the KSK flag set will be converted to DS
+            records and printed.  Useful only in zone file mode.
           </para>
         </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the DNS class (default is IN). Useful only
-	    in <option>-s</option> keyset or <option>-f</option>
-	    zone file mode.
-	  </para>
+        <term>-l <replaceable class="parameter">domain</replaceable></term>
+        <listitem>
+          <para>
+            Generate a DLV set instead of a DS set.  The specified
+            <option>domain</option> is appended to the name for each
+            record in the set.
+            The DNSSEC Lookaside Validation (DLV) RR is described
+            in RFC 4431.  This is mutually exclusive with generating
+	    CDS records.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s</term>
+        <listitem>
+          <para>
+            Keyset mode: in place of the keyfile name, the argument is
+            the DNS domain name of a keyset file.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c <replaceable class="parameter">class</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the DNS class (default is IN).  Useful only
+            in keyset or zone file mode.
+          </para>
 	  </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-C</term>
-	<listitem>
-	  <para>
-	    Generate CDS records rather than DS records. This is mutually
-	    exclusive with the <option>-l</option> option for generating DLV
-	    records.
-	  </para>
-	</listitem>
+        <term>-v <replaceable class="parameter">level</replaceable></term>
+        <listitem>
+          <para>
+            Sets the debugging level.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-f <replaceable class="parameter">file</replaceable></term>
-	<listitem>
-	  <para>
-	    Zone file mode: <command>dnssec-dsfromkey</command>'s
-	    final <replaceable>dnsname</replaceable> argument is
-	    the DNS domain name of a zone whose master file can be read
-	    from <option>file</option>.  If the zone name is the same as
-	    <option>file</option>, then it may be omitted.
-	  </para>
-	  <para>
-	    If <replaceable>file</replaceable> is <literal>"-"</literal>, then
-	    the zone data is read from the standard input.  This makes it
-	    possible to use the output of the <command>dig</command>
-	    command as input, as in:
-	  </para>
-	  <para>
-	    <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
-	  </para>
-	</listitem>
+        <term>-h</term>
+        <listitem>
+          <para>
+            Prints usage information.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Prints usage information.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-K <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-	    Look for key files or <filename>keyset-</filename> files in
-	    <option>directory</option>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-l <replaceable class="parameter">domain</replaceable></term>
-	<listitem>
-	  <para>
-	    Generate a DLV set instead of a DS set. The specified
-	    <replaceable>domain</replaceable> is appended to the name for each
-	    record in the set.
-	    This is mutually exclusive with the <option>-C</option> option
-	    for generating CDS records.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s</term>
-	<listitem>
-	  <para>
-	    Keyset mode: <command>dnssec-dsfromkey</command>'s
-	    final <replaceable>dnsname</replaceable> argument is the DNS
-	    domain name used to locate a <filename>keyset-</filename> file.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-T <replaceable class="parameter">TTL</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the TTL of the DS records. By default the TTL is omitted.
-	  </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-V</term>
-	<listitem>
-	  <para>
-	    Prints version information.
-	  </para>
-	</listitem>
+        <term>-V</term>
+        <listitem>
+          <para>
+            Prints version information.
+          </para>
+        </listitem>
       </varlistentry>
     </variablelist>
   </refsection>
@@ -317,22 +257,21 @@
     <para>
       To build the SHA-256 DS RR from the
       <userinput>Kexample.com.+003+26160</userinput>
-      keyfile name, you can issue the following command:
+      keyfile name, the following command would be issued:
     </para>
     <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
     </para>
     <para>
       The command would print something like:
     </para>
-    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</userinput>
+    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
     </para>
-
   </refsection>
 
   <refsection><info><title>FILES</title></info>
 
     <para>
-      The keyfile can be designated by the key identification
+      The keyfile can be designed by the key identification
       <filename>Knnnn.+aaa+iiiii</filename> or the full file name
       <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
       <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
@@ -354,17 +293,15 @@
   <refsection><info><title>SEE ALSO</title></info>
 
     <para><citerefentry>
-	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citerefentry>
-	<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 3658</citetitle> (DS RRs),
-      <citetitle>RFC 4431</citetitle> (DLV RRs),
-      <citetitle>RFC 4509</citetitle> (SHA-256 for DS RRs),
-      <citetitle>RFC 6605</citetitle> (SHA-384 for DS RRs),
-      <citetitle>RFC 7344</citetitle> (CDS and CDNSKEY RRs).
+      <citetitle>RFC 3658</citetitle>,
+      <citetitle>RFC 4431</citetitle>.
+      <citetitle>RFC 4509</citetitle>.
     </para>
   </refsection>
 

bin/dnssec/dnssec-dsfromkey.html

@@ -1,205 +1,263 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
+<p>
+    <span class="application">dnssec-dsfromkey</span>
+     &#8212; DNSSEC DS RR generation tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [ <code class="option">-1</code>  |   <code class="option">-2</code>  |   <code class="option">-a <em class="replaceable"><code>alg</code></em></code> ] [ <code class="option">-C</code>  |   <code class="option">-l <em class="replaceable"><code>domain</code></em></code> ] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [ <code class="option">-1</code>  |   <code class="option">-2</code>  |   <code class="option">-a <em class="replaceable"><code>alg</code></em></code> ] [ <code class="option">-C</code>  |   <code class="option">-l <em class="replaceable"><code>domain</code></em></code> ] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-A</code>] {<code class="option">-f <em class="replaceable"><code>file</code></em></code>} [dnsname]</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [ <code class="option">-1</code>  |   <code class="option">-2</code>  |   <code class="option">-a <em class="replaceable"><code>alg</code></em></code> ] [ <code class="option">-C</code>  |   <code class="option">-l <em class="replaceable"><code>domain</code></em></code> ] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] {-s} {dnsname}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [ <code class="option">-h</code>  |   <code class="option">-V</code> ]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-dsfromkey</code> 
+       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-1</code>]
+       [<code class="option">-2</code>]
+       [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
+       [<code class="option">-C</code>]
+       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
+       {keyfile}
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-dsfromkey</code> 
+       {-s}
+       [<code class="option">-1</code>]
+       [<code class="option">-2</code>]
+       [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>]
+       [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>]
+       [<code class="option">-s</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>file</code></em></code>]
+       [<code class="option">-A</code>]
+       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+       {dnsname}
+   </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-dsfromkey</code> 
+       [<code class="option">-h</code>]
+       [<code class="option">-V</code>]
+   </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p>
-      The <span class="command"><strong>dnssec-dsfromkey</strong></span> command outputs DS (Delegation
-      Signer) resource records (RRs) and other similarly-constructed RRs:
-      with the <code class="option">-l</code> option it outputs DLV (DNSSEC Lookaside
-      Validation) RRs; or with the <code class="option">-C</code> it outputs CDS (Child
-      DS) RRs.
+
+    <p><span class="command"><strong>dnssec-dsfromkey</strong></span>
+      outputs the Delegation Signer (DS) resource record (RR), as defined in
+      RFC 3658 and RFC 4509, for the given key(s).
     </p>
-<p>
-      The input keys can be specified in a number of ways:
-    </p>
-<p>
-      By default, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads a key file
-      named like <code class="filename">Knnnn.+aaa+iiiii.key</code>, as generated
-      by <span class="command"><strong>dnssec-keygen</strong></span>.
-    </p>
-<p>
-      With the <code class="option">-f <em class="replaceable"><code>file</code></em></code>
-      option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads keys from a zone file
-      or partial zone file (which can contain just the DNSKEY records).
-    </p>
-<p>
-      With the <code class="option">-s</code>
-      option, <span class="command"><strong>dnssec-dsfromkey</strong></span> reads
-      a <code class="filename">keyset-</code> file, as generated
-      by <span class="command"><strong>dnssec-keygen</strong></span> <code class="option">-C</code>.
-    </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-1</span></dt>
-<dd><p>
-	    An abbreviation for <code class="option">-a SHA1</code>
-	  </p></dd>
+<dd>
+          <p>
+            Use SHA-1 as the digest algorithm (the default is to use
+            both SHA-1 and SHA-256).
+          </p>
+        </dd>
 <dt><span class="term">-2</span></dt>
-<dd><p>
-	    An abbreviation for <code class="option">-a SHA-256</code>
-	  </p></dd>
+<dd>
+          <p>
+            Use SHA-256 as the digest algorithm.
+          </p>
+        </dd>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
-<p>
-	    Specify a digest algorithm to use when converting DNSKEY
-	    records to DS records. This option can be repeated, so
-	    that multiple DS records are created for each DNSKEY
-	    record.
+          <p>
+            Select the digest algorithm. The value of
+            <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
+            SHA-256 (SHA256), GOST or SHA-384 (SHA384).
+            These values are case insensitive.
           </p>
-<p>
-	    The <em class="replaceable"><code>algorithm</code></em> must be one of
-	    SHA-1, SHA-256, or SHA-384.  These values are case insensitive,
-	    and the hyphen may be omitted.  If no algorithm is specified,
-	    the default is to use both SHA-1 and SHA-256.
-	  </p>
-</dd>
-<dt><span class="term">-A</span></dt>
-<dd><p>
-            Include ZSKs when generating DS records. Without this option, only
-            keys which have the KSK flag set will be converted to DS records
-            and printed. Useful only in <code class="option">-f</code> zone file mode.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-	    Specifies the DNS class (default is IN). Useful only
-	    in <code class="option">-s</code> keyset or <code class="option">-f</code>
-	    zone file mode.
-	  </p></dd>
+        </dd>
 <dt><span class="term">-C</span></dt>
-<dd><p>
-	    Generate CDS records rather than DS records. This is mutually
-	    exclusive with the <code class="option">-l</code> option for generating DLV
-	    records.
-	  </p></dd>
+<dd>
+          <p>
+            Generate CDS records rather than DS records.  This is mutually
+	    exclusive with generating lookaside records.
+          </p>
+        </dd>
+<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
+<dd>
+          <p>
+            Specifies the TTL of the DS records.
+          </p>
+	  </dd>
+<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+          <p>
+            Look for key files (or, in keyset mode,
+            <code class="filename">keyset-</code> files) in
+            <code class="option">directory</code>.
+          </p>
+        </dd>
 <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
 <dd>
-<p>
-	    Zone file mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
-	    final <em class="replaceable"><code>dnsname</code></em> argument is
-	    the DNS domain name of a zone whose master file can be read
-	    from <code class="option">file</code>.  If the zone name is the same as
-	    <code class="option">file</code>, then it may be omitted.
-	  </p>
-<p>
-	    If <em class="replaceable"><code>file</code></em> is <code class="literal">"-"</code>, then
-	    the zone data is read from the standard input.  This makes it
-	    possible to use the output of the <span class="command"><strong>dig</strong></span>
-	    command as input, as in:
-	  </p>
-<p>
-	    <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
-	  </p>
-</dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Prints usage information.
-	  </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-	    Look for key files or <code class="filename">keyset-</code> files in
-	    <code class="option">directory</code>.
-	  </p></dd>
+          <p>
+            Zone file mode: in place of the keyfile name, the argument is
+            the DNS domain name of a zone master file, which can be read
+            from <code class="option">file</code>.  If the zone name is the same as
+            <code class="option">file</code>, then it may be omitted.
+          </p>
+          <p>
+            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+            the zone data is read from the standard input.  This makes it
+            possible to use the output of the <span class="command"><strong>dig</strong></span>
+            command as input, as in:
+          </p>
+          <p>
+            <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
+          </p>
+        </dd>
+<dt><span class="term">-A</span></dt>
+<dd>
+          <p>
+            Include ZSK's when generating DS records.  Without this option,
+            only keys which have the KSK flag set will be converted to DS
+            records and printed.  Useful only in zone file mode.
+          </p>
+        </dd>
 <dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-	    Generate a DLV set instead of a DS set. The specified
-	    <em class="replaceable"><code>domain</code></em> is appended to the name for each
-	    record in the set.
-	    This is mutually exclusive with the <code class="option">-C</code> option
-	    for generating CDS records.
-	  </p></dd>
+<dd>
+          <p>
+            Generate a DLV set instead of a DS set.  The specified
+            <code class="option">domain</code> is appended to the name for each
+            record in the set.
+            The DNSSEC Lookaside Validation (DLV) RR is described
+            in RFC 4431.  This is mutually exclusive with generating
+	    CDS records.
+          </p>
+        </dd>
 <dt><span class="term">-s</span></dt>
-<dd><p>
-	    Keyset mode: <span class="command"><strong>dnssec-dsfromkey</strong></span>'s
-	    final <em class="replaceable"><code>dnsname</code></em> argument is the DNS
-	    domain name used to locate a <code class="filename">keyset-</code> file.
-	  </p></dd>
-<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
-<dd><p>
-	    Specifies the TTL of the DS records. By default the TTL is omitted.
-	  </p></dd>
+<dd>
+          <p>
+            Keyset mode: in place of the keyfile name, the argument is
+            the DNS domain name of a keyset file.
+          </p>
+        </dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd>
+          <p>
+            Specifies the DNS class (default is IN).  Useful only
+            in keyset or zone file mode.
+          </p>
+	  </dd>
 <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-	    Sets the debugging level.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the debugging level.
+          </p>
+        </dd>
+<dt><span class="term">-h</span></dt>
+<dd>
+          <p>
+            Prints usage information.
+          </p>
+        </dd>
 <dt><span class="term">-V</span></dt>
-<dd><p>
-	    Prints version information.
-	  </p></dd>
+<dd>
+          <p>
+            Prints version information.
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>EXAMPLE</h2>
-<p>
+
+    <p>
       To build the SHA-256 DS RR from the
       <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-      keyfile name, you can issue the following command:
+      keyfile name, the following command would be issued:
     </p>
-<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
+    <p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
     </p>
-<p>
+    <p>
       The command would print something like:
     </p>
-<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0C5EA0B94</code></strong>
+    <p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>FILES</h2>
-<p>
-      The keyfile can be designated by the key identification
+
+    <p>
+      The keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
       <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
       <span class="refentrytitle">dnssec-keygen</span>(8).
     </p>
-<p>
+    <p>
       The keyset file name is built from the <code class="option">directory</code>,
       the string <code class="filename">keyset-</code> and the
       <code class="option">dnsname</code>.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>CAVEAT</h2>
-<p>
+
+    <p>
       A keyfile error can give a "file not found" even if the file exists.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.12"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dnssec-keygen</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">dnssec-signzone</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 3658</em> (DS RRs),
-      <em class="citetitle">RFC 4431</em> (DLV RRs),
-      <em class="citetitle">RFC 4509</em> (SHA-256 for DS RRs),
-      <em class="citetitle">RFC 6605</em> (SHA-384 for DS RRs),
-      <em class="citetitle">RFC 7344</em> (CDS and CDNSKEY RRs).
+      <em class="citetitle">RFC 3658</em>,
+      <em class="citetitle">RFC 4431</em>.
+      <em class="citetitle">RFC 4509</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/dnssec/dnssec-importkey.8

@@ -1,21 +1,29 @@
-.\" Copyright (C) 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: dnssec-importkey
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: August 21, 2015
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 2014-02-20
 .\"    Manual: BIND9
 .\"    Source: ISC
 .\"  Language: English
 .\"
-.TH "DNSSEC\-IMPORTKEY" "8" "August 21, 2015" "ISC" "BIND9"
+.TH "DNSSEC\-IMPORTKEY" "8" "2014\-02\-20" "ISC" "BIND9"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,9 +47,9 @@
 dnssec-importkey \- import DNSKEY records from external systems so they can be managed
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-importkey\fR\ 'u
-\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
+\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
 .HP \w'\fBdnssec\-importkey\fR\ 'u
-\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
+\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-importkey\fR
@@ -101,20 +109,10 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
 Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
 .RE
 .PP
-\-P sync \fIdate/offset\fR
-.RS 4
-Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
-.RE
-.PP
 \-D \fIdate/offset\fR
 .RS 4
 Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
 .RE
-.PP
-\-D sync \fIdate/offset\fR
-.RS 4
-Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
-.RE
 .SH "FILES"
 .PP
 A keyfile can be designed by the key identification
@@ -134,5 +132,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-importkey.c

@@ -1,19 +1,23 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2013-2015  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */
 
 #include <config.h>
 
-#include <stdbool.h>
 #include <stdlib.h>
 
 #include <isc/buffer.h>
@@ -21,7 +25,6 @@
 #include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/mem.h>
-#include <isc/platform.h>
 #include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -50,6 +53,10 @@
 
 #include "dnssectool.h"
 
+#ifndef PATH_MAX
+#define PATH_MAX 1024   /* AIX, WIN32, and others don't define this. */
+#endif
+
 const char *program = "dnssec-importkey";
 int verbose;
 
@@ -57,20 +64,18 @@ static dns_rdataclass_t rdclass;
 static dns_fixedname_t	fixed;
 static dns_name_t	*name = NULL;
 static isc_mem_t	*mctx = NULL;
-static bool	setpub = false, setdel = false;
-static bool	setttl = false;
+static isc_boolean_t	setpub = ISC_FALSE, setdel = ISC_FALSE;
+static isc_boolean_t	setttl = ISC_FALSE;
 static isc_stdtime_t	pub = 0, del = 0;
 static dns_ttl_t	ttl = 0;
-static isc_stdtime_t	syncadd = 0, syncdel = 0;
-static bool	setsyncadd = false;
-static bool	setsyncdel = false;
 
 static isc_result_t
 initname(char *setname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 
-	name = dns_fixedname_initname(&fixed);
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 
 	isc_buffer_init(&buf, setname, strlen(setname));
 	isc_buffer_add(&buf, strlen(setname));
@@ -123,7 +128,7 @@ loadset(const char *filename, dns_rdataset_t *rdataset) {
 			      isc_result_totext(result));
 	}
 
-	result = dns_db_findnode(db, name, false, &node);
+	result = dns_db_findnode(db, name, ISC_FALSE, &node);
 	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
 
@@ -178,7 +183,8 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 
 	rdclass = dst_key_class(key);
 
-	name = dns_fixedname_initname(&fixed);
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 	result = dns_name_copy(dst_key_name(key), name, NULL);
 	if (result != ISC_R_SUCCESS)
 		fatal("can't copy name");
@@ -225,16 +231,11 @@ emit(const char *dir, dns_rdata_t *rdata) {
 		dst_key_free(&tmp);
 	}
 
-	dst_key_setexternal(key, true);
+	dst_key_setexternal(key, ISC_TRUE);
 	if (setpub)
 		dst_key_settime(key, DST_TIME_PUBLISH, pub);
 	if (setdel)
 		dst_key_settime(key, DST_TIME_DELETE, del);
-	if (setsyncadd)
-		dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-	if (setsyncdel)
-		dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-
 	if (setttl)
 		dst_key_setttl(key, ttl);
 
@@ -277,12 +278,8 @@ usage(void) {
 	fprintf(stderr, "Timing options:\n");
 	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
 						     "publication date\n");
-	fprintf(stderr, "    -P sync date/[+-]offset/none: set/unset "
-				"CDS and CDNSKEY publication date\n");
 	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
 						     "deletion date\n");
-	fprintf(stderr, "    -D sync date/[+-]offset/none: set/unset "
-				"CDS and CDNSKEY deletion date\n");
 
 	exit (-1);
 }
@@ -315,24 +312,12 @@ main(int argc, char **argv) {
 #endif
 	dns_result_register();
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 #define CMDLINE_FLAGS "D:f:hK:L:P:v:V"
 	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 		switch (ch) {
 		case 'D':
-			/* -Dsync ? */
-			if (isoptarg("sync", argv, usage)) {
-				if (setsyncdel)
-					fatal("-D sync specified more than "
-					      "once");
-
-				syncdel = strtotime(isc_commandline_argument,
-						   now, now, &setsyncdel);
-				break;
-			}
-			/* -Ddnskey ? */
-			(void)isoptarg("dnskey", argv, usage);
 			if (setdel)
 				fatal("-D specified more than once");
 
@@ -346,21 +331,9 @@ main(int argc, char **argv) {
 			break;
 		case 'L':
 			ttl = strtottl(isc_commandline_argument);
-			setttl = true;
+			setttl = ISC_TRUE;
 			break;
 		case 'P':
-			/* -Psync ? */
-			if (isoptarg("sync", argv, usage)) {
-				if (setsyncadd)
-					fatal("-P sync specified more than "
-					      "once");
-
-				syncadd = strtotime(isc_commandline_argument,
-						   now, now, &setsyncadd);
-				break;
-			}
-			/* -Pdnskey ? */
-			(void)isoptarg("dnskey", argv, usage);
 			if (setpub)
 				fatal("-P specified more than once");
 

bin/dnssec/dnssec-importkey.docbook

@@ -1,21 +1,25 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-importkey">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-importkey">
   <info>
     <date>2014-02-20</date>
   </info>
   <refentryinfo>
-    <date>August 21, 2015</date>
     <corpname>ISC</corpname>
     <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
   </refentryinfo>
@@ -37,11 +41,6 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -52,9 +51,7 @@
       <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-P sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
       <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-V</option></arg>
@@ -66,9 +63,7 @@
       <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-P sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
       <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-V</option></arg>
@@ -103,68 +98,68 @@
     <variablelist>
       <varlistentry>
 	<term>-f <replaceable class="parameter">filename</replaceable></term>
-	<listitem>
-	  <para>
-	    Zone file mode: instead of a public keyfile name, the argument
+        <listitem>
+          <para>
+            Zone file mode: instead of a public keyfile name, the argument
 	    is the DNS domain name of a zone master file, which can be read
-	    from <option>file</option>.  If the domain name is the same as
-	    <option>file</option>, then it may be omitted.
-	  </para>
-	  <para>
-	    If <option>file</option> is set to <literal>"-"</literal>, then
-	    the zone data is read from the standard input.
-	  </para>
-	</listitem>
+            from <option>file</option>.  If the domain name is the same as
+            <option>file</option>, then it may be omitted.
+          </para>
+          <para>
+            If <option>file</option> is set to <literal>"-"</literal>, then
+            the zone data is read from the standard input.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-K <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the directory in which the key files are to reside.
-	  </para>
-	</listitem>
+        <term>-K <replaceable class="parameter">directory</replaceable></term>
+        <listitem>
+          <para>
+            Sets the directory in which the key files are to reside.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-L <replaceable class="parameter">ttl</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the default TTL to use for this key when it is converted
-	    into a DNSKEY RR.  If the key is imported into a zone,
-	    this is the TTL that will be used for it, unless there was
-	    already a DNSKEY RRset in place, in which case the existing TTL
-	    would take precedence.  Setting the default TTL to
-	    <literal>0</literal> or <literal>none</literal> removes it.
-	  </para>
-	</listitem>
+        <term>-L <replaceable class="parameter">ttl</replaceable></term>
+        <listitem>
+          <para>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <literal>0</literal> or <literal>none</literal> removes it.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-h</term>
-	<listitem>
+        <listitem>
 	  <para>
 	    Emit usage message and exit.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the debugging level.
-	  </para>
-	</listitem>
+        <term>-v <replaceable class="parameter">level</replaceable></term>
+        <listitem>
+          <para>
+            Sets the debugging level.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-V</term>
-	<listitem>
+        <listitem>
 	  <para>
 	    Prints version information.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
     </variablelist>
@@ -186,45 +181,25 @@
 
     <variablelist>
       <varlistentry>
-	<term>-P <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which a key is to be published to the zone.
-	    After that date, the key will be included in the zone but will
-	    not be used to sign it.
-	  </para>
-	</listitem>
+        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which a key is to be published to the zone.
+            After that date, the key will be included in the zone but will
+            not be used to sign it.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-P sync <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which CDS and CDNSKEY records that match this
-	    key are to be published to the zone.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-D <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the key is to be deleted.  After that
-	    date, the key will no longer be included in the zone.  (It
-	    may remain in the key repository, however.)
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-D sync <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the CDS and CDNSKEY records that match
-	    this key are to be deleted.
-	  </para>
-	</listitem>
+        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which the key is to be deleted.  After that
+            date, the key will no longer be included in the zone.  (It
+            may remain in the key repository, however.)
+          </para>
+        </listitem>
       </varlistentry>
 
     </variablelist>
@@ -243,10 +218,10 @@
   <refsection><info><title>SEE ALSO</title></info>
 
     <para><citerefentry>
-	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citerefentry>
-	<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
       <citetitle>RFC 5011</citetitle>.

bin/dnssec/dnssec-importkey.html

@@ -1,31 +1,73 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016, 2018-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-importkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.dnssec-importkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
+<p>
+    <span class="application">dnssec-importkey</span>
+     &#8212; import DNSKEY records from external systems so they can be managed
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-importkey</code> 
+       [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-V</code>]
+       {<code class="option">keyfile</code>}
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-importkey</code> 
+       {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>}
+       [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-V</code>]
+       [<code class="option">dnsname</code>]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>dnssec-importkey</strong></span>
+
+    <p><span class="command"><strong>dnssec-importkey</strong></span>
       reads a public DNSKEY record and generates a pair of
       .key/.private files.  The DNSKEY record may be read from an
       existing .key file, in which case a corresponding .private file
@@ -33,7 +75,7 @@
       from the standard input, in which case both .key and .private
       files will be generated.
     </p>
-<p>
+    <p>
       The newly-created .private file does <span class="emphasis"><em>not</em></span>
       contain private key data, and cannot be used for signing.
       However, having a .private file makes it possible to set
@@ -42,53 +84,68 @@
       public key can be added to and removed from the DNSKEY RRset
       on schedule even if the true private key is stored offline.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
 <dd>
-<p>
-	    Zone file mode: instead of a public keyfile name, the argument
+          <p>
+            Zone file mode: instead of a public keyfile name, the argument
 	    is the DNS domain name of a zone master file, which can be read
-	    from <code class="option">file</code>.  If the domain name is the same as
-	    <code class="option">file</code>, then it may be omitted.
-	  </p>
-<p>
-	    If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
-	    the zone data is read from the standard input.
-	  </p>
-</dd>
+            from <code class="option">file</code>.  If the domain name is the same as
+            <code class="option">file</code>, then it may be omitted.
+          </p>
+          <p>
+            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+            the zone data is read from the standard input.
+          </p>
+        </dd>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-	    Sets the directory in which the key files are to reside.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the directory in which the key files are to reside.
+          </p>
+        </dd>
 <dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
-	    Sets the default TTL to use for this key when it is converted
-	    into a DNSKEY RR.  If the key is imported into a zone,
-	    this is the TTL that will be used for it, unless there was
-	    already a DNSKEY RRset in place, in which case the existing TTL
-	    would take precedence.  Setting the default TTL to
-	    <code class="literal">0</code> or <code class="literal">none</code> removes it.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Emit usage message and exit.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-	    Sets the debugging level.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the debugging level.
+          </p>
+        </dd>
 <dt><span class="term">-V</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Prints version information.
-	  </p></dd>
+	  </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
-<p>
+
+    <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
       an offset from the present time.  For convenience, if such an offset
@@ -99,47 +156,51 @@
       is computed in seconds.  To explicitly prevent a date from being
       set, use 'none' or 'never'.
     </p>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which a key is to be published to the zone.
-	    After that date, the key will be included in the zone but will
-	    not be used to sign it.
-	  </p></dd>
-<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which CDS and CDNSKEY records that match this
-	    key are to be published to the zone.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which a key is to be published to the zone.
+            After that date, the key will be included in the zone but will
+            not be used to sign it.
+          </p>
+        </dd>
 <dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the key is to be deleted.  After that
-	    date, the key will no longer be included in the zone.  (It
-	    may remain in the key repository, however.)
-	  </p></dd>
-<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the CDS and CDNSKEY records that match
-	    this key are to be deleted.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which the key is to be deleted.  After that
+            date, the key will no longer be included in the zone.  (It
+            may remain in the key repository, however.)
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>FILES</h2>
-<p>
+
+    <p>
       A keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
       <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
       <span class="refentrytitle">dnssec-keygen</span>(8).
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dnssec-keygen</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">dnssec-signzone</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 5011</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,21 +1,29 @@
-.\" Copyright (C) 2008-2012, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: dnssec-keyfromlabel
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: August 27, 2015
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 2014-02-27
 .\"    Manual: BIND9
 .\"    Source: ISC
 .\"  Language: English
 .\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "August 27, 2015" "ISC" "BIND9"
+.TH "DNSSEC\-KEYFROMLABEL" "8" "2014\-02\-27" "ISC" "BIND9"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,7 +47,7 @@
 dnssec-keyfromlabel \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-keyfromlabel\fR\ 'u
-\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
+\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-y\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keyfromlabel\fR
@@ -86,7 +94,7 @@ Specifies the label for a key pair in the crypto hardware\&.
 .sp
 When
 BIND
-9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&.
+9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&. It may be preceded by an optional OpenSSL engine name, followed by a colon, as in "pkcs11:\fIkeylabel\fR"\&.
 .sp
 When
 BIND
@@ -193,11 +201,6 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
 Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
 .RE
 .PP
-\-P sync \fIdate/offset\fR
-.RS 4
-Sets the date on which the CDS and CDNSKEY records which match this key are to be published to the zone\&.
-.RE
-.PP
 \-A \fIdate/offset\fR
 .RS 4
 Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
@@ -218,11 +221,6 @@ Sets the date on which the key is to be retired\&. After that date, the key will
 Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
 .RE
 .PP
-\-D sync \fIdate/offset\fR
-.RS 4
-Sets the date on which the CDS and CDNSKEY records which match this key are to be deleted\&.
-.RE
-.PP
 \-i \fIinterval\fR
 .RS 4
 Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
@@ -301,5 +299,5 @@ The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,12 +1,17 @@
 /*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2012, 2014-2018  Internet Systems Consortium, Inc. ("ISC")
  *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
 /*! \file */
@@ -14,8 +19,6 @@
 #include <config.h>
 
 #include <ctype.h>
-#include <inttypes.h>
-#include <stdbool.h>
 #include <stdlib.h>
 
 #include <isc/buffer.h>
@@ -104,14 +107,10 @@ usage(void) {
 	fprintf(stderr, "    -V: print version information\n");
 	fprintf(stderr, "Date options:\n");
 	fprintf(stderr, "    -P date/[+-]offset: set key publication date\n");
-	fprintf(stderr, "    -P sync date/[+-]offset: set CDS and CDNSKEY "
-			"publication date\n");
 	fprintf(stderr, "    -A date/[+-]offset: set key activation date\n");
 	fprintf(stderr, "    -R date/[+-]offset: set key revocation date\n");
 	fprintf(stderr, "    -I date/[+-]offset: set key inactivation date\n");
 	fprintf(stderr, "    -D date/[+-]offset: set key deletion date\n");
-	fprintf(stderr, "    -D sync date/[+-]offset: set CDS and CDNSKEY "
-			"deletion date\n");
 	fprintf(stderr, "    -G: generate key only; do not set -P or -A\n");
 	fprintf(stderr, "    -C: generate a backward-compatible key, omitting"
 			" all dates\n");
@@ -144,9 +143,9 @@ main(int argc, char **argv) {
 	dst_key_t	*key = NULL;
 	dns_fixedname_t	fname;
 	dns_name_t	*name;
-	uint16_t	flags = 0, kskflag = 0, revflag = 0;
+	isc_uint16_t	flags = 0, kskflag = 0, revflag = 0;
 	dns_secalg_t	alg;
-	bool	oldstyle = false;
+	isc_boolean_t	oldstyle = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
 	int		ch;
 	int		protocol = -1, signatory = 0;
@@ -164,20 +163,17 @@ main(int argc, char **argv) {
 	isc_stdtime_t	inactive = 0, deltime = 0;
 	isc_stdtime_t	now;
 	int		prepub = -1;
-	bool	setpub = false, setact = false;
-	bool	setrev = false, setinact = false;
-	bool	setdel = false, setttl = false;
-	bool	unsetpub = false, unsetact = false;
-	bool	unsetrev = false, unsetinact = false;
-	bool	unsetdel = false;
-	bool	genonly = false;
-	bool	use_nsec3 = false;
-	bool   avoid_collisions = true;
-	bool	exact;
+	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
+	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
+	isc_boolean_t	setdel = ISC_FALSE, setttl = ISC_FALSE;
+	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
+	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
+	isc_boolean_t	unsetdel = ISC_FALSE;
+	isc_boolean_t	genonly = ISC_FALSE;
+	isc_boolean_t	use_nsec3 = ISC_FALSE;
+	isc_boolean_t   avoid_collisions = ISC_TRUE;
+	isc_boolean_t	exact;
 	unsigned char	c;
-	isc_stdtime_t	syncadd = 0, syncdel = 0;
-	bool	unsetsyncadd = false, setsyncadd = false;
-	bool	unsetsyncdel = false, setsyncdel = false;
 
 	if (argc == 1)
 		usage();
@@ -189,7 +185,7 @@ main(int argc, char **argv) {
 #endif
 	dns_result_register();
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	isc_stdtime_get(&now);
 
@@ -197,13 +193,13 @@ main(int argc, char **argv) {
 	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 	    switch (ch) {
 		case '3':
-			use_nsec3 = true;
+			use_nsec3 = ISC_TRUE;
 			break;
 		case 'a':
 			algname = isc_commandline_argument;
 			break;
 		case 'C':
-			oldstyle = true;
+			oldstyle = ISC_TRUE;
 			break;
 		case 'c':
 			classname = isc_commandline_argument;
@@ -233,7 +229,7 @@ main(int argc, char **argv) {
 			break;
 		case 'L':
 			ttl = strtottl(isc_commandline_argument);
-			setttl = true;
+			setttl = ISC_TRUE;
 			break;
 		case 'l':
 			label = isc_mem_strdup(mctx, isc_commandline_argument);
@@ -256,25 +252,12 @@ main(int argc, char **argv) {
 				fatal("-v must be followed by a number");
 			break;
 		case 'y':
-			avoid_collisions = false;
+			avoid_collisions = ISC_FALSE;
 			break;
 		case 'G':
-			genonly = true;
+			genonly = ISC_TRUE;
 			break;
 		case 'P':
-			/* -Psync ? */
-			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncadd || setsyncadd)
-					fatal("-P sync specified more than "
-					      "once");
-
-				syncadd = strtotime(isc_commandline_argument,
-						   now, now, &setsyncadd);
-				unsetsyncadd = !setsyncadd;
-				break;
-			}
-			/* -Pdnskey ? */
-			(void)isoptarg("dnskey", argv, usage);
 			if (setpub || unsetpub)
 				fatal("-P specified more than once");
 
@@ -307,19 +290,6 @@ main(int argc, char **argv) {
 			unsetinact = !setinact;
 			break;
 		case 'D':
-			/* -Dsync ? */
-			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncdel || setsyncdel)
-					fatal("-D sync specified more than "
-					      "once");
-
-				syncdel = strtotime(isc_commandline_argument,
-						   now, now, &setsyncdel);
-				unsetsyncdel = !setsyncdel;
-				break;
-			}
-			/* -Ddnskey ? */
-			(void)isoptarg("dnskey", argv, usage);
 			if (setdel || unsetdel)
 				fatal("-D specified more than once");
 
@@ -374,7 +344,8 @@ main(int argc, char **argv) {
 		if (argc > isc_commandline_index + 1)
 			fatal("extraneous arguments");
 
-		name = dns_fixedname_initname(&fname);
+		dns_fixedname_init(&fname);
+		name = dns_fixedname_name(&fname);
 		isc_buffer_init(&buf, argv[isc_commandline_index],
 				strlen(argv[isc_commandline_index]));
 		isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
@@ -469,14 +440,14 @@ main(int argc, char **argv) {
 				      "prepublication interval.");
 
 			if (!setpub && !setact) {
-				setpub = setact = true;
+				setpub = setact = ISC_TRUE;
 				publish = now;
 				activate = now + prepub;
 			} else if (setpub && !setact) {
-				setact = true;
+				setact = ISC_TRUE;
 				activate = publish + prepub;
 			} else if (setact && !setpub) {
-				setpub = true;
+				setpub = ISC_TRUE;
 				publish = activate - prepub;
 			}
 
@@ -564,7 +535,7 @@ main(int argc, char **argv) {
 					"You can use dnssec-settime -D to "
 					"change this.\n", program, keystr);
 
-		setpub = setact = true;
+		setpub = setact = ISC_TRUE;
 	}
 
 	if (nametype == NULL) {
@@ -674,16 +645,10 @@ main(int argc, char **argv) {
 
 		if (setdel)
 			dst_key_settime(key, DST_TIME_DELETE, deltime);
-		if (setsyncadd)
-			dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-		if (setsyncdel)
-			dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-
 	} else {
 		if (setpub || setact || setrev || setinact ||
 		    setdel || unsetpub || unsetact ||
-		    unsetrev || unsetinact || unsetdel || genonly ||
-		    setsyncadd || setsyncdel)
+		    unsetrev || unsetinact || unsetdel || genonly)
 			fatal("cannot use -C together with "
 			      "-P, -A, -R, -I, -D, or -G options");
 		/*

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -1,21 +1,25 @@
 <!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2017  Internet Systems Consortium, Inc. ("ISC")
  -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
  -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-keyfromlabel">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-keyfromlabel">
   <info>
     <date>2014-02-27</date>
   </info>
   <refentryinfo>
-    <date>August 27, 2015</date>
     <corpname>ISC</corpname>
     <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
   </refentryinfo>
@@ -42,11 +46,6 @@
       <year>2015</year>
       <year>2016</year>
       <year>2017</year>
-      <year>2018</year>
-      <year>2019</year>
-      <year>2020</year>
-      <year>2021</year>
-      <year>2022</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -60,7 +59,6 @@
       <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-G</option></arg>
@@ -71,7 +69,6 @@
       <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-P sync <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
@@ -105,111 +102,113 @@
 
     <variablelist>
       <varlistentry>
-	<term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
+        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
+        <listitem>
 	  <para>
 	    Selects the cryptographic algorithm.  The value of
-	    <option>algorithm</option> must be one of RSAMD5, RSASHA1,
+            <option>algorithm</option> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
 	    These values are case insensitive.
 	  </para>
-	  <para>
-	    If no algorithm is specified, then RSASHA1 will be used by
-	    default, unless the <option>-3</option> option is specified,
-	    in which case NSEC3RSASHA1 will be used instead.  (If
-	    <option>-3</option> is used and an algorithm is specified,
-	    that algorithm will be checked for compatibility with NSEC3.)
-	  </para>
-	  <para>
-	    Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-	    algorithm, and DSA is recommended.
-	  </para>
-	  <para>
-	    Note 2: DH automatically sets the -k flag.
-	  </para>
-	</listitem>
+          <para>
+            If no algorithm is specified, then RSASHA1 will be used by
+            default, unless the <option>-3</option> option is specified,
+            in which case NSEC3RSASHA1 will be used instead.  (If
+            <option>-3</option> is used and an algorithm is specified,
+            that algorithm will be checked for compatibility with NSEC3.)
+          </para>
+          <para>
+            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+            algorithm, and DSA is recommended.
+          </para>
+          <para>
+            Note 2: DH automatically sets the -k flag.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-3</term>
-	<listitem>
-	  <para>
+        <term>-3</term>
+        <listitem>
+          <para>
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-	    If this option is used and no algorithm is explicitly
-	    set on the command line, NSEC3RSASHA1 will be used by
-	    default.
-	  </para>
-	</listitem>
+            If this option is used and no algorithm is explicitly
+            set on the command line, NSEC3RSASHA1 will be used by
+            default.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-E <replaceable class="parameter">engine</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the cryptographic hardware to use.
-	  </para>
-	  <para>
-	    When BIND is built with OpenSSL PKCS#11 support, this defaults
-	    to the string "pkcs11", which identifies an OpenSSL engine
-	    that can drive a cryptographic accelerator or hardware service
-	    module.  When BIND is built with native PKCS#11 cryptography
-	    (--enable-native-pkcs11), it defaults to the path of the PKCS#11
-	    provider library specified via "--with-pkcs11".
-	  </para>
-	</listitem>
+        <term>-E <replaceable class="parameter">engine</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the cryptographic hardware to use.
+          </para>
+          <para>
+            When BIND is built with OpenSSL PKCS#11 support, this defaults
+            to the string "pkcs11", which identifies an OpenSSL engine
+            that can drive a cryptographic accelerator or hardware service
+            module.  When BIND is built with native PKCS#11 cryptography
+            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
+            provider library specified via "--with-pkcs11".
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-l <replaceable class="parameter">label</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the label for a key pair in the crypto hardware.
-	  </para>
-	  <para>
-	    When <acronym>BIND</acronym> 9 is built with OpenSSL-based
-	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
-	  </para>
-	  <para>
-	    When <acronym>BIND</acronym> 9 is built with native PKCS#11
-	    support, the label is a PKCS#11 URI string in the format
-	    "pkcs11:<option>keyword</option>=<replaceable>value</replaceable><optional>;<option>keyword</option>=<replaceable>value</replaceable>;...</optional>"
-	    Keywords include "token", which identifies the HSM; "object", which
-	    identifies the key; and "pin-source", which identifies a file from
-	    which the HSM's PIN code can be obtained.  The label will be
-	    stored in the on-disk "private" file.
-	  </para>
-	  <para>
-	    If the label contains a
-	    <option>pin-source</option> field, tools using the generated
-	    key files will be able to use the HSM for signing and other
-	    operations without any need for an operator to manually enter
-	    a PIN.  Note: Making the HSM's PIN accessible in this manner
-	    may reduce the security advantage of using an HSM; be sure
-	    this is what you want to do before making use of this feature.
-	  </para>
-	</listitem>
+        <term>-l <replaceable class="parameter">label</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the label for a key pair in the crypto hardware.
+          </para>
+          <para>
+            When <acronym>BIND</acronym> 9 is built with OpenSSL-based
+            PKCS#11 support, the label is an arbitrary string that
+            identifies a particular key.  It may be preceded by an
+            optional OpenSSL engine name, followed by a colon, as in
+            "pkcs11:<replaceable>keylabel</replaceable>".
+          </para>
+          <para>
+            When <acronym>BIND</acronym> 9 is built with native PKCS#11
+            support, the label is a PKCS#11 URI string in the format
+            "pkcs11:<option>keyword</option>=<replaceable>value</replaceable><optional>;<option>keyword</option>=<replaceable>value</replaceable>;...</optional>"
+            Keywords include "token", which identifies the HSM; "object", which
+            identifies the key; and "pin-source", which identifies a file from
+            which the HSM's PIN code can be obtained.  The label will be
+            stored in the on-disk "private" file.
+          </para>
+          <para>
+            If the label contains a
+            <option>pin-source</option> field, tools using the generated
+            key files will be able to use the HSM for signing and other
+            operations without any need for an operator to manually enter
+            a PIN.  Note: Making the HSM's PIN accessible in this manner
+            may reduce the security advantage of using an HSM; be sure
+            this is what you want to do before making use of this feature.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-n <replaceable class="parameter">nametype</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the owner type of the key.  The value of
-	    <option>nametype</option> must either be ZONE (for a DNSSEC
-	    zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-	    a host (KEY)),
-	    USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-	    These values are case insensitive.
-	  </para>
-	</listitem>
+        <term>-n <replaceable class="parameter">nametype</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the owner type of the key.  The value of
+            <option>nametype</option> must either be ZONE (for a DNSSEC
+            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+            a host (KEY)),
+            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+            These values are case insensitive.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-C</term>
-	<listitem>
-	  <para>
+        <term>-C</term>
+        <listitem>
+          <para>
 	    Compatibility mode:  generates an old-style key, without
 	    any metadata.  By default, <command>dnssec-keyfromlabel</command>
 	    will include the key's creation date in the metadata stored
@@ -217,150 +216,150 @@
 	    (publication date, activation date, etc).  Keys that include
 	    this data may be incompatible with older versions of BIND; the
 	    <option>-C</option> option suppresses them.
-	  </para>
-	</listitem>
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	    Indicates that the DNS record containing the key should have
-	    the specified class.  If not specified, class IN is used.
-	  </para>
-	</listitem>
+        <term>-c <replaceable class="parameter">class</replaceable></term>
+        <listitem>
+          <para>
+            Indicates that the DNS record containing the key should have
+            the specified class.  If not specified, class IN is used.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-f <replaceable class="parameter">flag</replaceable></term>
-	<listitem>
-	  <para>
-	    Set the specified flag in the flag field of the KEY/DNSKEY record.
-	    The only recognized flags are KSK (Key Signing Key) and REVOKE.
-	  </para>
-	</listitem>
+        <term>-f <replaceable class="parameter">flag</replaceable></term>
+        <listitem>
+          <para>
+            Set the specified flag in the flag field of the KEY/DNSKEY record.
+            The only recognized flags are KSK (Key Signing Key) and REVOKE.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-G</term>
-	<listitem>
-	  <para>
-	    Generate a key, but do not publish it or sign with it.  This
-	    option is incompatible with -P and -A.
-	  </para>
-	</listitem>
+        <term>-G</term>
+        <listitem>
+          <para>
+            Generate a key, but do not publish it or sign with it.  This
+            option is incompatible with -P and -A.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Prints a short summary of the options and arguments to
-	    <command>dnssec-keyfromlabel</command>.
-	  </para>
-	</listitem>
+        <term>-h</term>
+        <listitem>
+          <para>
+            Prints a short summary of the options and arguments to
+            <command>dnssec-keyfromlabel</command>.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-K <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the directory in which the key files are to be written.
-	  </para>
-	</listitem>
+        <term>-K <replaceable class="parameter">directory</replaceable></term>
+        <listitem>
+          <para>
+            Sets the directory in which the key files are to be written.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-k</term>
-	<listitem>
-	  <para>
-	    Generate KEY records rather than DNSKEY records.
-	  </para>
-	</listitem>
+        <term>-k</term>
+        <listitem>
+          <para>
+            Generate KEY records rather than DNSKEY records.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-L <replaceable class="parameter">ttl</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the default TTL to use for this key when it is converted
-	    into a DNSKEY RR.  If the key is imported into a zone,
-	    this is the TTL that will be used for it, unless there was
-	    already a DNSKEY RRset in place, in which case the existing TTL
-	    would take precedence.  Setting the default TTL to
-	    <literal>0</literal> or <literal>none</literal> removes it.
-	  </para>
-	</listitem>
+        <term>-L <replaceable class="parameter">ttl</replaceable></term>
+        <listitem>
+          <para>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <literal>0</literal> or <literal>none</literal> removes it.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-p <replaceable class="parameter">protocol</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the protocol value for the key.  The protocol
-	    is a number between 0 and 255.  The default is 3 (DNSSEC).
-	    Other possible values for this argument are listed in
-	    RFC 2535 and its successors.
-	  </para>
-	</listitem>
+        <term>-p <replaceable class="parameter">protocol</replaceable></term>
+        <listitem>
+          <para>
+            Sets the protocol value for the key.  The protocol
+            is a number between 0 and 255.  The default is 3 (DNSSEC).
+            Other possible values for this argument are listed in
+            RFC 2535 and its successors.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-S <replaceable class="parameter">key</replaceable></term>
-	<listitem>
-	  <para>
-	    Generate a key as an explicit successor to an existing key.
+        <term>-S <replaceable class="parameter">key</replaceable></term>
+        <listitem>
+          <para>
+            Generate a key as an explicit successor to an existing key.
 	    The name, algorithm, size, and type of the key will be set
 	    to match the predecessor. The activation date of the new
 	    key will be set to the inactivation date of the existing
 	    one. The publication date will be set to the activation
 	    date minus the prepublication interval, which defaults to
 	    30 days.
-	  </para>
-	</listitem>
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	    Indicates the use of the key.  <option>type</option> must be
-	    one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-	    is AUTHCONF.  AUTH refers to the ability to authenticate
-	    data, and CONF the ability to encrypt data.
-	  </para>
-	</listitem>
+        <term>-t <replaceable class="parameter">type</replaceable></term>
+        <listitem>
+          <para>
+            Indicates the use of the key.  <option>type</option> must be
+            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
+            is AUTHCONF.  AUTH refers to the ability to authenticate
+            data, and CONF the ability to encrypt data.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the debugging level.
-	  </para>
-	</listitem>
+        <term>-v <replaceable class="parameter">level</replaceable></term>
+        <listitem>
+          <para>
+            Sets the debugging level.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
 	<term>-V</term>
-	<listitem>
+        <listitem>
 	  <para>
 	    Prints version information.
 	  </para>
-	</listitem>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-y</term>
-	<listitem>
-	  <para>
-	    Allows DNSSEC key files to be generated even if the key ID
+        <term>-y</term>
+        <listitem>
+          <para>
+            Allows DNSSEC key files to be generated even if the key ID
 	    would collide with that of an existing key, in the event of
 	    either key being revoked.  (This is only safe to use if you
-	    are sure you won't be using RFC 5011 trust anchor maintenance
-	    with either of the keys involved.)
-	  </para>
-	</listitem>
+            are sure you won't be using RFC 5011 trust anchor maintenance
+            with either of the keys involved.)
+          </para>
+        </listitem>
       </varlistentry>
 
     </variablelist>
@@ -383,80 +382,60 @@
 
     <variablelist>
       <varlistentry>
-	<term>-P <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which a key is to be published to the zone.
-	    After that date, the key will be included in the zone but will
-	    not be used to sign it.  If not set, and if the -G option has
-	    not been used, the default is "now".
-	  </para>
-	</listitem>
+        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which a key is to be published to the zone.
+            After that date, the key will be included in the zone but will
+            not be used to sign it.  If not set, and if the -G option has
+            not been used, the default is "now".
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-P sync <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the CDS and CDNSKEY records which match
-	    this key are to be published to the zone.
-	  </para>
-	</listitem>
+        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which the key is to be activated.  After that
+            date, the key will be included in the zone and used to sign
+            it.  If not set, and if the -G option has not been used, the
+            default is "now".
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-A <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the key is to be activated.  After that
-	    date, the key will be included in the zone and used to sign
-	    it.  If not set, and if the -G option has not been used, the
-	    default is "now".
-	  </para>
-	</listitem>
+        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which the key is to be revoked.  After that
+            date, the key will be flagged as revoked.  It will be included
+            in the zone and will be used to sign it.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-R <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the key is to be revoked.  After that
-	    date, the key will be flagged as revoked.  It will be included
-	    in the zone and will be used to sign it.
-	  </para>
-	</listitem>
+        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which the key is to be retired.  After that
+            date, the key will still be included in the zone, but it
+            will not be used to sign it.
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
-	<term>-I <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the key is to be retired.  After that
-	    date, the key will still be included in the zone, but it
-	    will not be used to sign it.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-D <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the key is to be deleted.  After that
-	    date, the key will no longer be included in the zone.  (It
-	    may remain in the key repository, however.)
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-D sync <replaceable class="parameter">date/offset</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the date on which the CDS and CDNSKEY records which match
-	    this key are to be deleted.
-	  </para>
-	</listitem>
+        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
+        <listitem>
+          <para>
+            Sets the date on which the key is to be deleted.  After that
+            date, the key will no longer be included in the zone.  (It
+            may remain in the key repository, however.)
+          </para>
+        </listitem>
       </varlistentry>
 
       <varlistentry>
@@ -500,18 +479,18 @@
     </para>
     <itemizedlist>
       <listitem>
-	<para><filename>nnnn</filename> is the key name.
-	</para>
+        <para><filename>nnnn</filename> is the key name.
+        </para>
       </listitem>
       <listitem>
-	<para><filename>aaa</filename> is the numeric representation
-	  of the algorithm.
-	</para>
+        <para><filename>aaa</filename> is the numeric representation
+          of the algorithm.
+        </para>
       </listitem>
       <listitem>
-	<para><filename>iiiii</filename> is the key identifier (or
-	  footprint).
-	</para>
+        <para><filename>iiiii</filename> is the key identifier (or
+          footprint).
+        </para>
       </listitem>
     </itemizedlist>
     <para><command>dnssec-keyfromlabel</command>
@@ -538,10 +517,10 @@
   <refsection><info><title>SEE ALSO</title></info>
 
     <para><citerefentry>
-	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citerefentry>
-	<refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
+        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
       <citetitle>RFC 4034</citetitle>,

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,30 +1,77 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ - Permission to use, copy, modify, and/or distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
 -->
 <html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
+<p>
+    <span class="application">dnssec-keyfromlabel</span>
+     &#8212; DNSSEC key generation tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">dnssec-keyfromlabel</code> 
+       {-l <em class="replaceable"><code>label</code></em>}
+       [<code class="option">-3</code>]
+       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>]
+       [<code class="option">-G</code>]
+       [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>]
+       [<code class="option">-k</code>]
+       [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>]
+       [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
+       [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
+       [<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
+       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-V</code>]
+       [<code class="option">-y</code>]
+       {name}
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
+
+    <p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
       file can be used for DNSSEC signing of zone data as if it were a
@@ -32,100 +79,110 @@
       but the key material is stored within the HSM, and the actual signing
       takes place there.
     </p>
-<p>
+    <p>
       The <code class="option">name</code> of the key is specified on the command
       line.  This must match the name of the zone for which the key is
       being generated.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Selects the cryptographic algorithm.  The value of
-	    <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
+            <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
 	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 	    ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
 	    These values are case insensitive.
 	  </p>
-<p>
-	    If no algorithm is specified, then RSASHA1 will be used by
-	    default, unless the <code class="option">-3</code> option is specified,
-	    in which case NSEC3RSASHA1 will be used instead.  (If
-	    <code class="option">-3</code> is used and an algorithm is specified,
-	    that algorithm will be checked for compatibility with NSEC3.)
-	  </p>
-<p>
-	    Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-	    algorithm, and DSA is recommended.
-	  </p>
-<p>
-	    Note 2: DH automatically sets the -k flag.
-	  </p>
-</dd>
+          <p>
+            If no algorithm is specified, then RSASHA1 will be used by
+            default, unless the <code class="option">-3</code> option is specified,
+            in which case NSEC3RSASHA1 will be used instead.  (If
+            <code class="option">-3</code> is used and an algorithm is specified,
+            that algorithm will be checked for compatibility with NSEC3.)
+          </p>
+          <p>
+            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
+            algorithm, and DSA is recommended.
+          </p>
+          <p>
+            Note 2: DH automatically sets the -k flag.
+          </p>
+        </dd>
 <dt><span class="term">-3</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-	    If this option is used and no algorithm is explicitly
-	    set on the command line, NSEC3RSASHA1 will be used by
-	    default.
-	  </p></dd>
+            If this option is used and no algorithm is explicitly
+            set on the command line, NSEC3RSASHA1 will be used by
+            default.
+          </p>
+        </dd>
 <dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
 <dd>
-<p>
-	    Specifies the cryptographic hardware to use.
-	  </p>
-<p>
-	    When BIND is built with OpenSSL PKCS#11 support, this defaults
-	    to the string "pkcs11", which identifies an OpenSSL engine
-	    that can drive a cryptographic accelerator or hardware service
-	    module.  When BIND is built with native PKCS#11 cryptography
-	    (--enable-native-pkcs11), it defaults to the path of the PKCS#11
-	    provider library specified via "--with-pkcs11".
-	  </p>
-</dd>
+          <p>
+            Specifies the cryptographic hardware to use.
+          </p>
+          <p>
+            When BIND is built with OpenSSL PKCS#11 support, this defaults
+            to the string "pkcs11", which identifies an OpenSSL engine
+            that can drive a cryptographic accelerator or hardware service
+            module.  When BIND is built with native PKCS#11 cryptography
+            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
+            provider library specified via "--with-pkcs11".
+          </p>
+        </dd>
 <dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
 <dd>
-<p>
-	    Specifies the label for a key pair in the crypto hardware.
-	  </p>
-<p>
-	    When <acronym class="acronym">BIND</acronym> 9 is built with OpenSSL-based
-	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
-	  </p>
-<p>
-	    When <acronym class="acronym">BIND</acronym> 9 is built with native PKCS#11
-	    support, the label is a PKCS#11 URI string in the format
-	    "pkcs11:<code class="option">keyword</code>=<em class="replaceable"><code>value</code></em>[<span class="optional">;<code class="option">keyword</code>=<em class="replaceable"><code>value</code></em>;...</span>]"
-	    Keywords include "token", which identifies the HSM; "object", which
-	    identifies the key; and "pin-source", which identifies a file from
-	    which the HSM's PIN code can be obtained.  The label will be
-	    stored in the on-disk "private" file.
-	  </p>
-<p>
-	    If the label contains a
-	    <code class="option">pin-source</code> field, tools using the generated
-	    key files will be able to use the HSM for signing and other
-	    operations without any need for an operator to manually enter
-	    a PIN.  Note: Making the HSM's PIN accessible in this manner
-	    may reduce the security advantage of using an HSM; be sure
-	    this is what you want to do before making use of this feature.
-	  </p>
-</dd>
+          <p>
+            Specifies the label for a key pair in the crypto hardware.
+          </p>
+          <p>
+            When <acronym class="acronym">BIND</acronym> 9 is built with OpenSSL-based
+            PKCS#11 support, the label is an arbitrary string that
+            identifies a particular key.  It may be preceded by an
+            optional OpenSSL engine name, followed by a colon, as in
+            "pkcs11:<em class="replaceable"><code>keylabel</code></em>".
+          </p>
+          <p>
+            When <acronym class="acronym">BIND</acronym> 9 is built with native PKCS#11
+            support, the label is a PKCS#11 URI string in the format
+            "pkcs11:<code class="option">keyword</code>=<em class="replaceable"><code>value</code></em>[<span class="optional">;<code class="option">keyword</code>=<em class="replaceable"><code>value</code></em>;...</span>]"
+            Keywords include "token", which identifies the HSM; "object", which
+            identifies the key; and "pin-source", which identifies a file from
+            which the HSM's PIN code can be obtained.  The label will be
+            stored in the on-disk "private" file.
+          </p>
+          <p>
+            If the label contains a
+            <code class="option">pin-source</code> field, tools using the generated
+            key files will be able to use the HSM for signing and other
+            operations without any need for an operator to manually enter
+            a PIN.  Note: Making the HSM's PIN accessible in this manner
+            may reduce the security advantage of using an HSM; be sure
+            this is what you want to do before making use of this feature.
+          </p>
+        </dd>
 <dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-	    Specifies the owner type of the key.  The value of
-	    <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-	    zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-	    a host (KEY)),
-	    USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-	    These values are case insensitive.
-	  </p></dd>
+<dd>
+          <p>
+            Specifies the owner type of the key.  The value of
+            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
+            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
+            a host (KEY)),
+            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
+            These values are case insensitive.
+          </p>
+        </dd>
 <dt><span class="term">-C</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    Compatibility mode:  generates an old-style key, without
 	    any metadata.  By default, <span class="command"><strong>dnssec-keyfromlabel</strong></span>
 	    will include the key's creation date in the metadata stored
@@ -133,89 +190,119 @@
 	    (publication date, activation date, etc).  Keys that include
 	    this data may be incompatible with older versions of BIND; the
 	    <code class="option">-C</code> option suppresses them.
-	  </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-	    Indicates that the DNS record containing the key should have
-	    the specified class.  If not specified, class IN is used.
-	  </p></dd>
+<dd>
+          <p>
+            Indicates that the DNS record containing the key should have
+            the specified class.  If not specified, class IN is used.
+          </p>
+        </dd>
 <dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-	    Set the specified flag in the flag field of the KEY/DNSKEY record.
-	    The only recognized flags are KSK (Key Signing Key) and REVOKE.
-	  </p></dd>
+<dd>
+          <p>
+            Set the specified flag in the flag field of the KEY/DNSKEY record.
+            The only recognized flags are KSK (Key Signing Key) and REVOKE.
+          </p>
+        </dd>
 <dt><span class="term">-G</span></dt>
-<dd><p>
-	    Generate a key, but do not publish it or sign with it.  This
-	    option is incompatible with -P and -A.
-	  </p></dd>
+<dd>
+          <p>
+            Generate a key, but do not publish it or sign with it.  This
+            option is incompatible with -P and -A.
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
-	    Prints a short summary of the options and arguments to
-	    <span class="command"><strong>dnssec-keyfromlabel</strong></span>.
-	  </p></dd>
+<dd>
+          <p>
+            Prints a short summary of the options and arguments to
+            <span class="command"><strong>dnssec-keyfromlabel</strong></span>.
+          </p>
+        </dd>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-	    Sets the directory in which the key files are to be written.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the directory in which the key files are to be written.
+          </p>
+        </dd>
 <dt><span class="term">-k</span></dt>
-<dd><p>
-	    Generate KEY records rather than DNSKEY records.
-	  </p></dd>
+<dd>
+          <p>
+            Generate KEY records rather than DNSKEY records.
+          </p>
+        </dd>
 <dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
-	    Sets the default TTL to use for this key when it is converted
-	    into a DNSKEY RR.  If the key is imported into a zone,
-	    this is the TTL that will be used for it, unless there was
-	    already a DNSKEY RRset in place, in which case the existing TTL
-	    would take precedence.  Setting the default TTL to
-	    <code class="literal">0</code> or <code class="literal">none</code> removes it.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+          </p>
+        </dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-	    Sets the protocol value for the key.  The protocol
-	    is a number between 0 and 255.  The default is 3 (DNSSEC).
-	    Other possible values for this argument are listed in
-	    RFC 2535 and its successors.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the protocol value for the key.  The protocol
+            is a number between 0 and 255.  The default is 3 (DNSSEC).
+            Other possible values for this argument are listed in
+            RFC 2535 and its successors.
+          </p>
+        </dd>
 <dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
-<dd><p>
-	    Generate a key as an explicit successor to an existing key.
+<dd>
+          <p>
+            Generate a key as an explicit successor to an existing key.
 	    The name, algorithm, size, and type of the key will be set
 	    to match the predecessor. The activation date of the new
 	    key will be set to the inactivation date of the existing
 	    one. The publication date will be set to the activation
 	    date minus the prepublication interval, which defaults to
 	    30 days.
-	  </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-	    Indicates the use of the key.  <code class="option">type</code> must be
-	    one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-	    is AUTHCONF.  AUTH refers to the ability to authenticate
-	    data, and CONF the ability to encrypt data.
-	  </p></dd>
+<dd>
+          <p>
+            Indicates the use of the key.  <code class="option">type</code> must be
+            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
+            is AUTHCONF.  AUTH refers to the ability to authenticate
+            data, and CONF the ability to encrypt data.
+          </p>
+        </dd>
 <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-	    Sets the debugging level.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the debugging level.
+          </p>
+        </dd>
 <dt><span class="term">-V</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Prints version information.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-y</span></dt>
-<dd><p>
-	    Allows DNSSEC key files to be generated even if the key ID
+<dd>
+          <p>
+            Allows DNSSEC key files to be generated even if the key ID
 	    would collide with that of an existing key, in the event of
 	    either key being revoked.  (This is only safe to use if you
-	    are sure you won't be using RFC 5011 trust anchor maintenance
-	    with either of the keys involved.)
-	  </p></dd>
+            are sure you won't be using RFC 5011 trust anchor maintenance
+            with either of the keys involved.)
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>TIMING OPTIONS</h2>
-<p>
+
+
+    <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
       an offset from the present time.  For convenience, if such an offset
@@ -226,52 +313,53 @@
       is computed in seconds.  To explicitly prevent a date from being
       set, use 'none' or 'never'.
     </p>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which a key is to be published to the zone.
-	    After that date, the key will be included in the zone but will
-	    not be used to sign it.  If not set, and if the -G option has
-	    not been used, the default is "now".
-	  </p></dd>
-<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the CDS and CDNSKEY records which match
-	    this key are to be published to the zone.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which a key is to be published to the zone.
+            After that date, the key will be included in the zone but will
+            not be used to sign it.  If not set, and if the -G option has
+            not been used, the default is "now".
+          </p>
+        </dd>
 <dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the key is to be activated.  After that
-	    date, the key will be included in the zone and used to sign
-	    it.  If not set, and if the -G option has not been used, the
-	    default is "now".
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which the key is to be activated.  After that
+            date, the key will be included in the zone and used to sign
+            it.  If not set, and if the -G option has not been used, the
+            default is "now".
+          </p>
+        </dd>
 <dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the key is to be revoked.  After that
-	    date, the key will be flagged as revoked.  It will be included
-	    in the zone and will be used to sign it.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which the key is to be revoked.  After that
+            date, the key will be flagged as revoked.  It will be included
+            in the zone and will be used to sign it.
+          </p>
+        </dd>
 <dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the key is to be retired.  After that
-	    date, the key will still be included in the zone, but it
-	    will not be used to sign it.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which the key is to be retired.  After that
+            date, the key will still be included in the zone, but it
+            will not be used to sign it.
+          </p>
+        </dd>
 <dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the key is to be deleted.  After that
-	    date, the key will no longer be included in the zone.  (It
-	    may remain in the key repository, however.)
-	  </p></dd>
-<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-	    Sets the date on which the CDS and CDNSKEY records which match
-	    this key are to be deleted.
-	  </p></dd>
+<dd>
+          <p>
+            Sets the date on which the key is to be deleted.  After that
+            date, the key will no longer be included in the zone.  (It
+            may remain in the key repository, however.)
+          </p>
+        </dd>
 <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
 <dd>
-<p>
+          <p>
             Sets the prepublication interval for a key.  If set, then
             the publication and activation dates must be separated by at least
             this much time.  If the activation date is specified but the
@@ -280,68 +368,83 @@
             the publication date is specified but activation date isn't,
             then activation will be set to this much time after publication.
           </p>
-<p>
+          <p>
             If the key is being created as an explicit successor to another
             key, then the default prepublication interval is 30 days;
             otherwise it is zero.
           </p>
-<p>
+          <p>
             As with date offsets, if the argument is followed by one of
             the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
             interval is measured in years, months, weeks, days, hours,
             or minutes, respectively.  Without a suffix, the interval is
             measured in seconds.
           </p>
-</dd>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>GENERATED KEY FILES</h2>
-<p>
+
+    <p>
       When <span class="command"><strong>dnssec-keyfromlabel</strong></span> completes
       successfully,
       it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
       to the standard output.  This is an identification string for
       the key files it has generated.
     </p>
-<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem"><p><code class="filename">nnnn</code> is the key name.
-	</p></li>
-<li class="listitem"><p><code class="filename">aaa</code> is the numeric representation
-	  of the algorithm.
-	</p></li>
-<li class="listitem"><p><code class="filename">iiiii</code> is the key identifier (or
-	  footprint).
-	</p></li>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+        <p><code class="filename">nnnn</code> is the key name.
+        </p>
+      </li>
+<li class="listitem">
+        <p><code class="filename">aaa</code> is the numeric representation
+          of the algorithm.
+        </p>
+      </li>
+<li class="listitem">
+        <p><code class="filename">iiiii</code> is the key identifier (or
+          footprint).
+        </p>
+      </li>
 </ul></div>
-<p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
+    <p><span class="command"><strong>dnssec-keyfromlabel</strong></span>
       creates two files, with names based
       on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
       contains the public key, and
       <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
       private key.
     </p>
-<p>
+    <p>
       The <code class="filename">.key</code> file contains a DNS KEY record
       that
       can be inserted into a zone file (directly or with a $INCLUDE
       statement).
     </p>
-<p>
+    <p>
       The <code class="filename">.private</code> file contains
       algorithm-specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dnssec-keygen</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">dnssec-signzone</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 4034</em>,
       <em class="citetitle">The PKCS#11 URI Scheme (draft-pechanec-pkcs11uri-13)</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/dnssec/dnssec-keygen.8

@@ -1,21 +1,30 @@
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
+.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
 .\"
 .hy 0
 .ad l
 '\" t
 .\"     Title: dnssec-keygen
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\"      Date: August 21, 2015
+.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
+.\"      Date: 2014-02-06
 .\"    Manual: BIND9
 .\"    Source: ISC
 .\"  Language: English
 .\"
-.TH "DNSSEC\-KEYGEN" "8" "August 21, 2015" "ISC" "BIND9"
+.TH "DNSSEC\-KEYGEN" "8" "2014\-02\-06" "ISC" "BIND9"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -39,7 +48,7 @@
 dnssec-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-keygen\fR\ 'u
-\fBdnssec\-keygen\fR [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-z\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
@@ -50,13 +59,6 @@ The
 of the key is specified on the command line\&. For DNSSEC keys, this must match the name of the zone for which the key is being generated\&.
 .SH "OPTIONS"
 .PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used with an algorithm that has both NSEC and NSEC3 versions, then the NSEC3 version will be used; for example,
-\fBdnssec\-keygen \-3a RSASHA1\fR
-specifies the NSEC3RSASHA1 algorithm\&.
-.RE
-.PP
 \-a \fIalgorithm\fR
 .RS 4
 Selects the cryptographic algorithm\&. For DNSSEC keys, the value of
@@ -78,16 +80,28 @@ Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the
 .RS 4
 Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSA keys must be between 512 and 2048 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. DSA keys must be between 512 and 1024 bits and an exact multiple of 64\&. HMAC keys must be between 1 and 512 bits\&. Elliptic curve algorithms don\*(Aqt need this parameter\&.
 .sp
-The key size does not need to be specified if using a default algorithm\&. The default key size is 1024 bits for zone signing keys (ZSKs) and 2048 bits for key signing keys (KSKs, generated with
+The key size does not need to be specified if using a default algorithm\&. The default key size is 1024 bits for zone signing keys (ZSK\*(Aqs) and 2048 bits for key signing keys (KSK\*(Aqs, generated with
 \fB\-f KSK\fR)\&. However, if an algorithm is explicitly specified with the
 \fB\-a\fR, then there is no default key size, and the
 \fB\-b\fR
 must be used\&.
 .RE
 .PP
+\-n \fInametype\fR
+.RS 4
+Specifies the owner type of the key\&. The value of
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. Defaults to ZONE for DNSKEY generation\&.
+.RE
+.PP
+\-3
+.RS 4
+Use an NSEC3\-capable algorithm to generate a DNSSEC key\&. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default\&. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448 algorithms are NSEC3\-capable\&.
+.RE
+.PP
 \-C
 .RS 4
-Compatibility mode: generates an old\-style key, without any timing metadata\&. By default,
+Compatibility mode: generates an old\-style key, without any metadata\&. By default,
 \fBdnssec\-keygen\fR
 will include the key\*(Aqs creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc)\&. Keys that include this data may be incompatible with older versions of BIND; the
 \fB\-C\fR
@@ -146,17 +160,9 @@ none
 is the same as leaving it unset\&.
 .RE
 .PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key\&. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&. Defaults to ZONE for DNSKEY generation\&.
-.RE
-.PP
 \-p \fIprotocol\fR
 .RS 4
-Sets the protocol value for the generated key, for use with
-\fB\-T KEY\fR\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
+Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
 .RE
 .PP
 \-q
@@ -199,21 +205,20 @@ Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY\&.
 .PP
 \-t \fItype\fR
 .RS 4
-Indicates the use of the key, for use with
-\fB\-T KEY\fR\&.
+Indicates the use of the key\&.
 \fBtype\fR
 must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
 .RE
 .PP
-\-V
-.RS 4
-Prints version information\&.
-.RE
-.PP
 \-v \fIlevel\fR
 .RS 4
 Sets the debugging level\&.
 .RE
+.PP
+\-V
+.RS 4
+Prints version information\&.
+.RE
 .SH "TIMING OPTIONS"
 .PP
 Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
@@ -223,11 +228,6 @@ Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argume
 Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&.
 .RE
 .PP
-\-P sync \fIdate/offset\fR
-.RS 4
-Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
-.RE
-.PP
 \-A \fIdate/offset\fR
 .RS 4
 Sets the date on which the key is to be activated\&. After that date, the key will be included in the zone and used to sign it\&. If not set, and if the \-G option has not been used, the default is "now"\&. If set, if and \-P is not set, then the publication date will be set to the activation date minus the prepublication interval\&.
@@ -248,11 +248,6 @@ Sets the date on which the key is to be retired\&. After that date, the key will
 Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
 .RE
 .PP
-\-D sync \fIdate/offset\fR
-.RS 4
-Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
-.RE
-.PP
 \-i \fIinterval\fR
 .RS 4
 Sets the prepublication interval for a key\&. If set, then the publication and activation dates must be separated by at least this much time\&. If the activation date is specified but the publication date isn\*(Aqt, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn\*(Aqt, then activation will be set to this much time after publication\&.
@@ -342,10 +337,6 @@ creates the files
 Kexample\&.com\&.+003+26160\&.key
 and
 Kexample\&.com\&.+003+26160\&.private\&.
-.PP
-To generate a matching key\-signing key, issue the command:
-.PP
-\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE \-f KSK example\&.com\fR
 .SH "SEE ALSO"
 .PP
 \fBdnssec-signzone\fR(8),
@@ -358,5 +349,7 @@ RFC 4034\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2005, 2007-2012, 2014-2022 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000-2003 Internet Software Consortium.
 .br