Update release.md

.clang-format

@@ -1,73 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: false
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        5
-  - Regex:           '^<(pk11|pkcs11)/'
-    Priority:        10
-  - Regex:           '^<dns/'
-    Priority:        15
-  - Regex:           '^<dst/'
-    Priority:        20
-  - Regex:           '^<isccc/'
-    Priority:        25
-  - Regex:           '^<isccfg/'
-    Priority:        30
-  - Regex:           '^<ns/'
-    Priority:        35
-  - Regex:           '^<irs/'
-    Priority:        40
-  - Regex:           '^<bind9/'
-    Priority:        45
-  - Regex:           '^<(dig|named|rndc|confgen|dlz)/'
-    Priority:        50
-  - Regex:           '^<dlz_'
-    Priority:        55
-  - Regex:           '^".*"'
-    Priority:        99
-  - Regex:           '<openssl/'
-    Priority:        1
-  - Regex:           '<(mysql|protobuf-c)/'
-    Priority:        1
-  - Regex:           '.*'
-    Priority:        0
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.clang-format.headers

@@ -1,61 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: true
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        2
-  - Regex:           '^<dns/'
-    Priority:        3
-  - Regex:           '^<iscccc/'
-    Priority:        4
-  - Regex:           '^<isccfg/'
-    Priority:        5
-  - Regex:           '^<ns/'
-    Priority:        6
-  - Regex:           '^<bind9/)'
-    Priority:        7
-  - Regex:           '^(<[^/]*)/)'
-    Priority:        8
-  - Regex:           '<[[:alnum:].]+>'
-    Priority:        1
-  - Regex:           '".*"'
-    Priority:        9
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.dir-locals.el

@@ -15,6 +15,9 @@
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "./"))
 
+	       ;; current directory
+	       (expand-file-name (concat default-directory "./"))
+
 	       ;; libisc
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/isc/unix/include"))
@@ -22,16 +25,11 @@
 		(concat directory-of-current-dir-locals-file "lib/isc/pthreads/include"))
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/isc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/netmgr"))
 
 	       ;; libdns
+
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/dns/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/dns"))
 
 	       ;; libisccc
 	       (expand-file-name
@@ -53,30 +51,6 @@
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/bind9/include"))
 
-	       ;; bin
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/check"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))	       
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dig/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/unix/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dnssec/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-
 	       (expand-file-name "/usr/local/opt/openssl@1.1/include")
 	       (expand-file-name "/usr/local/opt/libxml2/include/libxml2")
 	       (expand-file-name "/usr/local/opt/json-c/include/json-c/")

.gitattributes

@@ -1,11 +1,2 @@
 *.sln.in eol=crlf
 *.vcxproj.* eol=crlf
-
-.gitignore			 export-ignore
-/conftools			 export-ignore
-/doc/design			 export-ignore
-/doc/dev			 export-ignore
-/util/**			 export-ignore
-/util/bindkeys.pl		-export-ignore
-/util/check-make-install.in	-export-ignore
-/util/mksymtbl.pl		-export-ignore

.gitignore

@@ -10,7 +10,6 @@
 *.rej
 *.so
 *_test
-*.ipch # vscode/intellisense precompiled header
 *~
 .ccache/
 .cproject
@@ -57,8 +56,3 @@ kyua.log
 named.memstats
 named.run
 timestamp
-/compile_commands.json
-/cppcheck_html/
-/cppcheck.results
-/tsan
-/util/check-make-install

.gitlab/issue_templates/Release.md

@@ -1,66 +0,0 @@
-## Release Schedule
-
-**Tagging Deadline:**
-
-**Public Release:**
-
-## Release Checklist
-
-## 2 Working Days Before the Tagging Deadline
-
- - [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- - [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- - [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
-
-## Before the Tagging Deadline
-
- - [ ] ***(QA)*** Inform Support/Marketing of impending release (and give estimated release dates).
- - [ ] ***(QA)*** Check Perflab to ensure there has been no unexplained drop in performance for the versions being released.
- - [ ] ***(SwEng)*** Update API files for libraries with new version information.
- - [ ] ***(SwEng)*** Change software version and library versions in `configure.ac` (new major release only).
- - [ ] ***(SwEng)*** Rebuild `configure` using Autoconf on `docs.isc.org`.
- - [ ] ***(SwEng)*** Update `CHANGES`.
- - [ ] ***(SwEng)*** Update `CHANGES.SE` (Subscription Edition only).
- - [ ] ***(SwEng)*** Update `README.md`.
- - [ ] ***(SwEng)*** Update `version`.
- - [ ] ***(SwEng)*** Build documentation on `docs.isc.org`.
- - [ ] ***(QA)*** Check that all the above steps were performed correctly.
- - [ ] ***(QA)*** Check that the contents of release notes match the merge requests comprising the releases.
- - [ ] ***(QA)*** Check that the formatting is correct for text, PDF, and HTML versions of release notes.
- - [ ] ***(SwEng)*** Tag the releases[^2].  (Tags may only be pushed to the public repository for releases which are *not* security releases.)
- - [ ] ***(SwEng)*** If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` to allow development to continue on the maintenance branch whilst release engineering continues.
-
-## Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
-
- - [ ] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- - [ ] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- - [ ] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- - [ ] ***(QA)*** Verify tarball signatures and check tarball checksums again.
- - [ ] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- - [ ] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- - [ ] ***(QA)*** Notify Support that the releases have been prepared.
- - [ ] ***(Support)*** Send out ASNs (if applicable).
-
-## On the Day of Public Release
-
- - [ ] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- - [ ] ***(Support)*** Place tarballs in public location on FTP site.
- - [ ] ***(Support)*** Publish links to downloads on ISC website.
- - [ ] ***(Support)*** Write release email to *bind-announce*.
- - [ ] ***(Support)*** Write email to *bind-users* (if a major release).
- - [ ] ***(Support)*** Update tickets in case of waiting support customers.
- - [ ] ***(QA)*** Build and test any outstanding private packages.
- - [ ] ***(QA)*** Build public packages (`*.deb`, RPMs).
- - [ ] ***(QA)*** Inform Marketing of the release.
- - [ ] ***(QA)*** Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- - [ ] ***(Marketing)*** Post short note to Twitter.
- - [ ] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- - [ ] ***(Marketing)*** Write blog article (if a major release).
- - [ ] ***(QA)*** Ensure all new tags are annotated and signed.
- - [ ] ***(SwEng)*** Push tags for the published releases to the public repository.
- - [ ] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- - [ ] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check:sid:amd64` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
-
-[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
-
-[^2]: Preferred command line: `git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]`, where `[alphatag]` is an optional string such as `b1`, `rc1`, etc.

.gitlab/issue_templates/release.md

@@ -0,0 +1,47 @@
+## Release Checklist
+
+ - [ ] (Manager) Check for the presence of a milestone for the release:
+    - If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
+ - [ ] (Manager) Inform Support/Marketing of impending release (and give estimated release dates).
+ - (SwEng) Prepare the sources for tarball generation:
+   - [ ] Check perflab to ensure there has been no unexplained drop in performance for the version being released.
+   - [ ] Ensure that there are no outstanding merge requests in the private repository (subscription version only).
+   - [ ] Update API files for libraries with new version information.
+   - [ ] Change software version and library versions in configure.in (new major release only).
+   - [ ] Rebuild configure using autoconf on docs.isc.org.
+   - [ ] Update CHANGES.
+   - [ ] Update CHANGES.SE (subscription branch only).
+   - [ ] Update "version".
+   - [ ] Update "readme.md".
+   - Check the release notes are correct:
+     - [ ] Compare content with merge requests for the release.
+     - [ ] Check formatting.
+   - [ ] Build documentation on docs.isc.org.
+   - [ ] Commit changes and make sure the gitlab-ci tests are passing.
+   - [ ] Push the changes and tag ("alphatag" is an optional string such as "b1", "rc1" etc.). (```git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]```)
+   - [ ] If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` (this allows development to continue on the release branch whilst release engineering continues).
+ - [ ] (SwEng) Run the "make release" Jenkins job to produce the tarballs and zips.
+ - [ ] (SwEng) Ask QA to sanity check the tarball and zips (passing to them the number of the Jenkins job).
+ - [ ] (QA) Sanity check the tarballs.
+ - [ ] (QA) Request the signature on the tarballs.
+ - [ ] (QA) Check signatures on tarballs.
+ - [ ] (QA) Tell Support to handle notification of release.
+ - [ ] (Manager) Inform Marketing of the release
+ - [ ] (Manager) Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
+
+ - [ ] (SwEng) Update DEB and RPM packages
+ - [ ] (SwEng) Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`)
+
+## Support
+ - [ ] Make tarballs and signatures available to download.
+ - [ ] Write release email to bind9-announce.
+ - [ ] Write email to bind9-users (if a major release).
+ - [ ] Update tickets in case of waiting support customers.
+
+## Marketing
+ - [ ] Update BIND Product page if needed
+ - [ ] Update BIND Significant Features Matrix in KB if needed
+ - [ ] Update BIND -S Edition data sheet if S Edition feature change
+ - [ ] Announce on social media
+ - [ ] Update [Wikipedia entry for BIND](http://en.wikipedia.org/wiki/BIND).
+ - [ ] Write blog article (if a major release).

.uncrustify.cfg

@@ -24,7 +24,7 @@ string_escape_char2                      = 0        # number
 # Improvements to template detection may make this option obsolete.
 tok_split_gte                            = false    # false/true
 
-# Control what to do with the UTF-8 BOM (recommend 'remove')
+# Control what to do with the UTF-8 BOM (recommed 'remove')
 utf8_bom                                 = ignore   # ignore/add/remove/force
 
 # If the file only contains chars between 128 and 255 and is not UTF-8, then output as UTF-8
@@ -1352,7 +1352,7 @@ cmt_insert_func_header                   = ""         # string
 # Will substitute $(class) with the class name.
 cmt_insert_class_header                  = ""         # string
 
-# The filename that contains text to insert before a Obj-C message specification if the method isn't preceded with a C/C++ comment.
+# The filename that contains text to insert before a Obj-C message specification if the method isn't preceeded with a C/C++ comment.
 # Will substitute $(message) with the function name and $(javaparam) with the javadoc @param and @return stuff.
 cmt_insert_oc_msg_header                 = ""         # string
 

CHANGES

@@ -1,355 +1,3 @@
-5369.	[func]		Add the ability to specify whether or not to wait
-			for nameserver domain names to be looked up, with
-			a new RPZ modifying directive 'nsdname-wait-recurse'.
-			[GL #1138]
-
-5368.	[bug]		Named failed to restart if 'rndc addzone' names
-			contained special characters (e.g. '/'). [GL #1655]
-
-5367.	[placeholder]
-
-	--- 9.17.0 released ---
-
-5366.	[bug]		Fix a race condition with the keymgr when the same
-			zone plus dnssec-policy is configured in multiple
-			views. [GL #1653]
-
-5365.	[bug]		Algorithm rollover was stuck on submitting DS
-			because keymgr thought it would move to an invalid
-			state.  Fixed by checking the current key against
-			the desired state, not the existing state. [GL #1626]
-
-5364.	[bug]		Algorithm rollover waited too long before introducing
-			zone signatures.  It waited to make sure all signatures
-			were regenerated, but when introducing a new algorithm,
-			all signatures are regenerated immediately.  Only
-			add the sign delay if there is a predecessor key.
-			[GL #1625]
-
-5363.	[bug]		When changing a dnssec-policy, existing keys with
-			properties that no longer match were not being retired.
-			[GL #1624]
-
-5362.	[func]		Limit the size of IXFR responses so that AXFR will
-			be used instead if it would be smaller. This is
-			controlled by the "max-ixfr-ratio" option, which
-			is a percentage representing the ratio of IXFR size
-			to the size of the entire zone. This value cannot
-			exceed 100%, which is the default. [GL #1515]
-
-5361.	[bug]		named might not accept new connections after
-			hitting tcp-clients quota. [GL #1643]
-
-5360.	[bug]		delv could fail to load trust anchors in DNSKEY
-			format. [GL #1647]
-
-5359.	[func]		"rndc nta -d" and "rndc secroots" now include
-			"validate-except" entries when listing negative
-			trust anchors. These are indicated by the keyword
-			"permanent" in place of an expiry date. [GL #1532]
-
-5358.	[bug]		Inline master zones whose master files were touched
-			but otherwise unchanged and were subsequently reloaded
-			may have stopped re-signing. [GL !3135]
-
-5357.	[bug]		Newly added RRSIG records with expiry times before
-			the previous earliest expiry times might not be
-			re-signed in time.  This was a side effect of 5315.
-			[GL !3137]
-
-5356.	[func]		Update dnssec-policy configuration statements:
-			- Rename "zone-max-ttl" dnssec-policy option to
-			  "max-zone-ttl" for consistency with the existing
-			  zone option.
-			- Allow for "lifetime unlimited" as a synonym for
-			  "lifetime PT0S".
-			- Make "key-directory" optional.
-			- Warn if specifying a key length does not make
-			  sense; fail if key length is out of range for
-			  the algorithm.
-			- Allow use of mnemonics when specifying key
-			  algorithm (e.g. "rsasha256", "ecdsa384", etc.).
-			- Make ISO 8601 durations case-insensitive.
-			[GL #1598]
-
-5355.	[func]		What was set with --with-tuning=large option in
-			older BIND9 versions is now a default, and
-			a --with-tuning=small option was added for small
-			(e.g. OpenWRT) systems. [GL !2989]
-
-5354.	[bug]		dnssec-policy created new KSK keys for zones in the
-			initial stage of signing (with the DS not yet in the
-			rumoured or omnipresent states).  Fix by checking the
-			key goals rather than the active state when determining
-			whether new keys are needed. [GL #1593]
-
-5353.	[doc]		Document port and dscp parameters in forwarders
-			configuration option. [GL #914]
-
-5352.	[bug]		Correctly handle catalog zone entries containing
-			characters that aren't legal in filenames. [GL #1592]
-
-5351.	[bug]		CDS / CDNSKEY consistency checks failed to handle
-			removal records. [GL #1554]
-
-5350.	[bug]		When a view was configured with class CHAOS, the
-			server could crash while processing a query for a
-			non-existent record. [GL #1540]
-
-5349.	[bug]		Fix a race in task_pause/unpause. [GL #1571]
-
-5348.	[bug]		dnssec-settime -Psync was not being honoured.
-			[GL !2893]
-
-	--- 9.15.8 released ---
-
-5347.	[bug]		Fixed a bug that could cause an intermittent crash
-			in validator.c when validating a negative cache
-			entry. [GL #1561]
-
-5346.	[bug]		Make hazard pointer array allocations dynamic, fixing
-			a bug that caused named to crash on machines with more
-			than 40 cores. [GL #1493]
-
-5345.	[func]		Key-style trust anchors and DS-style trust anchors
-			can now both be used for the same name. [GL #1237]
-
-5344.	[bug]		Handle accept() errors properly in netmgr. [GL !2880]
-
-5343.	[func]		Add statistics counters to the netmgr. [GL #1311]
-
-5342.	[bug]		Disable pktinfo for IPv6 and bind to each interface
-			explicitly instead, because libuv doesn't support
-			pktinfo control messages. [GL #1558]
-
-5341.	[func]		Simplify passing the bound TCP socket to child
-			threads by using isc_uv_export/import functions.
-			[GL !2825]
-
-5340.	[bug]		Don't deadlock when binding to a TCP socket fails.
-			[GL #1499]
-
-5339.	[bug]		With some libmaxminddb versions, named could erroneously
-			match an IP address not belonging to any subnet defined
-			in a given GeoIP2 database to one of the existing
-			entries in that database. [GL #1552]
-
-5338.	[bug]		Fix line spacing in `rndc secroots`.
-			Thanks to Tony Finch. [GL !2478]
-
-5337.	[func]		'named -V' now reports maxminddb and protobuf-c
-			versions. [GL !2686]
-
-	--- 9.15.7 released ---
-
-5336.	[bug]		The TCP high-water statistic could report an
-			incorrect value on startup. [GL #1392]
-
-5335.	[func]		Make TCP listening code multithreaded. [GL !2659]
-
-5334.	[doc]		Update documentation with dnssec-policy clarifications.
-			Also change some defaults. [GL !2711]
-
-5333.	[bug]		Fix duration printing on Solaris when value is not
-			an ISO 8601 duration. [GL #1460]
-
-5332.	[func]		Renamed "dnssec-keys" configuration statement
-			to the more descriptive "trust-anchors". [GL !2702]
-
-5331.	[func]		Use compiler-provided mechanisms for thread local
-			storage, and make the requirement for such mechanisms
-			explicit in configure. [GL #1444]
-
-5330.	[bug]		'configure --without-python' was ineffective if
-			PYTHON was set in the environment. [GL #1434]
-
-5329.	[bug]		Reconfiguring named caused memory to be leaked when any
-			GeoIP2 database was in use. [GL #1445]
-
-5328.	[bug]		rbtdb.c:rdataset_{get,set}ownercase failed to obtain
-			a node lock. [GL #1417]
-
-5327.	[func]		Added a statistics counter to track queries
-			dropped because the recursive-clients quota was
-			exceeded. [GL #1399]
-
-5326.	[bug]		Add Python dependency on 'distutils.core' to configure.
-			'distutils.core' is required for installation.
-			[GL #1397]
-
-5325.	[bug]		Addressed several issues with TCP connections in
-			the netmgr: restored support for TCP connection
-			timeouts, restored TCP backlog support, actively
-			close all open sockets during shutdown. [GL #1312]
-
-5324.	[bug]		Change the category of some log messages from general
-			to the more appropriate catergory of xfer-in. [GL #1394]
-
-5323.	[bug]		Fix a bug in DNSSEC trust anchor verification.
-			[GL !2609]
-
-5322.	[placeholder]
-
-5321.	[bug]		Obtain write lock before updating version->records
-			and version->bytes. [GL #1341]
-
-5320.	[cleanup]	Silence TSAN on header->count. [GL #1344]
-
-	--- 9.15.6 released ---
-
-5319.	[func]		Trust anchors can now be configured using DS
-			format to represent a key digest, by using the
-			new "initial-ds" or "static-ds" keywords in
-			the "dnssec-keys" statement.
-
-			Note: DNSKEY-format and DS-format trust anchors
-			cannot both be used for the same domain name.
-			[GL #622]
-
-5318.	[cleanup]	The DNSSEC validation code has been refactored
-			for clarity and to reduce code duplication.
-			[GL #622]
-
-5317.	[func]		A new asynchronous network communications system
-			based on libuv is now used for listening for
-			incoming requests and responding to them. (The
-			old isc_socket API remains in use for sending
-			iterative queries and processing responses; this
-			will be changed too in a later release.)
-
-			This change will make it easier to improve
-			performance and implement new protocol layers
-			(e.g., DNS over TLS) in the future. [GL #29]
-
-5316.	[func]		A new "dnssec-policy" option has been added to
-			named.conf to implement a key and signing policy
-			(KASP) for zones. When this option is in use,
-			named can generate new keys as needed and
-			automatically roll both ZSK and KSK keys. (Note
-			that the syntax for this statement differs from
-			the dnssec policy used by dnssec-keymgr.)
-
-			See the ARM for configuration details. [GL #1134]
-
-5315.	[bug]		Apply the initial RRSIG expiration spread fixed
-			to all dynamically created records in the zone
-			including NSEC3. Also fix the signature clusters
-			when the server has been offline for prolonged
-			period of times. [GL #1256]
-
-5314.	[func]		Added a new statistics variable "tcp-highwater"
-			that reports the maximum number of simultaneous TCP
-			clients BIND has handled while running. [GL #1206]
-
-5313.	[bug]		The default GeoIP2 database location did not match
-			the ARM.  'named -V' now reports the default
-			location. [GL #1301]
-
-5312.	[bug]		Do not flush the cache for `rndc validation status`.
-			Thanks to Tony Finch. [GL !2462]
-
-5311.	[cleanup]	Include all views in output of `rndc validation status`.
-			Thanks to Tony Finch. [GL !2461]
-
-5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]
-
-5309.	[placeholder]
-
-5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
-			at ERROR level in receive_secure_serial(). [GL #1288]
-
-5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
-			Thanks to Tony Finch. [GL !2481]
-
-5306.	[security]	Set a limit on number of simultaneous pipelined TCP
-			queries. (CVE-2019-6477) [GL #1264]
-
-5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
-			disabled by default because it was found to have
-			a significant performance impact on the recursive
-			service. [GL #1265]
-
-5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
-			[GL #876]
-
-5303.	[placeholder]
-
-5302.	[bug]		Fix checking that "dnstap-output" is defined when
-			"dnstap" is specified in a view. [GL #1281]
-
-5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
-			acls. [GL #1143]
-
-5300.	[bug]		dig/mdig/delv: Add a colon after EDNS option names,
-			even when the option is empty, to improve
-			readability and allow correct parsing of YAML
-			output. [GL #1226]
-
-	--- 9.15.5 released ---
-
-5299.	[security]	A flaw in DNSSEC verification when transferring
-			mirror zones could allow data to be incorrectly
-			marked valid. (CVE-2019-6475) [GL #1252]
-
-5298.	[security]	Named could assert if a forwarder returned a
-			referral, rather than resolving the query, when QNAME
-			minimization was enabled. (CVE-2019-6476) [GL #1051]
-
-5297.	[bug]		Check whether a previous QNAME minimization fetch
-			is still running before starting a new one; return
-			SERVFAIL and log an error if so. [GL #1191]
-
-5296.	[placeholder]
-
-5295.	[cleanup]	Split dns_name_copy() calls into dns_name_copy() and
-			dns_name_copynf() for those calls that can potentially
-			fail and those that should not fail respectively.
-			[GL !2265]
-
-5294.	[func]		Fallback to ACE name on output in locale, which does not
-			support converting it to unicode.  [GL #846]
-
-5293.	[bug]		On Windows, named crashed upon any attempt to fetch XML
-			statistics from it. [GL #1245]
-
-5292.	[bug]		Queue 'rndc nsec3param' requests while signing inline
-			zone changes. [GL #1205]
-
-	--- 9.15.4 released ---
-
-5291.	[placeholder]
-
-5290.	[placeholder]
-
-5289.	[bug]		Address NULL pointer dereference in rpz.c:rpz_detach.
-			[GL #1210]
-
-5288.	[bug]		dnssec-must-be-secure was not always honored.
-			[GL #1209]
-
-5287.	[placeholder]
-
-5286.	[contrib]	Address potential NULL pointer dereferences in
-			dlz_mysqldyn_mod.c. [GL #1207]
-
-5285.	[port]		win32: implement "-T maxudpXXX". [GL #837]
-
-5284.	[func]		Added +unexpected command line option to dig.
-			By default, dig won't accept a reply from a source
-			other than the one to which it sent the query.
-			Invoking dig with +unexpected argument will allow it
-			to process replies from unexpected sources.
-
-5283.	[bug]		When a response-policy zone expires, ensure that
-			its policies are removed from the RPZ summary
-			database. [GL #1146]
-
-5282.	[bug]		Fixed a bug in searching for possible wildcard matches
-			for query names in the RPZ summary database. [GL #1146]
-
-5281.	[cleanup]	Don't escape commas when reporting named's command
-			line. [GL #1189]
-
 5280.	[protocol]	Add support for displaying EDNS option LLQ. [GL #1201]
 
 5279.	[bug]		When loading, reject zones containing CDS or CDNSKEY
@@ -401,7 +49,7 @@
 
 5268.	[placeholder]
 
-5267.	[func]		Allow statistics groups display to be toggle-able.
+5267.	[func]		Allow statistics groups display to be toggleable.
 			[GL #1030]
 
 5266.	[bug]		named-checkconf failed to report dnstap-output
@@ -509,7 +157,7 @@
 			code in a high-load cold-cache resolver scenario.
 			[GL #943]
 
-5242.	[bug]		In relaxed qname minimization mode, fall back to
+5242.	[bug]		In relaxed qname minimizatiom mode, fall back to
 			normal resolution when encountering a lame
 			delegation, and use _.domain/A queries rather
 			than domain/NS. [GL #1055]
@@ -1444,7 +1092,7 @@
 4965.	[func]		Add support for marking options as deprecated.
 			[GL #322]
 
-4964.	[bug]		Reduce the probability of double signature when deleting
+4964.	[bug]		Reduce the probabilty of double signature when deleting
 			a DNSKEY by checking if the node is otherwise signed
 			by the algorithm of the key to be deleted. [GL #240]
 
@@ -1528,7 +1176,7 @@
 			for unsigned zones since change 4596. [GL #209]
 
 4945.	[func]		BIND can no longer be built without DNSSEC support.
-			A cryptography provider (i.e., OpenSSL or a hardware
+			A cryptography provder (i.e., OpenSSL or a hardware
 			service module with PKCS#11 support) must be
 			available. [GL #244]
 
@@ -1587,7 +1235,7 @@
 			dig (+[no]raflag, +[no]tcflag). [GL #213]
 
 4928.	[func]		The "dnskey-sig-validity" option allows
-			"sig-validity-interval" to be overridden for signatures
+			"sig-validity-interval" to be overriden for signatures
 			covering DNSKEY RRsets. [GL #145]
 
 4927.	[placeholder]
@@ -1926,7 +1574,7 @@
 			[RT #46725]
 
 4831.	[bug]		Convert the RRSIG expirytime to 64 bits for
-			comparisons in diff.c:resign. [RT #46710]
+			comparisions in diff.c:resign. [RT #46710]
 
 4830.	[bug]		Failure to configure ATF when requested did not cause
 			an error in top-level configure script. [RT #46655]
@@ -2152,7 +1800,7 @@
 			used to append a formatted string to the used region of
 			a buffer. [RT #46201]
 
-4766.	[cleanup]	Address Coverity warnings. [RT #46150]
+4766.	[cleanup]	Addresss Coverity warnings. [RT #46150]
 
 4765.	[bug]		Address potential INSIST in dnssec-cds. [RT #46150]
 
@@ -2346,7 +1994,7 @@
 
 4719.	[bug]		Address PVS static analyzer warnings. [RT #45946]
 
-4718.	[func]		Avoid searching for a owner name compression pointer
+4718.	[func]		Avoid seaching for a owner name compression pointer
 			more than once when writing out a RRset. [RT #45802]
 
 4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
@@ -6491,7 +6139,7 @@
 
 3518.	[bug]		Increase the size of dns_rrl_key.s.rtype by one bit
 			so that all dns_rrl_rtype_t enum values fit regardless
-			of whether it is treated as signed or unsigned by
+			of whether it is teated as signed or unsigned by
 			the compiler. [RT #32792]
 
 3517.	[bug]		Reorder destruction to avoid shutdown race. [RT #32777]
@@ -7566,7 +7214,7 @@
 
 	--- 9.9.0b1 released ---
 
-3186.	[bug]		Version/db mismatch in rpz code. [RT #26180]
+3186.	[bug]		Version/db mis-match in rpz code. [RT #26180]
 
 3185.	[func]		New 'rndc signing' option for auto-dnssec zones:
 			 - 'rndc signing -list' displays the current
@@ -8231,7 +7879,7 @@
 2998.	[func]		Add isc_task_beginexclusive and isc_task_endexclusive
 			to the task api. [RT #22776]
 
-2997.	[func]		named -V now reports the OpenSSL and libxml2 versions
+2997.	[func]		named -V now reports the OpenSSL and libxml2 verions
 			it was compiled against. [RT #22687]
 
 2996.	[security]	Temporarily disable SO_ACCEPTFILTER support.
@@ -11214,7 +10862,7 @@
 2096.	[bug]		libbind: handle applications that fail to detect
 			res_init() failures better.
 
-2095.	[port]		libbind: always prototype inet_cidr_ntop_ipv6() and
+2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
 			net_cidr_ntop_ipv6(). [RT #16388]
 
 2094.	[contrib]	Update named-bootconf.  [RT #16404]
@@ -11270,7 +10918,7 @@
 2076.	[bug]		Several files were missing #include <config.h>
 			causing build failures on OSF. [RT #16341]
 
-2075.	[bug]		The spillat timer event handler could leak memory.
+2075.	[bug]		The spillat timer event hander could leak memory.
 			[RT #16357]
 
 2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
@@ -12032,7 +11680,7 @@
 
 1831.	[doc]		Update named-checkzone documentation. [RT #13604]
 
-1830.	[bug]		adb lame cache has sense of test reversed. [RT #13600]
+1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]
 
 1829.	[bug]		win32: "pid-file none;" broken. [RT #13563]
 
@@ -12143,7 +11791,7 @@
 1796.	[func]		"rndc freeze/thaw" now freezes/thaws all zones.
 
 1795.	[bug]		"rndc dumpdb" was not fully documented.  Minor
-			formatting issues with "rndc dumpdb -all".  [RT #13396]
+			formating issues with "rndc dumpdb -all".  [RT #13396]
 
 1794.	[func]		Named and named-checkzone can now both check for
 			non-terminal wildcard records.
@@ -13320,7 +12968,7 @@
 			acl.
 
 1393.	[port]		Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
-			is not available in the kernel to prevent accidentally
+			is not available in the kernel to prevent accidently
 			listening on IPv4 interfaces.
 
 1392.	[bug]		named-checkzone: update usage.
@@ -15048,7 +14696,7 @@
  839.	[func]		Dump packets for which there was no view or that the
 			class could not be determined to category "unmatched".
 
- 838.	[port]		UnixWare 7.x.x is now supported by
+ 838.	[port]		UnixWare 7.x.x is now suported by
 			bin/tests/system/ifconfig.sh.
 
  837.	[cleanup]	Multi-threading is now enabled by default only on

CONTRIBUTING

@@ -99,7 +99,7 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the ISC Security Officer public key.
 
-Do not discuss undisclosed security vulnerabilities on any public mailing
+Do not discuss undisclosed security vulnerabilites on any public mailing
 list. ISC has a long history of handling reported vulnerabilities promptly
 and effectively and we respect and acknowledge responsible reporters.
 

CONTRIBUTING.md

@@ -107,7 +107,7 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
 
-Do not discuss undisclosed security vulnerabilities on any public mailing list.
+Do not discuss undisclosed security vulnerabilites on any public mailing list.
 ISC has a long history of handling reported vulnerabilities promptly and
 effectively and we respect and acknowledge responsible reporters.
 

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2020  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")
 
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -181,6 +181,67 @@ SUCH DAMAGE.
 
  -----------------------------------------------------------------------------
 
+Copyright (c) 1998 Doug Rabson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright ((c)) 2002, Rice University
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+    copyright notice, this list of conditions and the following
+    disclaimer in the documentation and/or other materials provided
+    with the distribution.
+
+    * Neither the name of Rice University (RICE) nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+
+This software is provided by RICE and the contributors on an "as is"
+basis, without any representations or warranties of any kind, express
+or implied including, but not limited to, representations or
+warranties of non-infringement, merchantability or fitness for a
+particular purpose. In no event shall RICE or contributors be liable
+for any direct, indirect, incidental, special, exemplary, or
+consequential damages (including, but not limited to, procurement of
+substitute goods or services; loss of use, data, or profits; or
+business interruption) however caused and on any theory of liability,
+whether in contract, strict liability, or tort (including negligence
+or otherwise) arising in any way out of the use of this software, even
+if advised of the possibility of such damage.
+
+ -----------------------------------------------------------------------------
+
 Copyright (c) 1993 by Digital Equipment Corporation.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -201,6 +262,61 @@ SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Copyright 2000 Aaron D. Gifford.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+ 
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1998 Doug Rabson.
+Copyright (c) 2001 Jake Burkholder.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
 Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 All rights reserved.
 
@@ -247,6 +363,49 @@ SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Copyright (c) 2000-2002 Japan Network Information Center.  All rights reserved.
+ 
+By using this file, you agree to the terms and conditions set forth bellow.
+
+                        LICENSE TERMS AND CONDITIONS 
+
+The following License Terms and Conditions apply, unless a different
+license is obtained from Japan Network Information Center ("JPNIC"),
+a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
+Chiyoda-ku, Tokyo 101-0047, Japan.
+
+1. Use, Modification and Redistribution (including distribution of any
+   modified or derived work) in source and/or binary forms is permitted
+   under this License Terms and Conditions.
+
+2. Redistribution of source code must retain the copyright notices as they
+   appear in each source code file, this License Terms and Conditions.
+
+3. Redistribution in binary form must reproduce the Copyright Notice,
+   this License Terms and Conditions, in the documentation and/or other
+   materials provided with the distribution.  For the purposes of binary
+   distribution the "Copyright Notice" refers to the following language:
+   "Copyright (c) 2000-2002 Japan Network Information Center.  All rights
+   reserved."
+
+4. The name of JPNIC may not be used to endorse or promote products
+   derived from this Software without specific prior written approval of
+   JPNIC.
+
+5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL JPNIC BE LIABLE
+   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+   ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+ -----------------------------------------------------------------------------
+
 Copyright (C) 2004  Nominet, Ltd.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -263,6 +422,24 @@ PERFORMANCE OF THIS SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Portions Copyright RSA Security Inc.
+
+License to copy and use this software is granted provided that it is
+identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+(Cryptoki)" in all material mentioning or referencing this software.
+
+License is also granted to make and use derivative works provided that
+such works are identified as "derived from the RSA Security Inc. PKCS #11
+Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+referencing the derived work.
+
+RSA Security Inc. makes no representations concerning either the
+merchantability of this software or the suitability of this software for
+any particular purpose. It is provided "as is" without express or implied
+warranty of any kind.
+
+ -----------------------------------------------------------------------------
+
 Copyright (c) 1996, David Mazieres <dm@uun.org>
 Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 
@@ -280,6 +457,54 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 -----------------------------------------------------------------------------
 
+Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in
+   the documentation and/or other materials provided with the
+   distribution.
+
+3. All advertising materials mentioning features or use of this
+   software must display the following acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+
+4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+   endorse or promote products derived from this software without
+   prior written permission. For written permission, please contact
+   licensing@OpenSSL.org.
+
+5. Products derived from this software may not be called "OpenSSL"
+   nor may "OpenSSL" appear in their names without prior written
+   permission of the OpenSSL Project.
+
+6. Redistributions of any form whatsoever must retain the following
+   acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+
+THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+
+-----------------------------------------------------------------------------
+
 Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
 All rights reserved.
 

HISTORY

@@ -2,21 +2,6 @@ HISTORY
 
 Functional enhancements from prior major releases of BIND 9
 
-BIND 9.16
-
-BIND 9.16 (a stable branch based on the 9.15 development branch) includes
-a number of changes from BIND 9.14 and earlier releases. New features
-include:
-
-  * New dnssec-policy statement to configure a key and signing policy for
-    zones, enabling automatic key regeneration and rollover.
-  * New network manager based on libuv.
-  * Added support for the new GeoIP2 geolocation API, libmaxminddb.
-  * Improved DNSSEC trust anchor configuration using the trust-anchors
-    statement, permitting configuration of trust anchors in DS as well as
-    DNSKEY format.
-  * YAML output for dig, mdig, and delv.
-
 BIND 9.14
 
 BIND 9.14 (a stable branch based on the 9.13 development branch) includes
@@ -158,7 +143,7 @@ releases. New features include:
   * "rndc modzone" reconfigures a single zone, without requiring the
     entire server to be reconfigured.
   * "rndc showzone" displays the current configuration of a zone.
-  * "rndc managed-keys" can be used to check the status of RFC 5011
+  * "rndc managed-keys" can be used to check the status of RFC 5001
     managed trust anchors, or to force trust anchors to be refreshed.
   * "max-cache-size" can now be set to a percentage of available memory.
     The default is 90%.
@@ -530,8 +515,8 @@ BIND 9.4.0
   * dig: report the number of extra bytes still left in the packet after
     processing all the records.
   * Support for IPSECKEY rdata type.
-  * Raise the UDP receive buffer size to 32k if it is less than 32k.
-  * x86 and x86_64 now have separate atomic locking implementations.
+  * Raise the UDP recieve buffer size to 32k if it is less than 32k.
+  * x86 and x86_64 now have seperate atomic locking implementations.
   * named-checkconf now validates update-policy entries.
   * Attempt to make the amount of work performed in a iteration self
     tuning. The covers nodes clean from the cache per iteration, nodes
@@ -548,8 +533,8 @@ BIND 9.4.0
   * dig now warns if 'RA' is not set in the answer when 'RD' was set in
     the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
     is set unless a server is explicitly set.
-  * Integrate contributed DLZ code into named.
-  * Integrate contributed IDN code from JPNIC.
+  * Integrate contibuted DLZ code into named.
+  * Integrate contibuted IDN code from JPNIC.
   * libbind: corresponds to that from BIND 8.4.7.
 
 BIND 9.3.0

HISTORY.md

@@ -10,21 +10,6 @@
 -->
 ### Functional enhancements from prior major releases of BIND 9
 
-#### BIND 9.16
-
-BIND 9.16 (a stable branch based on the 9.15 development branch)
-includes a number of changes from BIND 9.14 and earlier releases.
-New features include:
-
-* New `dnssec-policy` statement to configure a key and signing policy
-  for zones, enabling automatic key regeneration and rollover.
-* New network manager based on `libuv`.
-* Added support for the new GeoIP2 geolocation API, `libmaxminddb`.
-* Improved DNSSEC trust anchor configuration using the `trust-anchors`
-  statement, permitting configuration of trust anchors in DS as well as
-  DNSKEY format.
-* YAML output for `dig`, `mdig`, and `delv`.
-
 #### BIND 9.14
 
 BIND 9.14 (a stable branch based on the 9.13 development branch)
@@ -165,7 +150,7 @@ releases.  New features include:
 - "rndc modzone" reconfigures a single zone, without requiring the entire
   server to be reconfigured.
 - "rndc showzone" displays the current configuration of a zone.
-- "rndc managed-keys" can be used to check the status of RFC 5011 managed
+- "rndc managed-keys" can be used to check the status of RFC 5001 managed
   trust anchors, or to force trust anchors to be refreshed.
 - "max-cache-size" can now be set to a percentage of available memory. The
   default is 90%.
@@ -548,8 +533,8 @@ BIND 9.4.0
 - dig: report the number of extra bytes still left in the packet after
   processing all the records.
 - Support for IPSECKEY rdata type.
-- Raise the UDP receive buffer size to 32k if it is less than 32k.
-- x86 and x86_64 now have separate atomic locking implementations.
+- Raise the UDP recieve buffer size to 32k if it is less than 32k.
+- x86 and x86_64 now have seperate atomic locking implementations.
 - named-checkconf now validates update-policy entries.
 - Attempt to make the amount of work performed in a iteration self tuning.
   The covers nodes clean from the cache per iteration, nodes written to
@@ -566,8 +551,8 @@ BIND 9.4.0
 - dig now warns if 'RA' is not set in the answer when 'RD' was set in the
   query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
   unless a server is explicitly set.
-- Integrate contributed DLZ code into named.
-- Integrate contributed IDN code from JPNIC.
+- Integrate contibuted DLZ code into named.
+- Integrate contibuted IDN code from JPNIC.
 - libbind: corresponds to that from BIND 8.4.7.
 
 #### BIND 9.3.0

Makefile.in

@@ -104,7 +104,7 @@ PLATFORMS: PLATFORMS.md
 		sed -e '$${/^$$/d;}' > $@
 
 CODE_OF_CONDUCT: CODE_OF_CONDUCT.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="CODE OF CONDUCT" -f markdown-smart -t html CODE_OF_CONDUCT.md | \
+	${PANDOC} --email-obfuscation=none -s --metadata title="CODE OF CONDUCT" -f markdown-smart -t html $< | \
 		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 

PLATFORMS

@@ -3,30 +3,11 @@ PLATFORMS
 Supported platforms
 
 In general, this version of BIND will build and run on any POSIX-compliant
-system with a C11-compliant C compiler, BSD-style sockets with
-RFC-compliant IPv6 support, POSIX-compliant threads, the libuv
-asynchronous I/O library, and the OpenSSL cryptography library.
-
-The following C11 features are used in BIND 9:
-
-  * Atomic operations support from the compiler is needed, either in the
-    form of builtin operations, C11 atomics, or the Interlocked family of
-    functions on Windows.
-
-  * Thread Local Storage support from the compiler is needed, either in
-    the form of C11 _Thread_local/thread_local, the __thread GCC
-    extension, or the __declspec(thread) MSVC extension on Windows.
-
-BIND 9.17 requires a fairly recent version of libuv (at least 1.x). For
-some of the older systems listed below, you will have to install an
-updated libuv package from sources such as EPEL, PPA, or other native
-sources for updated packages. The other option is to build and install
-libuv from source.
-
-Certain optional BIND features have additional library dependencies. These
-include libxml2 and libjson-c for statistics, libmaxminddb for
-geolocation, libfstrm and libprotobuf-c for DNSTAP, and libidn2 for
-internationalized domain name conversion.
+system with a C99-compliant C compiler, BSD-style sockets with
+RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
+cryptography library. Atomic operations support from the compiler is
+needed, either in the form of builtin operations, C11 atomics or the
+Interlocked family of functions on Windows.
 
 ISC regularly tests BIND on many operating systems and architectures, but
 lacks the resources to test all of them. Consequently, ISC is only able to
@@ -34,16 +15,15 @@ offer support on a "best effort" basis for some.
 
 Regularly tested platforms
 
-As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
+As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
 following systems:
 
-  * Debian 9, 10
-  * Ubuntu LTS 16.04, 18.04
-  * Fedora 31
-  * Red Hat Enterprise Linux / CentOS 7, 8
-  * FreeBSD 11.3, 12.1
-  * OpenBSD 6.6
-  * Alpine Linux
+  * Debian 8, 9, 10
+  * Ubuntu 16.04, 18.04
+  * Fedora 28, 29
+  * Red Hat Enterprise Linux / CentOS 6, 7
+  * FreeBSD 11.x
+  * OpenBSD 6.2, 6.3
 
 The amd64, i386, armhf and arm64 CPU architectures are all fully
 supported.
@@ -60,33 +40,20 @@ Server 2012 R2, none of these are tested regularly by ISC.
   * Windows 10 / x64
   * macOS 10.12+
   * Solaris 11
+  * FreeBSD 10.x, 12.0+
+  * OpenBSD 6.4+
   * NetBSD
   * Other Linux distributions still supported by their vendors, such as:
-      + Ubuntu 19.04+
+      + Ubuntu 14.04, 18.10+
       + Gentoo
       + Arch Linux
+      + Alpine Linux
   * OpenWRT/LEDE 17.01+
   * Other CPU architectures (mips, mipsel, sparc, ...)
 
-Community maintained
-
-These systems may not all have the required dependencies for building BIND
-easily available, although it will be possible in many cases to compile
-those directly from source. The community and interested parties may wish
-to help with maintenance, and we welcome patch contributions, although we
-cannot guarantee that we will accept them. All contributions will be
-assessed against the risk of adverse effect on officially supported
-platforms.
-
-  * Platforms past or close to their respective EOL dates, such as:
-      + Ubuntu 14.04, 18.10
-      + CentOS 6
-      + Debian Jessie
-      + FreeBSD 10.x
-
 Unsupported platforms
 
-These are platforms on which BIND 9.17 is known not to build or run:
+These are platforms on which BIND 9.15 is known not to build or run:
 
   * Platforms without at least OpenSSL 1.0.2
   * Windows 10 / x86
@@ -96,4 +63,13 @@ These are platforms on which BIND 9.17 is known not to build or run:
   * Platforms that don't support atomic operations (via compiler or
     library)
   * Linux without NPTL (Native POSIX Thread Library)
-  * Platforms on which libuv cannot be compiled
+
+Platform quirks
+
+NetBSD 6 i386
+
+The i386 build of NetBSD requires the libatomic library, available from
+the gcc5-libs package. Because this library is in a non-standard path, its
+location must be specified in the configure command line:
+
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure

PLATFORMS.md

@@ -11,30 +11,11 @@
 ## Supported platforms
 
 In general, this version of BIND will build and run on any POSIX-compliant
-system with a C11-compliant C compiler, BSD-style sockets with RFC-compliant
-IPv6 support, POSIX-compliant threads, the `libuv` asynchronous I/O library,
-and the OpenSSL cryptography library.
-
-The following C11 features are used in BIND 9:
-
-* Atomic operations support from the compiler is needed, either in the form of
-  builtin operations, C11 atomics, or the `Interlocked` family of functions on
-  Windows.
-
-* Thread Local Storage support from the compiler is needed, either in the form
-  of C11 `_Thread_local`/`thread_local`, the `__thread` GCC extension, or
-  the `__declspec(thread)` MSVC extension on Windows.
-
-BIND 9.17 requires a fairly recent version of `libuv` (at least 1.x).  For
-some of the older systems listed below, you will have to install an updated
-`libuv` package from sources such as EPEL, PPA, or other native sources for
-updated packages. The other option is to build and install `libuv` from
-source.
-
-Certain optional BIND features have additional library dependencies.
-These include `libxml2` and `libjson-c` for statistics, `libmaxminddb` for
-geolocation, `libfstrm` and `libprotobuf-c` for DNSTAP, and `libidn2` for
-internationalized domain name conversion.
+system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
+IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
+Atomic operations support from the compiler is needed, either in the form of
+builtin operations, C11 atomics or the Interlocked family of functions on
+Windows.
 
 ISC regularly tests BIND on many operating systems and architectures, but
 lacks the resources to test all of them. Consequently, ISC is only able to
@@ -42,16 +23,15 @@ offer support on a "best effort" basis for some.
 
 ### Regularly tested platforms
 
-As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
+As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
 following systems:
 
-* Debian 9, 10
-* Ubuntu LTS 16.04, 18.04
-* Fedora 31
-* Red Hat Enterprise Linux / CentOS 7, 8
-* FreeBSD 11.3, 12.1
-* OpenBSD 6.6
-* Alpine Linux
+* Debian 8, 9, 10
+* Ubuntu 16.04, 18.04
+* Fedora 28, 29
+* Red Hat Enterprise Linux / CentOS 6, 7
+* FreeBSD 11.x
+* OpenBSD 6.2, 6.3
 
 The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
 
@@ -67,33 +47,20 @@ Server 2012 R2, none of these are tested regularly by ISC.
 * Windows 10 / x64
 * macOS 10.12+
 * Solaris 11
+* FreeBSD 10.x, 12.0+
+* OpenBSD 6.4+
 * NetBSD
 * Other Linux distributions still supported by their vendors, such as:
-    * Ubuntu 19.04+
+    * Ubuntu 14.04, 18.10+
     * Gentoo
     * Arch Linux
+    * Alpine Linux
 * OpenWRT/LEDE 17.01+
 * Other CPU architectures (mips, mipsel, sparc, ...)
 
-### Community maintained
-
-These systems may not all have the required dependencies for building BIND
-easily available, although it will be possible in many cases to compile
-those directly from source. The community and interested parties may wish
-to help with maintenance, and we welcome patch contributions, although we
-cannot guarantee that we will accept them.  All contributions will be
-assessed against the risk of adverse effect on officially supported
-platforms.
-
-* Platforms past or close to their respective EOL dates, such as:
-    * Ubuntu 14.04, 18.10
-    * CentOS 6
-    * Debian Jessie
-    * FreeBSD 10.x
-
 ## Unsupported platforms
 
-These are platforms on which BIND 9.17 is known *not* to build or run:
+These are platforms on which BIND 9.15 is known *not* to build or run:
 
 * Platforms without at least OpenSSL 1.0.2
 * Windows 10 / x86
@@ -102,4 +69,15 @@ These are platforms on which BIND 9.17 is known *not* to build or run:
 * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
 * Platforms that don't support atomic operations (via compiler or library)
 * Linux without NPTL (Native POSIX Thread Library)
-* Platforms on which `libuv` cannot be compiled
+
+## Platform quirks
+
+### NetBSD 6 i386
+
+The i386 build of NetBSD requires the `libatomic` library, available from
+the `gcc5-libs` package.  Because this library is in a non-standard path,
+its location must be specified in the `configure` command line:
+
+```
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure
+```

README

@@ -7,7 +7,7 @@ Contents
  1. Introduction
  2. Reporting bugs and getting help
  3. Contributing to BIND
- 4. BIND 9.17 features
+ 4. BIND 9.15 features
  5. Building BIND
  6. macOS
  7. Dependencies
@@ -48,8 +48,8 @@ the file HISTORY.
 For a detailed list of changes made throughout the history of BIND 9, see
 the file CHANGES. See below for details on the CHANGES file format.
 
-For up-to-date versions and release notes, see https://www.isc.org/
-download/.
+For up-to-date release notes and errata, see http://www.isc.org/software/
+bind9/releasenotes
 
 For information about supported platforms, see PLATFORMS.
 
@@ -69,13 +69,7 @@ named-checkconf -px.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in named, please do NOT use GitLab to
-report it. Instead, send mail to security-officer@isc.org using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at https://www.isc.org/pgpkey.) Please do not
-discuss the bug on any public mailing list.
-
-For a general overview of ISC security policies, read the Knowledge Base
-article at https://kb.isc.org/docs/aa-00861.
+report it. Instead, please send mail to security-officer@isc.org.
 
 Professional support and training for BIND are available from ISC at
 https://www.isc.org/support.
@@ -97,7 +91,7 @@ General information: CONTRIBUTING.md - Code of Conduct: CODE_OF_CONDUCT.md
 - BIND 9 code style: doc/dev/style.md - BIND architecture and developer
 guide: doc/dev/dev.md
 
-Patches for BIND may be submitted as merge requests in the ISC GitLab
+Patches for BIND may be submitted as Merge Requests in the ISC GitLab
 server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
 
 By default, external contributors don't have ability to fork BIND in the
@@ -109,34 +103,31 @@ If you prefer, you may also submit code by opening a GitLab Issue and
 including your patch as an attachment, preferably generated by git
 format-patch.
 
-BIND 9.17 features
+BIND 9.15 features
 
-BIND 9.17 is the newest development branch of BIND 9. It includes a number
-of changes from BIND 9.16 and earlier releases. New features include:
+BIND 9.15 is the newest development branch of BIND 9. It includes a number
+of changes from BIND 9.14 and earlier releases. New features include:
 
-  * New option "max-ixfr-ratio" to limit the size of outgoing IXFR
-    responses before falling back to full zone transfers.
-  * "rndc nta -d" and "rndc secroots" now include "validate-except"
-    entries when listing negative trust anchors.
+  * Support for the new GeoIP2 geolocation API
+  * Improved DNSSEC key configuration using dnssec-keys
 
 Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. BIND also requires the
-libuv asynchronous I/O library, and a cryptography provider library such
-as OpenSSL or a hardware service module supporting PKCS#11. On Linux, BIND
-requires the libcap library to set process privileges, though this
-requirement can be overridden by disabling capability support at compile
-time. See Compile-time options below for details on other libraries that
-may be required to support optional features.
+basic POSIX support, and a 64-bit integer type. Successful builds have
+been observed on many versions of Linux and UNIX, including RedHat,
+Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
+X, Solaris, HP-UX, and OpenWRT.
 
-Successful builds have been observed on many versions of Linux and UNIX,
-including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware,
-Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE,
-HP-UX, and OpenWRT.
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires the
+libcap library to set process privileges, though this requirement can be
+overridden by disabling capability support at compile time. See
+Compile-time options below for details on other libraries that may be
+required to support optional features.
 
-BIND is also available for Windows Server 2012 R2 and higher. See
-win32utils/build.txt for details on building for Windows systems.
+BIND is also available for Windows 2008 and higher. See win32utils/
+readme1st.txt for details on building for Windows systems.
 
 To build on a UNIX or Linux system, use:
 
@@ -147,7 +138,7 @@ If you're planning on making changes to the BIND 9 source, you should run
 make depend. If you're using Emacs, you might find make tags helpful.
 
 Several environment variables that can be set before running configure
-will affect compilation. Significant ones are:
+will affect compilation:
 
    Variable                            Description
 CC             The C compiler to use. configure tries to figure out the
@@ -164,31 +155,26 @@ STD_CDEFINES   Defaults to empty string. For a list of possible settings,
 LDFLAGS        Linker flags. Defaults to empty string.
 BUILD_CC       Needed when cross-compiling: the native C compiler to use
                when building for the target system.
-BUILD_CFLAGS   CFLAGS for the target system during cross-compiling.
-BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
-BUILD_LDFLAGS  LDFLAGS for the target system during cross-compiling.
-BUILD_LIBS     LIBS for the target system during cross-compiling.
-
-Additional environment variables affecting the build are listed at the end
-of the configure help text, which can be obtained by running the command:
-
-$ ./configure --help
+BUILD_CFLAGS   Optional, used for cross-compiling
+BUILD_CPPFLAGS
+BUILD_LDFLAGS
+BUILD_LIBS
 
 macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from https://developer.apple.com/download/more/ or,
-if you have Xcode already installed, you can run xcode-select --install.
-(Note that an Apple ID may be required to access the download page.)
+This can be downloaded from https://developer.apple.com/download/more/ or
+if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and
+other tools so that they can be easily found.
 
 Dependencies
 
 Portions of BIND that are written in Python, including dnssec-keymgr,
 dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-argparse, ply and distutils.core modules to be available. argparse is a
-standard module as of Python 2.7 and Python 3.2. ply is available from
-https://pypi.python.org/pypi/ply. distutils.core is required for
-installation.
+'argparse' and 'ply' modules to be available. 'argparse' is a standard
+module as of Python 2.7 and Python 3.2. 'ply' is available from https://
+pypi.python.org/pypi/ply.
 
 Compile-time options
 
@@ -206,9 +192,8 @@ operations, specify the path to the PKCS#11 provider library using
 --with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
 
 To support the HTTP statistics channel, the server must be linked with at
-least one of the following libraries: libxml2 http://xmlsoft.org or json-c
-https://github.com/json-c/json-c. If these are installed at a nonstandard
-location, then:
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location, then:
 
   * for libxml2, specify the prefix using --with-libxml2=/prefix,
   * for json-c, adjust PKG_CONFIG_PATH.
@@ -232,15 +217,17 @@ github.com/farsightsec/fstrm and libprotobuf-c https://
 developers.google.com/protocol-buffers, and BIND must be configured with
 --enable-dnstap.
 
-Certain compiled-in constants and default settings can be decreased to
-values better suited to small machines, e.g. OpenWRT boxes, by specifying
---with-tuning=small on the configure command line. This will decrease
-memory usage by using smaller structures, but will degrade performance.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying --with-tuning=
+large on the configure command line. This can improve performance on big
+servers, but will consume more memory and may degrade performance on
+smaller systems.
 
 On Linux, process capabilities are managed in user space using the libcap
 library, which can be installed on most Linux systems via the libcap-dev
-or libcap-devel package. Process capability support can also be disabled
-by configuring with --disable-linux-caps.
+or libcap-devel module. Process capability support can also be disabled by
+configuring with --disable-linux-caps.
 
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB. This can be done by using
@@ -274,7 +261,7 @@ ifconfig.sh up as root.
 
 Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
 and will be skipped if these are not available. Some tests require Python
-and the dnspython module and will be skipped if these are not available.
+and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
 Unit tests are implemented using the CMocka unit testing framework. To
@@ -285,7 +272,7 @@ tests can be run via make test or make unit.
 Documentation
 
 The BIND 9 Administrator Reference Manual is included with the source
-distribution, in DocBook XML, HTML, and PDF format, in the doc/arm
+distribution, in DocBook XML, HTML and PDF format, in the doc/arm
 directory.
 
 Some of the programs in the BIND 9 distribution have man pages in their
@@ -340,16 +327,16 @@ issue number. Prior to 2018, these were usually of the form [RT #NNN] and
 referred to entries in the "bind9-bugs" RT database, which was not open to
 the public. More recent entries use the form [GL #NNN] or, less often, [GL
 !NNN], which, respectively, refer to issues or merge requests in the
-GitLab database. Most of these are publicly readable, unless they include
-information which is confidential or security sensitive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
 
-To look up a GitLab issue by its number, use the URL https://
+To look up a Gitlab issue by its number, use the URL https://
 gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
 use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
 
 In rare cases, an issue or merge request number may be followed with the
 letter "P". This indicates that the information is in the private ISC
-GitLab instance, which is not visible to the public.
+Gitlab instance, which is not visible to the public.
 
 Acknowledgments
 

README.md

@@ -15,7 +15,7 @@
 1. [Introduction](#intro)
 1. [Reporting bugs and getting help](#help)
 1. [Contributing to BIND](#contrib)
-1. [BIND 9.17 features](#features)
+1. [BIND 9.15 features](#features)
 1. [Building BIND](#build)
 1. [macOS](#macos)
 1. [Dependencies](#dependencies)
@@ -57,8 +57,8 @@ For a detailed list of changes made throughout the history of BIND 9, see
 the file [CHANGES](CHANGES). See [below](#changes) for details on the
 CHANGES file format.
 
-For up-to-date versions and release notes, see
-[https://www.isc.org/download/](https://www.isc.org/download/).
+For up-to-date release notes and errata, see
+[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
 
 For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
 
@@ -79,15 +79,8 @@ using `named-checkconf -px`.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in `named`, please do *NOT* use GitLab to
-report it. Instead, send mail to
-[security-officer@isc.org](mailto:security-officer@isc.org) using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at
-[https://www.isc.org/pgpkey](https://www.isc.org/pgpkey).) Please do not
-discuss the bug on any public mailing list.
-
-For a general overview of ISC security policies, read the Knowledge Base
-article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
+report it. Instead, please send mail to
+[security-officer@isc.org](mailto:security-officer@isc.org).
 
 Professional support and training for BIND are available from
 ISC at [https://www.isc.org/support](https://www.isc.org/support).
@@ -111,7 +104,7 @@ Information for BIND contributors can be found in the following files:
 - BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
 
 Patches for BIND may be submitted as
-[merge requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
+[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
 in the [ISC GitLab server](https://gitlab.isc.org) at
 at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
 
@@ -125,35 +118,33 @@ If you prefer, you may also submit code by opening a
 including your patch as an attachment, preferably generated by
 `git format-patch`.
 
-### <a name="features"/> BIND 9.17 features
+### <a name="features"/> BIND 9.15 features
 
-BIND 9.17 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.16 and earlier releases. New features include:
+BIND 9.15 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.14 and earlier releases. New features
+include:
 
-* New option "max-ixfr-ratio" to limit the size of outgoing IXFR responses
-  before falling back to full zone transfers.
-* "rndc nta -d" and "rndc secroots" now include "validate-except" entries
-  when listing negative trust anchors.
+* Support for the new GeoIP2 geolocation API
+* Improved DNSSEC key configuration using `dnssec-keys`
+* YAML output for dig, mdig, and delv.
 
 ### <a name="build"/> Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type.  BIND also requires the
-`libuv` asynchronous I/O library, and a cryptography provider library
-such as OpenSSL or a hardware service module supporting PKCS#11. On
-Linux, BIND requires the `libcap` library to set process privileges,
-though this requirement can be overridden by disabling capability
-support at compile time. See [Compile-time options](#opts) below
-for details on other libraries that may be required to support
-optional features.
+basic POSIX support, and a 64-bit integer type. Successful builds have been
+observed on many versions of Linux and UNIX, including RedHat, Fedora,
+Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
+Solaris, HP-UX, and OpenWRT.
 
-Successful builds have been observed on many versions of Linux and
-UNIX, including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE,
-Slackware, Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris,
-OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires
+the `libcap` library to set process privileges, though this requirement
+can be overridden by disabling capability support at compile time.
+See [Compile-time options](#opts) below for details on other libraries
+that may be required to support optional features.
 
-BIND is also available for Windows Server 2012 R2 and higher.  See
-`win32utils/build.txt` for details on building for Windows
+BIND is also available for Windows 2008 and higher.  See
+`win32utils/readme1st.txt` for details on building for Windows
 systems.
 
 To build on a UNIX or Linux system, use:
@@ -165,7 +156,7 @@ If you're planning on making changes to the BIND 9 source, you should run
 `make depend`.  If you're using Emacs, you might find `make tags` helpful.
 
 Several environment variables that can be set before running `configure` will
-affect compilation.  Significant ones are:
+affect compilation:
 
 |Variable|Description |
 |--------------------|-----------------------------------------------|
@@ -175,35 +166,26 @@ affect compilation.  Significant ones are:
 |`STD_CDEFINES`|Any additional preprocessor symbols you want defined.  Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
 |`LDFLAGS`|Linker flags. Defaults to empty string.|
 |`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
-|`BUILD_CFLAGS`|`CFLAGS` for the target system during cross-compiling.|
-|`BUILD_CPPFLAGS`|`CPPFLAGS` for the target system during cross-compiling.|
-|`BUILD_LDFLAGS`|`LDFLAGS` for the target system during cross-compiling.|
-|`BUILD_LIBS`|`LIBS` for the target system during cross-compiling.|
-
-Additional environment variables affecting the build are listed at the
-end of the `configure` help text, which can be obtained by running the
-command:
-
-    $ ./configure --help
+|`BUILD_CFLAGS`|Optional, used for cross-compiling|
+|`BUILD_CPPFLAGS`||
+|`BUILD_LDFLAGS`||
+|`BUILD_LIBS`||
 
 #### <a name="macos"> macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from
-[https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
-or, if you have Xcode already installed, you can run `xcode-select
---install`.  (Note that an Apple ID may be required to access the download
-page.)
+This can be downloaded from https://developer.apple.com/download/more/
+or if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and other
+tools so that they can be easily found.
 
 ### <a name="dependencies"/> Dependencies
 
 Portions of BIND that are written in Python, including
 `dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
-system tests, require the `argparse`, `ply` and `distutils.core` modules
-to be available.
-`argparse` is a standard module as of Python 2.7 and Python 3.2.
-`ply` is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
-`distutils.core` is required for installation.
+system tests, require the 'argparse' and 'ply' modules to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2.
+'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
 
 #### <a name="opts"/> Compile-time options
 
@@ -221,16 +203,16 @@ path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
 configure BIND with `--enable-native-pkcs11`.
 
 To support the HTTP statistics channel, the server must be linked with at
-least one of the following libraries: `libxml2`
-[http://xmlsoft.org](http://xmlsoft.org) or `json-c`
-[https://github.com/json-c/json-c](https://github.com/json-c/json-c).
-If these are installed at a nonstandard location, then:
+least one of the following: libxml2
+[http://xmlsoft.org](http://xmlsoft.org) or json-c
+[https://github.com/json-c](https://github.com/json-c).  If these are
+installed at a nonstandard location, then:
 
-* for `libxml2`, specify the prefix using `--with-libxml2=/prefix`,
-* for `json-c`, adjust `PKG_CONFIG_PATH`.
+* for libxml2, specify the prefix using `--with-libxml2=/prefix`,
+* for json-c, adjust `PKG_CONFIG_PATH`.
 
 To support compression on the HTTP statistics channel, the server must be
-linked against `libzlib`.  If this is installed in a nonstandard location,
+linked against libzlib.  If this is installed in a nonstandard location,
 specify the prefix using `--with-zlib=/prefix`.
 
 To support storing configuration data for runtime-added zones in an LMDB
@@ -243,20 +225,22 @@ found; if the library is installed in a nonstandard location,
 specify the prefix using `--with-maxminddb=/prefix`. GeoIP2 support
 can be switched off with `--disable-geoip`.
 
-For DNSTAP packet logging, you must have installed `libfstrm`
+For DNSTAP packet logging, you must have installed libfstrm
 [https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
-and `libprotobuf-c`
+and libprotobuf-c
 [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
 and BIND must be configured with `--enable-dnstap`.
 
-Certain compiled-in constants and default settings can be decreased to
-values better suited to small machines, e.g. OpenWRT boxes, by specifying
-`--with-tuning=small` on the `configure` command line. This will decrease
-memory usage by using smaller structures, but will degrade performance.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying
+`--with-tuning=large` on the `configure` command line. This can improve
+performance on big servers, but will consume more memory and may degrade
+performance on smaller systems.
 
 On Linux, process capabilities are managed in user space using
 the `libcap` library, which can be installed on most Linux systems via
-the `libcap-dev` or `libcap-devel` package. Process capability support can
+the `libcap-dev` or `libcap-devel` module. Process capability support can
 also be disabled by configuring with `--disable-linux-caps`.
 
 On some platforms it is necessary to explicitly request large file support
@@ -289,21 +273,20 @@ multiple servers to run locally and communicate with one another).  These
 IP addresses can be configured by running the command
 `bin/tests/system/ifconfig.sh up` as root.
 
-Some tests require Perl and the `Net::DNS` and/or `IO::Socket::INET6` modules,
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
 and will be skipped if these are not available. Some tests require Python
-and the `dnspython` module and will be skipped if these are not available.
+and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the [CMocka unit testing framework](https://cmocka.org/).
+Unit tests are implemented using the CMocka unit testing framework.
 To build them, use `configure --with-cmocka`. Execution of tests is done
-by the [Kyua test execution engine](https://github.com/jmmv/kyua); if the
-`kyua` command is available, then unit tests can be run via `make test`
-or `make unit`.
+by the Kyua test execution engine; if the `kyua` command is available,
+then unit tests can be run via `make test` or `make unit`.
 
 ### <a name="doc"/> Documentation
 
 The *BIND 9 Administrator Reference Manual* is included with the source
-distribution, in DocBook XML, HTML, and PDF format, in the `doc/arm`
+distribution, in DocBook XML, HTML and PDF format, in the `doc/arm`
 directory.
 
 Some of the programs in the BIND 9 distribution have man pages in their
@@ -353,17 +336,17 @@ issue number. Prior to 2018, these were usually of the form `[RT #NNN]`
 and referred to entries in the "bind9-bugs" RT database, which was not open
 to the public. More recent entries use the form `[GL #NNN]` or, less often,
 `[GL !NNN]`, which, respectively, refer to issues or merge requests in the
-GitLab database. Most of these are publicly readable, unless they include
-information which is confidential or security sensitive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
 
-To look up a GitLab issue by its number, use the URL
+To look up a Gitlab issue by its number, use the URL
 [https://gitlab.isc.org/isc-projects/bind9/issues/NNN](https://gitlab.isc.org/isc-projects/bind9/issues).
 To look up a merge request, use
 [https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
 
 In rare cases, an issue or merge request number may be followed with the
 letter "P". This indicates that the information is in the private ISC
-GitLab instance, which is not visible to the public.
+Gitlab instance, which is not visible to the public.
 
 ### <a name="ack"/> Acknowledgments
 

aclocal.m4

@@ -376,7 +376,6 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 
 m4_include([m4/ax_check_compile_flag.m4])
 m4_include([m4/ax_check_openssl.m4])
-m4_include([m4/ax_lib_lmdb.m4])
 m4_include([m4/ax_posix_shell.m4])
 m4_include([m4/ax_pthread.m4])
 m4_include([m4/ax_restore_flags.m4])

bin/check/Makefile.in

@@ -24,7 +24,8 @@ CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 NSLIBS =	../../lib/ns/libns.@A@
 
@@ -35,6 +36,7 @@ BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 NSDEPENDLIBS =	../../lib/ns/libns.@A@
 
 LIBS =		${ISCLIBS} @LIBS@
+NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
 
 SUBDIRS =
 

bin/check/check-tool.c

@@ -9,21 +9,23 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
+#include <inttypes.h>
 
 #ifdef _WIN32
 #include <Winsock2.h>
-#endif /* ifdef _WIN32 */
+#endif
 
+#include "check-tool.h"
 #include <isc/buffer.h>
 #include <isc/log.h>
 #include <isc/mem.h>
-#include <isc/net.h>
 #include <isc/netdb.h>
+#include <isc/net.h>
 #include <isc/print.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
@@ -50,31 +52,29 @@
 
 #include <ns/log.h>
 
-#include "check-tool.h"
-
 #ifndef CHECK_SIBLING
 #define CHECK_SIBLING 1
-#endif /* ifndef CHECK_SIBLING */
+#endif
 
 #ifndef CHECK_LOCAL
 #define CHECK_LOCAL 1
-#endif /* ifndef CHECK_LOCAL */
+#endif
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r) \
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
-#define ERR_IS_CNAME	   1
-#define ERR_NO_ADDRESSES   2
+#define ERR_IS_CNAME 1
+#define ERR_NO_ADDRESSES 2
 #define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A	   4
-#define ERR_EXTRA_AAAA	   5
-#define ERR_MISSING_GLUE   5
-#define ERR_IS_MXCNAME	   6
-#define ERR_IS_SRVCNAME	   7
+#define ERR_EXTRA_A 4
+#define ERR_EXTRA_AAAA 5
+#define ERR_MISSING_GLUE 5
+#define ERR_IS_MXCNAME 6
+#define ERR_IS_SRVCNAME 7
 
 static const char *dbtype[] = { "rbt" };
 
@@ -85,26 +85,31 @@ bool nomerge = true;
 bool docheckmx = true;
 bool dochecksrv = true;
 bool docheckns = true;
-#else  /* if CHECK_LOCAL */
+#else
 bool docheckmx = false;
 bool dochecksrv = false;
 bool docheckns = false;
-#endif /* if CHECK_LOCAL */
-dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_CHECKMX |
-			     DNS_ZONEOPT_MANYERRORS | DNS_ZONEOPT_CHECKNAMES |
+#endif
+dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
+			     DNS_ZONEOPT_CHECKMX |
+			     DNS_ZONEOPT_MANYERRORS |
+			     DNS_ZONEOPT_CHECKNAMES |
 			     DNS_ZONEOPT_CHECKINTEGRITY |
 #if CHECK_SIBLING
 			     DNS_ZONEOPT_CHECKSIBLING |
-#endif /* if CHECK_SIBLING */
+#endif
 			     DNS_ZONEOPT_CHECKWILDCARD |
-			     DNS_ZONEOPT_WARNMXCNAME | DNS_ZONEOPT_WARNSRVCNAME;
+			     DNS_ZONEOPT_WARNMXCNAME |
+			     DNS_ZONEOPT_WARNSRVCNAME;
 
 /*
  * This needs to match the list in bin/named/log.c.
  */
-static isc_logcategory_t categories[] = { { "", 0 },
-					  { "unmatched", 0 },
-					  { NULL, 0 } };
+static isc_logcategory_t categories[] = {
+	{ "",		     0 },
+	{ "unmatched", 	     0 },
+	{ NULL,		     0 }
+};
 
 static isc_symtab_t *symtab = NULL;
 static isc_mem_t *sym_mctx;
@@ -122,15 +127,16 @@ add(char *key, int value) {
 	isc_symvalue_t symvalue;
 
 	if (sym_mctx == NULL) {
-		isc_mem_create(&sym_mctx);
+		result = isc_mem_create(0, 0, &sym_mctx);
+		if (result != ISC_R_SUCCESS)
+			return;
 	}
 
 	if (symtab == NULL) {
 		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
 					   false, &symtab);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 	}
 
 	key = isc_mem_strdup(sym_mctx, key);
@@ -138,29 +144,27 @@ add(char *key, int value) {
 	symvalue.as_pointer = NULL;
 	result = isc_symtab_define(symtab, key, value, symvalue,
 				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		isc_mem_free(sym_mctx, key);
-	}
 }
 
 static bool
 logged(char *key, int value) {
 	isc_result_t result;
 
-	if (symtab == NULL) {
+	if (symtab == NULL)
 		return (false);
-	}
 
 	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	}
 	return (false);
 }
 
 static bool
 checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
-	dns_rdataset_t *a, dns_rdataset_t *aaaa) {
+	dns_rdataset_t *a, dns_rdataset_t *aaaa)
+{
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	struct addrinfo hints, *ai, *cur;
@@ -178,9 +182,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
 		aaaa->type == dns_rdatatype_aaaa);
 
-	if (a == NULL || aaaa == NULL) {
+	if (a == NULL || aaaa == NULL)
 		return (answer);
-	}
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -207,17 +210,16 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
 		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME))
-		{
+		    !logged(namebuf, ERR_IS_CNAME)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
 				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf, cur->ai_canonname);
+				     ownerbuf, namebuf,
+				     cur->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
 			add(namebuf, ERR_IS_CNAME);
@@ -226,7 +228,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
@@ -240,8 +242,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -250,17 +252,15 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	/*
 	 * Check that all glue records really exist.
 	 */
-	if (!dns_rdataset_isassociated(a)) {
+	if (!dns_rdataset_isassociated(a))
 		goto checkaaaa;
-	}
 	result = dns_rdataset_first(a);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(a, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET) {
+			if (cur->ai_family != AF_INET)
 				continue;
-			}
 			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
@@ -268,12 +268,11 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
@@ -282,32 +281,28 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		result = dns_rdataset_next(a);
 	}
 
-checkaaaa:
-	if (!dns_rdataset_isassociated(aaaa)) {
+ checkaaaa:
+	if (!dns_rdataset_isassociated(aaaa))
 		goto checkmissing;
-	}
 	result = dns_rdataset_first(aaaa);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(aaaa, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET6) {
+			if (cur->ai_family != AF_INET6)
 				continue;
-			}
-			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-				       ->sin6_addr;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
 				break;
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET6, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET6, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = false; */
@@ -316,7 +311,7 @@ checkaaaa:
 		result = dns_rdataset_next(aaaa);
 	}
 
-checkmissing:
+ checkmissing:
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
@@ -326,50 +321,42 @@ checkmissing:
 			switch (cur->ai_family) {
 			case AF_INET:
 				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))
-					       ->sin_addr;
+				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 				type = "A";
 				break;
 			case AF_INET6:
 				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-					       ->sin6_addr;
+				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 				type = "AAAA";
 				break;
 			default:
-				continue;
+				 continue;
 			}
 			match = false;
-			if (dns_rdataset_isassociated(rdataset)) {
+			if (dns_rdataset_isassociated(rdataset))
 				result = dns_rdataset_first(rdataset);
-			} else {
+			else
 				result = ISC_R_FAILURE;
-			}
 			while (result == ISC_R_SUCCESS && !match) {
 				dns_rdataset_current(rdataset, &rdata);
 				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-				{
 					match = true;
-				}
 				dns_rdata_reset(&rdata);
 				result = dns_rdataset_next(rdataset);
 			}
 			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR,
-					     "%s/NS '%s' "
+				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 					     "missing GLUE %s record (%s)",
 					     ownerbuf, namebuf, type,
 					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf,
-						       sizeof(addrbuf)));
+						       addrbuf, sizeof(addrbuf)));
 				/* XXX950 make fatal for 9.5.0. */
 				/* answer = false; */
 				missing_glue = true;
 			}
 		}
-		if (missing_glue) {
+		if (missing_glue)
 			add(namebuf, ERR_MISSING_GLUE);
-		}
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -409,15 +396,12 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_MXCNAME)) {
 					dns_zone_log(zone, level,
@@ -428,9 +412,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_MXCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -439,7 +422,7 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/MX '%s' (out of zone) "
@@ -453,8 +436,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -495,28 +478,23 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/SRV '%s'"
+					dns_zone_log(zone, level, "%s/SRV '%s'"
 						     " (out of zone) is a "
 						     "CNAME '%s' (illegal)",
 						     ownerbuf, namebuf,
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_SRVCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -525,7 +503,7 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/SRV '%s' (out of zone) "
@@ -539,8 +517,8 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -553,7 +531,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
 
-	isc_log_create(mctx, &log, &logconfig);
+	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_registercategories(log, categories);
 	isc_log_setcontext(log);
 	dns_log_init(log);
@@ -565,11 +543,12 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
-	isc_log_createchannel(logconfig, "stderr", ISC_LOG_TOFILEDESC,
-			      ISC_LOG_DYNAMIC, &destination, 0);
-
-	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL) ==
-		      ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+				       ISC_LOG_TOFILEDESC,
+				       ISC_LOG_DYNAMIC,
+				       &destination, 0) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+					 NULL, NULL) == ISC_R_SUCCESS);
 
 	*logp = log;
 	return (ISC_R_SUCCESS);
@@ -596,20 +575,18 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	CHECK(dns_db_newversion(db, &version));
 	CHECK(dns_db_createiterator(db, 0, &dbiter));
 
-	for (result = dns_dbiterator_first(dbiter); result == ISC_R_SUCCESS;
-	     result = dns_dbiterator_next(dbiter))
-	{
+	for (result = dns_dbiterator_first(dbiter);
+	     result == ISC_R_SUCCESS;
+	     result = dns_dbiterator_next(dbiter)) {
 		result = dns_dbiterator_current(dbiter, &node, name);
-		if (result == DNS_R_NEWORIGIN) {
+		if (result == DNS_R_NEWORIGIN)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		CHECK(dns_db_allrdatasets(db, node, version, 0, &rdsiter));
 		for (result = dns_rdatasetiter_first(rdsiter);
 		     result == ISC_R_SUCCESS;
-		     result = dns_rdatasetiter_next(rdsiter))
-		{
+		     result = dns_rdatasetiter_next(rdsiter)) {
 			dns_rdatasetiter_current(rdsiter, &rdataset);
 			if (rdataset.ttl > maxttl) {
 				char nbuf[DNS_NAME_FORMATSIZE];
@@ -632,35 +609,28 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 			}
 			dns_rdataset_disassociate(&rdataset);
 		}
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		dns_rdatasetiter_destroy(&rdsiter);
 		dns_db_detachnode(db, &node);
 	}
 
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
-	}
 
-cleanup:
-	if (node != NULL) {
+ cleanup:
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (rdsiter != NULL) {
+	if (rdsiter != NULL)
 		dns_rdatasetiter_destroy(&rdsiter);
-	}
-	if (dbiter != NULL) {
+	if (dbiter != NULL)
 		dns_dbiterator_destroy(&dbiter);
-	}
-	if (version != NULL) {
+	if (version != NULL)
 		dns_db_closeversion(db, &version, false);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 
 	return (result);
 }
@@ -669,7 +639,8 @@ cleanup:
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	  dns_masterformat_t fileformat, const char *classname,
-	  dns_ttl_t maxttl, dns_zone_t **zonep) {
+	  dns_ttl_t maxttl, dns_zone_t **zonep)
+{
 	isc_result_t result;
 	dns_rdataclass_t rdclass;
 	isc_textregion_t region;
@@ -680,10 +651,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	REQUIRE(zonep == NULL || *zonep == NULL);
 
-	if (debug) {
+	if (debug)
 		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
 			zonename, filename, classname);
-	}
 
 	CHECK(dns_zone_create(&zone, mctx));
 
@@ -694,17 +664,11 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	origin = dns_fixedname_initname(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
-	dns_zone_setdbtype(zone, 1, (const char *const *)dbtype);
-	if (strcmp(filename, "-") == 0) {
-		CHECK(dns_zone_setstream(zone, stdin, fileformat,
-					 &dns_master_style_default));
-	} else {
-		CHECK(dns_zone_setfile(zone, filename, fileformat,
-				       &dns_master_style_default));
-	}
-	if (journal != NULL) {
+	dns_zone_setdbtype(zone, 1, (const char * const *) dbtype);
+	CHECK(dns_zone_setfile(zone, filename, fileformat,
+			       &dns_master_style_default));
+	if (journal != NULL)
 		CHECK(dns_zone_setjournal(zone, journal));
-	}
 
 	DE_CONST(classname, region.base);
 	region.length = strlen(classname);
@@ -716,15 +680,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	dns_zone_setmaxttl(zone, maxttl);
 
-	if (docheckmx) {
+	if (docheckmx)
 		dns_zone_setcheckmx(zone, checkmx);
-	}
-	if (docheckns) {
+	if (docheckns)
 		dns_zone_setcheckns(zone, checkns);
-	}
-	if (dochecksrv) {
+	if (dochecksrv)
 		dns_zone_setchecksrv(zone, checksrv);
-	}
 
 	CHECK(dns_zone_load(zone, false));
 
@@ -741,10 +702,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 		zone = NULL;
 	}
 
-cleanup:
-	if (zone != NULL) {
+ cleanup:
+	if (zone != NULL)
 		dns_zone_detach(&zone);
-	}
 	return (result);
 }
 
@@ -752,39 +712,36 @@ cleanup:
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion) {
+	  const uint32_t rawversion)
+{
 	isc_result_t result;
 	FILE *output = stdout;
 	const char *flags;
 
-	flags = (fileformat == dns_masterformat_text) ? "w" : "wb";
+	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0) {
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n", zonename,
-				filename);
-		} else {
+		if (filename != NULL && strcmp(filename, "-") != 0)
+			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
+				zonename, filename);
+		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
-		}
 	}
 
 	if (filename != NULL && strcmp(filename, "-") != 0) {
 		result = isc_stdio_open(filename, flags, &output);
 
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"could not open output "
-				"file \"%s\" for writing\n",
-				filename);
+			fprintf(stderr, "could not open output "
+				"file \"%s\" for writing\n", filename);
 			return (ISC_R_FAILURE);
 		}
 	}
 
 	result = dns_zone_dumptostream(zone, output, fileformat, style,
 				       rawversion);
-	if (output != stdout) {
+	if (output != stdout)
 		(void)isc_stdio_close(output);
-	}
 
 	return (result);
 }
@@ -798,7 +755,7 @@ InitSockets(void) {
 
 	wVersionRequested = MAKEWORD(2, 0);
 
-	err = WSAStartup(wVersionRequested, &wsaData);
+	err = WSAStartup( wVersionRequested, &wsaData );
 	if (err != 0) {
 		fprintf(stderr, "WSAStartup() failed: %d\n", err);
 		exit(1);
@@ -809,4 +766,4 @@ void
 DestroySockets(void) {
 	WSACleanup();
 }
-#endif /* ifdef _WIN32 */
+#endif

bin/check/check-tool.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
 
@@ -41,11 +42,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  const uint32_t rawversion);
 
 #ifdef _WIN32
-void
-InitSockets(void);
-void
-DestroySockets(void);
-#endif /* ifdef _WIN32 */
+void InitSockets(void);
+void DestroySockets(void);
+#endif
 
 extern int debug;
 extern const char *journal;
@@ -57,4 +56,4 @@ extern dns_zoneopt_t zone_options;
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef CHECK_TOOL_H */
+#endif

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -148,5 +148,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkconf.c

@@ -9,12 +9,13 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #include <errno.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include <isc/commandline.h>
 #include <isc/dir.h>
@@ -26,6 +27,11 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
+#include <isccfg/namedconf.h>
+#include <isccfg/grammar.h>
+
+#include <bind9/check.h>
+
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -35,11 +41,6 @@
 #include <dns/rootns.h>
 #include <dns/zone.h>
 
-#include <isccfg/grammar.h>
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
 #include "check-tool.h"
 
 static const char *program = "named-checkconf";
@@ -48,11 +49,11 @@ static bool loadplugins = true;
 
 isc_log_t *logc = NULL;
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r)\
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
 /*% usage */
@@ -61,10 +62,8 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr,
-		"usage: %s [-chijlvz] [-p [-x]] [-t directory] "
-		"[named.conf]\n",
-		program);
+	fprintf(stderr, "usage: %s [-chijlvz] [-p [-x]] [-t directory] "
+		"[named.conf]\n", program);
 	exit(1);
 }
 
@@ -86,8 +85,8 @@ directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	result = isc_dir_chdir(directory);
 	if (result != ISC_R_SUCCESS) {
 		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n", directory,
-			    isc_result_totext(result));
+			    "change directory to '%s' failed: %s\n",
+			    directory, isc_result_totext(result));
 		return (result);
 	}
 
@@ -98,12 +97,10 @@ static bool
 get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
 	int i;
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) {
+		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
 			return (true);
-		}
 	}
 }
 
@@ -117,26 +114,25 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 	int i;
 
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
 		checknames = NULL;
 		result = cfg_map_get(maps[i], "check-names", &checknames);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			continue;
-		}
 		if (checknames != NULL && !cfg_obj_islist(checknames)) {
 			*obj = checknames;
 			return (true);
 		}
-		for (element = cfg_list_first(checknames); element != NULL;
-		     element = cfg_list_next(element))
-		{
+		for (element = cfg_list_first(checknames);
+		     element != NULL;
+		     element = cfg_list_next(element)) {
 			value = cfg_listelt_value(element);
 			type = cfg_tuple_get(value, "type");
-			if ((strcasecmp(cfg_obj_asstring(type), "primary") !=
-			     0) &&
-			    (strcasecmp(cfg_obj_asstring(type), "master") != 0))
+			if ((strcasecmp(cfg_obj_asstring(type),
+					"primary") != 0) &&
+			    (strcasecmp(cfg_obj_asstring(type),
+					"master") != 0))
 			{
 				continue;
 			}
@@ -153,21 +149,18 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 	dns_rdataclass_t rdclass;
 	isc_textregion_t r;
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	DE_CONST(zclass, r.base);
 	r.length = strlen(zclass);
 	result = dns_rdataclass_fromtext(&rdclass, &r);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	result = dns_rootns_create(mctx, rdclass, zfile, &db);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	dns_db_detach(&db);
 	return (ISC_R_SUCCESS);
@@ -175,9 +168,10 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 
 /*% configure the zone */
 static isc_result_t
-configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
-	       const cfg_obj_t *vconfig, const cfg_obj_t *config,
-	       isc_mem_t *mctx, bool list) {
+configure_zone(const char *vclass, const char *view,
+	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
+	       const cfg_obj_t *config, isc_mem_t *mctx, bool list)
+{
 	int i = 0;
 	isc_result_t result;
 	const char *zclass;
@@ -201,22 +195,19 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj)) {
+	if (!cfg_obj_isstring(classobj))
 		zclass = vclass;
-	} else {
+	else
 		zclass = cfg_obj_asstring(classobj);
-	}
 
 	zoptions = cfg_tuple_get(zconfig, "options");
 	maps[i++] = zoptions;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		maps[i++] = cfg_tuple_get(vconfig, "options");
-	}
 	if (config != NULL) {
 		cfg_map_get(config, "options", &obj);
-		if (obj != NULL) {
+		if (obj != NULL)
 			maps[i++] = obj;
-		}
 	}
 	maps[i] = NULL;
 
@@ -225,14 +216,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 		const char *inview = cfg_obj_asstring(inviewobj);
 		printf("%s %s %s in-view %s\n", zname, zclass, view, inview);
 	}
-	if (inviewobj != NULL) {
+	if (inviewobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL) {
+	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	if (list) {
 		const char *ztype = cfg_obj_asstring(typeobj);
@@ -244,21 +233,18 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 * Skip checks when using an alternate data source.
 	 */
 	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL && strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
+	if (dbobj != NULL &&
+	    strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
 	    strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
-	{
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "dlz", &dlzobj);
-	if (dlzobj != NULL) {
+	if (dlzobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj != NULL) {
+	if (fileobj != NULL)
 		zfile = cfg_obj_asstring(fileobj);
-	}
 
 	/*
 	 * Check hints files for hint zones.
@@ -279,14 +265,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 */
 	if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) {
 		cfg_map_get(zoptions, "masters", &mastersobj);
-		if (mastersobj != NULL) {
+		if (mastersobj != NULL)
 			return (ISC_R_SUCCESS);
-		}
 	}
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-dup-records", &obj)) {
@@ -330,14 +314,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-integrity", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-		}
-	} else {
+	} else
 		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-mx-cname", &obj)) {
@@ -381,11 +363,10 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-sibling", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-		}
 	}
 
 	obj = NULL;
@@ -418,8 +399,8 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 			ISC_UNREACHABLE();
 		}
 	} else {
-		zone_options |= DNS_ZONEOPT_CHECKNAMES;
-		zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
 	masterformat = dns_masterformat_text;
@@ -440,23 +421,23 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "max-zone-ttl", &obj)) {
-		maxttl = cfg_obj_asduration(obj);
+		maxttl = cfg_obj_asuint32(obj);
 		zone_options |= DNS_ZONEOPT_CHECKTTL;
 	}
 
-	result = load_zone(mctx, zname, zfile, masterformat, zclass, maxttl,
-			   NULL);
-	if (result != ISC_R_SUCCESS) {
+	result = load_zone(mctx, zname, zfile, masterformat,
+			   zclass, maxttl, NULL);
+	if (result != ISC_R_SUCCESS)
 		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
 			dns_result_totext(result));
-	}
 	return (result);
 }
 
 /*% configure a view */
 static isc_result_t
 configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list) {
+	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *voptions;
 	const cfg_obj_t *zonelist;
@@ -464,33 +445,32 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
 	isc_result_t tresult;
 
 	voptions = NULL;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		voptions = cfg_tuple_get(vconfig, "options");
-	}
 
 	zonelist = NULL;
-	if (voptions != NULL) {
+	if (voptions != NULL)
 		(void)cfg_map_get(voptions, "zone", &zonelist);
-	} else {
+	else
 		(void)cfg_map_get(config, "zone", &zonelist);
-	}
 
-	for (element = cfg_list_first(zonelist); element != NULL;
+	for (element = cfg_list_first(zonelist);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, vconfig, config,
-					 mctx, list);
-		if (tresult != ISC_R_SUCCESS) {
+		tresult = configure_zone(vclass, view, zconfig, vconfig,
+					 config, mctx, list);
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 	return (result);
 }
 
 static isc_result_t
 config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
-		dns_rdataclass_t *classp) {
+		dns_rdataclass_t *classp)
+{
 	isc_textregion_t r;
 
 	if (!cfg_obj_isstring(classobj)) {
@@ -505,7 +485,8 @@ config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 /*% load zones from the configuration */
 static isc_result_t
 load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
-		      bool list_zones) {
+		      bool list_zones)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *views;
 	const cfg_obj_t *vconfig;
@@ -515,7 +496,8 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 	views = NULL;
 
 	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views); element != NULL;
+	for (element = cfg_list_first(views);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *classobj;
@@ -524,31 +506,28 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 		char buf[sizeof("CLASS65535")];
 
 		vconfig = cfg_listelt_value(element);
-		if (vconfig == NULL) {
+		if (vconfig == NULL)
 			continue;
-		}
 
 		classobj = cfg_tuple_get(vconfig, "class");
-		CHECK(config_getclass(classobj, dns_rdataclass_in, &viewclass));
-		if (dns_rdataclass_ismeta(viewclass)) {
+		CHECK(config_getclass(classobj, dns_rdataclass_in,
+					 &viewclass));
+		if (dns_rdataclass_ismeta(viewclass))
 			CHECK(ISC_R_FAILURE);
-		}
 
 		dns_rdataclass_format(viewclass, buf, sizeof(buf));
 		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
 		tresult = configure_view(buf, vname, config, vconfig, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 	if (views == NULL) {
 		tresult = configure_view("IN", "_default", config, NULL, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 cleanup:
@@ -590,23 +569,15 @@ main(int argc, char **argv) {
 		switch (c) {
 		case 'm':
 			if (strcasecmp(isc_commandline_argument, "record") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			}
 			if (strcasecmp(isc_commandline_argument, "trace") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			}
 			if (strcasecmp(isc_commandline_argument, "usage") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
-			if (strcasecmp(isc_commandline_argument, "size") == 0) {
+			if (strcasecmp(isc_commandline_argument, "size") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-			}
-			if (strcasecmp(isc_commandline_argument, "mctx") == 0) {
+			if (strcasecmp(isc_commandline_argument, "mctx") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-			}
 			break;
 		default:
 			break;
@@ -614,7 +585,7 @@ main(int argc, char **argv) {
 	}
 	isc_commandline_reset = true;
 
-	isc_mem_create(&mctx);
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
 	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != EOF) {
 		switch (c) {
@@ -670,17 +641,16 @@ main(int argc, char **argv) {
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -694,19 +664,16 @@ main(int argc, char **argv) {
 		exit(1);
 	}
 
-	if (isc_commandline_index + 1 < argc) {
+	if (isc_commandline_index + 1 < argc)
 		usage();
-	}
-	if (argv[isc_commandline_index] != NULL) {
+	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
-	}
-	if (conffile == NULL || conffile[0] == '\0') {
+	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
 
@@ -732,25 +699,25 @@ main(int argc, char **argv) {
 
 	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
 		result = load_zones_fromconfig(config, mctx, list_zones);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			exit_status = 1;
-		}
 	}
 
-	if (print && exit_status == 0) {
+	if (print && exit_status == 0)
 		cfg_printx(config, flags, output, NULL);
-	}
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);
 
+	dns_name_destroy();
+
 	isc_log_destroy(&logc);
 
 	isc_mem_destroy(&mctx);
 
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	return (exit_status);
 }

bin/check/named-checkconf.docbook

@@ -41,7 +41,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkconf.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkzone.c

@@ -9,16 +9,16 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <inttypes.h>
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -53,14 +53,14 @@ static const char *prog_name = NULL;
 static const dns_master_style_t *outputstyle = NULL;
 static enum { progmode_check, progmode_compile } progmode;
 
-#define ERRRET(result, function)                                              \
-	do {                                                                  \
-		if (result != ISC_R_SUCCESS) {                                \
-			if (!quiet)                                           \
-				fprintf(stderr, "%s() returned %s\n",         \
+#define ERRRET(result, function) \
+	do { \
+		if (result != ISC_R_SUCCESS) { \
+			if (!quiet) \
+				fprintf(stderr, "%s() returned %s\n", \
 					function, dns_result_totext(result)); \
-			return (result);                                      \
-		}                                                             \
+			return (result); \
+		} \
 	} while (0)
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -77,7 +77,7 @@ usage(void) {
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
-		"%s zonename [ (filename|-) ]\n",
+		"%s zonename filename\n",
 		prog_name,
 		progmode == progmode_check ? "[-o filename]" : "-o filename");
 	exit(1);
@@ -85,9 +85,9 @@ usage(void) {
 
 static void
 destroy(void) {
-	if (zone != NULL) {
+	if (zone != NULL)
 		dns_zone_detach(&zone);
-	}
+	dns_name_destroy();
 }
 
 /*% main processing routine */
@@ -95,7 +95,7 @@ int
 main(int argc, char **argv) {
 	int c;
 	char *origin = NULL;
-	const char *filename = NULL;
+	char *filename = NULL;
 	isc_log_t *lctx = NULL;
 	isc_result_t result;
 	char classname_in[] = "IN";
@@ -121,21 +121,18 @@ main(int argc, char **argv) {
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL) {
+	if (prog_name == NULL)
 		prog_name = strrchr(argv[0], '\\');
-	}
-	if (prog_name != NULL) {
+	if (prog_name != NULL)
 		prog_name++;
-	} else {
+	else
 		prog_name = argv[0];
-	}
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(prog_name, "lt-", 3) == 0) {
+	if (strncmp(prog_name, "lt-", 3) == 0)
 		prog_name += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
@@ -151,23 +148,24 @@ main(int argc, char **argv) {
 
 	/* Compilation specific defaults */
 	if (progmode == progmode_compile) {
-		zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR |
+		zone_options |= (DNS_ZONEOPT_CHECKNS |
+				 DNS_ZONEOPT_FATALNS |
+				 DNS_ZONEOPT_CHECKSPF |
+				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else {
-		zone_options |= (DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKSPF);
-	}
+	} else
+		zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
+				 DNS_ZONEOPT_CHECKSPF);
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
 	isc_commandline_errprint = false;
 
 	while ((c = isc_commandline_parse(argc, argv,
-					  "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:"
-					  "M:S:T:W:")) != EOF)
-	{
+			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
+	       != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
@@ -271,15 +269,16 @@ main(int argc, char **argv) {
 			}
 			break;
 
+
 		case 'n':
 			if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS |
+				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
 						  DNS_ZONEOPT_FATALNS);
 			} else if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS;
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
 			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS |
+				zone_options |= DNS_ZONEOPT_CHECKNS|
 						DNS_ZONEOPT_FATALNS;
 			} else {
 				fprintf(stderr, "invalid argument to -n: %s\n",
@@ -331,9 +330,9 @@ main(int argc, char **argv) {
 			break;
 
 		case 's':
-			if (ARGCMP("full")) {
+			if (ARGCMP("full"))
 				outputstyle = &dns_master_style_full;
-			} else if (ARGCMP("relative")) {
+			else if (ARGCMP("relative")) {
 				outputstyle = &dns_master_style_default;
 			} else {
 				fprintf(stderr,
@@ -412,25 +411,23 @@ main(int argc, char **argv) {
 			break;
 
 		case 'W':
-			if (ARGCMP("warn")) {
+			if (ARGCMP("warn"))
 				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			} else if (ARGCMP("ignore")) {
+			else if (ARGCMP("ignore"))
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
-			}
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					prog_name, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", prog_name,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				prog_name, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -438,26 +435,26 @@ main(int argc, char **argv) {
 	if (workdir != NULL) {
 		result = isc_dir_chdir(workdir);
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n", workdir,
-				isc_result_totext(result));
+			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
+				workdir, isc_result_totext(result));
 			exit(1);
 		}
 	}
 
 	if (inputformatstr != NULL) {
-		if (strcasecmp(inputformatstr, "text") == 0) {
+		if (strcasecmp(inputformatstr, "text") == 0)
 			inputformat = dns_masterformat_text;
-		} else if (strcasecmp(inputformatstr, "raw") == 0) {
+		else if (strcasecmp(inputformatstr, "raw") == 0)
 			inputformat = dns_masterformat_raw;
-		} else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
+		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
 			inputformat = dns_masterformat_raw;
-			fprintf(stderr, "WARNING: input format raw, version "
-					"ignored\n");
+			fprintf(stderr,
+				"WARNING: input format raw, version ignored\n");
 		} else if (strcasecmp(inputformatstr, "map") == 0) {
 			inputformat = dns_masterformat_map;
 		} else {
 			fprintf(stderr, "unknown file format: %s\n",
-				inputformatstr);
+			    inputformatstr);
 			exit(1);
 		}
 	}
@@ -474,7 +471,8 @@ main(int argc, char **argv) {
 			rawversion = strtol(outputformatstr + 4, &end, 10);
 			if (end == outputformatstr + 4 || *end != '\0' ||
 			    rawversion > 1U) {
-				fprintf(stderr, "unknown raw format version\n");
+				fprintf(stderr,
+					"unknown raw format version\n");
 				exit(1);
 			}
 		} else if (strcasecmp(outputformatstr, "map") == 0) {
@@ -487,60 +485,47 @@ main(int argc, char **argv) {
 	}
 
 	if (progmode == progmode_compile) {
-		dumpzone = 1; /* always dump */
+		dumpzone = 1;	/* always dump */
 		logdump = !quiet;
 		if (output_filename == NULL) {
-			fprintf(stderr, "output file required, but not "
-					"specified\n");
+			fprintf(stderr,
+				"output file required, but not specified\n");
 			usage();
 		}
 	}
 
-	if (output_filename != NULL) {
+	if (output_filename != NULL)
 		dumpzone = 1;
-	}
 
 	/*
-	 * If we are printing to stdout then send the informational
+	 * If we are outputing to stdout then send the informational
 	 * output to stderr.
 	 */
 	if (dumpzone &&
-	    (output_filename == NULL || strcmp(output_filename, "-") == 0 ||
+	    (output_filename == NULL ||
+	     strcmp(output_filename, "-") == 0 ||
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
-	{
+	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
 		logdump = false;
 	}
 
-	if (argc - isc_commandline_index < 1 ||
-	    argc - isc_commandline_index > 2) {
+	if (isc_commandline_index + 2 != argc)
 		usage();
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
-	isc_mem_create(&mctx);
-	if (!quiet) {
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx) ==
-			      ISC_R_SUCCESS);
-	}
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+	if (!quiet)
+		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
+			      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
 	origin = argv[isc_commandline_index++];
-
-	if (isc_commandline_index == argc) {
-		/* "-" will be interpreted as stdin */
-		filename = "-";
-	} else {
-		filename = argv[isc_commandline_index];
-	}
-
-	isc_commandline_index++;
-
+	filename = argv[isc_commandline_index++];
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   maxttl, &zone);
 
@@ -556,24 +541,20 @@ main(int argc, char **argv) {
 			fprintf(errout, "dump zone to %s...", output_filename);
 			fflush(errout);
 		}
-		result = dump_zone(origin, zone, output_filename, outputformat,
-				   outputstyle, rawversion);
-		if (logdump) {
+		result = dump_zone(origin, zone, output_filename,
+				   outputformat, outputstyle, rawversion);
+		if (logdump)
 			fprintf(errout, "done\n");
-		}
 	}
 
-	if (!quiet && result == ISC_R_SUCCESS) {
+	if (!quiet && result == ISC_R_SUCCESS)
 		fprintf(errout, "OK\n");
-	}
 	destroy();
-	if (lctx != NULL) {
+	if (lctx != NULL)
 		isc_log_destroy(&lctx);
-	}
 	isc_mem_destroy(&mctx);
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
-
+#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -44,7 +44,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkzone.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/win32/checkconf.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{03A96113-CB14-43AA-AEB2-48950E3915C5}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkconf</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/check/win32/checktool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -17,21 +17,18 @@
     <ProjectGuid>{2C1F7096-C5B5-48D4-846F-A7ACA454335D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checktool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/check/win32/checkzone.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{66028555-7DD5-4016-B601-9EF9A1EE8BFA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkzone</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -66,15 +63,15 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -100,7 +97,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
@@ -109,8 +106,8 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
     <PostBuildEvent>

bin/confgen/Makefile.in

@@ -27,7 +27,8 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
@@ -42,6 +43,8 @@ RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${I
 
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
+NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
+
 CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
 SRCS=		rndc-confgen.c ddns-confgen.c

bin/confgen/ddns-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -36,25 +36,24 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include <dns/keyvalues.h>
 #include <dns/name.h>
 #include <dns/result.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define KEYGEN_DEFAULT	"tsig-key"
-#define CONFGEN_DEFAULT "ddns-key"
+#define KEYGEN_DEFAULT		"tsig-key"
+#define CONFGEN_DEFAULT		"ddns-key"
 
 static char program[256];
 const char *progname;
-static enum { progmode_keygen, progmode_confgen } progmode;
+static enum { progmode_keygen, progmode_confgen} progmode;
 bool verbose = false; /* needed by util.c but not used here */
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -71,16 +70,16 @@ Usage:\n\
   -s name:       domain name to be updated using the created key\n\
   -z zone:       name of the zone as it will be used in named.conf\n\
   -q:            quiet mode: print the key, with no explanatory text\n",
-			progname);
+			 progname);
 	} else {
 		fprintf(stderr, "\
 Usage:\n\
  %s [-a alg] [keyname]\n\
   -a alg:        algorithm (default hmac-sha256)\n\n",
-			progname);
+			 progname);
 	}
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -103,22 +102,20 @@ main(int argc, char **argv) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "tsig-keygen", 11);
-	}
 	progname = program;
 
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(progname, "lt-", 3) == 0) {
+	if (strncmp(progname, "lt-", 3) == 0)
 		progname += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
@@ -135,26 +132,24 @@ main(int argc, char **argv) {
 
 	isc_commandline_errprint = false;
 
-	while ((ch = isc_commandline_parse(argc, argv, "a:hk:Mmr:qs:y:z:")) !=
-	       -1) {
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "a:hk:Mmr:qs:y:z:")) != -1) {
 		switch (ch) {
 		case 'a':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			keysize = alg_bits(alg);
 			break;
 		case 'h':
 			usage(0);
 		case 'k':
 		case 'y':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				keyname = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'M':
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
@@ -163,79 +158,72 @@ main(int argc, char **argv) {
 			show_final_mem = true;
 			break;
 		case 'q':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				quiet = true;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
 			break;
 		case 's':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				self_domain = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'z':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				zone = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case '?':
 			if (isc_commandline_option != '?') {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
-	if (progmode == progmode_keygen) {
+	if (progmode == progmode_keygen)
 		keyname = argv[isc_commandline_index++];
-	}
 
 	POST(argv);
 
-	if (self_domain != NULL && zone != NULL) {
-		usage(1); /* -s and -z cannot coexist */
-	}
+	if (self_domain != NULL && zone != NULL)
+		usage(1);	/* -s and -z cannot coexist */
 
-	if (argc > isc_commandline_index) {
+	if (argc > isc_commandline_index)
 		usage(1);
-	}
 
 	/* Use canonical algorithm name */
 	algname = alg_totext(alg);
 
-	isc_mem_create(&mctx);
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
 
 	if (keyname == NULL) {
 		const char *suffix = NULL;
 
-		keyname = ((progmode == progmode_keygen) ? KEYGEN_DEFAULT
-							 : CONFGEN_DEFAULT);
-		if (self_domain != NULL) {
+		keyname = ((progmode == progmode_keygen)
+			?  KEYGEN_DEFAULT
+			: CONFGEN_DEFAULT);
+		if (self_domain != NULL)
 			suffix = self_domain;
-		} else if (zone != NULL) {
+		else if (zone != NULL)
 			suffix = zone;
-		}
 		if (suffix != NULL) {
 			len = strlen(keyname) + strlen(suffix) + 2;
 			keybuf = isc_mem_get(mctx, len);
 			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *)keybuf;
+			keyname = (const char *) keybuf;
 		}
 	}
 
@@ -243,19 +231,20 @@ main(int argc, char **argv) {
 
 	generate_key(mctx, alg, keysize, &key_txtbuffer);
 
-	if (!quiet) {
+
+	if (!quiet)
 		printf("\
 # To activate this key, place the following in named.conf, and\n\
 # in a separate keyfile on the system or systems from which nsupdate\n\
 # will be run:\n");
-	}
 
 	printf("\
 key \"%s\" {\n\
 	algorithm %s;\n\
 	secret \"%.*s\";\n\
 };\n",
-	       keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer),
+	       keyname, algname,
+	       (int)isc_buffer_usedlength(&key_txtbuffer),
 	       (char *)isc_buffer_base(&key_txtbuffer));
 
 	if (!quiet) {
@@ -293,15 +282,14 @@ update-policy {\n\
 # After the keyfile has been placed, the following command will\n\
 # execute nsupdate using this key:\n\
 nsupdate -k <keyfile>\n");
+
 	}
 
-	if (keybuf != NULL) {
+	if (keybuf != NULL)
 		isc_mem_put(mctx, keybuf, len);
-	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/ddns-confgen.docbook

@@ -38,7 +38,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/ddns-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/confgen/include/confgen/os.h

@@ -9,19 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #ifndef RNDC_OS_H
 #define RNDC_OS_H 1
 
-#include <stdio.h>
-
 #include <isc/lang.h>
+#include <stdio.h>
 
 ISC_LANG_BEGINDECLS
 
-int
-set_user(FILE *fd, const char *user);
+int set_user(FILE *fd, const char *user);
 /*%<
  * Set the owner of the file referenced by 'fd' to 'user'.
  * Returns:
@@ -31,4 +30,4 @@ set_user(FILE *fd, const char *user);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef RNDC_OS_H */
+#endif

bin/confgen/keygen.c

@@ -9,11 +9,11 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "keygen.h"
-#include <stdarg.h>
 #include <stdlib.h>
+#include <stdarg.h>
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
@@ -29,10 +29,10 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
 #include "util.h"
+#include "keygen.h"
 
 /*%
  * Convert algorithm type to string.
@@ -40,20 +40,20 @@
 const char *
 alg_totext(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return ("hmac-md5");
-	case DST_ALG_HMACSHA1:
-		return ("hmac-sha1");
-	case DST_ALG_HMACSHA224:
-		return ("hmac-sha224");
-	case DST_ALG_HMACSHA256:
-		return ("hmac-sha256");
-	case DST_ALG_HMACSHA384:
-		return ("hmac-sha384");
-	case DST_ALG_HMACSHA512:
-		return ("hmac-sha512");
-	default:
-		return ("(unknown)");
+	    case DST_ALG_HMACMD5:
+		return "hmac-md5";
+	    case DST_ALG_HMACSHA1:
+		return "hmac-sha1";
+	    case DST_ALG_HMACSHA224:
+		return "hmac-sha224";
+	    case DST_ALG_HMACSHA256:
+		return "hmac-sha256";
+	    case DST_ALG_HMACSHA384:
+		return "hmac-sha384";
+	    case DST_ALG_HMACSHA512:
+		return "hmac-sha512";
+	    default:
+		return "(unknown)";
 	}
 }
 
@@ -63,29 +63,22 @@ alg_totext(dns_secalg_t alg) {
 dns_secalg_t
 alg_fromtext(const char *name) {
 	const char *p = name;
-	if (strncasecmp(p, "hmac-", 5) == 0) {
+	if (strncasecmp(p, "hmac-", 5) == 0)
 		p = &name[5];
-	}
 
-	if (strcasecmp(p, "md5") == 0) {
-		return (DST_ALG_HMACMD5);
-	}
-	if (strcasecmp(p, "sha1") == 0) {
-		return (DST_ALG_HMACSHA1);
-	}
-	if (strcasecmp(p, "sha224") == 0) {
-		return (DST_ALG_HMACSHA224);
-	}
-	if (strcasecmp(p, "sha256") == 0) {
-		return (DST_ALG_HMACSHA256);
-	}
-	if (strcasecmp(p, "sha384") == 0) {
-		return (DST_ALG_HMACSHA384);
-	}
-	if (strcasecmp(p, "sha512") == 0) {
-		return (DST_ALG_HMACSHA512);
-	}
-	return (DST_ALG_UNKNOWN);
+	if (strcasecmp(p, "md5") == 0)
+		return DST_ALG_HMACMD5;
+	if (strcasecmp(p, "sha1") == 0)
+		return DST_ALG_HMACSHA1;
+	if (strcasecmp(p, "sha224") == 0)
+		return DST_ALG_HMACSHA224;
+	if (strcasecmp(p, "sha256") == 0)
+		return DST_ALG_HMACSHA256;
+	if (strcasecmp(p, "sha384") == 0)
+		return DST_ALG_HMACSHA384;
+	if (strcasecmp(p, "sha512") == 0)
+		return DST_ALG_HMACSHA512;
+	return DST_ALG_UNKNOWN;
 }
 
 /*%
@@ -94,20 +87,20 @@ alg_fromtext(const char *name) {
 int
 alg_bits(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return (128);
-	case DST_ALG_HMACSHA1:
-		return (160);
-	case DST_ALG_HMACSHA224:
-		return (224);
-	case DST_ALG_HMACSHA256:
-		return (256);
-	case DST_ALG_HMACSHA384:
-		return (384);
-	case DST_ALG_HMACSHA512:
-		return (512);
-	default:
-		return (0);
+	    case DST_ALG_HMACMD5:
+		return 128;
+	    case DST_ALG_HMACSHA1:
+		return 160;
+	    case DST_ALG_HMACSHA224:
+		return 224;
+	    case DST_ALG_HMACSHA256:
+		return 256;
+	    case DST_ALG_HMACSHA384:
+		return 384;
+	    case DST_ALG_HMACSHA512:
+		return 512;
+	    default:
+		return 0;
 	}
 }
 
@@ -124,31 +117,30 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 	dst_key_t *key = NULL;
 
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 512) {
+	    case DST_ALG_HMACMD5:
+	    case DST_ALG_HMACSHA1:
+	    case DST_ALG_HMACSHA224:
+	    case DST_ALG_HMACSHA256:
+		if (keysize < 1 || keysize > 512)
 			fatal("keysize %d out of range (must be 1-512)\n",
 			      keysize);
-		}
 		break;
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
-		if (keysize < 1 || keysize > 1024) {
+	    case DST_ALG_HMACSHA384:
+	    case DST_ALG_HMACSHA512:
+		if (keysize < 1 || keysize > 1024)
 			fatal("keysize %d out of range (must be 1-1024)\n",
 			      keysize);
-		}
 		break;
-	default:
+	    default:
 		fatal("unsupported algorithm %d\n", alg);
 	}
 
 	DO("initialize dst library", dst_lib_init(mctx, NULL));
 
-	DO("generate key",
-	   dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY,
-			    dns_rdataclass_in, mctx, &key, NULL));
+	DO("generate key", dst_key_generate(dns_rootname, alg,
+					    keysize, 0, 0, DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key,
+					    NULL));
 
 	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
 
@@ -156,12 +148,11 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 
 	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
 
-	DO("bsse64 encode secret",
-	   isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer));
+	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+						     key_txtbuffer));
 
-	if (key != NULL) {
+	if (key != NULL)
 		dst_key_free(&key);
-	}
 
 	dst_lib_destroy();
 }
@@ -172,8 +163,9 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
  * the name 'keyname' and the secret in the buffer 'secret'.
  */
 void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg) {
+write_key_file(const char *keyfile, const char *user,
+	       const char *keyname, isc_buffer_t *secret,
+	       dns_secalg_t alg) {
 	isc_result_t result;
 	const char *algname = alg_totext(alg);
 	FILE *fd = NULL;
@@ -181,22 +173,19 @@ write_key_file(const char *keyfile, const char *user, const char *keyname,
 	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
 
 	if (user != NULL) {
-		if (set_user(fd, user) == -1) {
+		if (set_user(fd, user) == -1)
 			fatal("unable to set file owner\n");
-		}
 	}
 
-	fprintf(fd,
-		"key \"%s\" {\n\talgorithm %s;\n"
+	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
 		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname, (int)isc_buffer_usedlength(secret),
+		keyname, algname,
+		(int)isc_buffer_usedlength(secret),
 		(char *)isc_buffer_base(secret));
 	fflush(fd);
-	if (ferror(fd)) {
+	if (ferror(fd))
 		fatal("write to %s failed\n", keyfile);
-	}
-	if (fclose(fd)) {
+	if (fclose(fd))
 		fatal("fclose(%s) failed\n", keyfile);
-	}
 	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }

bin/confgen/keygen.h

@@ -9,33 +9,26 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1
 
 /*! \file */
 
-#include <isc/buffer.h>
 #include <isc/lang.h>
-#include <isc/mem.h>
-
-#include <dns/secalg.h>
 
 ISC_LANG_BEGINDECLS
 
-void
-generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-	     isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+		  isc_buffer_t *key_txtbuffer);
 
-void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg);
+void write_key_file(const char *keyfile, const char *user,
+		    const char *keyname, isc_buffer_t *secret,
+		    dns_secalg_t alg);
 
-const char *
-alg_totext(dns_secalg_t alg);
-dns_secalg_t
-alg_fromtext(const char *name);
-int
-alg_bits(dns_secalg_t alg);
+const char *alg_totext(dns_secalg_t alg);
+dns_secalg_t alg_fromtext(const char *name);
+int alg_bits(dns_secalg_t alg);
 
 ISC_LANG_ENDDECLS
 

bin/confgen/rndc-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -206,5 +206,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/rndc-confgen.c

@@ -43,15 +43,14 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define DEFAULT_KEYNAME "rndc-key"
-#define DEFAULT_SERVER	"127.0.0.1"
-#define DEFAULT_PORT	953
+#define DEFAULT_KEYNAME		"rndc-key"
+#define DEFAULT_SERVER		"127.0.0.1"
+#define DEFAULT_PORT		953
 
 static char program[256];
 const char *progname;
@@ -65,6 +64,7 @@ usage(int status) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(int status) {
+
 	fprintf(stderr, "\
 Usage:\n\
  %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
@@ -78,9 +78,9 @@ Usage:\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
-		progname, keydef);
+		 progname, keydef);
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -108,9 +108,8 @@ main(int argc, char **argv) {
 	keydef = keyfile = RNDC_KEYFILE;
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "rndc-confgen", 13);
-	}
 	progname = program;
 
 	keyname = DEFAULT_KEYNAME;
@@ -130,15 +129,13 @@ main(int argc, char **argv) {
 		case 'A':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			break;
 		case 'b':
 			keysize = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || keysize < 0) {
+			if (*p != '\0' || keysize < 0)
 				fatal("-b requires a non-negative number");
-			}
 			break;
 		case 'c':
 			keyfile = isc_commandline_argument;
@@ -146,7 +143,7 @@ main(int argc, char **argv) {
 		case 'h':
 			usage(0);
 		case 'k':
-		case 'y': /* Compatible with rndc -y. */
+		case 'y':	/* Compatible with rndc -y. */
 			keyname = isc_commandline_argument;
 			break;
 		case 'M':
@@ -158,10 +155,9 @@ main(int argc, char **argv) {
 			break;
 		case 'p':
 			port = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || port < 0 || port > 65535) {
+			if (*p != '\0' || port < 0 || port > 65535)
 				fatal("port '%s' out of range",
 				      isc_commandline_argument);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
@@ -170,9 +166,7 @@ main(int argc, char **argv) {
 			serveraddr = isc_commandline_argument;
 			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
 			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
-			{
 				fatal("-s should be an IPv4 or IPv6 address");
-			}
 			break;
 		case 't':
 			chrootdir = isc_commandline_argument;
@@ -188,13 +182,12 @@ main(int argc, char **argv) {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -203,22 +196,20 @@ main(int argc, char **argv) {
 	argv += isc_commandline_index;
 	POST(argv);
 
-	if (argc > 0) {
+	if (argc > 0)
 		usage(1);
-	}
 
 	if (alg == DST_ALG_HMACMD5) {
-		fprintf(stderr, "warning: use of hmac-md5 for RNDC keys "
-				"is deprecated; hmac-sha256 is now "
-				"recommended.\n");
+		fprintf(stderr,
+			"warning: use of hmac-md5 for RNDC keys "
+			"is deprecated; hmac-sha256 is now recommended.\n");
 	}
 
-	if (keysize < 0) {
+	if (keysize < 0)
 		keysize = alg_bits(alg);
-	}
 	algname = alg_totext(alg);
 
-	isc_mem_create(&mctx);
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
 	generate_key(mctx, alg, keysize, &key_txtbuffer);
@@ -265,16 +256,16 @@ options {\n\
 # End of named.conf\n",
 		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), keyname,
-		       serveraddr, port, keyname, algname,
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       keyname, serveraddr, port,
+		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), serveraddr,
-		       port, serveraddr, keyname);
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       serveraddr, port, serveraddr, keyname);
 	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/rndc-confgen.docbook

@@ -45,7 +45,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/rndc-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/unix/os.c

@@ -9,17 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <errno.h>
+#include <confgen/os.h>
+
 #include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
 #include <pwd.h>
+#include <errno.h>
 #include <stdio.h>
 #include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <confgen/os.h>
 
 int
 set_user(FILE *fd, const char *user) {

bin/confgen/util.c

@@ -9,16 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "util.h"
 #include <stdarg.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include <isc/print.h>
 
+#include "util.h"
+
 extern bool verbose;
 extern const char *progname;
 

bin/confgen/util.h

@@ -9,25 +9,27 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1
 
 /*! \file */
 
-#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/platform.h>
 
-#define NS_CONTROL_PORT 953
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT		953
 
 #undef DO
-#define DO(name, function)                                                \
-	do {                                                              \
-		result = function;                                        \
-		if (result != ISC_R_SUCCESS)                              \
+#define DO(name, function) \
+	do { \
+		result = function; \
+		if (result != ISC_R_SUCCESS) \
 			fatal("%s: %s", name, isc_result_totext(result)); \
-		else                                                      \
-			notify("%s", name);                               \
+		else \
+			notify("%s", name); \
 	} while (0)
 
 ISC_LANG_BEGINDECLS
@@ -37,7 +39,7 @@ notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
-	ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 ISC_LANG_ENDDECLS
 

bin/confgen/win32/confgentool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{64964B03-4815-41F0-9057-E766A94AF197}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>confgentool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>ddnsconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/confgen/win32/os.c

@@ -9,16 +9,16 @@
  * information regarding copyright ownership.
  */
 
-#include <errno.h>
-#include <fcntl.h>
-#include <io.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
 #include <confgen/os.h>
 
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <io.h>
+#include <sys/stat.h>
+
 int
 set_user(FILE *fd, const char *user) {
 	return (0);

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1E2C1635-3093-4D59-80E7-4743AC10F22F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>rndcconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/delv/Makefile.in

@@ -25,7 +25,8 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -36,6 +37,7 @@ IRSDEPLIBS =	../../lib/irs/libirs.@A@
 DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
 
 LIBS =		${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
 
 SUBDIRS =
 

bin/delv/delv.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,7 +144,7 @@ options\&.
 Note: When reading the trust anchor file,
 \fBdelv\fR
 treats
-\fBtrust\-anchors\fR\fBinitial\-key\fR
+\fBdnssec\-keys\fR\fBinitial\-key\fR
 and
 \fBstatic\-key\fR
 entries identically\&. That is, even if a key is configured with
@@ -409,11 +409,6 @@ Controls whether to use TCP when sending queries\&. The default is to use UDP un
 .RS 4
 Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
 .RE
-.PP
-\fB+[no]yaml\fR
-.RS 4
-Print response data in YAML format\&.
-.RE
 .SH "FILES"
 .PP
 /etc/bind\&.keys
@@ -433,5 +428,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.docbook

@@ -40,7 +40,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -216,7 +215,7 @@
 	  </para>
 	  <para>
 	    Note: When reading the trust anchor file,
-	    <command>delv</command> treats <option>trust-anchors</option>
+	    <command>delv</command> treats <option>dnssec-keys</option>
 	    <option>initial-key</option> and <option>static-key</option>
 	    entries identically.  That is, even if a key is configured
 	    with <command>initial-key</command>, indicating that it is

bin/delv/delv.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -197,7 +197,7 @@
 	  </p>
 	  <p>
 	    Note: When reading the trust anchor file,
-	    <span class="command"><strong>delv</strong></span> treats <code class="option">trust-anchors</code>
+	    <span class="command"><strong>delv</strong></span> treats <code class="option">dnssec-keys</code>
 	    <code class="option">initial-key</code> and <code class="option">static-key</code>
 	    entries identically.  That is, even if a key is configured
 	    with <span class="command"><strong>initial-key</strong></span>, indicating that it is
@@ -548,12 +548,6 @@
 	      in the type's presentation format.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]yaml</code></span></dt>
-<dd>
-	    <p>
-	      Print response data in YAML format.
-	    </p>
-	  </dd>
 </dl></div>
 <p>
 

bin/delv/win32/delv.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BE172EFE-C1DC-4812-BFB9-8C5F8ADB7E9F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>delv</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/dig/Makefile.in

@@ -28,7 +28,8 @@ CWARNINGS =
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -43,6 +44,9 @@ DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
 LIBS =		${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
 		${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
 
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
+
 SUBDIRS =
 
 TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -744,13 +744,6 @@ Display [do not display] the TTL when printing the record\&.
 Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks\&. Implies +ttlid\&.
 .RE
 .PP
-\fB+[no]unexpected\fR
-.RS 4
-Accept [do not accept] answers from unexpected sources\&. By default,
-\fBdig\fR
-won\*(Aqt accept a reply from a source other than the one to which it sent the query\&.
-.RE
-.PP
 \fB+[no]unknownformat\fR
 .RS 4
 Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
@@ -763,13 +756,6 @@ Use [do not use] TCP when querying name servers\&. This alternate syntax to
 is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
 .RE
 .PP
-\fB+[no]yaml\fR
-.RS 4
-Print the responses (and, if
-\fB+qr\fR
-is in use, also the outgoing queries) in a detailed YAML format\&.
-.RE
-.PP
 \fB+[no]zflag\fR
 .RS 4
 Set [do not set] the last unassigned DNS header flag in a DNS query\&. This flag is off by default\&.
@@ -849,5 +835,5 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/dig.docbook

@@ -53,7 +53,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -1270,17 +1269,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]unexpected</option></term>
-	  <listitem>
-	    <para>
-	      Accept [do not accept] answers from unexpected sources.  By
-	      default, <command>dig</command> won't accept a reply from a
-	      source other than the one to which it sent the query.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]unknownformat</option></term>
 	  <listitem>

bin/dig/dig.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -1000,14 +1000,6 @@
 	      seconds, minutes, hours, days and weeks.  Implies +ttlid.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]unexpected</code></span></dt>
-<dd>
-	    <p>
-	      Accept [do not accept] answers from unexpected sources.  By
-	      default, <span class="command"><strong>dig</strong></span> won't accept a reply from a
-	      source other than the one to which it sent the query.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
 <dd>
 	    <p>
@@ -1025,13 +1017,6 @@
 	      stands for "virtual circuit".
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]yaml</code></span></dt>
-<dd>
-	    <p>
-	      Print the responses (and, if <code class="option">+qr</code> is in use,
-	      also the outgoing queries) in a detailed YAML format.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]zflag</code></span></dt>
 <dd>
 	    <p>

bin/dig/host.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -269,5 +269,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/host.c

@@ -12,21 +12,21 @@
 /*! \file */
 
 #include <inttypes.h>
-#include <limits.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <limits.h>
 
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
-#endif /* ifdef HAVE_LOCALE_H */
+#endif
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -35,8 +35,8 @@
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
-#include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
 
 #include <dig/dig.h>
 
@@ -49,56 +49,83 @@ static dns_rdatatype_t list_type = dns_rdatatype_a;
 static bool printed_server = false;
 static bool ipv4only = false, ipv6only = false;
 
-static const char *opcodetext[] = { "QUERY",	  "IQUERY",	"STATUS",
-				    "RESERVED3",  "NOTIFY",	"UPDATE",
-				    "RESERVED6",  "RESERVED7",	"RESERVED8",
-				    "RESERVED9",  "RESERVED10", "RESERVED11",
-				    "RESERVED12", "RESERVED13", "RESERVED14",
-				    "RESERVED15" };
+static const char *opcodetext[] = {
+	"QUERY",
+	"IQUERY",
+	"STATUS",
+	"RESERVED3",
+	"NOTIFY",
+	"UPDATE",
+	"RESERVED6",
+	"RESERVED7",
+	"RESERVED8",
+	"RESERVED9",
+	"RESERVED10",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15"
+};
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 struct rtype {
 	unsigned int type;
 	const char *text;
 };
 
-struct rtype rtypes[] = { { 1, "has address" },
-			  { 2, "name server" },
-			  { 5, "is an alias for" },
-			  { 11, "has well known services" },
-			  { 12, "domain name pointer" },
-			  { 13, "host information" },
-			  { 15, "mail is handled by" },
-			  { 16, "descriptive text" },
-			  { 19, "x25 address" },
-			  { 20, "ISDN address" },
-			  { 24, "has signature" },
-			  { 25, "has key" },
-			  { 28, "has IPv6 address" },
-			  { 29, "location" },
-			  { 0, NULL } };
+struct rtype rtypes[] = {
+	{ 1, 	"has address" },
+	{ 2, 	"name server" },
+	{ 5, 	"is an alias for" },
+	{ 11,	"has well known services" },
+	{ 12,	"domain name pointer" },
+	{ 13,	"host information" },
+	{ 15,	"mail is handled by" },
+	{ 16,	"descriptive text" },
+	{ 19,	"x25 address" },
+	{ 20,	"ISDN address" },
+	{ 24,	"has signature" },
+	{ 25,	"has key" },
+	{ 28,	"has IPv6 address" },
+	{ 29,	"location" },
+	{ 0, NULL }
+};
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -106,38 +133,35 @@ show_usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 show_usage(void) {
-	fputs("Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W "
-	      "time]\n"
-	      "            [-R number] [-m flag] [-p port] hostname [server]\n"
-	      "       -a is equivalent to -v -t ANY\n"
-	      "       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
-	      "       -c specifies query class for non-IN data\n"
-	      "       -C compares SOA records on authoritative nameservers\n"
-	      "       -d is equivalent to -v\n"
-	      "       -l lists all hosts in a domain, using AXFR\n"
-	      "       -m set memory debugging flag (trace|record|usage)\n"
-	      "       -N changes the number of dots allowed before root lookup "
-	      "is done\n"
-	      "       -p specifies the port on the server to query\n"
-	      "       -r disables recursive processing\n"
-	      "       -R specifies number of retries for UDP packets\n"
-	      "       -s a SERVFAIL response should stop query\n"
-	      "       -t specifies the query type\n"
-	      "       -T enables TCP/IP mode\n"
-	      "       -U enables UDP mode\n"
-	      "       -v enables verbose output\n"
-	      "       -V print version number and exit\n"
-	      "       -w specifies to wait forever for a reply\n"
-	      "       -W specifies how long to wait for a reply\n"
-	      "       -4 use IPv4 query transport only\n"
-	      "       -6 use IPv6 query transport only\n",
-	      stderr);
+	fputs(
+"Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]\n"
+"            [-R number] [-m flag] hostname [server]\n"
+"       -a is equivalent to -v -t ANY\n"
+"       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
+"       -c specifies query class for non-IN data\n"
+"       -C compares SOA records on authoritative nameservers\n"
+"       -d is equivalent to -v\n"
+"       -l lists all hosts in a domain, using AXFR\n"
+"       -m set memory debugging flag (trace|record|usage)\n"
+"       -N changes the number of dots allowed before root lookup is done\n"
+"       -r disables recursive processing\n"
+"       -R specifies number of retries for UDP packets\n"
+"       -s a SERVFAIL response should stop query\n"
+"       -t specifies the query type\n"
+"       -T enables TCP/IP mode\n"
+"       -U enables UDP mode\n"
+"       -v enables verbose output\n"
+"       -V print version number and exit\n"
+"       -w specifies to wait forever for a reply\n"
+"       -W specifies how long to wait for a reply\n"
+"       -4 use IPv4 query transport only\n"
+"       -6 use IPv6 query transport only\n", stderr);
 	exit(1);
 }
 
 static void
 host_shutdown(void) {
-	(void)isc_app_shutdown();
+	(void) isc_app_shutdown();
 }
 
 static void
@@ -149,9 +173,9 @@ received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 		char fromtext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
 		TIME_NOW(&now);
-		diff = (int)isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n", bytes, fromtext,
-		       diff / 1000);
+		diff = (int) isc_time_microdiff(&now, &query->time_sent);
+		printf("Received %u bytes from %s in %d ms\n",
+		       bytes, fromtext, diff/1000);
 	}
 }
 
@@ -159,14 +183,14 @@ static void
 trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
-	if (!short_form) {
+	if (!short_form)
 		printf("Trying \"%s\"\n", frm);
-	}
 }
 
 static void
 say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
-	    dig_query_t *query) {
+	    dig_query_t *query)
+{
 	isc_buffer_t *b = NULL;
 	char namestr[DNS_NAME_FORMATSIZE];
 	isc_region_t r;
@@ -174,8 +198,9 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	unsigned int bufsize = BUFSIZ;
 
 	dns_name_format(name, namestr, sizeof(namestr));
-retry:
-	isc_buffer_allocate(mctx, &b, bufsize);
+ retry:
+	result = isc_buffer_allocate(mctx, &b, bufsize);
+	check_result(result, "isc_buffer_allocate");
 	result = dns_rdata_totext(rdata, NULL, b);
 	if (result == ISC_R_NOSPACE) {
 		isc_buffer_free(&b);
@@ -185,9 +210,11 @@ retry:
 	check_result(result, "dns_rdata_totext");
 	isc_buffer_usedregion(b, &r);
 	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t", query->servname);
+		printf("Nameserver %s:\n\t",
+			query->servname);
 	}
-	printf("%s %s %.*s", namestr, msg, (int)r.length, (char *)r.base);
+	printf("%s %s %.*s", namestr,
+	       msg, (int)r.length, (char *)r.base);
 	if (query->lookup->identify) {
 		printf(" on server %s", query->servname);
 	}
@@ -197,7 +224,9 @@ retry:
 
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers, dig_query_t *query) {
+	     const char *section_name, bool headers,
+	     dig_query_t *query)
+{
 	dns_name_t *name, *print_name;
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -209,24 +238,21 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	bool first;
 	bool no_rdata;
 
-	if (sectionid == DNS_SECTION_QUESTION) {
+	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = true;
-	} else {
+	else
 		no_rdata = false;
-	}
 
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", section_name);
-	}
 
 	dns_name_init(&empty_name, NULL);
 
 	result = dns_message_firstname(msg, sectionid);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	for (;;) {
 		name = NULL;
@@ -236,9 +262,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		first = true;
 		print_name = name;
 
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (query->lookup->rdtype == dns_rdatatype_axfr &&
 			    !((!list_addresses &&
 			       (list_type == dns_rdatatype_any ||
@@ -248,39 +274,36 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 				rdataset->type == dns_rdatatype_aaaa ||
 				rdataset->type == dns_rdatatype_ns ||
 				rdataset->type == dns_rdatatype_ptr))))
-			{
 				continue;
-			}
 			if (list_almost_all &&
-			    (rdataset->type == dns_rdatatype_rrsig ||
-			     rdataset->type == dns_rdatatype_nsec ||
-			     rdataset->type == dns_rdatatype_nsec3))
-			{
+			       (rdataset->type == dns_rdatatype_rrsig ||
+				rdataset->type == dns_rdatatype_nsec ||
+				rdataset->type == dns_rdatatype_nsec3))
 				continue;
-			}
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
-							     print_name, false,
-							     no_rdata, &target);
-				if (result != ISC_R_SUCCESS) {
+							     print_name,
+							     false,
+							     no_rdata,
+							     &target);
+				if (result != ISC_R_SUCCESS)
 					return (result);
-				}
 #ifdef USEINITALWS
 				if (first) {
 					print_name = &empty_name;
 					first = false;
 				}
-#else  /* ifdef USEINITALWS */
+#else
 				UNUSED(first); /* Shut up compiler. */
-#endif /* ifdef USEINITALWS */
+#endif
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
 					struct rtype *t;
 					const char *rtt;
 					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE +
-						      20];
+					char typebuf2[DNS_RDATATYPE_FORMATSIZE
+						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
 
 					for (t = rtypes; t->text != NULL; t++) {
@@ -297,8 +320,8 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 						 "has %s record", typebuf);
 					rtt = typebuf2;
 				found:
-					say_message(print_name, rtt, &rdata,
-						    query);
+					say_message(print_name, rtt,
+						    &rdata, query);
 					dns_rdata_reset(&rdata);
 					loopresult =
 						dns_rdataset_next(rdataset);
@@ -307,19 +330,18 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		}
 		if (!short_form) {
 			isc_buffer_usedregion(&target, &r);
-			if (no_rdata) {
-				printf(";%.*s", (int)r.length, (char *)r.base);
-			} else {
+			if (no_rdata)
+				printf(";%.*s", (int)r.length,
+				       (char *)r.base);
+			else
 				printf("%.*s", (int)r.length, (char *)r.base);
-			}
 		}
 
 		result = dns_message_nextname(msg, sectionid);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
 	return (ISC_R_SUCCESS);
@@ -327,23 +349,24 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 
 static isc_result_t
 printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
-	   const dns_name_t *owner, const char *set_name, bool headers) {
+	   const dns_name_t *owner, const char *set_name,
+	   bool headers)
+{
 	isc_buffer_t target;
 	isc_result_t result;
 	isc_region_t r;
 	char tbuf[4096];
 
 	UNUSED(msg);
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", set_name);
-	}
 
 	isc_buffer_init(&target, tbuf, sizeof(tbuf));
 
-	result = dns_rdataset_totext(rdataset, owner, false, false, &target);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_rdataset_totext(rdataset, owner, false, false,
+				     &target);
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	isc_buffer_usedregion(&target, &r);
 	printf("%.*s", (int)r.length, (char *)r.base);
 
@@ -363,23 +386,23 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
 					      dns_rdatatype_cname, 0, NULL,
 					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &cname, NULL);
 		check_result(result, "dns_rdata_tostruct");
-		dns_name_copynf(&cname.cname, qname);
+		dns_name_copy(&cname.cname, qname, NULL);
 		dns_rdata_freestruct(&cname);
 	}
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	bool did_flag = false;
 	dns_rdataset_t *opt, *tsig = NULL;
 	const dns_name_t *tsigname;
@@ -400,7 +423,8 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		printf("Using domain server:\n");
 		printf("Name: %s\n", query->userarg);
-		isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
+		isc_sockaddr_format(&query->sockaddr, sockstr,
+				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
 		printed_server = true;
@@ -410,20 +434,17 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
 
-		if (query->lookup->identify_previous_line) {
+		if (query->lookup->identify_previous_line)
 			printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
 			       query->servname,
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		} else {
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
+		else
 			printf("Host %s not found: %d(%s)\n",
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		}
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
 		return (ISC_R_SUCCESS);
 	}
 
@@ -435,7 +456,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		/* Add AAAA and MX lookups. */
 		name = dns_fixedname_initname(&fixed);
-		dns_name_copynf(query->lookup->name, name);
+		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
 		lookup = clone_lookup(query->lookup, false);
@@ -501,70 +522,60 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		       msg->counts[DNS_SECTION_AUTHORITY],
 		       msg->counts[DNS_SECTION_ADDITIONAL]);
 		opt = dns_message_getopt(msg);
-		if (opt != NULL) {
+		if (opt != NULL)
 			printf(";; EDNS: version: %u, udp=%u\n",
 			       (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
 			       (unsigned int)opt->rdclass);
-		}
 		tsigname = NULL;
 		tsig = dns_message_gettsig(msg, &tsigname);
-		if (tsig != NULL) {
+		if (tsig != NULL)
 			printf(";; PSEUDOSECTIONS: TSIG\n");
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) && !short_form)
-	{
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) &&
+	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		if (!short_form) {
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+		if (!short_form)
 			printf("\n");
-		}
 		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
 				      !short_form, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
 	    !short_form) {
 		printf("\n");
-		result = printsection(msg, DNS_SECTION_ADDITIONAL, "ADDITIONAL",
-				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		result = printsection(msg, DNS_SECTION_ADDITIONAL,
+				      "ADDITIONAL", true, query);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 	if ((tsig != NULL) && !short_form) {
 		printf("\n");
-		result = printrdata(msg, tsig, tsigname, "PSEUDOSECTION TSIG",
-				    true);
-		if (result != ISC_R_SUCCESS) {
+		result = printrdata(msg, tsig, tsigname,
+				    "PSEUDOSECTION TSIG", true);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!short_form) {
+	if (!short_form)
 		printf("\n");
-	}
 
 	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
-	{
+	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		char typestr[DNS_RDATATYPE_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
@@ -576,7 +587,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	return (result);
 }
 
-static const char *optstring = "46aAc:dilnm:p:rst:vVwCDN:R:TUW:";
+static const char * optstring = "46aAc:dilnm:rst:vVwCDN:R:TUW:";
 
 /*% version */
 static void
@@ -593,77 +604,52 @@ pre_parse_args(int argc, char **argv) {
 		case 'm':
 			memdebugging = true;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			} else if (strcasecmp("record",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("record",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			} else if (strcasecmp("usage",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("usage",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
 			break;
 
 		case '4':
-			if (ipv6only) {
+			if (ipv6only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv4only = true;
 			break;
 		case '6':
-			if (ipv4only) {
+			if (ipv4only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv6only = true;
 			break;
-		case 'a':
-			break;
-		case 'A':
-			break;
-		case 'c':
-			break;
-		case 'C':
-			break;
-		case 'd':
-			break;
+		case 'a': break;
+		case 'A': break;
+		case 'c': break;
+		case 'C': break;
+		case 'd': break;
 		case 'D':
-			if (debugging) {
+			if (debugging)
 				debugtiming = true;
-			}
 			debugging = true;
 			break;
-		case 'i':
-			break;
-		case 'l':
-			break;
-		case 'n':
-			break;
-		case 'N':
-			break;
-		case 'p':
-			break;
-		case 'r':
-			break;
-		case 'R':
-			break;
-		case 's':
-			break;
-		case 't':
-			break;
-		case 'T':
-			break;
-		case 'U':
-			break;
-		case 'v':
-			break;
+		case 'i': break;
+		case 'l': break;
+		case 'n': break;
+		case 'N': break;
+		case 'r': break;
+		case 'R': break;
+		case 's': break;
+		case 't': break;
+		case 'T': break;
+		case 'U': break;
+		case 'v': break;
 		case 'V':
-			version();
-			exit(0);
-			break;
-		case 'w':
-			break;
-		case 'W':
-			break;
+			  version();
+			  exit(0);
+			  break;
+		case 'w': break;
+		case 'W': break;
 		default:
 			show_usage();
 		}
@@ -689,7 +675,6 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	lookup = make_empty_lookup();
 
 	lookup->servfail_stops = false;
-	lookup->besteffort = false;
 	lookup->comments = false;
 	short_form = !verbose;
 
@@ -709,8 +694,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			lookup->recurse = false;
 			break;
 		case 't':
-			if (strncasecmp(isc_commandline_argument, "ixfr=", 5) ==
-			    0) {
+			if (strncasecmp(isc_commandline_argument,
+					"ixfr=", 5) == 0) {
 				rdtype = dns_rdatatype_ixfr;
 				/* XXXMPA add error checking */
 				serial = strtoul(isc_commandline_argument + 5,
@@ -719,8 +704,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			} else {
 				tr.base = isc_commandline_argument;
 				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(
-					&rdtype, (isc_textregion_t *)&tr);
+				result = dns_rdatatype_fromtext(&rdtype,
+						   (isc_textregion_t *)&tr);
 			}
 
 			if (result != ISC_R_SUCCESS) {
@@ -729,9 +714,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				      isc_commandline_argument);
 			}
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			}
 			lookup->rdtypeset = true;
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
@@ -743,20 +727,18 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				lookup->tcp_mode = true;
 				list_type = rdtype;
 			} else if (rdtype == dns_rdatatype_any) {
-				if (!lookup->tcp_mode_set) {
+				if (!lookup->tcp_mode_set)
 					lookup->tcp_mode = true;
-				}
-			} else {
+			} else
 				list_type = rdtype;
-			}
 			list_addresses = false;
 			default_lookups = false;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
 			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdataclass_fromtext(
-				&rdclass, (isc_textregion_t *)&tr);
+			result = dns_rdataclass_fromtext(&rdclass,
+						   (isc_textregion_t *)&tr);
 
 			if (result != ISC_R_SUCCESS) {
 				fatalexit = 2;
@@ -770,12 +752,11 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'A':
 			list_almost_all = true;
-		/* FALL THROUGH */
+			/* FALL THROUGH */
 		case 'a':
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
-			}
 			list_type = dns_rdatatype_any;
 			list_addresses = false;
 			lookup->rdtypeset = true;
@@ -800,15 +781,13 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'W':
 			timeout = atoi(isc_commandline_argument);
-			if (timeout < 1) {
+			if (timeout < 1)
 				timeout = 1;
-			}
 			break;
 		case 'R':
 			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2) {
+			if (tries < 2)
 				tries = 2;
-			}
 			break;
 		case 'T':
 			lookup->tcp_mode = true;
@@ -830,7 +809,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			default_lookups = false;
 			break;
 		case 'N':
-			debug("setting NDOTS to %s", isc_commandline_argument);
+			debug("setting NDOTS to %s",
+			      isc_commandline_argument);
 			ndots = atoi(isc_commandline_argument);
 			break;
 		case 'D':
@@ -845,31 +825,26 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 		case 's':
 			lookup->servfail_stops = true;
 			break;
-		case 'p':
-			port = atoi(isc_commandline_argument);
-			break;
 		}
 	}
 
 	lookup->retries = tries;
 
-	if (isc_commandline_index >= argc) {
+	if (isc_commandline_index >= argc)
 		show_usage();
-	}
 
 	strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 
 	if (argc > isc_commandline_index + 1) {
-		set_nameserver(argv[isc_commandline_index + 1]);
-		debug("server is %s", argv[isc_commandline_index + 1]);
+		set_nameserver(argv[isc_commandline_index+1]);
+		debug("server is %s", argv[isc_commandline_index+1]);
 		listed_server = true;
-	} else {
+	} else
 		check_ra = true;
-	}
 
 	lookup->pending = false;
-	if (get_reverse(store, sizeof(store), hostname, true) == ISC_R_SUCCESS)
-	{
+	if (get_reverse(store, sizeof(store), hostname, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -882,6 +857,17 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	ISC_LIST_APPEND(lookup_list, lookup, link);
 }
 
+static void
+host_error(const char *format, ...) {
+	va_list args;
+
+	printf(";; ");
+	va_start(args, format);
+	vfprintf(stdout, format, args);
+	va_end(args);
+	printf("\n");
+}
+
 int
 main(int argc, char **argv) {
 	isc_result_t result;
@@ -899,6 +885,7 @@ main(int argc, char **argv) {
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = host_shutdown;
+	dighost_error = host_error;
 
 	debug("main()");
 	progname = argv[0];
@@ -908,11 +895,10 @@ main(int argc, char **argv) {
 	setup_libs();
 	setup_system(ipv4only, ipv6only);
 	parse_args(false, argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();

bin/dig/host.docbook

@@ -48,7 +48,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -59,7 +58,6 @@
       <arg choice="opt" rep="norepeat"><option>-aACdlnrsTUwv</option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="port">port</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
@@ -215,15 +213,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the port on the server to query.  The default is 53.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-r</term>
 	<listitem>

bin/dig/host.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dig/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/dig/include/dig/dig.h

@@ -17,6 +17,10 @@
 #include <inttypes.h>
 #include <stdbool.h>
 
+#include <dns/rdatalist.h>
+
+#include <dst/dst.h>
+
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
 #include <isc/formatcheck.h>
@@ -28,24 +32,20 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#include <dns/rdatalist.h>
-
-#include <dst/dst.h>
-
 #ifdef __APPLE__
 #include <TargetConditionals.h>
-#endif /* ifdef __APPLE__ */
+#endif
 
 #define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT + 1)
-#define MXRD   32
+#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXRD 32
 /*% Buffer Size */
-#define BUFSIZE	 512
+#define BUFSIZE 512
 #define COMMSIZE 0xffff
 #ifndef RESOLV_CONF
 /*% location of resolve.conf */
 #define RESOLV_CONF "/etc/resolv.conf"
-#endif /* ifndef RESOLV_CONF */
+#endif
 /*% output buffer */
 #define OUTPUTBUF 32767
 /*% Max RR Limit */
@@ -77,111 +77,153 @@
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
-typedef struct dig_query  dig_query_t;
+typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-#define DIG_QUERY_MAGIC ISC_MAGIC('D', 'i', 'g', 'q')
+#define DIG_QUERY_MAGIC		ISC_MAGIC('D','i','g','q')
+
+#define DIG_VALID_QUERY(x)	ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
-#define DIG_VALID_QUERY(x) ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
 /*% The dig_lookup structure */
 struct dig_lookup {
-	bool pending, /*%< Pending a successful answer */
-		waiting_connect, doing_xfr, ns_search_only, /*%< dig
-							     * +nssearch,
-							     * host -C */
+	bool
+		pending, /*%< Pending a successful answer */
+		waiting_connect,
+		doing_xfr,
+		ns_search_only, /*%< dig +nssearch, host -C */
 		identify, /*%< Append an "on server <foo>" message */
 		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					 * message, with newline and tab */
-		ignore, recurse, aaonly, adflag, cdflag, raflag, tcflag, zflag,
-		trace,	    /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch
-			     * */
-		tcp_mode, tcp_mode_set, comments, stats, section_question,
-		section_answer, section_authority, section_additional,
-		servfail_stops, new_search, need_search, done_as_is, besteffort,
-		dnssec, expire, sendcookie, seenbadcookie, badcookie,
-		nsid, /*% Name Server ID (RFC 5001) */
-		tcp_keepalive, header_only, ednsneg, mapped,
-		print_unknown_format, multiline, nottl, noclass, onesoa,
-		use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
-		accept_reply_unexpected_src; /*%  print replies from
-					      * unexpected
-					      *   sources. */
-	char textname[MXNAME];		     /*% Name we're going to be
-					      * looking up */
-	char		 cmdline[MXNAME];
-	dns_rdatatype_t	 rdtype;
-	dns_rdatatype_t	 qrdtype;
+					   message, with newline and tab */
+		ignore,
+		recurse,
+		aaonly,
+		adflag,
+		cdflag,
+		raflag,
+		tcflag,
+		zflag,
+		trace, /*% dig +trace */
+		trace_root, /*% initial query for either +trace or +nssearch */
+		tcp_mode,
+		tcp_mode_set,
+		comments,
+		stats,
+		section_question,
+		section_answer,
+		section_authority,
+		section_additional,
+		servfail_stops,
+		new_search,
+		need_search,
+		done_as_is,
+		besteffort,
+		dnssec,
+		expire,
+		sendcookie,
+		seenbadcookie,
+		badcookie,
+		nsid,   /*% Name Server ID (RFC 5001) */
+		tcp_keepalive,
+		header_only,
+		ednsneg,
+		mapped,
+		print_unknown_format,
+		multiline,
+		nottl,
+		noclass,
+		onesoa,
+		use_usec,
+		nocrypto,
+		ttlunits,
+		idnin,
+		idnout,
+		expandaaaa,
+		qr;
+	char textname[MXNAME]; /*% Name we're going to be looking up */
+	char cmdline[MXNAME];
+	dns_rdatatype_t rdtype;
+	dns_rdatatype_t qrdtype;
 	dns_rdataclass_t rdclass;
-	bool		 rdtypeset;
-	bool		 rdclassset;
-	char		 name_space[BUFSIZE];
-	char		 oname_space[BUFSIZE];
-	isc_buffer_t	 namebuf;
-	isc_buffer_t	 onamebuf;
-	isc_buffer_t	 renderbuf;
-	char *		 sendspace;
-	dns_name_t *	 name;
-	isc_interval_t	 interval;
-	dns_message_t *	 sendmsg;
-	dns_name_t *	 oname;
+	bool rdtypeset;
+	bool rdclassset;
+	char name_space[BUFSIZE];
+	char oname_space[BUFSIZE];
+	isc_buffer_t namebuf;
+	isc_buffer_t onamebuf;
+	isc_buffer_t renderbuf;
+	char *sendspace;
+	dns_name_t *name;
+	isc_interval_t interval;
+	dns_message_t *sendmsg;
+	dns_name_t *oname;
 	ISC_LINK(dig_lookup_t) link;
 	ISC_LIST(dig_query_t) q;
 	ISC_LIST(dig_query_t) connecting;
-	dig_query_t *	  current_query;
-	dig_serverlist_t  my_server_list;
+	dig_query_t *current_query;
+	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
-	dig_query_t *	  xfr_q;
-	uint32_t	  retries;
-	int		  nsfound;
-	uint16_t	  udpsize;
-	int16_t		  edns;
-	int16_t		  padding;
-	uint32_t	  ixfr_serial;
-	isc_buffer_t	  rdatabuf;
-	char		  rdatastore[MXNAME];
-	dst_context_t *	  tsigctx;
-	isc_buffer_t *	  querysig;
-	uint32_t	  msgcounter;
-	dns_fixedname_t	  fdomain;
-	isc_sockaddr_t *  ecs_addr;
-	char *		  cookie;
-	dns_ednsopt_t *	  ednsopts;
-	unsigned int	  ednsoptscnt;
-	isc_dscp_t	  dscp;
-	unsigned int	  ednsflags;
-	dns_opcode_t	  opcode;
-	int		  rrcomments;
-	unsigned int	  eoferr;
+	dig_query_t *xfr_q;
+	uint32_t retries;
+	int nsfound;
+	uint16_t udpsize;
+	int16_t edns;
+	int16_t padding;
+	uint32_t ixfr_serial;
+	isc_buffer_t rdatabuf;
+	char rdatastore[MXNAME];
+	dst_context_t *tsigctx;
+	isc_buffer_t *querysig;
+	uint32_t msgcounter;
+	dns_fixedname_t fdomain;
+	isc_sockaddr_t *ecs_addr;
+	char *cookie;
+	dns_ednsopt_t *ednsopts;
+	unsigned int ednsoptscnt;
+	isc_dscp_t dscp;
+	unsigned int ednsflags;
+	dns_opcode_t opcode;
+	int rrcomments;
+	unsigned int eoferr;
 };
 
 /*% The dig_query structure */
 struct dig_query {
-	unsigned int  magic;
+	unsigned int magic;
 	dig_lookup_t *lookup;
-	bool waiting_connect, pending_free, waiting_senddone, first_pass,
-		first_soa_rcvd, second_rr_rcvd, first_repeat_rcvd, recv_made,
-		warn_id, timedout;
-	uint32_t      first_rr_serial;
-	uint32_t      second_rr_serial;
-	uint32_t      msg_count;
-	uint32_t      rr_count;
-	bool	      ixfr_axfr;
-	char *	      servname;
-	char *	      userarg;
-	isc_buffer_t  recvbuf, lengthbuf, tmpsendbuf, sendbuf;
-	char *	      recvspace, *tmpsendspace, lengthspace[4];
+	bool waiting_connect,
+		pending_free,
+		waiting_senddone,
+		first_pass,
+		first_soa_rcvd,
+		second_rr_rcvd,
+		first_repeat_rcvd,
+		recv_made,
+		warn_id,
+		timedout;
+	uint32_t first_rr_serial;
+	uint32_t second_rr_serial;
+	uint32_t msg_count;
+	uint32_t rr_count;
+	bool ixfr_axfr;
+	char *servname;
+	char *userarg;
+	isc_buffer_t recvbuf,
+		lengthbuf,
+		tmpsendbuf,
+		sendbuf;
+	char *recvspace, *tmpsendspace,
+		lengthspace[4];
 	isc_socket_t *sock;
 	ISC_LINK(dig_query_t) link;
 	ISC_LINK(dig_query_t) clink;
 	isc_sockaddr_t sockaddr;
-	isc_time_t     time_sent;
-	isc_time_t     time_recv;
-	uint64_t       byte_count;
-	isc_timer_t *  timer;
+	isc_time_t time_sent;
+	isc_time_t time_recv;
+	uint64_t byte_count;
+	isc_timer_t *timer;
 };
 
 struct dig_server {
@@ -202,38 +244,38 @@ typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
  * Externals from dighost.c
  */
 
-extern dig_lookuplist_t	    lookup_list;
-extern dig_serverlist_t	    server_list;
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
 extern dig_searchlistlist_t search_list;
-extern unsigned int	    extrabytes;
+extern unsigned int extrabytes;
 
-extern bool check_ra, have_ipv4, have_ipv6, specified_source, usesearch,
-	showsearch, yaml;
-extern in_port_t	 port;
-extern unsigned int	 timeout;
-extern isc_mem_t *	 mctx;
-extern int		 sendcount;
-extern int		 ndots;
-extern int		 lookup_counter;
-extern int		 exitcode;
-extern isc_sockaddr_t	 bind_address;
-extern char		 keynametext[MXNAME];
-extern char		 keyfile[MXNAME];
-extern char		 keysecret[MXNAME];
+extern bool check_ra, have_ipv4, have_ipv6, specified_source,
+	usesearch, showsearch;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
 extern const dns_name_t *hmacname;
-extern unsigned int	 digestbits;
-extern dns_tsigkey_t *	 tsigkey;
-extern bool		 validated;
-extern isc_taskmgr_t *	 taskmgr;
-extern isc_task_t *	 global_task;
-extern bool		 free_now;
-extern bool		 debugging, debugtiming, memdebugging;
-extern bool		 keep_open;
+extern unsigned int digestbits;
+extern dns_tsigkey_t *tsigkey;
+extern bool validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern bool free_now;
+extern bool debugging, debugtiming, memdebugging;
+extern bool keep_open;
 
 extern char *progname;
-extern int   tries;
-extern int   fatalexit;
-extern bool  verbose;
+extern int tries;
+extern int fatalexit;
+extern bool verbose;
 
 /*
  * Routines in dighost.c.
@@ -249,13 +291,14 @@ get_reverse(char *reverse, size_t len, char *value, bool strict);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
-	ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 void
 warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 ISC_PLATFORM_NORETURN_PRE void
-digexit(void) ISC_PLATFORM_NORETURN_POST;
+digexit(void)
+ISC_PLATFORM_NORETURN_POST;
 
 void
 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
@@ -288,10 +331,12 @@ void
 setup_system(bool ipv4only, bool ipv6only);
 
 isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_uint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_xint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
 parse_netprefix(isc_sockaddr_t **sap, const char *value);
@@ -318,7 +363,8 @@ void
 set_nameserver(char *opt);
 
 void
-clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest);
+clone_server_list(dig_serverlist_t src,
+		  dig_serverlist_t *dest);
 
 void
 cancel_all(void);
@@ -333,50 +379,42 @@ set_search_domain(char *domain);
  * Routines to be defined in dig.c, host.c, and nslookup.c. and
  * then assigned to the appropriate function pointer
  */
-extern isc_result_t (*dighost_printmessage)(dig_query_t *	query,
-					    const isc_buffer_t *msgbuf,
-					    dns_message_t *msg, bool headers);
+extern isc_result_t
+(*dighost_printmessage)(dig_query_t *query, const isc_buffer_t *msgbuf,
+			dns_message_t *msg, bool headers);
 
 /*
  * Print an error message in the appropriate format.
  */
-extern void (*dighost_error)(const char *format, ...);
-
-/*
- * Print a warning message in the appropriate format.
- */
-extern void (*dighost_warning)(const char *format, ...);
-
-/*
- * Print a comment in the appropriate format.
- */
-extern void (*dighost_comments)(dig_lookup_t *lookup, const char *format, ...);
+extern void
+(*dighost_error)(const char *format, ...);
 
 /*%<
  * Print the final result of the lookup.
  */
 
-extern void (*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
-				dig_query_t *query);
+extern void
+(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
+		    dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
  * output of "dig".
  */
 
-extern void (*dighost_trying)(char *frm, dig_lookup_t *lookup);
+extern void
+(*dighost_trying)(char *frm, dig_lookup_t *lookup);
 
-extern void (*dighost_shutdown)(void);
+extern void
+(*dighost_shutdown)(void);
 
-extern void (*dighost_pre_exit_hook)(void);
+extern void
+(*dighost_pre_exit_hook)(void);
 
-void
-save_opt(dig_lookup_t *lookup, char *code, char *value);
+void save_opt(dig_lookup_t *lookup, char *code, char *value);
 
-void
-setup_file_key(void);
-void
-setup_text_key(void);
+void setup_file_key(void);
+void setup_text_key(void);
 
 /*
  * Routines exported from dig.c for use by dig for iOS
@@ -415,4 +453,4 @@ dig_shutdown(void);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef DIG_H */
+#endif

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -233,10 +233,7 @@ Change the default TCP/UDP name server port to
 .RS 4
 Change the type of the information query\&.
 .sp
-(Default = A and then AAAA; abbreviations = q, ty)
-.sp
-\fBNote:\fR
-It is only possible to specify one query type, only the default behavior looks up both when an alternative is not specified\&.
+(Default = A; abbreviations = q, ty)
 .RE
 .PP
 \fB\fI[no]\fR\fR\fBrecurse\fR
@@ -304,5 +301,5 @@ runs or when the standard output is not a tty\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -18,22 +18,22 @@
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/event.h>
-#include <isc/netaddr.h>
 #include <isc/parseint.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
+#include <isc/netaddr.h>
 
-#include <dns/byaddr.h>
-#include <dns/fixedname.h>
 #include <dns/message.h>
 #include <dns/name.h>
+#include <dns/fixedname.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
 #include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/byaddr.h>
 
 #include <dig/dig.h>
 
@@ -42,23 +42,25 @@
 #include <edit/readline/readline.h>
 #if defined(HAVE_EDIT_READLINE_HISTORY_H)
 #include <edit/readline/history.h>
-#endif /* if defined(HAVE_EDIT_READLINE_HISTORY_H) */
+#endif
 #elif defined(HAVE_EDITLINE_READLINE_H)
 #include <editline/readline.h>
 #elif defined(HAVE_READLINE_READLINE_H)
 #include <readline/readline.h>
-#if defined(HAVE_READLINE_HISTORY_H)
+#if defined (HAVE_READLINE_HISTORY_H)
 #include <readline/history.h>
-#endif /* if defined(HAVE_READLINE_HISTORY_H) */
-#endif /* if defined(HAVE_EDIT_READLINE_READLINE_H) */
-#endif /* if defined(HAVE_READLINE) */
+#endif
+#endif
+#endif
 
-static bool short_form = true, tcpmode = false, tcpmode_set = false,
-	    identify = false, stats = true, comments = true,
-	    section_question = true, section_answer = true,
-	    section_authority = true, section_additional = true, recurse = true,
-	    aaonly = false, nofail = true, default_lookups = true,
-	    a_noanswer = false;
+static bool short_form = true,
+	tcpmode = false, tcpmode_set = false,
+	identify = false, stats = true,
+	comments = true, section_question = true,
+	section_answer = true, section_authority = true,
+	section_additional = true, recurse = true,
+	aaonly = false, nofail = true,
+	default_lookups = true, a_noanswer = false;
 
 static bool interactive;
 
@@ -70,80 +72,91 @@ static int query_error = 1, print_error = 0;
 
 static char domainopt[DNS_NAME_MAXTEXT];
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 static const char *rtypetext[] = {
-	"rtype_0 = ",	       /* 0 */
-	"internet address = ", /* 1 */
-	"nameserver = ",       /* 2 */
-	"md = ",	       /* 3 */
-	"mf = ",	       /* 4 */
-	"canonical name = ",   /* 5 */
-	"soa = ",	       /* 6 */
-	"mb = ",	       /* 7 */
-	"mg = ",	       /* 8 */
-	"mr = ",	       /* 9 */
-	"rtype_10 = ",	       /* 10 */
-	"protocol = ",	       /* 11 */
-	"name = ",	       /* 12 */
-	"hinfo = ",	       /* 13 */
-	"minfo = ",	       /* 14 */
-	"mail exchanger = ",   /* 15 */
-	"text = ",	       /* 16 */
-	"rp = ",	       /* 17 */
-	"afsdb = ",	       /* 18 */
-	"x25 address = ",      /* 19 */
-	"isdn address = ",     /* 20 */
-	"rt = ",	       /* 21 */
-	"nsap = ",	       /* 22 */
-	"nsap_ptr = ",	       /* 23 */
-	"signature = ",	       /* 24 */
-	"key = ",	       /* 25 */
-	"px = ",	       /* 26 */
-	"gpos = ",	       /* 27 */
-	"has AAAA address ",   /* 28 */
-	"loc = ",	       /* 29 */
-	"next = ",	       /* 30 */
-	"rtype_31 = ",	       /* 31 */
-	"rtype_32 = ",	       /* 32 */
-	"service = ",	       /* 33 */
-	"rtype_34 = ",	       /* 34 */
-	"naptr = ",	       /* 35 */
-	"kx = ",	       /* 36 */
-	"cert = ",	       /* 37 */
-	"v6 address = ",       /* 38 */
-	"dname = ",	       /* 39 */
-	"rtype_40 = ",	       /* 40 */
-	"optional = "	       /* 41 */
+	"rtype_0 = ",			/* 0 */
+	"internet address = ",		/* 1 */
+	"nameserver = ",		/* 2 */
+	"md = ",			/* 3 */
+	"mf = ",			/* 4 */
+	"canonical name = ",		/* 5 */
+	"soa = ",			/* 6 */
+	"mb = ",			/* 7 */
+	"mg = ",			/* 8 */
+	"mr = ",			/* 9 */
+	"rtype_10 = ",			/* 10 */
+	"protocol = ",			/* 11 */
+	"name = ",			/* 12 */
+	"hinfo = ",			/* 13 */
+	"minfo = ",			/* 14 */
+	"mail exchanger = ",		/* 15 */
+	"text = ",			/* 16 */
+	"rp = ",       			/* 17 */
+	"afsdb = ",			/* 18 */
+	"x25 address = ",		/* 19 */
+	"isdn address = ",		/* 20 */
+	"rt = ",			/* 21 */
+	"nsap = ",			/* 22 */
+	"nsap_ptr = ",			/* 23 */
+	"signature = ",			/* 24 */
+	"key = ",			/* 25 */
+	"px = ",			/* 26 */
+	"gpos = ",			/* 27 */
+	"has AAAA address ",		/* 28 */
+	"loc = ",			/* 29 */
+	"next = ",			/* 30 */
+	"rtype_31 = ",			/* 31 */
+	"rtype_32 = ",			/* 32 */
+	"service = ",			/* 33 */
+	"rtype_34 = ",			/* 34 */
+	"naptr = ",			/* 35 */
+	"kx = ",			/* 36 */
+	"cert = ",			/* 37 */
+	"v6 address = ",		/* 38 */
+	"dname = ",			/* 39 */
+	"rtype_40 = ",			/* 40 */
+	"optional = "			/* 41 */
 };
 
 #define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
 
-static void
-flush_lookup_list(void);
-static void
-getinput(isc_task_t *task, isc_event_t *event);
+static void flush_lookup_list(void);
+static void getinput(isc_task_t *task, isc_event_t *event);
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
 static void
@@ -202,22 +215,22 @@ printrdata(dns_rdata_t *rdata) {
 	unsigned int size = 1024;
 	bool done = false;
 
-	if (rdata->type < N_KNOWN_RRTYPES) {
+	if (rdata->type < N_KNOWN_RRTYPES)
 		printf("%s", rtypetext[rdata->type]);
-	} else {
+	else
 		printf("rdata_%d = ", rdata->type);
-	}
 
 	while (!done) {
-		isc_buffer_allocate(mctx, &b, size);
+		result = isc_buffer_allocate(mctx, &b, size);
+		if (result != ISC_R_SUCCESS)
+			check_result(result, "isc_buffer_allocate");
 		result = dns_rdata_totext(rdata, NULL, b);
 		if (result == ISC_R_SUCCESS) {
 			printf("%.*s\n", (int)isc_buffer_usedlength(b),
 			       (char *)isc_buffer_base(b));
 			done = true;
-		} else if (result != ISC_R_NOSPACE) {
+		} else if (result != ISC_R_NOSPACE)
 			check_result(result, "dns_rdata_totext");
-		}
 		isc_buffer_free(&b);
 		size *= 2;
 	}
@@ -238,26 +251,25 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	debug("printsection()");
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 				switch (rdata.type) {
 				case dns_rdatatype_a:
 				case dns_rdatatype_aaaa:
-					if (section != DNS_SECTION_ANSWER) {
+					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
-					}
 					dns_name_format(name, namebuf,
 							sizeof(namebuf));
 					printf("Name:\t%s\n", namebuf);
@@ -282,9 +294,9 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -293,7 +305,7 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 
 static isc_result_t
 detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
-	      dns_section_t section) {
+	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
 	dns_rdataset_t *rdataset = NULL;
@@ -322,32 +334,36 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	}
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (section == DNS_SECTION_QUESTION) {
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("\t%s, ", namebuf);
-				dns_rdatatype_format(rdataset->type, namebuf,
+				dns_rdatatype_format(rdataset->type,
+						     namebuf,
 						     sizeof(namebuf));
 				printf("type = %s, ", namebuf);
 				dns_rdataclass_format(rdataset->rdclass,
-						      namebuf, sizeof(namebuf));
+						      namebuf,
+						      sizeof(namebuf));
 				printf("class = %s\n", namebuf);
 			}
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("    ->  %s\n", namebuf);
 
 				switch (rdata.type) {
@@ -364,9 +380,9 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -374,7 +390,8 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query)
+{
 	UNUSED(bytes);
 	UNUSED(from);
 	UNUSED(query);
@@ -397,25 +414,24 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 	while (i-- > 0) {
 		rdataset = NULL;
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-					      dns_rdatatype_cname, 0, NULL,
-					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+				dns_rdatatype_cname, 0, NULL, &rdataset);
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &cname, NULL);
 		check_result(result, "dns_rdata_tostruct");
-		dns_name_copynf(&cname.cname, qname);
+		dns_name_copy(&cname.cname, qname, NULL);
 		dns_rdata_freestruct(&cname);
 	}
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
 	UNUSED(msgbuf);
@@ -425,7 +441,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	debug("printmessage()");
 
-	if (!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
+	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
 		isc_sockaddr_format(&query->sockaddr, servtext,
 				    sizeof(servtext));
 		printf("Server:\t\t%s\n", query->userarg);
@@ -446,10 +462,10 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	if (msg->rcode != 0) {
 		char nametext[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name, nametext,
-				sizeof(nametext));
-		printf("** server can't find %s: %s\n", nametext,
-		       rcode_totext(msg->rcode));
+		dns_name_format(query->lookup->name,
+				nametext, sizeof(nametext));
+		printf("** server can't find %s: %s\n",
+		       nametext, rcode_totext(msg->rcode));
 		debug("returning with rcode == 0");
 
 		/* the lookup failed */
@@ -457,7 +473,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		return (ISC_R_SUCCESS);
 	}
 
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+	if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dig_lookup_t *lookup;
 		dns_fixedname_t fixed;
@@ -465,7 +481,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		/* Add AAAA lookup. */
 		name = dns_fixedname_initname(&fixed);
-		dns_name_copynf(query->lookup->name, name);
+		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
 		lookup = clone_lookup(query->lookup, false);
@@ -481,32 +497,29 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	}
 
 	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
-	    (!default_lookups || query->lookup->rdtype == dns_rdatatype_a))
-	{
+	    ( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
 		puts("Non-authoritative answer:");
-	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
-	} else {
+	else {
 		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
-		{
 			a_noanswer = true;
-		} else if (!default_lookups ||
-			   (query->lookup->rdtype == dns_rdatatype_aaaa &&
-			    a_noanswer))
-		{
+
+		else if (!default_lookups ||
+			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
+			 a_noanswer ) )
 			printf("*** Can't find %s: No answer\n",
-			       query->lookup->textname);
-		}
+				query->lookup->textname);
 	}
 
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
 	    (query->lookup->rdtype != dns_rdatatype_a) &&
-	    (query->lookup->rdtype != dns_rdatatype_aaaa))
-	{
+	    (query->lookup->rdtype != dns_rdatatype_aaaa) ) {
 		puts("\nAuthoritative answers can be found from:");
-		printsection(query, msg, headers, DNS_SECTION_AUTHORITY);
-		printsection(query, msg, headers, DNS_SECTION_ADDITIONAL);
+		printsection(query, msg, headers,
+			     DNS_SECTION_AUTHORITY);
+		printsection(query, msg, headers,
+			     DNS_SECTION_ADDITIONAL);
 	}
 	return (ISC_R_SUCCESS);
 }
@@ -527,32 +540,32 @@ show_settings(bool full, bool serv_only) {
 		check_result(result, "get_address");
 
 		isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
-		printf("Default server: %s\nAddress: %s\n", srv->userarg,
-		       sockstr);
-		if (!full) {
+		printf("Default server: %s\nAddress: %s\n",
+			srv->userarg, sockstr);
+		if (!full)
 			return;
-		}
 		srv = ISC_LIST_NEXT(srv, link);
 	}
-	if (serv_only) {
+	if (serv_only)
 		return;
-	}
 	printf("\nSet options:\n");
-	printf("  %s\t\t\t%s\t\t%s\n", tcpmode ? "vc" : "novc",
-	       short_form ? "nodebug" : "debug", debugging ? "d2" : "nod2");
-	printf("  %s\t\t%s\n", usesearch ? "search" : "nosearch",
+	printf("  %s\t\t\t%s\t\t%s\n",
+	       tcpmode ? "vc" : "novc",
+	       short_form ? "nodebug" : "debug",
+	       debugging ? "d2" : "nod2");
+	printf("  %s\t\t%s\n",
+	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n", timeout,
-	       tries, port, ndots);
+	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n",
+	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
-	for (listent = ISC_LIST_HEAD(search_list); listent != NULL;
-	     listent = ISC_LIST_NEXT(listent, link))
-	{
-		printf("%s", listent->origin);
-		if (ISC_LIST_NEXT(listent, link) != NULL) {
-			printf("/");
-		}
+	for (listent = ISC_LIST_HEAD(search_list);
+	     listent != NULL;
+	     listent = ISC_LIST_NEXT(listent, link)) {
+		     printf("%s", listent->origin);
+		     if (ISC_LIST_NEXT(listent, link) != NULL)
+			     printf("/");
 	}
 	printf("\n");
 }
@@ -566,9 +579,9 @@ testtype(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query type: %s\n", typetext);
 		return (false);
 	}
@@ -583,9 +596,9 @@ testclass(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query class: %s\n", typetext);
 		return (false);
 	}
@@ -595,36 +608,32 @@ static void
 set_port(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 65535, "port");
-	if (result == ISC_R_SUCCESS) {
-		port = (uint16_t)n;
-	}
+	if (result == ISC_R_SUCCESS)
+		port = (uint16_t) n;
 }
 
 static void
 set_timeout(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		timeout = n;
-	}
 }
 
 static void
 set_tries(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		tries = n;
-	}
 }
 
 static void
 set_ndots(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 128, "ndots");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		ndots = n;
-	}
 }
 
 static void
@@ -642,13 +651,11 @@ setoption(char *opt) {
 	if (CHECKOPT("all", 3)) {
 		show_settings(true, false);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
-		if (testclass(&opt[6])) {
+		if (testclass(&opt[6]))
 			strlcpy(defclass, &opt[6], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
-		if (testclass(&opt[3])) {
+		if (testclass(&opt[3]))
 			strlcpy(defclass, &opt[3], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5])) {
 			strlcpy(deftype, &opt[5], sizeof(deftype));
@@ -730,9 +737,9 @@ setoption(char *opt) {
 	} else if (CHECKOPT("sil", 3)) {
 		/* deprecation_msg = false; */
 	} else if (CHECKOPT("fail", 3)) {
-		nofail = false;
+		nofail=false;
 	} else if (CHECKOPT("nofail", 5)) {
-		nofail = true;
+		nofail=true;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
 	} else {
@@ -768,7 +775,8 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, true) == ISC_R_SUCCESS) {
+	if (get_reverse(store, sizeof(store), opt, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -788,21 +796,18 @@ addlookup(char *opt) {
 	lookup->retries = tries;
 	lookup->udpsize = 0;
 	lookup->comments = comments;
-	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set) {
+	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
 		lookup->tcp_mode = true;
-	} else {
+	else
 		lookup->tcp_mode = tcpmode;
-	}
 	lookup->stats = stats;
 	lookup->section_question = section_question;
 	lookup->section_answer = section_answer;
 	lookup->section_authority = section_authority;
 	lookup->section_additional = section_additional;
 	lookup->new_search = true;
-	lookup->besteffort = false;
-	if (nofail) {
+	if (nofail)
 		lookup->servfail_stops = false;
-	}
 	ISC_LIST_INIT(lookup->q);
 	ISC_LINK_INIT(lookup, link);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -819,11 +824,11 @@ do_next_command(char *input) {
 		return;
 	}
 	arg = strtok_r(NULL, " \t\r\n", &last);
-	if ((strcasecmp(ptr, "set") == 0) && (arg != NULL)) {
+	if ((strcasecmp(ptr, "set") == 0) &&
+	    (arg != NULL))
 		setoption(arg);
-	} else if ((strcasecmp(ptr, "server") == 0) ||
-		   (strcasecmp(ptr, "lserver") == 0))
-	{
+	else if ((strcasecmp(ptr, "server") == 0) ||
+		 (strcasecmp(ptr, "lserver") == 0)) {
 		isc_app_block();
 		set_nameserver(arg);
 		check_ra = false;
@@ -831,16 +836,16 @@ do_next_command(char *input) {
 		show_settings(true, true);
 	} else if (strcasecmp(ptr, "exit") == 0) {
 		in_use = false;
-	} else if (strcasecmp(ptr, "help") == 0 || strcasecmp(ptr, "?") == 0) {
+	} else if (strcasecmp(ptr, "help") == 0 ||
+		   strcasecmp(ptr, "?") == 0) {
 		printf("The '%s' command is not yet implemented.\n", ptr);
 	} else if (strcasecmp(ptr, "finger") == 0 ||
-		   strcasecmp(ptr, "root") == 0 || strcasecmp(ptr, "ls") == 0 ||
-		   strcasecmp(ptr, "view") == 0)
-	{
+		   strcasecmp(ptr, "root") == 0 ||
+		   strcasecmp(ptr, "ls") == 0 ||
+		   strcasecmp(ptr, "view") == 0) {
 		printf("The '%s' command is not implemented.\n", ptr);
-	} else {
+	} else
 		addlookup(ptr);
-	}
 }
 
 static void
@@ -854,28 +859,24 @@ get_next_command(void) {
 	if (interactive) {
 #ifdef HAVE_READLINE
 		ptr = readline("> ");
-		if (ptr != NULL) {
+		if (ptr != NULL)
 			add_history(ptr);
-		}
-#else  /* ifdef HAVE_READLINE */
+#else
 		fputs("> ", stderr);
 		fflush(stderr);
 		ptr = fgets(buf, COMMSIZE, stdin);
-#endif /* ifdef HAVE_READLINE */
-	} else {
+#endif
+	} else
 		ptr = fgets(buf, COMMSIZE, stdin);
-	}
 	isc_app_unblock();
 	if (ptr == NULL) {
 		in_use = false;
-	} else {
+	} else
 		do_next_command(ptr);
-	}
 #ifdef HAVE_READLINE
-	if (interactive) {
+	if (interactive)
 		free(ptr);
-	}
-#endif /* ifdef HAVE_READLINE */
+#endif
 	isc_mem_free(mctx, buf);
 }
 
@@ -884,16 +885,16 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "   nslookup [-opt ...]             # interactive mode "
-			"using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] - server    # interactive mode "
-			"using 'server'\n");
-	fprintf(stderr, "   nslookup [-opt ...] host        # just look up "
-			"'host' using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] host server # just look up "
-			"'host' using 'server'\n");
-	exit(1);
+    fprintf(stderr, "Usage:\n");
+    fprintf(stderr,
+"   nslookup [-opt ...]             # interactive mode using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] - server    # interactive mode using 'server'\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host        # just look up 'host' using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host server # just look up 'host' using 'server'\n");
+    exit(1);
 }
 
 static void
@@ -909,9 +910,8 @@ parse_args(int argc, char **argv) {
 				exit(0);
 			} else if (argv[0][1] != 0) {
 				setoption(&argv[0][1]);
-			} else {
+			} else
 				have_lookup = true;
-			}
 		} else {
 			if (!have_lookup) {
 				have_lookup = true;
@@ -957,10 +957,10 @@ flush_lookup_list(void) {
 			s = ISC_LIST_NEXT(s, link);
 			ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
 			isc_mem_free(mctx, sp);
+
 		}
-		if (l->sendmsg != NULL) {
+		if (l->sendmsg != NULL)
 			dns_message_destroy(&l->sendmsg);
-		}
 		lp = l;
 		l = ISC_LIST_NEXT(l, link);
 		ISC_LIST_DEQUEUE(lookup_list, lp, link);
@@ -971,9 +971,8 @@ flush_lookup_list(void) {
 static void
 getinput(isc_task_t *task, isc_event_t *event) {
 	UNUSED(task);
-	if (global_event == NULL) {
+	if (global_event == NULL)
 		global_event = event;
-	}
 	while (in_use) {
 		get_next_command();
 		if (ISC_LIST_HEAD(lookup_list) != NULL) {
@@ -984,6 +983,17 @@ getinput(isc_task_t *task, isc_event_t *event) {
 	isc_app_shutdown();
 }
 
+static void
+nsl_error(const char *format, ...) {
+	va_list args;
+
+	printf(";; ");
+	va_start(args, format);
+	vfprintf(stdout, format, args);
+	va_end(args);
+	printf("\n");
+}
+
 int
 main(int argc, char **argv) {
 	isc_result_t result;
@@ -1001,6 +1011,7 @@ main(int argc, char **argv) {
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = query_finished;
+	dighost_error = nsl_error;
 
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
@@ -1010,19 +1021,17 @@ main(int argc, char **argv) {
 
 	setup_system(false, false);
 	parse_args(argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
-	if (domainopt[0] != '\0') {
+	if (domainopt[0] != '\0')
 		set_search_domain(domainopt);
-	}
-	if (in_use) {
-		result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
-	} else {
+	if (in_use)
+		result = isc_app_onrun(mctx, global_task, onrun_callback,
+				       NULL);
+	else
 		result = isc_app_onrun(mctx, global_task, getinput, NULL);
-	}
 	check_result(result, "isc_app_onrun");
 	in_use = !in_use;
 
@@ -1030,9 +1039,8 @@ main(int argc, char **argv) {
 
 	puts("");
 	debug("done, and starting to shut down");
-	if (global_event != NULL) {
+	if (global_event != NULL)
 		isc_event_free(&global_event);
-	}
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();

bin/dig/nslookup.docbook

@@ -72,7 +72,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -308,7 +307,7 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </para>
-                  <para>
+		  <para>
                     (Default = IN; abbreviation = cl)
                   </para>
                 </listitem>
@@ -318,10 +317,10 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </para>
-                  <para>
+		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
                   </para>
                 </listitem>
@@ -332,9 +331,9 @@ nslookup -query=hinfo  -timeout=10
                 <listitem>
                   <para>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </para>
-                  <para>
+		  <para>
                     (Default = nod2)
                   </para>
                 </listitem>
@@ -358,7 +357,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </para>
-                  <para>
+		  <para>
                     (Default = search)
                   </para>
                 </listitem>
@@ -370,7 +369,7 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
                   </para>
-                  <para>
+		  <para>
                     (Default = 53; abbreviation = po)
                   </para>
                 </listitem>
@@ -389,15 +388,9 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the type of the information query.
                   </para>
-                  <para>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <para>
+                    (Default = A; abbreviations = q, ty)
                   </para>
-                    <para>
-                      <emphasis role="bold">Note:</emphasis> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </para>
                 </listitem>
               </varlistentry>
 
@@ -409,7 +402,7 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </para>
-                  <para>
+		  <para>
                     (Default = recurse; abbreviation = [no]rec)
                   </para>
                 </listitem>
@@ -419,9 +412,9 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant>ndots=</constant><replaceable>number</replaceable></term>
                 <listitem>
                   <para>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </para>
                 </listitem>
               </varlistentry>
@@ -452,7 +445,7 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </para>
-                  <para>
+		  <para>
                     (Default = novc)
                   </para>
                 </listitem>
@@ -462,15 +455,15 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>fail</constant></term>
                 <listitem>
                   <para>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </para>
-                  <para>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </para>
+		  <para>
                     (Default = nofail)
                   </para>
-                </listitem>
-              </varlistentry>
+	        </listitem>
+	      </varlistentry>
 
             </variablelist>
           </para>

bin/dig/nslookup.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -229,17 +229,17 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </p>
-                  <p>
+		  <p>
                     (Default = IN; abbreviation = cl)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
                   <p>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </p>
-                  <p>
+		  <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
                   </p>
                 </dd>
@@ -247,9 +247,9 @@ nslookup -query=hinfo  -timeout=10
 <dd>
                   <p>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </p>
-                  <p>
+		  <p>
                     (Default = nod2)
                   </p>
                 </dd>
@@ -267,7 +267,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </p>
-                  <p>
+		  <p>
                     (Default = search)
                   </p>
                 </dd>
@@ -276,7 +276,7 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
                   </p>
-                  <p>
+		  <p>
                     (Default = 53; abbreviation = po)
                   </p>
                 </dd>
@@ -289,15 +289,9 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the type of the information query.
                   </p>
-                  <p>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <p>
+                    (Default = A; abbreviations = q, ty)
                   </p>
-                    <p>
-                      <span class="bold"><strong>Note:</strong></span> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
 <dd>
@@ -306,16 +300,16 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </p>
-                  <p>
+		  <p>
                     (Default = recurse; abbreviation = [no]rec)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
 <dd>
                   <p>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
@@ -337,21 +331,21 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </p>
-                  <p>
+		  <p>
                     (Default = novc)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
 <dd>
                   <p>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </p>
-                  <p>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </p>
+		  <p>
                     (Default = nofail)
                   </p>
-                </dd>
+	        </dd>
 </dl></div>
 <p>
           </p>

bin/dig/win32/dig.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{F938F9B8-D395-4A40-BEC7-0122D289C692}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dig</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/dig/win32/dighost.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{140DE800-E552-43CC-B0C7-A33A92E368CA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dighost</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/dig/win32/host.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BA1048A8-6961-4A20-BE12-08BE20611C9D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>host</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/dig/win32/nslookup.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{C15A6E1A-94CE-4686-99F9-6BC5FD623EB5}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>nslookup</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">

bin/dnssec/Makefile.in

@@ -15,23 +15,24 @@ VERSION=@BIND9_VERSION@
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
+CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} \
 		${OPENSSL_CFLAGS}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
+
+NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
 
 # Alphabetically
 TARGETS =	dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
@@ -47,7 +48,7 @@ SRCS =		dnssec-cds.c dnssec-dsfromkey.c dnssec-importkey.c \
 		dnssec-settime.c dnssec-signzone.c dnssec-verify.c \
 		dnssectool.c
 
-MANPAGES =	dnssec-cds.8 dnssec-dsfromkey.8 dnssec-importkey.8 \
+MANPAGES =	dnssec-cds.8 dnssec-dsfromkey.8  dnssec-importkey.8 \
 		dnssec-keyfromlabel.8 dnssec-keygen.8 dnssec-revoke.8 \
 		dnssec-settime.8 dnssec-signzone.8 dnssec-verify.8
 

bin/dnssec/dnssec-cds.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -60,7 +60,7 @@ file generated by
 .PP
 The
 \fBdnssec\-cds\fR
-command uses special DNSSEC validation logic specified by RFC 7344\&. It requires that the CDS and/or CDNSKEY records are validly signed by a key represented in the existing DS records\&. This will typically be the pre\-existing key\-signing key (KSK)\&.
+command uses special DNSSEC validation logic specified by RFC 7344\&. It requires that the CDS and/or CDNSKEY records are validly signed by a key represented in the existing DS records\&. This will typicially be the pre\-existing key\-signing key (KSK)\&.
 .PP
 For protection against replay attacks, the signatures on the child records must not be older than they were on a previous run of
 \fBdnssec\-cds\fR\&. This time is obtained from the modification time of the
@@ -293,5 +293,5 @@ RFC 7344\&.
 .RE
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2017-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-cds.c

@@ -55,7 +55,7 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
@@ -75,9 +75,9 @@ static dns_fixedname_t fixed;
 static dns_name_t *name = NULL;
 static dns_rdataclass_t rdclass = dns_rdataclass_in;
 
-static const char *startstr = NULL; /* from which we derive notbefore */
-static isc_stdtime_t notbefore = 0; /* restrict sig inception times */
-static dns_rdata_rrsig_t oldestsig; /* for recording inception time */
+static const char *startstr  = NULL;	/* from which we derive notbefore */
+static isc_stdtime_t notbefore = 0;	/* restrict sig inception times */
+static dns_rdata_rrsig_t oldestsig;	/* for recording inception time */
 
 static int nkey; /* number of child zone DNSKEY records */
 
@@ -131,7 +131,7 @@ static dns_rdataset_t old_ds_set, new_ds_set;
 
 static keyinfo_t *old_key_tbl, *new_key_tbl;
 
-isc_buffer_t *new_ds_buf = NULL; /* backing store for new_ds_set */
+isc_buffer_t *new_ds_buf = NULL;	/* backing store for new_ds_set */
 
 static void
 verbose_time(int level, const char *msg, isc_stdtime_t time) {
@@ -150,7 +150,8 @@ verbose_time(int level, const char *msg, isc_stdtime_t time) {
 	if (verbose < 3) {
 		vbprintf(level, "%s %s\n", msg, timestr);
 	} else {
-		vbprintf(level, "%s %s (%" PRIu32 ")\n", msg, timestr, time);
+		vbprintf(level, "%s %s (%" PRIu32 ")\n",
+			 msg, timestr, time);
 	}
 }
 
@@ -172,15 +173,16 @@ initname(char *setname) {
 
 static void
 findset(dns_db_t *db, dns_dbnode_t *node, dns_rdatatype_t type,
-	dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
+	dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
+{
 	isc_result_t result;
 
 	dns_rdataset_init(rdataset);
 	if (sigrdataset != NULL) {
 		dns_rdataset_init(sigrdataset);
 	}
-	result = dns_db_findrdataset(db, node, NULL, type, 0, 0, rdataset,
-				     sigrdataset);
+	result = dns_db_findrdataset(db, node, NULL, type, 0, 0,
+				     rdataset, sigrdataset);
 	if (result != ISC_R_NOTFOUND) {
 		check_result(result, "dns_db_findrdataset()");
 	}
@@ -204,7 +206,8 @@ freelist(dns_rdataset_t *rdataset) {
 
 	dns_rdatalist_fromrdataset(rdataset, &rdlist);
 
-	for (rdata = ISC_LIST_HEAD(rdlist->rdata); rdata != NULL;
+	for (rdata = ISC_LIST_HEAD(rdlist->rdata);
+	     rdata != NULL;
 	     rdata = ISC_LIST_HEAD(rdlist->rdata))
 	{
 		ISC_LIST_UNLINK(rdlist->rdata, rdata, link);
@@ -233,14 +236,15 @@ static void
 load_db(const char *filename, dns_db_t **dbp, dns_dbnode_t **nodep) {
 	isc_result_t result;
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, dbp);
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, dbp);
 	check_result(result, "dns_db_create()");
 
-	result = dns_db_load(*dbp, filename, dns_masterformat_text,
-			     DNS_MASTER_HINT);
+	result = dns_db_load(*dbp, filename,
+			     dns_masterformat_text, DNS_MASTER_HINT);
 	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
+		fatal("can't load %s: %s", filename,
+		      isc_result_totext(result));
 	}
 
 	result = dns_db_findnode(*dbp, name, false, nodep);
@@ -268,8 +272,9 @@ load_child_sets(const char *file) {
 }
 
 static void
-get_dsset_name(char *filename, size_t size, const char *path,
-	       const char *suffix) {
+get_dsset_name(char *filename, size_t size,
+	       const char *path, const char *suffix)
+{
 	isc_result_t result;
 	isc_buffer_t buf;
 	size_t len;
@@ -313,7 +318,7 @@ get_dsset_name(char *filename, size_t size, const char *path,
 static void
 load_parent_set(const char *path) {
 	isc_result_t result;
-	dns_db_t *db = NULL;
+	dns_db_t *db   = NULL;
 	dns_dbnode_t *node = NULL;
 	isc_time_t modtime;
 	char filename[PATH_MAX + 1];
@@ -322,8 +327,8 @@ load_parent_set(const char *path) {
 
 	result = isc_file_getmodtime(filename, &modtime);
 	if (result != ISC_R_SUCCESS) {
-		fatal("could not get modification time of %s: %s", filename,
-		      isc_result_totext(result));
+		fatal("could not get modification time of %s: %s",
+		      filename, isc_result_totext(result));
 	}
 	notbefore = isc_time_seconds(&modtime);
 	if (startstr != NULL) {
@@ -337,8 +342,8 @@ load_parent_set(const char *path) {
 	findset(db, node, dns_rdatatype_ds, &old_ds_set, NULL);
 
 	if (!dns_rdataset_isassociated(&old_ds_set)) {
-		fatal("could not find DS records for %s in %s", namestr,
-		      filename);
+		fatal("could not find DS records for %s in %s",
+		      namestr, filename);
 	}
 
 	free_db(&db, &node);
@@ -360,12 +365,14 @@ formatset(dns_rdataset_t *rdataset) {
 	 * which just separates fields with spaces. The huge tab stop width
 	 * eliminates any tab characters.
 	 */
-	result = dns_master_stylecreate(&style, styleflags, 0, 0, 0, 0, 0,
-					1000000, 0, mctx);
+	result = dns_master_stylecreate(&style, styleflags,
+					0, 0, 0, 0, 0, 1000000, 0,
+					mctx);
 	check_result(result, "dns_master_stylecreate2 failed");
 
-	isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
-	result = dns_master_rdatasettotext(name, rdataset, style, NULL, buf);
+	result = isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
+	check_result(result, "printing DS records");
+	result = dns_master_rdatasettotext(name, rdataset, style, buf);
 
 	if ((result == ISC_R_SUCCESS) && isc_buffer_availablelength(buf) < 1) {
 		result = ISC_R_NOSPACE;
@@ -381,8 +388,9 @@ formatset(dns_rdataset_t *rdataset) {
 }
 
 static void
-write_parent_set(const char *path, const char *inplace, bool nsupdate,
-		 dns_rdataset_t *rdataset) {
+write_parent_set(const char *path, const char *inplace,
+		 bool nsupdate, dns_rdataset_t *rdataset)
+{
 	isc_result_t result;
 	isc_buffer_t *buf = NULL;
 	isc_region_t r;
@@ -433,8 +441,8 @@ write_parent_set(const char *path, const char *inplace, bool nsupdate,
 	result = isc_file_settime(tmpname, &filetime);
 	if (result != ISC_R_SUCCESS) {
 		isc_file_remove(tmpname);
-		fatal("can't set modification time of %s: %s", tmpname,
-		      isc_result_totext(result));
+		fatal("can't set modification time of %s: %s",
+		      tmpname, isc_result_totext(result));
 	}
 
 	if (inplace[0] != '\0') {
@@ -449,11 +457,13 @@ typedef enum { LOOSE, TIGHT } strictness_t;
  * Find out if any (C)DS record matches a particular (C)DNSKEY.
  */
 static bool
-match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
+match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
+{
 	isc_result_t result;
 	unsigned char dsbuf[DNS_DS_BUFFERSIZE];
 
-	for (result = dns_rdataset_first(dsset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset))
 	{
 		dns_rdata_ds_t ds;
@@ -472,8 +482,7 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
 		result = dns_ds_buildrdata(name, &ki->rdata, ds.digest_type,
 					   dsbuf, &newdsrdata);
 		if (result != ISC_R_SUCCESS) {
-			vbprintf(3,
-				 "dns_ds_buildrdata("
+			vbprintf(3, "dns_ds_buildrdata("
 				 "keytag=%d, algo=%d, digest=%d): %s\n",
 				 ds.key_tag, ds.algorithm, ds.digest_type,
 				 dns_result_totext(result));
@@ -484,22 +493,23 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
 		dsrdata.type = dns_rdatatype_ds;
 		if (dns_rdata_compare(&dsrdata, &newdsrdata) == 0) {
 			vbprintf(1, "found matching %s %d %d %d\n",
-				 c ? "CDS" : "DS", ds.key_tag, ds.algorithm,
-				 ds.digest_type);
+				 c ? "CDS" : "DS",
+				 ds.key_tag, ds.algorithm, ds.digest_type);
 			return (true);
 		} else if (strictness == TIGHT) {
-			vbprintf(0,
-				 "key does not match %s %d %d %d "
-				 "when it looks like it should\n",
-				 c ? "CDS" : "DS", ds.key_tag, ds.algorithm,
-				 ds.digest_type);
+			vbprintf(0, "key does not match %s %d %d %d "
+				"when it looks like it should\n",
+				 c ? "CDS" : "DS",
+				 ds.key_tag, ds.algorithm, ds.digest_type);
 			return (false);
 		}
 	}
 
 	vbprintf(1, "no matching %s for %s %d %d\n",
-		 dsset->type == dns_rdatatype_cds ? "CDS" : "DS",
-		 ki->rdata.type == dns_rdatatype_cdnskey ? "CDNSKEY" : "DNSKEY",
+		 dsset->type == dns_rdatatype_cds
+		 ? "CDS" : "DS",
+		 ki->rdata.type == dns_rdatatype_cdnskey
+		 ? "CDNSKEY" : "DNSKEY",
 		 ki->tag, ki->algo);
 
 	return (false);
@@ -511,7 +521,8 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
  */
 static keyinfo_t *
 match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
-		   strictness_t strictness) {
+		   strictness_t strictness)
+{
 	isc_result_t result;
 	keyinfo_t *keytable;
 	int i;
@@ -521,7 +532,8 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 	keytable = isc_mem_get(mctx, sizeof(keyinfo_t) * nkey);
 
 	for (result = dns_rdataset_first(keyset), i = 0;
-	     result == ISC_R_SUCCESS; result = dns_rdataset_next(keyset), i++)
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdataset_next(keyset), i++)
 	{
 		keyinfo_t *ki;
 		dns_rdata_dnskey_t dnskey;
@@ -547,13 +559,13 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 			continue;
 		}
 
-		result = dns_dnssec_keyfromrdata(name, keyrdata, mctx,
-						 &ki->dst);
+		result = dns_dnssec_keyfromrdata(name, keyrdata,
+						 mctx, &ki->dst);
 		if (result != ISC_R_SUCCESS) {
-			vbprintf(3,
-				 "dns_dnssec_keyfromrdata("
+			vbprintf(3, "dns_dnssec_keyfromrdata("
 				 "keytag=%d, algo=%d): %s\n",
-				 ki->tag, ki->algo, dns_result_totext(result));
+				 ki->tag, ki->algo,
+				 dns_result_totext(result));
 		}
 	}
 
@@ -563,7 +575,6 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 static void
 free_keytable(keyinfo_t **keytable_p) {
 	keyinfo_t *keytable = *keytable_p;
-	*keytable_p = NULL;
 	keyinfo_t *ki;
 	int i;
 
@@ -575,6 +586,7 @@ free_keytable(keyinfo_t **keytable_p) {
 	}
 
 	isc_mem_put(mctx, keytable, sizeof(keyinfo_t) * nkey);
+	*keytable_p = NULL;
 }
 
 /*
@@ -588,7 +600,8 @@ free_keytable(keyinfo_t **keytable_p) {
  */
 static dns_secalg_t *
 matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
-	      dns_rdataset_t *sigset) {
+	      dns_rdataset_t *sigset)
+{
 	isc_result_t result;
 	dns_secalg_t *algo;
 	int i;
@@ -596,7 +609,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 	algo = isc_mem_get(mctx, nkey);
 	memset(algo, 0, nkey);
 
-	for (result = dns_rdataset_first(sigset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(sigset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(sigset))
 	{
 		dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -617,27 +631,26 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 
 		for (i = 0; i < nkey; i++) {
 			keyinfo_t *ki = &keytbl[i];
-			if (sig.keyid != ki->tag || sig.algorithm != ki->algo ||
+			if (sig.keyid != ki->tag ||
+			    sig.algorithm != ki->algo ||
 			    !dns_name_equal(&sig.signer, name))
 			{
 				continue;
 			}
 			if (ki->dst == NULL) {
-				vbprintf(1,
-					 "skip RRSIG by key %d:"
+				vbprintf(1, "skip RRSIG by key %d:"
 					 " no matching (C)DS\n",
 					 sig.keyid);
 				continue;
 			}
 
 			result = dns_dnssec_verify(name, rdataset, ki->dst,
-						   false, 0, mctx, &sigrdata,
-						   NULL);
+						   false, 0, mctx,
+						   &sigrdata, NULL);
 
 			if (result != ISC_R_SUCCESS &&
 			    result != DNS_R_FROMWILDCARD) {
-				vbprintf(1,
-					 "skip RRSIG by key %d:"
+				vbprintf(1, "skip RRSIG by key %d:"
 					 " verification failed: %s\n",
 					 sig.keyid, isc_result_totext(result));
 				continue;
@@ -651,7 +664,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 			 * only after the signature has been verified
 			 */
 			if (oldestsig.timesigned == 0 ||
-			    isc_serial_lt(sig.timesigned, oldestsig.timesigned))
+			    isc_serial_lt(sig.timesigned,
+					  oldestsig.timesigned))
 			{
 				verbose_time(2, "this is the oldest so far",
 					     sig.timesigned);
@@ -691,7 +705,8 @@ signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
 	isc_result_t result;
 	bool all_ok = true;
 
-	for (result = dns_rdataset_first(dsset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset))
 	{
 		dns_rdata_t dsrdata = DNS_RDATA_INIT;
@@ -710,10 +725,8 @@ signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
 			}
 		}
 		if (!ds_ok) {
-			vbprintf(0,
-				 "missing signature for algorithm %d "
-				 "(key %d)\n",
-				 ds.algorithm, ds.key_tag);
+			vbprintf(0, "missing signature for algorithm %d "
+				 "(key %d)\n", ds.algorithm, ds.key_tag);
 			all_ok = false;
 		}
 	}
@@ -760,19 +773,20 @@ ds_from_cds(dns_rdatalist_t *dslist, isc_buffer_t *buf, dns_rdata_t *cds) {
 	check_result(result, "dns_rdata_tostruct(CDS)");
 	ds.common.rdtype = dns_rdatatype_ds;
 
-	result = dns_rdata_fromstruct(rdata, rdclass, dns_rdatatype_ds, &ds,
-				      buf);
+	result = dns_rdata_fromstruct(rdata, rdclass, dns_rdatatype_ds,
+				      &ds, buf);
 
 	return (rdata_put(result, dslist, rdata));
 }
 
 static isc_result_t
 ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
-		dns_rdata_t *cdnskey) {
+		 dns_rdata_t *cdnskey)
+{
 	isc_result_t result;
 	unsigned i, n;
 
-	n = sizeof(dtype) / sizeof(dtype[0]);
+	n = sizeof(dtype)/sizeof(dtype[0]);
 	for (i = 0; i < n; i++) {
 		if (dtype[i] != 0) {
 			dns_rdata_t *rdata;
@@ -801,8 +815,9 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
 }
 
 static void
-make_new_ds_set(ds_maker_func_t *ds_from_rdata, uint32_t ttl,
-		dns_rdataset_t *rdset) {
+make_new_ds_set(ds_maker_func_t *ds_from_rdata,
+		uint32_t ttl, dns_rdataset_t *rdset)
+{
 	unsigned int size = 16;
 	for (;;) {
 		isc_result_t result;
@@ -819,10 +834,12 @@ make_new_ds_set(ds_maker_func_t *ds_from_rdata, uint32_t ttl,
 		result = dns_rdatalist_tordataset(dslist, &new_ds_set);
 		check_result(result, "dns_rdatalist_tordataset(dslist)");
 
-		isc_buffer_allocate(mctx, &new_ds_buf, size);
+		result = isc_buffer_allocate(mctx, &new_ds_buf, size);
+		check_result(result, "building new DS records");
 
 		for (result = dns_rdataset_first(rdset);
-		     result == ISC_R_SUCCESS; result = dns_rdataset_next(rdset))
+		     result == ISC_R_SUCCESS;
+		     result = dns_rdataset_next(rdset))
 		{
 			isc_result_t tresult;
 			dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -876,7 +893,8 @@ consistent_digests(dns_rdataset_t *dsset) {
 
 	arrdata = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
 
-	for (result = dns_rdataset_first(dsset), i = 0; result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset), i = 0;
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset), i++)
 	{
 		dns_rdata_init(&arrdata[i]);
@@ -913,10 +931,10 @@ consistent_digests(dns_rdataset_t *dsset) {
 	while (i < n) {
 		key_tag = ds[i].key_tag;
 		algorithm = ds[i].algorithm;
-		for (j = 0; j < d && i + j < n; j++) {
-			if (ds[i + j].key_tag != key_tag ||
-			    ds[i + j].algorithm != algorithm ||
-			    ds[i + j].digest_type != ds[j].digest_type)
+		for (j = 0; j < d && i+j < n; j++) {
+			if (ds[i+j].key_tag != key_tag ||
+			    ds[i+j].algorithm != algorithm ||
+			    ds[i+j].digest_type != ds[j].digest_type)
 			{
 				match = false;
 			}
@@ -953,8 +971,9 @@ print_diff(const char *cmd, dns_rdataset_t *rdataset) {
 }
 
 static void
-update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
-	    dns_rdataset_t *delset) {
+update_diff(const char *cmd, uint32_t ttl,
+	    dns_rdataset_t *addset, dns_rdataset_t *delset)
+{
 	isc_result_t result;
 	dns_db_t *db;
 	dns_dbnode_t *node;
@@ -963,8 +982,8 @@ update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
 	uint32_t save;
 
 	db = NULL;
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
 	check_result(result, "dns_db_create()");
 
 	ver = NULL;
@@ -977,11 +996,12 @@ update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
 
 	dns_rdataset_init(&diffset);
 
-	result = dns_db_addrdataset(db, node, ver, 0, addset, DNS_DBADD_MERGE,
-				    NULL);
+	result = dns_db_addrdataset(db, node, ver, 0, addset,
+				    DNS_DBADD_MERGE, NULL);
 	check_result(result, "dns_db_addrdataset()");
 
-	result = dns_db_subtractrdataset(db, node, ver, delset, 0, &diffset);
+	result = dns_db_subtractrdataset(db, node, ver, delset,
+					 0, &diffset);
 	if (result == DNS_R_UNCHANGED) {
 		save = addset->ttl;
 		addset->ttl = ttl;
@@ -1027,22 +1047,18 @@ usage(void) {
 		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n"
-			"    -a <algorithm>     digest algorithm (SHA-1 / "
-			"SHA-256 / SHA-384)\n"
-			"    -c <class>         of domain (default IN)\n"
-			"    -D                 prefer CDNSKEY records instead "
-			"of CDS\n"
-			"    -d <file|dir>      where to find parent dsset- "
-			"file\n"
-			"    -f <file>          child DNSKEY+CDNSKEY+CDS+RRSIG "
-			"records\n"
-			"    -i[extension]      update dsset- file in place\n"
-			"    -s <start-time>    oldest permitted child "
-			"signatures\n"
-			"    -u                 emit nsupdate script\n"
-			"    -T <ttl>           TTL of DS records\n"
-			"    -V                 print version\n"
-			"    -v <verbosity>\n");
+"    -a <algorithm>     digest algorithm (SHA-1 / SHA-256 / SHA-384)\n"
+"    -c <class>         of domain (default IN)\n"
+"    -D                 prefer CDNSKEY records instead of CDS\n"
+"    -d <file|dir>      where to find parent dsset- file\n"
+"    -f <file>          child DNSKEY+CDNSKEY+CDS+RRSIG records\n"
+"    -i[extension]      update dsset- file in place\n"
+"    -s <start-time>    oldest permitted child signatures\n"
+"    -u                 emit nsupdate script\n"
+"    -T <ttl>           TTL of DS records\n"
+"    -V                 print version\n"
+"    -v <verbosity>\n"
+	);
 	exit(1);
 }
 
@@ -1058,11 +1074,14 @@ main(int argc, char *argv[]) {
 	int ch;
 	char *endp;
 
-	isc_mem_create(&mctx);
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS) {
+		fatal("out of memory");
+	}
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -1091,7 +1110,8 @@ main(int argc, char *argv[]) {
 			 * so that it works just like sed(1).
 			 */
 			if (isc_commandline_argument ==
-			    argv[isc_commandline_index - 1]) {
+			    argv[isc_commandline_index - 1])
+			{
 				isc_commandline_index--;
 				inplace = "";
 			} else {
@@ -1100,7 +1120,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 'm':
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE |
-					    ISC_MEM_DEBUGRECORD;
+				ISC_MEM_DEBUGRECORD;
 			break;
 		case 's':
 			startstr = isc_commandline_argument;
@@ -1183,7 +1203,8 @@ main(int argc, char *argv[]) {
 		fatal("missing RRSIG CDNSKEY records for %s", namestr);
 	}
 	if (dns_rdataset_isassociated(&cds_set) &&
-	    !dns_rdataset_isassociated(&cds_sig)) {
+	    !dns_rdataset_isassociated(&cds_sig))
+	{
 		fatal("missing RRSIG CDS records for %s", namestr);
 	}
 
@@ -1204,16 +1225,18 @@ main(int argc, char *argv[]) {
 
 	if (dns_rdataset_isassociated(&cdnskey_set)) {
 		vbprintf(1, "verify CDNSKEY signature(s)\n");
-		if (!signed_loose(matching_sigs(old_key_tbl, &cdnskey_set,
-						&cdnskey_sig))) {
+		if (!signed_loose(matching_sigs(old_key_tbl,
+						&cdnskey_set, &cdnskey_sig)))
+		{
 			fatal("could not validate child CDNSKEY RRset for %s",
 			      namestr);
 		}
 	}
 	if (dns_rdataset_isassociated(&cds_set)) {
 		vbprintf(1, "verify CDS signature(s)\n");
-		if (!signed_loose(
-			    matching_sigs(old_key_tbl, &cds_set, &cds_sig))) {
+		if (!signed_loose(matching_sigs(old_key_tbl,
+						&cds_set, &cds_sig)))
+		{
 			fatal("could not validate child CDS RRset for %s",
 			      namestr);
 		}
@@ -1230,11 +1253,12 @@ main(int argc, char *argv[]) {
 		dns_rdatatype_format(oldestsig.covered, type, sizeof(type));
 		verbose_time(1, "child signature inception time",
 			     oldestsig.timesigned);
-		vbprintf(2, "from RRSIG %s by key %d\n", type, oldestsig.keyid);
+		vbprintf(2, "from RRSIG %s by key %d\n",
+			 type, oldestsig.keyid);
 	}
 
 	/*
-	 * Successfully do nothing if there's neither CDNSKEY nor CDS
+	 * Sucessfully do nothing if there's neither CDNSKEY nor CDS
 	 * RFC 7344 section 4.1 first paragraph
 	 */
 	if (!dns_rdataset_isassociated(&cdnskey_set) &&
@@ -1267,17 +1291,16 @@ main(int argc, char *argv[]) {
 
 	if (!consistent_digests(&new_ds_set)) {
 		fatal("CDS records at %s do not cover each key "
-		      "with the same set of digest types",
-		      namestr);
+		      "with the same set of digest types", namestr);
 	}
 
 	vbprintf(1, "verify DNSKEY signature(s)\n");
-	if (!signed_strict(&new_ds_set, matching_sigs(new_key_tbl, &dnskey_set,
-						      &dnskey_sig)))
+	if (!signed_strict(&new_ds_set,
+			   matching_sigs(new_key_tbl,
+					 &dnskey_set, &dnskey_sig)))
 	{
 		fatal("could not validate child DNSKEY RRset "
-		      "with new DS records for %s",
-		      namestr);
+		      "with new DS records for %s", namestr);
 	}
 
 	free_keytable(&new_key_tbl);

bin/dnssec/dnssec-cds.docbook

@@ -41,7 +41,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -93,7 +92,7 @@
       The <command>dnssec-cds</command> command uses special DNSSEC
       validation logic specified by RFC 7344. It requires that the CDS
       and/or CDNSKEY records are validly signed by a key represented in the
-      existing DS records. This will typically be the pre-existing
+      existing DS records. This will typicially be the pre-existing
       key-signing key (KSK).
     </para>
     <para>

bin/dnssec/dnssec-cds.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -78,7 +78,7 @@
       The <span class="command"><strong>dnssec-cds</strong></span> command uses special DNSSEC
       validation logic specified by RFC 7344. It requires that the CDS
       and/or CDNSKEY records are validly signed by a key represented in the
-      existing DS records. This will typically be the pre-existing
+      existing DS records. This will typicially be the pre-existing
       key-signing key (KSK).
     </p>
     <p>

bin/dnssec/dnssec-dsfromkey.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -222,5 +222,5 @@ RFC 7344
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-dsfromkey.c

@@ -43,18 +43,18 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-dsfromkey";
 
 static dns_rdataclass_t rdclass;
-static dns_fixedname_t fixed;
-static dns_name_t *name = NULL;
-static isc_mem_t *mctx = NULL;
-static uint32_t ttl;
-static bool emitttl = false;
+static dns_fixedname_t	fixed;
+static dns_name_t	*name = NULL;
+static isc_mem_t	*mctx = NULL;
+static uint32_t	ttl;
+static bool	emitttl = false;
 
 static isc_result_t
 initname(char *setname) {
@@ -76,101 +76,88 @@ db_load_from_stream(dns_db_t *db, FILE *fp) {
 
 	dns_rdatacallbacks_init(&callbacks);
 	result = dns_db_beginload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
-	}
 
-	result = dns_master_loadstream(fp, name, name, rdclass, 0, &callbacks,
-				       mctx);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_master_loadstream(fp, name, name, rdclass, 0,
+				       &callbacks, mctx);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't load from input: %s", isc_result_totext(result));
-	}
 
 	result = dns_db_endload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_endload failed: %s", isc_result_totext(result));
-	}
 }
 
 static isc_result_t
 loadset(const char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_dbnode_t *node = NULL;
+	isc_result_t	 result;
+	dns_db_t	 *db = NULL;
+	dns_dbnode_t	 *node = NULL;
 	char setname[DNS_NAME_FORMATSIZE];
 
 	dns_name_format(name, setname, sizeof(setname));
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't create database");
-	}
 
 	if (strcmp(filename, "-") == 0) {
 		db_load_from_stream(db, stdin);
 		filename = "input";
 	} else {
 		result = dns_db_load(db, filename, dns_masterformat_text, 0);
-		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
+		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
 			fatal("can't load %s: %s", filename,
 			      isc_result_totext(result));
-		}
 	}
 
 	result = dns_db_findnode(db, name, false, &node);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
-	}
 
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
-				     rdataset, NULL);
+	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
+				     0, 0, rdataset, NULL);
 
-	if (result == ISC_R_NOTFOUND) {
+	if (result == ISC_R_NOTFOUND)
 		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		fatal("dns_db_findrdataset");
-	}
 
-	if (node != NULL) {
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 	return (result);
 }
 
 static isc_result_t
 loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	char filename[PATH_MAX + 1];
-	isc_buffer_t buf;
+	isc_result_t	 result;
+	char		 filename[PATH_MAX + 1];
+	isc_buffer_t	 buf;
 
 	dns_rdataset_init(rdataset);
 
 	isc_buffer_init(&buf, filename, sizeof(filename));
 	if (dirname != NULL) {
 		/* allow room for a trailing slash */
-		if (strlen(dirname) >= isc_buffer_availablelength(&buf)) {
+		if (strlen(dirname) >= isc_buffer_availablelength(&buf))
 			return (ISC_R_NOSPACE);
-		}
 		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/') {
+		if (dirname[strlen(dirname) - 1] != '/')
 			isc_buffer_putstr(&buf, "/");
-		}
 	}
 
-	if (isc_buffer_availablelength(&buf) < 7) {
+	if (isc_buffer_availablelength(&buf) < 7)
 		return (ISC_R_NOSPACE);
-	}
 	isc_buffer_putstr(&buf, "keyset-");
 
 	result = dns_name_tofilenametext(name, false, &buf);
 	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0) {
+	if (isc_buffer_availablelength(&buf) == 0)
 		return (ISC_R_NOSPACE);
-	}
 	isc_buffer_putuint8(&buf, 0);
 
 	return (loadset(filename, rdataset));
@@ -178,22 +165,22 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
 
 static void
 loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata) {
-	isc_result_t result;
-	dst_key_t *key = NULL;
-	isc_buffer_t keyb;
-	isc_region_t r;
+	dns_rdata_t *rdata)
+{
+	isc_result_t  result;
+	dst_key_t     *key = NULL;
+	isc_buffer_t  keyb;
+	isc_region_t  r;
 
 	dns_rdata_init(rdata);
 
 	isc_buffer_init(&keyb, key_buf, key_buf_size);
 
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC, mctx,
-				       &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("can't load %s.key: %s", filename,
-		      isc_result_totext(result));
-	}
+	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
+				       mctx, &key);
+	if (result != ISC_R_SUCCESS)
+		fatal("can't load %s.key: %s",
+		      filename, isc_result_totext(result));
 
 	if (verbose > 2) {
 		char keystr[DST_KEY_FORMATSIZE];
@@ -203,18 +190,19 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 	}
 
 	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't decode key");
-	}
 
 	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key), dns_rdatatype_dnskey,
-			     &r);
+	dns_rdata_fromregion(rdata, dst_key_class(key),
+			     dns_rdatatype_dnskey, &r);
 
 	rdclass = dst_key_class(key);
 
 	name = dns_fixedname_initname(&fixed);
-	dns_name_copynf(dst_key_name(key), name);
+	result = dns_name_copy(dst_key_name(key), name, NULL);
+	if (result != ISC_R_SUCCESS)
+		fatal("can't copy name");
 
 	dst_key_free(&key);
 }
@@ -222,16 +210,15 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 static void
 logkey(dns_rdata_t *rdata) {
 	isc_result_t result;
-	dst_key_t *key = NULL;
+	dst_key_t    *key = NULL;
 	isc_buffer_t buf;
-	char keystr[DST_KEY_FORMATSIZE];
+	char	     keystr[DST_KEY_FORMATSIZE];
 
 	isc_buffer_init(&buf, rdata->data, rdata->length);
 	isc_buffer_add(&buf, rdata->length);
 	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return;
-	}
 
 	dst_key_format(key, keystr, sizeof(keystr));
 	fprintf(stderr, "%s: %s\n", program, keystr);
@@ -258,42 +245,35 @@ emit(dns_dsdigest_t dt, bool showall, bool cds, dns_rdata_t *rdata) {
 	dns_rdata_init(&ds);
 
 	result = dns_rdata_tostruct(rdata, &dnskey, NULL);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't convert DNSKEY");
-	}
 
-	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall) {
+	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall)
 		return;
-	}
 
 	result = dns_ds_buildrdata(name, rdata, dt, buf, &ds);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't build record");
-	}
 
 	result = dns_name_totext(name, false, &nameb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print name");
-	}
 
-	result = dns_rdata_tofmttext(&ds, (dns_name_t *)NULL, 0, 0, 0, "",
+	result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
 				     &textb);
 
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print rdata");
-	}
 
 	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print class");
-	}
 
 	isc_buffer_usedregion(&nameb, &r);
 	printf("%.*s ", (int)r.length, r.base);
 
-	if (emitttl) {
+	if (emitttl)
 		printf("%u ", ttl);
-	}
 
 	isc_buffer_usedregion(&classb, &r);
 	printf("%.*s", (int)r.length, r.base);
@@ -312,7 +292,7 @@ static void
 emits(bool showall, bool cds, dns_rdata_t *rdata) {
 	unsigned i, n;
 
-	n = sizeof(dtype) / sizeof(dtype[0]);
+	n = sizeof(dtype)/sizeof(dtype[0]);
 	for (i = 0; i < n; i++) {
 		if (dtype[i] != 0) {
 			emit(dtype[i], showall, cds, rdata);
@@ -326,46 +306,43 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s [options] keyfile\n\n", program);
+	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "    %s [options] -f zonefile [zonename]\n\n", program);
 	fprintf(stderr, "    %s [options] -s dnsname\n\n", program);
 	fprintf(stderr, "    %s [-h|-V]\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n"
-			"    -1: digest algorithm SHA-1\n"
-			"    -2: digest algorithm SHA-256\n"
-			"    -a algorithm: digest algorithm (SHA-1, SHA-256 or "
-			"SHA-384)\n"
-			"    -A: include all keys in DS set, not just KSKs (-f "
-			"only)\n"
-			"    -c class: rdata class for DS set (default IN) (-f "
-			"or -s only)\n"
-			"    -C: print CDS records\n"
-			"    -f zonefile: read keys from a zone file\n"
-			"    -h: print help information\n"
-			"    -K directory: where to find key or keyset files\n"
-			"    -s: read keys from keyset-<dnsname> file\n"
-			"    -T: TTL of output records (omitted by default)\n"
-			"    -v level: verbosity\n"
-			"    -V: print version information\n");
+"    -1: digest algorithm SHA-1\n"
+"    -2: digest algorithm SHA-256\n"
+"    -a algorithm: digest algorithm (SHA-1, SHA-256 or SHA-384)\n"
+"    -A: include all keys in DS set, not just KSKs (-f only)\n"
+"    -c class: rdata class for DS set (default IN) (-f or -s only)\n"
+"    -C: print CDS records\n"
+"    -f zonefile: read keys from a zone file\n"
+"    -h: print help information\n"
+"    -K directory: where to find key or keyset files\n"
+"    -s: read keys from keyset-<dnsname> file\n"
+"    -T: TTL of output records (omitted by default)\n"
+"    -v level: verbosity\n"
+"    -V: print version information\n");
 	fprintf(stderr, "Output: DS or CDS RRs\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *classname = NULL;
-	char *filename = NULL, *dir = NULL, *namestr;
-	char *endp, *arg1;
-	int ch;
-	bool cds = false;
-	bool usekeyset = false;
-	bool showall = false;
-	isc_result_t result;
-	isc_log_t *log = NULL;
-	dns_rdataset_t rdataset;
-	dns_rdata_t rdata;
+	char		*classname = NULL;
+	char		*filename = NULL, *dir = NULL, *namestr;
+	char		*endp;
+	int		ch;
+	bool		cds = false;
+	bool		usekeyset = false;
+	bool		showall = false;
+	isc_result_t	result;
+	isc_log_t	*log = NULL;
+	dns_rdataset_t	rdataset;
+	dns_rdata_t	rdata;
 
 	dns_rdata_init(&rdata);
 
@@ -373,11 +350,14 @@ main(int argc, char **argv) {
 		usage();
 	}
 
-	isc_mem_create(&mctx);
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS) {
+		fatal("out of memory");
+	}
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -404,16 +384,13 @@ main(int argc, char **argv) {
 			classname = isc_commandline_argument;
 			break;
 		case 'd':
-			fprintf(stderr,
-				"%s: the -d option is deprecated; "
-				"use -K\n",
-				program);
-		/* fall through */
+			fprintf(stderr, "%s: the -d option is deprecated; "
+					"use -K\n", program);
+			/* fall through */
 		case 'K':
 			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U) {
+			if (strlen(dir) == 0U)
 				fatal("directory must be non-empty string");
-			}
 			break;
 		case 'f':
 			filename = isc_commandline_argument;
@@ -430,19 +407,17 @@ main(int argc, char **argv) {
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case 'F':
-		/* Reserved for FIPS mode */
-		/* FALLTHROUGH */
+			/* Reserved for FIPS mode */
+			/* FALLTHROUGH */
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -452,8 +427,8 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -474,15 +449,10 @@ main(int argc, char **argv) {
 		dtype[0] = DNS_DSDIGEST_SHA256;
 	}
 
-	/*
-	 * Use local variable arg1 so that clang can correctly analyse
-	 * reachable paths rather than 'argc < isc_commandline_index + 1'.
-	 */
-	arg1 = argv[isc_commandline_index];
-	if (arg1 == NULL && filename == NULL) {
+	if (argc < isc_commandline_index + 1 && filename == NULL) {
 		fatal("the key file name was not specified");
 	}
-	if (arg1 != NULL && argv[isc_commandline_index + 1] != NULL) {
+	if (argc > isc_commandline_index + 1) {
 		fatal("extraneous arguments");
 	}
 
@@ -497,11 +467,11 @@ main(int argc, char **argv) {
 	dns_rdataset_init(&rdataset);
 
 	if (usekeyset || filename != NULL) {
-		if (arg1 == NULL) {
-			/* using file name as the zone name */
+		if (argc < isc_commandline_index + 1 && filename != NULL) {
+			/* using zone name as the zone file name */
 			namestr = filename;
 		} else {
-			namestr = arg1;
+			namestr = argv[isc_commandline_index];
 		}
 
 		result = initname(namestr);
@@ -512,7 +482,6 @@ main(int argc, char **argv) {
 		if (usekeyset) {
 			result = loadkeyset(dir, &rdataset);
 		} else {
-			INSIST(filename != NULL);
 			result = loadset(filename, &rdataset);
 		}
 
@@ -537,7 +506,8 @@ main(int argc, char **argv) {
 	} else {
 		unsigned char key_buf[DST_KEY_MAXSIZE];
 
-		loadkey(arg1, key_buf, DST_KEY_MAXSIZE, &rdata);
+		loadkey(argv[isc_commandline_index], key_buf,
+			DST_KEY_MAXSIZE, &rdata);
 
 		emits(showall, cds, &rdata);
 	}
@@ -547,6 +517,7 @@ main(int argc, char **argv) {
 	}
 	cleanup_logging(&log);
 	dst_lib_destroy();
+	dns_name_destroy();
 	if (verbose > 10) {
 		isc_mem_stats(mctx, stdout);
 	}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -42,7 +42,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-dsfromkey.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-importkey.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -134,5 +134,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-importkey.c

@@ -42,23 +42,23 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-importkey";
 
 static dns_rdataclass_t rdclass;
-static dns_fixedname_t fixed;
-static dns_name_t *name = NULL;
-static isc_mem_t *mctx = NULL;
-static bool setpub = false, setdel = false;
-static bool setttl = false;
-static isc_stdtime_t pub = 0, del = 0;
-static dns_ttl_t ttl = 0;
-static isc_stdtime_t syncadd = 0, syncdel = 0;
-static bool setsyncadd = false;
-static bool setsyncdel = false;
+static dns_fixedname_t	fixed;
+static dns_name_t	*name = NULL;
+static isc_mem_t	*mctx = NULL;
+static bool	setpub = false, setdel = false;
+static bool	setttl = false;
+static isc_stdtime_t	pub = 0, del = 0;
+static dns_ttl_t	ttl = 0;
+static isc_stdtime_t	syncadd = 0, syncdel = 0;
+static bool	setsyncadd = false;
+static bool	setsyncdel = false;
 
 static isc_result_t
 initname(char *setname) {
@@ -80,36 +80,32 @@ db_load_from_stream(dns_db_t *db, FILE *fp) {
 
 	dns_rdatacallbacks_init(&callbacks);
 	result = dns_db_beginload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
-	}
 
-	result = dns_master_loadstream(fp, name, name, rdclass, 0, &callbacks,
-				       mctx);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_master_loadstream(fp, name, name, rdclass, 0,
+				       &callbacks, mctx);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't load from input: %s", isc_result_totext(result));
-	}
 
 	result = dns_db_endload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_endload failed: %s", isc_result_totext(result));
-	}
 }
 
 static isc_result_t
 loadset(const char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_dbnode_t *node = NULL;
+	isc_result_t	 result;
+	dns_db_t	 *db = NULL;
+	dns_dbnode_t	 *node = NULL;
 	char setname[DNS_NAME_FORMATSIZE];
 
 	dns_name_format(name, setname, sizeof(setname));
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't create database");
-	}
 
 	if (strcmp(filename, "-") == 0) {
 		db_load_from_stream(db, stdin);
@@ -117,53 +113,48 @@ loadset(const char *filename, dns_rdataset_t *rdataset) {
 	} else {
 		result = dns_db_load(db, filename, dns_masterformat_text,
 				     DNS_MASTER_NOTTL);
-		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
+		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
 			fatal("can't load %s: %s", filename,
 			      isc_result_totext(result));
-		}
 	}
 
 	result = dns_db_findnode(db, name, false, &node);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
-	}
 
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
-				     rdataset, NULL);
+	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
+				     0, 0, rdataset, NULL);
 
-	if (result == ISC_R_NOTFOUND) {
+	if (result == ISC_R_NOTFOUND)
 		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		fatal("dns_db_findrdataset");
-	}
 
-	if (node != NULL) {
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 	return (result);
 }
 
 static void
 loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata) {
-	isc_result_t result;
-	dst_key_t *key = NULL;
-	isc_buffer_t keyb;
-	isc_region_t r;
+	dns_rdata_t *rdata)
+{
+	isc_result_t  result;
+	dst_key_t     *key = NULL;
+	isc_buffer_t  keyb;
+	isc_region_t  r;
 
 	dns_rdata_init(rdata);
 
 	isc_buffer_init(&keyb, key_buf, key_buf_size);
 
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC, mctx,
-				       &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("invalid keyfile name %s: %s", filename,
-		      isc_result_totext(result));
-	}
+	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
+				       mctx, &key);
+	if (result != ISC_R_SUCCESS)
+		fatal("invalid keyfile name %s: %s",
+		      filename, isc_result_totext(result));
 
 	if (verbose > 2) {
 		char keystr[DST_KEY_FORMATSIZE];
@@ -173,18 +164,19 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 	}
 
 	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't decode key");
-	}
 
 	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key), dns_rdatatype_dnskey,
-			     &r);
+	dns_rdata_fromregion(rdata, dst_key_class(key),
+			     dns_rdatatype_dnskey, &r);
 
 	rdclass = dst_key_class(key);
 
 	name = dns_fixedname_initname(&fixed);
-	dns_name_copynf(dst_key_name(key), name);
+	result = dns_name_copy(dst_key_name(key), name, NULL);
+	if (result != ISC_R_SUCCESS)
+		fatal("can't copy name");
 
 	dst_key_free(&key);
 }
@@ -218,35 +210,31 @@ emit(const char *dir, dns_rdata_t *rdata) {
 		      isc_result_totext(result));
 	}
 
-	result = dst_key_fromfile(
-		dst_key_name(key), dst_key_id(key), dst_key_alg(key),
-		DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, dir, mctx, &tmp);
+	result = dst_key_fromfile(dst_key_name(key), dst_key_id(key),
+				  dst_key_alg(key),
+				  DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+				  dir, mctx, &tmp);
 	if (result == ISC_R_SUCCESS) {
-		if (dst_key_isprivate(tmp) && !dst_key_isexternal(tmp)) {
+		if (dst_key_isprivate(tmp) && !dst_key_isexternal(tmp))
 			fatal("Private key already exists in %s", priname);
-		}
 		dst_key_free(&tmp);
 	}
 
 	dst_key_setexternal(key, true);
-	if (setpub) {
+	if (setpub)
 		dst_key_settime(key, DST_TIME_PUBLISH, pub);
-	}
-	if (setdel) {
+	if (setdel)
 		dst_key_settime(key, DST_TIME_DELETE, del);
-	}
-	if (setsyncadd) {
+	if (setsyncadd)
 		dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-	}
-	if (setsyncdel) {
+	if (setsyncdel)
 		dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-	}
 
-	if (setttl) {
+	if (setttl)
 		dst_key_setttl(key, ttl);
-	}
 
-	result = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, dir);
+	result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				dir);
 	if (result != ISC_R_SUCCESS) {
 		dst_key_format(key, keystr, sizeof(keystr));
 		fatal("Failed to write key %s: %s", keystr,
@@ -270,54 +258,55 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s options [-K dir] keyfile\n\n", program);
+	fprintf(stderr,	"    %s options [-K dir] keyfile\n\n", program);
 	fprintf(stderr, "    %s options -f file [keyname]\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "    -f file: read key from zone file\n");
 	fprintf(stderr, "    -K <directory>: directory in which to store "
-			"the key files\n");
+				"the key files\n");
 	fprintf(stderr, "    -L ttl:             set default key TTL\n");
 	fprintf(stderr, "    -v <verbose level>\n");
 	fprintf(stderr, "    -V: print version information\n");
 	fprintf(stderr, "    -h: print usage and exit\n");
 	fprintf(stderr, "Timing options:\n");
 	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
-			"publication date\n");
+						     "publication date\n");
 	fprintf(stderr, "    -P sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY publication date\n");
+				"CDS and CDNSKEY publication date\n");
 	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
-			"deletion date\n");
+						     "deletion date\n");
 	fprintf(stderr, "    -D sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY deletion date\n");
+				"CDS and CDNSKEY deletion date\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *classname = NULL;
-	char *filename = NULL, *dir = NULL, *namestr;
-	char *endp;
-	int ch;
-	isc_result_t result;
-	isc_log_t *log = NULL;
-	dns_rdataset_t rdataset;
-	dns_rdata_t rdata;
-	isc_stdtime_t now;
+	char		*classname = NULL;
+	char		*filename = NULL, *dir = NULL, *namestr;
+	char		*endp;
+	int		ch;
+	isc_result_t	result;
+	isc_log_t	*log = NULL;
+	dns_rdataset_t	rdataset;
+	dns_rdata_t	rdata;
+	isc_stdtime_t   now;
 
 	dns_rdata_init(&rdata);
 	isc_stdtime_get(&now);
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
-	isc_mem_create(&mctx);
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS)
+		fatal("out of memory");
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -328,29 +317,26 @@ main(int argc, char **argv) {
 		case 'D':
 			/* -Dsync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (setsyncdel) {
+				if (setsyncdel)
 					fatal("-D sync specified more than "
 					      "once");
-				}
 
 				syncdel = strtotime(isc_commandline_argument,
-						    now, now, &setsyncdel);
+						   now, now, &setsyncdel);
 				break;
 			}
 			/* -Ddnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setdel) {
+			if (setdel)
 				fatal("-D specified more than once");
-			}
 
-			del = strtotime(isc_commandline_argument, now, now,
-					&setdel);
+			del = strtotime(isc_commandline_argument,
+					now, now, &setdel);
 			break;
 		case 'K':
 			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U) {
+			if (strlen(dir) == 0U)
 				fatal("directory must be non-empty string");
-			}
 			break;
 		case 'L':
 			ttl = strtottl(isc_commandline_argument);
@@ -359,39 +345,35 @@ main(int argc, char **argv) {
 		case 'P':
 			/* -Psync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (setsyncadd) {
+				if (setsyncadd)
 					fatal("-P sync specified more than "
 					      "once");
-				}
 
 				syncadd = strtotime(isc_commandline_argument,
-						    now, now, &setsyncadd);
+						   now, now, &setsyncadd);
 				break;
 			}
 			/* -Pdnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setpub) {
+			if (setpub)
 				fatal("-P specified more than once");
-			}
 
-			pub = strtotime(isc_commandline_argument, now, now,
-					&setpub);
+			pub = strtotime(isc_commandline_argument,
+					now, now, &setpub);
 			break;
 		case 'f':
 			filename = isc_commandline_argument;
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -401,26 +383,23 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	rdclass = strtoclass(classname);
 
-	if (argc < isc_commandline_index + 1 && filename == NULL) {
+	if (argc < isc_commandline_index + 1 && filename == NULL)
 		fatal("the key file name was not specified");
-	}
-	if (argc > isc_commandline_index + 1) {
+	if (argc > isc_commandline_index + 1)
 		fatal("extraneous arguments");
-	}
 
 	result = dst_lib_init(mctx, NULL);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst: %s",
 		      isc_result_totext(result));
-	}
 
 	setup_logging(mctx, &log);
 
@@ -430,26 +409,23 @@ main(int argc, char **argv) {
 		if (argc < isc_commandline_index + 1) {
 			/* using filename as zone name */
 			namestr = filename;
-		} else {
+		} else
 			namestr = argv[isc_commandline_index];
-		}
 
 		result = initname(namestr);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not initialize name %s", namestr);
-		}
 
 		result = loadset(filename, &rdataset);
 
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not load DNSKEY set: %s\n",
 			      isc_result_totext(result));
-		}
 
 		for (result = dns_rdataset_first(&rdataset);
 		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&rdataset))
-		{
+		     result = dns_rdataset_next(&rdataset)) {
+
 			dns_rdata_init(&rdata);
 			dns_rdataset_current(&rdataset, &rdata);
 			emit(dir, &rdata);
@@ -457,27 +433,25 @@ main(int argc, char **argv) {
 	} else {
 		unsigned char key_buf[DST_KEY_MAXSIZE];
 
-		loadkey(argv[isc_commandline_index], key_buf, DST_KEY_MAXSIZE,
-			&rdata);
+		loadkey(argv[isc_commandline_index], key_buf,
+			DST_KEY_MAXSIZE, &rdata);
 
 		emit(dir, &rdata);
 	}
 
-	if (dns_rdataset_isassociated(&rdataset)) {
+	if (dns_rdataset_isassociated(&rdataset))
 		dns_rdataset_disassociate(&rdataset);
-	}
 	cleanup_logging(&log);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	dns_name_destroy();
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
 	isc_mem_destroy(&mctx);
 
 	fflush(stdout);
 	if (ferror(stdout)) {
 		fprintf(stderr, "write error\n");
 		return (1);
-	} else {
+	} else
 		return (0);
-	}
 }

bin/dnssec/dnssec-importkey.docbook

@@ -39,7 +39,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-importkey.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -92,7 +92,7 @@ Specifies the label for a key pair in the crypto hardware\&.
 .sp
 When
 BIND
-9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&.
+9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&. It may be preceded by an optional OpenSSL engine name, followed by a colon, as in "pkcs11:\fIkeylabel\fR"\&.
 .sp
 When
 BIND
@@ -307,5 +307,5 @@ The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-keyfromlabel.c

@@ -19,8 +19,8 @@
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/mem.h>
-#include <isc/print.h>
 #include <isc/region.h>
+#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -39,7 +39,7 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
@@ -53,7 +53,8 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -l label [options] name\n\n", program);
+	fprintf(stderr, "    %s -l label [options] name\n\n",
+		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Required options:\n");
 	fprintf(stderr, "    -l label: label of the key pair\n");
@@ -68,25 +69,22 @@ usage(void) {
 	fprintf(stderr, "    -c class (default: IN)\n");
 	fprintf(stderr, "    -E <engine>:\n");
 #if USE_PKCS11
-	fprintf(stderr,
-		"        path to PKCS#11 provider library "
-		"(default is %s)\n",
-		PK11_LIB_LOCATION);
-#else  /* if USE_PKCS11 */
+	fprintf(stderr, "        path to PKCS#11 provider library "
+				"(default is %s)\n", PK11_LIB_LOCATION);
+#else
 	fprintf(stderr, "        name of an OpenSSL engine to use\n");
-#endif /* if USE_PKCS11 */
+#endif
 	fprintf(stderr, "    -f keyflag: KSK | REVOKE\n");
 	fprintf(stderr, "    -K directory: directory in which to place "
 			"key files\n");
 	fprintf(stderr, "    -k: generate a TYPE=KEY key\n");
 	fprintf(stderr, "    -L ttl: default key TTL\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | "
-			"OTHER\n");
+	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
 	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
 	fprintf(stderr, "    -p protocol: default: 3 [dnssec]\n");
 	fprintf(stderr, "    -t type: "
-			"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-			"(default: AUTHCONF)\n");
+		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+		"(default: AUTHCONF)\n");
 	fprintf(stderr, "    -y: permit keys that might collide\n");
 	fprintf(stderr, "    -v verbose level\n");
 	fprintf(stderr, "    -V: print version information\n");
@@ -104,73 +102,72 @@ usage(void) {
 	fprintf(stderr, "    -C: generate a backward-compatible key, omitting"
 			" all dates\n");
 	fprintf(stderr, "    -S <key>: generate a successor to an existing "
-			"key\n");
+				      "key\n");
 	fprintf(stderr, "    -i <interval>: prepublication interval for "
-			"successor key "
-			"(default: 30 days)\n");
+					   "successor key "
+					   "(default: 30 days)\n");
 	fprintf(stderr, "Output:\n");
 	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
 			"K<name>+<alg>+<id>.private\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *algname = NULL, *freeit = NULL;
-	char *nametype = NULL, *type = NULL;
-	const char *directory = NULL;
-	const char *predecessor = NULL;
-	dst_key_t *prevkey = NULL;
-	const char *engine = NULL;
-	char *classname = NULL;
-	char *endp;
-	dst_key_t *key = NULL;
-	dns_fixedname_t fname;
-	dns_name_t *name;
-	uint16_t flags = 0, kskflag = 0, revflag = 0;
-	dns_secalg_t alg;
-	bool oldstyle = false;
-	isc_mem_t *mctx = NULL;
-	int ch;
-	int protocol = -1, signatory = 0;
-	isc_result_t ret;
+	char		*algname = NULL, *freeit = NULL;
+	char		*nametype = NULL, *type = NULL;
+	const char	*directory = NULL;
+	const char	*predecessor = NULL;
+	dst_key_t	*prevkey = NULL;
+	const char	*engine = NULL;
+	char		*classname = NULL;
+	char		*endp;
+	dst_key_t	*key = NULL;
+	dns_fixedname_t	fname;
+	dns_name_t	*name;
+	uint16_t	flags = 0, kskflag = 0, revflag = 0;
+	dns_secalg_t	alg;
+	bool	oldstyle = false;
+	isc_mem_t	*mctx = NULL;
+	int		ch;
+	int		protocol = -1, signatory = 0;
+	isc_result_t	ret;
 	isc_textregion_t r;
-	char filename[255];
-	isc_buffer_t buf;
-	isc_log_t *log = NULL;
+	char		filename[255];
+	isc_buffer_t	buf;
+	isc_log_t	*log = NULL;
 	dns_rdataclass_t rdclass;
-	int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char *label = NULL;
-	dns_ttl_t ttl = 0;
-	isc_stdtime_t publish = 0, activate = 0, revoke = 0;
-	isc_stdtime_t inactive = 0, deltime = 0;
-	isc_stdtime_t now;
-	int prepub = -1;
-	bool setpub = false, setact = false;
-	bool setrev = false, setinact = false;
-	bool setdel = false, setttl = false;
-	bool unsetpub = false, unsetact = false;
-	bool unsetrev = false, unsetinact = false;
-	bool unsetdel = false;
-	bool genonly = false;
-	bool use_nsec3 = false;
-	bool avoid_collisions = true;
-	bool exact;
-	unsigned char c;
-	isc_stdtime_t syncadd = 0, syncdel = 0;
-	bool unsetsyncadd = false, setsyncadd = false;
-	bool unsetsyncdel = false, setsyncdel = false;
+	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+	char		*label = NULL;
+	dns_ttl_t	ttl = 0;
+	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
+	isc_stdtime_t	inactive = 0, deltime = 0;
+	isc_stdtime_t	now;
+	int		prepub = -1;
+	bool	setpub = false, setact = false;
+	bool	setrev = false, setinact = false;
+	bool	setdel = false, setttl = false;
+	bool	unsetpub = false, unsetact = false;
+	bool	unsetrev = false, unsetinact = false;
+	bool	unsetdel = false;
+	bool	genonly = false;
+	bool	use_nsec3 = false;
+	bool   avoid_collisions = true;
+	bool	exact;
+	unsigned char	c;
+	isc_stdtime_t	syncadd = 0, syncdel = 0;
+	bool	unsetsyncadd = false, setsyncadd = false;
+	bool	unsetsyncdel = false, setsyncdel = false;
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
-	isc_mem_create(&mctx);
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -179,7 +176,7 @@ main(int argc, char **argv) {
 
 #define CMDLINE_FLAGS "3A:a:Cc:D:E:Ff:GhI:i:kK:L:l:n:P:p:R:S:t:v:Vy"
 	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-		switch (ch) {
+	    switch (ch) {
 		case '3':
 			use_nsec3 = true;
 			break;
@@ -197,22 +194,20 @@ main(int argc, char **argv) {
 			break;
 		case 'f':
 			c = (unsigned char)(isc_commandline_argument[0]);
-			if (toupper(c) == 'K') {
+			if (toupper(c) == 'K')
 				kskflag = DNS_KEYFLAG_KSK;
-			} else if (toupper(c) == 'R') {
+			else if (toupper(c) == 'R')
 				revflag = DNS_KEYFLAG_REVOKE;
-			} else {
+			else
 				fatal("unknown flag '%s'",
 				      isc_commandline_argument);
-			}
 			break;
 		case 'K':
 			directory = isc_commandline_argument;
 			ret = try_dir(directory);
-			if (ret != ISC_R_SUCCESS) {
-				fatal("cannot open directory %s: %s", directory,
-				      isc_result_totext(ret));
-			}
+			if (ret != ISC_R_SUCCESS)
+				fatal("cannot open directory %s: %s",
+				      directory, isc_result_totext(ret));
 			break;
 		case 'k':
 			options |= DST_TYPE_KEY;
@@ -229,19 +224,17 @@ main(int argc, char **argv) {
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255) {
+			if (*endp != '\0' || protocol < 0 || protocol > 255)
 				fatal("-p must be followed by a number "
 				      "[0..255]");
-			}
 			break;
 		case 't':
 			type = isc_commandline_argument;
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case 'y':
 			avoid_collisions = false;
@@ -252,74 +245,67 @@ main(int argc, char **argv) {
 		case 'P':
 			/* -Psync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncadd || setsyncadd) {
+				if (unsetsyncadd || setsyncadd)
 					fatal("-P sync specified more than "
 					      "once");
-				}
 
 				syncadd = strtotime(isc_commandline_argument,
-						    now, now, &setsyncadd);
+						   now, now, &setsyncadd);
 				unsetsyncadd = !setsyncadd;
 				break;
 			}
 			/* -Pdnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setpub || unsetpub) {
+			if (setpub || unsetpub)
 				fatal("-P specified more than once");
-			}
 
-			publish = strtotime(isc_commandline_argument, now, now,
-					    &setpub);
+			publish = strtotime(isc_commandline_argument,
+					    now, now, &setpub);
 			unsetpub = !setpub;
 			break;
 		case 'A':
-			if (setact || unsetact) {
+			if (setact || unsetact)
 				fatal("-A specified more than once");
-			}
 
-			activate = strtotime(isc_commandline_argument, now, now,
-					     &setact);
+			activate = strtotime(isc_commandline_argument,
+					     now, now, &setact);
 			unsetact = !setact;
 			break;
 		case 'R':
-			if (setrev || unsetrev) {
+			if (setrev || unsetrev)
 				fatal("-R specified more than once");
-			}
 
-			revoke = strtotime(isc_commandline_argument, now, now,
-					   &setrev);
+			revoke = strtotime(isc_commandline_argument,
+					   now, now, &setrev);
 			unsetrev = !setrev;
 			break;
 		case 'I':
-			if (setinact || unsetinact) {
+			if (setinact || unsetinact)
 				fatal("-I specified more than once");
-			}
 
-			inactive = strtotime(isc_commandline_argument, now, now,
-					     &setinact);
+			inactive = strtotime(isc_commandline_argument,
+					     now, now, &setinact);
 			unsetinact = !setinact;
 			break;
 		case 'D':
 			/* -Dsync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncdel || setsyncdel) {
+				if (unsetsyncdel || setsyncdel)
 					fatal("-D sync specified more than "
 					      "once");
-				}
 
 				syncdel = strtotime(isc_commandline_argument,
-						    now, now, &setsyncdel);
+						   now, now, &setsyncdel);
 				unsetsyncdel = !setsyncdel;
 				break;
 			}
 			/* -Ddnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setdel || unsetdel) {
+			if (setdel || unsetdel)
 				fatal("-D specified more than once");
-			}
 
-			deltime = strtotime(isc_commandline_argument, now, now,
-					    &setdel);
+			deltime = strtotime(isc_commandline_argument,
+					    now, now, &setdel);
 			unsetdel = !setdel;
 			break;
 		case 'S':
@@ -329,14 +315,13 @@ main(int argc, char **argv) {
 			prepub = strtottl(isc_commandline_argument);
 			break;
 		case 'F':
-		/* Reserved for FIPS mode */
-		/* FALLTHROUGH */
+			/* Reserved for FIPS mode */
+			/* FALLTHROUGH */
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -346,40 +331,36 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	ret = dst_lib_init(mctx, engine);
-	if (ret != ISC_R_SUCCESS) {
-		fatal("could not initialize dst: %s", isc_result_totext(ret));
-	}
+	if (ret != ISC_R_SUCCESS)
+		fatal("could not initialize dst: %s",
+		      isc_result_totext(ret));
 
 	setup_logging(mctx, &log);
 
 	if (predecessor == NULL) {
-		if (label == NULL) {
+		if (label == NULL)
 			fatal("the key label was not specified");
-		}
-		if (argc < isc_commandline_index + 1) {
+		if (argc < isc_commandline_index + 1)
 			fatal("the key name was not specified");
-		}
-		if (argc > isc_commandline_index + 1) {
+		if (argc > isc_commandline_index + 1)
 			fatal("extraneous arguments");
-		}
 
 		name = dns_fixedname_initname(&fname);
 		isc_buffer_init(&buf, argv[isc_commandline_index],
 				strlen(argv[isc_commandline_index]));
 		isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
 		ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("invalid key name %s: %s",
 			      argv[isc_commandline_index],
 			      isc_result_totext(ret));
-		}
 
 		if (strchr(label, ':') == NULL) {
 			char *l;
@@ -421,32 +402,29 @@ main(int argc, char **argv) {
 				break;
 			default:
 				fatal("%s is incompatible with NSEC3; "
-				      "do not use the -3 option",
-				      algname);
+				      "do not use the -3 option", algname);
 			}
 		}
 
 		if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-			if (strcasecmp(type, "NOAUTH") == 0) {
+			if (strcasecmp(type, "NOAUTH") == 0)
 				flags |= DNS_KEYTYPE_NOAUTH;
-			} else if (strcasecmp(type, "NOCONF") == 0) {
+			else if (strcasecmp(type, "NOCONF") == 0)
 				flags |= DNS_KEYTYPE_NOCONF;
-			} else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+			else if (strcasecmp(type, "NOAUTHCONF") == 0)
 				flags |= (DNS_KEYTYPE_NOAUTH |
 					  DNS_KEYTYPE_NOCONF);
-			} else if (strcasecmp(type, "AUTHCONF") == 0) {
-				/* nothing */
-			} else {
+			else if (strcasecmp(type, "AUTHCONF") == 0)
+				/* nothing */;
+			else
 				fatal("invalid type %s", type);
-			}
 		}
 
 		if (!oldstyle && prepub > 0) {
-			if (setpub && setact && (activate - prepub) < publish) {
+			if (setpub && setact && (activate - prepub) < publish)
 				fatal("Activation and publication dates "
 				      "are closer together than the\n\t"
 				      "prepublication interval.");
-			}
 
 			if (!setpub && !setact) {
 				setpub = setact = true;
@@ -460,55 +438,43 @@ main(int argc, char **argv) {
 				publish = activate - prepub;
 			}
 
-			if ((activate - prepub) < now) {
+			if ((activate - prepub) < now)
 				fatal("Time until activation is shorter "
 				      "than the\n\tprepublication interval.");
-			}
 		}
 	} else {
 		char keystr[DST_KEY_FORMATSIZE];
 		isc_stdtime_t when;
 		int major, minor;
 
-		if (prepub == -1) {
+		if (prepub == -1)
 			prepub = (30 * 86400);
-		}
 
-		if (algname != NULL) {
+		if (algname != NULL)
 			fatal("-S and -a cannot be used together");
-		}
-		if (nametype != NULL) {
+		if (nametype != NULL)
 			fatal("-S and -n cannot be used together");
-		}
-		if (type != NULL) {
+		if (type != NULL)
 			fatal("-S and -t cannot be used together");
-		}
-		if (setpub || unsetpub) {
+		if (setpub || unsetpub)
 			fatal("-S and -P cannot be used together");
-		}
-		if (setact || unsetact) {
+		if (setact || unsetact)
 			fatal("-S and -A cannot be used together");
-		}
-		if (use_nsec3) {
+		if (use_nsec3)
 			fatal("-S and -3 cannot be used together");
-		}
-		if (oldstyle) {
+		if (oldstyle)
 			fatal("-S and -C cannot be used together");
-		}
-		if (genonly) {
+		if (genonly)
 			fatal("-S and -G cannot be used together");
-		}
 
 		ret = dst_key_fromnamedfile(predecessor, directory,
 					    DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
 					    mctx, &prevkey);
-		if (ret != ISC_R_SUCCESS) {
-			fatal("Invalid keyfile %s: %s", predecessor,
-			      isc_result_totext(ret));
-		}
-		if (!dst_key_isprivate(prevkey)) {
+		if (ret != ISC_R_SUCCESS)
+			fatal("Invalid keyfile %s: %s",
+			      predecessor, isc_result_totext(ret));
+		if (!dst_key_isprivate(prevkey))
 			fatal("%s is not a private key", predecessor);
-		}
 
 		name = dst_key_name(prevkey);
 		alg = dst_key_alg(prevkey);
@@ -516,106 +482,88 @@ main(int argc, char **argv) {
 
 		dst_key_format(prevkey, keystr, sizeof(keystr));
 		dst_key_getprivateformat(prevkey, &major, &minor);
-		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION) {
+		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
 			fatal("Key %s has incompatible format version %d.%d\n\t"
 			      "It is not possible to generate a successor key.",
 			      keystr, major, minor);
-		}
 
 		ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("Key %s has no activation date.\n\t"
 			      "You must use dnssec-settime -A to set one "
-			      "before generating a successor.",
-			      keystr);
-		}
+			      "before generating a successor.", keystr);
 
 		ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("Key %s has no inactivation date.\n\t"
 			      "You must use dnssec-settime -I to set one "
-			      "before generating a successor.",
-			      keystr);
-		}
+			      "before generating a successor.", keystr);
 
 		publish = activate - prepub;
-		if (publish < now) {
+		if (publish < now)
 			fatal("Key %s becomes inactive\n\t"
 			      "sooner than the prepublication period "
 			      "for the new key ends.\n\t"
 			      "Either change the inactivation date with "
 			      "dnssec-settime -I,\n\t"
 			      "or use the -i option to set a shorter "
-			      "prepublication interval.",
-			      keystr);
-		}
+			      "prepublication interval.", keystr);
 
 		ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
-		if (ret != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"%s: WARNING: Key %s has no removal "
-				"date;\n\t it will remain in the zone "
-				"indefinitely after rollover.\n\t "
-				"You can use dnssec-settime -D to "
-				"change this.\n",
-				program, keystr);
-		}
+		if (ret != ISC_R_SUCCESS)
+			fprintf(stderr, "%s: WARNING: Key %s has no removal "
+					"date;\n\t it will remain in the zone "
+					"indefinitely after rollover.\n\t "
+					"You can use dnssec-settime -D to "
+					"change this.\n", program, keystr);
 
 		setpub = setact = true;
 	}
 
 	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+		if ((options & DST_TYPE_KEY) != 0) /* KEY */
 			fatal("no nametype specified");
-		}
-		flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0) {
+		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
+	} else if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	} else if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
 		if (strcasecmp(nametype, "host") == 0 ||
-		    strcasecmp(nametype, "entity") == 0) {
+			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
-		} else if (strcasecmp(nametype, "user") == 0) {
+		else if (strcasecmp(nametype, "user") == 0)
 			flags |= DNS_KEYOWNER_USER;
-		} else {
+		else
 			fatal("invalid KEY nametype %s", nametype);
-		}
-	} else if (strcasecmp(nametype, "other") != 0) { /* DNSKEY */
+	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
 		fatal("invalid DNSKEY nametype %s", nametype);
-	}
 
 	rdclass = strtoclass(classname);
 
-	if (directory == NULL) {
+	if (directory == NULL)
 		directory = ".";
-	}
 
-	if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
 		flags |= signatory;
-	} else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
+	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
 		flags |= kskflag;
 		flags |= revflag;
 	}
 
-	if (protocol == -1) {
+	if (protocol == -1)
 		protocol = DNS_KEYPROTO_DNSSEC;
-	} else if ((options & DST_TYPE_KEY) == 0 &&
-		   protocol != DNS_KEYPROTO_DNSSEC) {
+	else if ((options & DST_TYPE_KEY) == 0 &&
+		 protocol != DNS_KEYPROTO_DNSSEC)
 		fatal("invalid DNSKEY protocol: %d", protocol);
-	}
 
 	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) {
+		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
 			fatal("specified null key with signing authority");
-		}
 	}
 
 	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
 	    alg == DNS_KEYALG_DH)
-	{
 		fatal("a key with algorithm '%s' cannot be a zone key",
 		      algname);
-	}
 
 	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
 
@@ -623,9 +571,9 @@ main(int argc, char **argv) {
 	ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass,
 #if USE_PKCS11
 				"pkcs11",
-#else  /* if USE_PKCS11 */
+#else
 				engine,
-#endif /* if USE_PKCS11 */
+#endif
 				label, NULL, mctx, &key);
 
 	if (ret != ISC_R_SUCCESS) {
@@ -633,8 +581,8 @@ main(int argc, char **argv) {
 		char algstr[DNS_SECALG_FORMATSIZE];
 		dns_name_format(name, namestr, sizeof(namestr));
 		dns_secalg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to get key %s/%s: %s", namestr, algstr,
-		      isc_result_totext(ret));
+		fatal("failed to get key %s/%s: %s",
+		      namestr, algstr, isc_result_totext(ret));
 		/* NOTREACHED */
 		exit(-1);
 	}
@@ -648,57 +596,48 @@ main(int argc, char **argv) {
 	if (!oldstyle) {
 		dst_key_settime(key, DST_TIME_CREATED, now);
 
-		if (genonly && (setpub || setact)) {
+		if (genonly && (setpub || setact))
 			fatal("cannot use -G together with -P or -A options");
-		}
 
-		if (setpub) {
+		if (setpub)
 			dst_key_settime(key, DST_TIME_PUBLISH, publish);
-		} else if (setact) {
+		else if (setact)
 			dst_key_settime(key, DST_TIME_PUBLISH, activate);
-		} else if (!genonly && !unsetpub) {
+		else if (!genonly && !unsetpub)
 			dst_key_settime(key, DST_TIME_PUBLISH, now);
-		}
 
-		if (setact) {
+		if (setact)
 			dst_key_settime(key, DST_TIME_ACTIVATE, activate);
-		} else if (!genonly && !unsetact) {
+		else if (!genonly && !unsetact)
 			dst_key_settime(key, DST_TIME_ACTIVATE, now);
-		}
 
 		if (setrev) {
-			if (kskflag == 0) {
-				fprintf(stderr,
-					"%s: warning: Key is "
+			if (kskflag == 0)
+				fprintf(stderr, "%s: warning: Key is "
 					"not flagged as a KSK, but -R "
 					"was used. Revoking a ZSK is "
 					"legal, but undefined.\n",
 					program);
-			}
 			dst_key_settime(key, DST_TIME_REVOKE, revoke);
 		}
 
-		if (setinact) {
+		if (setinact)
 			dst_key_settime(key, DST_TIME_INACTIVE, inactive);
-		}
 
-		if (setdel) {
+		if (setdel)
 			dst_key_settime(key, DST_TIME_DELETE, deltime);
-		}
-		if (setsyncadd) {
+		if (setsyncadd)
 			dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-		}
-		if (setsyncdel) {
+		if (setsyncdel)
 			dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-		}
+
 	} else {
-		if (setpub || setact || setrev || setinact || setdel ||
-		    unsetpub || unsetact || unsetrev || unsetinact ||
-		    unsetdel || genonly || setsyncadd || setsyncdel)
-		{
+		if (setpub || setact || setrev || setinact ||
+		    setdel || unsetpub || unsetact ||
+		    unsetrev || unsetinact || unsetdel || genonly ||
+		    setsyncadd || setsyncdel)
 			fatal("cannot use -C together with "
 			      "-P, -A, -R, -I, -D, or -G options");
-		}
 		/*
 		 * Compatibility mode: Private-key-format
 		 * should be set to 1.2.
@@ -707,9 +646,8 @@ main(int argc, char **argv) {
 	}
 
 	/* Set default key TTL */
-	if (setttl) {
+	if (setttl)
 		dst_key_setttl(key, ttl);
-	}
 
 	/*
 	 * Do not overwrite an existing key.  Warn LOUDLY if there
@@ -719,26 +657,21 @@ main(int argc, char **argv) {
 	if (key_collision(key, name, directory, mctx, &exact)) {
 		isc_buffer_clear(&buf);
 		ret = dst_key_buildfilename(key, 0, directory, &buf);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("dst_key_buildfilename returned: %s\n",
 			      isc_result_totext(ret));
-		}
-		if (exact) {
+		if (exact)
 			fatal("%s: %s already exists\n", program, filename);
-		}
 
-		if (avoid_collisions) {
+		if (avoid_collisions)
 			fatal("%s: %s could collide with another key upon "
-			      "revokation\n",
-			      program, filename);
-		}
+			      "revokation\n", program, filename);
 
-		fprintf(stderr,
-			"%s: WARNING: Key %s could collide with "
-			"another key upon revokation.  If you plan "
-			"to revoke keys, destroy this key and "
-			"generate a different one.\n",
-			program, filename);
+		fprintf(stderr, "%s: WARNING: Key %s could collide with "
+				"another key upon revokation.  If you plan "
+				"to revoke keys, destroy this key and "
+				"generate a different one.\n",
+				program, filename);
 	}
 
 	ret = dst_key_tofile(key, options, directory);
@@ -751,27 +684,24 @@ main(int argc, char **argv) {
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS) {
+	if (ret != ISC_R_SUCCESS)
 		fatal("dst_key_buildfilename returned: %s\n",
 		      isc_result_totext(ret));
-	}
 	printf("%s\n", filename);
 	dst_key_free(&key);
-	if (prevkey != NULL) {
+	if (prevkey != NULL)
 		dst_key_free(&prevkey);
-	}
 
 	cleanup_logging(&log);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	dns_name_destroy();
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
 	isc_mem_free(mctx, label);
 	isc_mem_destroy(&mctx);
 
-	if (freeit != NULL) {
+	if (freeit != NULL)
 		free(freeit);
-	}
 
 	return (0);
 }

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -44,7 +44,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -173,7 +172,9 @@
 	  <para>
 	    When <acronym>BIND</acronym> 9 is built with OpenSSL-based
 	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
+	    identifies a particular key.  It may be preceded by an
+	    optional OpenSSL engine name, followed by a colon, as in
+	    "pkcs11:<replaceable>keylabel</replaceable>".
 	  </para>
 	  <para>
 	    When <acronym>BIND</acronym> 9 is built with native PKCS#11

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -146,7 +146,9 @@
 	  <p>
 	    When <acronym class="acronym">BIND</acronym> 9 is built with OpenSSL-based
 	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
+	    identifies a particular key.  It may be preceded by an
+	    optional OpenSSL engine name, followed by a colon, as in
+	    "pkcs11:<em class="replaceable"><code>keylabel</code></em>".
 	  </p>
 	  <p>
 	    When <acronym class="acronym">BIND</acronym> 9 is built with native PKCS#11

bin/dnssec/dnssec-keygen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 dnssec-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-keygen\fR\ 'u
-\fBdnssec\-keygen\fR [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-d\ \fR\fB\fIbits\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIpolicy\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-l\ \fR\fB\fIfile\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-T\ \fR\fB\fIrrtype\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
@@ -109,11 +109,6 @@ option suppresses them\&.
 Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&.
 .RE
 .PP
-\-d \fIbits\fR
-.RS 4
-Key size in bits\&. For the algorithms RSASHA1, NSEC3RSASA1, RSASHA256 and RSASHA512 the key size must be in range 1024\-4096\&. DH size is between 128 and 4096\&. This option is ignored for algorithms ECDSAP256SHA256, ECDSAP384SHA384, ED25519 and ED448\&.
-.RE
-.PP
 \-E \fIengine\fR
 .RS 4
 Specifies the cryptographic hardware to use, when applicable\&.
@@ -147,17 +142,6 @@ Prints a short summary of the options and arguments to
 Sets the directory in which the key files are to be written\&.
 .RE
 .PP
-\-k \fIpolicy\fR
-.RS 4
-Create keys for a specific dnssec\-policy\&. If a policy uses multiple keys,
-\fBdnssec\-keygen\fR
-will generate multiple keys\&. This will also create a "\&.state" file to keep track of the key state\&.
-.sp
-This option creates keys according to the dnssec\-policy configuration, hence it cannot be used together with many of the other options that
-\fBdnssec\-keygen\fR
-provides\&.
-.RE
-.PP
 \-L \fIttl\fR
 .RS 4
 Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. If this value is not set and there is no existing DNSKEY RRset, the TTL will default to the SOA TTL\&. Setting the default TTL to
@@ -167,12 +151,6 @@ none
 is the same as leaving it unset\&.
 .RE
 .PP
-\-l \fIfile\fR
-.RS 4
-Provide a configuration file that contains a dnssec\-policy statement (matching the policy set with
-\fB\-k\fR)\&.
-.RE
-.PP
 \-n \fInametype\fR
 .RS 4
 Specifies the owner type of the key\&. The value of
@@ -374,5 +352,5 @@ RFC 4034\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2005, 2007-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br