system tests: if USE_RR environmental variable is set then the tests are run under rr in chaos mode

.clang-format

@@ -1,73 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: false
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        5
-  - Regex:           '^<(pk11|pkcs11)/'
-    Priority:        10
-  - Regex:           '^<dns/'
-    Priority:        15
-  - Regex:           '^<dst/'
-    Priority:        20
-  - Regex:           '^<isccc/'
-    Priority:        25
-  - Regex:           '^<isccfg/'
-    Priority:        30
-  - Regex:           '^<ns/'
-    Priority:        35
-  - Regex:           '^<irs/'
-    Priority:        40
-  - Regex:           '^<bind9/'
-    Priority:        45
-  - Regex:           '^<(dig|named|rndc|confgen|dlz)/'
-    Priority:        50
-  - Regex:           '^<dlz_'
-    Priority:        55
-  - Regex:           '^".*"'
-    Priority:        99
-  - Regex:           '<openssl/'
-    Priority:        1
-  - Regex:           '<(mysql|protobuf-c)/'
-    Priority:        1
-  - Regex:           '.*'
-    Priority:        0
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.clang-format.headers

@@ -1,61 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: true
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        2
-  - Regex:           '^<dns/'
-    Priority:        3
-  - Regex:           '^<iscccc/'
-    Priority:        4
-  - Regex:           '^<isccfg/'
-    Priority:        5
-  - Regex:           '^<ns/'
-    Priority:        6
-  - Regex:           '^<bind9/)'
-    Priority:        7
-  - Regex:           '^(<[^/]*)/)'
-    Priority:        8
-  - Regex:           '<[[:alnum:].]+>'
-    Priority:        1
-  - Regex:           '".*"'
-    Priority:        9
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.gitattributes

@@ -1,11 +1,2 @@
 *.sln.in eol=crlf
 *.vcxproj.* eol=crlf
-
-.gitignore			 export-ignore
-/conftools			 export-ignore
-/doc/design			 export-ignore
-/doc/dev			 export-ignore
-/util/**			 export-ignore
-/util/bindkeys.pl		-export-ignore
-/util/check-make-install.in	-export-ignore
-/util/mksymtbl.pl		-export-ignore

.gitignore

@@ -60,5 +60,3 @@ timestamp
 /compile_commands.json
 /cppcheck_html/
 /cppcheck.results
-/tsan
-/util/check-make-install

.gitlab/issue_templates/Release.md

@@ -2,6 +2,8 @@
 
 **Tagging Deadline:**
 
+**ASN Deadline:**
+
 **Public Release:**
 
 ## Release Checklist
@@ -10,7 +12,6 @@
 
  - [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
  - [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- - [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
 
 ## Before the Tagging Deadline
 
@@ -32,22 +33,21 @@
 
 ## Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
 
- - [ ] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- - [ ] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- - [ ] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- - [ ] ***(QA)*** Verify tarball signatures and check tarball checksums again.
+ - [ ] ***(QA)*** Run the `make release` Jenkins jobs to produce the tarballs and zips.
+ - [ ] ***(QA)*** Verify the results of `make release` Jenkins jobs and prepare a QA report for the releases to be published.
+ - [ ] ***(QA)*** Request signatures for the tarballs.
+ - [ ] ***(Signers)*** Sign the tarballs.
+ - [ ] ***(QA)*** Check tarball signatures.
+ - [ ] ***(QA)*** Notify Support that the releases are ready for publication.
  - [ ] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
  - [ ] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- - [ ] ***(QA)*** Notify Support that the releases have been prepared.
  - [ ] ***(Support)*** Send out ASNs (if applicable).
 
 ## On the Day of Public Release
 
- - [ ] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- - [ ] ***(Support)*** Place tarballs in public location on FTP site.
- - [ ] ***(Support)*** Publish links to downloads on ISC website.
- - [ ] ***(Support)*** Write release email to *bind-announce*.
- - [ ] ***(Support)*** Write email to *bind-users* (if a major release).
+ - [ ] ***(Support)*** Publish the releases according to the release schedule.
+ - [ ] ***(Support)*** Write release email to *bind9-announce*.
+ - [ ] ***(Support)*** Write email to *bind9-users* (if a major release).
  - [ ] ***(Support)*** Update tickets in case of waiting support customers.
  - [ ] ***(QA)*** Build and test any outstanding private packages.
  - [ ] ***(QA)*** Build public packages (`*.deb`, RPMs).
@@ -59,7 +59,6 @@
  - [ ] ***(QA)*** Ensure all new tags are annotated and signed.
  - [ ] ***(SwEng)*** Push tags for the published releases to the public repository.
  - [ ] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- - [ ] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check:sid:amd64` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
 
 [^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
 

.uncrustify.cfg

@@ -24,7 +24,7 @@ string_escape_char2                      = 0        # number
 # Improvements to template detection may make this option obsolete.
 tok_split_gte                            = false    # false/true
 
-# Control what to do with the UTF-8 BOM (recommend 'remove')
+# Control what to do with the UTF-8 BOM (recommed 'remove')
 utf8_bom                                 = ignore   # ignore/add/remove/force
 
 # If the file only contains chars between 128 and 255 and is not UTF-8, then output as UTF-8
@@ -1352,7 +1352,7 @@ cmt_insert_func_header                   = ""         # string
 # Will substitute $(class) with the class name.
 cmt_insert_class_header                  = ""         # string
 
-# The filename that contains text to insert before a Obj-C message specification if the method isn't preceded with a C/C++ comment.
+# The filename that contains text to insert before a Obj-C message specification if the method isn't preceeded with a C/C++ comment.
 # Will substitute $(message) with the function name and $(javaparam) with the javadoc @param and @return stuff.
 cmt_insert_oc_msg_header                 = ""         # string
 

CHANGES

@@ -1,160 +1,13 @@
-5369.	[func]		Add the ability to specify whether or not to wait
-			for nameserver domain names to be looked up, with
-			a new RPZ modifying directive 'nsdname-wait-recurse'.
-			[GL #1138]
-
-5368.	[bug]		Named failed to restart if 'rndc addzone' names
-			contained special characters (e.g. '/'). [GL #1655]
-
-5367.	[placeholder]
-
-	--- 9.17.0 released ---
-
-5366.	[bug]		Fix a race condition with the keymgr when the same
-			zone plus dnssec-policy is configured in multiple
-			views. [GL #1653]
-
-5365.	[bug]		Algorithm rollover was stuck on submitting DS
-			because keymgr thought it would move to an invalid
-			state.  Fixed by checking the current key against
-			the desired state, not the existing state. [GL #1626]
-
-5364.	[bug]		Algorithm rollover waited too long before introducing
-			zone signatures.  It waited to make sure all signatures
-			were regenerated, but when introducing a new algorithm,
-			all signatures are regenerated immediately.  Only
-			add the sign delay if there is a predecessor key.
-			[GL #1625]
-
-5363.	[bug]		When changing a dnssec-policy, existing keys with
-			properties that no longer match were not being retired.
-			[GL #1624]
-
-5362.	[func]		Limit the size of IXFR responses so that AXFR will
-			be used instead if it would be smaller. This is
-			controlled by the "max-ixfr-ratio" option, which
-			is a percentage representing the ratio of IXFR size
-			to the size of the entire zone. This value cannot
-			exceed 100%, which is the default. [GL #1515]
-
-5361.	[bug]		named might not accept new connections after
-			hitting tcp-clients quota. [GL #1643]
-
-5360.	[bug]		delv could fail to load trust anchors in DNSKEY
-			format. [GL #1647]
-
-5359.	[func]		"rndc nta -d" and "rndc secroots" now include
-			"validate-except" entries when listing negative
-			trust anchors. These are indicated by the keyword
-			"permanent" in place of an expiry date. [GL #1532]
-
-5358.	[bug]		Inline master zones whose master files were touched
-			but otherwise unchanged and were subsequently reloaded
-			may have stopped re-signing. [GL !3135]
-
-5357.	[bug]		Newly added RRSIG records with expiry times before
-			the previous earliest expiry times might not be
-			re-signed in time.  This was a side effect of 5315.
-			[GL !3137]
-
-5356.	[func]		Update dnssec-policy configuration statements:
-			- Rename "zone-max-ttl" dnssec-policy option to
-			  "max-zone-ttl" for consistency with the existing
-			  zone option.
-			- Allow for "lifetime unlimited" as a synonym for
-			  "lifetime PT0S".
-			- Make "key-directory" optional.
-			- Warn if specifying a key length does not make
-			  sense; fail if key length is out of range for
-			  the algorithm.
-			- Allow use of mnemonics when specifying key
-			  algorithm (e.g. "rsasha256", "ecdsa384", etc.).
-			- Make ISO 8601 durations case-insensitive.
-			[GL #1598]
-
-5355.	[func]		What was set with --with-tuning=large option in
-			older BIND9 versions is now a default, and
-			a --with-tuning=small option was added for small
-			(e.g. OpenWRT) systems. [GL !2989]
-
-5354.	[bug]		dnssec-policy created new KSK keys for zones in the
-			initial stage of signing (with the DS not yet in the
-			rumoured or omnipresent states).  Fix by checking the
-			key goals rather than the active state when determining
-			whether new keys are needed. [GL #1593]
-
-5353.	[doc]		Document port and dscp parameters in forwarders
-			configuration option. [GL #914]
-
-5352.	[bug]		Correctly handle catalog zone entries containing
-			characters that aren't legal in filenames. [GL #1592]
-
-5351.	[bug]		CDS / CDNSKEY consistency checks failed to handle
-			removal records. [GL #1554]
-
-5350.	[bug]		When a view was configured with class CHAOS, the
-			server could crash while processing a query for a
-			non-existent record. [GL #1540]
-
-5349.	[bug]		Fix a race in task_pause/unpause. [GL #1571]
-
-5348.	[bug]		dnssec-settime -Psync was not being honoured.
-			[GL !2893]
-
-	--- 9.15.8 released ---
-
-5347.	[bug]		Fixed a bug that could cause an intermittent crash
-			in validator.c when validating a negative cache
-			entry. [GL #1561]
-
-5346.	[bug]		Make hazard pointer array allocations dynamic, fixing
-			a bug that caused named to crash on machines with more
-			than 40 cores. [GL #1493]
-
-5345.	[func]		Key-style trust anchors and DS-style trust anchors
-			can now both be used for the same name. [GL #1237]
-
-5344.	[bug]		Handle accept() errors properly in netmgr. [GL !2880]
-
-5343.	[func]		Add statistics counters to the netmgr. [GL #1311]
-
-5342.	[bug]		Disable pktinfo for IPv6 and bind to each interface
-			explicitly instead, because libuv doesn't support
-			pktinfo control messages. [GL #1558]
-
-5341.	[func]		Simplify passing the bound TCP socket to child
-			threads by using isc_uv_export/import functions.
-			[GL !2825]
-
-5340.	[bug]		Don't deadlock when binding to a TCP socket fails.
-			[GL #1499]
-
-5339.	[bug]		With some libmaxminddb versions, named could erroneously
-			match an IP address not belonging to any subnet defined
-			in a given GeoIP2 database to one of the existing
-			entries in that database. [GL #1552]
-
-5338.	[bug]		Fix line spacing in `rndc secroots`.
-			Thanks to Tony Finch. [GL !2478]
-
-5337.	[func]		'named -V' now reports maxminddb and protobuf-c
-			versions. [GL !2686]
-
-	--- 9.15.7 released ---
-
-5336.	[bug]		The TCP high-water statistic could report an
-			incorrect value on startup. [GL #1392]
-
 5335.	[func]		Make TCP listening code multithreaded. [GL !2659]
 
 5334.	[doc]		Update documentation with dnssec-policy clarifications.
-			Also change some defaults. [GL !2711]
+			Also change some defaults.
 
 5333.	[bug]		Fix duration printing on Solaris when value is not
 			an ISO 8601 duration. [GL #1460]
 
 5332.	[func]		Renamed "dnssec-keys" configuration statement
-			to the more descriptive "trust-anchors". [GL !2702]
+			to the more descriptive "trust-anchors".
 
 5331.	[func]		Use compiler-provided mechanisms for thread local
 			storage, and make the requirement for such mechanisms
@@ -173,7 +26,7 @@
 			dropped because the recursive-clients quota was
 			exceeded. [GL #1399]
 
-5326.	[bug]		Add Python dependency on 'distutils.core' to configure.
+5326.	[bug]		Add python dependancy on 'distutils.core' to configure.
 			'distutils.core' is required for installation.
 			[GL #1397]
 
@@ -183,7 +36,7 @@
 			close all open sockets during shutdown. [GL #1312]
 
 5324.	[bug]		Change the category of some log messages from general
-			to the more appropriate catergory of xfer-in. [GL #1394]
+			to the more appopriate catergory of xfer-in. [GL #1394]
 
 5323.	[bug]		Fix a bug in DNSSEC trust anchor verification.
 			[GL !2609]
@@ -231,7 +84,7 @@
 
 			See the ARM for configuration details. [GL #1134]
 
-5315.	[bug]		Apply the initial RRSIG expiration spread fixed
+5315.	[bug]		Apply the inital RRSIG expiration spread fixed
 			to all dynamically created records in the zone
 			including NSEC3. Also fix the signature clusters
 			when the server has been offline for prolonged
@@ -1444,7 +1297,7 @@
 4965.	[func]		Add support for marking options as deprecated.
 			[GL #322]
 
-4964.	[bug]		Reduce the probability of double signature when deleting
+4964.	[bug]		Reduce the probabilty of double signature when deleting
 			a DNSKEY by checking if the node is otherwise signed
 			by the algorithm of the key to be deleted. [GL #240]
 
@@ -1528,7 +1381,7 @@
 			for unsigned zones since change 4596. [GL #209]
 
 4945.	[func]		BIND can no longer be built without DNSSEC support.
-			A cryptography provider (i.e., OpenSSL or a hardware
+			A cryptography provder (i.e., OpenSSL or a hardware
 			service module with PKCS#11 support) must be
 			available. [GL #244]
 
@@ -1587,7 +1440,7 @@
 			dig (+[no]raflag, +[no]tcflag). [GL #213]
 
 4928.	[func]		The "dnskey-sig-validity" option allows
-			"sig-validity-interval" to be overridden for signatures
+			"sig-validity-interval" to be overriden for signatures
 			covering DNSKEY RRsets. [GL #145]
 
 4927.	[placeholder]
@@ -1926,7 +1779,7 @@
 			[RT #46725]
 
 4831.	[bug]		Convert the RRSIG expirytime to 64 bits for
-			comparisons in diff.c:resign. [RT #46710]
+			comparisions in diff.c:resign. [RT #46710]
 
 4830.	[bug]		Failure to configure ATF when requested did not cause
 			an error in top-level configure script. [RT #46655]
@@ -2152,7 +2005,7 @@
 			used to append a formatted string to the used region of
 			a buffer. [RT #46201]
 
-4766.	[cleanup]	Address Coverity warnings. [RT #46150]
+4766.	[cleanup]	Addresss Coverity warnings. [RT #46150]
 
 4765.	[bug]		Address potential INSIST in dnssec-cds. [RT #46150]
 
@@ -2346,7 +2199,7 @@
 
 4719.	[bug]		Address PVS static analyzer warnings. [RT #45946]
 
-4718.	[func]		Avoid searching for a owner name compression pointer
+4718.	[func]		Avoid seaching for a owner name compression pointer
 			more than once when writing out a RRset. [RT #45802]
 
 4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
@@ -6491,7 +6344,7 @@
 
 3518.	[bug]		Increase the size of dns_rrl_key.s.rtype by one bit
 			so that all dns_rrl_rtype_t enum values fit regardless
-			of whether it is treated as signed or unsigned by
+			of whether it is teated as signed or unsigned by
 			the compiler. [RT #32792]
 
 3517.	[bug]		Reorder destruction to avoid shutdown race. [RT #32777]
@@ -7566,7 +7419,7 @@
 
 	--- 9.9.0b1 released ---
 
-3186.	[bug]		Version/db mismatch in rpz code. [RT #26180]
+3186.	[bug]		Version/db mis-match in rpz code. [RT #26180]
 
 3185.	[func]		New 'rndc signing' option for auto-dnssec zones:
 			 - 'rndc signing -list' displays the current
@@ -8231,7 +8084,7 @@
 2998.	[func]		Add isc_task_beginexclusive and isc_task_endexclusive
 			to the task api. [RT #22776]
 
-2997.	[func]		named -V now reports the OpenSSL and libxml2 versions
+2997.	[func]		named -V now reports the OpenSSL and libxml2 verions
 			it was compiled against. [RT #22687]
 
 2996.	[security]	Temporarily disable SO_ACCEPTFILTER support.
@@ -11214,7 +11067,7 @@
 2096.	[bug]		libbind: handle applications that fail to detect
 			res_init() failures better.
 
-2095.	[port]		libbind: always prototype inet_cidr_ntop_ipv6() and
+2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
 			net_cidr_ntop_ipv6(). [RT #16388]
 
 2094.	[contrib]	Update named-bootconf.  [RT #16404]
@@ -11270,7 +11123,7 @@
 2076.	[bug]		Several files were missing #include <config.h>
 			causing build failures on OSF. [RT #16341]
 
-2075.	[bug]		The spillat timer event handler could leak memory.
+2075.	[bug]		The spillat timer event hander could leak memory.
 			[RT #16357]
 
 2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
@@ -12032,7 +11885,7 @@
 
 1831.	[doc]		Update named-checkzone documentation. [RT #13604]
 
-1830.	[bug]		adb lame cache has sense of test reversed. [RT #13600]
+1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]
 
 1829.	[bug]		win32: "pid-file none;" broken. [RT #13563]
 
@@ -12143,7 +11996,7 @@
 1796.	[func]		"rndc freeze/thaw" now freezes/thaws all zones.
 
 1795.	[bug]		"rndc dumpdb" was not fully documented.  Minor
-			formatting issues with "rndc dumpdb -all".  [RT #13396]
+			formating issues with "rndc dumpdb -all".  [RT #13396]
 
 1794.	[func]		Named and named-checkzone can now both check for
 			non-terminal wildcard records.
@@ -13320,7 +13173,7 @@
 			acl.
 
 1393.	[port]		Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
-			is not available in the kernel to prevent accidentally
+			is not available in the kernel to prevent accidently
 			listening on IPv4 interfaces.
 
 1392.	[bug]		named-checkzone: update usage.
@@ -15048,7 +14901,7 @@
  839.	[func]		Dump packets for which there was no view or that the
 			class could not be determined to category "unmatched".
 
- 838.	[port]		UnixWare 7.x.x is now supported by
+ 838.	[port]		UnixWare 7.x.x is now suported by
 			bin/tests/system/ifconfig.sh.
 
  837.	[cleanup]	Multi-threading is now enabled by default only on

CONTRIBUTING

@@ -99,7 +99,7 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the ISC Security Officer public key.
 
-Do not discuss undisclosed security vulnerabilities on any public mailing
+Do not discuss undisclosed security vulnerabilites on any public mailing
 list. ISC has a long history of handling reported vulnerabilities promptly
 and effectively and we respect and acknowledge responsible reporters.
 

CONTRIBUTING.md

@@ -107,7 +107,7 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
 
-Do not discuss undisclosed security vulnerabilities on any public mailing list.
+Do not discuss undisclosed security vulnerabilites on any public mailing list.
 ISC has a long history of handling reported vulnerabilities promptly and
 effectively and we respect and acknowledge responsible reporters.
 

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2020  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")
 
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this

HISTORY

@@ -2,21 +2,6 @@ HISTORY
 
 Functional enhancements from prior major releases of BIND 9
 
-BIND 9.16
-
-BIND 9.16 (a stable branch based on the 9.15 development branch) includes
-a number of changes from BIND 9.14 and earlier releases. New features
-include:
-
-  * New dnssec-policy statement to configure a key and signing policy for
-    zones, enabling automatic key regeneration and rollover.
-  * New network manager based on libuv.
-  * Added support for the new GeoIP2 geolocation API, libmaxminddb.
-  * Improved DNSSEC trust anchor configuration using the trust-anchors
-    statement, permitting configuration of trust anchors in DS as well as
-    DNSKEY format.
-  * YAML output for dig, mdig, and delv.
-
 BIND 9.14
 
 BIND 9.14 (a stable branch based on the 9.13 development branch) includes
@@ -158,7 +143,7 @@ releases. New features include:
   * "rndc modzone" reconfigures a single zone, without requiring the
     entire server to be reconfigured.
   * "rndc showzone" displays the current configuration of a zone.
-  * "rndc managed-keys" can be used to check the status of RFC 5011
+  * "rndc managed-keys" can be used to check the status of RFC 5001
     managed trust anchors, or to force trust anchors to be refreshed.
   * "max-cache-size" can now be set to a percentage of available memory.
     The default is 90%.
@@ -530,8 +515,8 @@ BIND 9.4.0
   * dig: report the number of extra bytes still left in the packet after
     processing all the records.
   * Support for IPSECKEY rdata type.
-  * Raise the UDP receive buffer size to 32k if it is less than 32k.
-  * x86 and x86_64 now have separate atomic locking implementations.
+  * Raise the UDP recieve buffer size to 32k if it is less than 32k.
+  * x86 and x86_64 now have seperate atomic locking implementations.
   * named-checkconf now validates update-policy entries.
   * Attempt to make the amount of work performed in a iteration self
     tuning. The covers nodes clean from the cache per iteration, nodes
@@ -548,8 +533,8 @@ BIND 9.4.0
   * dig now warns if 'RA' is not set in the answer when 'RD' was set in
     the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
     is set unless a server is explicitly set.
-  * Integrate contributed DLZ code into named.
-  * Integrate contributed IDN code from JPNIC.
+  * Integrate contibuted DLZ code into named.
+  * Integrate contibuted IDN code from JPNIC.
   * libbind: corresponds to that from BIND 8.4.7.
 
 BIND 9.3.0

HISTORY.md

@@ -10,21 +10,6 @@
 -->
 ### Functional enhancements from prior major releases of BIND 9
 
-#### BIND 9.16
-
-BIND 9.16 (a stable branch based on the 9.15 development branch)
-includes a number of changes from BIND 9.14 and earlier releases.
-New features include:
-
-* New `dnssec-policy` statement to configure a key and signing policy
-  for zones, enabling automatic key regeneration and rollover.
-* New network manager based on `libuv`.
-* Added support for the new GeoIP2 geolocation API, `libmaxminddb`.
-* Improved DNSSEC trust anchor configuration using the `trust-anchors`
-  statement, permitting configuration of trust anchors in DS as well as
-  DNSKEY format.
-* YAML output for `dig`, `mdig`, and `delv`.
-
 #### BIND 9.14
 
 BIND 9.14 (a stable branch based on the 9.13 development branch)
@@ -165,7 +150,7 @@ releases.  New features include:
 - "rndc modzone" reconfigures a single zone, without requiring the entire
   server to be reconfigured.
 - "rndc showzone" displays the current configuration of a zone.
-- "rndc managed-keys" can be used to check the status of RFC 5011 managed
+- "rndc managed-keys" can be used to check the status of RFC 5001 managed
   trust anchors, or to force trust anchors to be refreshed.
 - "max-cache-size" can now be set to a percentage of available memory. The
   default is 90%.
@@ -548,8 +533,8 @@ BIND 9.4.0
 - dig: report the number of extra bytes still left in the packet after
   processing all the records.
 - Support for IPSECKEY rdata type.
-- Raise the UDP receive buffer size to 32k if it is less than 32k.
-- x86 and x86_64 now have separate atomic locking implementations.
+- Raise the UDP recieve buffer size to 32k if it is less than 32k.
+- x86 and x86_64 now have seperate atomic locking implementations.
 - named-checkconf now validates update-policy entries.
 - Attempt to make the amount of work performed in a iteration self tuning.
   The covers nodes clean from the cache per iteration, nodes written to
@@ -566,8 +551,8 @@ BIND 9.4.0
 - dig now warns if 'RA' is not set in the answer when 'RD' was set in the
   query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
   unless a server is explicitly set.
-- Integrate contributed DLZ code into named.
-- Integrate contributed IDN code from JPNIC.
+- Integrate contibuted DLZ code into named.
+- Integrate contibuted IDN code from JPNIC.
 - libbind: corresponds to that from BIND 8.4.7.
 
 #### BIND 9.3.0

PLATFORMS

@@ -17,7 +17,7 @@ The following C11 features are used in BIND 9:
     the form of C11 _Thread_local/thread_local, the __thread GCC
     extension, or the __declspec(thread) MSVC extension on Windows.
 
-BIND 9.17 requires a fairly recent version of libuv (at least 1.x). For
+BIND 9.15 requires a fairly recent version of libuv (at least 1.x). For
 some of the older systems listed below, you will have to install an
 updated libuv package from sources such as EPEL, PPA, or other native
 sources for updated packages. The other option is to build and install
@@ -34,15 +34,15 @@ offer support on a "best effort" basis for some.
 
 Regularly tested platforms
 
-As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
+As of Dec 2019, BIND 9.15 is fully supported and regularly tested on the
 following systems:
 
   * Debian 9, 10
   * Ubuntu LTS 16.04, 18.04
-  * Fedora 31
+  * Fedora 30
   * Red Hat Enterprise Linux / CentOS 7, 8
-  * FreeBSD 11.3, 12.1
-  * OpenBSD 6.6
+  * FreeBSD 11.3, 12.0
+  * OpenBSD 6.5
   * Alpine Linux
 
 The amd64, i386, armhf and arm64 CPU architectures are all fully
@@ -86,7 +86,7 @@ platforms.
 
 Unsupported platforms
 
-These are platforms on which BIND 9.17 is known not to build or run:
+These are platforms on which BIND 9.15 is known not to build or run:
 
   * Platforms without at least OpenSSL 1.0.2
   * Windows 10 / x86

PLATFORMS.md

@@ -25,7 +25,7 @@ The following C11 features are used in BIND 9:
   of C11 `_Thread_local`/`thread_local`, the `__thread` GCC extension, or
   the `__declspec(thread)` MSVC extension on Windows.
 
-BIND 9.17 requires a fairly recent version of `libuv` (at least 1.x).  For
+BIND 9.15 requires a fairly recent version of `libuv` (at least 1.x).  For
 some of the older systems listed below, you will have to install an updated
 `libuv` package from sources such as EPEL, PPA, or other native sources for
 updated packages. The other option is to build and install `libuv` from
@@ -42,15 +42,15 @@ offer support on a "best effort" basis for some.
 
 ### Regularly tested platforms
 
-As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
+As of Dec 2019, BIND 9.15 is fully supported and regularly tested on the
 following systems:
 
 * Debian 9, 10
 * Ubuntu LTS 16.04, 18.04
-* Fedora 31
+* Fedora 30
 * Red Hat Enterprise Linux / CentOS 7, 8
-* FreeBSD 11.3, 12.1
-* OpenBSD 6.6
+* FreeBSD 11.3, 12.0
+* OpenBSD 6.5
 * Alpine Linux
 
 The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
@@ -93,7 +93,7 @@ platforms.
 
 ## Unsupported platforms
 
-These are platforms on which BIND 9.17 is known *not* to build or run:
+These are platforms on which BIND 9.15 is known *not* to build or run:
 
 * Platforms without at least OpenSSL 1.0.2
 * Windows 10 / x86

README

@@ -7,7 +7,7 @@ Contents
  1. Introduction
  2. Reporting bugs and getting help
  3. Contributing to BIND
- 4. BIND 9.17 features
+ 4. BIND 9.15 features
  5. Building BIND
  6. macOS
  7. Dependencies
@@ -69,10 +69,7 @@ named-checkconf -px.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in named, please do NOT use GitLab to
-report it. Instead, send mail to security-officer@isc.org using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at https://www.isc.org/pgpkey.) Please do not
-discuss the bug on any public mailing list.
+report it. Instead, please send mail to security-officer@isc.org.
 
 For a general overview of ISC security policies, read the Knowledge Base
 article at https://kb.isc.org/docs/aa-00861.
@@ -109,15 +106,19 @@ If you prefer, you may also submit code by opening a GitLab Issue and
 including your patch as an attachment, preferably generated by git
 format-patch.
 
-BIND 9.17 features
+BIND 9.15 features
 
-BIND 9.17 is the newest development branch of BIND 9. It includes a number
-of changes from BIND 9.16 and earlier releases. New features include:
+BIND 9.15 is the newest development branch of BIND 9. It includes a number
+of changes from BIND 9.14 and earlier releases. New features include:
 
-  * New option "max-ixfr-ratio" to limit the size of outgoing IXFR
-    responses before falling back to full zone transfers.
-  * "rndc nta -d" and "rndc secroots" now include "validate-except"
-    entries when listing negative trust anchors.
+  * New "dnssec-policy" statement to configure a key and signing policy
+    for zones, enabling automatic key regeneration and rollover.
+  * New new network manager based on libuv.
+  * Support for the new GeoIP2 geolocation API
+  * Improved DNSSEC trust anchor configuration using dnssec-keys,
+    permitting configuration of trust anchors in DS as well as DNSKEY
+    format.
+  * YAML output for dig, mdig, and delv.
 
 Building BIND
 
@@ -135,8 +136,8 @@ including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE, Slackware,
 Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris, OpenIndiana, OmniOS CE,
 HP-UX, and OpenWRT.
 
-BIND is also available for Windows Server 2012 R2 and higher. See
-win32utils/build.txt for details on building for Windows systems.
+BIND is also available for Windows Server 2008 and higher. See win32utils/
+build.txt for details on building for Windows systems.
 
 To build on a UNIX or Linux system, use:
 
@@ -147,7 +148,7 @@ If you're planning on making changes to the BIND 9 source, you should run
 make depend. If you're using Emacs, you might find make tags helpful.
 
 Several environment variables that can be set before running configure
-will affect compilation. Significant ones are:
+will affect compilation:
 
    Variable                            Description
 CC             The C compiler to use. configure tries to figure out the
@@ -169,26 +170,19 @@ BUILD_CPPFLAGS CPPFLAGS for the target system during cross-compiling.
 BUILD_LDFLAGS  LDFLAGS for the target system during cross-compiling.
 BUILD_LIBS     LIBS for the target system during cross-compiling.
 
-Additional environment variables affecting the build are listed at the end
-of the configure help text, which can be obtained by running the command:
-
-$ ./configure --help
-
 macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from https://developer.apple.com/download/more/ or,
-if you have Xcode already installed, you can run xcode-select --install.
-(Note that an Apple ID may be required to access the download page.)
+This can be downloaded from https://developer.apple.com/download/more/ or
+if you have Xcode already installed you can run xcode-select --install.
 
 Dependencies
 
 Portions of BIND that are written in Python, including dnssec-keymgr,
 dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-argparse, ply and distutils.core modules to be available. argparse is a
-standard module as of Python 2.7 and Python 3.2. ply is available from
-https://pypi.python.org/pypi/ply. distutils.core is required for
-installation.
+argparse and ply modules to be available. argparse is a standard module as
+of Python 2.7 and Python 3.2. ply is available from https://
+pypi.python.org/pypi/ply.
 
 Compile-time options
 
@@ -232,10 +226,12 @@ github.com/farsightsec/fstrm and libprotobuf-c https://
 developers.google.com/protocol-buffers, and BIND must be configured with
 --enable-dnstap.
 
-Certain compiled-in constants and default settings can be decreased to
-values better suited to small machines, e.g. OpenWRT boxes, by specifying
---with-tuning=small on the configure command line. This will decrease
-memory usage by using smaller structures, but will degrade performance.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying --with-tuning=
+large on the configure command line. This can improve performance on big
+servers, but will consume more memory and may degrade performance on
+smaller systems.
 
 On Linux, process capabilities are managed in user space using the libcap
 library, which can be installed on most Linux systems via the libcap-dev

README.md

@@ -15,7 +15,7 @@
 1. [Introduction](#intro)
 1. [Reporting bugs and getting help](#help)
 1. [Contributing to BIND](#contrib)
-1. [BIND 9.17 features](#features)
+1. [BIND 9.15 features](#features)
 1. [Building BIND](#build)
 1. [macOS](#macos)
 1. [Dependencies](#dependencies)
@@ -79,12 +79,8 @@ using `named-checkconf -px`.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in `named`, please do *NOT* use GitLab to
-report it. Instead, send mail to
-[security-officer@isc.org](mailto:security-officer@isc.org) using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at
-[https://www.isc.org/pgpkey](https://www.isc.org/pgpkey).) Please do not
-discuss the bug on any public mailing list.
+report it. Instead, please send mail to
+[security-officer@isc.org](mailto:security-officer@isc.org).
 
 For a general overview of ISC security policies, read the Knowledge Base
 article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
@@ -125,15 +121,20 @@ If you prefer, you may also submit code by opening a
 including your patch as an attachment, preferably generated by
 `git format-patch`.
 
-### <a name="features"/> BIND 9.17 features
+### <a name="features"/> BIND 9.15 features
 
-BIND 9.17 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.16 and earlier releases. New features include:
+BIND 9.15 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.14 and earlier releases. New features
+include:
 
-* New option "max-ixfr-ratio" to limit the size of outgoing IXFR responses
-  before falling back to full zone transfers.
-* "rndc nta -d" and "rndc secroots" now include "validate-except" entries
-  when listing negative trust anchors.
+* New "dnssec-policy" statement to configure a key and signing policy
+  for zones, enabling automatic key regeneration and rollover.
+* New new network manager based on libuv.
+* Support for the new GeoIP2 geolocation API
+* Improved DNSSEC trust anchor configuration using the `trust-anchors`
+  statement, permitting configuration of trust anchors in DS as well as
+  DNSKEY format.
+* YAML output for `dig`, `mdig`, and `delv`.
 
 ### <a name="build"/> Building BIND
 
@@ -152,7 +153,7 @@ UNIX, including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE,
 Slackware, Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris,
 OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
 
-BIND is also available for Windows Server 2012 R2 and higher.  See
+BIND is also available for Windows Server 2008 and higher.  See
 `win32utils/build.txt` for details on building for Windows
 systems.
 
@@ -165,7 +166,7 @@ If you're planning on making changes to the BIND 9 source, you should run
 `make depend`.  If you're using Emacs, you might find `make tags` helpful.
 
 Several environment variables that can be set before running `configure` will
-affect compilation.  Significant ones are:
+affect compilation:
 
 |Variable|Description |
 |--------------------|-----------------------------------------------|
@@ -180,20 +181,11 @@ affect compilation.  Significant ones are:
 |`BUILD_LDFLAGS`|`LDFLAGS` for the target system during cross-compiling.|
 |`BUILD_LIBS`|`LIBS` for the target system during cross-compiling.|
 
-Additional environment variables affecting the build are listed at the
-end of the `configure` help text, which can be obtained by running the
-command:
-
-    $ ./configure --help
-
 #### <a name="macos"> macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from
-[https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
-or, if you have Xcode already installed, you can run `xcode-select
---install`.  (Note that an Apple ID may be required to access the download
-page.)
+This can be downloaded from [https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
+or if you have Xcode already installed you can run `xcode-select --install`.
 
 ### <a name="dependencies"/> Dependencies
 
@@ -249,10 +241,12 @@ and `libprotobuf-c`
 [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
 and BIND must be configured with `--enable-dnstap`.
 
-Certain compiled-in constants and default settings can be decreased to
-values better suited to small machines, e.g. OpenWRT boxes, by specifying
-`--with-tuning=small` on the `configure` command line. This will decrease
-memory usage by using smaller structures, but will degrade performance.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying
+`--with-tuning=large` on the `configure` command line. This can improve
+performance on big servers, but will consume more memory and may degrade
+performance on smaller systems.
 
 On Linux, process capabilities are managed in user space using
 the `libcap` library, which can be installed on most Linux systems via

aclocal.m4

@@ -376,7 +376,6 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
 
 m4_include([m4/ax_check_compile_flag.m4])
 m4_include([m4/ax_check_openssl.m4])
-m4_include([m4/ax_lib_lmdb.m4])
 m4_include([m4/ax_posix_shell.m4])
 m4_include([m4/ax_pthread.m4])
 m4_include([m4/ax_restore_flags.m4])

bin/check/Makefile.in

@@ -24,7 +24,8 @@ CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 NSLIBS =	../../lib/ns/libns.@A@
 
@@ -35,6 +36,7 @@ BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 NSDEPENDLIBS =	../../lib/ns/libns.@A@
 
 LIBS =		${ISCLIBS} @LIBS@
+NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
 
 SUBDIRS =
 

bin/check/check-tool.c

@@ -9,21 +9,23 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
+#include <inttypes.h>
 
 #ifdef _WIN32
 #include <Winsock2.h>
-#endif /* ifdef _WIN32 */
+#endif
 
+#include "check-tool.h"
 #include <isc/buffer.h>
 #include <isc/log.h>
 #include <isc/mem.h>
-#include <isc/net.h>
 #include <isc/netdb.h>
+#include <isc/net.h>
 #include <isc/print.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
@@ -50,31 +52,29 @@
 
 #include <ns/log.h>
 
-#include "check-tool.h"
-
 #ifndef CHECK_SIBLING
 #define CHECK_SIBLING 1
-#endif /* ifndef CHECK_SIBLING */
+#endif
 
 #ifndef CHECK_LOCAL
 #define CHECK_LOCAL 1
-#endif /* ifndef CHECK_LOCAL */
+#endif
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r) \
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
-#define ERR_IS_CNAME	   1
-#define ERR_NO_ADDRESSES   2
+#define ERR_IS_CNAME 1
+#define ERR_NO_ADDRESSES 2
 #define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A	   4
-#define ERR_EXTRA_AAAA	   5
-#define ERR_MISSING_GLUE   5
-#define ERR_IS_MXCNAME	   6
-#define ERR_IS_SRVCNAME	   7
+#define ERR_EXTRA_A 4
+#define ERR_EXTRA_AAAA 5
+#define ERR_MISSING_GLUE 5
+#define ERR_IS_MXCNAME 6
+#define ERR_IS_SRVCNAME 7
 
 static const char *dbtype[] = { "rbt" };
 
@@ -85,26 +85,31 @@ bool nomerge = true;
 bool docheckmx = true;
 bool dochecksrv = true;
 bool docheckns = true;
-#else  /* if CHECK_LOCAL */
+#else
 bool docheckmx = false;
 bool dochecksrv = false;
 bool docheckns = false;
-#endif /* if CHECK_LOCAL */
-dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_CHECKMX |
-			     DNS_ZONEOPT_MANYERRORS | DNS_ZONEOPT_CHECKNAMES |
+#endif
+dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
+			     DNS_ZONEOPT_CHECKMX |
+			     DNS_ZONEOPT_MANYERRORS |
+			     DNS_ZONEOPT_CHECKNAMES |
 			     DNS_ZONEOPT_CHECKINTEGRITY |
 #if CHECK_SIBLING
 			     DNS_ZONEOPT_CHECKSIBLING |
-#endif /* if CHECK_SIBLING */
+#endif
 			     DNS_ZONEOPT_CHECKWILDCARD |
-			     DNS_ZONEOPT_WARNMXCNAME | DNS_ZONEOPT_WARNSRVCNAME;
+			     DNS_ZONEOPT_WARNMXCNAME |
+			     DNS_ZONEOPT_WARNSRVCNAME;
 
 /*
  * This needs to match the list in bin/named/log.c.
  */
-static isc_logcategory_t categories[] = { { "", 0 },
-					  { "unmatched", 0 },
-					  { NULL, 0 } };
+static isc_logcategory_t categories[] = {
+	{ "",		     0 },
+	{ "unmatched", 	     0 },
+	{ NULL,		     0 }
+};
 
 static isc_symtab_t *symtab = NULL;
 static isc_mem_t *sym_mctx;
@@ -128,9 +133,8 @@ add(char *key, int value) {
 	if (symtab == NULL) {
 		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
 					   false, &symtab);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 	}
 
 	key = isc_mem_strdup(sym_mctx, key);
@@ -138,29 +142,27 @@ add(char *key, int value) {
 	symvalue.as_pointer = NULL;
 	result = isc_symtab_define(symtab, key, value, symvalue,
 				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		isc_mem_free(sym_mctx, key);
-	}
 }
 
 static bool
 logged(char *key, int value) {
 	isc_result_t result;
 
-	if (symtab == NULL) {
+	if (symtab == NULL)
 		return (false);
-	}
 
 	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	}
 	return (false);
 }
 
 static bool
 checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
-	dns_rdataset_t *a, dns_rdataset_t *aaaa) {
+	dns_rdataset_t *a, dns_rdataset_t *aaaa)
+{
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	struct addrinfo hints, *ai, *cur;
@@ -178,9 +180,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
 		aaaa->type == dns_rdatatype_aaaa);
 
-	if (a == NULL || aaaa == NULL) {
+	if (a == NULL || aaaa == NULL)
 		return (answer);
-	}
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -207,17 +208,16 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
 		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME))
-		{
+		    !logged(namebuf, ERR_IS_CNAME)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
 				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf, cur->ai_canonname);
+				     ownerbuf, namebuf,
+				     cur->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
 			add(namebuf, ERR_IS_CNAME);
@@ -226,7 +226,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
@@ -240,8 +240,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -250,17 +250,15 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	/*
 	 * Check that all glue records really exist.
 	 */
-	if (!dns_rdataset_isassociated(a)) {
+	if (!dns_rdataset_isassociated(a))
 		goto checkaaaa;
-	}
 	result = dns_rdataset_first(a);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(a, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET) {
+			if (cur->ai_family != AF_INET)
 				continue;
-			}
 			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
@@ -268,12 +266,11 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
@@ -282,32 +279,28 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		result = dns_rdataset_next(a);
 	}
 
-checkaaaa:
-	if (!dns_rdataset_isassociated(aaaa)) {
+ checkaaaa:
+	if (!dns_rdataset_isassociated(aaaa))
 		goto checkmissing;
-	}
 	result = dns_rdataset_first(aaaa);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(aaaa, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET6) {
+			if (cur->ai_family != AF_INET6)
 				continue;
-			}
-			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-				       ->sin6_addr;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
 				break;
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET6, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET6, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = false; */
@@ -316,7 +309,7 @@ checkaaaa:
 		result = dns_rdataset_next(aaaa);
 	}
 
-checkmissing:
+ checkmissing:
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
@@ -326,50 +319,42 @@ checkmissing:
 			switch (cur->ai_family) {
 			case AF_INET:
 				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))
-					       ->sin_addr;
+				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 				type = "A";
 				break;
 			case AF_INET6:
 				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-					       ->sin6_addr;
+				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 				type = "AAAA";
 				break;
 			default:
-				continue;
+				 continue;
 			}
 			match = false;
-			if (dns_rdataset_isassociated(rdataset)) {
+			if (dns_rdataset_isassociated(rdataset))
 				result = dns_rdataset_first(rdataset);
-			} else {
+			else
 				result = ISC_R_FAILURE;
-			}
 			while (result == ISC_R_SUCCESS && !match) {
 				dns_rdataset_current(rdataset, &rdata);
 				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-				{
 					match = true;
-				}
 				dns_rdata_reset(&rdata);
 				result = dns_rdataset_next(rdataset);
 			}
 			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR,
-					     "%s/NS '%s' "
+				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 					     "missing GLUE %s record (%s)",
 					     ownerbuf, namebuf, type,
 					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf,
-						       sizeof(addrbuf)));
+						       addrbuf, sizeof(addrbuf)));
 				/* XXX950 make fatal for 9.5.0. */
 				/* answer = false; */
 				missing_glue = true;
 			}
 		}
-		if (missing_glue) {
+		if (missing_glue)
 			add(namebuf, ERR_MISSING_GLUE);
-		}
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -409,15 +394,12 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_MXCNAME)) {
 					dns_zone_log(zone, level,
@@ -428,9 +410,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_MXCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -439,7 +420,7 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/MX '%s' (out of zone) "
@@ -453,8 +434,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -495,28 +476,23 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/SRV '%s'"
+					dns_zone_log(zone, level, "%s/SRV '%s'"
 						     " (out of zone) is a "
 						     "CNAME '%s' (illegal)",
 						     ownerbuf, namebuf,
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_SRVCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -525,7 +501,7 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/SRV '%s' (out of zone) "
@@ -539,8 +515,8 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -553,7 +529,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
 
-	isc_log_create(mctx, &log, &logconfig);
+	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_registercategories(log, categories);
 	isc_log_setcontext(log);
 	dns_log_init(log);
@@ -565,11 +541,12 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
-	isc_log_createchannel(logconfig, "stderr", ISC_LOG_TOFILEDESC,
-			      ISC_LOG_DYNAMIC, &destination, 0);
-
-	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL) ==
-		      ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+				       ISC_LOG_TOFILEDESC,
+				       ISC_LOG_DYNAMIC,
+				       &destination, 0) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+					 NULL, NULL) == ISC_R_SUCCESS);
 
 	*logp = log;
 	return (ISC_R_SUCCESS);
@@ -596,20 +573,18 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	CHECK(dns_db_newversion(db, &version));
 	CHECK(dns_db_createiterator(db, 0, &dbiter));
 
-	for (result = dns_dbiterator_first(dbiter); result == ISC_R_SUCCESS;
-	     result = dns_dbiterator_next(dbiter))
-	{
+	for (result = dns_dbiterator_first(dbiter);
+	     result == ISC_R_SUCCESS;
+	     result = dns_dbiterator_next(dbiter)) {
 		result = dns_dbiterator_current(dbiter, &node, name);
-		if (result == DNS_R_NEWORIGIN) {
+		if (result == DNS_R_NEWORIGIN)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		CHECK(dns_db_allrdatasets(db, node, version, 0, &rdsiter));
 		for (result = dns_rdatasetiter_first(rdsiter);
 		     result == ISC_R_SUCCESS;
-		     result = dns_rdatasetiter_next(rdsiter))
-		{
+		     result = dns_rdatasetiter_next(rdsiter)) {
 			dns_rdatasetiter_current(rdsiter, &rdataset);
 			if (rdataset.ttl > maxttl) {
 				char nbuf[DNS_NAME_FORMATSIZE];
@@ -632,35 +607,28 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 			}
 			dns_rdataset_disassociate(&rdataset);
 		}
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		dns_rdatasetiter_destroy(&rdsiter);
 		dns_db_detachnode(db, &node);
 	}
 
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
-	}
 
-cleanup:
-	if (node != NULL) {
+ cleanup:
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (rdsiter != NULL) {
+	if (rdsiter != NULL)
 		dns_rdatasetiter_destroy(&rdsiter);
-	}
-	if (dbiter != NULL) {
+	if (dbiter != NULL)
 		dns_dbiterator_destroy(&dbiter);
-	}
-	if (version != NULL) {
+	if (version != NULL)
 		dns_db_closeversion(db, &version, false);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 
 	return (result);
 }
@@ -669,7 +637,8 @@ cleanup:
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	  dns_masterformat_t fileformat, const char *classname,
-	  dns_ttl_t maxttl, dns_zone_t **zonep) {
+	  dns_ttl_t maxttl, dns_zone_t **zonep)
+{
 	isc_result_t result;
 	dns_rdataclass_t rdclass;
 	isc_textregion_t region;
@@ -680,10 +649,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	REQUIRE(zonep == NULL || *zonep == NULL);
 
-	if (debug) {
+	if (debug)
 		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
 			zonename, filename, classname);
-	}
 
 	CHECK(dns_zone_create(&zone, mctx));
 
@@ -694,17 +662,11 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	origin = dns_fixedname_initname(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
-	dns_zone_setdbtype(zone, 1, (const char *const *)dbtype);
-	if (strcmp(filename, "-") == 0) {
-		CHECK(dns_zone_setstream(zone, stdin, fileformat,
-					 &dns_master_style_default));
-	} else {
-		CHECK(dns_zone_setfile(zone, filename, fileformat,
-				       &dns_master_style_default));
-	}
-	if (journal != NULL) {
+	dns_zone_setdbtype(zone, 1, (const char * const *) dbtype);
+	CHECK(dns_zone_setfile(zone, filename, fileformat,
+			       &dns_master_style_default));
+	if (journal != NULL)
 		CHECK(dns_zone_setjournal(zone, journal));
-	}
 
 	DE_CONST(classname, region.base);
 	region.length = strlen(classname);
@@ -716,15 +678,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	dns_zone_setmaxttl(zone, maxttl);
 
-	if (docheckmx) {
+	if (docheckmx)
 		dns_zone_setcheckmx(zone, checkmx);
-	}
-	if (docheckns) {
+	if (docheckns)
 		dns_zone_setcheckns(zone, checkns);
-	}
-	if (dochecksrv) {
+	if (dochecksrv)
 		dns_zone_setchecksrv(zone, checksrv);
-	}
 
 	CHECK(dns_zone_load(zone, false));
 
@@ -741,10 +700,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 		zone = NULL;
 	}
 
-cleanup:
-	if (zone != NULL) {
+ cleanup:
+	if (zone != NULL)
 		dns_zone_detach(&zone);
-	}
 	return (result);
 }
 
@@ -752,7 +710,8 @@ cleanup:
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion) {
+	  const uint32_t rawversion)
+{
 	isc_result_t result;
 	FILE *output = stdout;
 	const char *flags;
@@ -760,31 +719,27 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	flags = (fileformat == dns_masterformat_text) ? "w" : "wb";
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0) {
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n", zonename,
-				filename);
-		} else {
+		if (filename != NULL && strcmp(filename, "-") != 0)
+			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
+				zonename, filename);
+		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
-		}
 	}
 
 	if (filename != NULL && strcmp(filename, "-") != 0) {
 		result = isc_stdio_open(filename, flags, &output);
 
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"could not open output "
-				"file \"%s\" for writing\n",
-				filename);
+			fprintf(stderr, "could not open output "
+				"file \"%s\" for writing\n", filename);
 			return (ISC_R_FAILURE);
 		}
 	}
 
 	result = dns_zone_dumptostream(zone, output, fileformat, style,
 				       rawversion);
-	if (output != stdout) {
+	if (output != stdout)
 		(void)isc_stdio_close(output);
-	}
 
 	return (result);
 }
@@ -798,7 +753,7 @@ InitSockets(void) {
 
 	wVersionRequested = MAKEWORD(2, 0);
 
-	err = WSAStartup(wVersionRequested, &wsaData);
+	err = WSAStartup( wVersionRequested, &wsaData );
 	if (err != 0) {
 		fprintf(stderr, "WSAStartup() failed: %d\n", err);
 		exit(1);
@@ -809,4 +764,4 @@ void
 DestroySockets(void) {
 	WSACleanup();
 }
-#endif /* ifdef _WIN32 */
+#endif

bin/check/check-tool.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
 
@@ -41,11 +42,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  const uint32_t rawversion);
 
 #ifdef _WIN32
-void
-InitSockets(void);
-void
-DestroySockets(void);
-#endif /* ifdef _WIN32 */
+void InitSockets(void);
+void DestroySockets(void);
+#endif
 
 extern int debug;
 extern const char *journal;
@@ -57,4 +56,4 @@ extern dns_zoneopt_t zone_options;
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef CHECK_TOOL_H */
+#endif

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -148,5 +148,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkconf.c

@@ -9,12 +9,13 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #include <errno.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include <isc/commandline.h>
 #include <isc/dir.h>
@@ -26,6 +27,11 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
+#include <isccfg/namedconf.h>
+#include <isccfg/grammar.h>
+
+#include <bind9/check.h>
+
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -35,11 +41,6 @@
 #include <dns/rootns.h>
 #include <dns/zone.h>
 
-#include <isccfg/grammar.h>
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
 #include "check-tool.h"
 
 static const char *program = "named-checkconf";
@@ -48,11 +49,11 @@ static bool loadplugins = true;
 
 isc_log_t *logc = NULL;
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r)\
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
 /*% usage */
@@ -61,10 +62,8 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr,
-		"usage: %s [-chijlvz] [-p [-x]] [-t directory] "
-		"[named.conf]\n",
-		program);
+	fprintf(stderr, "usage: %s [-chijlvz] [-p [-x]] [-t directory] "
+		"[named.conf]\n", program);
 	exit(1);
 }
 
@@ -86,8 +85,8 @@ directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	result = isc_dir_chdir(directory);
 	if (result != ISC_R_SUCCESS) {
 		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n", directory,
-			    isc_result_totext(result));
+			    "change directory to '%s' failed: %s\n",
+			    directory, isc_result_totext(result));
 		return (result);
 	}
 
@@ -98,12 +97,10 @@ static bool
 get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
 	int i;
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) {
+		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
 			return (true);
-		}
 	}
 }
 
@@ -117,26 +114,25 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 	int i;
 
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
 		checknames = NULL;
 		result = cfg_map_get(maps[i], "check-names", &checknames);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			continue;
-		}
 		if (checknames != NULL && !cfg_obj_islist(checknames)) {
 			*obj = checknames;
 			return (true);
 		}
-		for (element = cfg_list_first(checknames); element != NULL;
-		     element = cfg_list_next(element))
-		{
+		for (element = cfg_list_first(checknames);
+		     element != NULL;
+		     element = cfg_list_next(element)) {
 			value = cfg_listelt_value(element);
 			type = cfg_tuple_get(value, "type");
-			if ((strcasecmp(cfg_obj_asstring(type), "primary") !=
-			     0) &&
-			    (strcasecmp(cfg_obj_asstring(type), "master") != 0))
+			if ((strcasecmp(cfg_obj_asstring(type),
+					"primary") != 0) &&
+			    (strcasecmp(cfg_obj_asstring(type),
+					"master") != 0))
 			{
 				continue;
 			}
@@ -153,21 +149,18 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 	dns_rdataclass_t rdclass;
 	isc_textregion_t r;
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	DE_CONST(zclass, r.base);
 	r.length = strlen(zclass);
 	result = dns_rdataclass_fromtext(&rdclass, &r);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	result = dns_rootns_create(mctx, rdclass, zfile, &db);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	dns_db_detach(&db);
 	return (ISC_R_SUCCESS);
@@ -175,9 +168,10 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 
 /*% configure the zone */
 static isc_result_t
-configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
-	       const cfg_obj_t *vconfig, const cfg_obj_t *config,
-	       isc_mem_t *mctx, bool list) {
+configure_zone(const char *vclass, const char *view,
+	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
+	       const cfg_obj_t *config, isc_mem_t *mctx, bool list)
+{
 	int i = 0;
 	isc_result_t result;
 	const char *zclass;
@@ -201,22 +195,19 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj)) {
+	if (!cfg_obj_isstring(classobj))
 		zclass = vclass;
-	} else {
+	else
 		zclass = cfg_obj_asstring(classobj);
-	}
 
 	zoptions = cfg_tuple_get(zconfig, "options");
 	maps[i++] = zoptions;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		maps[i++] = cfg_tuple_get(vconfig, "options");
-	}
 	if (config != NULL) {
 		cfg_map_get(config, "options", &obj);
-		if (obj != NULL) {
+		if (obj != NULL)
 			maps[i++] = obj;
-		}
 	}
 	maps[i] = NULL;
 
@@ -225,14 +216,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 		const char *inview = cfg_obj_asstring(inviewobj);
 		printf("%s %s %s in-view %s\n", zname, zclass, view, inview);
 	}
-	if (inviewobj != NULL) {
+	if (inviewobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL) {
+	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	if (list) {
 		const char *ztype = cfg_obj_asstring(typeobj);
@@ -244,21 +233,18 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 * Skip checks when using an alternate data source.
 	 */
 	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL && strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
+	if (dbobj != NULL &&
+	    strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
 	    strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
-	{
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "dlz", &dlzobj);
-	if (dlzobj != NULL) {
+	if (dlzobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj != NULL) {
+	if (fileobj != NULL)
 		zfile = cfg_obj_asstring(fileobj);
-	}
 
 	/*
 	 * Check hints files for hint zones.
@@ -279,14 +265,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 */
 	if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) {
 		cfg_map_get(zoptions, "masters", &mastersobj);
-		if (mastersobj != NULL) {
+		if (mastersobj != NULL)
 			return (ISC_R_SUCCESS);
-		}
 	}
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-dup-records", &obj)) {
@@ -330,14 +314,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-integrity", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-		}
-	} else {
+	} else
 		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-mx-cname", &obj)) {
@@ -381,11 +363,10 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-sibling", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-		}
 	}
 
 	obj = NULL;
@@ -418,8 +399,8 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 			ISC_UNREACHABLE();
 		}
 	} else {
-		zone_options |= DNS_ZONEOPT_CHECKNAMES;
-		zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
 	masterformat = dns_masterformat_text;
@@ -444,19 +425,19 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 		zone_options |= DNS_ZONEOPT_CHECKTTL;
 	}
 
-	result = load_zone(mctx, zname, zfile, masterformat, zclass, maxttl,
-			   NULL);
-	if (result != ISC_R_SUCCESS) {
+	result = load_zone(mctx, zname, zfile, masterformat,
+			   zclass, maxttl, NULL);
+	if (result != ISC_R_SUCCESS)
 		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
 			dns_result_totext(result));
-	}
 	return (result);
 }
 
 /*% configure a view */
 static isc_result_t
 configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list) {
+	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *voptions;
 	const cfg_obj_t *zonelist;
@@ -464,33 +445,32 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
 	isc_result_t tresult;
 
 	voptions = NULL;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		voptions = cfg_tuple_get(vconfig, "options");
-	}
 
 	zonelist = NULL;
-	if (voptions != NULL) {
+	if (voptions != NULL)
 		(void)cfg_map_get(voptions, "zone", &zonelist);
-	} else {
+	else
 		(void)cfg_map_get(config, "zone", &zonelist);
-	}
 
-	for (element = cfg_list_first(zonelist); element != NULL;
+	for (element = cfg_list_first(zonelist);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, vconfig, config,
-					 mctx, list);
-		if (tresult != ISC_R_SUCCESS) {
+		tresult = configure_zone(vclass, view, zconfig, vconfig,
+					 config, mctx, list);
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 	return (result);
 }
 
 static isc_result_t
 config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
-		dns_rdataclass_t *classp) {
+		dns_rdataclass_t *classp)
+{
 	isc_textregion_t r;
 
 	if (!cfg_obj_isstring(classobj)) {
@@ -505,7 +485,8 @@ config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 /*% load zones from the configuration */
 static isc_result_t
 load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
-		      bool list_zones) {
+		      bool list_zones)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *views;
 	const cfg_obj_t *vconfig;
@@ -515,7 +496,8 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 	views = NULL;
 
 	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views); element != NULL;
+	for (element = cfg_list_first(views);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *classobj;
@@ -524,31 +506,28 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 		char buf[sizeof("CLASS65535")];
 
 		vconfig = cfg_listelt_value(element);
-		if (vconfig == NULL) {
+		if (vconfig == NULL)
 			continue;
-		}
 
 		classobj = cfg_tuple_get(vconfig, "class");
-		CHECK(config_getclass(classobj, dns_rdataclass_in, &viewclass));
-		if (dns_rdataclass_ismeta(viewclass)) {
+		CHECK(config_getclass(classobj, dns_rdataclass_in,
+					 &viewclass));
+		if (dns_rdataclass_ismeta(viewclass))
 			CHECK(ISC_R_FAILURE);
-		}
 
 		dns_rdataclass_format(viewclass, buf, sizeof(buf));
 		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
 		tresult = configure_view(buf, vname, config, vconfig, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 	if (views == NULL) {
 		tresult = configure_view("IN", "_default", config, NULL, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 cleanup:
@@ -590,23 +569,15 @@ main(int argc, char **argv) {
 		switch (c) {
 		case 'm':
 			if (strcasecmp(isc_commandline_argument, "record") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			}
 			if (strcasecmp(isc_commandline_argument, "trace") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			}
 			if (strcasecmp(isc_commandline_argument, "usage") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
-			if (strcasecmp(isc_commandline_argument, "size") == 0) {
+			if (strcasecmp(isc_commandline_argument, "size") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-			}
-			if (strcasecmp(isc_commandline_argument, "mctx") == 0) {
+			if (strcasecmp(isc_commandline_argument, "mctx") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-			}
 			break;
 		default:
 			break;
@@ -670,17 +641,16 @@ main(int argc, char **argv) {
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -694,19 +664,16 @@ main(int argc, char **argv) {
 		exit(1);
 	}
 
-	if (isc_commandline_index + 1 < argc) {
+	if (isc_commandline_index + 1 < argc)
 		usage();
-	}
-	if (argv[isc_commandline_index] != NULL) {
+	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
-	}
-	if (conffile == NULL || conffile[0] == '\0') {
+	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
 
@@ -732,14 +699,12 @@ main(int argc, char **argv) {
 
 	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
 		result = load_zones_fromconfig(config, mctx, list_zones);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			exit_status = 1;
-		}
 	}
 
-	if (print && exit_status == 0) {
+	if (print && exit_status == 0)
 		cfg_printx(config, flags, output, NULL);
-	}
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);
@@ -750,7 +715,7 @@ main(int argc, char **argv) {
 
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	return (exit_status);
 }

bin/check/named-checkconf.docbook

@@ -41,7 +41,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkconf.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkzone.c

@@ -9,16 +9,16 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <inttypes.h>
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -53,14 +53,14 @@ static const char *prog_name = NULL;
 static const dns_master_style_t *outputstyle = NULL;
 static enum { progmode_check, progmode_compile } progmode;
 
-#define ERRRET(result, function)                                              \
-	do {                                                                  \
-		if (result != ISC_R_SUCCESS) {                                \
-			if (!quiet)                                           \
-				fprintf(stderr, "%s() returned %s\n",         \
+#define ERRRET(result, function) \
+	do { \
+		if (result != ISC_R_SUCCESS) { \
+			if (!quiet) \
+				fprintf(stderr, "%s() returned %s\n", \
 					function, dns_result_totext(result)); \
-			return (result);                                      \
-		}                                                             \
+			return (result); \
+		} \
 	} while (0)
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -77,7 +77,7 @@ usage(void) {
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
-		"%s zonename [ (filename|-) ]\n",
+		"%s zonename filename\n",
 		prog_name,
 		progmode == progmode_check ? "[-o filename]" : "-o filename");
 	exit(1);
@@ -95,7 +95,7 @@ int
 main(int argc, char **argv) {
 	int c;
 	char *origin = NULL;
-	const char *filename = NULL;
+	char *filename = NULL;
 	isc_log_t *lctx = NULL;
 	isc_result_t result;
 	char classname_in[] = "IN";
@@ -121,21 +121,18 @@ main(int argc, char **argv) {
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL) {
+	if (prog_name == NULL)
 		prog_name = strrchr(argv[0], '\\');
-	}
-	if (prog_name != NULL) {
+	if (prog_name != NULL)
 		prog_name++;
-	} else {
+	else
 		prog_name = argv[0];
-	}
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(prog_name, "lt-", 3) == 0) {
+	if (strncmp(prog_name, "lt-", 3) == 0)
 		prog_name += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
@@ -151,23 +148,24 @@ main(int argc, char **argv) {
 
 	/* Compilation specific defaults */
 	if (progmode == progmode_compile) {
-		zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR |
+		zone_options |= (DNS_ZONEOPT_CHECKNS |
+				 DNS_ZONEOPT_FATALNS |
+				 DNS_ZONEOPT_CHECKSPF |
+				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else {
-		zone_options |= (DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKSPF);
-	}
+	} else
+		zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
+				 DNS_ZONEOPT_CHECKSPF);
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
 	isc_commandline_errprint = false;
 
 	while ((c = isc_commandline_parse(argc, argv,
-					  "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:"
-					  "M:S:T:W:")) != EOF)
-	{
+			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
+	       != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
@@ -271,15 +269,16 @@ main(int argc, char **argv) {
 			}
 			break;
 
+
 		case 'n':
 			if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS |
+				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
 						  DNS_ZONEOPT_FATALNS);
 			} else if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS;
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
 			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS |
+				zone_options |= DNS_ZONEOPT_CHECKNS|
 						DNS_ZONEOPT_FATALNS;
 			} else {
 				fprintf(stderr, "invalid argument to -n: %s\n",
@@ -331,9 +330,9 @@ main(int argc, char **argv) {
 			break;
 
 		case 's':
-			if (ARGCMP("full")) {
+			if (ARGCMP("full"))
 				outputstyle = &dns_master_style_full;
-			} else if (ARGCMP("relative")) {
+			else if (ARGCMP("relative")) {
 				outputstyle = &dns_master_style_default;
 			} else {
 				fprintf(stderr,
@@ -412,25 +411,23 @@ main(int argc, char **argv) {
 			break;
 
 		case 'W':
-			if (ARGCMP("warn")) {
+			if (ARGCMP("warn"))
 				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			} else if (ARGCMP("ignore")) {
+			else if (ARGCMP("ignore"))
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
-			}
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					prog_name, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", prog_name,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				prog_name, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -438,26 +435,26 @@ main(int argc, char **argv) {
 	if (workdir != NULL) {
 		result = isc_dir_chdir(workdir);
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n", workdir,
-				isc_result_totext(result));
+			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
+				workdir, isc_result_totext(result));
 			exit(1);
 		}
 	}
 
 	if (inputformatstr != NULL) {
-		if (strcasecmp(inputformatstr, "text") == 0) {
+		if (strcasecmp(inputformatstr, "text") == 0)
 			inputformat = dns_masterformat_text;
-		} else if (strcasecmp(inputformatstr, "raw") == 0) {
+		else if (strcasecmp(inputformatstr, "raw") == 0)
 			inputformat = dns_masterformat_raw;
-		} else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
+		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
 			inputformat = dns_masterformat_raw;
-			fprintf(stderr, "WARNING: input format raw, version "
-					"ignored\n");
+			fprintf(stderr,
+				"WARNING: input format raw, version ignored\n");
 		} else if (strcasecmp(inputformatstr, "map") == 0) {
 			inputformat = dns_masterformat_map;
 		} else {
 			fprintf(stderr, "unknown file format: %s\n",
-				inputformatstr);
+			    inputformatstr);
 			exit(1);
 		}
 	}
@@ -474,7 +471,8 @@ main(int argc, char **argv) {
 			rawversion = strtol(outputformatstr + 4, &end, 10);
 			if (end == outputformatstr + 4 || *end != '\0' ||
 			    rawversion > 1U) {
-				fprintf(stderr, "unknown raw format version\n");
+				fprintf(stderr,
+					"unknown raw format version\n");
 				exit(1);
 			}
 		} else if (strcasecmp(outputformatstr, "map") == 0) {
@@ -487,60 +485,47 @@ main(int argc, char **argv) {
 	}
 
 	if (progmode == progmode_compile) {
-		dumpzone = 1; /* always dump */
+		dumpzone = 1;	/* always dump */
 		logdump = !quiet;
 		if (output_filename == NULL) {
-			fprintf(stderr, "output file required, but not "
-					"specified\n");
+			fprintf(stderr,
+				"output file required, but not specified\n");
 			usage();
 		}
 	}
 
-	if (output_filename != NULL) {
+	if (output_filename != NULL)
 		dumpzone = 1;
-	}
 
 	/*
-	 * If we are printing to stdout then send the informational
+	 * If we are outputing to stdout then send the informational
 	 * output to stderr.
 	 */
 	if (dumpzone &&
-	    (output_filename == NULL || strcmp(output_filename, "-") == 0 ||
+	    (output_filename == NULL ||
+	     strcmp(output_filename, "-") == 0 ||
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
-	{
+	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
 		logdump = false;
 	}
 
-	if (argc - isc_commandline_index < 1 ||
-	    argc - isc_commandline_index > 2) {
+	if (isc_commandline_index + 2 != argc)
 		usage();
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	isc_mem_create(&mctx);
-	if (!quiet) {
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx) ==
-			      ISC_R_SUCCESS);
-	}
+	if (!quiet)
+		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
+			      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
 	origin = argv[isc_commandline_index++];
-
-	if (isc_commandline_index == argc) {
-		/* "-" will be interpreted as stdin */
-		filename = "-";
-	} else {
-		filename = argv[isc_commandline_index];
-	}
-
-	isc_commandline_index++;
-
+	filename = argv[isc_commandline_index++];
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   maxttl, &zone);
 
@@ -556,24 +541,20 @@ main(int argc, char **argv) {
 			fprintf(errout, "dump zone to %s...", output_filename);
 			fflush(errout);
 		}
-		result = dump_zone(origin, zone, output_filename, outputformat,
-				   outputstyle, rawversion);
-		if (logdump) {
+		result = dump_zone(origin, zone, output_filename,
+				   outputformat, outputstyle, rawversion);
+		if (logdump)
 			fprintf(errout, "done\n");
-		}
 	}
 
-	if (!quiet && result == ISC_R_SUCCESS) {
+	if (!quiet && result == ISC_R_SUCCESS)
 		fprintf(errout, "OK\n");
-	}
 	destroy();
-	if (lctx != NULL) {
+	if (lctx != NULL)
 		isc_log_destroy(&lctx);
-	}
 	isc_mem_destroy(&mctx);
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
-
+#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -44,7 +44,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkzone.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/Makefile.in

@@ -27,7 +27,8 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
@@ -42,6 +43,8 @@ RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${I
 
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
+NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
+
 CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
 SRCS=		rndc-confgen.c ddns-confgen.c

bin/confgen/ddns-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -36,25 +36,24 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include <dns/keyvalues.h>
 #include <dns/name.h>
 #include <dns/result.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define KEYGEN_DEFAULT	"tsig-key"
-#define CONFGEN_DEFAULT "ddns-key"
+#define KEYGEN_DEFAULT		"tsig-key"
+#define CONFGEN_DEFAULT		"ddns-key"
 
 static char program[256];
 const char *progname;
-static enum { progmode_keygen, progmode_confgen } progmode;
+static enum { progmode_keygen, progmode_confgen} progmode;
 bool verbose = false; /* needed by util.c but not used here */
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -71,16 +70,16 @@ Usage:\n\
   -s name:       domain name to be updated using the created key\n\
   -z zone:       name of the zone as it will be used in named.conf\n\
   -q:            quiet mode: print the key, with no explanatory text\n",
-			progname);
+			 progname);
 	} else {
 		fprintf(stderr, "\
 Usage:\n\
  %s [-a alg] [keyname]\n\
   -a alg:        algorithm (default hmac-sha256)\n\n",
-			progname);
+			 progname);
 	}
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -103,22 +102,20 @@ main(int argc, char **argv) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "tsig-keygen", 11);
-	}
 	progname = program;
 
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(progname, "lt-", 3) == 0) {
+	if (strncmp(progname, "lt-", 3) == 0)
 		progname += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
@@ -135,26 +132,24 @@ main(int argc, char **argv) {
 
 	isc_commandline_errprint = false;
 
-	while ((ch = isc_commandline_parse(argc, argv, "a:hk:Mmr:qs:y:z:")) !=
-	       -1) {
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "a:hk:Mmr:qs:y:z:")) != -1) {
 		switch (ch) {
 		case 'a':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			keysize = alg_bits(alg);
 			break;
 		case 'h':
 			usage(0);
 		case 'k':
 		case 'y':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				keyname = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'M':
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
@@ -163,58 +158,51 @@ main(int argc, char **argv) {
 			show_final_mem = true;
 			break;
 		case 'q':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				quiet = true;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
 			break;
 		case 's':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				self_domain = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'z':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				zone = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case '?':
 			if (isc_commandline_option != '?') {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
-	if (progmode == progmode_keygen) {
+	if (progmode == progmode_keygen)
 		keyname = argv[isc_commandline_index++];
-	}
 
 	POST(argv);
 
-	if (self_domain != NULL && zone != NULL) {
-		usage(1); /* -s and -z cannot coexist */
-	}
+	if (self_domain != NULL && zone != NULL)
+		usage(1);	/* -s and -z cannot coexist */
 
-	if (argc > isc_commandline_index) {
+	if (argc > isc_commandline_index)
 		usage(1);
-	}
 
 	/* Use canonical algorithm name */
 	algname = alg_totext(alg);
@@ -224,18 +212,18 @@ main(int argc, char **argv) {
 	if (keyname == NULL) {
 		const char *suffix = NULL;
 
-		keyname = ((progmode == progmode_keygen) ? KEYGEN_DEFAULT
-							 : CONFGEN_DEFAULT);
-		if (self_domain != NULL) {
+		keyname = ((progmode == progmode_keygen)
+			?  KEYGEN_DEFAULT
+			: CONFGEN_DEFAULT);
+		if (self_domain != NULL)
 			suffix = self_domain;
-		} else if (zone != NULL) {
+		else if (zone != NULL)
 			suffix = zone;
-		}
 		if (suffix != NULL) {
 			len = strlen(keyname) + strlen(suffix) + 2;
 			keybuf = isc_mem_get(mctx, len);
 			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *)keybuf;
+			keyname = (const char *) keybuf;
 		}
 	}
 
@@ -243,19 +231,20 @@ main(int argc, char **argv) {
 
 	generate_key(mctx, alg, keysize, &key_txtbuffer);
 
-	if (!quiet) {
+
+	if (!quiet)
 		printf("\
 # To activate this key, place the following in named.conf, and\n\
 # in a separate keyfile on the system or systems from which nsupdate\n\
 # will be run:\n");
-	}
 
 	printf("\
 key \"%s\" {\n\
 	algorithm %s;\n\
 	secret \"%.*s\";\n\
 };\n",
-	       keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer),
+	       keyname, algname,
+	       (int)isc_buffer_usedlength(&key_txtbuffer),
 	       (char *)isc_buffer_base(&key_txtbuffer));
 
 	if (!quiet) {
@@ -293,15 +282,14 @@ update-policy {\n\
 # After the keyfile has been placed, the following command will\n\
 # execute nsupdate using this key:\n\
 nsupdate -k <keyfile>\n");
+
 	}
 
-	if (keybuf != NULL) {
+	if (keybuf != NULL)
 		isc_mem_put(mctx, keybuf, len);
-	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/ddns-confgen.docbook

@@ -38,7 +38,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/ddns-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/confgen/include/confgen/os.h

@@ -9,19 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #ifndef RNDC_OS_H
 #define RNDC_OS_H 1
 
-#include <stdio.h>
-
 #include <isc/lang.h>
+#include <stdio.h>
 
 ISC_LANG_BEGINDECLS
 
-int
-set_user(FILE *fd, const char *user);
+int set_user(FILE *fd, const char *user);
 /*%<
  * Set the owner of the file referenced by 'fd' to 'user'.
  * Returns:
@@ -31,4 +30,4 @@ set_user(FILE *fd, const char *user);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef RNDC_OS_H */
+#endif

bin/confgen/keygen.c

@@ -9,11 +9,11 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "keygen.h"
-#include <stdarg.h>
 #include <stdlib.h>
+#include <stdarg.h>
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
@@ -29,10 +29,10 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
 #include "util.h"
+#include "keygen.h"
 
 /*%
  * Convert algorithm type to string.
@@ -40,20 +40,20 @@
 const char *
 alg_totext(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return ("hmac-md5");
-	case DST_ALG_HMACSHA1:
-		return ("hmac-sha1");
-	case DST_ALG_HMACSHA224:
-		return ("hmac-sha224");
-	case DST_ALG_HMACSHA256:
-		return ("hmac-sha256");
-	case DST_ALG_HMACSHA384:
-		return ("hmac-sha384");
-	case DST_ALG_HMACSHA512:
-		return ("hmac-sha512");
-	default:
-		return ("(unknown)");
+	    case DST_ALG_HMACMD5:
+		return "hmac-md5";
+	    case DST_ALG_HMACSHA1:
+		return "hmac-sha1";
+	    case DST_ALG_HMACSHA224:
+		return "hmac-sha224";
+	    case DST_ALG_HMACSHA256:
+		return "hmac-sha256";
+	    case DST_ALG_HMACSHA384:
+		return "hmac-sha384";
+	    case DST_ALG_HMACSHA512:
+		return "hmac-sha512";
+	    default:
+		return "(unknown)";
 	}
 }
 
@@ -63,29 +63,22 @@ alg_totext(dns_secalg_t alg) {
 dns_secalg_t
 alg_fromtext(const char *name) {
 	const char *p = name;
-	if (strncasecmp(p, "hmac-", 5) == 0) {
+	if (strncasecmp(p, "hmac-", 5) == 0)
 		p = &name[5];
-	}
 
-	if (strcasecmp(p, "md5") == 0) {
-		return (DST_ALG_HMACMD5);
-	}
-	if (strcasecmp(p, "sha1") == 0) {
-		return (DST_ALG_HMACSHA1);
-	}
-	if (strcasecmp(p, "sha224") == 0) {
-		return (DST_ALG_HMACSHA224);
-	}
-	if (strcasecmp(p, "sha256") == 0) {
-		return (DST_ALG_HMACSHA256);
-	}
-	if (strcasecmp(p, "sha384") == 0) {
-		return (DST_ALG_HMACSHA384);
-	}
-	if (strcasecmp(p, "sha512") == 0) {
-		return (DST_ALG_HMACSHA512);
-	}
-	return (DST_ALG_UNKNOWN);
+	if (strcasecmp(p, "md5") == 0)
+		return DST_ALG_HMACMD5;
+	if (strcasecmp(p, "sha1") == 0)
+		return DST_ALG_HMACSHA1;
+	if (strcasecmp(p, "sha224") == 0)
+		return DST_ALG_HMACSHA224;
+	if (strcasecmp(p, "sha256") == 0)
+		return DST_ALG_HMACSHA256;
+	if (strcasecmp(p, "sha384") == 0)
+		return DST_ALG_HMACSHA384;
+	if (strcasecmp(p, "sha512") == 0)
+		return DST_ALG_HMACSHA512;
+	return DST_ALG_UNKNOWN;
 }
 
 /*%
@@ -94,20 +87,20 @@ alg_fromtext(const char *name) {
 int
 alg_bits(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return (128);
-	case DST_ALG_HMACSHA1:
-		return (160);
-	case DST_ALG_HMACSHA224:
-		return (224);
-	case DST_ALG_HMACSHA256:
-		return (256);
-	case DST_ALG_HMACSHA384:
-		return (384);
-	case DST_ALG_HMACSHA512:
-		return (512);
-	default:
-		return (0);
+	    case DST_ALG_HMACMD5:
+		return 128;
+	    case DST_ALG_HMACSHA1:
+		return 160;
+	    case DST_ALG_HMACSHA224:
+		return 224;
+	    case DST_ALG_HMACSHA256:
+		return 256;
+	    case DST_ALG_HMACSHA384:
+		return 384;
+	    case DST_ALG_HMACSHA512:
+		return 512;
+	    default:
+		return 0;
 	}
 }
 
@@ -124,31 +117,30 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 	dst_key_t *key = NULL;
 
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 512) {
+	    case DST_ALG_HMACMD5:
+	    case DST_ALG_HMACSHA1:
+	    case DST_ALG_HMACSHA224:
+	    case DST_ALG_HMACSHA256:
+		if (keysize < 1 || keysize > 512)
 			fatal("keysize %d out of range (must be 1-512)\n",
 			      keysize);
-		}
 		break;
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
-		if (keysize < 1 || keysize > 1024) {
+	    case DST_ALG_HMACSHA384:
+	    case DST_ALG_HMACSHA512:
+		if (keysize < 1 || keysize > 1024)
 			fatal("keysize %d out of range (must be 1-1024)\n",
 			      keysize);
-		}
 		break;
-	default:
+	    default:
 		fatal("unsupported algorithm %d\n", alg);
 	}
 
 	DO("initialize dst library", dst_lib_init(mctx, NULL));
 
-	DO("generate key",
-	   dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY,
-			    dns_rdataclass_in, mctx, &key, NULL));
+	DO("generate key", dst_key_generate(dns_rootname, alg,
+					    keysize, 0, 0, DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key,
+					    NULL));
 
 	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
 
@@ -156,12 +148,11 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 
 	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
 
-	DO("bsse64 encode secret",
-	   isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer));
+	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+						     key_txtbuffer));
 
-	if (key != NULL) {
+	if (key != NULL)
 		dst_key_free(&key);
-	}
 
 	dst_lib_destroy();
 }
@@ -172,8 +163,9 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
  * the name 'keyname' and the secret in the buffer 'secret'.
  */
 void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg) {
+write_key_file(const char *keyfile, const char *user,
+	       const char *keyname, isc_buffer_t *secret,
+	       dns_secalg_t alg) {
 	isc_result_t result;
 	const char *algname = alg_totext(alg);
 	FILE *fd = NULL;
@@ -181,22 +173,19 @@ write_key_file(const char *keyfile, const char *user, const char *keyname,
 	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
 
 	if (user != NULL) {
-		if (set_user(fd, user) == -1) {
+		if (set_user(fd, user) == -1)
 			fatal("unable to set file owner\n");
-		}
 	}
 
-	fprintf(fd,
-		"key \"%s\" {\n\talgorithm %s;\n"
+	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
 		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname, (int)isc_buffer_usedlength(secret),
+		keyname, algname,
+		(int)isc_buffer_usedlength(secret),
 		(char *)isc_buffer_base(secret));
 	fflush(fd);
-	if (ferror(fd)) {
+	if (ferror(fd))
 		fatal("write to %s failed\n", keyfile);
-	}
-	if (fclose(fd)) {
+	if (fclose(fd))
 		fatal("fclose(%s) failed\n", keyfile);
-	}
 	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }

bin/confgen/keygen.h

@@ -9,33 +9,26 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1
 
 /*! \file */
 
-#include <isc/buffer.h>
 #include <isc/lang.h>
-#include <isc/mem.h>
-
-#include <dns/secalg.h>
 
 ISC_LANG_BEGINDECLS
 
-void
-generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-	     isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+		  isc_buffer_t *key_txtbuffer);
 
-void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg);
+void write_key_file(const char *keyfile, const char *user,
+		    const char *keyname, isc_buffer_t *secret,
+		    dns_secalg_t alg);
 
-const char *
-alg_totext(dns_secalg_t alg);
-dns_secalg_t
-alg_fromtext(const char *name);
-int
-alg_bits(dns_secalg_t alg);
+const char *alg_totext(dns_secalg_t alg);
+dns_secalg_t alg_fromtext(const char *name);
+int alg_bits(dns_secalg_t alg);
 
 ISC_LANG_ENDDECLS
 

bin/confgen/rndc-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -206,5 +206,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/rndc-confgen.c

@@ -43,15 +43,14 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define DEFAULT_KEYNAME "rndc-key"
-#define DEFAULT_SERVER	"127.0.0.1"
-#define DEFAULT_PORT	953
+#define DEFAULT_KEYNAME		"rndc-key"
+#define DEFAULT_SERVER		"127.0.0.1"
+#define DEFAULT_PORT		953
 
 static char program[256];
 const char *progname;
@@ -65,6 +64,7 @@ usage(int status) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(int status) {
+
 	fprintf(stderr, "\
 Usage:\n\
  %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
@@ -78,9 +78,9 @@ Usage:\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
-		progname, keydef);
+		 progname, keydef);
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -108,9 +108,8 @@ main(int argc, char **argv) {
 	keydef = keyfile = RNDC_KEYFILE;
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "rndc-confgen", 13);
-	}
 	progname = program;
 
 	keyname = DEFAULT_KEYNAME;
@@ -130,15 +129,13 @@ main(int argc, char **argv) {
 		case 'A':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			break;
 		case 'b':
 			keysize = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || keysize < 0) {
+			if (*p != '\0' || keysize < 0)
 				fatal("-b requires a non-negative number");
-			}
 			break;
 		case 'c':
 			keyfile = isc_commandline_argument;
@@ -146,7 +143,7 @@ main(int argc, char **argv) {
 		case 'h':
 			usage(0);
 		case 'k':
-		case 'y': /* Compatible with rndc -y. */
+		case 'y':	/* Compatible with rndc -y. */
 			keyname = isc_commandline_argument;
 			break;
 		case 'M':
@@ -158,10 +155,9 @@ main(int argc, char **argv) {
 			break;
 		case 'p':
 			port = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || port < 0 || port > 65535) {
+			if (*p != '\0' || port < 0 || port > 65535)
 				fatal("port '%s' out of range",
 				      isc_commandline_argument);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
@@ -170,9 +166,7 @@ main(int argc, char **argv) {
 			serveraddr = isc_commandline_argument;
 			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
 			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
-			{
 				fatal("-s should be an IPv4 or IPv6 address");
-			}
 			break;
 		case 't':
 			chrootdir = isc_commandline_argument;
@@ -188,13 +182,12 @@ main(int argc, char **argv) {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -203,19 +196,17 @@ main(int argc, char **argv) {
 	argv += isc_commandline_index;
 	POST(argv);
 
-	if (argc > 0) {
+	if (argc > 0)
 		usage(1);
-	}
 
 	if (alg == DST_ALG_HMACMD5) {
-		fprintf(stderr, "warning: use of hmac-md5 for RNDC keys "
-				"is deprecated; hmac-sha256 is now "
-				"recommended.\n");
+		fprintf(stderr,
+			"warning: use of hmac-md5 for RNDC keys "
+			"is deprecated; hmac-sha256 is now recommended.\n");
 	}
 
-	if (keysize < 0) {
+	if (keysize < 0)
 		keysize = alg_bits(alg);
-	}
 	algname = alg_totext(alg);
 
 	isc_mem_create(&mctx);
@@ -265,16 +256,16 @@ options {\n\
 # End of named.conf\n",
 		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), keyname,
-		       serveraddr, port, keyname, algname,
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       keyname, serveraddr, port,
+		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), serveraddr,
-		       port, serveraddr, keyname);
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       serveraddr, port, serveraddr, keyname);
 	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/rndc-confgen.docbook

@@ -45,7 +45,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/rndc-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/unix/os.c

@@ -9,17 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <errno.h>
+#include <confgen/os.h>
+
 #include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
 #include <pwd.h>
+#include <errno.h>
 #include <stdio.h>
 #include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <confgen/os.h>
 
 int
 set_user(FILE *fd, const char *user) {

bin/confgen/util.c

@@ -9,16 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "util.h"
 #include <stdarg.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include <isc/print.h>
 
+#include "util.h"
+
 extern bool verbose;
 extern const char *progname;
 

bin/confgen/util.h

@@ -9,25 +9,27 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1
 
 /*! \file */
 
-#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/platform.h>
 
-#define NS_CONTROL_PORT 953
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT		953
 
 #undef DO
-#define DO(name, function)                                                \
-	do {                                                              \
-		result = function;                                        \
-		if (result != ISC_R_SUCCESS)                              \
+#define DO(name, function) \
+	do { \
+		result = function; \
+		if (result != ISC_R_SUCCESS) \
 			fatal("%s: %s", name, isc_result_totext(result)); \
-		else                                                      \
-			notify("%s", name);                               \
+		else \
+			notify("%s", name); \
 	} while (0)
 
 ISC_LANG_BEGINDECLS
@@ -37,7 +39,7 @@ notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
-	ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 ISC_LANG_ENDDECLS
 

bin/confgen/win32/os.c

@@ -9,16 +9,16 @@
  * information regarding copyright ownership.
  */
 
-#include <errno.h>
-#include <fcntl.h>
-#include <io.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
 #include <confgen/os.h>
 
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <io.h>
+#include <sys/stat.h>
+
 int
 set_user(FILE *fd, const char *user) {
 	return (0);

bin/delv/Makefile.in

@@ -25,7 +25,8 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -36,6 +37,7 @@ IRSDEPLIBS =	../../lib/irs/libirs.@A@
 DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
 
 LIBS =		${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
 
 SUBDIRS =
 

bin/delv/delv.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,7 +144,7 @@ options\&.
 Note: When reading the trust anchor file,
 \fBdelv\fR
 treats
-\fBtrust\-anchors\fR\fBinitial\-key\fR
+\fBdnssec\-keys\fR\fBinitial\-key\fR
 and
 \fBstatic\-key\fR
 entries identically\&. That is, even if a key is configured with
@@ -433,5 +433,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.docbook

@@ -40,7 +40,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/delv/delv.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -197,7 +197,7 @@
 	  </p>
 	  <p>
 	    Note: When reading the trust anchor file,
-	    <span class="command"><strong>delv</strong></span> treats <code class="option">trust-anchors</code>
+	    <span class="command"><strong>delv</strong></span> treats <code class="option">dnssec-keys</code>
 	    <code class="option">initial-key</code> and <code class="option">static-key</code>
 	    entries identically.  That is, even if a key is configured
 	    with <span class="command"><strong>initial-key</strong></span>, indicating that it is

bin/dig/Makefile.in

@@ -28,7 +28,8 @@ CWARNINGS =
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -43,6 +44,9 @@ DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
 LIBS =		${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
 		${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
 
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
+
 SUBDIRS =
 
 TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -849,5 +849,5 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/dig.docbook

@@ -53,7 +53,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dig/dig.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dig/host.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -269,5 +269,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/host.c

@@ -12,21 +12,21 @@
 /*! \file */
 
 #include <inttypes.h>
-#include <limits.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <limits.h>
 
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
-#endif /* ifdef HAVE_LOCALE_H */
+#endif
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -35,8 +35,8 @@
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
-#include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
 
 #include <dig/dig.h>
 
@@ -49,56 +49,83 @@ static dns_rdatatype_t list_type = dns_rdatatype_a;
 static bool printed_server = false;
 static bool ipv4only = false, ipv6only = false;
 
-static const char *opcodetext[] = { "QUERY",	  "IQUERY",	"STATUS",
-				    "RESERVED3",  "NOTIFY",	"UPDATE",
-				    "RESERVED6",  "RESERVED7",	"RESERVED8",
-				    "RESERVED9",  "RESERVED10", "RESERVED11",
-				    "RESERVED12", "RESERVED13", "RESERVED14",
-				    "RESERVED15" };
+static const char *opcodetext[] = {
+	"QUERY",
+	"IQUERY",
+	"STATUS",
+	"RESERVED3",
+	"NOTIFY",
+	"UPDATE",
+	"RESERVED6",
+	"RESERVED7",
+	"RESERVED8",
+	"RESERVED9",
+	"RESERVED10",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15"
+};
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 struct rtype {
 	unsigned int type;
 	const char *text;
 };
 
-struct rtype rtypes[] = { { 1, "has address" },
-			  { 2, "name server" },
-			  { 5, "is an alias for" },
-			  { 11, "has well known services" },
-			  { 12, "domain name pointer" },
-			  { 13, "host information" },
-			  { 15, "mail is handled by" },
-			  { 16, "descriptive text" },
-			  { 19, "x25 address" },
-			  { 20, "ISDN address" },
-			  { 24, "has signature" },
-			  { 25, "has key" },
-			  { 28, "has IPv6 address" },
-			  { 29, "location" },
-			  { 0, NULL } };
+struct rtype rtypes[] = {
+	{ 1, 	"has address" },
+	{ 2, 	"name server" },
+	{ 5, 	"is an alias for" },
+	{ 11,	"has well known services" },
+	{ 12,	"domain name pointer" },
+	{ 13,	"host information" },
+	{ 15,	"mail is handled by" },
+	{ 16,	"descriptive text" },
+	{ 19,	"x25 address" },
+	{ 20,	"ISDN address" },
+	{ 24,	"has signature" },
+	{ 25,	"has key" },
+	{ 28,	"has IPv6 address" },
+	{ 29,	"location" },
+	{ 0, NULL }
+};
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -106,38 +133,35 @@ show_usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 show_usage(void) {
-	fputs("Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W "
-	      "time]\n"
-	      "            [-R number] [-m flag] [-p port] hostname [server]\n"
-	      "       -a is equivalent to -v -t ANY\n"
-	      "       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
-	      "       -c specifies query class for non-IN data\n"
-	      "       -C compares SOA records on authoritative nameservers\n"
-	      "       -d is equivalent to -v\n"
-	      "       -l lists all hosts in a domain, using AXFR\n"
-	      "       -m set memory debugging flag (trace|record|usage)\n"
-	      "       -N changes the number of dots allowed before root lookup "
-	      "is done\n"
-	      "       -p specifies the port on the server to query\n"
-	      "       -r disables recursive processing\n"
-	      "       -R specifies number of retries for UDP packets\n"
-	      "       -s a SERVFAIL response should stop query\n"
-	      "       -t specifies the query type\n"
-	      "       -T enables TCP/IP mode\n"
-	      "       -U enables UDP mode\n"
-	      "       -v enables verbose output\n"
-	      "       -V print version number and exit\n"
-	      "       -w specifies to wait forever for a reply\n"
-	      "       -W specifies how long to wait for a reply\n"
-	      "       -4 use IPv4 query transport only\n"
-	      "       -6 use IPv6 query transport only\n",
-	      stderr);
+	fputs(
+"Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]\n"
+"            [-R number] [-m flag] hostname [server]\n"
+"       -a is equivalent to -v -t ANY\n"
+"       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
+"       -c specifies query class for non-IN data\n"
+"       -C compares SOA records on authoritative nameservers\n"
+"       -d is equivalent to -v\n"
+"       -l lists all hosts in a domain, using AXFR\n"
+"       -m set memory debugging flag (trace|record|usage)\n"
+"       -N changes the number of dots allowed before root lookup is done\n"
+"       -r disables recursive processing\n"
+"       -R specifies number of retries for UDP packets\n"
+"       -s a SERVFAIL response should stop query\n"
+"       -t specifies the query type\n"
+"       -T enables TCP/IP mode\n"
+"       -U enables UDP mode\n"
+"       -v enables verbose output\n"
+"       -V print version number and exit\n"
+"       -w specifies to wait forever for a reply\n"
+"       -W specifies how long to wait for a reply\n"
+"       -4 use IPv4 query transport only\n"
+"       -6 use IPv6 query transport only\n", stderr);
 	exit(1);
 }
 
 static void
 host_shutdown(void) {
-	(void)isc_app_shutdown();
+	(void) isc_app_shutdown();
 }
 
 static void
@@ -149,9 +173,9 @@ received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 		char fromtext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
 		TIME_NOW(&now);
-		diff = (int)isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n", bytes, fromtext,
-		       diff / 1000);
+		diff = (int) isc_time_microdiff(&now, &query->time_sent);
+		printf("Received %u bytes from %s in %d ms\n",
+		       bytes, fromtext, diff/1000);
 	}
 }
 
@@ -159,14 +183,14 @@ static void
 trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
-	if (!short_form) {
+	if (!short_form)
 		printf("Trying \"%s\"\n", frm);
-	}
 }
 
 static void
 say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
-	    dig_query_t *query) {
+	    dig_query_t *query)
+{
 	isc_buffer_t *b = NULL;
 	char namestr[DNS_NAME_FORMATSIZE];
 	isc_region_t r;
@@ -174,8 +198,9 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	unsigned int bufsize = BUFSIZ;
 
 	dns_name_format(name, namestr, sizeof(namestr));
-retry:
-	isc_buffer_allocate(mctx, &b, bufsize);
+ retry:
+	result = isc_buffer_allocate(mctx, &b, bufsize);
+	check_result(result, "isc_buffer_allocate");
 	result = dns_rdata_totext(rdata, NULL, b);
 	if (result == ISC_R_NOSPACE) {
 		isc_buffer_free(&b);
@@ -185,9 +210,11 @@ retry:
 	check_result(result, "dns_rdata_totext");
 	isc_buffer_usedregion(b, &r);
 	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t", query->servname);
+		printf("Nameserver %s:\n\t",
+			query->servname);
 	}
-	printf("%s %s %.*s", namestr, msg, (int)r.length, (char *)r.base);
+	printf("%s %s %.*s", namestr,
+	       msg, (int)r.length, (char *)r.base);
 	if (query->lookup->identify) {
 		printf(" on server %s", query->servname);
 	}
@@ -197,7 +224,9 @@ retry:
 
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers, dig_query_t *query) {
+	     const char *section_name, bool headers,
+	     dig_query_t *query)
+{
 	dns_name_t *name, *print_name;
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -209,24 +238,21 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	bool first;
 	bool no_rdata;
 
-	if (sectionid == DNS_SECTION_QUESTION) {
+	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = true;
-	} else {
+	else
 		no_rdata = false;
-	}
 
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", section_name);
-	}
 
 	dns_name_init(&empty_name, NULL);
 
 	result = dns_message_firstname(msg, sectionid);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	for (;;) {
 		name = NULL;
@@ -236,9 +262,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		first = true;
 		print_name = name;
 
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (query->lookup->rdtype == dns_rdatatype_axfr &&
 			    !((!list_addresses &&
 			       (list_type == dns_rdatatype_any ||
@@ -248,39 +274,36 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 				rdataset->type == dns_rdatatype_aaaa ||
 				rdataset->type == dns_rdatatype_ns ||
 				rdataset->type == dns_rdatatype_ptr))))
-			{
 				continue;
-			}
 			if (list_almost_all &&
-			    (rdataset->type == dns_rdatatype_rrsig ||
-			     rdataset->type == dns_rdatatype_nsec ||
-			     rdataset->type == dns_rdatatype_nsec3))
-			{
+			       (rdataset->type == dns_rdatatype_rrsig ||
+				rdataset->type == dns_rdatatype_nsec ||
+				rdataset->type == dns_rdatatype_nsec3))
 				continue;
-			}
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
-							     print_name, false,
-							     no_rdata, &target);
-				if (result != ISC_R_SUCCESS) {
+							     print_name,
+							     false,
+							     no_rdata,
+							     &target);
+				if (result != ISC_R_SUCCESS)
 					return (result);
-				}
 #ifdef USEINITALWS
 				if (first) {
 					print_name = &empty_name;
 					first = false;
 				}
-#else  /* ifdef USEINITALWS */
+#else
 				UNUSED(first); /* Shut up compiler. */
-#endif /* ifdef USEINITALWS */
+#endif
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
 					struct rtype *t;
 					const char *rtt;
 					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE +
-						      20];
+					char typebuf2[DNS_RDATATYPE_FORMATSIZE
+						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
 
 					for (t = rtypes; t->text != NULL; t++) {
@@ -297,8 +320,8 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 						 "has %s record", typebuf);
 					rtt = typebuf2;
 				found:
-					say_message(print_name, rtt, &rdata,
-						    query);
+					say_message(print_name, rtt,
+						    &rdata, query);
 					dns_rdata_reset(&rdata);
 					loopresult =
 						dns_rdataset_next(rdataset);
@@ -307,19 +330,18 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		}
 		if (!short_form) {
 			isc_buffer_usedregion(&target, &r);
-			if (no_rdata) {
-				printf(";%.*s", (int)r.length, (char *)r.base);
-			} else {
+			if (no_rdata)
+				printf(";%.*s", (int)r.length,
+				       (char *)r.base);
+			else
 				printf("%.*s", (int)r.length, (char *)r.base);
-			}
 		}
 
 		result = dns_message_nextname(msg, sectionid);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
 	return (ISC_R_SUCCESS);
@@ -327,23 +349,24 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 
 static isc_result_t
 printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
-	   const dns_name_t *owner, const char *set_name, bool headers) {
+	   const dns_name_t *owner, const char *set_name,
+	   bool headers)
+{
 	isc_buffer_t target;
 	isc_result_t result;
 	isc_region_t r;
 	char tbuf[4096];
 
 	UNUSED(msg);
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", set_name);
-	}
 
 	isc_buffer_init(&target, tbuf, sizeof(tbuf));
 
-	result = dns_rdataset_totext(rdataset, owner, false, false, &target);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_rdataset_totext(rdataset, owner, false, false,
+				     &target);
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	isc_buffer_usedregion(&target, &r);
 	printf("%.*s", (int)r.length, (char *)r.base);
 
@@ -363,9 +386,8 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
 					      dns_rdatatype_cname, 0, NULL,
 					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
@@ -378,8 +400,9 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	bool did_flag = false;
 	dns_rdataset_t *opt, *tsig = NULL;
 	const dns_name_t *tsigname;
@@ -400,7 +423,8 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		printf("Using domain server:\n");
 		printf("Name: %s\n", query->userarg);
-		isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
+		isc_sockaddr_format(&query->sockaddr, sockstr,
+				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
 		printed_server = true;
@@ -410,20 +434,17 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
 
-		if (query->lookup->identify_previous_line) {
+		if (query->lookup->identify_previous_line)
 			printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
 			       query->servname,
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		} else {
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
+		else
 			printf("Host %s not found: %d(%s)\n",
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		}
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
 		return (ISC_R_SUCCESS);
 	}
 
@@ -501,70 +522,60 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		       msg->counts[DNS_SECTION_AUTHORITY],
 		       msg->counts[DNS_SECTION_ADDITIONAL]);
 		opt = dns_message_getopt(msg);
-		if (opt != NULL) {
+		if (opt != NULL)
 			printf(";; EDNS: version: %u, udp=%u\n",
 			       (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
 			       (unsigned int)opt->rdclass);
-		}
 		tsigname = NULL;
 		tsig = dns_message_gettsig(msg, &tsigname);
-		if (tsig != NULL) {
+		if (tsig != NULL)
 			printf(";; PSEUDOSECTIONS: TSIG\n");
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) && !short_form)
-	{
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) &&
+	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		if (!short_form) {
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+		if (!short_form)
 			printf("\n");
-		}
 		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
 				      !short_form, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
 	    !short_form) {
 		printf("\n");
-		result = printsection(msg, DNS_SECTION_ADDITIONAL, "ADDITIONAL",
-				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		result = printsection(msg, DNS_SECTION_ADDITIONAL,
+				      "ADDITIONAL", true, query);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 	if ((tsig != NULL) && !short_form) {
 		printf("\n");
-		result = printrdata(msg, tsig, tsigname, "PSEUDOSECTION TSIG",
-				    true);
-		if (result != ISC_R_SUCCESS) {
+		result = printrdata(msg, tsig, tsigname,
+				    "PSEUDOSECTION TSIG", true);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!short_form) {
+	if (!short_form)
 		printf("\n");
-	}
 
 	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
-	{
+	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		char typestr[DNS_RDATATYPE_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
@@ -576,7 +587,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	return (result);
 }
 
-static const char *optstring = "46aAc:dilnm:p:rst:vVwCDN:R:TUW:";
+static const char * optstring = "46aAc:dilnm:rst:vVwCDN:R:TUW:";
 
 /*% version */
 static void
@@ -593,77 +604,52 @@ pre_parse_args(int argc, char **argv) {
 		case 'm':
 			memdebugging = true;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			} else if (strcasecmp("record",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("record",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			} else if (strcasecmp("usage",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("usage",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
 			break;
 
 		case '4':
-			if (ipv6only) {
+			if (ipv6only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv4only = true;
 			break;
 		case '6':
-			if (ipv4only) {
+			if (ipv4only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv6only = true;
 			break;
-		case 'a':
-			break;
-		case 'A':
-			break;
-		case 'c':
-			break;
-		case 'C':
-			break;
-		case 'd':
-			break;
+		case 'a': break;
+		case 'A': break;
+		case 'c': break;
+		case 'C': break;
+		case 'd': break;
 		case 'D':
-			if (debugging) {
+			if (debugging)
 				debugtiming = true;
-			}
 			debugging = true;
 			break;
-		case 'i':
-			break;
-		case 'l':
-			break;
-		case 'n':
-			break;
-		case 'N':
-			break;
-		case 'p':
-			break;
-		case 'r':
-			break;
-		case 'R':
-			break;
-		case 's':
-			break;
-		case 't':
-			break;
-		case 'T':
-			break;
-		case 'U':
-			break;
-		case 'v':
-			break;
+		case 'i': break;
+		case 'l': break;
+		case 'n': break;
+		case 'N': break;
+		case 'r': break;
+		case 'R': break;
+		case 's': break;
+		case 't': break;
+		case 'T': break;
+		case 'U': break;
+		case 'v': break;
 		case 'V':
-			version();
-			exit(0);
-			break;
-		case 'w':
-			break;
-		case 'W':
-			break;
+			  version();
+			  exit(0);
+			  break;
+		case 'w': break;
+		case 'W': break;
 		default:
 			show_usage();
 		}
@@ -689,7 +675,6 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	lookup = make_empty_lookup();
 
 	lookup->servfail_stops = false;
-	lookup->besteffort = false;
 	lookup->comments = false;
 	short_form = !verbose;
 
@@ -709,8 +694,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			lookup->recurse = false;
 			break;
 		case 't':
-			if (strncasecmp(isc_commandline_argument, "ixfr=", 5) ==
-			    0) {
+			if (strncasecmp(isc_commandline_argument,
+					"ixfr=", 5) == 0) {
 				rdtype = dns_rdatatype_ixfr;
 				/* XXXMPA add error checking */
 				serial = strtoul(isc_commandline_argument + 5,
@@ -719,8 +704,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			} else {
 				tr.base = isc_commandline_argument;
 				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(
-					&rdtype, (isc_textregion_t *)&tr);
+				result = dns_rdatatype_fromtext(&rdtype,
+						   (isc_textregion_t *)&tr);
 			}
 
 			if (result != ISC_R_SUCCESS) {
@@ -729,9 +714,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				      isc_commandline_argument);
 			}
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			}
 			lookup->rdtypeset = true;
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
@@ -743,20 +727,18 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				lookup->tcp_mode = true;
 				list_type = rdtype;
 			} else if (rdtype == dns_rdatatype_any) {
-				if (!lookup->tcp_mode_set) {
+				if (!lookup->tcp_mode_set)
 					lookup->tcp_mode = true;
-				}
-			} else {
+			} else
 				list_type = rdtype;
-			}
 			list_addresses = false;
 			default_lookups = false;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
 			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdataclass_fromtext(
-				&rdclass, (isc_textregion_t *)&tr);
+			result = dns_rdataclass_fromtext(&rdclass,
+						   (isc_textregion_t *)&tr);
 
 			if (result != ISC_R_SUCCESS) {
 				fatalexit = 2;
@@ -770,12 +752,11 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'A':
 			list_almost_all = true;
-		/* FALL THROUGH */
+			/* FALL THROUGH */
 		case 'a':
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
-			}
 			list_type = dns_rdatatype_any;
 			list_addresses = false;
 			lookup->rdtypeset = true;
@@ -800,15 +781,13 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'W':
 			timeout = atoi(isc_commandline_argument);
-			if (timeout < 1) {
+			if (timeout < 1)
 				timeout = 1;
-			}
 			break;
 		case 'R':
 			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2) {
+			if (tries < 2)
 				tries = 2;
-			}
 			break;
 		case 'T':
 			lookup->tcp_mode = true;
@@ -830,7 +809,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			default_lookups = false;
 			break;
 		case 'N':
-			debug("setting NDOTS to %s", isc_commandline_argument);
+			debug("setting NDOTS to %s",
+			      isc_commandline_argument);
 			ndots = atoi(isc_commandline_argument);
 			break;
 		case 'D':
@@ -845,31 +825,26 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 		case 's':
 			lookup->servfail_stops = true;
 			break;
-		case 'p':
-			port = atoi(isc_commandline_argument);
-			break;
 		}
 	}
 
 	lookup->retries = tries;
 
-	if (isc_commandline_index >= argc) {
+	if (isc_commandline_index >= argc)
 		show_usage();
-	}
 
 	strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 
 	if (argc > isc_commandline_index + 1) {
-		set_nameserver(argv[isc_commandline_index + 1]);
-		debug("server is %s", argv[isc_commandline_index + 1]);
+		set_nameserver(argv[isc_commandline_index+1]);
+		debug("server is %s", argv[isc_commandline_index+1]);
 		listed_server = true;
-	} else {
+	} else
 		check_ra = true;
-	}
 
 	lookup->pending = false;
-	if (get_reverse(store, sizeof(store), hostname, true) == ISC_R_SUCCESS)
-	{
+	if (get_reverse(store, sizeof(store), hostname, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -908,11 +883,10 @@ main(int argc, char **argv) {
 	setup_libs();
 	setup_system(ipv4only, ipv6only);
 	parse_args(false, argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();

bin/dig/host.docbook

@@ -48,7 +48,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -59,7 +58,6 @@
       <arg choice="opt" rep="norepeat"><option>-aACdlnrsTUwv</option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="port">port</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
@@ -215,15 +213,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the port on the server to query.  The default is 53.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-r</term>
 	<listitem>

bin/dig/host.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dig/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/dig/include/dig/dig.h

@@ -17,6 +17,10 @@
 #include <inttypes.h>
 #include <stdbool.h>
 
+#include <dns/rdatalist.h>
+
+#include <dst/dst.h>
+
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
 #include <isc/formatcheck.h>
@@ -28,24 +32,20 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#include <dns/rdatalist.h>
-
-#include <dst/dst.h>
-
 #ifdef __APPLE__
 #include <TargetConditionals.h>
-#endif /* ifdef __APPLE__ */
+#endif
 
 #define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT + 1)
-#define MXRD   32
+#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXRD 32
 /*% Buffer Size */
-#define BUFSIZE	 512
+#define BUFSIZE 512
 #define COMMSIZE 0xffff
 #ifndef RESOLV_CONF
 /*% location of resolve.conf */
 #define RESOLV_CONF "/etc/resolv.conf"
-#endif /* ifndef RESOLV_CONF */
+#endif
 /*% output buffer */
 #define OUTPUTBUF 32767
 /*% Max RR Limit */
@@ -77,111 +77,155 @@
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
-typedef struct dig_query  dig_query_t;
+typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-#define DIG_QUERY_MAGIC ISC_MAGIC('D', 'i', 'g', 'q')
+#define DIG_QUERY_MAGIC		ISC_MAGIC('D','i','g','q')
+
+#define DIG_VALID_QUERY(x)	ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
-#define DIG_VALID_QUERY(x) ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
 /*% The dig_lookup structure */
 struct dig_lookup {
-	bool pending, /*%< Pending a successful answer */
-		waiting_connect, doing_xfr, ns_search_only, /*%< dig
-							     * +nssearch,
-							     * host -C */
+	bool
+		pending, /*%< Pending a successful answer */
+		waiting_connect,
+		doing_xfr,
+		ns_search_only, /*%< dig +nssearch, host -C */
 		identify, /*%< Append an "on server <foo>" message */
 		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					 * message, with newline and tab */
-		ignore, recurse, aaonly, adflag, cdflag, raflag, tcflag, zflag,
-		trace,	    /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch
-			     * */
-		tcp_mode, tcp_mode_set, comments, stats, section_question,
-		section_answer, section_authority, section_additional,
-		servfail_stops, new_search, need_search, done_as_is, besteffort,
-		dnssec, expire, sendcookie, seenbadcookie, badcookie,
-		nsid, /*% Name Server ID (RFC 5001) */
-		tcp_keepalive, header_only, ednsneg, mapped,
-		print_unknown_format, multiline, nottl, noclass, onesoa,
-		use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
-		accept_reply_unexpected_src; /*%  print replies from
-					      * unexpected
-					      *   sources. */
-	char textname[MXNAME];		     /*% Name we're going to be
-					      * looking up */
-	char		 cmdline[MXNAME];
-	dns_rdatatype_t	 rdtype;
-	dns_rdatatype_t	 qrdtype;
+					   message, with newline and tab */
+		ignore,
+		recurse,
+		aaonly,
+		adflag,
+		cdflag,
+		raflag,
+		tcflag,
+		zflag,
+		trace, /*% dig +trace */
+		trace_root, /*% initial query for either +trace or +nssearch */
+		tcp_mode,
+		tcp_mode_set,
+		comments,
+		stats,
+		section_question,
+		section_answer,
+		section_authority,
+		section_additional,
+		servfail_stops,
+		new_search,
+		need_search,
+		done_as_is,
+		besteffort,
+		dnssec,
+		expire,
+		sendcookie,
+		seenbadcookie,
+		badcookie,
+		nsid,   /*% Name Server ID (RFC 5001) */
+		tcp_keepalive,
+		header_only,
+		ednsneg,
+		mapped,
+		print_unknown_format,
+		multiline,
+		nottl,
+		noclass,
+		onesoa,
+		use_usec,
+		nocrypto,
+		ttlunits,
+		idnin,
+		idnout,
+		expandaaaa,
+		qr,
+		accept_reply_unexpected_src;  /*%  print replies from unexpected
+						   sources. */
+	char textname[MXNAME]; /*% Name we're going to be looking up */
+	char cmdline[MXNAME];
+	dns_rdatatype_t rdtype;
+	dns_rdatatype_t qrdtype;
 	dns_rdataclass_t rdclass;
-	bool		 rdtypeset;
-	bool		 rdclassset;
-	char		 name_space[BUFSIZE];
-	char		 oname_space[BUFSIZE];
-	isc_buffer_t	 namebuf;
-	isc_buffer_t	 onamebuf;
-	isc_buffer_t	 renderbuf;
-	char *		 sendspace;
-	dns_name_t *	 name;
-	isc_interval_t	 interval;
-	dns_message_t *	 sendmsg;
-	dns_name_t *	 oname;
+	bool rdtypeset;
+	bool rdclassset;
+	char name_space[BUFSIZE];
+	char oname_space[BUFSIZE];
+	isc_buffer_t namebuf;
+	isc_buffer_t onamebuf;
+	isc_buffer_t renderbuf;
+	char *sendspace;
+	dns_name_t *name;
+	isc_interval_t interval;
+	dns_message_t *sendmsg;
+	dns_name_t *oname;
 	ISC_LINK(dig_lookup_t) link;
 	ISC_LIST(dig_query_t) q;
 	ISC_LIST(dig_query_t) connecting;
-	dig_query_t *	  current_query;
-	dig_serverlist_t  my_server_list;
+	dig_query_t *current_query;
+	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
-	dig_query_t *	  xfr_q;
-	uint32_t	  retries;
-	int		  nsfound;
-	uint16_t	  udpsize;
-	int16_t		  edns;
-	int16_t		  padding;
-	uint32_t	  ixfr_serial;
-	isc_buffer_t	  rdatabuf;
-	char		  rdatastore[MXNAME];
-	dst_context_t *	  tsigctx;
-	isc_buffer_t *	  querysig;
-	uint32_t	  msgcounter;
-	dns_fixedname_t	  fdomain;
-	isc_sockaddr_t *  ecs_addr;
-	char *		  cookie;
-	dns_ednsopt_t *	  ednsopts;
-	unsigned int	  ednsoptscnt;
-	isc_dscp_t	  dscp;
-	unsigned int	  ednsflags;
-	dns_opcode_t	  opcode;
-	int		  rrcomments;
-	unsigned int	  eoferr;
+	dig_query_t *xfr_q;
+	uint32_t retries;
+	int nsfound;
+	uint16_t udpsize;
+	int16_t edns;
+	int16_t padding;
+	uint32_t ixfr_serial;
+	isc_buffer_t rdatabuf;
+	char rdatastore[MXNAME];
+	dst_context_t *tsigctx;
+	isc_buffer_t *querysig;
+	uint32_t msgcounter;
+	dns_fixedname_t fdomain;
+	isc_sockaddr_t *ecs_addr;
+	char *cookie;
+	dns_ednsopt_t *ednsopts;
+	unsigned int ednsoptscnt;
+	isc_dscp_t dscp;
+	unsigned int ednsflags;
+	dns_opcode_t opcode;
+	int rrcomments;
+	unsigned int eoferr;
 };
 
 /*% The dig_query structure */
 struct dig_query {
-	unsigned int  magic;
+	unsigned int magic;
 	dig_lookup_t *lookup;
-	bool waiting_connect, pending_free, waiting_senddone, first_pass,
-		first_soa_rcvd, second_rr_rcvd, first_repeat_rcvd, recv_made,
-		warn_id, timedout;
-	uint32_t      first_rr_serial;
-	uint32_t      second_rr_serial;
-	uint32_t      msg_count;
-	uint32_t      rr_count;
-	bool	      ixfr_axfr;
-	char *	      servname;
-	char *	      userarg;
-	isc_buffer_t  recvbuf, lengthbuf, tmpsendbuf, sendbuf;
-	char *	      recvspace, *tmpsendspace, lengthspace[4];
+	bool waiting_connect,
+		pending_free,
+		waiting_senddone,
+		first_pass,
+		first_soa_rcvd,
+		second_rr_rcvd,
+		first_repeat_rcvd,
+		recv_made,
+		warn_id,
+		timedout;
+	uint32_t first_rr_serial;
+	uint32_t second_rr_serial;
+	uint32_t msg_count;
+	uint32_t rr_count;
+	bool ixfr_axfr;
+	char *servname;
+	char *userarg;
+	isc_buffer_t recvbuf,
+		lengthbuf,
+		tmpsendbuf,
+		sendbuf;
+	char *recvspace, *tmpsendspace,
+		lengthspace[4];
 	isc_socket_t *sock;
 	ISC_LINK(dig_query_t) link;
 	ISC_LINK(dig_query_t) clink;
 	isc_sockaddr_t sockaddr;
-	isc_time_t     time_sent;
-	isc_time_t     time_recv;
-	uint64_t       byte_count;
-	isc_timer_t *  timer;
+	isc_time_t time_sent;
+	isc_time_t time_recv;
+	uint64_t byte_count;
+	isc_timer_t *timer;
 };
 
 struct dig_server {
@@ -202,38 +246,38 @@ typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
  * Externals from dighost.c
  */
 
-extern dig_lookuplist_t	    lookup_list;
-extern dig_serverlist_t	    server_list;
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
 extern dig_searchlistlist_t search_list;
-extern unsigned int	    extrabytes;
+extern unsigned int extrabytes;
 
-extern bool check_ra, have_ipv4, have_ipv6, specified_source, usesearch,
-	showsearch, yaml;
-extern in_port_t	 port;
-extern unsigned int	 timeout;
-extern isc_mem_t *	 mctx;
-extern int		 sendcount;
-extern int		 ndots;
-extern int		 lookup_counter;
-extern int		 exitcode;
-extern isc_sockaddr_t	 bind_address;
-extern char		 keynametext[MXNAME];
-extern char		 keyfile[MXNAME];
-extern char		 keysecret[MXNAME];
+extern bool check_ra, have_ipv4, have_ipv6, specified_source,
+	usesearch, showsearch, yaml;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
 extern const dns_name_t *hmacname;
-extern unsigned int	 digestbits;
-extern dns_tsigkey_t *	 tsigkey;
-extern bool		 validated;
-extern isc_taskmgr_t *	 taskmgr;
-extern isc_task_t *	 global_task;
-extern bool		 free_now;
-extern bool		 debugging, debugtiming, memdebugging;
-extern bool		 keep_open;
+extern unsigned int digestbits;
+extern dns_tsigkey_t *tsigkey;
+extern bool validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern bool free_now;
+extern bool debugging, debugtiming, memdebugging;
+extern bool keep_open;
 
 extern char *progname;
-extern int   tries;
-extern int   fatalexit;
-extern bool  verbose;
+extern int tries;
+extern int fatalexit;
+extern bool verbose;
 
 /*
  * Routines in dighost.c.
@@ -249,13 +293,14 @@ get_reverse(char *reverse, size_t len, char *value, bool strict);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
-	ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 void
 warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 ISC_PLATFORM_NORETURN_PRE void
-digexit(void) ISC_PLATFORM_NORETURN_POST;
+digexit(void)
+ISC_PLATFORM_NORETURN_POST;
 
 void
 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
@@ -288,10 +333,12 @@ void
 setup_system(bool ipv4only, bool ipv6only);
 
 isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_uint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_xint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
 parse_netprefix(isc_sockaddr_t **sap, const char *value);
@@ -318,7 +365,8 @@ void
 set_nameserver(char *opt);
 
 void
-clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest);
+clone_server_list(dig_serverlist_t src,
+		  dig_serverlist_t *dest);
 
 void
 cancel_all(void);
@@ -333,50 +381,54 @@ set_search_domain(char *domain);
  * Routines to be defined in dig.c, host.c, and nslookup.c. and
  * then assigned to the appropriate function pointer
  */
-extern isc_result_t (*dighost_printmessage)(dig_query_t *	query,
-					    const isc_buffer_t *msgbuf,
-					    dns_message_t *msg, bool headers);
+extern isc_result_t
+(*dighost_printmessage)(dig_query_t *query, const isc_buffer_t *msgbuf,
+			dns_message_t *msg, bool headers);
 
 /*
  * Print an error message in the appropriate format.
  */
-extern void (*dighost_error)(const char *format, ...);
+extern void
+(*dighost_error)(const char *format, ...);
 
 /*
  * Print a warning message in the appropriate format.
  */
-extern void (*dighost_warning)(const char *format, ...);
+extern void
+(*dighost_warning)(const char *format, ...);
 
 /*
  * Print a comment in the appropriate format.
  */
-extern void (*dighost_comments)(dig_lookup_t *lookup, const char *format, ...);
+extern void
+(*dighost_comments)(dig_lookup_t *lookup, const char *format, ...);
 
 /*%<
  * Print the final result of the lookup.
  */
 
-extern void (*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
-				dig_query_t *query);
+extern void
+(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
+		    dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
  * output of "dig".
  */
 
-extern void (*dighost_trying)(char *frm, dig_lookup_t *lookup);
+extern void
+(*dighost_trying)(char *frm, dig_lookup_t *lookup);
 
-extern void (*dighost_shutdown)(void);
+extern void
+(*dighost_shutdown)(void);
 
-extern void (*dighost_pre_exit_hook)(void);
+extern void
+(*dighost_pre_exit_hook)(void);
 
-void
-save_opt(dig_lookup_t *lookup, char *code, char *value);
+void save_opt(dig_lookup_t *lookup, char *code, char *value);
 
-void
-setup_file_key(void);
-void
-setup_text_key(void);
+void setup_file_key(void);
+void setup_text_key(void);
 
 /*
  * Routines exported from dig.c for use by dig for iOS
@@ -415,4 +467,4 @@ dig_shutdown(void);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef DIG_H */
+#endif

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -233,10 +233,7 @@ Change the default TCP/UDP name server port to
 .RS 4
 Change the type of the information query\&.
 .sp
-(Default = A and then AAAA; abbreviations = q, ty)
-.sp
-\fBNote:\fR
-It is only possible to specify one query type, only the default behavior looks up both when an alternative is not specified\&.
+(Default = A; abbreviations = q, ty)
 .RE
 .PP
 \fB\fI[no]\fR\fR\fBrecurse\fR
@@ -304,5 +301,5 @@ runs or when the standard output is not a tty\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -18,22 +18,22 @@
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/event.h>
-#include <isc/netaddr.h>
 #include <isc/parseint.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
+#include <isc/netaddr.h>
 
-#include <dns/byaddr.h>
-#include <dns/fixedname.h>
 #include <dns/message.h>
 #include <dns/name.h>
+#include <dns/fixedname.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
 #include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/byaddr.h>
 
 #include <dig/dig.h>
 
@@ -42,23 +42,25 @@
 #include <edit/readline/readline.h>
 #if defined(HAVE_EDIT_READLINE_HISTORY_H)
 #include <edit/readline/history.h>
-#endif /* if defined(HAVE_EDIT_READLINE_HISTORY_H) */
+#endif
 #elif defined(HAVE_EDITLINE_READLINE_H)
 #include <editline/readline.h>
 #elif defined(HAVE_READLINE_READLINE_H)
 #include <readline/readline.h>
-#if defined(HAVE_READLINE_HISTORY_H)
+#if defined (HAVE_READLINE_HISTORY_H)
 #include <readline/history.h>
-#endif /* if defined(HAVE_READLINE_HISTORY_H) */
-#endif /* if defined(HAVE_EDIT_READLINE_READLINE_H) */
-#endif /* if defined(HAVE_READLINE) */
+#endif
+#endif
+#endif
 
-static bool short_form = true, tcpmode = false, tcpmode_set = false,
-	    identify = false, stats = true, comments = true,
-	    section_question = true, section_answer = true,
-	    section_authority = true, section_additional = true, recurse = true,
-	    aaonly = false, nofail = true, default_lookups = true,
-	    a_noanswer = false;
+static bool short_form = true,
+	tcpmode = false, tcpmode_set = false,
+	identify = false, stats = true,
+	comments = true, section_question = true,
+	section_answer = true, section_authority = true,
+	section_additional = true, recurse = true,
+	aaonly = false, nofail = true,
+	default_lookups = true, a_noanswer = false;
 
 static bool interactive;
 
@@ -70,80 +72,91 @@ static int query_error = 1, print_error = 0;
 
 static char domainopt[DNS_NAME_MAXTEXT];
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 static const char *rtypetext[] = {
-	"rtype_0 = ",	       /* 0 */
-	"internet address = ", /* 1 */
-	"nameserver = ",       /* 2 */
-	"md = ",	       /* 3 */
-	"mf = ",	       /* 4 */
-	"canonical name = ",   /* 5 */
-	"soa = ",	       /* 6 */
-	"mb = ",	       /* 7 */
-	"mg = ",	       /* 8 */
-	"mr = ",	       /* 9 */
-	"rtype_10 = ",	       /* 10 */
-	"protocol = ",	       /* 11 */
-	"name = ",	       /* 12 */
-	"hinfo = ",	       /* 13 */
-	"minfo = ",	       /* 14 */
-	"mail exchanger = ",   /* 15 */
-	"text = ",	       /* 16 */
-	"rp = ",	       /* 17 */
-	"afsdb = ",	       /* 18 */
-	"x25 address = ",      /* 19 */
-	"isdn address = ",     /* 20 */
-	"rt = ",	       /* 21 */
-	"nsap = ",	       /* 22 */
-	"nsap_ptr = ",	       /* 23 */
-	"signature = ",	       /* 24 */
-	"key = ",	       /* 25 */
-	"px = ",	       /* 26 */
-	"gpos = ",	       /* 27 */
-	"has AAAA address ",   /* 28 */
-	"loc = ",	       /* 29 */
-	"next = ",	       /* 30 */
-	"rtype_31 = ",	       /* 31 */
-	"rtype_32 = ",	       /* 32 */
-	"service = ",	       /* 33 */
-	"rtype_34 = ",	       /* 34 */
-	"naptr = ",	       /* 35 */
-	"kx = ",	       /* 36 */
-	"cert = ",	       /* 37 */
-	"v6 address = ",       /* 38 */
-	"dname = ",	       /* 39 */
-	"rtype_40 = ",	       /* 40 */
-	"optional = "	       /* 41 */
+	"rtype_0 = ",			/* 0 */
+	"internet address = ",		/* 1 */
+	"nameserver = ",		/* 2 */
+	"md = ",			/* 3 */
+	"mf = ",			/* 4 */
+	"canonical name = ",		/* 5 */
+	"soa = ",			/* 6 */
+	"mb = ",			/* 7 */
+	"mg = ",			/* 8 */
+	"mr = ",			/* 9 */
+	"rtype_10 = ",			/* 10 */
+	"protocol = ",			/* 11 */
+	"name = ",			/* 12 */
+	"hinfo = ",			/* 13 */
+	"minfo = ",			/* 14 */
+	"mail exchanger = ",		/* 15 */
+	"text = ",			/* 16 */
+	"rp = ",       			/* 17 */
+	"afsdb = ",			/* 18 */
+	"x25 address = ",		/* 19 */
+	"isdn address = ",		/* 20 */
+	"rt = ",			/* 21 */
+	"nsap = ",			/* 22 */
+	"nsap_ptr = ",			/* 23 */
+	"signature = ",			/* 24 */
+	"key = ",			/* 25 */
+	"px = ",			/* 26 */
+	"gpos = ",			/* 27 */
+	"has AAAA address ",		/* 28 */
+	"loc = ",			/* 29 */
+	"next = ",			/* 30 */
+	"rtype_31 = ",			/* 31 */
+	"rtype_32 = ",			/* 32 */
+	"service = ",			/* 33 */
+	"rtype_34 = ",			/* 34 */
+	"naptr = ",			/* 35 */
+	"kx = ",			/* 36 */
+	"cert = ",			/* 37 */
+	"v6 address = ",		/* 38 */
+	"dname = ",			/* 39 */
+	"rtype_40 = ",			/* 40 */
+	"optional = "			/* 41 */
 };
 
 #define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
 
-static void
-flush_lookup_list(void);
-static void
-getinput(isc_task_t *task, isc_event_t *event);
+static void flush_lookup_list(void);
+static void getinput(isc_task_t *task, isc_event_t *event);
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
 static void
@@ -202,22 +215,22 @@ printrdata(dns_rdata_t *rdata) {
 	unsigned int size = 1024;
 	bool done = false;
 
-	if (rdata->type < N_KNOWN_RRTYPES) {
+	if (rdata->type < N_KNOWN_RRTYPES)
 		printf("%s", rtypetext[rdata->type]);
-	} else {
+	else
 		printf("rdata_%d = ", rdata->type);
-	}
 
 	while (!done) {
-		isc_buffer_allocate(mctx, &b, size);
+		result = isc_buffer_allocate(mctx, &b, size);
+		if (result != ISC_R_SUCCESS)
+			check_result(result, "isc_buffer_allocate");
 		result = dns_rdata_totext(rdata, NULL, b);
 		if (result == ISC_R_SUCCESS) {
 			printf("%.*s\n", (int)isc_buffer_usedlength(b),
 			       (char *)isc_buffer_base(b));
 			done = true;
-		} else if (result != ISC_R_NOSPACE) {
+		} else if (result != ISC_R_NOSPACE)
 			check_result(result, "dns_rdata_totext");
-		}
 		isc_buffer_free(&b);
 		size *= 2;
 	}
@@ -238,26 +251,25 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	debug("printsection()");
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 				switch (rdata.type) {
 				case dns_rdatatype_a:
 				case dns_rdatatype_aaaa:
-					if (section != DNS_SECTION_ANSWER) {
+					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
-					}
 					dns_name_format(name, namebuf,
 							sizeof(namebuf));
 					printf("Name:\t%s\n", namebuf);
@@ -282,9 +294,9 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -293,7 +305,7 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 
 static isc_result_t
 detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
-	      dns_section_t section) {
+	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
 	dns_rdataset_t *rdataset = NULL;
@@ -322,32 +334,36 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	}
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (section == DNS_SECTION_QUESTION) {
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("\t%s, ", namebuf);
-				dns_rdatatype_format(rdataset->type, namebuf,
+				dns_rdatatype_format(rdataset->type,
+						     namebuf,
 						     sizeof(namebuf));
 				printf("type = %s, ", namebuf);
 				dns_rdataclass_format(rdataset->rdclass,
-						      namebuf, sizeof(namebuf));
+						      namebuf,
+						      sizeof(namebuf));
 				printf("class = %s\n", namebuf);
 			}
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("    ->  %s\n", namebuf);
 
 				switch (rdata.type) {
@@ -364,9 +380,9 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -374,7 +390,8 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query)
+{
 	UNUSED(bytes);
 	UNUSED(from);
 	UNUSED(query);
@@ -397,11 +414,9 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 	while (i-- > 0) {
 		rdataset = NULL;
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-					      dns_rdatatype_cname, 0, NULL,
-					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+				dns_rdatatype_cname, 0, NULL, &rdataset);
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
@@ -414,8 +429,9 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
 	UNUSED(msgbuf);
@@ -425,7 +441,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	debug("printmessage()");
 
-	if (!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
+	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
 		isc_sockaddr_format(&query->sockaddr, servtext,
 				    sizeof(servtext));
 		printf("Server:\t\t%s\n", query->userarg);
@@ -446,10 +462,10 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	if (msg->rcode != 0) {
 		char nametext[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name, nametext,
-				sizeof(nametext));
-		printf("** server can't find %s: %s\n", nametext,
-		       rcode_totext(msg->rcode));
+		dns_name_format(query->lookup->name,
+				nametext, sizeof(nametext));
+		printf("** server can't find %s: %s\n",
+		       nametext, rcode_totext(msg->rcode));
 		debug("returning with rcode == 0");
 
 		/* the lookup failed */
@@ -457,7 +473,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		return (ISC_R_SUCCESS);
 	}
 
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+	if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dig_lookup_t *lookup;
 		dns_fixedname_t fixed;
@@ -481,32 +497,29 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	}
 
 	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
-	    (!default_lookups || query->lookup->rdtype == dns_rdatatype_a))
-	{
+	    ( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
 		puts("Non-authoritative answer:");
-	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
-	} else {
+	else {
 		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
-		{
 			a_noanswer = true;
-		} else if (!default_lookups ||
-			   (query->lookup->rdtype == dns_rdatatype_aaaa &&
-			    a_noanswer))
-		{
+
+		else if (!default_lookups ||
+			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
+			 a_noanswer ) )
 			printf("*** Can't find %s: No answer\n",
-			       query->lookup->textname);
-		}
+				query->lookup->textname);
 	}
 
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
 	    (query->lookup->rdtype != dns_rdatatype_a) &&
-	    (query->lookup->rdtype != dns_rdatatype_aaaa))
-	{
+	    (query->lookup->rdtype != dns_rdatatype_aaaa) ) {
 		puts("\nAuthoritative answers can be found from:");
-		printsection(query, msg, headers, DNS_SECTION_AUTHORITY);
-		printsection(query, msg, headers, DNS_SECTION_ADDITIONAL);
+		printsection(query, msg, headers,
+			     DNS_SECTION_AUTHORITY);
+		printsection(query, msg, headers,
+			     DNS_SECTION_ADDITIONAL);
 	}
 	return (ISC_R_SUCCESS);
 }
@@ -527,32 +540,32 @@ show_settings(bool full, bool serv_only) {
 		check_result(result, "get_address");
 
 		isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
-		printf("Default server: %s\nAddress: %s\n", srv->userarg,
-		       sockstr);
-		if (!full) {
+		printf("Default server: %s\nAddress: %s\n",
+			srv->userarg, sockstr);
+		if (!full)
 			return;
-		}
 		srv = ISC_LIST_NEXT(srv, link);
 	}
-	if (serv_only) {
+	if (serv_only)
 		return;
-	}
 	printf("\nSet options:\n");
-	printf("  %s\t\t\t%s\t\t%s\n", tcpmode ? "vc" : "novc",
-	       short_form ? "nodebug" : "debug", debugging ? "d2" : "nod2");
-	printf("  %s\t\t%s\n", usesearch ? "search" : "nosearch",
+	printf("  %s\t\t\t%s\t\t%s\n",
+	       tcpmode ? "vc" : "novc",
+	       short_form ? "nodebug" : "debug",
+	       debugging ? "d2" : "nod2");
+	printf("  %s\t\t%s\n",
+	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n", timeout,
-	       tries, port, ndots);
+	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n",
+	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
-	for (listent = ISC_LIST_HEAD(search_list); listent != NULL;
-	     listent = ISC_LIST_NEXT(listent, link))
-	{
-		printf("%s", listent->origin);
-		if (ISC_LIST_NEXT(listent, link) != NULL) {
-			printf("/");
-		}
+	for (listent = ISC_LIST_HEAD(search_list);
+	     listent != NULL;
+	     listent = ISC_LIST_NEXT(listent, link)) {
+		     printf("%s", listent->origin);
+		     if (ISC_LIST_NEXT(listent, link) != NULL)
+			     printf("/");
 	}
 	printf("\n");
 }
@@ -566,9 +579,9 @@ testtype(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query type: %s\n", typetext);
 		return (false);
 	}
@@ -583,9 +596,9 @@ testclass(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query class: %s\n", typetext);
 		return (false);
 	}
@@ -595,36 +608,32 @@ static void
 set_port(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 65535, "port");
-	if (result == ISC_R_SUCCESS) {
-		port = (uint16_t)n;
-	}
+	if (result == ISC_R_SUCCESS)
+		port = (uint16_t) n;
 }
 
 static void
 set_timeout(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		timeout = n;
-	}
 }
 
 static void
 set_tries(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		tries = n;
-	}
 }
 
 static void
 set_ndots(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 128, "ndots");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		ndots = n;
-	}
 }
 
 static void
@@ -642,13 +651,11 @@ setoption(char *opt) {
 	if (CHECKOPT("all", 3)) {
 		show_settings(true, false);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
-		if (testclass(&opt[6])) {
+		if (testclass(&opt[6]))
 			strlcpy(defclass, &opt[6], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
-		if (testclass(&opt[3])) {
+		if (testclass(&opt[3]))
 			strlcpy(defclass, &opt[3], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5])) {
 			strlcpy(deftype, &opt[5], sizeof(deftype));
@@ -730,9 +737,9 @@ setoption(char *opt) {
 	} else if (CHECKOPT("sil", 3)) {
 		/* deprecation_msg = false; */
 	} else if (CHECKOPT("fail", 3)) {
-		nofail = false;
+		nofail=false;
 	} else if (CHECKOPT("nofail", 5)) {
-		nofail = true;
+		nofail=true;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
 	} else {
@@ -768,7 +775,8 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, true) == ISC_R_SUCCESS) {
+	if (get_reverse(store, sizeof(store), opt, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -788,21 +796,18 @@ addlookup(char *opt) {
 	lookup->retries = tries;
 	lookup->udpsize = 0;
 	lookup->comments = comments;
-	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set) {
+	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
 		lookup->tcp_mode = true;
-	} else {
+	else
 		lookup->tcp_mode = tcpmode;
-	}
 	lookup->stats = stats;
 	lookup->section_question = section_question;
 	lookup->section_answer = section_answer;
 	lookup->section_authority = section_authority;
 	lookup->section_additional = section_additional;
 	lookup->new_search = true;
-	lookup->besteffort = false;
-	if (nofail) {
+	if (nofail)
 		lookup->servfail_stops = false;
-	}
 	ISC_LIST_INIT(lookup->q);
 	ISC_LINK_INIT(lookup, link);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -819,11 +824,11 @@ do_next_command(char *input) {
 		return;
 	}
 	arg = strtok_r(NULL, " \t\r\n", &last);
-	if ((strcasecmp(ptr, "set") == 0) && (arg != NULL)) {
+	if ((strcasecmp(ptr, "set") == 0) &&
+	    (arg != NULL))
 		setoption(arg);
-	} else if ((strcasecmp(ptr, "server") == 0) ||
-		   (strcasecmp(ptr, "lserver") == 0))
-	{
+	else if ((strcasecmp(ptr, "server") == 0) ||
+		 (strcasecmp(ptr, "lserver") == 0)) {
 		isc_app_block();
 		set_nameserver(arg);
 		check_ra = false;
@@ -831,16 +836,16 @@ do_next_command(char *input) {
 		show_settings(true, true);
 	} else if (strcasecmp(ptr, "exit") == 0) {
 		in_use = false;
-	} else if (strcasecmp(ptr, "help") == 0 || strcasecmp(ptr, "?") == 0) {
+	} else if (strcasecmp(ptr, "help") == 0 ||
+		   strcasecmp(ptr, "?") == 0) {
 		printf("The '%s' command is not yet implemented.\n", ptr);
 	} else if (strcasecmp(ptr, "finger") == 0 ||
-		   strcasecmp(ptr, "root") == 0 || strcasecmp(ptr, "ls") == 0 ||
-		   strcasecmp(ptr, "view") == 0)
-	{
+		   strcasecmp(ptr, "root") == 0 ||
+		   strcasecmp(ptr, "ls") == 0 ||
+		   strcasecmp(ptr, "view") == 0) {
 		printf("The '%s' command is not implemented.\n", ptr);
-	} else {
+	} else
 		addlookup(ptr);
-	}
 }
 
 static void
@@ -854,28 +859,24 @@ get_next_command(void) {
 	if (interactive) {
 #ifdef HAVE_READLINE
 		ptr = readline("> ");
-		if (ptr != NULL) {
+		if (ptr != NULL)
 			add_history(ptr);
-		}
-#else  /* ifdef HAVE_READLINE */
+#else
 		fputs("> ", stderr);
 		fflush(stderr);
 		ptr = fgets(buf, COMMSIZE, stdin);
-#endif /* ifdef HAVE_READLINE */
-	} else {
+#endif
+	} else
 		ptr = fgets(buf, COMMSIZE, stdin);
-	}
 	isc_app_unblock();
 	if (ptr == NULL) {
 		in_use = false;
-	} else {
+	} else
 		do_next_command(ptr);
-	}
 #ifdef HAVE_READLINE
-	if (interactive) {
+	if (interactive)
 		free(ptr);
-	}
-#endif /* ifdef HAVE_READLINE */
+#endif
 	isc_mem_free(mctx, buf);
 }
 
@@ -884,16 +885,16 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "   nslookup [-opt ...]             # interactive mode "
-			"using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] - server    # interactive mode "
-			"using 'server'\n");
-	fprintf(stderr, "   nslookup [-opt ...] host        # just look up "
-			"'host' using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] host server # just look up "
-			"'host' using 'server'\n");
-	exit(1);
+    fprintf(stderr, "Usage:\n");
+    fprintf(stderr,
+"   nslookup [-opt ...]             # interactive mode using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] - server    # interactive mode using 'server'\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host        # just look up 'host' using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host server # just look up 'host' using 'server'\n");
+    exit(1);
 }
 
 static void
@@ -909,9 +910,8 @@ parse_args(int argc, char **argv) {
 				exit(0);
 			} else if (argv[0][1] != 0) {
 				setoption(&argv[0][1]);
-			} else {
+			} else
 				have_lookup = true;
-			}
 		} else {
 			if (!have_lookup) {
 				have_lookup = true;
@@ -957,10 +957,10 @@ flush_lookup_list(void) {
 			s = ISC_LIST_NEXT(s, link);
 			ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
 			isc_mem_free(mctx, sp);
+
 		}
-		if (l->sendmsg != NULL) {
+		if (l->sendmsg != NULL)
 			dns_message_destroy(&l->sendmsg);
-		}
 		lp = l;
 		l = ISC_LIST_NEXT(l, link);
 		ISC_LIST_DEQUEUE(lookup_list, lp, link);
@@ -971,9 +971,8 @@ flush_lookup_list(void) {
 static void
 getinput(isc_task_t *task, isc_event_t *event) {
 	UNUSED(task);
-	if (global_event == NULL) {
+	if (global_event == NULL)
 		global_event = event;
-	}
 	while (in_use) {
 		get_next_command();
 		if (ISC_LIST_HEAD(lookup_list) != NULL) {
@@ -1010,19 +1009,17 @@ main(int argc, char **argv) {
 
 	setup_system(false, false);
 	parse_args(argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
-	if (domainopt[0] != '\0') {
+	if (domainopt[0] != '\0')
 		set_search_domain(domainopt);
-	}
-	if (in_use) {
-		result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
-	} else {
+	if (in_use)
+		result = isc_app_onrun(mctx, global_task, onrun_callback,
+				       NULL);
+	else
 		result = isc_app_onrun(mctx, global_task, getinput, NULL);
-	}
 	check_result(result, "isc_app_onrun");
 	in_use = !in_use;
 
@@ -1030,9 +1027,8 @@ main(int argc, char **argv) {
 
 	puts("");
 	debug("done, and starting to shut down");
-	if (global_event != NULL) {
+	if (global_event != NULL)
 		isc_event_free(&global_event);
-	}
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();

bin/dig/nslookup.docbook

@@ -72,7 +72,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -308,7 +307,7 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </para>
-                  <para>
+		  <para>
                     (Default = IN; abbreviation = cl)
                   </para>
                 </listitem>
@@ -318,10 +317,10 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </para>
-                  <para>
+		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
                   </para>
                 </listitem>
@@ -332,9 +331,9 @@ nslookup -query=hinfo  -timeout=10
                 <listitem>
                   <para>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </para>
-                  <para>
+		  <para>
                     (Default = nod2)
                   </para>
                 </listitem>
@@ -358,7 +357,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </para>
-                  <para>
+		  <para>
                     (Default = search)
                   </para>
                 </listitem>
@@ -370,7 +369,7 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
                   </para>
-                  <para>
+		  <para>
                     (Default = 53; abbreviation = po)
                   </para>
                 </listitem>
@@ -389,15 +388,9 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the type of the information query.
                   </para>
-                  <para>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <para>
+                    (Default = A; abbreviations = q, ty)
                   </para>
-                    <para>
-                      <emphasis role="bold">Note:</emphasis> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </para>
                 </listitem>
               </varlistentry>
 
@@ -409,7 +402,7 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </para>
-                  <para>
+		  <para>
                     (Default = recurse; abbreviation = [no]rec)
                   </para>
                 </listitem>
@@ -419,9 +412,9 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant>ndots=</constant><replaceable>number</replaceable></term>
                 <listitem>
                   <para>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </para>
                 </listitem>
               </varlistentry>
@@ -452,7 +445,7 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </para>
-                  <para>
+		  <para>
                     (Default = novc)
                   </para>
                 </listitem>
@@ -462,15 +455,15 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>fail</constant></term>
                 <listitem>
                   <para>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </para>
-                  <para>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </para>
+		  <para>
                     (Default = nofail)
                   </para>
-                </listitem>
-              </varlistentry>
+	        </listitem>
+	      </varlistentry>
 
             </variablelist>
           </para>

bin/dig/nslookup.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -229,17 +229,17 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </p>
-                  <p>
+		  <p>
                     (Default = IN; abbreviation = cl)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
                   <p>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </p>
-                  <p>
+		  <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
                   </p>
                 </dd>
@@ -247,9 +247,9 @@ nslookup -query=hinfo  -timeout=10
 <dd>
                   <p>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </p>
-                  <p>
+		  <p>
                     (Default = nod2)
                   </p>
                 </dd>
@@ -267,7 +267,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </p>
-                  <p>
+		  <p>
                     (Default = search)
                   </p>
                 </dd>
@@ -276,7 +276,7 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
                   </p>
-                  <p>
+		  <p>
                     (Default = 53; abbreviation = po)
                   </p>
                 </dd>
@@ -289,15 +289,9 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the type of the information query.
                   </p>
-                  <p>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <p>
+                    (Default = A; abbreviations = q, ty)
                   </p>
-                    <p>
-                      <span class="bold"><strong>Note:</strong></span> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
 <dd>
@@ -306,16 +300,16 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </p>
-                  <p>
+		  <p>
                     (Default = recurse; abbreviation = [no]rec)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
 <dd>
                   <p>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
@@ -337,21 +331,21 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </p>
-                  <p>
+		  <p>
                     (Default = novc)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
 <dd>
                   <p>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </p>
-                  <p>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </p>
+		  <p>
                     (Default = nofail)
                   </p>
-                </dd>
+	        </dd>
 </dl></div>
 <p>
           </p>

bin/dnssec/Makefile.in

@@ -23,7 +23,8 @@ CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS} ${ZLIB_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
@@ -33,6 +34,8 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
 
 LIBS =		${DNSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
 
+NOSYMLIBS =	${DNSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
+
 # Alphabetically
 TARGETS =	dnssec-cds@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
 		dnssec-importkey@EXEEXT@ dnssec-keyfromlabel@EXEEXT@ \

bin/dnssec/dnssec-cds.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -60,7 +60,7 @@ file generated by
 .PP
 The
 \fBdnssec\-cds\fR
-command uses special DNSSEC validation logic specified by RFC 7344\&. It requires that the CDS and/or CDNSKEY records are validly signed by a key represented in the existing DS records\&. This will typically be the pre\-existing key\-signing key (KSK)\&.
+command uses special DNSSEC validation logic specified by RFC 7344\&. It requires that the CDS and/or CDNSKEY records are validly signed by a key represented in the existing DS records\&. This will typicially be the pre\-existing key\-signing key (KSK)\&.
 .PP
 For protection against replay attacks, the signatures on the child records must not be older than they were on a previous run of
 \fBdnssec\-cds\fR\&. This time is obtained from the modification time of the
@@ -293,5 +293,5 @@ RFC 7344\&.
 .RE
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2017-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-cds.c

@@ -55,7 +55,7 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
@@ -75,9 +75,9 @@ static dns_fixedname_t fixed;
 static dns_name_t *name = NULL;
 static dns_rdataclass_t rdclass = dns_rdataclass_in;
 
-static const char *startstr = NULL; /* from which we derive notbefore */
-static isc_stdtime_t notbefore = 0; /* restrict sig inception times */
-static dns_rdata_rrsig_t oldestsig; /* for recording inception time */
+static const char *startstr  = NULL;	/* from which we derive notbefore */
+static isc_stdtime_t notbefore = 0;	/* restrict sig inception times */
+static dns_rdata_rrsig_t oldestsig;	/* for recording inception time */
 
 static int nkey; /* number of child zone DNSKEY records */
 
@@ -131,7 +131,7 @@ static dns_rdataset_t old_ds_set, new_ds_set;
 
 static keyinfo_t *old_key_tbl, *new_key_tbl;
 
-isc_buffer_t *new_ds_buf = NULL; /* backing store for new_ds_set */
+isc_buffer_t *new_ds_buf = NULL;	/* backing store for new_ds_set */
 
 static void
 verbose_time(int level, const char *msg, isc_stdtime_t time) {
@@ -150,7 +150,8 @@ verbose_time(int level, const char *msg, isc_stdtime_t time) {
 	if (verbose < 3) {
 		vbprintf(level, "%s %s\n", msg, timestr);
 	} else {
-		vbprintf(level, "%s %s (%" PRIu32 ")\n", msg, timestr, time);
+		vbprintf(level, "%s %s (%" PRIu32 ")\n",
+			 msg, timestr, time);
 	}
 }
 
@@ -172,15 +173,16 @@ initname(char *setname) {
 
 static void
 findset(dns_db_t *db, dns_dbnode_t *node, dns_rdatatype_t type,
-	dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
+	dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
+{
 	isc_result_t result;
 
 	dns_rdataset_init(rdataset);
 	if (sigrdataset != NULL) {
 		dns_rdataset_init(sigrdataset);
 	}
-	result = dns_db_findrdataset(db, node, NULL, type, 0, 0, rdataset,
-				     sigrdataset);
+	result = dns_db_findrdataset(db, node, NULL, type, 0, 0,
+				     rdataset, sigrdataset);
 	if (result != ISC_R_NOTFOUND) {
 		check_result(result, "dns_db_findrdataset()");
 	}
@@ -204,7 +206,8 @@ freelist(dns_rdataset_t *rdataset) {
 
 	dns_rdatalist_fromrdataset(rdataset, &rdlist);
 
-	for (rdata = ISC_LIST_HEAD(rdlist->rdata); rdata != NULL;
+	for (rdata = ISC_LIST_HEAD(rdlist->rdata);
+	     rdata != NULL;
 	     rdata = ISC_LIST_HEAD(rdlist->rdata))
 	{
 		ISC_LIST_UNLINK(rdlist->rdata, rdata, link);
@@ -233,14 +236,15 @@ static void
 load_db(const char *filename, dns_db_t **dbp, dns_dbnode_t **nodep) {
 	isc_result_t result;
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, dbp);
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, dbp);
 	check_result(result, "dns_db_create()");
 
-	result = dns_db_load(*dbp, filename, dns_masterformat_text,
-			     DNS_MASTER_HINT);
+	result = dns_db_load(*dbp, filename,
+			     dns_masterformat_text, DNS_MASTER_HINT);
 	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
+		fatal("can't load %s: %s", filename,
+		      isc_result_totext(result));
 	}
 
 	result = dns_db_findnode(*dbp, name, false, nodep);
@@ -268,8 +272,9 @@ load_child_sets(const char *file) {
 }
 
 static void
-get_dsset_name(char *filename, size_t size, const char *path,
-	       const char *suffix) {
+get_dsset_name(char *filename, size_t size,
+	       const char *path, const char *suffix)
+{
 	isc_result_t result;
 	isc_buffer_t buf;
 	size_t len;
@@ -313,7 +318,7 @@ get_dsset_name(char *filename, size_t size, const char *path,
 static void
 load_parent_set(const char *path) {
 	isc_result_t result;
-	dns_db_t *db = NULL;
+	dns_db_t *db   = NULL;
 	dns_dbnode_t *node = NULL;
 	isc_time_t modtime;
 	char filename[PATH_MAX + 1];
@@ -322,8 +327,8 @@ load_parent_set(const char *path) {
 
 	result = isc_file_getmodtime(filename, &modtime);
 	if (result != ISC_R_SUCCESS) {
-		fatal("could not get modification time of %s: %s", filename,
-		      isc_result_totext(result));
+		fatal("could not get modification time of %s: %s",
+		      filename, isc_result_totext(result));
 	}
 	notbefore = isc_time_seconds(&modtime);
 	if (startstr != NULL) {
@@ -337,8 +342,8 @@ load_parent_set(const char *path) {
 	findset(db, node, dns_rdatatype_ds, &old_ds_set, NULL);
 
 	if (!dns_rdataset_isassociated(&old_ds_set)) {
-		fatal("could not find DS records for %s in %s", namestr,
-		      filename);
+		fatal("could not find DS records for %s in %s",
+		      namestr, filename);
 	}
 
 	free_db(&db, &node);
@@ -360,11 +365,13 @@ formatset(dns_rdataset_t *rdataset) {
 	 * which just separates fields with spaces. The huge tab stop width
 	 * eliminates any tab characters.
 	 */
-	result = dns_master_stylecreate(&style, styleflags, 0, 0, 0, 0, 0,
-					1000000, 0, mctx);
+	result = dns_master_stylecreate(&style, styleflags,
+					0, 0, 0, 0, 0, 1000000, 0,
+					mctx);
 	check_result(result, "dns_master_stylecreate2 failed");
 
-	isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
+	result = isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
+	check_result(result, "printing DS records");
 	result = dns_master_rdatasettotext(name, rdataset, style, NULL, buf);
 
 	if ((result == ISC_R_SUCCESS) && isc_buffer_availablelength(buf) < 1) {
@@ -381,8 +388,9 @@ formatset(dns_rdataset_t *rdataset) {
 }
 
 static void
-write_parent_set(const char *path, const char *inplace, bool nsupdate,
-		 dns_rdataset_t *rdataset) {
+write_parent_set(const char *path, const char *inplace,
+		 bool nsupdate, dns_rdataset_t *rdataset)
+{
 	isc_result_t result;
 	isc_buffer_t *buf = NULL;
 	isc_region_t r;
@@ -433,8 +441,8 @@ write_parent_set(const char *path, const char *inplace, bool nsupdate,
 	result = isc_file_settime(tmpname, &filetime);
 	if (result != ISC_R_SUCCESS) {
 		isc_file_remove(tmpname);
-		fatal("can't set modification time of %s: %s", tmpname,
-		      isc_result_totext(result));
+		fatal("can't set modification time of %s: %s",
+		      tmpname, isc_result_totext(result));
 	}
 
 	if (inplace[0] != '\0') {
@@ -449,11 +457,13 @@ typedef enum { LOOSE, TIGHT } strictness_t;
  * Find out if any (C)DS record matches a particular (C)DNSKEY.
  */
 static bool
-match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
+match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
+{
 	isc_result_t result;
 	unsigned char dsbuf[DNS_DS_BUFFERSIZE];
 
-	for (result = dns_rdataset_first(dsset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset))
 	{
 		dns_rdata_ds_t ds;
@@ -472,8 +482,7 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
 		result = dns_ds_buildrdata(name, &ki->rdata, ds.digest_type,
 					   dsbuf, &newdsrdata);
 		if (result != ISC_R_SUCCESS) {
-			vbprintf(3,
-				 "dns_ds_buildrdata("
+			vbprintf(3, "dns_ds_buildrdata("
 				 "keytag=%d, algo=%d, digest=%d): %s\n",
 				 ds.key_tag, ds.algorithm, ds.digest_type,
 				 dns_result_totext(result));
@@ -484,22 +493,23 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
 		dsrdata.type = dns_rdatatype_ds;
 		if (dns_rdata_compare(&dsrdata, &newdsrdata) == 0) {
 			vbprintf(1, "found matching %s %d %d %d\n",
-				 c ? "CDS" : "DS", ds.key_tag, ds.algorithm,
-				 ds.digest_type);
+				 c ? "CDS" : "DS",
+				 ds.key_tag, ds.algorithm, ds.digest_type);
 			return (true);
 		} else if (strictness == TIGHT) {
-			vbprintf(0,
-				 "key does not match %s %d %d %d "
-				 "when it looks like it should\n",
-				 c ? "CDS" : "DS", ds.key_tag, ds.algorithm,
-				 ds.digest_type);
+			vbprintf(0, "key does not match %s %d %d %d "
+				"when it looks like it should\n",
+				 c ? "CDS" : "DS",
+				 ds.key_tag, ds.algorithm, ds.digest_type);
 			return (false);
 		}
 	}
 
 	vbprintf(1, "no matching %s for %s %d %d\n",
-		 dsset->type == dns_rdatatype_cds ? "CDS" : "DS",
-		 ki->rdata.type == dns_rdatatype_cdnskey ? "CDNSKEY" : "DNSKEY",
+		 dsset->type == dns_rdatatype_cds
+		 ? "CDS" : "DS",
+		 ki->rdata.type == dns_rdatatype_cdnskey
+		 ? "CDNSKEY" : "DNSKEY",
 		 ki->tag, ki->algo);
 
 	return (false);
@@ -511,7 +521,8 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness) {
  */
 static keyinfo_t *
 match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
-		   strictness_t strictness) {
+		   strictness_t strictness)
+{
 	isc_result_t result;
 	keyinfo_t *keytable;
 	int i;
@@ -521,7 +532,8 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 	keytable = isc_mem_get(mctx, sizeof(keyinfo_t) * nkey);
 
 	for (result = dns_rdataset_first(keyset), i = 0;
-	     result == ISC_R_SUCCESS; result = dns_rdataset_next(keyset), i++)
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdataset_next(keyset), i++)
 	{
 		keyinfo_t *ki;
 		dns_rdata_dnskey_t dnskey;
@@ -547,13 +559,13 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 			continue;
 		}
 
-		result = dns_dnssec_keyfromrdata(name, keyrdata, mctx,
-						 &ki->dst);
+		result = dns_dnssec_keyfromrdata(name, keyrdata,
+						 mctx, &ki->dst);
 		if (result != ISC_R_SUCCESS) {
-			vbprintf(3,
-				 "dns_dnssec_keyfromrdata("
+			vbprintf(3, "dns_dnssec_keyfromrdata("
 				 "keytag=%d, algo=%d): %s\n",
-				 ki->tag, ki->algo, dns_result_totext(result));
+				 ki->tag, ki->algo,
+				 dns_result_totext(result));
 		}
 	}
 
@@ -563,7 +575,6 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 static void
 free_keytable(keyinfo_t **keytable_p) {
 	keyinfo_t *keytable = *keytable_p;
-	*keytable_p = NULL;
 	keyinfo_t *ki;
 	int i;
 
@@ -575,6 +586,7 @@ free_keytable(keyinfo_t **keytable_p) {
 	}
 
 	isc_mem_put(mctx, keytable, sizeof(keyinfo_t) * nkey);
+	*keytable_p = NULL;
 }
 
 /*
@@ -588,7 +600,8 @@ free_keytable(keyinfo_t **keytable_p) {
  */
 static dns_secalg_t *
 matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
-	      dns_rdataset_t *sigset) {
+	      dns_rdataset_t *sigset)
+{
 	isc_result_t result;
 	dns_secalg_t *algo;
 	int i;
@@ -596,7 +609,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 	algo = isc_mem_get(mctx, nkey);
 	memset(algo, 0, nkey);
 
-	for (result = dns_rdataset_first(sigset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(sigset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(sigset))
 	{
 		dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -617,27 +631,26 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 
 		for (i = 0; i < nkey; i++) {
 			keyinfo_t *ki = &keytbl[i];
-			if (sig.keyid != ki->tag || sig.algorithm != ki->algo ||
+			if (sig.keyid != ki->tag ||
+			    sig.algorithm != ki->algo ||
 			    !dns_name_equal(&sig.signer, name))
 			{
 				continue;
 			}
 			if (ki->dst == NULL) {
-				vbprintf(1,
-					 "skip RRSIG by key %d:"
+				vbprintf(1, "skip RRSIG by key %d:"
 					 " no matching (C)DS\n",
 					 sig.keyid);
 				continue;
 			}
 
 			result = dns_dnssec_verify(name, rdataset, ki->dst,
-						   false, 0, mctx, &sigrdata,
-						   NULL);
+						   false, 0, mctx,
+						   &sigrdata, NULL);
 
 			if (result != ISC_R_SUCCESS &&
 			    result != DNS_R_FROMWILDCARD) {
-				vbprintf(1,
-					 "skip RRSIG by key %d:"
+				vbprintf(1, "skip RRSIG by key %d:"
 					 " verification failed: %s\n",
 					 sig.keyid, isc_result_totext(result));
 				continue;
@@ -651,7 +664,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 			 * only after the signature has been verified
 			 */
 			if (oldestsig.timesigned == 0 ||
-			    isc_serial_lt(sig.timesigned, oldestsig.timesigned))
+			    isc_serial_lt(sig.timesigned,
+					  oldestsig.timesigned))
 			{
 				verbose_time(2, "this is the oldest so far",
 					     sig.timesigned);
@@ -691,7 +705,8 @@ signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
 	isc_result_t result;
 	bool all_ok = true;
 
-	for (result = dns_rdataset_first(dsset); result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset);
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset))
 	{
 		dns_rdata_t dsrdata = DNS_RDATA_INIT;
@@ -710,10 +725,8 @@ signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
 			}
 		}
 		if (!ds_ok) {
-			vbprintf(0,
-				 "missing signature for algorithm %d "
-				 "(key %d)\n",
-				 ds.algorithm, ds.key_tag);
+			vbprintf(0, "missing signature for algorithm %d "
+				 "(key %d)\n", ds.algorithm, ds.key_tag);
 			all_ok = false;
 		}
 	}
@@ -760,19 +773,20 @@ ds_from_cds(dns_rdatalist_t *dslist, isc_buffer_t *buf, dns_rdata_t *cds) {
 	check_result(result, "dns_rdata_tostruct(CDS)");
 	ds.common.rdtype = dns_rdatatype_ds;
 
-	result = dns_rdata_fromstruct(rdata, rdclass, dns_rdatatype_ds, &ds,
-				      buf);
+	result = dns_rdata_fromstruct(rdata, rdclass, dns_rdatatype_ds,
+				      &ds, buf);
 
 	return (rdata_put(result, dslist, rdata));
 }
 
 static isc_result_t
 ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
-		dns_rdata_t *cdnskey) {
+		 dns_rdata_t *cdnskey)
+{
 	isc_result_t result;
 	unsigned i, n;
 
-	n = sizeof(dtype) / sizeof(dtype[0]);
+	n = sizeof(dtype)/sizeof(dtype[0]);
 	for (i = 0; i < n; i++) {
 		if (dtype[i] != 0) {
 			dns_rdata_t *rdata;
@@ -801,8 +815,9 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
 }
 
 static void
-make_new_ds_set(ds_maker_func_t *ds_from_rdata, uint32_t ttl,
-		dns_rdataset_t *rdset) {
+make_new_ds_set(ds_maker_func_t *ds_from_rdata,
+		uint32_t ttl, dns_rdataset_t *rdset)
+{
 	unsigned int size = 16;
 	for (;;) {
 		isc_result_t result;
@@ -819,10 +834,12 @@ make_new_ds_set(ds_maker_func_t *ds_from_rdata, uint32_t ttl,
 		result = dns_rdatalist_tordataset(dslist, &new_ds_set);
 		check_result(result, "dns_rdatalist_tordataset(dslist)");
 
-		isc_buffer_allocate(mctx, &new_ds_buf, size);
+		result = isc_buffer_allocate(mctx, &new_ds_buf, size);
+		check_result(result, "building new DS records");
 
 		for (result = dns_rdataset_first(rdset);
-		     result == ISC_R_SUCCESS; result = dns_rdataset_next(rdset))
+		     result == ISC_R_SUCCESS;
+		     result = dns_rdataset_next(rdset))
 		{
 			isc_result_t tresult;
 			dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -876,7 +893,8 @@ consistent_digests(dns_rdataset_t *dsset) {
 
 	arrdata = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
 
-	for (result = dns_rdataset_first(dsset), i = 0; result == ISC_R_SUCCESS;
+	for (result = dns_rdataset_first(dsset), i = 0;
+	     result == ISC_R_SUCCESS;
 	     result = dns_rdataset_next(dsset), i++)
 	{
 		dns_rdata_init(&arrdata[i]);
@@ -913,10 +931,10 @@ consistent_digests(dns_rdataset_t *dsset) {
 	while (i < n) {
 		key_tag = ds[i].key_tag;
 		algorithm = ds[i].algorithm;
-		for (j = 0; j < d && i + j < n; j++) {
-			if (ds[i + j].key_tag != key_tag ||
-			    ds[i + j].algorithm != algorithm ||
-			    ds[i + j].digest_type != ds[j].digest_type)
+		for (j = 0; j < d && i+j < n; j++) {
+			if (ds[i+j].key_tag != key_tag ||
+			    ds[i+j].algorithm != algorithm ||
+			    ds[i+j].digest_type != ds[j].digest_type)
 			{
 				match = false;
 			}
@@ -953,8 +971,9 @@ print_diff(const char *cmd, dns_rdataset_t *rdataset) {
 }
 
 static void
-update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
-	    dns_rdataset_t *delset) {
+update_diff(const char *cmd, uint32_t ttl,
+	    dns_rdataset_t *addset, dns_rdataset_t *delset)
+{
 	isc_result_t result;
 	dns_db_t *db;
 	dns_dbnode_t *node;
@@ -963,8 +982,8 @@ update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
 	uint32_t save;
 
 	db = NULL;
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
 	check_result(result, "dns_db_create()");
 
 	ver = NULL;
@@ -977,11 +996,12 @@ update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
 
 	dns_rdataset_init(&diffset);
 
-	result = dns_db_addrdataset(db, node, ver, 0, addset, DNS_DBADD_MERGE,
-				    NULL);
+	result = dns_db_addrdataset(db, node, ver, 0, addset,
+				    DNS_DBADD_MERGE, NULL);
 	check_result(result, "dns_db_addrdataset()");
 
-	result = dns_db_subtractrdataset(db, node, ver, delset, 0, &diffset);
+	result = dns_db_subtractrdataset(db, node, ver, delset,
+					 0, &diffset);
 	if (result == DNS_R_UNCHANGED) {
 		save = addset->ttl;
 		addset->ttl = ttl;
@@ -1027,22 +1047,18 @@ usage(void) {
 		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n"
-			"    -a <algorithm>     digest algorithm (SHA-1 / "
-			"SHA-256 / SHA-384)\n"
-			"    -c <class>         of domain (default IN)\n"
-			"    -D                 prefer CDNSKEY records instead "
-			"of CDS\n"
-			"    -d <file|dir>      where to find parent dsset- "
-			"file\n"
-			"    -f <file>          child DNSKEY+CDNSKEY+CDS+RRSIG "
-			"records\n"
-			"    -i[extension]      update dsset- file in place\n"
-			"    -s <start-time>    oldest permitted child "
-			"signatures\n"
-			"    -u                 emit nsupdate script\n"
-			"    -T <ttl>           TTL of DS records\n"
-			"    -V                 print version\n"
-			"    -v <verbosity>\n");
+"    -a <algorithm>     digest algorithm (SHA-1 / SHA-256 / SHA-384)\n"
+"    -c <class>         of domain (default IN)\n"
+"    -D                 prefer CDNSKEY records instead of CDS\n"
+"    -d <file|dir>      where to find parent dsset- file\n"
+"    -f <file>          child DNSKEY+CDNSKEY+CDS+RRSIG records\n"
+"    -i[extension]      update dsset- file in place\n"
+"    -s <start-time>    oldest permitted child signatures\n"
+"    -u                 emit nsupdate script\n"
+"    -T <ttl>           TTL of DS records\n"
+"    -V                 print version\n"
+"    -v <verbosity>\n"
+	);
 	exit(1);
 }
 
@@ -1062,7 +1078,7 @@ main(int argc, char *argv[]) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -1091,7 +1107,8 @@ main(int argc, char *argv[]) {
 			 * so that it works just like sed(1).
 			 */
 			if (isc_commandline_argument ==
-			    argv[isc_commandline_index - 1]) {
+			    argv[isc_commandline_index - 1])
+			{
 				isc_commandline_index--;
 				inplace = "";
 			} else {
@@ -1100,7 +1117,7 @@ main(int argc, char *argv[]) {
 			break;
 		case 'm':
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE |
-					    ISC_MEM_DEBUGRECORD;
+				ISC_MEM_DEBUGRECORD;
 			break;
 		case 's':
 			startstr = isc_commandline_argument;
@@ -1183,7 +1200,8 @@ main(int argc, char *argv[]) {
 		fatal("missing RRSIG CDNSKEY records for %s", namestr);
 	}
 	if (dns_rdataset_isassociated(&cds_set) &&
-	    !dns_rdataset_isassociated(&cds_sig)) {
+	    !dns_rdataset_isassociated(&cds_sig))
+	{
 		fatal("missing RRSIG CDS records for %s", namestr);
 	}
 
@@ -1204,16 +1222,18 @@ main(int argc, char *argv[]) {
 
 	if (dns_rdataset_isassociated(&cdnskey_set)) {
 		vbprintf(1, "verify CDNSKEY signature(s)\n");
-		if (!signed_loose(matching_sigs(old_key_tbl, &cdnskey_set,
-						&cdnskey_sig))) {
+		if (!signed_loose(matching_sigs(old_key_tbl,
+						&cdnskey_set, &cdnskey_sig)))
+		{
 			fatal("could not validate child CDNSKEY RRset for %s",
 			      namestr);
 		}
 	}
 	if (dns_rdataset_isassociated(&cds_set)) {
 		vbprintf(1, "verify CDS signature(s)\n");
-		if (!signed_loose(
-			    matching_sigs(old_key_tbl, &cds_set, &cds_sig))) {
+		if (!signed_loose(matching_sigs(old_key_tbl,
+						&cds_set, &cds_sig)))
+		{
 			fatal("could not validate child CDS RRset for %s",
 			      namestr);
 		}
@@ -1230,11 +1250,12 @@ main(int argc, char *argv[]) {
 		dns_rdatatype_format(oldestsig.covered, type, sizeof(type));
 		verbose_time(1, "child signature inception time",
 			     oldestsig.timesigned);
-		vbprintf(2, "from RRSIG %s by key %d\n", type, oldestsig.keyid);
+		vbprintf(2, "from RRSIG %s by key %d\n",
+			 type, oldestsig.keyid);
 	}
 
 	/*
-	 * Successfully do nothing if there's neither CDNSKEY nor CDS
+	 * Sucessfully do nothing if there's neither CDNSKEY nor CDS
 	 * RFC 7344 section 4.1 first paragraph
 	 */
 	if (!dns_rdataset_isassociated(&cdnskey_set) &&
@@ -1267,17 +1288,16 @@ main(int argc, char *argv[]) {
 
 	if (!consistent_digests(&new_ds_set)) {
 		fatal("CDS records at %s do not cover each key "
-		      "with the same set of digest types",
-		      namestr);
+		      "with the same set of digest types", namestr);
 	}
 
 	vbprintf(1, "verify DNSKEY signature(s)\n");
-	if (!signed_strict(&new_ds_set, matching_sigs(new_key_tbl, &dnskey_set,
-						      &dnskey_sig)))
+	if (!signed_strict(&new_ds_set,
+			   matching_sigs(new_key_tbl,
+					 &dnskey_set, &dnskey_sig)))
 	{
 		fatal("could not validate child DNSKEY RRset "
-		      "with new DS records for %s",
-		      namestr);
+		      "with new DS records for %s", namestr);
 	}
 
 	free_keytable(&new_key_tbl);

bin/dnssec/dnssec-cds.docbook

@@ -41,7 +41,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -93,7 +92,7 @@
       The <command>dnssec-cds</command> command uses special DNSSEC
       validation logic specified by RFC 7344. It requires that the CDS
       and/or CDNSKEY records are validly signed by a key represented in the
-      existing DS records. This will typically be the pre-existing
+      existing DS records. This will typicially be the pre-existing
       key-signing key (KSK).
     </para>
     <para>

bin/dnssec/dnssec-cds.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2017-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -78,7 +78,7 @@
       The <span class="command"><strong>dnssec-cds</strong></span> command uses special DNSSEC
       validation logic specified by RFC 7344. It requires that the CDS
       and/or CDNSKEY records are validly signed by a key represented in the
-      existing DS records. This will typically be the pre-existing
+      existing DS records. This will typicially be the pre-existing
       key-signing key (KSK).
     </p>
     <p>

bin/dnssec/dnssec-dsfromkey.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -222,5 +222,5 @@ RFC 7344
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-dsfromkey.c

@@ -43,18 +43,18 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-dsfromkey";
 
 static dns_rdataclass_t rdclass;
-static dns_fixedname_t fixed;
-static dns_name_t *name = NULL;
-static isc_mem_t *mctx = NULL;
-static uint32_t ttl;
-static bool emitttl = false;
+static dns_fixedname_t	fixed;
+static dns_name_t	*name = NULL;
+static isc_mem_t	*mctx = NULL;
+static uint32_t	ttl;
+static bool	emitttl = false;
 
 static isc_result_t
 initname(char *setname) {
@@ -76,101 +76,88 @@ db_load_from_stream(dns_db_t *db, FILE *fp) {
 
 	dns_rdatacallbacks_init(&callbacks);
 	result = dns_db_beginload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
-	}
 
-	result = dns_master_loadstream(fp, name, name, rdclass, 0, &callbacks,
-				       mctx);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_master_loadstream(fp, name, name, rdclass, 0,
+				       &callbacks, mctx);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't load from input: %s", isc_result_totext(result));
-	}
 
 	result = dns_db_endload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_endload failed: %s", isc_result_totext(result));
-	}
 }
 
 static isc_result_t
 loadset(const char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_dbnode_t *node = NULL;
+	isc_result_t	 result;
+	dns_db_t	 *db = NULL;
+	dns_dbnode_t	 *node = NULL;
 	char setname[DNS_NAME_FORMATSIZE];
 
 	dns_name_format(name, setname, sizeof(setname));
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't create database");
-	}
 
 	if (strcmp(filename, "-") == 0) {
 		db_load_from_stream(db, stdin);
 		filename = "input";
 	} else {
 		result = dns_db_load(db, filename, dns_masterformat_text, 0);
-		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
+		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
 			fatal("can't load %s: %s", filename,
 			      isc_result_totext(result));
-		}
 	}
 
 	result = dns_db_findnode(db, name, false, &node);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
-	}
 
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
-				     rdataset, NULL);
+	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
+				     0, 0, rdataset, NULL);
 
-	if (result == ISC_R_NOTFOUND) {
+	if (result == ISC_R_NOTFOUND)
 		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		fatal("dns_db_findrdataset");
-	}
 
-	if (node != NULL) {
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 	return (result);
 }
 
 static isc_result_t
 loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	char filename[PATH_MAX + 1];
-	isc_buffer_t buf;
+	isc_result_t	 result;
+	char		 filename[PATH_MAX + 1];
+	isc_buffer_t	 buf;
 
 	dns_rdataset_init(rdataset);
 
 	isc_buffer_init(&buf, filename, sizeof(filename));
 	if (dirname != NULL) {
 		/* allow room for a trailing slash */
-		if (strlen(dirname) >= isc_buffer_availablelength(&buf)) {
+		if (strlen(dirname) >= isc_buffer_availablelength(&buf))
 			return (ISC_R_NOSPACE);
-		}
 		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/') {
+		if (dirname[strlen(dirname) - 1] != '/')
 			isc_buffer_putstr(&buf, "/");
-		}
 	}
 
-	if (isc_buffer_availablelength(&buf) < 7) {
+	if (isc_buffer_availablelength(&buf) < 7)
 		return (ISC_R_NOSPACE);
-	}
 	isc_buffer_putstr(&buf, "keyset-");
 
 	result = dns_name_tofilenametext(name, false, &buf);
 	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0) {
+	if (isc_buffer_availablelength(&buf) == 0)
 		return (ISC_R_NOSPACE);
-	}
 	isc_buffer_putuint8(&buf, 0);
 
 	return (loadset(filename, rdataset));
@@ -178,22 +165,22 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
 
 static void
 loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata) {
-	isc_result_t result;
-	dst_key_t *key = NULL;
-	isc_buffer_t keyb;
-	isc_region_t r;
+	dns_rdata_t *rdata)
+{
+	isc_result_t  result;
+	dst_key_t     *key = NULL;
+	isc_buffer_t  keyb;
+	isc_region_t  r;
 
 	dns_rdata_init(rdata);
 
 	isc_buffer_init(&keyb, key_buf, key_buf_size);
 
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC, mctx,
-				       &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("can't load %s.key: %s", filename,
-		      isc_result_totext(result));
-	}
+	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
+				       mctx, &key);
+	if (result != ISC_R_SUCCESS)
+		fatal("can't load %s.key: %s",
+		      filename, isc_result_totext(result));
 
 	if (verbose > 2) {
 		char keystr[DST_KEY_FORMATSIZE];
@@ -203,13 +190,12 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 	}
 
 	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't decode key");
-	}
 
 	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key), dns_rdatatype_dnskey,
-			     &r);
+	dns_rdata_fromregion(rdata, dst_key_class(key),
+			     dns_rdatatype_dnskey, &r);
 
 	rdclass = dst_key_class(key);
 
@@ -222,16 +208,15 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 static void
 logkey(dns_rdata_t *rdata) {
 	isc_result_t result;
-	dst_key_t *key = NULL;
+	dst_key_t    *key = NULL;
 	isc_buffer_t buf;
-	char keystr[DST_KEY_FORMATSIZE];
+	char	     keystr[DST_KEY_FORMATSIZE];
 
 	isc_buffer_init(&buf, rdata->data, rdata->length);
 	isc_buffer_add(&buf, rdata->length);
 	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return;
-	}
 
 	dst_key_format(key, keystr, sizeof(keystr));
 	fprintf(stderr, "%s: %s\n", program, keystr);
@@ -258,42 +243,35 @@ emit(dns_dsdigest_t dt, bool showall, bool cds, dns_rdata_t *rdata) {
 	dns_rdata_init(&ds);
 
 	result = dns_rdata_tostruct(rdata, &dnskey, NULL);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't convert DNSKEY");
-	}
 
-	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall) {
+	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall)
 		return;
-	}
 
 	result = dns_ds_buildrdata(name, rdata, dt, buf, &ds);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't build record");
-	}
 
 	result = dns_name_totext(name, false, &nameb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print name");
-	}
 
-	result = dns_rdata_tofmttext(&ds, (dns_name_t *)NULL, 0, 0, 0, "",
+	result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
 				     &textb);
 
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print rdata");
-	}
 
 	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't print class");
-	}
 
 	isc_buffer_usedregion(&nameb, &r);
 	printf("%.*s ", (int)r.length, r.base);
 
-	if (emitttl) {
+	if (emitttl)
 		printf("%u ", ttl);
-	}
 
 	isc_buffer_usedregion(&classb, &r);
 	printf("%.*s", (int)r.length, r.base);
@@ -312,7 +290,7 @@ static void
 emits(bool showall, bool cds, dns_rdata_t *rdata) {
 	unsigned i, n;
 
-	n = sizeof(dtype) / sizeof(dtype[0]);
+	n = sizeof(dtype)/sizeof(dtype[0]);
 	for (i = 0; i < n; i++) {
 		if (dtype[i] != 0) {
 			emit(dtype[i], showall, cds, rdata);
@@ -326,46 +304,43 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s [options] keyfile\n\n", program);
+	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "    %s [options] -f zonefile [zonename]\n\n", program);
 	fprintf(stderr, "    %s [options] -s dnsname\n\n", program);
 	fprintf(stderr, "    %s [-h|-V]\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n"
-			"    -1: digest algorithm SHA-1\n"
-			"    -2: digest algorithm SHA-256\n"
-			"    -a algorithm: digest algorithm (SHA-1, SHA-256 or "
-			"SHA-384)\n"
-			"    -A: include all keys in DS set, not just KSKs (-f "
-			"only)\n"
-			"    -c class: rdata class for DS set (default IN) (-f "
-			"or -s only)\n"
-			"    -C: print CDS records\n"
-			"    -f zonefile: read keys from a zone file\n"
-			"    -h: print help information\n"
-			"    -K directory: where to find key or keyset files\n"
-			"    -s: read keys from keyset-<dnsname> file\n"
-			"    -T: TTL of output records (omitted by default)\n"
-			"    -v level: verbosity\n"
-			"    -V: print version information\n");
+"    -1: digest algorithm SHA-1\n"
+"    -2: digest algorithm SHA-256\n"
+"    -a algorithm: digest algorithm (SHA-1, SHA-256 or SHA-384)\n"
+"    -A: include all keys in DS set, not just KSKs (-f only)\n"
+"    -c class: rdata class for DS set (default IN) (-f or -s only)\n"
+"    -C: print CDS records\n"
+"    -f zonefile: read keys from a zone file\n"
+"    -h: print help information\n"
+"    -K directory: where to find key or keyset files\n"
+"    -s: read keys from keyset-<dnsname> file\n"
+"    -T: TTL of output records (omitted by default)\n"
+"    -v level: verbosity\n"
+"    -V: print version information\n");
 	fprintf(stderr, "Output: DS or CDS RRs\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *classname = NULL;
-	char *filename = NULL, *dir = NULL, *namestr;
-	char *endp, *arg1;
-	int ch;
-	bool cds = false;
-	bool usekeyset = false;
-	bool showall = false;
-	isc_result_t result;
-	isc_log_t *log = NULL;
-	dns_rdataset_t rdataset;
-	dns_rdata_t rdata;
+	char		*classname = NULL;
+	char		*filename = NULL, *dir = NULL, *namestr;
+	char		*endp, *arg1;
+	int		ch;
+	bool		cds = false;
+	bool		usekeyset = false;
+	bool		showall = false;
+	isc_result_t	result;
+	isc_log_t	*log = NULL;
+	dns_rdataset_t	rdataset;
+	dns_rdata_t	rdata;
 
 	dns_rdata_init(&rdata);
 
@@ -377,7 +352,7 @@ main(int argc, char **argv) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -404,16 +379,13 @@ main(int argc, char **argv) {
 			classname = isc_commandline_argument;
 			break;
 		case 'd':
-			fprintf(stderr,
-				"%s: the -d option is deprecated; "
-				"use -K\n",
-				program);
-		/* fall through */
+			fprintf(stderr, "%s: the -d option is deprecated; "
+					"use -K\n", program);
+			/* fall through */
 		case 'K':
 			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U) {
+			if (strlen(dir) == 0U)
 				fatal("directory must be non-empty string");
-			}
 			break;
 		case 'f':
 			filename = isc_commandline_argument;
@@ -430,19 +402,17 @@ main(int argc, char **argv) {
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case 'F':
-		/* Reserved for FIPS mode */
-		/* FALLTHROUGH */
+			/* Reserved for FIPS mode */
+			/* FALLTHROUGH */
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -452,8 +422,8 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -42,7 +42,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-dsfromkey.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-importkey.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -134,5 +134,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-importkey.c

@@ -42,23 +42,23 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-importkey";
 
 static dns_rdataclass_t rdclass;
-static dns_fixedname_t fixed;
-static dns_name_t *name = NULL;
-static isc_mem_t *mctx = NULL;
-static bool setpub = false, setdel = false;
-static bool setttl = false;
-static isc_stdtime_t pub = 0, del = 0;
-static dns_ttl_t ttl = 0;
-static isc_stdtime_t syncadd = 0, syncdel = 0;
-static bool setsyncadd = false;
-static bool setsyncdel = false;
+static dns_fixedname_t	fixed;
+static dns_name_t	*name = NULL;
+static isc_mem_t	*mctx = NULL;
+static bool	setpub = false, setdel = false;
+static bool	setttl = false;
+static isc_stdtime_t	pub = 0, del = 0;
+static dns_ttl_t	ttl = 0;
+static isc_stdtime_t	syncadd = 0, syncdel = 0;
+static bool	setsyncadd = false;
+static bool	setsyncdel = false;
 
 static isc_result_t
 initname(char *setname) {
@@ -80,36 +80,32 @@ db_load_from_stream(dns_db_t *db, FILE *fp) {
 
 	dns_rdatacallbacks_init(&callbacks);
 	result = dns_db_beginload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
-	}
 
-	result = dns_master_loadstream(fp, name, name, rdclass, 0, &callbacks,
-				       mctx);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_master_loadstream(fp, name, name, rdclass, 0,
+				       &callbacks, mctx);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't load from input: %s", isc_result_totext(result));
-	}
 
 	result = dns_db_endload(db, &callbacks);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("dns_db_endload failed: %s", isc_result_totext(result));
-	}
 }
 
 static isc_result_t
 loadset(const char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_dbnode_t *node = NULL;
+	isc_result_t	 result;
+	dns_db_t	 *db = NULL;
+	dns_dbnode_t	 *node = NULL;
 	char setname[DNS_NAME_FORMATSIZE];
 
 	dns_name_format(name, setname, sizeof(setname));
 
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
-			       NULL, &db);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
 		fatal("can't create database");
-	}
 
 	if (strcmp(filename, "-") == 0) {
 		db_load_from_stream(db, stdin);
@@ -117,53 +113,48 @@ loadset(const char *filename, dns_rdataset_t *rdataset) {
 	} else {
 		result = dns_db_load(db, filename, dns_masterformat_text,
 				     DNS_MASTER_NOTTL);
-		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
+		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
 			fatal("can't load %s: %s", filename,
 			      isc_result_totext(result));
-		}
 	}
 
 	result = dns_db_findnode(db, name, false, &node);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't find %s node in %s", setname, filename);
-	}
 
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
-				     rdataset, NULL);
+	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
+				     0, 0, rdataset, NULL);
 
-	if (result == ISC_R_NOTFOUND) {
+	if (result == ISC_R_NOTFOUND)
 		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		fatal("dns_db_findrdataset");
-	}
 
-	if (node != NULL) {
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 	return (result);
 }
 
 static void
 loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata) {
-	isc_result_t result;
-	dst_key_t *key = NULL;
-	isc_buffer_t keyb;
-	isc_region_t r;
+	dns_rdata_t *rdata)
+{
+	isc_result_t  result;
+	dst_key_t     *key = NULL;
+	isc_buffer_t  keyb;
+	isc_region_t  r;
 
 	dns_rdata_init(rdata);
 
 	isc_buffer_init(&keyb, key_buf, key_buf_size);
 
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC, mctx,
-				       &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("invalid keyfile name %s: %s", filename,
-		      isc_result_totext(result));
-	}
+	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
+				       mctx, &key);
+	if (result != ISC_R_SUCCESS)
+		fatal("invalid keyfile name %s: %s",
+		      filename, isc_result_totext(result));
 
 	if (verbose > 2) {
 		char keystr[DST_KEY_FORMATSIZE];
@@ -173,13 +164,12 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
 	}
 
 	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("can't decode key");
-	}
 
 	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key), dns_rdatatype_dnskey,
-			     &r);
+	dns_rdata_fromregion(rdata, dst_key_class(key),
+			     dns_rdatatype_dnskey, &r);
 
 	rdclass = dst_key_class(key);
 
@@ -218,35 +208,31 @@ emit(const char *dir, dns_rdata_t *rdata) {
 		      isc_result_totext(result));
 	}
 
-	result = dst_key_fromfile(
-		dst_key_name(key), dst_key_id(key), dst_key_alg(key),
-		DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, dir, mctx, &tmp);
+	result = dst_key_fromfile(dst_key_name(key), dst_key_id(key),
+				  dst_key_alg(key),
+				  DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+				  dir, mctx, &tmp);
 	if (result == ISC_R_SUCCESS) {
-		if (dst_key_isprivate(tmp) && !dst_key_isexternal(tmp)) {
+		if (dst_key_isprivate(tmp) && !dst_key_isexternal(tmp))
 			fatal("Private key already exists in %s", priname);
-		}
 		dst_key_free(&tmp);
 	}
 
 	dst_key_setexternal(key, true);
-	if (setpub) {
+	if (setpub)
 		dst_key_settime(key, DST_TIME_PUBLISH, pub);
-	}
-	if (setdel) {
+	if (setdel)
 		dst_key_settime(key, DST_TIME_DELETE, del);
-	}
-	if (setsyncadd) {
+	if (setsyncadd)
 		dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-	}
-	if (setsyncdel) {
+	if (setsyncdel)
 		dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-	}
 
-	if (setttl) {
+	if (setttl)
 		dst_key_setttl(key, ttl);
-	}
 
-	result = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, dir);
+	result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				dir);
 	if (result != ISC_R_SUCCESS) {
 		dst_key_format(key, keystr, sizeof(keystr));
 		fatal("Failed to write key %s: %s", keystr,
@@ -270,54 +256,53 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s options [-K dir] keyfile\n\n", program);
+	fprintf(stderr,	"    %s options [-K dir] keyfile\n\n", program);
 	fprintf(stderr, "    %s options -f file [keyname]\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "    -f file: read key from zone file\n");
 	fprintf(stderr, "    -K <directory>: directory in which to store "
-			"the key files\n");
+				"the key files\n");
 	fprintf(stderr, "    -L ttl:             set default key TTL\n");
 	fprintf(stderr, "    -v <verbose level>\n");
 	fprintf(stderr, "    -V: print version information\n");
 	fprintf(stderr, "    -h: print usage and exit\n");
 	fprintf(stderr, "Timing options:\n");
 	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
-			"publication date\n");
+						     "publication date\n");
 	fprintf(stderr, "    -P sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY publication date\n");
+				"CDS and CDNSKEY publication date\n");
 	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
-			"deletion date\n");
+						     "deletion date\n");
 	fprintf(stderr, "    -D sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY deletion date\n");
+				"CDS and CDNSKEY deletion date\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *classname = NULL;
-	char *filename = NULL, *dir = NULL, *namestr;
-	char *endp;
-	int ch;
-	isc_result_t result;
-	isc_log_t *log = NULL;
-	dns_rdataset_t rdataset;
-	dns_rdata_t rdata;
-	isc_stdtime_t now;
+	char		*classname = NULL;
+	char		*filename = NULL, *dir = NULL, *namestr;
+	char		*endp;
+	int		ch;
+	isc_result_t	result;
+	isc_log_t	*log = NULL;
+	dns_rdataset_t	rdataset;
+	dns_rdata_t	rdata;
+	isc_stdtime_t   now;
 
 	dns_rdata_init(&rdata);
 	isc_stdtime_get(&now);
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
 	isc_mem_create(&mctx);
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -328,29 +313,26 @@ main(int argc, char **argv) {
 		case 'D':
 			/* -Dsync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (setsyncdel) {
+				if (setsyncdel)
 					fatal("-D sync specified more than "
 					      "once");
-				}
 
 				syncdel = strtotime(isc_commandline_argument,
-						    now, now, &setsyncdel);
+						   now, now, &setsyncdel);
 				break;
 			}
 			/* -Ddnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setdel) {
+			if (setdel)
 				fatal("-D specified more than once");
-			}
 
-			del = strtotime(isc_commandline_argument, now, now,
-					&setdel);
+			del = strtotime(isc_commandline_argument,
+					now, now, &setdel);
 			break;
 		case 'K':
 			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U) {
+			if (strlen(dir) == 0U)
 				fatal("directory must be non-empty string");
-			}
 			break;
 		case 'L':
 			ttl = strtottl(isc_commandline_argument);
@@ -359,39 +341,35 @@ main(int argc, char **argv) {
 		case 'P':
 			/* -Psync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (setsyncadd) {
+				if (setsyncadd)
 					fatal("-P sync specified more than "
 					      "once");
-				}
 
 				syncadd = strtotime(isc_commandline_argument,
-						    now, now, &setsyncadd);
+						   now, now, &setsyncadd);
 				break;
 			}
 			/* -Pdnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setpub) {
+			if (setpub)
 				fatal("-P specified more than once");
-			}
 
-			pub = strtotime(isc_commandline_argument, now, now,
-					&setpub);
+			pub = strtotime(isc_commandline_argument,
+					now, now, &setpub);
 			break;
 		case 'f':
 			filename = isc_commandline_argument;
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -401,26 +379,23 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	rdclass = strtoclass(classname);
 
-	if (argc < isc_commandline_index + 1 && filename == NULL) {
+	if (argc < isc_commandline_index + 1 && filename == NULL)
 		fatal("the key file name was not specified");
-	}
-	if (argc > isc_commandline_index + 1) {
+	if (argc > isc_commandline_index + 1)
 		fatal("extraneous arguments");
-	}
 
 	result = dst_lib_init(mctx, NULL);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst: %s",
 		      isc_result_totext(result));
-	}
 
 	setup_logging(mctx, &log);
 
@@ -430,26 +405,23 @@ main(int argc, char **argv) {
 		if (argc < isc_commandline_index + 1) {
 			/* using filename as zone name */
 			namestr = filename;
-		} else {
+		} else
 			namestr = argv[isc_commandline_index];
-		}
 
 		result = initname(namestr);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not initialize name %s", namestr);
-		}
 
 		result = loadset(filename, &rdataset);
 
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("could not load DNSKEY set: %s\n",
 			      isc_result_totext(result));
-		}
 
 		for (result = dns_rdataset_first(&rdataset);
 		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&rdataset))
-		{
+		     result = dns_rdataset_next(&rdataset)) {
+
 			dns_rdata_init(&rdata);
 			dns_rdataset_current(&rdataset, &rdata);
 			emit(dir, &rdata);
@@ -457,27 +429,24 @@ main(int argc, char **argv) {
 	} else {
 		unsigned char key_buf[DST_KEY_MAXSIZE];
 
-		loadkey(argv[isc_commandline_index], key_buf, DST_KEY_MAXSIZE,
-			&rdata);
+		loadkey(argv[isc_commandline_index], key_buf,
+			DST_KEY_MAXSIZE, &rdata);
 
 		emit(dir, &rdata);
 	}
 
-	if (dns_rdataset_isassociated(&rdataset)) {
+	if (dns_rdataset_isassociated(&rdataset))
 		dns_rdataset_disassociate(&rdataset);
-	}
 	cleanup_logging(&log);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
 	isc_mem_destroy(&mctx);
 
 	fflush(stdout);
 	if (ferror(stdout)) {
 		fprintf(stderr, "write error\n");
 		return (1);
-	} else {
+	} else
 		return (0);
-	}
 }

bin/dnssec/dnssec-importkey.docbook

@@ -39,7 +39,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-importkey.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -92,7 +92,7 @@ Specifies the label for a key pair in the crypto hardware\&.
 .sp
 When
 BIND
-9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&.
+9 is built with OpenSSL\-based PKCS#11 support, the label is an arbitrary string that identifies a particular key\&. It may be preceded by an optional OpenSSL engine name, followed by a colon, as in "pkcs11:\fIkeylabel\fR"\&.
 .sp
 When
 BIND
@@ -307,5 +307,5 @@ The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-keyfromlabel.c

@@ -19,8 +19,8 @@
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/mem.h>
-#include <isc/print.h>
 #include <isc/region.h>
+#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -39,7 +39,7 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
@@ -53,7 +53,8 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -l label [options] name\n\n", program);
+	fprintf(stderr, "    %s -l label [options] name\n\n",
+		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Required options:\n");
 	fprintf(stderr, "    -l label: label of the key pair\n");
@@ -68,25 +69,22 @@ usage(void) {
 	fprintf(stderr, "    -c class (default: IN)\n");
 	fprintf(stderr, "    -E <engine>:\n");
 #if USE_PKCS11
-	fprintf(stderr,
-		"        path to PKCS#11 provider library "
-		"(default is %s)\n",
-		PK11_LIB_LOCATION);
-#else  /* if USE_PKCS11 */
+	fprintf(stderr, "        path to PKCS#11 provider library "
+				"(default is %s)\n", PK11_LIB_LOCATION);
+#else
 	fprintf(stderr, "        name of an OpenSSL engine to use\n");
-#endif /* if USE_PKCS11 */
+#endif
 	fprintf(stderr, "    -f keyflag: KSK | REVOKE\n");
 	fprintf(stderr, "    -K directory: directory in which to place "
 			"key files\n");
 	fprintf(stderr, "    -k: generate a TYPE=KEY key\n");
 	fprintf(stderr, "    -L ttl: default key TTL\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | "
-			"OTHER\n");
+	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
 	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
 	fprintf(stderr, "    -p protocol: default: 3 [dnssec]\n");
 	fprintf(stderr, "    -t type: "
-			"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-			"(default: AUTHCONF)\n");
+		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+		"(default: AUTHCONF)\n");
 	fprintf(stderr, "    -y: permit keys that might collide\n");
 	fprintf(stderr, "    -v verbose level\n");
 	fprintf(stderr, "    -V: print version information\n");
@@ -104,73 +102,72 @@ usage(void) {
 	fprintf(stderr, "    -C: generate a backward-compatible key, omitting"
 			" all dates\n");
 	fprintf(stderr, "    -S <key>: generate a successor to an existing "
-			"key\n");
+				      "key\n");
 	fprintf(stderr, "    -i <interval>: prepublication interval for "
-			"successor key "
-			"(default: 30 days)\n");
+					   "successor key "
+					   "(default: 30 days)\n");
 	fprintf(stderr, "Output:\n");
 	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
 			"K<name>+<alg>+<id>.private\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char *algname = NULL, *freeit = NULL;
-	char *nametype = NULL, *type = NULL;
-	const char *directory = NULL;
-	const char *predecessor = NULL;
-	dst_key_t *prevkey = NULL;
-	const char *engine = NULL;
-	char *classname = NULL;
-	char *endp;
-	dst_key_t *key = NULL;
-	dns_fixedname_t fname;
-	dns_name_t *name;
-	uint16_t flags = 0, kskflag = 0, revflag = 0;
-	dns_secalg_t alg;
-	bool oldstyle = false;
-	isc_mem_t *mctx = NULL;
-	int ch;
-	int protocol = -1, signatory = 0;
-	isc_result_t ret;
+	char		*algname = NULL, *freeit = NULL;
+	char		*nametype = NULL, *type = NULL;
+	const char	*directory = NULL;
+	const char	*predecessor = NULL;
+	dst_key_t	*prevkey = NULL;
+	const char	*engine = NULL;
+	char		*classname = NULL;
+	char		*endp;
+	dst_key_t	*key = NULL;
+	dns_fixedname_t	fname;
+	dns_name_t	*name;
+	uint16_t	flags = 0, kskflag = 0, revflag = 0;
+	dns_secalg_t	alg;
+	bool	oldstyle = false;
+	isc_mem_t	*mctx = NULL;
+	int		ch;
+	int		protocol = -1, signatory = 0;
+	isc_result_t	ret;
 	isc_textregion_t r;
-	char filename[255];
-	isc_buffer_t buf;
-	isc_log_t *log = NULL;
+	char		filename[255];
+	isc_buffer_t	buf;
+	isc_log_t	*log = NULL;
 	dns_rdataclass_t rdclass;
-	int options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char *label = NULL;
-	dns_ttl_t ttl = 0;
-	isc_stdtime_t publish = 0, activate = 0, revoke = 0;
-	isc_stdtime_t inactive = 0, deltime = 0;
-	isc_stdtime_t now;
-	int prepub = -1;
-	bool setpub = false, setact = false;
-	bool setrev = false, setinact = false;
-	bool setdel = false, setttl = false;
-	bool unsetpub = false, unsetact = false;
-	bool unsetrev = false, unsetinact = false;
-	bool unsetdel = false;
-	bool genonly = false;
-	bool use_nsec3 = false;
-	bool avoid_collisions = true;
-	bool exact;
-	unsigned char c;
-	isc_stdtime_t syncadd = 0, syncdel = 0;
-	bool unsetsyncadd = false, setsyncadd = false;
-	bool unsetsyncdel = false, setsyncdel = false;
+	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+	char		*label = NULL;
+	dns_ttl_t	ttl = 0;
+	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
+	isc_stdtime_t	inactive = 0, deltime = 0;
+	isc_stdtime_t	now;
+	int		prepub = -1;
+	bool	setpub = false, setact = false;
+	bool	setrev = false, setinact = false;
+	bool	setdel = false, setttl = false;
+	bool	unsetpub = false, unsetact = false;
+	bool	unsetrev = false, unsetinact = false;
+	bool	unsetdel = false;
+	bool	genonly = false;
+	bool	use_nsec3 = false;
+	bool   avoid_collisions = true;
+	bool	exact;
+	unsigned char	c;
+	isc_stdtime_t	syncadd = 0, syncdel = 0;
+	bool	unsetsyncadd = false, setsyncadd = false;
+	bool	unsetsyncdel = false, setsyncdel = false;
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
 	isc_mem_create(&mctx);
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -179,7 +176,7 @@ main(int argc, char **argv) {
 
 #define CMDLINE_FLAGS "3A:a:Cc:D:E:Ff:GhI:i:kK:L:l:n:P:p:R:S:t:v:Vy"
 	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-		switch (ch) {
+	    switch (ch) {
 		case '3':
 			use_nsec3 = true;
 			break;
@@ -197,22 +194,20 @@ main(int argc, char **argv) {
 			break;
 		case 'f':
 			c = (unsigned char)(isc_commandline_argument[0]);
-			if (toupper(c) == 'K') {
+			if (toupper(c) == 'K')
 				kskflag = DNS_KEYFLAG_KSK;
-			} else if (toupper(c) == 'R') {
+			else if (toupper(c) == 'R')
 				revflag = DNS_KEYFLAG_REVOKE;
-			} else {
+			else
 				fatal("unknown flag '%s'",
 				      isc_commandline_argument);
-			}
 			break;
 		case 'K':
 			directory = isc_commandline_argument;
 			ret = try_dir(directory);
-			if (ret != ISC_R_SUCCESS) {
-				fatal("cannot open directory %s: %s", directory,
-				      isc_result_totext(ret));
-			}
+			if (ret != ISC_R_SUCCESS)
+				fatal("cannot open directory %s: %s",
+				      directory, isc_result_totext(ret));
 			break;
 		case 'k':
 			options |= DST_TYPE_KEY;
@@ -229,19 +224,17 @@ main(int argc, char **argv) {
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255) {
+			if (*endp != '\0' || protocol < 0 || protocol > 255)
 				fatal("-p must be followed by a number "
 				      "[0..255]");
-			}
 			break;
 		case 't':
 			type = isc_commandline_argument;
 			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case 'y':
 			avoid_collisions = false;
@@ -252,74 +245,67 @@ main(int argc, char **argv) {
 		case 'P':
 			/* -Psync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncadd || setsyncadd) {
+				if (unsetsyncadd || setsyncadd)
 					fatal("-P sync specified more than "
 					      "once");
-				}
 
 				syncadd = strtotime(isc_commandline_argument,
-						    now, now, &setsyncadd);
+						   now, now, &setsyncadd);
 				unsetsyncadd = !setsyncadd;
 				break;
 			}
 			/* -Pdnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setpub || unsetpub) {
+			if (setpub || unsetpub)
 				fatal("-P specified more than once");
-			}
 
-			publish = strtotime(isc_commandline_argument, now, now,
-					    &setpub);
+			publish = strtotime(isc_commandline_argument,
+					    now, now, &setpub);
 			unsetpub = !setpub;
 			break;
 		case 'A':
-			if (setact || unsetact) {
+			if (setact || unsetact)
 				fatal("-A specified more than once");
-			}
 
-			activate = strtotime(isc_commandline_argument, now, now,
-					     &setact);
+			activate = strtotime(isc_commandline_argument,
+					     now, now, &setact);
 			unsetact = !setact;
 			break;
 		case 'R':
-			if (setrev || unsetrev) {
+			if (setrev || unsetrev)
 				fatal("-R specified more than once");
-			}
 
-			revoke = strtotime(isc_commandline_argument, now, now,
-					   &setrev);
+			revoke = strtotime(isc_commandline_argument,
+					   now, now, &setrev);
 			unsetrev = !setrev;
 			break;
 		case 'I':
-			if (setinact || unsetinact) {
+			if (setinact || unsetinact)
 				fatal("-I specified more than once");
-			}
 
-			inactive = strtotime(isc_commandline_argument, now, now,
-					     &setinact);
+			inactive = strtotime(isc_commandline_argument,
+					     now, now, &setinact);
 			unsetinact = !setinact;
 			break;
 		case 'D':
 			/* -Dsync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncdel || setsyncdel) {
+				if (unsetsyncdel || setsyncdel)
 					fatal("-D sync specified more than "
 					      "once");
-				}
 
 				syncdel = strtotime(isc_commandline_argument,
-						    now, now, &setsyncdel);
+						   now, now, &setsyncdel);
 				unsetsyncdel = !setsyncdel;
 				break;
 			}
 			/* -Ddnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setdel || unsetdel) {
+			if (setdel || unsetdel)
 				fatal("-D specified more than once");
-			}
 
-			deltime = strtotime(isc_commandline_argument, now, now,
-					    &setdel);
+			deltime = strtotime(isc_commandline_argument,
+					    now, now, &setdel);
 			unsetdel = !setdel;
 			break;
 		case 'S':
@@ -329,14 +315,13 @@ main(int argc, char **argv) {
 			prepub = strtottl(isc_commandline_argument);
 			break;
 		case 'F':
-		/* Reserved for FIPS mode */
-		/* FALLTHROUGH */
+			/* Reserved for FIPS mode */
+			/* FALLTHROUGH */
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
@@ -346,40 +331,36 @@ main(int argc, char **argv) {
 			version(program);
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	ret = dst_lib_init(mctx, engine);
-	if (ret != ISC_R_SUCCESS) {
-		fatal("could not initialize dst: %s", isc_result_totext(ret));
-	}
+	if (ret != ISC_R_SUCCESS)
+		fatal("could not initialize dst: %s",
+		      isc_result_totext(ret));
 
 	setup_logging(mctx, &log);
 
 	if (predecessor == NULL) {
-		if (label == NULL) {
+		if (label == NULL)
 			fatal("the key label was not specified");
-		}
-		if (argc < isc_commandline_index + 1) {
+		if (argc < isc_commandline_index + 1)
 			fatal("the key name was not specified");
-		}
-		if (argc > isc_commandline_index + 1) {
+		if (argc > isc_commandline_index + 1)
 			fatal("extraneous arguments");
-		}
 
 		name = dns_fixedname_initname(&fname);
 		isc_buffer_init(&buf, argv[isc_commandline_index],
 				strlen(argv[isc_commandline_index]));
 		isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
 		ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("invalid key name %s: %s",
 			      argv[isc_commandline_index],
 			      isc_result_totext(ret));
-		}
 
 		if (strchr(label, ':') == NULL) {
 			char *l;
@@ -421,32 +402,29 @@ main(int argc, char **argv) {
 				break;
 			default:
 				fatal("%s is incompatible with NSEC3; "
-				      "do not use the -3 option",
-				      algname);
+				      "do not use the -3 option", algname);
 			}
 		}
 
 		if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-			if (strcasecmp(type, "NOAUTH") == 0) {
+			if (strcasecmp(type, "NOAUTH") == 0)
 				flags |= DNS_KEYTYPE_NOAUTH;
-			} else if (strcasecmp(type, "NOCONF") == 0) {
+			else if (strcasecmp(type, "NOCONF") == 0)
 				flags |= DNS_KEYTYPE_NOCONF;
-			} else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+			else if (strcasecmp(type, "NOAUTHCONF") == 0)
 				flags |= (DNS_KEYTYPE_NOAUTH |
 					  DNS_KEYTYPE_NOCONF);
-			} else if (strcasecmp(type, "AUTHCONF") == 0) {
-				/* nothing */
-			} else {
+			else if (strcasecmp(type, "AUTHCONF") == 0)
+				/* nothing */;
+			else
 				fatal("invalid type %s", type);
-			}
 		}
 
 		if (!oldstyle && prepub > 0) {
-			if (setpub && setact && (activate - prepub) < publish) {
+			if (setpub && setact && (activate - prepub) < publish)
 				fatal("Activation and publication dates "
 				      "are closer together than the\n\t"
 				      "prepublication interval.");
-			}
 
 			if (!setpub && !setact) {
 				setpub = setact = true;
@@ -460,55 +438,43 @@ main(int argc, char **argv) {
 				publish = activate - prepub;
 			}
 
-			if ((activate - prepub) < now) {
+			if ((activate - prepub) < now)
 				fatal("Time until activation is shorter "
 				      "than the\n\tprepublication interval.");
-			}
 		}
 	} else {
 		char keystr[DST_KEY_FORMATSIZE];
 		isc_stdtime_t when;
 		int major, minor;
 
-		if (prepub == -1) {
+		if (prepub == -1)
 			prepub = (30 * 86400);
-		}
 
-		if (algname != NULL) {
+		if (algname != NULL)
 			fatal("-S and -a cannot be used together");
-		}
-		if (nametype != NULL) {
+		if (nametype != NULL)
 			fatal("-S and -n cannot be used together");
-		}
-		if (type != NULL) {
+		if (type != NULL)
 			fatal("-S and -t cannot be used together");
-		}
-		if (setpub || unsetpub) {
+		if (setpub || unsetpub)
 			fatal("-S and -P cannot be used together");
-		}
-		if (setact || unsetact) {
+		if (setact || unsetact)
 			fatal("-S and -A cannot be used together");
-		}
-		if (use_nsec3) {
+		if (use_nsec3)
 			fatal("-S and -3 cannot be used together");
-		}
-		if (oldstyle) {
+		if (oldstyle)
 			fatal("-S and -C cannot be used together");
-		}
-		if (genonly) {
+		if (genonly)
 			fatal("-S and -G cannot be used together");
-		}
 
 		ret = dst_key_fromnamedfile(predecessor, directory,
 					    DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
 					    mctx, &prevkey);
-		if (ret != ISC_R_SUCCESS) {
-			fatal("Invalid keyfile %s: %s", predecessor,
-			      isc_result_totext(ret));
-		}
-		if (!dst_key_isprivate(prevkey)) {
+		if (ret != ISC_R_SUCCESS)
+			fatal("Invalid keyfile %s: %s",
+			      predecessor, isc_result_totext(ret));
+		if (!dst_key_isprivate(prevkey))
 			fatal("%s is not a private key", predecessor);
-		}
 
 		name = dst_key_name(prevkey);
 		alg = dst_key_alg(prevkey);
@@ -516,106 +482,88 @@ main(int argc, char **argv) {
 
 		dst_key_format(prevkey, keystr, sizeof(keystr));
 		dst_key_getprivateformat(prevkey, &major, &minor);
-		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION) {
+		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
 			fatal("Key %s has incompatible format version %d.%d\n\t"
 			      "It is not possible to generate a successor key.",
 			      keystr, major, minor);
-		}
 
 		ret = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("Key %s has no activation date.\n\t"
 			      "You must use dnssec-settime -A to set one "
-			      "before generating a successor.",
-			      keystr);
-		}
+			      "before generating a successor.", keystr);
 
 		ret = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &activate);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("Key %s has no inactivation date.\n\t"
 			      "You must use dnssec-settime -I to set one "
-			      "before generating a successor.",
-			      keystr);
-		}
+			      "before generating a successor.", keystr);
 
 		publish = activate - prepub;
-		if (publish < now) {
+		if (publish < now)
 			fatal("Key %s becomes inactive\n\t"
 			      "sooner than the prepublication period "
 			      "for the new key ends.\n\t"
 			      "Either change the inactivation date with "
 			      "dnssec-settime -I,\n\t"
 			      "or use the -i option to set a shorter "
-			      "prepublication interval.",
-			      keystr);
-		}
+			      "prepublication interval.", keystr);
 
 		ret = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
-		if (ret != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"%s: WARNING: Key %s has no removal "
-				"date;\n\t it will remain in the zone "
-				"indefinitely after rollover.\n\t "
-				"You can use dnssec-settime -D to "
-				"change this.\n",
-				program, keystr);
-		}
+		if (ret != ISC_R_SUCCESS)
+			fprintf(stderr, "%s: WARNING: Key %s has no removal "
+					"date;\n\t it will remain in the zone "
+					"indefinitely after rollover.\n\t "
+					"You can use dnssec-settime -D to "
+					"change this.\n", program, keystr);
 
 		setpub = setact = true;
 	}
 
 	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+		if ((options & DST_TYPE_KEY) != 0) /* KEY */
 			fatal("no nametype specified");
-		}
-		flags |= DNS_KEYOWNER_ZONE; /* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0) {
+		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
+	} else if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	} else if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
 		if (strcasecmp(nametype, "host") == 0 ||
-		    strcasecmp(nametype, "entity") == 0) {
+			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
-		} else if (strcasecmp(nametype, "user") == 0) {
+		else if (strcasecmp(nametype, "user") == 0)
 			flags |= DNS_KEYOWNER_USER;
-		} else {
+		else
 			fatal("invalid KEY nametype %s", nametype);
-		}
-	} else if (strcasecmp(nametype, "other") != 0) { /* DNSKEY */
+	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
 		fatal("invalid DNSKEY nametype %s", nametype);
-	}
 
 	rdclass = strtoclass(classname);
 
-	if (directory == NULL) {
+	if (directory == NULL)
 		directory = ".";
-	}
 
-	if ((options & DST_TYPE_KEY) != 0) { /* KEY */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
 		flags |= signatory;
-	} else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
+	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
 		flags |= kskflag;
 		flags |= revflag;
 	}
 
-	if (protocol == -1) {
+	if (protocol == -1)
 		protocol = DNS_KEYPROTO_DNSSEC;
-	} else if ((options & DST_TYPE_KEY) == 0 &&
-		   protocol != DNS_KEYPROTO_DNSSEC) {
+	else if ((options & DST_TYPE_KEY) == 0 &&
+		 protocol != DNS_KEYPROTO_DNSSEC)
 		fatal("invalid DNSKEY protocol: %d", protocol);
-	}
 
 	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0) {
+		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
 			fatal("specified null key with signing authority");
-		}
 	}
 
 	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
 	    alg == DNS_KEYALG_DH)
-	{
 		fatal("a key with algorithm '%s' cannot be a zone key",
 		      algname);
-	}
 
 	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
 
@@ -623,9 +571,9 @@ main(int argc, char **argv) {
 	ret = dst_key_fromlabel(name, alg, flags, protocol, rdclass,
 #if USE_PKCS11
 				"pkcs11",
-#else  /* if USE_PKCS11 */
+#else
 				engine,
-#endif /* if USE_PKCS11 */
+#endif
 				label, NULL, mctx, &key);
 
 	if (ret != ISC_R_SUCCESS) {
@@ -633,8 +581,8 @@ main(int argc, char **argv) {
 		char algstr[DNS_SECALG_FORMATSIZE];
 		dns_name_format(name, namestr, sizeof(namestr));
 		dns_secalg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to get key %s/%s: %s", namestr, algstr,
-		      isc_result_totext(ret));
+		fatal("failed to get key %s/%s: %s",
+		      namestr, algstr, isc_result_totext(ret));
 		/* NOTREACHED */
 		exit(-1);
 	}
@@ -648,57 +596,48 @@ main(int argc, char **argv) {
 	if (!oldstyle) {
 		dst_key_settime(key, DST_TIME_CREATED, now);
 
-		if (genonly && (setpub || setact)) {
+		if (genonly && (setpub || setact))
 			fatal("cannot use -G together with -P or -A options");
-		}
 
-		if (setpub) {
+		if (setpub)
 			dst_key_settime(key, DST_TIME_PUBLISH, publish);
-		} else if (setact) {
+		else if (setact)
 			dst_key_settime(key, DST_TIME_PUBLISH, activate);
-		} else if (!genonly && !unsetpub) {
+		else if (!genonly && !unsetpub)
 			dst_key_settime(key, DST_TIME_PUBLISH, now);
-		}
 
-		if (setact) {
+		if (setact)
 			dst_key_settime(key, DST_TIME_ACTIVATE, activate);
-		} else if (!genonly && !unsetact) {
+		else if (!genonly && !unsetact)
 			dst_key_settime(key, DST_TIME_ACTIVATE, now);
-		}
 
 		if (setrev) {
-			if (kskflag == 0) {
-				fprintf(stderr,
-					"%s: warning: Key is "
+			if (kskflag == 0)
+				fprintf(stderr, "%s: warning: Key is "
 					"not flagged as a KSK, but -R "
 					"was used. Revoking a ZSK is "
 					"legal, but undefined.\n",
 					program);
-			}
 			dst_key_settime(key, DST_TIME_REVOKE, revoke);
 		}
 
-		if (setinact) {
+		if (setinact)
 			dst_key_settime(key, DST_TIME_INACTIVE, inactive);
-		}
 
-		if (setdel) {
+		if (setdel)
 			dst_key_settime(key, DST_TIME_DELETE, deltime);
-		}
-		if (setsyncadd) {
+		if (setsyncadd)
 			dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-		}
-		if (setsyncdel) {
+		if (setsyncdel)
 			dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-		}
+
 	} else {
-		if (setpub || setact || setrev || setinact || setdel ||
-		    unsetpub || unsetact || unsetrev || unsetinact ||
-		    unsetdel || genonly || setsyncadd || setsyncdel)
-		{
+		if (setpub || setact || setrev || setinact ||
+		    setdel || unsetpub || unsetact ||
+		    unsetrev || unsetinact || unsetdel || genonly ||
+		    setsyncadd || setsyncdel)
 			fatal("cannot use -C together with "
 			      "-P, -A, -R, -I, -D, or -G options");
-		}
 		/*
 		 * Compatibility mode: Private-key-format
 		 * should be set to 1.2.
@@ -707,9 +646,8 @@ main(int argc, char **argv) {
 	}
 
 	/* Set default key TTL */
-	if (setttl) {
+	if (setttl)
 		dst_key_setttl(key, ttl);
-	}
 
 	/*
 	 * Do not overwrite an existing key.  Warn LOUDLY if there
@@ -719,26 +657,21 @@ main(int argc, char **argv) {
 	if (key_collision(key, name, directory, mctx, &exact)) {
 		isc_buffer_clear(&buf);
 		ret = dst_key_buildfilename(key, 0, directory, &buf);
-		if (ret != ISC_R_SUCCESS) {
+		if (ret != ISC_R_SUCCESS)
 			fatal("dst_key_buildfilename returned: %s\n",
 			      isc_result_totext(ret));
-		}
-		if (exact) {
+		if (exact)
 			fatal("%s: %s already exists\n", program, filename);
-		}
 
-		if (avoid_collisions) {
+		if (avoid_collisions)
 			fatal("%s: %s could collide with another key upon "
-			      "revokation\n",
-			      program, filename);
-		}
+			      "revokation\n", program, filename);
 
-		fprintf(stderr,
-			"%s: WARNING: Key %s could collide with "
-			"another key upon revokation.  If you plan "
-			"to revoke keys, destroy this key and "
-			"generate a different one.\n",
-			program, filename);
+		fprintf(stderr, "%s: WARNING: Key %s could collide with "
+				"another key upon revokation.  If you plan "
+				"to revoke keys, destroy this key and "
+				"generate a different one.\n",
+				program, filename);
 	}
 
 	ret = dst_key_tofile(key, options, directory);
@@ -751,27 +684,23 @@ main(int argc, char **argv) {
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS) {
+	if (ret != ISC_R_SUCCESS)
 		fatal("dst_key_buildfilename returned: %s\n",
 		      isc_result_totext(ret));
-	}
 	printf("%s\n", filename);
 	dst_key_free(&key);
-	if (prevkey != NULL) {
+	if (prevkey != NULL)
 		dst_key_free(&prevkey);
-	}
 
 	cleanup_logging(&log);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
 	isc_mem_free(mctx, label);
 	isc_mem_destroy(&mctx);
 
-	if (freeit != NULL) {
+	if (freeit != NULL)
 		free(freeit);
-	}
 
 	return (0);
 }

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -44,7 +44,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -173,7 +172,9 @@
 	  <para>
 	    When <acronym>BIND</acronym> 9 is built with OpenSSL-based
 	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
+	    identifies a particular key.  It may be preceded by an
+	    optional OpenSSL engine name, followed by a colon, as in
+	    "pkcs11:<replaceable>keylabel</replaceable>".
 	  </para>
 	  <para>
 	    When <acronym>BIND</acronym> 9 is built with native PKCS#11

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -146,7 +146,9 @@
 	  <p>
 	    When <acronym class="acronym">BIND</acronym> 9 is built with OpenSSL-based
 	    PKCS#11 support, the label is an arbitrary string that
-	    identifies a particular key.
+	    identifies a particular key.  It may be preceded by an
+	    optional OpenSSL engine name, followed by a colon, as in
+	    "pkcs11:<em class="replaceable"><code>keylabel</code></em>".
 	  </p>
 	  <p>
 	    When <acronym class="acronym">BIND</acronym> 9 is built with native PKCS#11

bin/dnssec/dnssec-keygen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2005, 2007-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -374,5 +374,5 @@ RFC 4034\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2005, 2007-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-keygen.docbook

@@ -51,7 +51,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-keygen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2005, 2007-2012, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2005, 2007-2012, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-revoke.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2011, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -99,5 +99,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2011, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-revoke.c

@@ -32,13 +32,13 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-revoke";
 
-static isc_mem_t *mctx = NULL;
+static isc_mem_t	*mctx = NULL;
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -46,28 +46,26 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s [options] keyfile\n\n", program);
+	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 #if USE_PKCS11
-	fprintf(stderr,
-		"    -E engine:    specify PKCS#11 provider "
-		"(default: %s)\n",
-		PK11_LIB_LOCATION);
-#else  /* if USE_PKCS11 */
+	fprintf(stderr, "    -E engine:    specify PKCS#11 provider "
+					"(default: %s)\n", PK11_LIB_LOCATION);
+#else
 	fprintf(stderr, "    -E engine:    specify OpenSSL engine\n");
-#endif /* if USE_PKCS11 */
+#endif
 	fprintf(stderr, "    -f:           force overwrite\n");
 	fprintf(stderr, "    -h:           help\n");
 	fprintf(stderr, "    -K directory: use directory for key files\n");
 	fprintf(stderr, "    -r:           remove old keyfiles after "
-			"creating revoked version\n");
+					   "creating revoked version\n");
 	fprintf(stderr, "    -v level:     set level of verbosity\n");
 	fprintf(stderr, "    -V:           print version information\n");
 	fprintf(stderr, "Output:\n");
 	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			"K<name>+<alg>+<new id>.private\n");
+			     "K<name>+<alg>+<new id>.private\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 int
@@ -87,85 +85,79 @@ main(int argc, char **argv) {
 	bool removefile = false;
 	bool id = false;
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
 	isc_mem_create(&mctx);
 
 #if HAVE_PKCS11
 	pk11_result_register();
-#endif /* if HAVE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
 
 	while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) {
 		switch (ch) {
-		case 'E':
+		    case 'E':
 			engine = isc_commandline_argument;
 			break;
-		case 'f':
+		    case 'f':
 			force = true;
 			break;
-		case 'K':
+		    case 'K':
 			/*
 			 * We don't have to copy it here, but do it to
 			 * simplify cleanup later
 			 */
 			dir = isc_mem_strdup(mctx, isc_commandline_argument);
 			break;
-		case 'r':
+		    case 'r':
 			removefile = true;
 			break;
-		case 'R':
+		    case 'R':
 			id = true;
 			break;
-		case 'v':
+		    case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
-		case '?':
-			if (isc_commandline_option != '?') {
+		    case '?':
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
-		case 'h':
+			/* FALLTHROUGH */
+		    case 'h':
 			/* Does not return. */
 			usage();
 
-		case 'V':
+		    case 'V':
 			/* Does not return. */
 			version(program);
 
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+		    default:
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL) {
+	    argv[isc_commandline_index] == NULL)
 		fatal("The key file name was not specified");
-	}
-	if (argc > isc_commandline_index + 1) {
+	if (argc > isc_commandline_index + 1)
 		fatal("Extraneous arguments");
-	}
 
 	if (dir != NULL) {
 		filename = argv[isc_commandline_index];
 	} else {
 		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
 					    &dir, &filename);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("cannot process filename %s: %s",
 			      argv[isc_commandline_index],
 			      isc_result_totext(result));
-		}
 		if (strcmp(dir, ".") == 0) {
 			isc_mem_free(mctx, dir);
 			dir = NULL;
@@ -173,17 +165,16 @@ main(int argc, char **argv) {
 	}
 
 	result = dst_lib_init(mctx, engine);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("Could not initialize dst: %s",
 		      isc_result_totext(result));
-	}
 
-	result = dst_key_fromnamedfile(
-		filename, dir, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, mctx, &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("Invalid keyfile name %s: %s", filename,
-		      isc_result_totext(result));
-	}
+	result = dst_key_fromnamedfile(filename, dir,
+				       DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
+				       mctx, &key);
+	if (result != ISC_R_SUCCESS)
+		fatal("Invalid keyfile name %s: %s",
+		      filename, isc_result_totext(result));
 
 	if (id) {
 		fprintf(stdout, "%u\n", dst_key_rid(key));
@@ -191,27 +182,24 @@ main(int argc, char **argv) {
 	}
 	dst_key_format(key, keystr, sizeof(keystr));
 
-	if (verbose > 2) {
+	if (verbose > 2)
 		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
 
-	if (force) {
+	if (force)
 		set_keyversion(key);
-	} else {
+	else
 		check_keyversion(key, keystr);
-	}
+
 
 	flags = dst_key_flags(key);
 	if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
 		isc_stdtime_t now;
 
-		if ((flags & DNS_KEYFLAG_KSK) == 0) {
-			fprintf(stderr,
-				"%s: warning: Key is not flagged "
-				"as a KSK. Revoking a ZSK is "
-				"legal, but undefined.\n",
-				program);
-		}
+		if ((flags & DNS_KEYFLAG_KSK) == 0)
+			fprintf(stderr, "%s: warning: Key is not flagged "
+					"as a KSK. Revoking a ZSK is "
+					"legal, but undefined.\n",
+					program);
 
 		isc_stdtime_get(&now);
 		dst_key_settime(key, DST_TIME_REVOKE, now);
@@ -223,11 +211,10 @@ main(int argc, char **argv) {
 
 		if (access(newname, F_OK) == 0 && !force) {
 			fatal("Key file %s already exists; "
-			      "use -f to force overwrite",
-			      newname);
+			      "use -f to force overwrite", newname);
 		}
 
-		result = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
+		result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
 					dir);
 		if (result != ISC_R_SUCCESS) {
 			dst_key_format(key, keystr, sizeof(keystr));
@@ -247,9 +234,8 @@ main(int argc, char **argv) {
 			isc_buffer_init(&buf, oldname, sizeof(oldname));
 			dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
 			dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
-			if (strcmp(oldname, newname) == 0) {
+			if (strcmp(oldname, newname) == 0)
 				goto cleanup;
-			}
 			(void)unlink(oldname);
 			isc_buffer_clear(&buf);
 			dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
@@ -263,12 +249,10 @@ main(int argc, char **argv) {
 cleanup:
 	dst_key_free(&key);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
-	if (dir != NULL) {
+	if (dir != NULL)
 		isc_mem_free(mctx, dir);
-	}
 	isc_mem_destroy(&mctx);
 
 	return (0);

bin/dnssec/dnssec-revoke.docbook

@@ -39,7 +39,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-revoke.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2011, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-settime.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2011, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -251,5 +251,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009-2011, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-settime.c

@@ -11,12 +11,12 @@
 
 /*! \file */
 
-#include <errno.h>
 #include <inttypes.h>
 #include <stdbool.h>
 #include <stdlib.h>
-#include <time.h>
 #include <unistd.h>
+#include <errno.h>
+#include <time.h>
 
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -25,24 +25,23 @@
 #include <isc/mem.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/time.h>
 #include <isc/util.h>
 
 #include <dns/keyvalues.h>
-#include <dns/log.h>
 #include <dns/result.h>
+#include <dns/log.h>
 
 #include <dst/dst.h>
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include "dnssectool.h"
 
 const char *program = "dnssec-settime";
 
-static isc_mem_t *mctx = NULL;
+static isc_mem_t	*mctx = NULL;
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -50,22 +49,20 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s [options] keyfile\n\n", program);
+	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "General options:\n");
 #if USE_PKCS11
-	fprintf(stderr,
-		"    -E engine:          specify PKCS#11 provider "
-		"(default: %s)\n",
-		PK11_LIB_LOCATION);
+	fprintf(stderr, "    -E engine:          specify PKCS#11 provider "
+					"(default: %s)\n", PK11_LIB_LOCATION);
 #elif defined(USE_PKCS11)
 	fprintf(stderr, "    -E engine:          specify OpenSSL engine "
-			"(default \"pkcs11\")\n");
-#else  /* if USE_PKCS11 */
+					   "(default \"pkcs11\")\n");
+#else
 	fprintf(stderr, "    -E engine:          specify OpenSSL engine\n");
-#endif /* if USE_PKCS11 */
+#endif
 	fprintf(stderr, "    -f:                 force update of old-style "
-			"keys\n");
+						 "keys\n");
 	fprintf(stderr, "    -K directory:       set key file location\n");
 	fprintf(stderr, "    -L ttl:             set default key TTL\n");
 	fprintf(stderr, "    -v level:           set level of verbosity\n");
@@ -73,84 +70,76 @@ usage(void) {
 	fprintf(stderr, "    -h:                 help\n");
 	fprintf(stderr, "Timing options:\n");
 	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
-			"publication date\n");
+						     "publication date\n");
 	fprintf(stderr, "    -P sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY publication date\n");
+					"CDS and CDNSKEY publication date\n");
 	fprintf(stderr, "    -A date/[+-]offset/none: set/unset key "
-			"activation date\n");
+						     "activation date\n");
 	fprintf(stderr, "    -R date/[+-]offset/none: set/unset key "
-			"revocation date\n");
+						     "revocation date\n");
 	fprintf(stderr, "    -I date/[+-]offset/none: set/unset key "
-			"inactivation date\n");
+						     "inactivation date\n");
 	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
-			"deletion date\n");
+						     "deletion date\n");
 	fprintf(stderr, "    -D sync date/[+-]offset/none: set/unset "
-			"CDS and CDNSKEY deletion date\n");
+					"CDS and CDNSKEY deletion date\n");
 	fprintf(stderr, "    -S <key>: generate a successor to an existing "
-			"key\n");
+				      "key\n");
 	fprintf(stderr, "    -i <interval>: prepublication interval for "
-			"successor key "
-			"(default: 30 days)\n");
+					   "successor key "
+					   "(default: 30 days)\n");
 	fprintf(stderr, "Key state options:\n");
 	fprintf(stderr, "    -s: update key state file (default no)\n");
 	fprintf(stderr, "    -g state: set the goal state for this key\n");
 	fprintf(stderr, "    -d state date/[+-]offset: set the DS state\n");
 	fprintf(stderr, "    -k state date/[+-]offset: set the DNSKEY state\n");
 	fprintf(stderr, "    -r state date/[+-]offset: set the RRSIG (KSK) "
-			"state\n");
+						      "state\n");
 	fprintf(stderr, "    -z state date/[+-]offset: set the RRSIG (ZSK) "
-			"state\n");
+						      "state\n");
 	fprintf(stderr, "Printing options:\n");
 	fprintf(stderr, "    -p C/P/Psync/A/R/I/D/Dsync/all: print a "
-			"particular time value or values\n");
+					"particular time value or values\n");
 	fprintf(stderr, "    -u:                 print times in unix epoch "
-			"format\n");
+						"format\n");
 	fprintf(stderr, "Output:\n");
 	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			"K<name>+<alg>+<new id>.private\n");
+			     "K<name>+<alg>+<new id>.private\n");
 
-	exit(-1);
+	exit (-1);
 }
 
 static void
-printtime(dst_key_t *key, int type, const char *tag, bool epoch, FILE *stream) {
+printtime(dst_key_t *key, int type, const char *tag, bool epoch,
+	  FILE *stream)
+{
 	isc_result_t result;
+	const char *output = NULL;
 	isc_stdtime_t when;
 
-	if (tag != NULL) {
+	if (tag != NULL)
 		fprintf(stream, "%s: ", tag);
-	}
 
 	result = dst_key_gettime(key, type, &when);
 	if (result == ISC_R_NOTFOUND) {
 		fprintf(stream, "UNSET\n");
 	} else if (epoch) {
-		fprintf(stream, "%d\n", (int)when);
+		fprintf(stream, "%d\n", (int) when);
 	} else {
-		time_t now = when;
-		struct tm t, *tm = localtime_r(&now, &t);
-		unsigned int flen;
-		char timebuf[80];
-
-		if (tm == NULL) {
-			fprintf(stream, "INVALID\n");
-			return;
-		}
-
-		flen = strftime(timebuf, sizeof(timebuf),
-				"%a %b %e %H:%M:%S %Y", tm);
-		INSIST(flen > 0U && flen < sizeof(timebuf));
-		fprintf(stream, "%s\n", timebuf);
+		time_t timet = when;
+		output = ctime(&timet);
+		fprintf(stream, "%s", output);
 	}
 }
 
 static void
-writekey(dst_key_t *key, const char *directory, bool write_state) {
+writekey(dst_key_t *key, const char *directory, bool write_state)
+{
 	char newname[1024];
 	char keystr[DST_KEY_FORMATSIZE];
 	isc_buffer_t buf;
 	isc_result_t result;
-	int options = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE;
+	int options = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE;
 
 	if (write_state) {
 		options |= DST_TYPE_STATE;
@@ -193,61 +182,60 @@ writekey(dst_key_t *key, const char *directory, bool write_state) {
 
 int
 main(int argc, char **argv) {
-	isc_result_t result;
-	const char *engine = NULL;
-	const char *filename = NULL;
-	char *directory = NULL;
-	char keystr[DST_KEY_FORMATSIZE];
-	char *endp, *p;
-	int ch;
-	const char *predecessor = NULL;
-	dst_key_t *prevkey = NULL;
-	dst_key_t *key = NULL;
-	dns_name_t *name = NULL;
-	dns_secalg_t alg = 0;
-	unsigned int size = 0;
-	uint16_t flags = 0;
-	int prepub = -1;
-	int options;
-	dns_ttl_t ttl = 0;
-	isc_stdtime_t now;
-	isc_stdtime_t dstime = 0, dnskeytime = 0;
-	isc_stdtime_t krrsigtime = 0, zrrsigtime = 0;
-	isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
-	isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
-	dst_key_state_t goal = DST_KEY_STATE_NA;
-	dst_key_state_t ds = DST_KEY_STATE_NA;
-	dst_key_state_t dnskey = DST_KEY_STATE_NA;
-	dst_key_state_t krrsig = DST_KEY_STATE_NA;
-	dst_key_state_t zrrsig = DST_KEY_STATE_NA;
-	bool setgoal = false, setds = false, setdnskey = false;
-	bool setkrrsig = false, setzrrsig = false;
-	bool setdstime = false, setdnskeytime = false;
-	bool setkrrsigtime = false, setzrrsigtime = false;
-	bool setpub = false, setact = false;
-	bool setrev = false, setinact = false;
-	bool setdel = false, setttl = false;
-	bool unsetpub = false, unsetact = false;
-	bool unsetrev = false, unsetinact = false;
-	bool unsetdel = false;
-	bool printcreate = false, printpub = false;
-	bool printact = false, printrev = false;
-	bool printinact = false, printdel = false;
-	bool force = false;
-	bool epoch = false;
-	bool changed = false;
-	bool write_state = false;
-	isc_log_t *log = NULL;
-	isc_stdtime_t syncadd = 0, syncdel = 0;
-	bool unsetsyncadd = false, setsyncadd = false;
-	bool unsetsyncdel = false, setsyncdel = false;
-	bool printsyncadd = false, printsyncdel = false;
+	isc_result_t	result;
+	const char	*engine = NULL;
+	const char 	*filename = NULL;
+	char		*directory = NULL;
+	char		keystr[DST_KEY_FORMATSIZE];
+	char		*endp, *p;
+	int		ch;
+	const char	*predecessor = NULL;
+	dst_key_t	*prevkey = NULL;
+	dst_key_t	*key = NULL;
+	dns_name_t	*name = NULL;
+	dns_secalg_t 	alg = 0;
+	unsigned int 	size = 0;
+	uint16_t	flags = 0;
+	int		prepub = -1;
+	int		options;
+	dns_ttl_t	ttl = 0;
+	isc_stdtime_t	now;
+	isc_stdtime_t	dstime = 0, dnskeytime = 0;
+	isc_stdtime_t	krrsigtime = 0, zrrsigtime = 0;
+	isc_stdtime_t	pub = 0, act = 0, rev = 0, inact = 0, del = 0;
+	isc_stdtime_t	prevact = 0, previnact = 0, prevdel = 0;
+	dst_key_state_t	goal = DST_KEY_STATE_NA;
+	dst_key_state_t	ds = DST_KEY_STATE_NA;
+	dst_key_state_t	dnskey = DST_KEY_STATE_NA;
+	dst_key_state_t	krrsig = DST_KEY_STATE_NA;
+	dst_key_state_t	zrrsig = DST_KEY_STATE_NA;
+	bool	setgoal = false, setds = false, setdnskey = false;
+	bool	setkrrsig = false, setzrrsig = false;
+	bool	setdstime = false, setdnskeytime = false;
+	bool	setkrrsigtime = false, setzrrsigtime = false;
+	bool	setpub = false, setact = false;
+	bool	setrev = false, setinact = false;
+	bool	setdel = false, setttl = false;
+	bool	unsetpub = false, unsetact = false;
+	bool	unsetrev = false, unsetinact = false;
+	bool	unsetdel = false;
+	bool	printcreate = false, printpub = false;
+	bool	printact = false,  printrev = false;
+	bool	printinact = false, printdel = false;
+	bool	force = false;
+	bool	epoch = false;
+	bool	changed = false;
+	bool	write_state = false;
+	isc_log_t       *log = NULL;
+	isc_stdtime_t	syncadd = 0, syncdel = 0;
+	bool	unsetsyncadd = false, setsyncadd = false;
+	bool	unsetsyncdel = false, setsyncdel = false;
+	bool	printsyncadd = false, printsyncdel = false;
 
-	options = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_STATE;
+	options = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_STATE;
 
-	if (argc == 1) {
+	if (argc == 1)
 		usage();
-	}
 
 	isc_mem_create(&mctx);
 
@@ -255,7 +243,7 @@ main(int argc, char **argv) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	isc_commandline_errprint = false;
@@ -266,38 +254,35 @@ main(int argc, char **argv) {
 	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 		switch (ch) {
 		case 'A':
-			if (setact || unsetact) {
+			if (setact || unsetact)
 				fatal("-A specified more than once");
-			}
 
 			changed = true;
-			act = strtotime(isc_commandline_argument, now, now,
-					&setact);
+			act = strtotime(isc_commandline_argument,
+					now, now, &setact);
 			unsetact = !setact;
 			break;
 		case 'D':
 			/* -Dsync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncdel || setsyncdel) {
+				if (unsetsyncdel || setsyncdel)
 					fatal("-D sync specified more than "
 					      "once");
-				}
 
 				changed = true;
 				syncdel = strtotime(isc_commandline_argument,
-						    now, now, &setsyncdel);
+						   now, now, &setsyncdel);
 				unsetsyncdel = !setsyncdel;
 				break;
 			}
 			/* -Ddnskey ? */
 			(void)isoptarg("dnskey", argv, usage);
-			if (setdel || unsetdel) {
+			if (setdel || unsetdel)
 				fatal("-D specified more than once");
-			}
 
 			changed = true;
-			del = strtotime(isc_commandline_argument, now, now,
-					&setdel);
+			del = strtotime(isc_commandline_argument,
+					now, now, &setdel);
 			unsetdel = !setdel;
 			break;
 		case 'd':
@@ -309,8 +294,8 @@ main(int argc, char **argv) {
 			setds = true;
 			/* time */
 			(void)isoptarg(isc_commandline_argument, argv, usage);
-			dstime = strtotime(isc_commandline_argument, now, now,
-					   &setdstime);
+			dstime = strtotime(isc_commandline_argument,
+					   now, now, &setdstime);
 			break;
 		case 'E':
 			engine = isc_commandline_argument;
@@ -326,30 +311,27 @@ main(int argc, char **argv) {
 			goal = strtokeystate(isc_commandline_argument);
 			if (goal != DST_KEY_STATE_NA &&
 			    goal != DST_KEY_STATE_HIDDEN &&
-			    goal != DST_KEY_STATE_OMNIPRESENT)
-			{
+			    goal != DST_KEY_STATE_OMNIPRESENT) {
 				fatal("-g must be either none, hidden, or "
 				      "omnipresent");
 			}
 			setgoal = true;
 			break;
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			/* Does not return. */
 			usage();
 		case 'I':
-			if (setinact || unsetinact) {
+			if (setinact || unsetinact)
 				fatal("-I specified more than once");
-			}
 
 			changed = true;
-			inact = strtotime(isc_commandline_argument, now, now,
-					  &setinact);
+			inact = strtotime(isc_commandline_argument,
+					now, now, &setinact);
 			unsetinact = !setinact;
 			break;
 		case 'i':
@@ -372,8 +354,8 @@ main(int argc, char **argv) {
 			setdnskey = true;
 			/* time */
 			(void)isoptarg(isc_commandline_argument, argv, usage);
-			dnskeytime = strtotime(isc_commandline_argument, now,
-					       now, &setdnskeytime);
+			dnskeytime = strtotime(isc_commandline_argument,
+					       now, now, &setdnskeytime);
 			break;
 		case 'L':
 			ttl = strtottl(isc_commandline_argument);
@@ -382,25 +364,23 @@ main(int argc, char **argv) {
 		case 'P':
 			/* -Psync ? */
 			if (isoptarg("sync", argv, usage)) {
-				if (unsetsyncadd || setsyncadd) {
+				if (unsetsyncadd || setsyncadd)
 					fatal("-P sync specified more than "
 					      "once");
-				}
 
 				changed = true;
 				syncadd = strtotime(isc_commandline_argument,
-						    now, now, &setsyncadd);
+						   now, now, &setsyncadd);
 				unsetsyncadd = !setsyncadd;
 				break;
 			}
 			(void)isoptarg("dnskey", argv, usage);
-			if (setpub || unsetpub) {
+			if (setpub || unsetpub)
 				fatal("-P specified more than once");
-			}
 
 			changed = true;
-			pub = strtotime(isc_commandline_argument, now, now,
-					&setpub);
+			pub = strtotime(isc_commandline_argument,
+					now, now, &setpub);
 			unsetpub = !setpub;
 			break;
 		case 'p':
@@ -456,13 +436,12 @@ main(int argc, char **argv) {
 			} while (*p != '\0');
 			break;
 		case 'R':
-			if (setrev || unsetrev) {
+			if (setrev || unsetrev)
 				fatal("-R specified more than once");
-			}
 
 			changed = true;
-			rev = strtotime(isc_commandline_argument, now, now,
-					&setrev);
+			rev = strtotime(isc_commandline_argument,
+					now, now, &setrev);
 			unsetrev = !setrev;
 			break;
 		case 'r':
@@ -474,8 +453,8 @@ main(int argc, char **argv) {
 			setkrrsig = true;
 			/* time */
 			(void)isoptarg(isc_commandline_argument, argv, usage);
-			krrsigtime = strtotime(isc_commandline_argument, now,
-					       now, &setkrrsigtime);
+			krrsigtime = strtotime(isc_commandline_argument,
+					       now, now, &setkrrsigtime);
 			break;
 		case 'S':
 			predecessor = isc_commandline_argument;
@@ -491,9 +470,8 @@ main(int argc, char **argv) {
 			version(program);
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
+			if (*endp != '\0')
 				fatal("-v must be followed by a number");
-			}
 			break;
 		case 'z':
 			if (setzrrsig) {
@@ -503,60 +481,52 @@ main(int argc, char **argv) {
 			zrrsig = strtokeystate(isc_commandline_argument);
 			setzrrsig = true;
 			(void)isoptarg(isc_commandline_argument, argv, usage);
-			zrrsigtime = strtotime(isc_commandline_argument, now,
-					       now, &setzrrsigtime);
+			zrrsigtime = strtotime(isc_commandline_argument,
+					       now, now, &setzrrsigtime);
 			break;
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
 	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL) {
+	    argv[isc_commandline_index] == NULL)
 		fatal("The key file name was not specified");
-	}
-	if (argc > isc_commandline_index + 1) {
+	if (argc > isc_commandline_index + 1)
 		fatal("Extraneous arguments");
-	}
 
 	if ((setgoal || setds || setdnskey || setkrrsig || setzrrsig) &&
-	    !write_state) {
+	    !write_state)
+	{
 		fatal("Options -g, -d, -k, -r and -z require -s to be set");
 	}
 
 	result = dst_lib_init(mctx, engine);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		fatal("Could not initialize dst: %s",
 		      isc_result_totext(result));
-	}
 
 	if (predecessor != NULL) {
 		int major, minor;
 
-		if (prepub == -1) {
+		if (prepub == -1)
 			prepub = (30 * 86400);
-		}
 
-		if (setpub || unsetpub) {
+		if (setpub || unsetpub)
 			fatal("-S and -P cannot be used together");
-		}
-		if (setact || unsetact) {
+		if (setact || unsetact)
 			fatal("-S and -A cannot be used together");
-		}
 
 		result = dst_key_fromnamedfile(predecessor, directory, options,
 					       mctx, &prevkey);
-		if (result != ISC_R_SUCCESS) {
-			fatal("Invalid keyfile %s: %s", filename,
-			      isc_result_totext(result));
-		}
+		if (result != ISC_R_SUCCESS)
+			fatal("Invalid keyfile %s: %s",
+			      filename, isc_result_totext(result));
 		if (!dst_key_isprivate(prevkey) && !dst_key_isexternal(prevkey))
-		{
 			fatal("%s is not a private key", filename);
-		}
 
 		name = dst_key_name(prevkey);
 		alg = dst_key_alg(prevkey);
@@ -565,68 +535,57 @@ main(int argc, char **argv) {
 
 		dst_key_format(prevkey, keystr, sizeof(keystr));
 		dst_key_getprivateformat(prevkey, &major, &minor);
-		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION) {
+		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
 			fatal("Predecessor has incompatible format "
-			      "version %d.%d\n\t",
-			      major, minor);
-		}
+			      "version %d.%d\n\t", major, minor);
 
 		result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("Predecessor has no activation date. "
 			      "You must set one before\n\t"
 			      "generating a successor.");
-		}
 
 		result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
 					 &previnact);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("Predecessor has no inactivation date. "
 			      "You must set one before\n\t"
 			      "generating a successor.");
-		}
 
 		pub = previnact - prepub;
 		act = previnact;
 
-		if ((previnact - prepub) < now && prepub != 0) {
+		if ((previnact - prepub) < now && prepub != 0)
 			fatal("Time until predecessor inactivation is\n\t"
 			      "shorter than the prepublication interval.  "
 			      "Either change\n\t"
 			      "predecessor inactivation date, or use the -i "
 			      "option to set\n\t"
 			      "a shorter prepublication interval.");
-		}
 
 		result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"%s: warning: Predecessor has no "
-				"removal date;\n\t"
-				"it will remain in the zone "
-				"indefinitely after rollover.\n",
-				program);
-		} else if (prevdel < previnact) {
-			fprintf(stderr,
-				"%s: warning: Predecessor is "
-				"scheduled to be deleted\n\t"
-				"before it is scheduled to be "
-				"inactive.\n",
-				program);
-		}
+		if (result != ISC_R_SUCCESS)
+			fprintf(stderr, "%s: warning: Predecessor has no "
+					"removal date;\n\t"
+					"it will remain in the zone "
+					"indefinitely after rollover.\n",
+					program);
+		else if (prevdel < previnact)
+			fprintf(stderr, "%s: warning: Predecessor is "
+					"scheduled to be deleted\n\t"
+					"before it is scheduled to be "
+					"inactive.\n", program);
 
 		changed = setpub = setact = true;
 	} else {
-		if (prepub < 0) {
+		if (prepub < 0)
 			prepub = 0;
-		}
 
 		if (prepub > 0) {
-			if (setpub && setact && (act - prepub) < pub) {
+			if (setpub && setact && (act - prepub) < pub)
 				fatal("Activation and publication dates "
 				      "are closer together than the\n\t"
 				      "prepublication interval.");
-			}
 
 			if (setpub && !setact) {
 				setact = true;
@@ -636,10 +595,9 @@ main(int argc, char **argv) {
 				pub = act - prepub;
 			}
 
-			if ((act - prepub) < now) {
+			if ((act - prepub) < now)
 				fatal("Time until activation is shorter "
 				      "than the\n\tprepublication interval.");
-			}
 		}
 	}
 
@@ -648,137 +606,113 @@ main(int argc, char **argv) {
 	} else {
 		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
 					    &directory, &filename);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			fatal("cannot process filename %s: %s",
 			      argv[isc_commandline_index],
 			      isc_result_totext(result));
-		}
 	}
 
 	result = dst_key_fromnamedfile(filename, directory, options, mctx,
 				       &key);
-	if (result != ISC_R_SUCCESS) {
-		fatal("Invalid keyfile %s: %s", filename,
-		      isc_result_totext(result));
-	}
+	if (result != ISC_R_SUCCESS)
+		fatal("Invalid keyfile %s: %s",
+		      filename, isc_result_totext(result));
 
-	if (!dst_key_isprivate(key) && !dst_key_isexternal(key)) {
+	if (!dst_key_isprivate(key) && !dst_key_isexternal(key))
 		fatal("%s is not a private key", filename);
-	}
 
 	dst_key_format(key, keystr, sizeof(keystr));
 
 	if (predecessor != NULL) {
-		if (!dns_name_equal(name, dst_key_name(key))) {
+		if (!dns_name_equal(name, dst_key_name(key)))
 			fatal("Key name mismatch");
-		}
-		if (alg != dst_key_alg(key)) {
+		if (alg != dst_key_alg(key))
 			fatal("Key algorithm mismatch");
-		}
-		if (size != dst_key_size(key)) {
+		if (size != dst_key_size(key))
 			fatal("Key size mismatch");
-		}
-		if (flags != dst_key_flags(key)) {
+		if (flags != dst_key_flags(key))
 			fatal("Key flags mismatch");
-		}
 	}
 
 	prevdel = previnact = 0;
 	if ((setdel && setinact && del < inact) ||
-	    (dst_key_gettime(key, DST_TIME_INACTIVE, &previnact) ==
-		     ISC_R_SUCCESS &&
+	    (dst_key_gettime(key, DST_TIME_INACTIVE,
+			     &previnact) == ISC_R_SUCCESS &&
 	     setdel && !setinact && !unsetinact && del < previnact) ||
-	    (dst_key_gettime(key, DST_TIME_DELETE, &prevdel) == ISC_R_SUCCESS &&
+	    (dst_key_gettime(key, DST_TIME_DELETE,
+			     &prevdel) == ISC_R_SUCCESS &&
 	     setinact && !setdel && !unsetdel && prevdel < inact) ||
-	    (!setdel && !unsetdel && !setinact && !unsetinact && prevdel != 0 &&
-	     prevdel < previnact))
-	{
-		fprintf(stderr,
-			"%s: warning: Key is scheduled to "
-			"be deleted before it is\n\t"
-			"scheduled to be inactive.\n",
+	    (!setdel && !unsetdel && !setinact && !unsetinact &&
+	     prevdel != 0 && prevdel < previnact))
+		fprintf(stderr, "%s: warning: Key is scheduled to "
+				"be deleted before it is\n\t"
+				"scheduled to be inactive.\n",
 			program);
-	}
 
-	if (force) {
+	if (force)
 		set_keyversion(key);
-	} else {
+	else
 		check_keyversion(key, keystr);
-	}
 
-	if (verbose > 2) {
+	if (verbose > 2)
 		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
 
 	/*
 	 * Set time values.
 	 */
-	if (setpub) {
+	if (setpub)
 		dst_key_settime(key, DST_TIME_PUBLISH, pub);
-	} else if (unsetpub) {
+	else if (unsetpub)
 		dst_key_unsettime(key, DST_TIME_PUBLISH);
-	}
 
-	if (setact) {
+	if (setact)
 		dst_key_settime(key, DST_TIME_ACTIVATE, act);
-	} else if (unsetact) {
+	else if (unsetact)
 		dst_key_unsettime(key, DST_TIME_ACTIVATE);
-	}
 
 	if (setrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0) {
-			fprintf(stderr,
-				"%s: warning: Key %s is already "
-				"revoked; changing the revocation date "
-				"will not affect this.\n",
-				program, keystr);
-		}
-		if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0) {
-			fprintf(stderr,
-				"%s: warning: Key %s is not flagged as "
-				"a KSK, but -R was used.  Revoking a "
-				"ZSK is legal, but undefined.\n",
-				program, keystr);
-		}
+		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
+			fprintf(stderr, "%s: warning: Key %s is already "
+					"revoked; changing the revocation date "
+					"will not affect this.\n",
+					program, keystr);
+		if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0)
+			fprintf(stderr, "%s: warning: Key %s is not flagged as "
+					"a KSK, but -R was used.  Revoking a "
+					"ZSK is legal, but undefined.\n",
+					program, keystr);
 		dst_key_settime(key, DST_TIME_REVOKE, rev);
 	} else if (unsetrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0) {
-			fprintf(stderr,
-				"%s: warning: Key %s is already "
-				"revoked; removing the revocation date "
-				"will not affect this.\n",
-				program, keystr);
-		}
+		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
+			fprintf(stderr, "%s: warning: Key %s is already "
+					"revoked; removing the revocation date "
+					"will not affect this.\n",
+					program, keystr);
 		dst_key_unsettime(key, DST_TIME_REVOKE);
 	}
 
-	if (setinact) {
+	if (setinact)
 		dst_key_settime(key, DST_TIME_INACTIVE, inact);
-	} else if (unsetinact) {
+	else if (unsetinact)
 		dst_key_unsettime(key, DST_TIME_INACTIVE);
-	}
 
-	if (setdel) {
+	if (setdel)
 		dst_key_settime(key, DST_TIME_DELETE, del);
-	} else if (unsetdel) {
+	else if (unsetdel)
 		dst_key_unsettime(key, DST_TIME_DELETE);
-	}
 
-	if (setsyncadd) {
+	if (setsyncadd)
 		dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
-	} else if (unsetsyncadd) {
+	else if (unsetsyncadd)
 		dst_key_unsettime(key, DST_TIME_SYNCPUBLISH);
-	}
 
-	if (setsyncdel) {
+	if (setsyncdel)
 		dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
-	} else if (unsetsyncdel) {
+	else if (unsetsyncdel)
 		dst_key_unsettime(key, DST_TIME_SYNCDELETE);
-	}
 
-	if (setttl) {
+	if (setttl)
 		dst_key_setttl(key, ttl);
-	}
 
 	if (predecessor != NULL && prevkey != NULL) {
 		dst_key_setnum(prevkey, DST_NUM_SUCCESSOR, dst_key_id(key));
@@ -852,46 +786,37 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (!changed && setttl) {
+	if (!changed && setttl)
 		changed = true;
-	}
 
 	/*
 	 * Print out time values, if -p was used.
 	 */
-	if (printcreate) {
+	if (printcreate)
 		printtime(key, DST_TIME_CREATED, "Created", epoch, stdout);
-	}
 
-	if (printpub) {
+	if (printpub)
 		printtime(key, DST_TIME_PUBLISH, "Publish", epoch, stdout);
-	}
 
-	if (printact) {
+	if (printact)
 		printtime(key, DST_TIME_ACTIVATE, "Activate", epoch, stdout);
-	}
 
-	if (printrev) {
+	if (printrev)
 		printtime(key, DST_TIME_REVOKE, "Revoke", epoch, stdout);
-	}
 
-	if (printinact) {
+	if (printinact)
 		printtime(key, DST_TIME_INACTIVE, "Inactive", epoch, stdout);
-	}
 
-	if (printdel) {
+	if (printdel)
 		printtime(key, DST_TIME_DELETE, "Delete", epoch, stdout);
-	}
 
-	if (printsyncadd) {
-		printtime(key, DST_TIME_SYNCPUBLISH, "SYNC Publish", epoch,
-			  stdout);
-	}
+	if (printsyncadd)
+		printtime(key, DST_TIME_SYNCPUBLISH, "SYNC Publish",
+			  epoch, stdout);
 
-	if (printsyncdel) {
-		printtime(key, DST_TIME_SYNCDELETE, "SYNC Delete", epoch,
-			  stdout);
-	}
+	if (printsyncdel)
+		printtime(key, DST_TIME_SYNCDELETE, "SYNC Delete",
+			  epoch, stdout);
 
 	if (changed) {
 		writekey(key, directory, write_state);
@@ -900,14 +825,12 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (prevkey != NULL) {
+	if (prevkey != NULL)
 		dst_key_free(&prevkey);
-	}
 	dst_key_free(&key);
 	dst_lib_destroy();
-	if (verbose > 10) {
+	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	}
 	cleanup_logging(&log);
 	isc_mem_free(mctx, directory);
 	isc_mem_destroy(&mctx);

bin/dnssec/dnssec-settime.docbook

@@ -41,7 +41,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/dnssec/dnssec-settime.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009-2011, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/dnssec/dnssec-signzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2009, 2011-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -239,7 +239,7 @@ Do not modify the SOA serial number\&.
 .PP
 \fB"increment"\fR
 .RS 4
-Increment the SOA serial number using RFC 1982 arithmetic\&.
+Increment the SOA serial number using RFC 1982 arithmetics\&.
 .RE
 .PP
 \fB"unixtime"\fR
@@ -470,5 +470,5 @@ RFC 4641\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2009, 2011-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-signzone.docbook

@@ -51,7 +51,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -445,7 +444,7 @@
 	      <term><command>"increment"</command></term>
               <listitem>
                 <para>Increment the SOA serial number using RFC 1982
-                      arithmetic.</para>
+                      arithmetics.</para>
 	      </listitem>
             </varlistentry>
 

bin/dnssec/dnssec-signzone.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2009, 2011-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2009, 2011-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -353,7 +353,7 @@
 <dt><span class="term"><span class="command"><strong>"increment"</strong></span></span></dt>
 <dd>
                 <p>Increment the SOA serial number using RFC 1982
-                      arithmetic.</p>
+                      arithmetics.</p>
 	      </dd>
 <dt><span class="term"><span class="command"><strong>"unixtime"</strong></span></span></dt>
 <dd>