make named-checkconf able to check dns64 module parameters

- restored the checkconf test cases from the dns64 system test
- implemented plugin_check() in the dns64 module

.clang-format

@@ -1,73 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: false
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        5
-  - Regex:           '^<(pk11|pkcs11)/'
-    Priority:        10
-  - Regex:           '^<dns/'
-    Priority:        15
-  - Regex:           '^<dst/'
-    Priority:        20
-  - Regex:           '^<isccc/'
-    Priority:        25
-  - Regex:           '^<isccfg/'
-    Priority:        30
-  - Regex:           '^<ns/'
-    Priority:        35
-  - Regex:           '^<irs/'
-    Priority:        40
-  - Regex:           '^<bind9/'
-    Priority:        45
-  - Regex:           '^<(dig|named|rndc|confgen|dlz)/'
-    Priority:        50
-  - Regex:           '^<dlz_'
-    Priority:        55
-  - Regex:           '^".*"'
-    Priority:        99
-  - Regex:           '<openssl/'
-    Priority:        1
-  - Regex:           '<(mysql|protobuf-c)/'
-    Priority:        1
-  - Regex:           '.*'
-    Priority:        0
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.clang-format.headers

@@ -1,61 +0,0 @@
-BasedOnStyle: LLVM
-IndentWidth: 8
-UseTab: Always
-BreakBeforeBraces: Custom
-BraceWrapping:
-  AfterClass:      false
-  AfterEnum:       false
-  AfterStruct:     false
-  AfterUnion:      false
-  AfterControlStatement: MultiLine
-  AfterFunction:   false # should also be MultiLine, but not yet supported
-  AfterExternBlock: false
-  BeforeElse:      false
-  IndentBraces:    false
-  SplitEmptyFunction: true
-AllowShortIfStatementsOnASingleLine: false
-IndentCaseLabels: false
-AlwaysBreakAfterReturnType: All
-Cpp11BracedListStyle: false
-ColumnLimit: 80
-AlignAfterOpenBracket: Align
-AlignConsecutiveDeclarations: true
-AlignConsecutiveMacros: true
-AlignTrailingComments: true
-AllowAllArgumentsOnNextLine: true
-AlwaysBreakBeforeMultilineStrings: false
-BreakBeforeBinaryOperators: None
-BreakBeforeTernaryOperators: true
-AlignEscapedNewlines: Left
-DerivePointerAlignment: false
-PointerAlignment: Right
-PointerBindsToType: false
-IncludeBlocks: Regroup
-IncludeCategories:
-  - Regex:           '^<isc/'
-    Priority:        2
-  - Regex:           '^<dns/'
-    Priority:        3
-  - Regex:           '^<iscccc/'
-    Priority:        4
-  - Regex:           '^<isccfg/'
-    Priority:        5
-  - Regex:           '^<ns/'
-    Priority:        6
-  - Regex:           '^<bind9/)'
-    Priority:        7
-  - Regex:           '^(<[^/]*)/)'
-    Priority:        8
-  - Regex:           '<[[:alnum:].]+>'
-    Priority:        1
-  - Regex:           '".*"'
-    Priority:        9
-KeepEmptyLinesAtTheStartOfBlocks: false
-MaxEmptyLinesToKeep: 1
-PenaltyBreakAssignment: 30
-PenaltyBreakComment: 10
-PenaltyBreakFirstLessLess: 0
-PenaltyBreakString: 80
-PenaltyExcessCharacter: 100
-Standard: Cpp11
-ContinuationIndentWidth: 8

.dir-locals.el

@@ -15,6 +15,9 @@
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "./"))
 
+	       ;; current directory
+	       (expand-file-name (concat default-directory "./"))
+
 	       ;; libisc
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/isc/unix/include"))
@@ -22,16 +25,11 @@
 		(concat directory-of-current-dir-locals-file "lib/isc/pthreads/include"))
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/isc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/netmgr"))
 
 	       ;; libdns
+
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/dns/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/dns"))
 
 	       ;; libisccc
 	       (expand-file-name
@@ -53,30 +51,6 @@
 	       (expand-file-name
 		(concat directory-of-current-dir-locals-file "lib/bind9/include"))
 
-	       ;; bin
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/check"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/confgen/include"))	       
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dig/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/unix/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/dnssec/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/named/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "bin/rndc/include"))
-
 	       (expand-file-name "/usr/local/opt/openssl@1.1/include")
 	       (expand-file-name "/usr/local/opt/libxml2/include/libxml2")
 	       (expand-file-name "/usr/local/opt/json-c/include/json-c/")

.gitattributes

@@ -1,11 +1,2 @@
 *.sln.in eol=crlf
 *.vcxproj.* eol=crlf
-
-.gitignore			 export-ignore
-/conftools			 export-ignore
-/doc/design			 export-ignore
-/doc/dev			 export-ignore
-/util/**			 export-ignore
-/util/bindkeys.pl		-export-ignore
-/util/check-make-install.in	-export-ignore
-/util/mksymtbl.pl		-export-ignore

.gitignore

@@ -4,15 +4,12 @@
 *.gcno
 *.la
 *.lo
-*.log
 *.o
 *.orig
 *.plist/ # ccc-analyzer store its results in .plist directories
 *.rej
 *.so
-*.trs
 *_test
-*.ipch # vscode/intellisense precompiled header
 *~
 .ccache/
 .cproject
@@ -53,16 +50,9 @@
 /stamp-h1
 /test-driver
 Makefile
-Makefile.in
 ans.run
 gen.dSYM/
 kyua.log
 named.memstats
 named.run
 timestamp
-/compile_commands.json
-/cppcheck_html/
-/cppcheck.results
-/tsan
-/util/check-make-install
-/INSTALL

.gitlab/issue_templates/Release.md

@@ -1,66 +0,0 @@
-## Release Schedule
-
-**Tagging Deadline:**
-
-**Public Release:**
-
-## Release Checklist
-
-## 2 Working Days Before the Tagging Deadline
-
- - [ ] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- - [ ] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- - [ ] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
-
-## Before the Tagging Deadline
-
- - [ ] ***(QA)*** Inform Support/Marketing of impending release (and give estimated release dates).
- - [ ] ***(QA)*** Check Perflab to ensure there has been no unexplained drop in performance for the versions being released.
- - [ ] ***(SwEng)*** Update API files for libraries with new version information.
- - [ ] ***(SwEng)*** Change software version and library versions in `configure.ac` (new major release only).
- - [ ] ***(SwEng)*** Rebuild `configure` using Autoconf on `docs.isc.org`.
- - [ ] ***(SwEng)*** Update `CHANGES`.
- - [ ] ***(SwEng)*** Update `CHANGES.SE` (Subscription Edition only).
- - [ ] ***(SwEng)*** Update `README.md`.
- - [ ] ***(SwEng)*** Update `version`.
- - [ ] ***(SwEng)*** Build documentation on `docs.isc.org`.
- - [ ] ***(QA)*** Check that all the above steps were performed correctly.
- - [ ] ***(QA)*** Check that the contents of release notes match the merge requests comprising the releases.
- - [ ] ***(QA)*** Check that the formatting is correct for text, PDF, and HTML versions of release notes.
- - [ ] ***(SwEng)*** Tag the releases[^2].  (Tags may only be pushed to the public repository for releases which are *not* security releases.)
- - [ ] ***(SwEng)*** If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` to allow development to continue on the maintenance branch whilst release engineering continues.
-
-## Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
-
- - [ ] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- - [ ] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- - [ ] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- - [ ] ***(QA)*** Verify tarball signatures and check tarball checksums again.
- - [ ] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- - [ ] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- - [ ] ***(QA)*** Notify Support that the releases have been prepared.
- - [ ] ***(Support)*** Send out ASNs (if applicable).
-
-## On the Day of Public Release
-
- - [ ] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- - [ ] ***(Support)*** Place tarballs in public location on FTP site.
- - [ ] ***(Support)*** Publish links to downloads on ISC website.
- - [ ] ***(Support)*** Write release email to *bind-announce*.
- - [ ] ***(Support)*** Write email to *bind-users* (if a major release).
- - [ ] ***(Support)*** Update tickets in case of waiting support customers.
- - [ ] ***(QA)*** Build and test any outstanding private packages.
- - [ ] ***(QA)*** Build public packages (`*.deb`, RPMs).
- - [ ] ***(QA)*** Inform Marketing of the release.
- - [ ] ***(QA)*** Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- - [ ] ***(Marketing)*** Post short note to Twitter.
- - [ ] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- - [ ] ***(Marketing)*** Write blog article (if a major release).
- - [ ] ***(QA)*** Ensure all new tags are annotated and signed.
- - [ ] ***(SwEng)*** Push tags for the published releases to the public repository.
- - [ ] ***(SwEng)*** Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`).
- - [ ] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check:sid:amd64` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
-
-[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
-
-[^2]: Preferred command line: `git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]`, where `[alphatag]` is an optional string such as `b1`, `rc1`, etc.

.gitlab/issue_templates/release.md

@@ -0,0 +1,44 @@
+## Release Checklist
+
+ - [ ] (Manager) Check for the presence of a milestone for the release:
+    - If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
+ - [ ] (Manager) Inform Support/Marketing of impending release (and give estimated release dates).
+ - (SwEng) Prepare the sources for tarball generation:
+   - [ ] Check perflab to ensure there has been no unexplained drop in performance for the version being released.
+   - [ ] Ensure that there are no outstanding merge requests in the private repository (subscription version only).
+   - [ ] Update API files for libraries with new version information.
+   - [ ] Change software version and library versions in configure.in (new major release only).
+   - [ ] Rebuild configure using autoconf on docs.isc.org.
+   - [ ] Update CHANGES.
+   - [ ] Update CHANGES.SE (subscription branch only).
+   - [ ] Update "version".
+   - [ ] Update "readme.md".
+   - Check the release notes are correct:
+     - [ ] Compare content with merge requests for the release.
+     - [ ] Check formatting.
+   - [ ] Build documentation on docs.isc.org.
+   - [ ] Commit changes and make sure the gitlab-ci tests are passing.
+   - [ ] Push the changes and tag ("alphatag" is an optional string such as "b1", "rc1" etc.). (```git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]```)
+   - [ ] If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` (this allows development to continue on the release branch whilst release engineering continues).
+ - [ ] (SwEng) Run the "make release" Jenkins job to produce the tarballs and zips.
+ - [ ] (SwEng) Ask QA to sanity check the tarball and zips (passing to them the number of the Jenkins job).
+ - [ ] (QA) Sanity check the tarballs.
+ - [ ] (QA) Request the signature on the tarballs.
+ - [ ] (QA) Check signatures on tarballs.
+ - [ ] (QA) Tell Support to handle notification of release.
+ - [ ] (Manager) Inform Marketing of the release
+ - [ ] (Manager) Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
+
+ - [ ] (SwEng) Update DEB and RPM packages
+ - [ ] (SwEng) Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`)
+
+## Support
+ - [ ] Make tarballs and signatures available to download.
+ - [ ] Write release email to bind9-announce.
+ - [ ] Write email to bind9-users (if a major release).
+ - [ ] Update tickets in case of waiting support customers.
+
+## Marketing
+ - [ ] Post short note to Twitter.
+ - [ ] Update [Wikipedia entry for BIND](http://en.wikipedia.org/wiki/BIND).
+ - [ ] Write blog article (if a major release).

.lgtm.yml

@@ -1,35 +0,0 @@
-extraction:
-  cpp:
-    prepare:
-      packages:
-      - "libxml2-dev"
-      - "libjson-c-dev"
-      - "libssl-dev"
-      - "zlib1g-dev"
-      - "libcmocka-dev"
-      - "pkg-config"
-      - "libcap2-dev"
-      - "libedit-dev"
-      - "libidn2-dev"
-      - "libmaxminddb-dev"
-      - "libuv1-dev"
-    configure:
-      command:
-      - "autoreconf -fi"
-      - "CFLAGS=\"-Og -g\" ./configure --enable-developer"
-path_classifiers:
-  test:
-    - "lib/*/tests/"
-    - "bin/tests/"
-  docs:
-    - "**/*.xml"
-    - "**/*.docbook"
-    - "**/*.html"
-    - "**/*.1"
-    - "**/*.5"
-    - "**/*.8"
-queries:
-  - exclude: libltdl/
-  - exclude: fuzz/
-  - exclude: "bin/tests/system/*/ans*/*.py"
-  - exclude: cpp/use-of-goto

.pylintrc

@@ -1,6 +0,0 @@
-[MASTER]
-disable=
-    C0114, # missing-module-docstring
-    C0115, # missing-class-docstring
-    C0116, # missing-function-docstring
-    R0801, # duplicate-code

.uncrustify.cfg

@@ -24,7 +24,7 @@ string_escape_char2                      = 0        # number
 # Improvements to template detection may make this option obsolete.
 tok_split_gte                            = false    # false/true
 
-# Control what to do with the UTF-8 BOM (recommend 'remove')
+# Control what to do with the UTF-8 BOM (recommed 'remove')
 utf8_bom                                 = ignore   # ignore/add/remove/force
 
 # If the file only contains chars between 128 and 255 and is not UTF-8, then output as UTF-8
@@ -1352,7 +1352,7 @@ cmt_insert_func_header                   = ""         # string
 # Will substitute $(class) with the class name.
 cmt_insert_class_header                  = ""         # string
 
-# The filename that contains text to insert before a Obj-C message specification if the method isn't preceded with a C/C++ comment.
+# The filename that contains text to insert before a Obj-C message specification if the method isn't preceeded with a C/C++ comment.
 # Will substitute $(message) with the function name and $(javaparam) with the javadoc @param and @return stuff.
 cmt_insert_oc_msg_header                 = ""         # string
 

AUTHORS

@@ -1,53 +0,0 @@
-Mark Andrews
-Andreas Gustafsson
-Evan Hunt
-Brian Wellington
-Bob Halley
-David Lawrence
-Michael Graff
-Michael Sawyer
-Ondřej Surý
-James Brister
-Tatuya JINMEI 神明達哉
-Francis Dupont
-Michał Kępień
-Danny Mayer
-Mukund Sivaraman
-Jeremy C. Reed
-William King
-Stephen Morris
-Witold Kręcicki
-Curtis Blackburn
-Scott Mann
-Rob Austein
-Jim Reid
-Eric Luce
-Olafur Gudmundsson
-Stephen Jacob
-Damien Neil
-Tony Finch
-Jakob Schlyter
-Petr Menšík
-Vernon Schryver
-Matt Nelson
-Shane Kerr
-Paul Ebersman
-Ray Bellis
-Shawn Routhier
-Ben Cottrell
-Tomas Hozza
-johnd
-Bill Parker
-李昶
-Kevin Chen
-Jonathan Casey
-Mary Stahl
-Mathieu Arnold
-David Hankins
-Paul Hoffman
-Paul Vixie
-Brian Conry
-Anay Panvalkar
-colleen
-Robert Edmonds
-João Damas

CHANGES

@@ -1,427 +1,3 @@
-5392.	[bug]		It was possible for named to crash during shutdown
-			or reconfiguration if an RPZ zone was still being
-			updated. [GL #1779]
-
-5391.	[func]		The BIND 9 build system has been changed to use the
-			usual stack of autoconf+automake+libtool.  [GL #4]
-
-5390.	[placeholder]
-
-5389.	[bug]		Finish the PKCS#11 code cleanup, fix couple of smaller
-			bugs and use PKCS#11 v3.0 EdDSA macros and constants.
-			Thanks to Aaron Thompson. [GL !3391]
-
-5388.	[func]		Reject AXFR streams where the message id is not
-			consistent. [GL #1674]
-
-5387.	[placeholder]
-
-5386.	[cleanup]	Address Coverity warnings in keymgr.c [GL #1737]
-
-5385.	[func]		Make ISC rwlock implementation the default again.
-			[GL #1753]
-
-5384.	[bug]		With dnssec-policy, inline-signing was implicitly set
-			to yes.  Change and only set inline-signing to yes
-			if the zone is not dynamic. [GL #1709]
-
-	--- 9.17.1 released ---
-
-5383.	[func]		Add a quota attach function with a callback and clean up
-			the isc_quota API. [GL !3280]
-
-5382.	[bug]		Use clock_gettime() instead of gettimeofday() for
-			isc_stdtime() function. [GL #1679]
-
-5381.	[bug]		Fix logging API data race by adding rwlock and caching
-			logging levels in stdatomic variables to restore
-			performance to original levels. [GL #1675] [GL #1717]
-
-5380.	[contrib]	Fix building MySQL DLZ modules against MySQL 8
-			libraries. [GL #1678]
-
-5379.	[placeholder]
-
-5378.	[bug]		Receiving invalid DNS data was triggering an assertion
-			failure in nslookup. [GL #1652]
-
-5377.	[placeholder]
-
-5376.	[bug]		Fix ineffective DNS rebinding protection when BIND is
-			configured as a forwarding DNS server. Thanks to Tobias
-			Klein. [GL #1574]
-
-5375.	[test]		Fix timing issues in the "kasp" system test. [GL #1669]
-
-5374.	[bug]		Statistics counters tracking recursive clients and
-			active connections could underflow. [GL #1087]
-
-5373.	[bug]		Collecting statistics for DNSSEC signing operations
-			(change 5254) caused an array of significant size (over
-			100 kB) to be allocated for each configured zone. Each
-			of these arrays is tracking all possible key IDs; this
-			could trigger an out-of-memory condition on servers with
-			a high enough number of zones configured. Fixed by
-			tracking up to four keys per zone and rotating counters
-			when keys are replaced. This fixes the immediate problem
-			of high memory usage, but should be improved in a future
-			release by growing or shrinking the number of keys to
-			track upon key rollover events. [GL #1179]
-
-5372.	[bug]		Fix migration from existing DNSSEC key files
-			("auto-dnssec maintain") to "dnssec-policy". [GL #1706]
-
-5371.	[bug]		Improve incremental updates of the RPZ summary
-			database to reduce delays that could occur when
-			a policy zone update included a large number of
-			record deletions. [GL #1447]
-
-5370.	[bug]		Deactivation of a netmgr handle associated with a
-			socket could be skipped in some circumstances.
-			Fixed by deactivating the netmgr handle before
-			scheduling the asynchronous close routine. [GL #1700]
-
-5369.	[func]		Add the ability to specify whether to wait for
-			nameserver domain names to be looked up, with a new RPZ
-			modifying directive 'nsdname-wait-recurse'. [GL #1138]
-
-5368.	[bug]		Named failed to restart if 'rndc addzone' names
-			contained special characters (e.g. '/'). [GL #1655]
-
-5367.	[placeholder]
-
-	--- 9.17.0 released ---
-
-5366.	[bug]		Fix a race condition with the keymgr when the same
-			zone plus dnssec-policy is configured in multiple
-			views. [GL #1653]
-
-5365.	[bug]		Algorithm rollover was stuck on submitting DS
-			because keymgr thought it would move to an invalid
-			state.  Fixed by checking the current key against
-			the desired state, not the existing state. [GL #1626]
-
-5364.	[bug]		Algorithm rollover waited too long before introducing
-			zone signatures.  It waited to make sure all signatures
-			were regenerated, but when introducing a new algorithm,
-			all signatures are regenerated immediately.  Only
-			add the sign delay if there is a predecessor key.
-			[GL #1625]
-
-5363.	[bug]		When changing a dnssec-policy, existing keys with
-			properties that no longer match were not being retired.
-			[GL #1624]
-
-5362.	[func]		Limit the size of IXFR responses so that AXFR will
-			be used instead if it would be smaller. This is
-			controlled by the "max-ixfr-ratio" option, which
-			is a percentage representing the ratio of IXFR size
-			to the size of the entire zone. This value cannot
-			exceed 100%, which is the default. [GL #1515]
-
-5361.	[bug]		named might not accept new connections after
-			hitting tcp-clients quota. [GL #1643]
-
-5360.	[bug]		delv could fail to load trust anchors in DNSKEY
-			format. [GL #1647]
-
-5359.	[func]		"rndc nta -d" and "rndc secroots" now include
-			"validate-except" entries when listing negative
-			trust anchors. These are indicated by the keyword
-			"permanent" in place of an expiry date. [GL #1532]
-
-5358.	[bug]		Inline master zones whose master files were touched
-			but otherwise unchanged and were subsequently reloaded
-			may have stopped re-signing. [GL !3135]
-
-5357.	[bug]		Newly added RRSIG records with expiry times before
-			the previous earliest expiry times might not be
-			re-signed in time.  This was a side effect of 5315.
-			[GL !3137]
-
-5356.	[func]		Update dnssec-policy configuration statements:
-			- Rename "zone-max-ttl" dnssec-policy option to
-			  "max-zone-ttl" for consistency with the existing
-			  zone option.
-			- Allow for "lifetime unlimited" as a synonym for
-			  "lifetime PT0S".
-			- Make "key-directory" optional.
-			- Warn if specifying a key length does not make
-			  sense; fail if key length is out of range for
-			  the algorithm.
-			- Allow use of mnemonics when specifying key
-			  algorithm (e.g. "rsasha256", "ecdsa384", etc.).
-			- Make ISO 8601 durations case-insensitive.
-			[GL #1598]
-
-5355.	[func]		What was set with --with-tuning=large option in
-			older BIND9 versions is now a default, and
-			a --with-tuning=small option was added for small
-			(e.g. OpenWRT) systems. [GL !2989]
-
-5354.	[bug]		dnssec-policy created new KSK keys for zones in the
-			initial stage of signing (with the DS not yet in the
-			rumoured or omnipresent states).  Fix by checking the
-			key goals rather than the active state when determining
-			whether new keys are needed. [GL #1593]
-
-5353.	[doc]		Document port and dscp parameters in forwarders
-			configuration option. [GL #914]
-
-5352.	[bug]		Correctly handle catalog zone entries containing
-			characters that aren't legal in filenames. [GL #1592]
-
-5351.	[bug]		CDS / CDNSKEY consistency checks failed to handle
-			removal records. [GL #1554]
-
-5350.	[bug]		When a view was configured with class CHAOS, the
-			server could crash while processing a query for a
-			non-existent record. [GL #1540]
-
-5349.	[bug]		Fix a race in task_pause/unpause. [GL #1571]
-
-5348.	[bug]		dnssec-settime -Psync was not being honoured.
-			[GL !2893]
-
-	--- 9.15.8 released ---
-
-5347.	[bug]		Fixed a bug that could cause an intermittent crash
-			in validator.c when validating a negative cache
-			entry. [GL #1561]
-
-5346.	[bug]		Make hazard pointer array allocations dynamic, fixing
-			a bug that caused named to crash on machines with more
-			than 40 cores. [GL #1493]
-
-5345.	[func]		Key-style trust anchors and DS-style trust anchors
-			can now both be used for the same name. [GL #1237]
-
-5344.	[bug]		Handle accept() errors properly in netmgr. [GL !2880]
-
-5343.	[func]		Add statistics counters to the netmgr. [GL #1311]
-
-5342.	[bug]		Disable pktinfo for IPv6 and bind to each interface
-			explicitly instead, because libuv doesn't support
-			pktinfo control messages. [GL #1558]
-
-5341.	[func]		Simplify passing the bound TCP socket to child
-			threads by using isc_uv_export/import functions.
-			[GL !2825]
-
-5340.	[bug]		Don't deadlock when binding to a TCP socket fails.
-			[GL #1499]
-
-5339.	[bug]		With some libmaxminddb versions, named could erroneously
-			match an IP address not belonging to any subnet defined
-			in a given GeoIP2 database to one of the existing
-			entries in that database. [GL #1552]
-
-5338.	[bug]		Fix line spacing in `rndc secroots`.
-			Thanks to Tony Finch. [GL !2478]
-
-5337.	[func]		'named -V' now reports maxminddb and protobuf-c
-			versions. [GL !2686]
-
-	--- 9.15.7 released ---
-
-5336.	[bug]		The TCP high-water statistic could report an
-			incorrect value on startup. [GL #1392]
-
-5335.	[func]		Make TCP listening code multithreaded. [GL !2659]
-
-5334.	[doc]		Update documentation with dnssec-policy clarifications.
-			Also change some defaults. [GL !2711]
-
-5333.	[bug]		Fix duration printing on Solaris when value is not
-			an ISO 8601 duration. [GL #1460]
-
-5332.	[func]		Renamed "dnssec-keys" configuration statement
-			to the more descriptive "trust-anchors". [GL !2702]
-
-5331.	[func]		Use compiler-provided mechanisms for thread local
-			storage, and make the requirement for such mechanisms
-			explicit in configure. [GL #1444]
-
-5330.	[bug]		'configure --without-python' was ineffective if
-			PYTHON was set in the environment. [GL #1434]
-
-5329.	[bug]		Reconfiguring named caused memory to be leaked when any
-			GeoIP2 database was in use. [GL #1445]
-
-5328.	[bug]		rbtdb.c:rdataset_{get,set}ownercase failed to obtain
-			a node lock. [GL #1417]
-
-5327.	[func]		Added a statistics counter to track queries
-			dropped because the recursive-clients quota was
-			exceeded. [GL #1399]
-
-5326.	[bug]		Add Python dependency on 'distutils.core' to configure.
-			'distutils.core' is required for installation.
-			[GL #1397]
-
-5325.	[bug]		Addressed several issues with TCP connections in
-			the netmgr: restored support for TCP connection
-			timeouts, restored TCP backlog support, actively
-			close all open sockets during shutdown. [GL #1312]
-
-5324.	[bug]		Change the category of some log messages from general
-			to the more appropriate catergory of xfer-in. [GL #1394]
-
-5323.	[bug]		Fix a bug in DNSSEC trust anchor verification.
-			[GL !2609]
-
-5322.	[placeholder]
-
-5321.	[bug]		Obtain write lock before updating version->records
-			and version->bytes. [GL #1341]
-
-5320.	[cleanup]	Silence TSAN on header->count. [GL #1344]
-
-	--- 9.15.6 released ---
-
-5319.	[func]		Trust anchors can now be configured using DS
-			format to represent a key digest, by using the
-			new "initial-ds" or "static-ds" keywords in
-			the "dnssec-keys" statement.
-
-			Note: DNSKEY-format and DS-format trust anchors
-			cannot both be used for the same domain name.
-			[GL #622]
-
-5318.	[cleanup]	The DNSSEC validation code has been refactored
-			for clarity and to reduce code duplication.
-			[GL #622]
-
-5317.	[func]		A new asynchronous network communications system
-			based on libuv is now used for listening for
-			incoming requests and responding to them. (The
-			old isc_socket API remains in use for sending
-			iterative queries and processing responses; this
-			will be changed too in a later release.)
-
-			This change will make it easier to improve
-			performance and implement new protocol layers
-			(e.g., DNS over TLS) in the future. [GL #29]
-
-5316.	[func]		A new "dnssec-policy" option has been added to
-			named.conf to implement a key and signing policy
-			(KASP) for zones. When this option is in use,
-			named can generate new keys as needed and
-			automatically roll both ZSK and KSK keys. (Note
-			that the syntax for this statement differs from
-			the dnssec policy used by dnssec-keymgr.)
-
-			See the ARM for configuration details. [GL #1134]
-
-5315.	[bug]		Apply the initial RRSIG expiration spread fixed
-			to all dynamically created records in the zone
-			including NSEC3. Also fix the signature clusters
-			when the server has been offline for prolonged
-			period of times. [GL #1256]
-
-5314.	[func]		Added a new statistics variable "tcp-highwater"
-			that reports the maximum number of simultaneous TCP
-			clients BIND has handled while running. [GL #1206]
-
-5313.	[bug]		The default GeoIP2 database location did not match
-			the ARM.  'named -V' now reports the default
-			location. [GL #1301]
-
-5312.	[bug]		Do not flush the cache for `rndc validation status`.
-			Thanks to Tony Finch. [GL !2462]
-
-5311.	[cleanup]	Include all views in output of `rndc validation status`.
-			Thanks to Tony Finch. [GL !2461]
-
-5310.	[bug]		TCP failures were affecting EDNS statistics. [GL #1059]
-
-5309.	[placeholder]
-
-5308.	[bug]		Don't log DNS_R_UNCHANGED from sync_secure_journal()
-			at ERROR level in receive_secure_serial(). [GL #1288]
-
-5307.	[bug]		Fix hang when named-compilezone output is sent to pipe.
-			Thanks to Tony Finch. [GL !2481]
-
-5306.	[security]	Set a limit on number of simultaneous pipelined TCP
-			queries. (CVE-2019-6477) [GL #1264]
-
-5305.	[bug]		NSEC Aggressive Cache ("synth-from-dnssec") has been
-			disabled by default because it was found to have
-			a significant performance impact on the recursive
-			service. [GL #1265]
-
-5304.	[bug]		"dnskey-sig-validity 0;" was not being accepted.
-			[GL #876]
-
-5303.	[placeholder]
-
-5302.	[bug]		Fix checking that "dnstap-output" is defined when
-			"dnstap" is specified in a view. [GL #1281]
-
-5301.	[bug]		Detect partial prefixes / incomplete IPv4 address in
-			acls. [GL #1143]
-
-5300.	[bug]		dig/mdig/delv: Add a colon after EDNS option names,
-			even when the option is empty, to improve
-			readability and allow correct parsing of YAML
-			output. [GL #1226]
-
-	--- 9.15.5 released ---
-
-5299.	[security]	A flaw in DNSSEC verification when transferring
-			mirror zones could allow data to be incorrectly
-			marked valid. (CVE-2019-6475) [GL #1252]
-
-5298.	[security]	Named could assert if a forwarder returned a
-			referral, rather than resolving the query, when QNAME
-			minimization was enabled. (CVE-2019-6476) [GL #1051]
-
-5297.	[bug]		Check whether a previous QNAME minimization fetch
-			is still running before starting a new one; return
-			SERVFAIL and log an error if so. [GL #1191]
-
-5296.	[placeholder]
-
-5295.	[cleanup]	Split dns_name_copy() calls into dns_name_copy() and
-			dns_name_copynf() for those calls that can potentially
-			fail and those that should not fail respectively.
-			[GL !2265]
-
-5294.	[func]		Fallback to ACE name on output in locale, which does not
-			support converting it to unicode.  [GL #846]
-
-5293.	[bug]		On Windows, named crashed upon any attempt to fetch XML
-			statistics from it. [GL #1245]
-
-5292.	[bug]		Queue 'rndc nsec3param' requests while signing inline
-			zone changes. [GL #1205]
-
-	--- 9.15.4 released ---
-
-5291.	[placeholder]
-
-5290.	[placeholder]
-
-5289.	[bug]		Address NULL pointer dereference in rpz.c:rpz_detach.
-			[GL #1210]
-
-5288.	[bug]		dnssec-must-be-secure was not always honored.
-			[GL #1209]
-
-5287.	[placeholder]
-
-5286.	[contrib]	Address potential NULL pointer dereferences in
-			dlz_mysqldyn_mod.c. [GL #1207]
-
-5285.	[port]		win32: implement "-T maxudpXXX". [GL #837]
-
-5284.	[func]		Added +unexpected command line option to dig.
-			By default, dig won't accept a reply from a source
-			other than the one to which it sent the query.
-			Invoking dig with +unexpected argument will allow it
-			to process replies from unexpected sources.
-
 5283.	[bug]		When a response-policy zone expires, ensure that
 			its policies are removed from the RPZ summary
 			database. [GL #1146]
@@ -483,7 +59,7 @@
 
 5268.	[placeholder]
 
-5267.	[func]		Allow statistics groups display to be toggle-able.
+5267.	[func]		Allow statistics groups display to be toggleable.
 			[GL #1030]
 
 5266.	[bug]		named-checkconf failed to report dnstap-output
@@ -591,7 +167,7 @@
 			code in a high-load cold-cache resolver scenario.
 			[GL #943]
 
-5242.	[bug]		In relaxed qname minimization mode, fall back to
+5242.	[bug]		In relaxed qname minimizatiom mode, fall back to
 			normal resolution when encountering a lame
 			delegation, and use _.domain/A queries rather
 			than domain/NS. [GL #1055]
@@ -1526,7 +1102,7 @@
 4965.	[func]		Add support for marking options as deprecated.
 			[GL #322]
 
-4964.	[bug]		Reduce the probability of double signature when deleting
+4964.	[bug]		Reduce the probabilty of double signature when deleting
 			a DNSKEY by checking if the node is otherwise signed
 			by the algorithm of the key to be deleted. [GL #240]
 
@@ -1610,7 +1186,7 @@
 			for unsigned zones since change 4596. [GL #209]
 
 4945.	[func]		BIND can no longer be built without DNSSEC support.
-			A cryptography provider (i.e., OpenSSL or a hardware
+			A cryptography provder (i.e., OpenSSL or a hardware
 			service module with PKCS#11 support) must be
 			available. [GL #244]
 
@@ -1669,7 +1245,7 @@
 			dig (+[no]raflag, +[no]tcflag). [GL #213]
 
 4928.	[func]		The "dnskey-sig-validity" option allows
-			"sig-validity-interval" to be overridden for signatures
+			"sig-validity-interval" to be overriden for signatures
 			covering DNSKEY RRsets. [GL #145]
 
 4927.	[placeholder]
@@ -2008,7 +1584,7 @@
 			[RT #46725]
 
 4831.	[bug]		Convert the RRSIG expirytime to 64 bits for
-			comparisons in diff.c:resign. [RT #46710]
+			comparisions in diff.c:resign. [RT #46710]
 
 4830.	[bug]		Failure to configure ATF when requested did not cause
 			an error in top-level configure script. [RT #46655]
@@ -2234,7 +1810,7 @@
 			used to append a formatted string to the used region of
 			a buffer. [RT #46201]
 
-4766.	[cleanup]	Address Coverity warnings. [RT #46150]
+4766.	[cleanup]	Addresss Coverity warnings. [RT #46150]
 
 4765.	[bug]		Address potential INSIST in dnssec-cds. [RT #46150]
 
@@ -2428,7 +2004,7 @@
 
 4719.	[bug]		Address PVS static analyzer warnings. [RT #45946]
 
-4718.	[func]		Avoid searching for a owner name compression pointer
+4718.	[func]		Avoid seaching for a owner name compression pointer
 			more than once when writing out a RRset. [RT #45802]
 
 4717.	[bug]		Treat replies with QCOUNT=0 as truncated if TC=1,
@@ -6573,7 +6149,7 @@
 
 3518.	[bug]		Increase the size of dns_rrl_key.s.rtype by one bit
 			so that all dns_rrl_rtype_t enum values fit regardless
-			of whether it is treated as signed or unsigned by
+			of whether it is teated as signed or unsigned by
 			the compiler. [RT #32792]
 
 3517.	[bug]		Reorder destruction to avoid shutdown race. [RT #32777]
@@ -7648,7 +7224,7 @@
 
 	--- 9.9.0b1 released ---
 
-3186.	[bug]		Version/db mismatch in rpz code. [RT #26180]
+3186.	[bug]		Version/db mis-match in rpz code. [RT #26180]
 
 3185.	[func]		New 'rndc signing' option for auto-dnssec zones:
 			 - 'rndc signing -list' displays the current
@@ -8313,7 +7889,7 @@
 2998.	[func]		Add isc_task_beginexclusive and isc_task_endexclusive
 			to the task api. [RT #22776]
 
-2997.	[func]		named -V now reports the OpenSSL and libxml2 versions
+2997.	[func]		named -V now reports the OpenSSL and libxml2 verions
 			it was compiled against. [RT #22687]
 
 2996.	[security]	Temporarily disable SO_ACCEPTFILTER support.
@@ -11296,7 +10872,7 @@
 2096.	[bug]		libbind: handle applications that fail to detect
 			res_init() failures better.
 
-2095.	[port]		libbind: always prototype inet_cidr_ntop_ipv6() and
+2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
 			net_cidr_ntop_ipv6(). [RT #16388]
 
 2094.	[contrib]	Update named-bootconf.  [RT #16404]
@@ -11352,7 +10928,7 @@
 2076.	[bug]		Several files were missing #include <config.h>
 			causing build failures on OSF. [RT #16341]
 
-2075.	[bug]		The spillat timer event handler could leak memory.
+2075.	[bug]		The spillat timer event hander could leak memory.
 			[RT #16357]
 
 2074.	[bug]		dns_request_createvia2(), dns_request_createvia3(),
@@ -12114,7 +11690,7 @@
 
 1831.	[doc]		Update named-checkzone documentation. [RT #13604]
 
-1830.	[bug]		adb lame cache has sense of test reversed. [RT #13600]
+1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]
 
 1829.	[bug]		win32: "pid-file none;" broken. [RT #13563]
 
@@ -12225,7 +11801,7 @@
 1796.	[func]		"rndc freeze/thaw" now freezes/thaws all zones.
 
 1795.	[bug]		"rndc dumpdb" was not fully documented.  Minor
-			formatting issues with "rndc dumpdb -all".  [RT #13396]
+			formating issues with "rndc dumpdb -all".  [RT #13396]
 
 1794.	[func]		Named and named-checkzone can now both check for
 			non-terminal wildcard records.
@@ -13402,7 +12978,7 @@
 			acl.
 
 1393.	[port]		Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
-			is not available in the kernel to prevent accidentally
+			is not available in the kernel to prevent accidently
 			listening on IPv4 interfaces.
 
 1392.	[bug]		named-checkzone: update usage.
@@ -15130,7 +14706,7 @@
  839.	[func]		Dump packets for which there was no view or that the
 			class could not be determined to category "unmatched".
 
- 838.	[port]		UnixWare 7.x.x is now supported by
+ 838.	[port]		UnixWare 7.x.x is now suported by
 			bin/tests/system/ifconfig.sh.
 
  837.	[cleanup]	Multi-threading is now enabled by default only on

CODE_OF_CONDUCT

@@ -0,0 +1,79 @@
+CODE OF CONDUCT
+
+BIND 9 Code of Conduct
+
+Like the technical community as a whole, the BIND 9 team and community is
+made up of a mixture of professionals and volunteers from all over the
+world, working on every aspect of the mission - including mentorship,
+teaching, and connecting people.
+
+Diversity is one of our huge strengths, but it can also lead to
+communication issues and unhappiness. To that end, we have a few ground
+rules that we ask people to adhere to. This code applies equally to the
+core development team, open source contributors and those seeking help and
+guidance.
+
+This isn't an exhaustive list of things that you can't do. Rather, take it
+in the spirit in which it's intended - a guide to make it easier to enrich
+all of us and the technical communities in which we participate.
+
+This code of conduct applies to all spaces managed by the BIND 9 project
+or Internet Systems Consortium. This includes chat, the mailing lists, the
+issue tracker, and any other fora created by the project team which the
+community uses for communication. In addition, violations of this code
+outside these spaces may affect a person's ability to participate within
+them.
+
+If you believe someone is violating the code of conduct, we ask that you
+report it by emailing conduct@isc.org. For more details please see our
+Reporting Guidelines.
+
+  * Be friendly and patient.
+  * Be welcoming. We strive to be a community that welcomes and supports
+    people of all backgrounds and identities. This includes, but is not
+    limited to members of any race, ethnicity, culture, national origin,
+    colour, immigration status, social and economic class, educational
+    level, sex, sexual orientation, gender identity and expression, age,
+    size, family status, political belief, religion, and mental and
+    physical ability.
+  * Be considerate. Your work will be used by other people, and you in
+    turn will depend on the work of others. Any decision you take will
+    affect users and colleagues, and you should take those consequences
+    into account when making decisions. Remember that we're a world-wide
+    community, so you might not be communicating in someone else's primary
+    language.
+  * Be respectful. Not all of us will agree all the time, but disagreement
+    is no excuse for poor behavior and poor manners. We might all
+    experience some frustration now and then, but we cannot allow that
+    frustration to turn into a personal attack. It's important to remember
+    that a community where people feel uncomfortable or threatened is not
+    a productive one. Members of the BIND 9 community should be respectful
+    when dealing with other members as well as with people outside the
+    BIND 9 community.
+  * Be careful in the words that you choose. We are a community of
+    professionals, and we conduct ourselves professionally. Be kind to
+    others. Do not insult or put down other participants. Harassment and
+    other exclusionary behavior aren't acceptable. This includes, but is
+    not limited to:
+      + Violent threats or language directed against another person.
+      + Discriminatory jokes and language.
+      + Posting sexually explicit or violent material.
+      + Posting (or threatening to post) other people's personally
+        identifying information ("doxing").
+      + Personal insults, especially those using racist or sexist terms.
+      + Unwelcome sexual attention.
+      + Advocating for, or encouraging, any of the above behavior.
+      + Repeated harassment of others. In general, if someone asks you to
+        stop, then stop.
+  * When we disagree, try to understand why. Disagreements, both social
+    and technical, happen all the time and BIND 9 is no exception. It is
+    important that we resolve disagreements and differing views
+    constructively. Remember that we're different. The strength of BIND 9
+    comes from its varied community, people from a wide range of
+    backgrounds. Different people have different perspectives on issues.
+    Being unable to understand why someone holds a viewpoint doesn't mean
+    that they're wrong. Don't forget that it is human to err and blaming
+    each other doesn't get us anywhere. Instead, focus on helping to
+    resolve issues and learning from mistakes.
+
+Original text courtesy of the Django Code of Conduct project.

CONTRIBUTING

@@ -0,0 +1,196 @@
+CONTRIBUTING
+
+BIND Source Access and Contributor Guidelines
+
+Feb 22, 2018
+
+Contents
+
+ 1. Access to source code
+ 2. Reporting bugs
+ 3. Contributing code
+
+Introduction
+
+Thank you for using BIND!
+
+BIND is open source software that implements the Domain Name System (DNS)
+protocols for the Internet. It is a reference implementation of those
+protocols, but it is also production-grade software, suitable for use in
+high-volume and high-reliability applications. It is by far the most
+widely used DNS software, providing a robust and stable platform on top of
+which organizations can build distributed computing systems with the
+knowledge that those systems are fully compliant with published DNS
+standards.
+
+BIND is and will always remain free and openly available. It can be used
+and modified in any way by anyone.
+
+BIND is maintained by the Internet Systems Consortium, a public-benefit
+501(c)(3) nonprofit, using a "managed open source" approach: anyone can
+see the source, but only ISC employees have commit access. Until recently,
+the source could only be seen once ISC had published a release: read
+access to the source repository was restricted just as commit access was.
+That's now changing, with the opening of a public git mirror to the BIND
+source tree (see below).
+
+At Internet Systems Consortium, we're committed to building communities
+that are welcoming and inclusive; environments where people are encouraged
+to share ideas, treat each other with respect, and collaborate towards the
+best solutions. To reinforce our commitment, the Internet Systems
+Consortium has adopted the Contributor Covenant version 1.4 as our Code of
+Conduct for BIND 9 project, as well as for the conduct of our developers
+throughout the industry.
+
+Access to source code
+
+Public BIND releases are always available from the ISC FTP site.
+
+A public-access GIT repository is also available at https://gitlab.isc.org
+. This repository is a mirror, updated several times per day, of the
+source repository maintained by ISC. It contains all the public release
+branches; upcoming releases can be viewed in their current state at any
+time. It does not contain development branches or unreviewed work in
+progress. Commits which address security vulnerablilities are withheld
+until after public disclosure.
+
+You can browse the source online via https://gitlab.isc.org/isc-projects/
+bind9
+
+To clone the repository, use:
+
+      $ git clone https://gitlab.isc.org/isc-projects/bind9.git
+
+Release branch names are of the form v9_X, where X represents the second
+number in the BIND 9 version number. So, to check out the BIND 9.12
+branch, use:
+
+      $ git checkout v9_12
+
+Whenever a branch is ready for publication, a tag will be placed of the
+form v9_X_Y. The 9.12.0 release, for instance, is tagged as v9_12_0.
+
+The branch in which the next major release is being developed is called
+master.
+
+Reporting bugs
+
+Reports of flaws in the BIND package, including software bugs, errors in
+the documentation, missing files in the tarball, suggested changes or
+requests for new features, etc, can be filed using https://gitlab.isc.org/
+isc-projects/bind9/issues.
+
+Due to a large ticket backlog, we are sometimes slow to respond,
+especially if a bug is cosmetic or if a feature request is vague or low in
+priority, but we will try at least to acknowledge legitimate bug reports
+within a week.
+
+ISC's ticketing system is publicly readable; however, you must have an
+account to file a new issue. You can either register locally or use
+credentials from an existing account at GitHub, GitLab, Google, Twitter,
+or Facebook.
+
+Reporting possible security issues
+
+If you think you may be seeing a potential security vulnerability in BIND
+(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
+report it immediately by emailing to security-officer@isc.org. Plain-text
+e-mail is not a secure choice for communications concerning undisclosed
+security issues so please encrypt your communications to us if possible,
+using the ISC Security Officer public key.
+
+Do not discuss undisclosed security vulnerabilites on any public mailing
+list. ISC has a long history of handling reported vulnerabilities promptly
+and effectively and we respect and acknowledge responsible reporters.
+
+ISC's Security Vulnerability Disclosure Policy is documented at https://
+kb.isc.org/article/AA-00861/0.
+
+If you have a crash, you may want to consult ?What to do if your BIND or
+DHCP server has crashed.?
+
+Contributing code
+
+BIND is licensed under the Mozilla Public License 2.0. Earier versions
+(BIND 9.10 and earlier) were licensed under the ISC License
+
+ISC does not require an explicit copyright assignment for patch
+contributions. However, by submitting a patch to ISC, you implicitly
+certify that you are the author of the code, that you intend to reliquish
+exclusive copyright, and that you grant permission to publish your work
+under the open source license used for the BIND version(s) to which your
+patch will be applied.
+
+BIND code
+
+Patches for BIND may be submitted directly via merge requests in ISC's
+Gitlab source repository for BIND.
+
+Patches can also be submitted as diffs against a specific version of BIND
+-- preferably the current top of the master branch. Diffs may be generated
+using either git format-patch or git diff.
+
+Those wanting to write code for BIND may be interested in the developer
+information page, which includes information about BIND design and coding
+practices, including discussion of internal APIs and overall system
+architecture. (This is a work in progress, and still quite preliminary.)
+
+Every patch submitted will be reviewed by ISC engineers following our code
+review process before it is merged.
+
+It may take considerable time to review patch submissions, especially if
+they don't meet ISC style and quality guidelines. If a patch is a good
+idea, we can and will do additional work to bring it up to par, but if
+we're busy with other work, it may take us a long time to get to it.
+
+To ensure your patch is acted on as promptly as possible, please:
+
+  * Try to adhere to the BIND 9 coding style.
+  * Run make check to ensure your change hasn't caused any functional
+    regressions.
+  * Document your work, both in the patch itself and in the accompanying
+    email.
+  * In patches that make non-trivial functional changes, include system
+    tests if possible; when introducing or substantially altering a
+    library API, include unit tests. See Testing for more information.
+
+Changes to configure
+
+If you need to make changes to configure, you should not edit it directly;
+instead, edit configure.in, then run autoconf. Similarly, instead of
+editing config.h.in directly, edit configure.in and run autoheader.
+
+When submitting a patch as a diff, it's fine to omit the configure diffs
+to save space. Just send the configure.in diffs and we'll generate the new
+configure during the review process.
+
+Documentation
+
+All functional changes should be documented. There are three types of
+documentation in the BIND source tree:
+
+  * Man pages are kept alongside the source code for the commands they
+    document, in files ending in .docbook; for example, the named man page
+    is bin/named/named.docbook.
+  * The BIND 9 Administrator Reference Manual is mostly in doc/arm/
+    Bv9ARM-book.xml, plus a few other XML files that are included in it.
+  * API documentation is in the header file describing the API, in
+    Doxygen-formatted comments.
+
+It is not necessary to edit any documentation files other than these; all
+PDF, HTML, and nroff-format man page files will be updated automatically
+from the docbook and XML files after merging.
+
+Patches to improve existing documentation are also very welcome!
+
+Tests
+
+BIND is a large and complex project. We rely heavily on continuous
+automated testing and cannot merge new code without adequate test
+coverage. Please see the 'Testing' section of doc/dev/dev.md for more
+information.
+
+Thanks
+
+Thank you for your interest in contributing to the ongoing development of
+BIND.

CONTRIBUTING.md

@@ -107,7 +107,7 @@ e-mail is not a secure choice for communications concerning undisclosed
 security issues so please encrypt your communications to us if possible,
 using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
 
-Do not discuss undisclosed security vulnerabilities on any public mailing list.
+Do not discuss undisclosed security vulnerabilites on any public mailing list.
 ISC has a long history of handling reported vulnerabilities promptly and
 effectively and we respect and acknowledge responsible reporters.
 

COPYING

@@ -1 +0,0 @@
-LICENSE

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2020  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")
 
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -181,6 +181,67 @@ SUCH DAMAGE.
 
  -----------------------------------------------------------------------------
 
+Copyright (c) 1998 Doug Rabson
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright ((c)) 2002, Rice University
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+    * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+
+    * Redistributions in binary form must reproduce the above
+    copyright notice, this list of conditions and the following
+    disclaimer in the documentation and/or other materials provided
+    with the distribution.
+
+    * Neither the name of Rice University (RICE) nor the names of its
+    contributors may be used to endorse or promote products derived
+    from this software without specific prior written permission.
+
+
+This software is provided by RICE and the contributors on an "as is"
+basis, without any representations or warranties of any kind, express
+or implied including, but not limited to, representations or
+warranties of non-infringement, merchantability or fitness for a
+particular purpose. In no event shall RICE or contributors be liable
+for any direct, indirect, incidental, special, exemplary, or
+consequential damages (including, but not limited to, procurement of
+substitute goods or services; loss of use, data, or profits; or
+business interruption) however caused and on any theory of liability,
+whether in contract, strict liability, or tort (including negligence
+or otherwise) arising in any way out of the use of this software, even
+if advised of the possibility of such damage.
+
+ -----------------------------------------------------------------------------
+
 Copyright (c) 1993 by Digital Equipment Corporation.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -201,6 +262,61 @@ SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Copyright 2000 Aaron D. Gifford.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of the copyright holder nor the names of contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+ 
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
+Copyright (c) 1998 Doug Rabson.
+Copyright (c) 2001 Jake Burkholder.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
+
+ -----------------------------------------------------------------------------
+
 Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
 All rights reserved.
 
@@ -247,6 +363,49 @@ SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Copyright (c) 2000-2002 Japan Network Information Center.  All rights reserved.
+ 
+By using this file, you agree to the terms and conditions set forth bellow.
+
+                        LICENSE TERMS AND CONDITIONS 
+
+The following License Terms and Conditions apply, unless a different
+license is obtained from Japan Network Information Center ("JPNIC"),
+a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
+Chiyoda-ku, Tokyo 101-0047, Japan.
+
+1. Use, Modification and Redistribution (including distribution of any
+   modified or derived work) in source and/or binary forms is permitted
+   under this License Terms and Conditions.
+
+2. Redistribution of source code must retain the copyright notices as they
+   appear in each source code file, this License Terms and Conditions.
+
+3. Redistribution in binary form must reproduce the Copyright Notice,
+   this License Terms and Conditions, in the documentation and/or other
+   materials provided with the distribution.  For the purposes of binary
+   distribution the "Copyright Notice" refers to the following language:
+   "Copyright (c) 2000-2002 Japan Network Information Center.  All rights
+   reserved."
+
+4. The name of JPNIC may not be used to endorse or promote products
+   derived from this Software without specific prior written approval of
+   JPNIC.
+
+5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
+   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL JPNIC BE LIABLE
+   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+   ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+ -----------------------------------------------------------------------------
+
 Copyright (C) 2004  Nominet, Ltd.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -263,6 +422,24 @@ PERFORMANCE OF THIS SOFTWARE.
 
  -----------------------------------------------------------------------------
 
+Portions Copyright RSA Security Inc.
+
+License to copy and use this software is granted provided that it is
+identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
+(Cryptoki)" in all material mentioning or referencing this software.
+
+License is also granted to make and use derivative works provided that
+such works are identified as "derived from the RSA Security Inc. PKCS #11
+Cryptographic Token Interface (Cryptoki)" in all material mentioning or
+referencing the derived work.
+
+RSA Security Inc. makes no representations concerning either the
+merchantability of this software or the suitability of this software for
+any particular purpose. It is provided "as is" without express or implied
+warranty of any kind.
+
+ -----------------------------------------------------------------------------
+
 Copyright (c) 1996, David Mazieres <dm@uun.org>
 Copyright (c) 2008, Damien Miller <djm@openbsd.org>
 
@@ -280,6 +457,54 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 -----------------------------------------------------------------------------
 
+Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in
+   the documentation and/or other materials provided with the
+   distribution.
+
+3. All advertising materials mentioning features or use of this
+   software must display the following acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+
+4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+   endorse or promote products derived from this software without
+   prior written permission. For written permission, please contact
+   licensing@OpenSSL.org.
+
+5. Products derived from this software may not be called "OpenSSL"
+   nor may "OpenSSL" appear in their names without prior written
+   permission of the OpenSSL Project.
+
+6. Redistributions of any form whatsoever must retain the following
+   acknowledgment:
+   "This product includes software developed by the OpenSSL Project
+   for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+
+THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGE.
+
+-----------------------------------------------------------------------------
+
 Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
 All rights reserved.
 

ChangeLog

@@ -1 +0,0 @@
-CHANGES

HISTORY

@@ -0,0 +1,600 @@
+HISTORY
+
+Functional enhancements from prior major releases of BIND 9
+
+BIND 9.14
+
+BIND 9.14 (a stable branch based on the 9.13 development branch) includes
+a number of changes from BIND 9.12 and earlier releases. New features
+include:
+
+  * A new "plugin" mechanism has been added to allow query functionality
+    to be extended using dynamically loadable libraries. The "filter-aaaa"
+    feature has been removed from named and is now implemented as a
+    plugin.
+  * Socket and task code has been refactored to improve performance.
+  * QNAME minimization, as described in RFC 7816, is now supported.
+  * "Root key sentinel" support, enabling validating resolvers to indicate
+    via a special query which trust anchors are configured for the root
+    zone.
+  * Secondary zones can now be configured as "mirror" zones; their
+    contents are transferred in as with traditional slave zones, but are
+    subject to DNSSEC validation and are not treated as authoritative data
+    when answering. This makes it easier to configure a local copy of the
+    root zone as described in RFC 7706.
+  * The "validate-except" option allows configuration of domains below
+    which DNSSEC validation should not be performed.
+  * The default value of "dnssec-validation" is now "auto".
+  * IDNA2008 is now supported when linking with libidn2.
+  * "named -V" now outputs the default paths for files used by named and
+    other tools.
+
+In addition, workarounds that were formerly in place to enable resolution
+of domains whose authoritative servers did not respond to EDNS queries
+have been removed. See https://dnsflagday.net for more details.
+
+Cryptographic support has been modernized. BIND now uses the best
+available pseudo-random number generator for the platform on which it's
+built. Very old versions of OpenSSL are no longer supported. Cryptography
+is now mandatory: building BIND without DNSSEC is no longer supported.
+
+Special code to support certain legacy operating systems has also been
+removed; see the file PLATFORMS.md for details of supported platforms. In
+addition to OpenSSL, BIND now requires support for IPv6, threads, and
+standard atomic operations provided by the C compiler.
+
+BIND 9.12
+
+BIND 9.12 includes a number of changes from BIND 9.11 and earlier
+releases. New features include:
+
+  * named and related libraries have been substantially refactored for
+    improved query performance -- particularly on delegation heavy zones
+    -- and for improved readability, maintainability, and testability.
+  * Code implementing the name server query processing logic has been
+    moved into a new libns library, for easier testing and use in tools
+    other than named.
+  * Cached, validated NSEC and other records can now be used to synthesize
+    NXDOMAIN responses.
+  * The DNS Response Policy Service API (DNSRPS) is now supported.
+  * Setting 'max-journal-size default' now limits the size of journal
+    files to twice the size of the zone.
+  * dnstap-read -x prints a hex dump of the wire format of each logged DNS
+    message.
+  * dnstap output files can now be configured to roll automatically when
+    reaching a given size.
+  * Log file timestamps can now also be formatted in ISO 8601 (local) or
+    ISO 8601 (UTC) formats.
+  * Logging channels and dnstap output files can now be configured to use
+    a timestamp as the suffix when rolling to a new file.
+  * 'named-checkconf -l' lists zones found in named.conf.
+  * Added support for the EDNS Padding and Keepalive options.
+  * 'new-zones-directory' option sets the location where the configuration
+    data for zones added by rndc addzone is stored.
+  * The default key algorithm in rndc-confgen is now hmac-sha256.
+  * filter-aaaa-on-v4 and filter-aaaa-on-v6 options are now available by
+    default without a configure option.
+  * The obsolete isc-hmac-fixup command has been removed.
+
+BIND 9.11
+
+BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
+releases. New features include:
+
+  * Added support for Catalog Zones, a new method for provisioning
+    servers: a list of zones to be served is stored in a DNS zone, along
+    with their configuration parameters. Changes to the catalog zone are
+    propagated to slaves via normal AXFR/IXFR, whereupon the zones that
+    are listed in it are automatically added, deleted or reconfigured.
+  * Added support for "dnstap", a fast and flexible method of capturing
+    and logging DNS traffic.
+  * Added support for "dyndb", a new API for loading zone data from an
+    external database, developed by Red Hat for the FreeIPA project.
+  * "fetchlimit" quotas are now compiled in by default. These are for the
+    use of recursive resolvers that are are under high query load for
+    domains whose authoritative servers are nonresponsive or are
+    experiencing a denial of service attack:
+      + "fetches-per-server" limits the number of simultaneous queries
+        that can be sent to any single authoritative server. The
+        configured value is a starting point; it is automatically adjusted
+        downward if the server is partially or completely non-responsive.
+        The algorithm used to adjust the quota can be configured via the
+        "fetch-quota-params" option.
+      + "fetches-per-zone" limits the number of simultaneous queries that
+        can be sent for names within a single domain. (Note: Unlike
+        "fetches-per-server", this value is not self-tuning.)
+      + New stats counters have been added to count queries spilled due to
+        these quotas.
+  * Added a new "dnssec-keymgr" key mainenance utility, which can generate
+    or update keys as needed to ensure that a zone's keys match a defined
+    DNSSEC policy.
+  * The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE"
+    and is no longer optional. EDNS COOKIE is a mechanism enabling clients
+    to detect off-path spoofed responses, and servers to detect
+    spoofed-source queries. Clients that identify themselves using COOKIE
+    options are not subject to response rate limiting (RRL) and can
+    receive larger UDP responses.
+  * SERVFAIL responses can now be cached for a limited time (defaulting to
+    1 second, with an upper limit of 30). This can reduce the frequency of
+    retries when a query is persistently failing.
+  * Added an "nsip-wait-recurse" switch to RPZ. This causes NSIP rules to
+    be skipped if a name server IP address isn't in the cache yet; the
+    address will be looked up and the rule will be applied on future
+    queries.
+  * Added a Python RNDC module. This allows multiple commands to sent over
+    a persistent RNDC channel, which saves time.
+  * The "controls" block in named.conf can now grant read-only "rndc"
+    access to specified clients or keys. Read-only clients could, for
+    example, check "rndc status" but could not reconfigure or shut down
+    the server.
+  * "rndc" commands can now return arbitrarily large amounts of text to
+    the caller.
+  * The zone serial number of a dynamically updatable zone can now be set
+    via "rndc signing -serial ". This allows inline-signing zones to be
+    set to a specific serial number.
+  * The new "rndc nta" command can be used to set a Negative Trust Anchor
+    (NTA), disabling DNSSEC validation for a specific domain; this can be
+    used when responses from a domain are known to be failing validation
+    due to administrative error rather than because of a spoofing attack.
+    Negative trust anchors are strictly temporary; by default they expire
+    after one hour, but can be configured to last up to one week.
+  * "rndc delzone" can now be used on zones that were not originally
+    created by "rndc addzone".
+  * "rndc modzone" reconfigures a single zone, without requiring the
+    entire server to be reconfigured.
+  * "rndc showzone" displays the current configuration of a zone.
+  * "rndc managed-keys" can be used to check the status of RFC 5001
+    managed trust anchors, or to force trust anchors to be refreshed.
+  * "max-cache-size" can now be set to a percentage of available memory.
+    The default is 90%.
+  * Update forwarding performance has been improved by allowing a single
+    TCP connection to be shared by multiple updates.
+  * The EDNS Client Subnet (ECS) option is now supported for authoritative
+    servers; if a query contains an ECS option then ACLs containing
+    "geoip" or "ecs" elements can match against the the address encoded in
+    the option. This can be used to select a view for a query, so that
+    different answers can be provided depending on the client network.
+  * The EDNS EXPIRE option has been implemented on the client side,
+    allowing a slave server to set the expiration timer correctly when
+    transferring zone data from another slave server.
+  * The key generation and manipulation tools (dnssec-keygen,
+    dnssec-settime, dnssec-importkey, dnssec-keyfromlabel) now take
+    "-Psync" and "-Dsync" options to set the publication and deletion
+    times of CDS and CDNSKEY parent-synchronization records. Both named
+    and dnssec-signzone can now publish and remove these records at the
+    scheduled times.
+  * A new "minimal-any" option reduces the size of UDP responses for query
+    type ANY by returning a single arbitrarily selected RRset instead of
+    all RRsets.
+  * A new "masterfile-style" zone option controls the formatting of text
+    zone files: When set to "full", a zone file is dumped in
+    single-line-per-record format.
+  * "serial-update-method" can now be set to "date". On update, the serial
+    number will be set to the current date in YYYYMMDDNN format.
+  * "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
+  * "named -L " causes named to send log messages to the specified file by
+    default instead of to the system log.
+  * "dig +ttlunits" prints TTL values with time-unit suffixes: w, d, h, m,
+    s for weeks, days, hours, minutes, and seconds.
+  * "dig +unknownformat" prints dig output in RFC 3597 "unknown record"
+    presentation format.
+  * "dig +ednsopt" allows dig to set arbitrary EDNS options on requests.
+  * "dig +ednsflags" allows dig to set yet-to-be-defined EDNS flags on
+    requests.
+  * "mdig" is an alternate version of dig which sends multiple pipelined
+    TCP queries to a server. Instead of waiting for a response after
+    sending a query, it sends all queries immediately and displays
+    responses in the order received.
+  * "serial-query-rate" no longer controls NOTIFY messages. These are
+    separately controlled by "notify-rate" and "startup-notify-rate".
+  * "nsupdate" now performs "check-names" processing by default on records
+    to be added. This can be disabled with "check-names no".
+  * The statistics channel now supports DEFLATE compression, reducing the
+    size of the data sent over the network when querying statistics.
+  * New counters have been added to the statistics channel to track the
+    sizes of incoming queries and outgoing responses in histogram buckets,
+    as specified in RSSAC002.
+  * A new NXDOMAIN redirect method (option "nxdomain-redirect") has been
+    added, allowing redirection to a specified DNS namespace instead of a
+    single redirect zone.
+  * When starting up, named now ensures that no other named process is
+    already running.
+  * Files created by named to store information, including "mkeys" and
+    "nzf" files, are now named after their corresponding views unless the
+    view name contains characters incompatible with use as a filename. Old
+    style filenames (based on the hash of the view name) will still work.
+
+BIND 9.10.0
+
+BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
+releases. New features include:
+
+  * DNS Response-rate limiting (DNS RRL), which blunts the impact of
+    reflection and amplification attacks, is always compiled in and no
+    longer requires a compile-time option to enable it.
+  * An experimental "Source Identity Token" (SIT) EDNS option is now
+    available. Similar to DNS Cookies as invented by Donald Eastlake 3rd,
+    these are designed to enable clients to detect off-path spoofed
+    responses, and to enable servers to detect spoofed-source queries.
+    Servers can be configured to send smaller responses to clients that
+    have not identified themselves using a SIT option, reducing the
+    effectiveness of amplification attacks. RRL processing has also been
+    updated; clients proven to be legitimate via SIT are not subject to
+    rate limiting. Use "configure --enable-sit" to enable this feature in
+    BIND.
+  * A new zone file format, "map", stores zone data in a format that can
+    be mapped directly into memory, allowing significantly faster zone
+    loading.
+  * "delv" (domain entity lookup and validation) is a new tool with
+    dig-like semantics for looking up DNS data and performing internal
+    DNSSEC validation. This allows easy validation in environments where
+    the resolver may not be trustworthy, and assists with troubleshooting
+    of DNSSEC problems. (NOTE: In previous development releases of BIND
+    9.10, this utility was called "delve". The spelling has been changed
+    to avoid confusion with the "delve" utility included with the Xapian
+    search engine.)
+  * Improved EDNS(0) processing for better resolver performance and
+    reliability over slow or lossy connections.
+  * A new "configure --with-tuning=large" option tunes certain compiled-in
+    constants and default settings to values better suited to large
+    servers with abundant memory. This can improve performance on such
+    servers, but will consume more memory and may degrade performance on
+    smaller systems.
+  * Substantial improvement in response-policy zone (RPZ) performance. Up
+    to 32 response-policy zones can be configured with minimal performance
+    loss.
+  * To improve recursive resolver performance, cache records which are
+    still being requested by clients can now be automatically refreshed
+    from the authoritative server before they expire, reducing or
+    eliminating the time window in which no answer is available in the
+    cache.
+  * New "rpz-client-ip" triggers and drop policies allowing response
+    policies based on the IP address of the client.
+  * ACLs can now be specified based on geographic location using the
+    MaxMind GeoIP databases. Use "configure --with-geoip" to enable.
+  * Zone data can now be shared between views, allowing multiple views to
+    serve the same zones authoritatively without storing multiple copies
+    in memory.
+  * New XML schema (version 3) for the statistics channel includes many
+    new statistics and uses a flattened XML tree for faster parsing. The
+    older schema is now deprecated.
+  * A new stylesheet, based on the Google Charts API, displays XML
+    statistics in charts and graphs on javascript-enabled browsers.
+  * The statistics channel can now provide data in JSON format as well as
+    XML.
+  * New stats counters track TCP and UDP queries received per zone, and
+    EDNS options received in total.
+  * The internal and export versions of the BIND libraries (libisc,
+    libdns, etc) have been unified so that external library clients can
+    use the same libraries as BIND itself.
+  * A new compile-time option, "configure --enable-native-pkcs11", allows
+    BIND 9 cryptography functions to use the PKCS#11 API natively, so that
+    BIND can drive a cryptographic hardware service module (HSM) directly
+    instead of using a modified OpenSSL as an intermediary. (Note: This
+    feature requires an HSM to have a full implementation of the PKCS#11
+    API; many current HSMs only have partial implementations. The new
+    "pkcs11-tokens" command can be used to check API completeness. Native
+    PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
+    version 2 from the Open DNSSEC project.)
+  * The new "max-zone-ttl" option enforces maximum TTLs for zones. This
+    can simplify the process of rolling DNSSEC keys by guaranteeing that
+    cached signatures will have expired within the specified amount of
+    time.
+  * "dig +subnet" sends an EDNS CLIENT-SUBNET option when querying.
+  * "dig +expire" sends an EDNS EXPIRE option when querying. When this
+    option is sent with an SOA query to a server that supports it, it will
+    report the expiry time of a slave zone.
+  * New "dnssec-coverage" tool to check DNSSEC key coverage for a zone and
+    report if a lapse in signing coverage has been inadvertently
+    scheduled.
+  * Signing algorithm flexibility and other improvements for the "rndc"
+    control channel.
+  * "named-checkzone" and "named-compilezone" can now read journal files,
+    allowing them to process dynamic zones.
+  * Multiple DLZ databases can now be configured. Individual zones can be
+    configured to be served from a specific DLZ database. DLZ databases
+    now serve zones of type "master" and "redirect".
+  * "rndc zonestatus" reports information about a specified zone.
+  * "named" now listens on IPv6 as well as IPv4 interfaces by default.
+  * "named" now preserves the capitalization of names when responding to
+    queries: for instance, a query for "example.com" may be answered with
+    "example.COM" if the name was configured that way in the zone file.
+    Some clients have a bug causing them to depend on the older behavior,
+    in which the case of the answer always matched the case of the query,
+    rather than the case of the name configured in the DNS. Such clients
+    can now be specified in the new "no-case-compress" ACL; this will
+    restore the older behavior of "named" for those clients only.
+  * new "dnssec-importkey" command allows the use of offline DNSSEC keys
+    with automatic DNSKEY management.
+  * New "named-rrchecker" tool to verify the syntactic correctness of
+    individual resource records.
+  * When re-signing a zone, the new "dnssec-signzone -Q" option drops
+    signatures from keys that are still published but are no longer
+    active.
+  * "named-checkconf -px" will print the contents of configuration files
+    with the shared secrets obscured, making it easier to share
+    configuration (e.g. when submitting a bug report) without revealing
+    private information.
+  * "rndc scan" causes named to re-scan network interfaces for changes in
+    local addresses.
+  * On operating systems with support for routing sockets, network
+    interfaces are re-scanned automatically whenever they change.
+  * "tsig-keygen" is now available as an alternate command name to use for
+    "ddns-confgen".
+
+BIND 9.9.0
+
+BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
+releases. New features include:
+
+  * Inline signing, allowing automatic DNSSEC signing of master zones
+    without modification of the zonefile, or "bump in the wire" signing in
+    slaves.
+  * NXDOMAIN redirection.
+  * New 'rndc flushtree' command clears all data under a given name from
+    the DNS cache.
+  * New 'rndc sync' command dumps pending changes in a dynamic zone to
+    disk without a freeze/thaw cycle.
+  * New 'rndc signing' command displays or clears signing status records
+    in 'auto-dnssec' zones.
+  * NSEC3 parameters for 'auto-dnssec' zones can now be set prior to
+    signing, eliminating the need to initially sign with NSEC.
+  * Startup time improvements on large authoritative servers.
+  * Slave zones are now saved in raw format by default.
+  * Several improvements to response policy zones (RPZ).
+  * Improved hardware scalability by using multiple threads to listen for
+    queries and using finer-grained client locking
+  * The 'also-notify' option now takes the same syntax as 'masters', so it
+    can used named masterlists and TSIG keys.
+  * 'dnssec-signzone -D' writes an output file containing only DNSSEC
+    data, which can be included by the primary zone file.
+  * 'dnssec-signzone -R' forces removal of signatures that are not expired
+    but were created by a key which no longer exists.
+  * 'dnssec-signzone -X' allows a separate expiration date to be specified
+    for DNSKEY signatures from other signatures.
+  * New '-L' option to dnssec-keygen, dnssec-settime, and
+    dnssec-keyfromlabel sets the default TTL for the key.
+  * dnssec-dsfromkey now supports reading from standard input, to make it
+    easier to convert DNSKEY to DS.
+  * RFC 1918 reverse zones have been added to the empty-zones table per
+    RFC 6303.
+  * Dynamic updates can now optionally set the zone's SOA serial number to
+    the current UNIX time.
+  * DLZ modules can now retrieve the source IP address of the querying
+    client.
+  * 'request-ixfr' option can now be set at the per-zone level.
+  * 'dig +rrcomments' turns on comments about DNSKEY records, indicating
+    their key ID, algorithm and function
+  * Simplified nsupdate syntax and added readline support
+
+BIND 9.8.0
+
+BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
+releases. New features include:
+
+  * Built-in trust anchor for the root zone, which can be switched on via
+    "dnssec-validation auto;"
+  * Support for DNS64.
+  * Support for response policy zones (RPZ).
+  * Support for writable DLZ zones.
+  * Improved ease of configuration of GSS/TSIG for interoperability with
+    Active Directory
+  * Support for GOST signing algorithm for DNSSEC.
+  * Removed RTT Banding from server selection algorithm.
+  * New "static-stub" zone type.
+  * Allow configuration of resolver timeouts via "resolver-query-timeout"
+    option.
+  * The DLZ "dlopen" driver is now built by default.
+  * Added a new include file with function typedefs for the DLZ "dlopen"
+    driver.
+  * Made "--with-gssapi" default.
+  * More verbose error reporting from DLZ LDAP.
+
+BIND 9.7.0
+
+BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
+releases. Most are intended to simplify DNSSEC configuration. New features
+include:
+
+  * Fully automatic signing of zones by "named".
+  * Simplified configuration of DNSSEC Lookaside Validation (DLV).
+  * Simplified configuration of Dynamic DNS, using the "ddns-confgen"
+    command line tool or the "local" update-policy option. (As a side
+    effect, this also makes it easier to configure automatic zone
+    re-signing.)
+  * New named option "attach-cache" that allows multiple views to share a
+    single cache.
+  * DNS rebinding attack prevention.
+  * New default values for dnssec-keygen parameters.
+  * Support for RFC 5011 automated trust anchor maintenance
+  * Smart signing: simplified tools for zone signing and key maintenance.
+  * The "statistics-channels" option is now available on Windows.
+  * A new DNSSEC-aware libdns API for use by non-BIND9 applications
+  * On some platforms, named and other binaries can now print out a stack
+    backtrace on assertion failure, to aid in debugging.
+  * A "tools only" installation mode on Windows, which only installs dig,
+    host, nslookup and nsupdate.
+  * Improved PKCS#11 support, including Keyper support and explicit
+    OpenSSL engine selection.
+
+BIND 9.6.0
+
+  * Full NSEC3 support
+  * Automatic zone re-signing
+  * New update-policy methods tcp-self and 6to4-self
+  * The BIND 8 resolver library, libbind, has been removed from the BIND 9
+    distribution and is now available as a separate download.
+  * Change the default pid file location from /var/run to /var/run/
+    {named,lwresd} for improved chroot/setuid support.
+
+BIND 9.5.0
+
+  * GSS-TSIG support (RFC 3645).
+  * DHCID support.
+  * Experimental http server and statistics support for named via xml.
+  * More detailed statistics counters including those supported in BIND 8.
+  * Faster ACL processing.
+  * Use Doxygen to generate internal documentation.
+  * Efficient LRU cache-cleaning mechanism.
+  * NSID support.
+
+BIND 9.4.0
+
+  * Implemented "additional section caching (or acache)", an internal
+    cache framework for additional section content to improve response
+    performance. Several configuration options were provided to control
+    the behavior.
+  * New notify type 'master-only'. Enable notify for master zones only.
+  * Accept 'notify-source' style syntax for query-source.
+  * rndc now allows addresses to be set in the server clauses.
+  * New option "allow-query-cache". This lets "allow-query" be used to
+    specify the default zone access level rather than having to have every
+    zone override the global value. "allow-query-cache" can be set at both
+    the options and view levels. If "allow-query-cache" is not set then
+    "allow-recursion" is used if set, otherwise "allow-query" is used if
+    set unless "recursion no;" is set in which case "none;" is used,
+    otherwise the default (localhost; localnets;) is used.
+  * rndc: the source address can now be specified.
+  * ixfr-from-differences now takes master and slave in addition to yes
+    and no at the options and view levels.
+  * Allow the journal's name to be changed via named.conf.
+  * 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
+    specified zone.
+  * 'dig +trace' now randomly selects the next servers to try. Report if
+    there is a bad delegation.
+  * Improve check-names error messages.
+  * Make public the function to read a key file, dst_key_read_public().
+  * dig now returns the byte count for axfr/ixfr.
+  * allow-update is now settable at the options / view level.
+  * named-checkconf now checks the logging configuration.
+  * host now can turn on memory debugging flags with '-m'.
+  * Don't send notify messages to self.
+  * Perform sanity checks on NS records which refer to 'in zone' names.
+  * New zone option "notify-delay". Specify a minimum delay between sets
+    of NOTIFY messages.
+  * Extend adjusting TTL warning messages.
+  * Named and named-checkzone can now both check for non-terminal wildcard
+    records.
+  * "rndc freeze/thaw" now freezes/thaws all zones.
+  * named-checkconf now check acls to verify that they only refer to
+    existing acls.
+  * The server syntax has been extended to support a range of servers.
+  * Report differences between hints and real NS rrset and associated
+    address records.
+  * Preserve the case of domain names in rdata during zone transfers.
+  * Restructured the data locking framework using architecture dependent
+    atomic operations (when available), improving response performance on
+    multi-processor machines significantly. x86, x86_64, alpha, powerpc,
+    and mips are currently supported.
+  * UNIX domain controls are now supported.
+  * Add support for additional zone file formats for improving loading
+    performance. The masterfile-format option in named.conf can be used to
+    specify a non-default format. A separate command named-compilezone was
+    provided to generate zone files in the new format. Additionally, the
+    -I and -O options for dnssec-signzone specify the input and output
+    formats.
+  * dnssec-signzone can now randomize signature end times (dnssec-signzone
+    -j jitter).
+  * Add support for CH A record.
+  * Add additional zone data constancy checks. named-checkzone has
+    extended checking of NS, MX and SRV record and the hosts they
+    reference. named has extended post zone load checks. New zone options:
+    check-mx and integrity-check.
+  * edns-udp-size can now be overridden on a per server basis.
+  * dig can now specify the EDNS version when making a query.
+  * Added framework for handling multiple EDNS versions.
+  * Additional memory debugging support to track size and mctx arguments.
+  * Detect duplicates of UDP queries we are recursing on and drop them.
+    New stats category "duplicates".
+  * "USE INTERNAL MALLOC" is now runtime selectable.
+  * The lame cache is now done on a <qname,qclass,qtype> basis as some
+    servers only appear to be lame for certain query types.
+  * Limit the number of recursive clients that can be waiting for a single
+    query (<qname,qtype,qclass>) to resolve. New options clients-per-query
+    and max-clients-per-query.
+  * dig: report the number of extra bytes still left in the packet after
+    processing all the records.
+  * Support for IPSECKEY rdata type.
+  * Raise the UDP recieve buffer size to 32k if it is less than 32k.
+  * x86 and x86_64 now have seperate atomic locking implementations.
+  * named-checkconf now validates update-policy entries.
+  * Attempt to make the amount of work performed in a iteration self
+    tuning. The covers nodes clean from the cache per iteration, nodes
+    written to disk when rewriting a master file and nodes destroyed per
+    iteration when destroying a zone or a cache.
+  * ISC string copy API.
+  * Automatic empty zone creation for D.F.IP6.ARPA and friends. Note: RFC
+    1918 zones are not yet covered by this but are likely to be in a
+    future release.
+  * New options: empty-server, empty-contact, empty-zones-enable and
+    disable-empty-zone.
+  * dig now has a '-q queryname' and '+showsearch' options.
+  * host/nslookup now continue (default)/fail on SERVFAIL.
+  * dig now warns if 'RA' is not set in the answer when 'RD' was set in
+    the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
+    is set unless a server is explicitly set.
+  * Integrate contibuted DLZ code into named.
+  * Integrate contibuted IDN code from JPNIC.
+  * libbind: corresponds to that from BIND 8.4.7.
+
+BIND 9.3.0
+
+  * DNSSEC is now DS based (RFC 3658).
+  * DNSSEC lookaside validation.
+  * check-names is now implemented.
+  * rrset-order is more complete.
+  * IPv4/IPv6 transition support, dual-stack-servers.
+  * IXFR deltas can now be generated when loading master files,
+    ixfr-from-differences.
+  * It is now possible to specify the size of a journal, max-journal-size.
+  * It is now possible to define a named set of master servers to be used
+    in masters clause, masters.
+  * The advertised EDNS UDP size can now be set, edns-udp-size.
+  * allow-v6-synthesis has been obsoleted.
+  * Zones containing MD and MF will now be rejected.
+  * dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
+    NOTIMPL. This will have impact on scripts that are looking for
+    NOTIMPL.
+  * libbind: corresponds to that from BIND 8.4.5.
+
+BIND 9.2.0
+
+  * The size of the cache can now be limited using the "max-cache-size"
+    option.
+  * The server can now automatically convert RFC1886-style recursive
+    lookup requests into RFC2874-style lookups, when enabled using the new
+    option "allow-v6-synthesis". This allows stub resolvers that support
+    AAAA records but not A6 record chains or binary labels to perform
+    lookups in domains that make use of these IPv6 DNS features.
+  * Performance has been improved.
+  * The man pages now use the more portable "man" macros rather than the
+    "mandoc" macros, and are installed by "make install".
+  * The named.conf parser has been completely rewritten. It now supports
+    "include" directives in more places such as inside "view" statements,
+    and it no longer has any reserved words.
+  * The "rndc status" command is now implemented.
+  * rndc can now be configured automatically.
+  * A BIND 8 compatible stub resolver library is now included in lib/bind.
+  * OpenSSL has been removed from the distribution. This means that to use
+    DNSSEC, OpenSSL must be installed and the --with-openssl option must
+    be supplied to configure. This does not apply to the use of TSIG,
+    which does not require OpenSSL.
+  * The source distribution now builds on Windows. See win32utils/
+    readme1.txt and win32utils/win32-build.txt for details.
+  * This distribution also includes a new lightweight stub resolver
+    library and associated resolver daemon that fully support forward and
+    reverse lookups of both IPv4 and IPv6 addresses. This library is
+    considered experimental and is not a complete replacement for the BIND
+    8 resolver library. Applications that use the BIND 8 res_* functions
+    to perform DNS lookups or dynamic updates still need to be linked
+    against the BIND 8 libraries. For DNS lookups, they can also use the
+    new "getrrsetbyname()" API.
+  * BIND 9.2 is capable of acting as an authoritative server for DNSSEC
+    secured zones. This functionality is believed to be stable and
+    complete except for lacking support for verifications involving
+    wildcard records in secure zones.
+  * When acting as a caching server, BIND 9.2 can be configured to perform
+    DNSSEC secure resolution on behalf of its clients. This part of the
+    DNSSEC implementation is still considered experimental. For detailed
+    information about the state of the DNSSEC implementation, see the file
+    doc/misc/dnssec.

HISTORY.md

@@ -10,21 +10,6 @@
 -->
 ### Functional enhancements from prior major releases of BIND 9
 
-#### BIND 9.16
-
-BIND 9.16 (a stable branch based on the 9.15 development branch)
-includes a number of changes from BIND 9.14 and earlier releases.
-New features include:
-
-* New `dnssec-policy` statement to configure a key and signing policy
-  for zones, enabling automatic key regeneration and rollover.
-* New network manager based on `libuv`.
-* Added support for the new GeoIP2 geolocation API, `libmaxminddb`.
-* Improved DNSSEC trust anchor configuration using the `trust-anchors`
-  statement, permitting configuration of trust anchors in DS as well as
-  DNSKEY format.
-* YAML output for `dig`, `mdig`, and `delv`.
-
 #### BIND 9.14
 
 BIND 9.14 (a stable branch based on the 9.13 development branch)
@@ -165,7 +150,7 @@ releases.  New features include:
 - "rndc modzone" reconfigures a single zone, without requiring the entire
   server to be reconfigured.
 - "rndc showzone" displays the current configuration of a zone.
-- "rndc managed-keys" can be used to check the status of RFC 5011 managed
+- "rndc managed-keys" can be used to check the status of RFC 5001 managed
   trust anchors, or to force trust anchors to be refreshed.
 - "max-cache-size" can now be set to a percentage of available memory. The
   default is 90%.
@@ -548,8 +533,8 @@ BIND 9.4.0
 - dig: report the number of extra bytes still left in the packet after
   processing all the records.
 - Support for IPSECKEY rdata type.
-- Raise the UDP receive buffer size to 32k if it is less than 32k.
-- x86 and x86_64 now have separate atomic locking implementations.
+- Raise the UDP recieve buffer size to 32k if it is less than 32k.
+- x86 and x86_64 now have seperate atomic locking implementations.
 - named-checkconf now validates update-policy entries.
 - Attempt to make the amount of work performed in a iteration self tuning.
   The covers nodes clean from the cache per iteration, nodes written to
@@ -566,8 +551,8 @@ BIND 9.4.0
 - dig now warns if 'RA' is not set in the answer when 'RD' was set in the
   query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
   unless a server is explicitly set.
-- Integrate contributed DLZ code into named.
-- Integrate contributed IDN code from JPNIC.
+- Integrate contibuted DLZ code into named.
+- Integrate contibuted IDN code from JPNIC.
 - libbind: corresponds to that from BIND 8.4.7.
 
 #### BIND 9.3.0

Kyuafile

@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('lib/Kyuafile')

Makefile.am

@@ -1,11 +0,0 @@
-include $(top_srcdir)/Makefile.top
-
-SUBDIRS = . libltdl lib bin # doc
-
-BUILT_SOURCES = bind.keys.h
-CLEANFILES = bind.keys.h
-
-bind.keys.h: bind.keys Makefile
-	${PERL} ${top_srcdir}/util/bindkeys.pl < ${top_srcdir}/bind.keys > $@
-
-dist_sysconf_DATA = bind.keys

Makefile.in

@@ -0,0 +1,114 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+top_builddir =  @top_builddir@
+
+VERSION=@BIND9_VERSION@
+
+SUBDIRS =	make lib fuzz bin doc
+TARGETS =
+PREREQS =	bind.keys.h
+
+MANOBJS =	README HISTORY OPTIONS CONTRIBUTING PLATFORMS CODE_OF_CONDUCT \
+		${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+newrr:
+	cd lib/dns; ${MAKE} newrr
+
+bind.keys.h: ${top_srcdir}/bind.keys ${srcdir}/util/bindkeys.pl
+	${PERL} ${srcdir}/util/bindkeys.pl < ${top_srcdir}/bind.keys > $@
+
+distclean::
+	rm -f config.cache config.h config.log config.status TAGS
+	rm -f libtool configure.lineno
+	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
+
+# XXX we should clean libtool stuff too.  Only do this after we add rules
+# to make it.
+maintainer-clean::
+	rm -f configure
+	rm -f bind.keys.h
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+doc man:: ${MANOBJS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
+	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: installdirs
+	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
+
+uninstall::
+	rm -f ${DESTDIR}${sysconfdir}/bind.keys
+
+test check:
+	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>/dev/null || echo fail`"; then \
+	echo I: NOTE: The tests were not run because they require that; \
+	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
+	echo I:	as alias addresses on the loopback interface.  Please run; \
+	echo I:	\'bin/tests/system/ifconfig.sh up\' as root to configure; \
+	echo I:	them, then rerun the tests. Run make force-test to run the; \
+	echo I:	tests anyway.; \
+	exit 1; \
+	fi
+	${MAKE} test-force
+
+force-test: test-force
+
+test-force:
+	status=0; \
+	(cd fuzz && ${MAKE} check) || status=1; \
+	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
+	(test -f ${top_builddir}/unit/unittest.sh && \
+		$(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \
+	exit $$status
+
+README: README.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="README" -f markdown-smart -t html README.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+HISTORY: HISTORY.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="HISTORY" -f markdown-smart -t html HISTORY.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+OPTIONS: OPTIONS.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="OPTIONS" -f markdown-smart -t html OPTIONS.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+CONTRIBUTING: CONTRIBUTING.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="CONTRIBUTING" -f markdown-smart -t html CONTRIBUTING.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+PLATFORMS: PLATFORMS.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="PLATFORMS" -f markdown-smart -t html PLATFORMS.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+CODE_OF_CONDUCT: CODE_OF_CONDUCT.md
+	${PANDOC} --email-obfuscation=none -s --metadata title="CODE OF CONDUCT" -f markdown-smart -t html $< | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+unit::
+	sh ${top_builddir}/unit/unittest.sh
+
+clean::

Makefile.tests

@@ -1,10 +0,0 @@
-# Hey Emacs, this is -*- makefile-automake -*- file!
-# vim: filetype=automake
-
-AM_CPPFLAGS +=					\
-	$(CMOCKA_CFLAGS)			\
-	-DTESTS=\"$(abs_srcdir)\"		\
-	-DNAMED_PLUGINDIR=\"$(libdir)/named\"
-
-LDADD =			\
-	$(CMOCKA_LIBS)

Makefile.top

@@ -1,108 +0,0 @@
-# Hey Emacs, this is -*- makefile-automake -*- file!
-# vim: filetype=automake
-
-ACLOCAL_AMFLAGS = -I $(top_srcdir)/m4
-
-AM_CFLAGS =					\
-	$(STD_CFLAGS)
-
-AM_CPPFLAGS =					\
-	$(STD_CPPFLAGS)				\
-	-include $(top_builddir)/config.h	\
-	-I$(srcdir)/include
-
-if HAVE_GSSAPI
-AM_CPPFLAGS +=					\
-	$(GSSAPI_CFLAGS)
-endif
-
-LIBISC_CFLAGS =						\
-	-I$(top_srcdir)/include				\
-	-I$(top_srcdir)/lib/isc/unix/include		\
-	-I$(top_srcdir)/lib/isc/pthreads/include	\
-	-I$(top_srcdir)/lib/isc/include			\
-	-I$(top_builddir)/lib/isc/include
-
-if HAVE_JSON_C
-LIBISC_CFLAGS +=					\
-	$(JSON_C_CFLAGS)
-endif HAVE_JSON_C
-
-if HAVE_LIBXML2
-LIBISC_CFLAGS +=					\
-	$(LIBXML2_CFLAGS)
-endif HAVE_LIBXML2
-
-LIBISC_LIBS = $(top_builddir)/lib/isc/libisc.la
-
-LIBDNS_CFLAGS = \
-	-I$(top_srcdir)/lib/dns/include			\
-	-I$(top_builddir)/lib/dns/include
-
-LIBDNS_LIBS = \
-	$(top_builddir)/lib/dns/libdns.la
-
-LIBNS_CFLAGS = \
-	-I$(top_srcdir)/lib/ns/include
-
-LIBNS_LIBS = \
-	$(top_builddir)/lib/ns/libns.la
-
-LIBIRS_CFLAGS = \
-	-I$(top_srcdir)/lib/irs/include
-
-LIBIRS_LIBS = \
-	$(top_builddir)/lib/irs/libirs.la
-
-LIBISCCFG_CFLAGS = \
-	-I$(top_srcdir)/lib/isccfg/include
-
-LIBISCCFG_LIBS = \
-	$(top_builddir)/lib/isccfg/libisccfg.la
-
-LIBISCCC_CFLAGS = \
-	-I$(top_srcdir)/lib/isccc/include/
-
-LIBISCCC_LIBS = \
-	$(top_builddir)/lib/isccc/libisccc.la
-
-LIBBIND9_CFLAGS = \
-	-I$(top_srcdir)/lib/bind9/include
-
-LIBBIND9_LIBS = \
-	$(top_builddir)/lib/bind9/libbind9.la
-
-LIBLTDL_CFLAGS = \
-	-I$(top_srcdir)/libltdl
-
-LIBLTDL_LIBS = \
-	$(top_builddir)/libltdl/libltdlc.la
-
-SUFFIXES: .docbook .html .1 .2 .3 .4 .5 .6 .7 .8
-
-.docbook.html:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-docbook-html.xsl $<
-
-.docbook.1:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.2:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.3:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.4:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.5:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.6:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.7:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<
-
-.docbook.8:
-	${XSLTPROC} -o $@ ${top_srcdir}/doc/xsl/isc-manpage.xsl $<

NEWS

@@ -1 +0,0 @@
-CHANGES

OPTIONS

@@ -0,0 +1,28 @@
+OPTIONS
+
+Setting the STD_CDEFINES environment variable before running configure can
+be used to enable certain compile-time options that are not explicitly
+defined in configure.
+
+Some of these settings are:
+
+         Setting                            Description
+                          Overwrite memory with tag values when allocating
+-DISC_MEM_DEFAULTFILL=1   or freeing it; this impairs performance but
+                          makes debugging of memory problems easier.
+                          Don't track memory allocations by file and line
+-DISC_MEM_TRACKLINES=0    number; this improves performance but makes
+                          debugging more difficult.
+-DISC_FACILITY=LOG_LOCAL0 Change the default syslog facility for named
+-DNS_CLIENT_DROPPORT=0    Disable dropping queries from particular
+                          well-known ports:
+-DCHECK_SIBLING=0         Don't check sibling glue in named-checkzone
+-DCHECK_LOCAL=0           Don't check out-of-zone addresses in
+                          named-checkzone
+-DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
+                          rather than ${localstatedir}/run/named/
+                          Disable the use of inline functions to implement
+-DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
+                          may be useful when debugging
+-DISC_HEAP_CHECK          Test heap consistency after every heap
+                          operation; used when debugging

PLATFORMS

@@ -0,0 +1,75 @@
+PLATFORMS
+
+Supported platforms
+
+In general, this version of BIND will build and run on any POSIX-compliant
+system with a C99-compliant C compiler, BSD-style sockets with
+RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
+cryptography library. Atomic operations support from the compiler is
+needed, either in the form of builtin operations, C11 atomics or the
+Interlocked family of functions on Windows.
+
+ISC regularly tests BIND on many operating systems and architectures, but
+lacks the resources to test all of them. Consequently, ISC is only able to
+offer support on a "best effort" basis for some.
+
+Regularly tested platforms
+
+As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
+following systems:
+
+  * Debian 8, 9, 10
+  * Ubuntu 16.04, 18.04
+  * Fedora 28, 29
+  * Red Hat Enterprise Linux / CentOS 6, 7
+  * FreeBSD 11.x
+  * OpenBSD 6.2, 6.3
+
+The amd64, i386, armhf and arm64 CPU architectures are all fully
+supported.
+
+Best effort
+
+The following are platforms on which BIND is known to build and run. ISC
+makes every effort to fix bugs on these platforms, but may be unable to do
+so quickly due to lack of hardware, less familiarity on the part of
+engineering staff, and other constraints. With the exception of Windows
+Server 2012 R2, none of these are tested regularly by ISC.
+
+  * Windows Server 2012 R2, 2016 / x64
+  * Windows 10 / x64
+  * macOS 10.12+
+  * Solaris 11
+  * FreeBSD 10.x, 12.0+
+  * OpenBSD 6.4+
+  * NetBSD
+  * Other Linux distributions still supported by their vendors, such as:
+      + Ubuntu 14.04, 18.10+
+      + Gentoo
+      + Arch Linux
+      + Alpine Linux
+  * OpenWRT/LEDE 17.01+
+  * Other CPU architectures (mips, mipsel, sparc, ...)
+
+Unsupported platforms
+
+These are platforms on which BIND 9.15 is known not to build or run:
+
+  * Platforms without at least OpenSSL 1.0.2
+  * Windows 10 / x86
+  * Windows Server 2012 and older
+  * Solaris 10 and older
+  * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
+  * Platforms that don't support atomic operations (via compiler or
+    library)
+  * Linux without NPTL (Native POSIX Thread Library)
+
+Platform quirks
+
+NetBSD 6 i386
+
+The i386 build of NetBSD requires the libatomic library, available from
+the gcc5-libs package. Because this library is in a non-standard path, its
+location must be specified in the configure command line:
+
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure

PLATFORMS.md

@@ -11,30 +11,11 @@
 ## Supported platforms
 
 In general, this version of BIND will build and run on any POSIX-compliant
-system with a C11-compliant C compiler, BSD-style sockets with RFC-compliant
-IPv6 support, POSIX-compliant threads, the `libuv` asynchronous I/O library,
-and the OpenSSL cryptography library.
-
-The following C11 features are used in BIND 9:
-
-* Atomic operations support from the compiler is needed, either in the form of
-  builtin operations, C11 atomics, or the `Interlocked` family of functions on
-  Windows.
-
-* Thread Local Storage support from the compiler is needed, either in the form
-  of C11 `_Thread_local`/`thread_local`, the `__thread` GCC extension, or
-  the `__declspec(thread)` MSVC extension on Windows.
-
-BIND 9.17 requires a fairly recent version of `libuv` (at least 1.x).  For
-some of the older systems listed below, you will have to install an updated
-`libuv` package from sources such as EPEL, PPA, or other native sources for
-updated packages. The other option is to build and install `libuv` from
-source.
-
-Certain optional BIND features have additional library dependencies.
-These include `libxml2` and `libjson-c` for statistics, `libmaxminddb` for
-geolocation, `libfstrm` and `libprotobuf-c` for DNSTAP, and `libidn2` for
-internationalized domain name conversion.
+system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
+IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
+Atomic operations support from the compiler is needed, either in the form of
+builtin operations, C11 atomics or the Interlocked family of functions on
+Windows.
 
 ISC regularly tests BIND on many operating systems and architectures, but
 lacks the resources to test all of them. Consequently, ISC is only able to
@@ -42,16 +23,15 @@ offer support on a "best effort" basis for some.
 
 ### Regularly tested platforms
 
-As of Mar 2020, BIND 9.17 is fully supported and regularly tested on the
+As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
 following systems:
 
-* Debian 9, 10
-* Ubuntu LTS 16.04, 18.04
-* Fedora 31
-* Red Hat Enterprise Linux / CentOS 7, 8
-* FreeBSD 11.3, 12.1
-* OpenBSD 6.6
-* Alpine Linux
+* Debian 8, 9, 10
+* Ubuntu 16.04, 18.04
+* Fedora 28, 29
+* Red Hat Enterprise Linux / CentOS 6, 7
+* FreeBSD 11.x
+* OpenBSD 6.2, 6.3
 
 The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
 
@@ -67,33 +47,20 @@ Server 2012 R2, none of these are tested regularly by ISC.
 * Windows 10 / x64
 * macOS 10.12+
 * Solaris 11
+* FreeBSD 10.x, 12.0+
+* OpenBSD 6.4+
 * NetBSD
 * Other Linux distributions still supported by their vendors, such as:
-    * Ubuntu 19.04+
+    * Ubuntu 14.04, 18.10+
     * Gentoo
     * Arch Linux
+    * Alpine Linux
 * OpenWRT/LEDE 17.01+
 * Other CPU architectures (mips, mipsel, sparc, ...)
 
-### Community maintained
-
-These systems may not all have the required dependencies for building BIND
-easily available, although it will be possible in many cases to compile
-those directly from source. The community and interested parties may wish
-to help with maintenance, and we welcome patch contributions, although we
-cannot guarantee that we will accept them.  All contributions will be
-assessed against the risk of adverse effect on officially supported
-platforms.
-
-* Platforms past or close to their respective EOL dates, such as:
-    * Ubuntu 14.04, 18.10
-    * CentOS 6
-    * Debian Jessie
-    * FreeBSD 10.x
-
 ## Unsupported platforms
 
-These are platforms on which BIND 9.17 is known *not* to build or run:
+These are platforms on which BIND 9.15 is known *not* to build or run:
 
 * Platforms without at least OpenSSL 1.0.2
 * Windows 10 / x86
@@ -102,4 +69,15 @@ These are platforms on which BIND 9.17 is known *not* to build or run:
 * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
 * Platforms that don't support atomic operations (via compiler or library)
 * Linux without NPTL (Native POSIX Thread Library)
-* Platforms on which `libuv` cannot be compiled
+
+## Platform quirks
+
+### NetBSD 6 i386
+
+The i386 build of NetBSD requires the `libatomic` library, available from
+the `gcc5-libs` package.  Because this library is in a non-standard path,
+its location must be specified in the `configure` command line:
+
+```
+LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure
+```

README

@@ -0,0 +1,365 @@
+README
+
+BIND 9
+
+Contents
+
+ 1. Introduction
+ 2. Reporting bugs and getting help
+ 3. Contributing to BIND
+ 4. BIND 9.15 features
+ 5. Building BIND
+ 6. macOS
+ 7. Dependencies
+ 8. Compile-time options
+ 9. Automated testing
+10. Documentation
+11. Change log
+12. Acknowledgments
+
+Introduction
+
+BIND (Berkeley Internet Name Domain) is a complete, highly portable
+implementation of the DNS (Domain Name System) protocol.
+
+The BIND name server, named, is able to serve as an authoritative name
+server, recursive resolver, DNS forwarder, or all three simultaneously. It
+implements views for split-horizon DNS, automatic DNSSEC zone signing and
+key management, catalog zones to facilitate provisioning of zone data
+throughout a name server constellation, response policy zones (RPZ) to
+protect clients from malicious data, response rate limiting (RRL) and
+recursive query limits to reduce distributed denial of service attacks,
+and many other advanced DNS features. BIND also includes a suite of
+administrative tools, including the dig and delv DNS lookup tools,
+nsupdate for dynamic DNS zone updates, rndc for remote name server
+administration, and more.
+
+BIND 9 began as a complete re-write of the BIND architecture that was used
+in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
+501(c)(3) public benefit corporation dedicated to providing software and
+services in support of the Internet infrastructure, developed BIND 9 and
+is responsible for its ongoing maintenance and improvement. BIND is open
+source software licensed under the terms of the Mozilla Public License,
+version 2.0.
+
+For a summary of features introduced in past major releases of BIND, see
+the file HISTORY.
+
+For a detailed list of changes made throughout the history of BIND 9, see
+the file CHANGES. See below for details on the CHANGES file format.
+
+For up-to-date release notes and errata, see http://www.isc.org/software/
+bind9/releasenotes
+
+For information about supported platforms, see PLATFORMS.
+
+Reporting bugs and getting help
+
+To report non-security-sensitive bugs or request new features, you may
+open an Issue in the BIND 9 project on the ISC GitLab server at https://
+gitlab.isc.org/isc-projects/bind9.
+
+Please note that, unless you explicitly mark the newly created Issue as
+"confidential", it will be publicly readable. Please do not include any
+information in bug reports that you consider to be confidential unless the
+issue has been marked as such. In particular, if submitting the contents
+of your configuration file in a non-confidential Issue, it is advisable to
+obscure key secrets: this can be done automatically by using
+named-checkconf -px.
+
+If the bug you are reporting is a potential security issue, such as an
+assertion failure or other crash in named, please do NOT use GitLab to
+report it. Instead, please send mail to security-officer@isc.org.
+
+Professional support and training for BIND are available from ISC at
+https://www.isc.org/support.
+
+To join the BIND Users mailing list, or view the archives, visit https://
+lists.isc.org/mailman/listinfo/bind-users.
+
+If you're planning on making changes to the BIND 9 source code, you may
+also want to join the BIND Workers mailing list, at https://lists.isc.org/
+mailman/listinfo/bind-workers.
+
+Contributing to BIND
+
+ISC maintains a public git repository for BIND; details can be found at
+http://www.isc.org/git/.
+
+Information for BIND contributors can be found in the following files: -
+General information: CONTRIBUTING.md - Code of Conduct: CODE_OF_CONDUCT.md
+- BIND 9 code style: doc/dev/style.md - BIND architecture and developer
+guide: doc/dev/dev.md
+
+Patches for BIND may be submitted as Merge Requests in the ISC GitLab
+server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
+
+By default, external contributors don't have ability to fork BIND in the
+GitLab server, but if you wish to contribute code to BIND, you may request
+permission to do so. Thereafter, you can create git branches and directly
+submit requests that they be reviewed and merged.
+
+If you prefer, you may also submit code by opening a GitLab Issue and
+including your patch as an attachment, preferably generated by git
+format-patch.
+
+BIND 9.15 features
+
+BIND 9.15 is the newest development branch of BIND 9. It includes a number
+of changes from BIND 9.14 and earlier releases. New features include:
+
+  * Support for the new GeoIP2 geolocation API
+  * Improved DNSSEC key configuration using dnssec-keys
+
+Building BIND
+
+Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
+basic POSIX support, and a 64-bit integer type. Successful builds have
+been observed on many versions of Linux and UNIX, including RedHat,
+Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
+X, Solaris, HP-UX, and OpenWRT.
+
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires the
+libcap library to set process privileges, though this requirement can be
+overridden by disabling capability support at compile time. See
+Compile-time options below for details on other libraries that may be
+required to support optional features.
+
+BIND is also available for Windows 2008 and higher. See win32utils/
+readme1st.txt for details on building for Windows systems.
+
+To build on a UNIX or Linux system, use:
+
+    $ ./configure
+    $ make
+
+If you're planning on making changes to the BIND 9 source, you should run
+make depend. If you're using Emacs, you might find make tags helpful.
+
+Several environment variables that can be set before running configure
+will affect compilation:
+
+   Variable                            Description
+CC             The C compiler to use. configure tries to figure out the
+               right one for supported systems.
+               C compiler flags. Defaults to include -g and/or -O2 as
+CFLAGS         supported by the compiler. Please include '-g' if you need
+               to set CFLAGS.
+               System header file directories. Can be used to specify
+STD_CINCLUDES  where add-on thread or IPv6 support is, for example.
+               Defaults to empty string.
+               Any additional preprocessor symbols you want defined.
+STD_CDEFINES   Defaults to empty string. For a list of possible settings,
+               see the file OPTIONS.
+LDFLAGS        Linker flags. Defaults to empty string.
+BUILD_CC       Needed when cross-compiling: the native C compiler to use
+               when building for the target system.
+BUILD_CFLAGS   Optional, used for cross-compiling
+BUILD_CPPFLAGS
+BUILD_LDFLAGS
+BUILD_LIBS
+
+macOS
+
+Building on macOS assumes that the "Command Tools for Xcode" is installed.
+This can be downloaded from https://developer.apple.com/download/more/ or
+if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and
+other tools so that they can be easily found.
+
+Dependencies
+
+Portions of BIND that are written in Python, including dnssec-keymgr,
+dnssec-coverage, dnssec-checkds, and some of the system tests, require the
+'argparse' and 'ply' modules to be available. 'argparse' is a standard
+module as of Python 2.7 and Python 3.2. 'ply' is available from https://
+pypi.python.org/pypi/ply.
+
+Compile-time options
+
+To see a full list of configuration options, run configure --help.
+
+To build shared libraries, specify --with-libtool on the configure command
+line.
+
+For the server to support DNSSEC, you need to build it with crypto
+support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
+installed. If the OpenSSL library is installed in a nonstandard location,
+specify the prefix using --with-openssl=<PREFIX> on the configure command
+line. To use a PKCS#11 hardware service module for cryptographic
+operations, specify the path to the PKCS#11 provider library using
+--with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location, then:
+
+  * for libxml2, specify the prefix using --with-libxml2=/prefix,
+  * for json-c, adjust PKG_CONFIG_PATH.
+
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib. If this is installed in a nonstandard location,
+specify the prefix using --with-zlib=/prefix.
+
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in
+a nonstandard location, specify the prefix using with-lmdb=/prefix.
+
+To support MaxMind GeoIP2 location-based ACLs, the server must be linked
+with libmaxminddb. This is turned on by default if the library is found;
+if the library is installed in a nonstandard location, specify the prefix
+using --with-maxminddb=/prefix. GeoIP2 support can be switched off with
+--disable-geoip.
+
+For DNSTAP packet logging, you must have installed libfstrm https://
+github.com/farsightsec/fstrm and libprotobuf-c https://
+developers.google.com/protocol-buffers, and BIND must be configured with
+--enable-dnstap.
+
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying --with-tuning=
+large on the configure command line. This can improve performance on big
+servers, but will consume more memory and may degrade performance on
+smaller systems.
+
+On Linux, process capabilities are managed in user space using the libcap
+library, which can be installed on most Linux systems via the libcap-dev
+or libcap-devel module. Process capability support can also be disabled by
+configuring with --disable-linux-caps.
+
+On some platforms it is necessary to explicitly request large file support
+to handle files bigger than 2GB. This can be done by using
+--enable-largefile on the configure command line.
+
+Support for the "fixed" rrset-order option can be enabled or disabled by
+specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
+command line. By default, fixed rrset-order is disabled to reduce memory
+footprint.
+
+The --enable-querytrace option causes named to log every step of
+processing every query. This should only be enabled when debugging,
+because it has a significant negative impact on query performance.
+
+make install will install named and the various BIND 9 libraries. By
+default, installation is into /usr/local, but this can be changed with the
+--prefix option when running configure.
+
+You may specify the option --sysconfdir to set the directory where
+configuration files like named.conf go by default, and --localstatedir to
+set the default parent directory of run/named.pid. --sysconfdir defaults
+to $prefix/etc and --localstatedir defaults to $prefix/var.
+
+Automated testing
+
+A system test suite can be run with make test. The system tests require
+you to configure a set of virtual IP addresses on your system (this allows
+multiple servers to run locally and communicate with one another). These
+IP addresses can be configured by running the command bin/tests/system/
+ifconfig.sh up as root.
+
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
+and will be skipped if these are not available. Some tests require Python
+and the 'dnspython' module and will be skipped if these are not available.
+See bin/tests/system/README for further details.
+
+Unit tests are implemented using the CMocka unit testing framework. To
+build them, use configure --with-cmocka. Execution of tests is done by the
+Kyua test execution engine; if the kyua command is available, then unit
+tests can be run via make test or make unit.
+
+Documentation
+
+The BIND 9 Administrator Reference Manual is included with the source
+distribution, in DocBook XML, HTML and PDF format, in the doc/arm
+directory.
+
+Some of the programs in the BIND 9 distribution have man pages in their
+directories. In particular, the command line options of named are
+documented in bin/named/named.8.
+
+Frequently (and not-so-frequently) asked questions and their answers can
+be found in the ISC Knowledge Base at https://kb.isc.org.
+
+Additional information on various subjects can be found in other README
+files throughout the source tree.
+
+Change log
+
+A detailed list of all changes that have been made throughout the
+development BIND 9 is included in the file CHANGES, with the most recent
+changes listed first. Change notes include tags indicating the category of
+the change that was made; these categories are:
+
+   Category                            Description
+[func]         New feature
+[bug]          General bug fix
+[security]     Fix for a significant security flaw
+[experimental] Used for new features when the syntax or other aspects of
+               the design are still in flux and may change
+[port]         Portability enhancement
+[maint]        Updates to built-in data such as root server addresses and
+               keys
+[tuning]       Changes to built-in configuration defaults and constants to
+               improve performance
+[performance]  Other changes to improve server performance
+[protocol]     Updates to the DNS protocol such as new RR types
+[test]         Changes to the automatic tests, not affecting server
+               functionality
+[cleanup]      Minor corrections and refactoring
+[doc]          Documentation
+[contrib]      Changes to the contributed tools and libraries in the
+               'contrib' subdirectory
+               Used in the master development branch to reserve change
+[placeholder]  numbers for use in other branches, e.g. when fixing a bug
+               that only exists in older releases
+
+In general, [func] and [experimental] tags will only appear in new-feature
+releases (i.e., those with version numbers ending in zero). Some new
+functionality may be backported to older releases on a case-by-case basis.
+All other change types may be applied to all currently-supported releases.
+
+Bug report identifiers
+
+Most notes in the CHANGES file include a reference to a bug report or
+issue number. Prior to 2018, these were usually of the form [RT #NNN] and
+referred to entries in the "bind9-bugs" RT database, which was not open to
+the public. More recent entries use the form [GL #NNN] or, less often, [GL
+!NNN], which, respectively, refer to issues or merge requests in the
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
+
+To look up a Gitlab issue by its number, use the URL https://
+gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
+use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
+
+In rare cases, an issue or merge request number may be followed with the
+letter "P". This indicates that the information is in the private ISC
+Gitlab instance, which is not visible to the public.
+
+Acknowledgments
+
+  * The original development of BIND 9 was underwritten by the following
+    organizations:
+
+      Sun Microsystems, Inc.
+      Hewlett Packard
+      Compaq Computer Corporation
+      IBM
+      Process Software Corporation
+      Silicon Graphics, Inc.
+      Network Associates, Inc.
+      U.S. Defense Information Systems Agency
+      USENIX Association
+      Stichting NLnet - NLnet Foundation
+      Nominum, Inc.
+
+  * This product includes software developed by the OpenSSL Project for
+    use in the OpenSSL Toolkit. http://www.OpenSSL.org/
+
+  * This product includes cryptographic software written by Eric Young
+    (eay@cryptsoft.com)
+
+  * This product includes software written by Tim Hudson
+    (tjh@cryptsoft.com)

README.md

@@ -15,7 +15,7 @@
 1. [Introduction](#intro)
 1. [Reporting bugs and getting help](#help)
 1. [Contributing to BIND](#contrib)
-1. [BIND 9.17 features](#features)
+1. [BIND 9.15 features](#features)
 1. [Building BIND](#build)
 1. [macOS](#macos)
 1. [Dependencies](#dependencies)
@@ -57,8 +57,8 @@ For a detailed list of changes made throughout the history of BIND 9, see
 the file [CHANGES](CHANGES). See [below](#changes) for details on the
 CHANGES file format.
 
-For up-to-date versions and release notes, see
-[https://www.isc.org/download/](https://www.isc.org/download/).
+For up-to-date release notes and errata, see
+[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
 
 For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
 
@@ -79,15 +79,8 @@ using `named-checkconf -px`.
 
 If the bug you are reporting is a potential security issue, such as an
 assertion failure or other crash in `named`, please do *NOT* use GitLab to
-report it. Instead, send mail to
-[security-officer@isc.org](mailto:security-officer@isc.org) using our
-OpenPGP key to secure your message. (Information about OpenPGP and links
-to our key can be found at
-[https://www.isc.org/pgpkey](https://www.isc.org/pgpkey).) Please do not
-discuss the bug on any public mailing list.
-
-For a general overview of ISC security policies, read the Knowledge Base
-article at [https://kb.isc.org/docs/aa-00861](https://kb.isc.org/docs/aa-00861).
+report it. Instead, please send mail to
+[security-officer@isc.org](mailto:security-officer@isc.org).
 
 Professional support and training for BIND are available from
 ISC at [https://www.isc.org/support](https://www.isc.org/support).
@@ -111,7 +104,7 @@ Information for BIND contributors can be found in the following files:
 - BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
 
 Patches for BIND may be submitted as
-[merge requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
+[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
 in the [ISC GitLab server](https://gitlab.isc.org) at
 at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
 
@@ -125,35 +118,33 @@ If you prefer, you may also submit code by opening a
 including your patch as an attachment, preferably generated by
 `git format-patch`.
 
-### <a name="features"/> BIND 9.17 features
+### <a name="features"/> BIND 9.15 features
 
-BIND 9.17 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.16 and earlier releases. New features include:
+BIND 9.15 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.14 and earlier releases. New features
+include:
 
-* New option "max-ixfr-ratio" to limit the size of outgoing IXFR responses
-  before falling back to full zone transfers.
-* "rndc nta -d" and "rndc secroots" now include "validate-except" entries
-  when listing negative trust anchors.
+* Support for the new GeoIP2 geolocation API
+* Improved DNSSEC key configuration using `dnssec-keys`
+* YAML output for dig, mdig, and delv.
 
 ### <a name="build"/> Building BIND
 
 Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type.  BIND also requires the
-`libuv` asynchronous I/O library, and a cryptography provider library
-such as OpenSSL or a hardware service module supporting PKCS#11. On
-Linux, BIND requires the `libcap` library to set process privileges,
-though this requirement can be overridden by disabling capability
-support at compile time. See [Compile-time options](#opts) below
-for details on other libraries that may be required to support
-optional features.
+basic POSIX support, and a 64-bit integer type. Successful builds have been
+observed on many versions of Linux and UNIX, including RedHat, Fedora,
+Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
+Solaris, HP-UX, and OpenWRT.
 
-Successful builds have been observed on many versions of Linux and
-UNIX, including RHEL/CentOS, Fedora, Debian, Ubuntu, SLES, openSUSE,
-Slackware, Alpine, FreeBSD, NetBSD, OpenBSD, macOS, Solaris,
-OpenIndiana, OmniOS CE, HP-UX, and OpenWRT.
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires
+the `libcap` library to set process privileges, though this requirement
+can be overridden by disabling capability support at compile time.
+See [Compile-time options](#opts) below for details on other libraries
+that may be required to support optional features.
 
-BIND is also available for Windows Server 2012 R2 and higher.  See
-`win32utils/build.txt` for details on building for Windows
+BIND is also available for Windows 2008 and higher.  See
+`win32utils/readme1st.txt` for details on building for Windows
 systems.
 
 To build on a UNIX or Linux system, use:
@@ -165,28 +156,36 @@ If you're planning on making changes to the BIND 9 source, you should run
 `make depend`.  If you're using Emacs, you might find `make tags` helpful.
 
 Several environment variables that can be set before running `configure` will
-affect compilation.  Significant ones are:
+affect compilation:
 
 |Variable|Description |
 |--------------------|-----------------------------------------------|
 |`CC`|The C compiler to use.  `configure` tries to figure out the right one for supported systems.|
 |`CFLAGS`|C compiler flags.  Defaults to include -g and/or -O2 as supported by the compiler.  Please include '-g' if you need to set `CFLAGS`. |
+|`STD_CINCLUDES`|System header file directories.  Can be used to specify where add-on thread or IPv6 support is, for example.  Defaults to empty string.|
+|`STD_CDEFINES`|Any additional preprocessor symbols you want defined.  Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
 |`LDFLAGS`|Linker flags. Defaults to empty string.|
-
-Additional environment variables affecting the build are listed at the
-end of the `configure` help text, which can be obtained by running the
-command:
-
-    $ ./configure --help
+|`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
+|`BUILD_CFLAGS`|Optional, used for cross-compiling|
+|`BUILD_CPPFLAGS`||
+|`BUILD_LDFLAGS`||
+|`BUILD_LIBS`||
 
 #### <a name="macos"> macOS
 
 Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from
-[https://developer.apple.com/download/more/](https://developer.apple.com/download/more/)
-or, if you have Xcode already installed, you can run `xcode-select
---install`.  (Note that an Apple ID may be required to access the download
-page.)
+This can be downloaded from https://developer.apple.com/download/more/
+or if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and other
+tools so that they can be easily found.
+
+### <a name="dependencies"/> Dependencies
+
+Portions of BIND that are written in Python, including
+`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
+system tests, require the 'argparse' and 'ply' modules to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2.
+'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
 
 #### <a name="opts"/> Compile-time options
 
@@ -204,16 +203,16 @@ path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
 configure BIND with `--enable-native-pkcs11`.
 
 To support the HTTP statistics channel, the server must be linked with at
-least one of the following libraries: `libxml2`
-[http://xmlsoft.org](http://xmlsoft.org) or `json-c`
-[https://github.com/json-c/json-c](https://github.com/json-c/json-c).
-If these are installed at a nonstandard location, then:
+least one of the following: libxml2
+[http://xmlsoft.org](http://xmlsoft.org) or json-c
+[https://github.com/json-c](https://github.com/json-c).  If these are
+installed at a nonstandard location, then:
 
-* for `libxml2`, specify the prefix using `--with-libxml2=/prefix`,
-* for `json-c`, adjust `PKG_CONFIG_PATH`.
+* for libxml2, specify the prefix using `--with-libxml2=/prefix`,
+* for json-c, adjust `PKG_CONFIG_PATH`.
 
 To support compression on the HTTP statistics channel, the server must be
-linked against `libzlib`.  If this is installed in a nonstandard location,
+linked against libzlib.  If this is installed in a nonstandard location,
 specify the prefix using `--with-zlib=/prefix`.
 
 To support storing configuration data for runtime-added zones in an LMDB
@@ -226,20 +225,22 @@ found; if the library is installed in a nonstandard location,
 specify the prefix using `--with-maxminddb=/prefix`. GeoIP2 support
 can be switched off with `--disable-geoip`.
 
-For DNSTAP packet logging, you must have installed `libfstrm`
+For DNSTAP packet logging, you must have installed libfstrm
 [https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
-and `libprotobuf-c`
+and libprotobuf-c
 [https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
 and BIND must be configured with `--enable-dnstap`.
 
-Certain compiled-in constants and default settings can be decreased to
-values better suited to small machines, e.g. OpenWRT boxes, by specifying
-`--with-tuning=small` on the `configure` command line. This will decrease
-memory usage by using smaller structures, but will degrade performance.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying
+`--with-tuning=large` on the `configure` command line. This can improve
+performance on big servers, but will consume more memory and may degrade
+performance on smaller systems.
 
 On Linux, process capabilities are managed in user space using
 the `libcap` library, which can be installed on most Linux systems via
-the `libcap-dev` or `libcap-devel` package. Process capability support can
+the `libcap-dev` or `libcap-devel` module. Process capability support can
 also be disabled by configuring with `--disable-linux-caps`.
 
 On some platforms it is necessary to explicitly request large file support
@@ -266,25 +267,26 @@ defaults to `$prefix/etc` and `--localstatedir` defaults to `$prefix/var`.
 
 ### <a name="testing"/> Automated testing
 
-A system test suite can be run with `make check`.  The system tests require
+A system test suite can be run with `make test`.  The system tests require
 you to configure a set of virtual IP addresses on your system (this allows
 multiple servers to run locally and communicate with one another).  These
 IP addresses can be configured by running the command
 `bin/tests/system/ifconfig.sh up` as root.
 
-Some tests require Perl and the `Net::DNS` and/or `IO::Socket::INET6` modules,
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
 and will be skipped if these are not available. Some tests require Python
-and the `dnspython` module and will be skipped if these are not available.
+and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the CMocka unit testing framework.  To build
-them, use `configure --with-cmocka`. Execution of tests is done by the automake
-parallel test driver; unit tests are also run by `make check`.
+Unit tests are implemented using the CMocka unit testing framework.
+To build them, use `configure --with-cmocka`. Execution of tests is done
+by the Kyua test execution engine; if the `kyua` command is available,
+then unit tests can be run via `make test` or `make unit`.
 
 ### <a name="doc"/> Documentation
 
 The *BIND 9 Administrator Reference Manual* is included with the source
-distribution, in DocBook XML, HTML, and PDF format, in the `doc/arm`
+distribution, in DocBook XML, HTML and PDF format, in the `doc/arm`
 directory.
 
 Some of the programs in the BIND 9 distribution have man pages in their
@@ -334,17 +336,17 @@ issue number. Prior to 2018, these were usually of the form `[RT #NNN]`
 and referred to entries in the "bind9-bugs" RT database, which was not open
 to the public. More recent entries use the form `[GL #NNN]` or, less often,
 `[GL !NNN]`, which, respectively, refer to issues or merge requests in the
-GitLab database. Most of these are publicly readable, unless they include
-information which is confidential or security sensitive.
+Gitlab database. Most of these are publicly readable, unless they include
+information which is confidential or security senstive.
 
-To look up a GitLab issue by its number, use the URL
+To look up a Gitlab issue by its number, use the URL
 [https://gitlab.isc.org/isc-projects/bind9/issues/NNN](https://gitlab.isc.org/isc-projects/bind9/issues).
 To look up a merge request, use
 [https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
 
 In rare cases, an issue or merge request number may be followed with the
 letter "P". This indicates that the information is in the private ISC
-GitLab instance, which is not visible to the public.
+Gitlab instance, which is not visible to the public.
 
 ### <a name="ack"/> Acknowledgments
 

aclocal.m4

@@ -0,0 +1,387 @@
+# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
+# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+	m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+        AC_MSG_RESULT([no])
+	m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+	$3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997-2018 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ([2.52])dnl
+ m4_if([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+       [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_MAINTAINER_MODE([DEFAULT-MODE])
+# ----------------------------------
+# Control maintainer-specific portions of Makefiles.
+# Default is to disable them, unless 'enable' is passed literally.
+# For symmetry, 'disable' may be passed as well.  Anyway, the user
+# can override the default with the --enable/--disable switch.
+AC_DEFUN([AM_MAINTAINER_MODE],
+[m4_case(m4_default([$1], [disable]),
+       [enable], [m4_define([am_maintainer_other], [disable])],
+       [disable], [m4_define([am_maintainer_other], [enable])],
+       [m4_define([am_maintainer_other], [enable])
+        m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
+AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
+  dnl maintainer-mode's default is 'disable' unless 'enable' is passed
+  AC_ARG_ENABLE([maintainer-mode],
+    [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode],
+      am_maintainer_other[ make rules and dependencies not useful
+      (and sometimes confusing) to the casual installer])],
+    [USE_MAINTAINER_MODE=$enableval],
+    [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
+  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+  AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
+  MAINT=$MAINTAINER_MODE_TRUE
+  AC_SUBST([MAINT])dnl
+]
+)
+
+# Copyright (C) 2006-2018 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# --------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+m4_include([m4/ax_check_compile_flag.m4])
+m4_include([m4/ax_check_openssl.m4])
+m4_include([m4/ax_posix_shell.m4])
+m4_include([m4/ax_pthread.m4])
+m4_include([m4/ax_restore_flags.m4])
+m4_include([m4/ax_save_flags.m4])
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])

autogen.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# Run this script after modifying configure.in to generate configure
+autoreconf -f -i

bin/Makefile.am

@@ -1,5 +0,0 @@
-SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen tests plugins
-
-if HAVE_PKCS11
-SUBDIRS += pkcs11
-endif

bin/Makefile.in

@@ -0,0 +1,18 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+SUBDIRS =	named rndc dig delv dnssec tools nsupdate check confgen \
+		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
+TARGETS =
+
+@BIND9_MAKE_RULES@

bin/check/Makefile.am

@@ -1,34 +0,0 @@
-include $(top_srcdir)/Makefile.top
-
-AM_CPPFLAGS +=			\
-	$(LIBISC_CFLAGS)	\
-	$(LIBDNS_CFLAGS)	\
-	$(LIBNS_CFLAGS)		\
-	$(LIBISCCFG_CFLAGS)	\
-	$(LIBBIND9_CFLAGS)
-
-AM_CPPFLAGS +=						\
-	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
-
-noinst_LTLIBRARIES = libcheck-tool.la
-
-libcheck_tool_la_SOURCES =	\
-	check-tool.h		\
-	check-tool.c
-
-LDADD =				\
-	libcheck-tool.la	\
-	$(LIBISC_LIBS)		\
-	$(LIBDNS_LIBS)		\
-	$(LIBNS_LIBS)		\
-	$(LIBISCCFG_LIBS)	\
-	$(LIBBIND9_LIBS)
-
-sbin_PROGRAMS = named-checkconf named-checkzone
-
-install-exec-hook:
-	ln -f $(DESTDIR)$(sbindir)/named-checkzone \
-	      $(DESTDIR)$(sbindir)/named-compilezone
-
-uninstall-hook:
-	-rm -f $(DESTDIR)$(sbindir)/named-compilezone

bin/check/Makefile.in

@@ -0,0 +1,103 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
+		${ISC_INCLUDES} \
+		${OPENSSL_CFLAGS}
+
+CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CWARNINGS =
+
+DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
+NSLIBS =	../../lib/ns/libns.@A@
+
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+NSDEPENDLIBS =	../../lib/ns/libns.@A@
+
+LIBS =		${ISCLIBS} @LIBS@
+NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
+
+SUBDIRS =
+
+# Alphabetically
+TARGETS =	named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
+
+# Alphabetically
+SRCS =		named-checkconf.c named-checkzone.c check-tool.c
+
+MANPAGES =	named-checkconf.8 named-checkzone.8
+
+HTMLPAGES =	named-checkconf.html named-checkzone.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+named-checkconf.@O@: named-checkconf.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DVERSION=\"${VERSION}\" \
+		-c ${srcdir}/named-checkconf.c
+
+named-checkzone.@O@: named-checkzone.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DVERSION=\"${VERSION}\" \
+		-c ${srcdir}/named-checkzone.c
+
+named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+		${NSDEPENDLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
+	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
+	export LIBS0="${BIND9LIBS} ${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
+	${FINALBUILDCMD}
+
+named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+		${NSDEPENDLIBS} ${DNSDEPLIBS}
+	export BASEOBJS="named-checkzone.@O@ check-tool.@O@"; \
+	export LIBS0="${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
+	${FINALBUILDCMD}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
+	(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
+	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
+
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
+	rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@
+
+clean distclean::
+	rm -f ${TARGETS} r1.htm

bin/check/check-tool.c

@@ -9,21 +9,23 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdio.h>
+#include <inttypes.h>
 
 #ifdef _WIN32
 #include <Winsock2.h>
-#endif /* ifdef _WIN32 */
+#endif
 
+#include "check-tool.h"
 #include <isc/buffer.h>
 #include <isc/log.h>
 #include <isc/mem.h>
-#include <isc/net.h>
 #include <isc/netdb.h>
+#include <isc/net.h>
 #include <isc/print.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
@@ -50,31 +52,29 @@
 
 #include <ns/log.h>
 
-#include "check-tool.h"
-
 #ifndef CHECK_SIBLING
 #define CHECK_SIBLING 1
-#endif /* ifndef CHECK_SIBLING */
+#endif
 
 #ifndef CHECK_LOCAL
 #define CHECK_LOCAL 1
-#endif /* ifndef CHECK_LOCAL */
+#endif
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r) \
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
-#define ERR_IS_CNAME	   1
-#define ERR_NO_ADDRESSES   2
+#define ERR_IS_CNAME 1
+#define ERR_NO_ADDRESSES 2
 #define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A	   4
-#define ERR_EXTRA_AAAA	   5
-#define ERR_MISSING_GLUE   5
-#define ERR_IS_MXCNAME	   6
-#define ERR_IS_SRVCNAME	   7
+#define ERR_EXTRA_A 4
+#define ERR_EXTRA_AAAA 5
+#define ERR_MISSING_GLUE 5
+#define ERR_IS_MXCNAME 6
+#define ERR_IS_SRVCNAME 7
 
 static const char *dbtype[] = { "rbt" };
 
@@ -85,26 +85,31 @@ bool nomerge = true;
 bool docheckmx = true;
 bool dochecksrv = true;
 bool docheckns = true;
-#else  /* if CHECK_LOCAL */
+#else
 bool docheckmx = false;
 bool dochecksrv = false;
 bool docheckns = false;
-#endif /* if CHECK_LOCAL */
-dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_CHECKMX |
-			     DNS_ZONEOPT_MANYERRORS | DNS_ZONEOPT_CHECKNAMES |
+#endif
+dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
+			     DNS_ZONEOPT_CHECKMX |
+			     DNS_ZONEOPT_MANYERRORS |
+			     DNS_ZONEOPT_CHECKNAMES |
 			     DNS_ZONEOPT_CHECKINTEGRITY |
 #if CHECK_SIBLING
 			     DNS_ZONEOPT_CHECKSIBLING |
-#endif /* if CHECK_SIBLING */
+#endif
 			     DNS_ZONEOPT_CHECKWILDCARD |
-			     DNS_ZONEOPT_WARNMXCNAME | DNS_ZONEOPT_WARNSRVCNAME;
+			     DNS_ZONEOPT_WARNMXCNAME |
+			     DNS_ZONEOPT_WARNSRVCNAME;
 
 /*
  * This needs to match the list in bin/named/log.c.
  */
-static isc_logcategory_t categories[] = { { "", 0 },
-					  { "unmatched", 0 },
-					  { NULL, 0 } };
+static isc_logcategory_t categories[] = {
+	{ "",		     0 },
+	{ "unmatched", 	     0 },
+	{ NULL,		     0 }
+};
 
 static isc_symtab_t *symtab = NULL;
 static isc_mem_t *sym_mctx;
@@ -122,15 +127,16 @@ add(char *key, int value) {
 	isc_symvalue_t symvalue;
 
 	if (sym_mctx == NULL) {
-		isc_mem_create(&sym_mctx);
+		result = isc_mem_create(0, 0, &sym_mctx);
+		if (result != ISC_R_SUCCESS)
+			return;
 	}
 
 	if (symtab == NULL) {
 		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
 					   false, &symtab);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 	}
 
 	key = isc_mem_strdup(sym_mctx, key);
@@ -138,29 +144,27 @@ add(char *key, int value) {
 	symvalue.as_pointer = NULL;
 	result = isc_symtab_define(symtab, key, value, symvalue,
 				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		isc_mem_free(sym_mctx, key);
-	}
 }
 
 static bool
 logged(char *key, int value) {
 	isc_result_t result;
 
-	if (symtab == NULL) {
+	if (symtab == NULL)
 		return (false);
-	}
 
 	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	}
 	return (false);
 }
 
 static bool
 checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
-	dns_rdataset_t *a, dns_rdataset_t *aaaa) {
+	dns_rdataset_t *a, dns_rdataset_t *aaaa)
+{
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	struct addrinfo hints, *ai, *cur;
@@ -178,9 +182,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
 		aaaa->type == dns_rdatatype_aaaa);
 
-	if (a == NULL || aaaa == NULL) {
+	if (a == NULL || aaaa == NULL)
 		return (answer);
-	}
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -207,17 +210,16 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
 		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME))
-		{
+		    !logged(namebuf, ERR_IS_CNAME)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
 				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf, cur->ai_canonname);
+				     ownerbuf, namebuf,
+				     cur->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
 			add(namebuf, ERR_IS_CNAME);
@@ -226,7 +228,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
@@ -240,8 +242,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -250,17 +252,15 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	/*
 	 * Check that all glue records really exist.
 	 */
-	if (!dns_rdataset_isassociated(a)) {
+	if (!dns_rdataset_isassociated(a))
 		goto checkaaaa;
-	}
 	result = dns_rdataset_first(a);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(a, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET) {
+			if (cur->ai_family != AF_INET)
 				continue;
-			}
 			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
@@ -268,12 +268,11 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = false; */
@@ -282,32 +281,28 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 		result = dns_rdataset_next(a);
 	}
 
-checkaaaa:
-	if (!dns_rdataset_isassociated(aaaa)) {
+ checkaaaa:
+	if (!dns_rdataset_isassociated(aaaa))
 		goto checkmissing;
-	}
 	result = dns_rdataset_first(aaaa);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(aaaa, &rdata);
 		match = false;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET6) {
+			if (cur->ai_family != AF_INET6)
 				continue;
-			}
-			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-				       ->sin6_addr;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
 				match = true;
 				break;
 			}
 		}
 		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' "
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET6, rdata.data, addrbuf,
-					       sizeof(addrbuf)));
+				     inet_ntop(AF_INET6, rdata.data,
+					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = false; */
@@ -316,7 +311,7 @@ checkaaaa:
 		result = dns_rdataset_next(aaaa);
 	}
 
-checkmissing:
+ checkmissing:
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
@@ -326,50 +321,42 @@ checkmissing:
 			switch (cur->ai_family) {
 			case AF_INET:
 				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))
-					       ->sin_addr;
+				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 				type = "A";
 				break;
 			case AF_INET6:
 				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))
-					       ->sin6_addr;
+				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 				type = "AAAA";
 				break;
 			default:
-				continue;
+				 continue;
 			}
 			match = false;
-			if (dns_rdataset_isassociated(rdataset)) {
+			if (dns_rdataset_isassociated(rdataset))
 				result = dns_rdataset_first(rdataset);
-			} else {
+			else
 				result = ISC_R_FAILURE;
-			}
 			while (result == ISC_R_SUCCESS && !match) {
 				dns_rdataset_current(rdataset, &rdata);
 				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-				{
 					match = true;
-				}
 				dns_rdata_reset(&rdata);
 				result = dns_rdataset_next(rdataset);
 			}
 			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR,
-					     "%s/NS '%s' "
+				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 					     "missing GLUE %s record (%s)",
 					     ownerbuf, namebuf, type,
 					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf,
-						       sizeof(addrbuf)));
+						       addrbuf, sizeof(addrbuf)));
 				/* XXX950 make fatal for 9.5.0. */
 				/* answer = false; */
 				missing_glue = true;
 			}
 		}
-		if (missing_glue) {
+		if (missing_glue)
 			add(namebuf, ERR_MISSING_GLUE);
-		}
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -409,15 +396,12 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_MXCNAME)) {
 					dns_zone_log(zone, level,
@@ -428,9 +412,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_MXCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -439,7 +422,7 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/MX '%s' (out of zone) "
@@ -453,8 +436,8 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -495,28 +478,23 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 		 */
 		cur = ai;
 		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL) {
+		       cur->ai_next != NULL)
 			cur = cur->ai_next;
-		}
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0)
-		{
-			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
-			}
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
 				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/SRV '%s'"
+					dns_zone_log(zone, level, "%s/SRV '%s'"
 						     " (out of zone) is a "
 						     "CNAME '%s' (illegal)",
 						     ownerbuf, namebuf,
 						     cur->ai_canonname);
 					add(namebuf, ERR_IS_SRVCNAME);
 				}
-				if (level == ISC_LOG_ERROR) {
+				if (level == ISC_LOG_ERROR)
 					answer = false;
-				}
 			}
 		}
 		freeaddrinfo(ai);
@@ -525,7 +503,7 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
-#endif /* if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME) */
+#endif
 		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/SRV '%s' (out of zone) "
@@ -539,8 +517,8 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
 			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s", namebuf,
-				     gai_strerror(result));
+				     "getaddrinfo(%s) failed: %s",
+				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
 		return (true);
@@ -553,7 +531,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
 
-	isc_log_create(mctx, &log, &logconfig);
+	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_registercategories(log, categories);
 	isc_log_setcontext(log);
 	dns_log_init(log);
@@ -565,11 +543,12 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
-	isc_log_createchannel(logconfig, "stderr", ISC_LOG_TOFILEDESC,
-			      ISC_LOG_DYNAMIC, &destination, 0);
-
-	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL) ==
-		      ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
+				       ISC_LOG_TOFILEDESC,
+				       ISC_LOG_DYNAMIC,
+				       &destination, 0) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
+					 NULL, NULL) == ISC_R_SUCCESS);
 
 	*logp = log;
 	return (ISC_R_SUCCESS);
@@ -596,20 +575,18 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	CHECK(dns_db_newversion(db, &version));
 	CHECK(dns_db_createiterator(db, 0, &dbiter));
 
-	for (result = dns_dbiterator_first(dbiter); result == ISC_R_SUCCESS;
-	     result = dns_dbiterator_next(dbiter))
-	{
+	for (result = dns_dbiterator_first(dbiter);
+	     result == ISC_R_SUCCESS;
+	     result = dns_dbiterator_next(dbiter)) {
 		result = dns_dbiterator_current(dbiter, &node, name);
-		if (result == DNS_R_NEWORIGIN) {
+		if (result == DNS_R_NEWORIGIN)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		CHECK(dns_db_allrdatasets(db, node, version, 0, &rdsiter));
 		for (result = dns_rdatasetiter_first(rdsiter);
 		     result == ISC_R_SUCCESS;
-		     result = dns_rdatasetiter_next(rdsiter))
-		{
+		     result = dns_rdatasetiter_next(rdsiter)) {
 			dns_rdatasetiter_current(rdsiter, &rdataset);
 			if (rdataset.ttl > maxttl) {
 				char nbuf[DNS_NAME_FORMATSIZE];
@@ -632,35 +609,28 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 			}
 			dns_rdataset_disassociate(&rdataset);
 		}
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			result = ISC_R_SUCCESS;
-		}
 		CHECK(result);
 
 		dns_rdatasetiter_destroy(&rdsiter);
 		dns_db_detachnode(db, &node);
 	}
 
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		result = ISC_R_SUCCESS;
-	}
 
-cleanup:
-	if (node != NULL) {
+ cleanup:
+	if (node != NULL)
 		dns_db_detachnode(db, &node);
-	}
-	if (rdsiter != NULL) {
+	if (rdsiter != NULL)
 		dns_rdatasetiter_destroy(&rdsiter);
-	}
-	if (dbiter != NULL) {
+	if (dbiter != NULL)
 		dns_dbiterator_destroy(&dbiter);
-	}
-	if (version != NULL) {
+	if (version != NULL)
 		dns_db_closeversion(db, &version, false);
-	}
-	if (db != NULL) {
+	if (db != NULL)
 		dns_db_detach(&db);
-	}
 
 	return (result);
 }
@@ -669,7 +639,8 @@ cleanup:
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	  dns_masterformat_t fileformat, const char *classname,
-	  dns_ttl_t maxttl, dns_zone_t **zonep) {
+	  dns_ttl_t maxttl, dns_zone_t **zonep)
+{
 	isc_result_t result;
 	dns_rdataclass_t rdclass;
 	isc_textregion_t region;
@@ -680,10 +651,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	REQUIRE(zonep == NULL || *zonep == NULL);
 
-	if (debug) {
+	if (debug)
 		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
 			zonename, filename, classname);
-	}
 
 	CHECK(dns_zone_create(&zone, mctx));
 
@@ -694,17 +664,11 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	origin = dns_fixedname_initname(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
-	dns_zone_setdbtype(zone, 1, (const char *const *)dbtype);
-	if (strcmp(filename, "-") == 0) {
-		CHECK(dns_zone_setstream(zone, stdin, fileformat,
-					 &dns_master_style_default));
-	} else {
-		CHECK(dns_zone_setfile(zone, filename, fileformat,
-				       &dns_master_style_default));
-	}
-	if (journal != NULL) {
+	dns_zone_setdbtype(zone, 1, (const char * const *) dbtype);
+	CHECK(dns_zone_setfile(zone, filename, fileformat,
+			       &dns_master_style_default));
+	if (journal != NULL)
 		CHECK(dns_zone_setjournal(zone, journal));
-	}
 
 	DE_CONST(classname, region.base);
 	region.length = strlen(classname);
@@ -716,15 +680,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	dns_zone_setmaxttl(zone, maxttl);
 
-	if (docheckmx) {
+	if (docheckmx)
 		dns_zone_setcheckmx(zone, checkmx);
-	}
-	if (docheckns) {
+	if (docheckns)
 		dns_zone_setcheckns(zone, checkns);
-	}
-	if (dochecksrv) {
+	if (dochecksrv)
 		dns_zone_setchecksrv(zone, checksrv);
-	}
 
 	CHECK(dns_zone_load(zone, false));
 
@@ -741,10 +702,9 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 		zone = NULL;
 	}
 
-cleanup:
-	if (zone != NULL) {
+ cleanup:
+	if (zone != NULL)
 		dns_zone_detach(&zone);
-	}
 	return (result);
 }
 
@@ -752,39 +712,36 @@ cleanup:
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion) {
+	  const uint32_t rawversion)
+{
 	isc_result_t result;
 	FILE *output = stdout;
 	const char *flags;
 
-	flags = (fileformat == dns_masterformat_text) ? "w" : "wb";
+	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0) {
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n", zonename,
-				filename);
-		} else {
+		if (filename != NULL && strcmp(filename, "-") != 0)
+			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
+				zonename, filename);
+		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
-		}
 	}
 
 	if (filename != NULL && strcmp(filename, "-") != 0) {
 		result = isc_stdio_open(filename, flags, &output);
 
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr,
-				"could not open output "
-				"file \"%s\" for writing\n",
-				filename);
+			fprintf(stderr, "could not open output "
+				"file \"%s\" for writing\n", filename);
 			return (ISC_R_FAILURE);
 		}
 	}
 
 	result = dns_zone_dumptostream(zone, output, fileformat, style,
 				       rawversion);
-	if (output != stdout) {
+	if (output != stdout)
 		(void)isc_stdio_close(output);
-	}
 
 	return (result);
 }
@@ -798,7 +755,7 @@ InitSockets(void) {
 
 	wVersionRequested = MAKEWORD(2, 0);
 
-	err = WSAStartup(wVersionRequested, &wsaData);
+	err = WSAStartup( wVersionRequested, &wsaData );
 	if (err != 0) {
 		fprintf(stderr, "WSAStartup() failed: %d\n", err);
 		exit(1);
@@ -809,4 +766,4 @@ void
 DestroySockets(void) {
 	WSACleanup();
 }
-#endif /* ifdef _WIN32 */
+#endif

bin/check/check-tool.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
 
@@ -41,11 +42,9 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  const uint32_t rawversion);
 
 #ifdef _WIN32
-void
-InitSockets(void);
-void
-DestroySockets(void);
-#endif /* ifdef _WIN32 */
+void InitSockets(void);
+void DestroySockets(void);
+#endif
 
 extern int debug;
 extern const char *journal;
@@ -57,4 +56,4 @@ extern dns_zoneopt_t zone_options;
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef CHECK_TOOL_H */
+#endif

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -148,5 +148,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkconf.c

@@ -9,14 +9,14 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #include <errno.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
-#include <isc/attributes.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
 #include <isc/hash.h>
@@ -27,6 +27,11 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
+#include <isccfg/namedconf.h>
+#include <isccfg/grammar.h>
+
+#include <bind9/check.h>
+
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -36,11 +41,6 @@
 #include <dns/rootns.h>
 #include <dns/zone.h>
 
-#include <isccfg/grammar.h>
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
 #include "check-tool.h"
 
 static const char *program = "named-checkconf";
@@ -49,23 +49,21 @@ static bool loadplugins = true;
 
 isc_log_t *logc = NULL;
 
-#define CHECK(r)                             \
-	do {                                 \
-		result = (r);                \
+#define CHECK(r)\
+	do { \
+		result = (r); \
 		if (result != ISC_R_SUCCESS) \
-			goto cleanup;        \
+			goto cleanup; \
 	} while (0)
 
 /*% usage */
-ISC_NORETURN static void
-usage(void);
+ISC_PLATFORM_NORETURN_PRE static void
+usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr,
-		"usage: %s [-chijlvz] [-p [-x]] [-t directory] "
-		"[named.conf]\n",
-		program);
+	fprintf(stderr, "usage: %s [-chijlvz] [-p [-x]] [-t directory] "
+		"[named.conf]\n", program);
 	exit(1);
 }
 
@@ -87,8 +85,8 @@ directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	result = isc_dir_chdir(directory);
 	if (result != ISC_R_SUCCESS) {
 		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n", directory,
-			    isc_result_totext(result));
+			    "change directory to '%s' failed: %s\n",
+			    directory, isc_result_totext(result));
 		return (result);
 	}
 
@@ -99,12 +97,10 @@ static bool
 get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
 	int i;
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS) {
+		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
 			return (true);
-		}
 	}
 }
 
@@ -118,26 +114,25 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 	int i;
 
 	for (i = 0;; i++) {
-		if (maps[i] == NULL) {
+		if (maps[i] == NULL)
 			return (false);
-		}
 		checknames = NULL;
 		result = cfg_map_get(maps[i], "check-names", &checknames);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			continue;
-		}
 		if (checknames != NULL && !cfg_obj_islist(checknames)) {
 			*obj = checknames;
 			return (true);
 		}
-		for (element = cfg_list_first(checknames); element != NULL;
-		     element = cfg_list_next(element))
-		{
+		for (element = cfg_list_first(checknames);
+		     element != NULL;
+		     element = cfg_list_next(element)) {
 			value = cfg_listelt_value(element);
 			type = cfg_tuple_get(value, "type");
-			if ((strcasecmp(cfg_obj_asstring(type), "primary") !=
-			     0) &&
-			    (strcasecmp(cfg_obj_asstring(type), "master") != 0))
+			if ((strcasecmp(cfg_obj_asstring(type),
+					"primary") != 0) &&
+			    (strcasecmp(cfg_obj_asstring(type),
+					"master") != 0))
 			{
 				continue;
 			}
@@ -154,21 +149,18 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 	dns_rdataclass_t rdclass;
 	isc_textregion_t r;
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	DE_CONST(zclass, r.base);
 	r.length = strlen(zclass);
 	result = dns_rdataclass_fromtext(&rdclass, &r);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	result = dns_rootns_create(mctx, rdclass, zfile, &db);
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	dns_db_detach(&db);
 	return (ISC_R_SUCCESS);
@@ -176,9 +168,10 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 
 /*% configure the zone */
 static isc_result_t
-configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
-	       const cfg_obj_t *vconfig, const cfg_obj_t *config,
-	       isc_mem_t *mctx, bool list) {
+configure_zone(const char *vclass, const char *view,
+	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
+	       const cfg_obj_t *config, isc_mem_t *mctx, bool list)
+{
 	int i = 0;
 	isc_result_t result;
 	const char *zclass;
@@ -202,22 +195,19 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj)) {
+	if (!cfg_obj_isstring(classobj))
 		zclass = vclass;
-	} else {
+	else
 		zclass = cfg_obj_asstring(classobj);
-	}
 
 	zoptions = cfg_tuple_get(zconfig, "options");
 	maps[i++] = zoptions;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		maps[i++] = cfg_tuple_get(vconfig, "options");
-	}
 	if (config != NULL) {
 		cfg_map_get(config, "options", &obj);
-		if (obj != NULL) {
+		if (obj != NULL)
 			maps[i++] = obj;
-		}
 	}
 	maps[i] = NULL;
 
@@ -226,14 +216,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 		const char *inview = cfg_obj_asstring(inviewobj);
 		printf("%s %s %s in-view %s\n", zname, zclass, view, inview);
 	}
-	if (inviewobj != NULL) {
+	if (inviewobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL) {
+	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	if (list) {
 		const char *ztype = cfg_obj_asstring(typeobj);
@@ -245,21 +233,18 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 * Skip checks when using an alternate data source.
 	 */
 	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL && strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
+	if (dbobj != NULL &&
+	    strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
 	    strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
-	{
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "dlz", &dlzobj);
-	if (dlzobj != NULL) {
+	if (dlzobj != NULL)
 		return (ISC_R_SUCCESS);
-	}
 
 	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj != NULL) {
+	if (fileobj != NULL)
 		zfile = cfg_obj_asstring(fileobj);
-	}
 
 	/*
 	 * Check hints files for hint zones.
@@ -280,14 +265,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 	 */
 	if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) {
 		cfg_map_get(zoptions, "masters", &mastersobj);
-		if (mastersobj != NULL) {
+		if (mastersobj != NULL)
 			return (ISC_R_SUCCESS);
-		}
 	}
 
-	if (zfile == NULL) {
+	if (zfile == NULL)
 		return (ISC_R_FAILURE);
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-dup-records", &obj)) {
@@ -331,14 +314,12 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-integrity", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-		}
-	} else {
+	} else
 		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-mx-cname", &obj)) {
@@ -382,11 +363,10 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "check-sibling", &obj)) {
-		if (cfg_obj_asboolean(obj)) {
+		if (cfg_obj_asboolean(obj))
 			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-		} else {
+		else
 			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-		}
 	}
 
 	obj = NULL;
@@ -419,8 +399,8 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 			ISC_UNREACHABLE();
 		}
 	} else {
-		zone_options |= DNS_ZONEOPT_CHECKNAMES;
-		zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
+	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
 	masterformat = dns_masterformat_text;
@@ -441,23 +421,23 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig,
 
 	obj = NULL;
 	if (get_maps(maps, "max-zone-ttl", &obj)) {
-		maxttl = cfg_obj_asduration(obj);
+		maxttl = cfg_obj_asuint32(obj);
 		zone_options |= DNS_ZONEOPT_CHECKTTL;
 	}
 
-	result = load_zone(mctx, zname, zfile, masterformat, zclass, maxttl,
-			   NULL);
-	if (result != ISC_R_SUCCESS) {
+	result = load_zone(mctx, zname, zfile, masterformat,
+			   zclass, maxttl, NULL);
+	if (result != ISC_R_SUCCESS)
 		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
 			dns_result_totext(result));
-	}
 	return (result);
 }
 
 /*% configure a view */
 static isc_result_t
 configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list) {
+	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *voptions;
 	const cfg_obj_t *zonelist;
@@ -465,33 +445,32 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
 	isc_result_t tresult;
 
 	voptions = NULL;
-	if (vconfig != NULL) {
+	if (vconfig != NULL)
 		voptions = cfg_tuple_get(vconfig, "options");
-	}
 
 	zonelist = NULL;
-	if (voptions != NULL) {
+	if (voptions != NULL)
 		(void)cfg_map_get(voptions, "zone", &zonelist);
-	} else {
+	else
 		(void)cfg_map_get(config, "zone", &zonelist);
-	}
 
-	for (element = cfg_list_first(zonelist); element != NULL;
+	for (element = cfg_list_first(zonelist);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, vconfig, config,
-					 mctx, list);
-		if (tresult != ISC_R_SUCCESS) {
+		tresult = configure_zone(vclass, view, zconfig, vconfig,
+					 config, mctx, list);
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 	return (result);
 }
 
 static isc_result_t
 config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
-		dns_rdataclass_t *classp) {
+		dns_rdataclass_t *classp)
+{
 	isc_textregion_t r;
 
 	if (!cfg_obj_isstring(classobj)) {
@@ -506,7 +485,8 @@ config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 /*% load zones from the configuration */
 static isc_result_t
 load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
-		      bool list_zones) {
+		      bool list_zones)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *views;
 	const cfg_obj_t *vconfig;
@@ -516,7 +496,8 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 	views = NULL;
 
 	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views); element != NULL;
+	for (element = cfg_list_first(views);
+	     element != NULL;
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *classobj;
@@ -525,31 +506,28 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
 		char buf[sizeof("CLASS65535")];
 
 		vconfig = cfg_listelt_value(element);
-		if (vconfig == NULL) {
+		if (vconfig == NULL)
 			continue;
-		}
 
 		classobj = cfg_tuple_get(vconfig, "class");
-		CHECK(config_getclass(classobj, dns_rdataclass_in, &viewclass));
-		if (dns_rdataclass_ismeta(viewclass)) {
+		CHECK(config_getclass(classobj, dns_rdataclass_in,
+					 &viewclass));
+		if (dns_rdataclass_ismeta(viewclass))
 			CHECK(ISC_R_FAILURE);
-		}
 
 		dns_rdataclass_format(viewclass, buf, sizeof(buf));
 		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
 		tresult = configure_view(buf, vname, config, vconfig, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 	if (views == NULL) {
 		tresult = configure_view("IN", "_default", config, NULL, mctx,
 					 list_zones);
-		if (tresult != ISC_R_SUCCESS) {
+		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
-		}
 	}
 
 cleanup:
@@ -591,23 +569,15 @@ main(int argc, char **argv) {
 		switch (c) {
 		case 'm':
 			if (strcasecmp(isc_commandline_argument, "record") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			}
 			if (strcasecmp(isc_commandline_argument, "trace") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			}
 			if (strcasecmp(isc_commandline_argument, "usage") == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
-			if (strcasecmp(isc_commandline_argument, "size") == 0) {
+			if (strcasecmp(isc_commandline_argument, "size") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-			}
-			if (strcasecmp(isc_commandline_argument, "mctx") == 0) {
+			if (strcasecmp(isc_commandline_argument, "mctx") == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-			}
 			break;
 		default:
 			break;
@@ -615,7 +585,7 @@ main(int argc, char **argv) {
 	}
 	isc_commandline_reset = true;
 
-	isc_mem_create(&mctx);
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
 	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != EOF) {
 		switch (c) {
@@ -656,7 +626,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'v':
-			printf("%s\n", PACKAGE_VERSION);
+			printf(VERSION "\n");
 			exit(0);
 
 		case 'x':
@@ -671,17 +641,16 @@ main(int argc, char **argv) {
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -695,19 +664,16 @@ main(int argc, char **argv) {
 		exit(1);
 	}
 
-	if (isc_commandline_index + 1 < argc) {
+	if (isc_commandline_index + 1 < argc)
 		usage();
-	}
-	if (argv[isc_commandline_index] != NULL) {
+	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
-	}
-	if (conffile == NULL || conffile[0] == '\0') {
+	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
 
@@ -733,25 +699,25 @@ main(int argc, char **argv) {
 
 	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
 		result = load_zones_fromconfig(config, mctx, list_zones);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			exit_status = 1;
-		}
 	}
 
-	if (print && exit_status == 0) {
+	if (print && exit_status == 0)
 		cfg_printx(config, flags, output, NULL);
-	}
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);
 
+	dns_name_destroy();
+
 	isc_log_destroy(&logc);
 
 	isc_mem_destroy(&mctx);
 
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
+#endif
 
 	return (exit_status);
 }

bin/check/named-checkconf.docbook

@@ -41,7 +41,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkconf.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkzone.c

@@ -9,17 +9,16 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <inttypes.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <inttypes.h>
 
 #include <isc/app.h>
-#include <isc/attributes.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -54,18 +53,18 @@ static const char *prog_name = NULL;
 static const dns_master_style_t *outputstyle = NULL;
 static enum { progmode_check, progmode_compile } progmode;
 
-#define ERRRET(result, function)                                              \
-	do {                                                                  \
-		if (result != ISC_R_SUCCESS) {                                \
-			if (!quiet)                                           \
-				fprintf(stderr, "%s() returned %s\n",         \
+#define ERRRET(result, function) \
+	do { \
+		if (result != ISC_R_SUCCESS) { \
+			if (!quiet) \
+				fprintf(stderr, "%s() returned %s\n", \
 					function, dns_result_totext(result)); \
-			return (result);                                      \
-		}                                                             \
+			return (result); \
+		} \
 	} while (0)
 
-ISC_NORETURN static void
-usage(void);
+ISC_PLATFORM_NORETURN_PRE static void
+usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
@@ -78,7 +77,7 @@ usage(void) {
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
-		"%s zonename [ (filename|-) ]\n",
+		"%s zonename filename\n",
 		prog_name,
 		progmode == progmode_check ? "[-o filename]" : "-o filename");
 	exit(1);
@@ -86,9 +85,9 @@ usage(void) {
 
 static void
 destroy(void) {
-	if (zone != NULL) {
+	if (zone != NULL)
 		dns_zone_detach(&zone);
-	}
+	dns_name_destroy();
 }
 
 /*% main processing routine */
@@ -96,7 +95,7 @@ int
 main(int argc, char **argv) {
 	int c;
 	char *origin = NULL;
-	const char *filename = NULL;
+	char *filename = NULL;
 	isc_log_t *lctx = NULL;
 	isc_result_t result;
 	char classname_in[] = "IN";
@@ -122,21 +121,18 @@ main(int argc, char **argv) {
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL) {
+	if (prog_name == NULL)
 		prog_name = strrchr(argv[0], '\\');
-	}
-	if (prog_name != NULL) {
+	if (prog_name != NULL)
 		prog_name++;
-	} else {
+	else
 		prog_name = argv[0];
-	}
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(prog_name, "lt-", 3) == 0) {
+	if (strncmp(prog_name, "lt-", 3) == 0)
 		prog_name += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
@@ -152,23 +148,24 @@ main(int argc, char **argv) {
 
 	/* Compilation specific defaults */
 	if (progmode == progmode_compile) {
-		zone_options |= (DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKSPF | DNS_ZONEOPT_CHECKDUPRR |
+		zone_options |= (DNS_ZONEOPT_CHECKNS |
+				 DNS_ZONEOPT_FATALNS |
+				 DNS_ZONEOPT_CHECKSPF |
+				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else {
-		zone_options |= (DNS_ZONEOPT_CHECKDUPRR | DNS_ZONEOPT_CHECKSPF);
-	}
+	} else
+		zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
+				 DNS_ZONEOPT_CHECKSPF);
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
 	isc_commandline_errprint = false;
 
 	while ((c = isc_commandline_parse(argc, argv,
-					  "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:"
-					  "M:S:T:W:")) != EOF)
-	{
+			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
+	       != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
@@ -272,15 +269,16 @@ main(int argc, char **argv) {
 			}
 			break;
 
+
 		case 'n':
 			if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS |
+				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
 						  DNS_ZONEOPT_FATALNS);
 			} else if (ARGCMP("warn")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS;
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
 			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS |
+				zone_options |= DNS_ZONEOPT_CHECKNS|
 						DNS_ZONEOPT_FATALNS;
 			} else {
 				fprintf(stderr, "invalid argument to -n: %s\n",
@@ -332,9 +330,9 @@ main(int argc, char **argv) {
 			break;
 
 		case 's':
-			if (ARGCMP("full")) {
+			if (ARGCMP("full"))
 				outputstyle = &dns_master_style_full;
-			} else if (ARGCMP("relative")) {
+			else if (ARGCMP("relative")) {
 				outputstyle = &dns_master_style_default;
 			} else {
 				fprintf(stderr,
@@ -355,7 +353,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'v':
-			printf("%s\n", PACKAGE_VERSION);
+			printf(VERSION "\n");
 			exit(0);
 
 		case 'w':
@@ -413,25 +411,23 @@ main(int argc, char **argv) {
 			break;
 
 		case 'W':
-			if (ARGCMP("warn")) {
+			if (ARGCMP("warn"))
 				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			} else if (ARGCMP("ignore")) {
+			else if (ARGCMP("ignore"))
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
-			}
 			break;
 
 		case '?':
-			if (isc_commandline_option != '?') {
+			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					prog_name, isc_commandline_option);
-			}
-		/* FALLTHROUGH */
+			/* FALLTHROUGH */
 		case 'h':
 			usage();
 
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", prog_name,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				prog_name, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -439,26 +435,26 @@ main(int argc, char **argv) {
 	if (workdir != NULL) {
 		result = isc_dir_chdir(workdir);
 		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n", workdir,
-				isc_result_totext(result));
+			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
+				workdir, isc_result_totext(result));
 			exit(1);
 		}
 	}
 
 	if (inputformatstr != NULL) {
-		if (strcasecmp(inputformatstr, "text") == 0) {
+		if (strcasecmp(inputformatstr, "text") == 0)
 			inputformat = dns_masterformat_text;
-		} else if (strcasecmp(inputformatstr, "raw") == 0) {
+		else if (strcasecmp(inputformatstr, "raw") == 0)
 			inputformat = dns_masterformat_raw;
-		} else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
+		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
 			inputformat = dns_masterformat_raw;
-			fprintf(stderr, "WARNING: input format raw, version "
-					"ignored\n");
+			fprintf(stderr,
+				"WARNING: input format raw, version ignored\n");
 		} else if (strcasecmp(inputformatstr, "map") == 0) {
 			inputformat = dns_masterformat_map;
 		} else {
 			fprintf(stderr, "unknown file format: %s\n",
-				inputformatstr);
+			    inputformatstr);
 			exit(1);
 		}
 	}
@@ -475,7 +471,8 @@ main(int argc, char **argv) {
 			rawversion = strtol(outputformatstr + 4, &end, 10);
 			if (end == outputformatstr + 4 || *end != '\0' ||
 			    rawversion > 1U) {
-				fprintf(stderr, "unknown raw format version\n");
+				fprintf(stderr,
+					"unknown raw format version\n");
 				exit(1);
 			}
 		} else if (strcasecmp(outputformatstr, "map") == 0) {
@@ -488,60 +485,47 @@ main(int argc, char **argv) {
 	}
 
 	if (progmode == progmode_compile) {
-		dumpzone = 1; /* always dump */
+		dumpzone = 1;	/* always dump */
 		logdump = !quiet;
 		if (output_filename == NULL) {
-			fprintf(stderr, "output file required, but not "
-					"specified\n");
+			fprintf(stderr,
+				"output file required, but not specified\n");
 			usage();
 		}
 	}
 
-	if (output_filename != NULL) {
+	if (output_filename != NULL)
 		dumpzone = 1;
-	}
 
 	/*
-	 * If we are printing to stdout then send the informational
+	 * If we are outputing to stdout then send the informational
 	 * output to stderr.
 	 */
 	if (dumpzone &&
-	    (output_filename == NULL || strcmp(output_filename, "-") == 0 ||
+	    (output_filename == NULL ||
+	     strcmp(output_filename, "-") == 0 ||
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
-	{
+	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
 		logdump = false;
 	}
 
-	if (argc - isc_commandline_index < 1 ||
-	    argc - isc_commandline_index > 2) {
+	if (isc_commandline_index + 2 != argc)
 		usage();
-	}
 
 #ifdef _WIN32
 	InitSockets();
-#endif /* ifdef _WIN32 */
+#endif
 
-	isc_mem_create(&mctx);
-	if (!quiet) {
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx) ==
-			      ISC_R_SUCCESS);
-	}
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+	if (!quiet)
+		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
+			      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
 	origin = argv[isc_commandline_index++];
-
-	if (isc_commandline_index == argc) {
-		/* "-" will be interpreted as stdin */
-		filename = "-";
-	} else {
-		filename = argv[isc_commandline_index];
-	}
-
-	isc_commandline_index++;
-
+	filename = argv[isc_commandline_index++];
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   maxttl, &zone);
 
@@ -557,24 +541,20 @@ main(int argc, char **argv) {
 			fprintf(errout, "dump zone to %s...", output_filename);
 			fflush(errout);
 		}
-		result = dump_zone(origin, zone, output_filename, outputformat,
-				   outputstyle, rawversion);
-		if (logdump) {
+		result = dump_zone(origin, zone, output_filename,
+				   outputformat, outputstyle, rawversion);
+		if (logdump)
 			fprintf(errout, "done\n");
-		}
 	}
 
-	if (!quiet && result == ISC_R_SUCCESS) {
+	if (!quiet && result == ISC_R_SUCCESS)
 		fprintf(errout, "OK\n");
-	}
 	destroy();
-	if (lctx != NULL) {
+	if (lctx != NULL)
 		isc_log_destroy(&lctx);
-	}
 	isc_mem_destroy(&mctx);
 #ifdef _WIN32
 	DestroySockets();
-#endif /* ifdef _WIN32 */
-
+#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -44,7 +44,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkzone.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/win32/checkconf.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{03A96113-CB14-43AA-AEB2-48950E3915C5}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkconf</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -82,8 +76,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/check/win32/checktool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -17,21 +17,18 @@
     <ProjectGuid>{2C1F7096-C5B5-48D4-846F-A7ACA454335D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checktool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -48,21 +45,18 @@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <OutDir>.\$(Configuration)\</OutDir>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -81,8 +75,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/check/win32/checkzone.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{66028555-7DD5-4016-B601-9EF9A1EE8BFA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>checkzone</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>named-$(ProjectName)</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -69,15 +63,15 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -88,8 +82,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>
@@ -104,7 +97,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
@@ -113,8 +106,8 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
     <PostBuildEvent>

bin/confgen/Makefile.am

@@ -1,30 +0,0 @@
-include $(top_srcdir)/Makefile.top
-
-AM_CPPFLAGS +=			\
-	$(LIBISC_CFLAGS)	\
-	$(LIBDNS_CFLAGS)	\
-	-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\"
-
-LDADD =				\
-	libconfgen.la		\
-	$(LIBISC_LIBS)		\
-	$(LIBDNS_LIBS)
-
-noinst_LTLIBRARIES = libconfgen.la
-
-libconfgen_la_SOURCES =		\
-	include/confgen/os.h	\
-	keygen.h		\
-	keygen.c		\
-	util.h			\
-	util.c			\
-	unix/os.c
-
-sbin_PROGRAMS = rndc-confgen ddns-confgen
-
-install-exec-hook:
-	ln -f $(DESTDIR)$(sbindir)/ddns-confgen \
-	      $(DESTDIR)$(sbindir)/tsig-confgen
-
-uninstall-hook:
-	-rm -f $(DESTDIR)$(sbindir)/tsig-confgen

bin/confgen/Makefile.in

@@ -0,0 +1,113 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+# Attempt to disable parallel processing.
+.NOTPARALLEL:
+.NO_PARALLEL:
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
+	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCLIBS =	../../lib/isccc/libisccc.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
+
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+
+RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
+RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
+
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
+
+NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
+
+CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
+
+SRCS=		rndc-confgen.c ddns-confgen.c
+
+SUBDIRS =	unix
+
+TARGETS =	rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
+
+MANPAGES =	rndc-confgen.8 ddns-confgen.8
+
+HTMLPAGES =	rndc-confgen.html ddns-confgen.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
+UOBJS =		unix/os.@O@
+
+@BIND9_MAKE_RULES@
+
+rndc-confgen.@O@: rndc-confgen.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
+		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
+		-c ${srcdir}/rndc-confgen.c
+
+ddns-confgen.@O@: ddns-confgen.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
+
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
+	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+	${FINALBUILDCMD}
+
+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
+	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
+	${FINALBUILDCMD}
+
+# make a link in the build directory to assist with testing
+tsig-keygen@EXEEXT@: ddns-confgen@EXEEXT@
+	rm -f tsig-keygen@EXEEXT@
+	${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ddns-confgen@EXEEXT@ ${DESTDIR}${sbindir}
+	${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/ddns-confgen.8 ${DESTDIR}${mandir}/man8
+	(cd ${DESTDIR}${sbindir}; rm -f tsig-keygen@EXEEXT@; ${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@)
+	(cd ${DESTDIR}${mandir}/man8; rm -f tsig-keygen.8; ${LINK_PROGRAM} ddns-confgen.8 tsig-keygen.8)
+
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
+	rm -f ${DESTDIR}${sbindir}/tsig-keygen@EXEEXT@
+	rm -f ${DESTDIR}${mandir}/man8/ddns-confgen.8
+	rm -f ${DESTDIR}${mandir}/man8/rndc-confgen.8
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/ddns-confgen@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/rndc-confgen@EXEEXT@
+
+clean distclean maintainer-clean::
+	rm -f ${TARGETS}

bin/confgen/ddns-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -22,7 +22,6 @@
 #include <stdlib.h>
 
 #include <isc/assertions.h>
-#include <isc/attributes.h>
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -37,29 +36,28 @@
 
 #if USE_PKCS11
 #include <pk11/result.h>
-#endif /* if USE_PKCS11 */
+#endif
 
 #include <dns/keyvalues.h>
 #include <dns/name.h>
 #include <dns/result.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define KEYGEN_DEFAULT	"tsig-key"
-#define CONFGEN_DEFAULT "ddns-key"
+#define KEYGEN_DEFAULT		"tsig-key"
+#define CONFGEN_DEFAULT		"ddns-key"
 
 static char program[256];
 const char *progname;
-static enum { progmode_keygen, progmode_confgen } progmode;
+static enum { progmode_keygen, progmode_confgen} progmode;
 bool verbose = false; /* needed by util.c but not used here */
 
-ISC_NORETURN static void
-usage(int status);
+ISC_PLATFORM_NORETURN_PRE static void
+usage(int status) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(int status) {
@@ -72,16 +70,16 @@ Usage:\n\
   -s name:       domain name to be updated using the created key\n\
   -z zone:       name of the zone as it will be used in named.conf\n\
   -q:            quiet mode: print the key, with no explanatory text\n",
-			progname);
+			 progname);
 	} else {
 		fprintf(stderr, "\
 Usage:\n\
  %s [-a alg] [keyname]\n\
   -a alg:        algorithm (default hmac-sha256)\n\n",
-			progname);
+			 progname);
 	}
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -104,22 +102,20 @@ main(int argc, char **argv) {
 
 #if USE_PKCS11
 	pk11_result_register();
-#endif /* if USE_PKCS11 */
+#endif
 	dns_result_register();
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "tsig-keygen", 11);
-	}
 	progname = program;
 
 	/*
 	 * Libtool doesn't preserve the program name prior to final
 	 * installation.  Remove the libtool prefix ("lt-").
 	 */
-	if (strncmp(progname, "lt-", 3) == 0) {
+	if (strncmp(progname, "lt-", 3) == 0)
 		progname += 3;
-	}
 
 #define PROGCMP(X) \
 	(strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
@@ -136,26 +132,24 @@ main(int argc, char **argv) {
 
 	isc_commandline_errprint = false;
 
-	while ((ch = isc_commandline_parse(argc, argv, "a:hk:Mmr:qs:y:z:")) !=
-	       -1) {
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "a:hk:Mmr:qs:y:z:")) != -1) {
 		switch (ch) {
 		case 'a':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			keysize = alg_bits(alg);
 			break;
 		case 'h':
 			usage(0);
 		case 'k':
 		case 'y':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				keyname = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'M':
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
@@ -164,79 +158,72 @@ main(int argc, char **argv) {
 			show_final_mem = true;
 			break;
 		case 'q':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				quiet = true;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
 			break;
 		case 's':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				self_domain = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case 'z':
-			if (progmode == progmode_confgen) {
+			if (progmode == progmode_confgen)
 				zone = isc_commandline_argument;
-			} else {
+			else
 				usage(1);
-			}
 			break;
 		case '?':
 			if (isc_commandline_option != '?') {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
 
-	if (progmode == progmode_keygen) {
+	if (progmode == progmode_keygen)
 		keyname = argv[isc_commandline_index++];
-	}
 
 	POST(argv);
 
-	if (self_domain != NULL && zone != NULL) {
-		usage(1); /* -s and -z cannot coexist */
-	}
+	if (self_domain != NULL && zone != NULL)
+		usage(1);	/* -s and -z cannot coexist */
 
-	if (argc > isc_commandline_index) {
+	if (argc > isc_commandline_index)
 		usage(1);
-	}
 
 	/* Use canonical algorithm name */
 	algname = alg_totext(alg);
 
-	isc_mem_create(&mctx);
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
 
 	if (keyname == NULL) {
 		const char *suffix = NULL;
 
-		keyname = ((progmode == progmode_keygen) ? KEYGEN_DEFAULT
-							 : CONFGEN_DEFAULT);
-		if (self_domain != NULL) {
+		keyname = ((progmode == progmode_keygen)
+			?  KEYGEN_DEFAULT
+			: CONFGEN_DEFAULT);
+		if (self_domain != NULL)
 			suffix = self_domain;
-		} else if (zone != NULL) {
+		else if (zone != NULL)
 			suffix = zone;
-		}
 		if (suffix != NULL) {
 			len = strlen(keyname) + strlen(suffix) + 2;
 			keybuf = isc_mem_get(mctx, len);
 			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *)keybuf;
+			keyname = (const char *) keybuf;
 		}
 	}
 
@@ -244,19 +231,20 @@ main(int argc, char **argv) {
 
 	generate_key(mctx, alg, keysize, &key_txtbuffer);
 
-	if (!quiet) {
+
+	if (!quiet)
 		printf("\
 # To activate this key, place the following in named.conf, and\n\
 # in a separate keyfile on the system or systems from which nsupdate\n\
 # will be run:\n");
-	}
 
 	printf("\
 key \"%s\" {\n\
 	algorithm %s;\n\
 	secret \"%.*s\";\n\
 };\n",
-	       keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer),
+	       keyname, algname,
+	       (int)isc_buffer_usedlength(&key_txtbuffer),
 	       (char *)isc_buffer_base(&key_txtbuffer));
 
 	if (!quiet) {
@@ -294,15 +282,14 @@ update-policy {\n\
 # After the keyfile has been placed, the following command will\n\
 # execute nsupdate using this key:\n\
 nsupdate -k <keyfile>\n");
+
 	}
 
-	if (keybuf != NULL) {
+	if (keybuf != NULL)
 		isc_mem_put(mctx, keybuf, len);
-	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/ddns-confgen.docbook

@@ -38,7 +38,6 @@
       <year>2016</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/ddns-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016, 2018-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/confgen/include/confgen/os.h

@@ -9,19 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
 #ifndef RNDC_OS_H
 #define RNDC_OS_H 1
 
-#include <stdio.h>
-
 #include <isc/lang.h>
+#include <stdio.h>
 
 ISC_LANG_BEGINDECLS
 
-int
-set_user(FILE *fd, const char *user);
+int set_user(FILE *fd, const char *user);
 /*%<
  * Set the owner of the file referenced by 'fd' to 'user'.
  * Returns:
@@ -31,4 +30,4 @@ set_user(FILE *fd, const char *user);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef RNDC_OS_H */
+#endif

bin/confgen/keygen.c

@@ -9,11 +9,11 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "keygen.h"
-#include <stdarg.h>
 #include <stdlib.h>
+#include <stdarg.h>
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
@@ -29,10 +29,10 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
 #include "util.h"
+#include "keygen.h"
 
 /*%
  * Convert algorithm type to string.
@@ -40,20 +40,20 @@
 const char *
 alg_totext(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return ("hmac-md5");
-	case DST_ALG_HMACSHA1:
-		return ("hmac-sha1");
-	case DST_ALG_HMACSHA224:
-		return ("hmac-sha224");
-	case DST_ALG_HMACSHA256:
-		return ("hmac-sha256");
-	case DST_ALG_HMACSHA384:
-		return ("hmac-sha384");
-	case DST_ALG_HMACSHA512:
-		return ("hmac-sha512");
-	default:
-		return ("(unknown)");
+	    case DST_ALG_HMACMD5:
+		return "hmac-md5";
+	    case DST_ALG_HMACSHA1:
+		return "hmac-sha1";
+	    case DST_ALG_HMACSHA224:
+		return "hmac-sha224";
+	    case DST_ALG_HMACSHA256:
+		return "hmac-sha256";
+	    case DST_ALG_HMACSHA384:
+		return "hmac-sha384";
+	    case DST_ALG_HMACSHA512:
+		return "hmac-sha512";
+	    default:
+		return "(unknown)";
 	}
 }
 
@@ -63,29 +63,22 @@ alg_totext(dns_secalg_t alg) {
 dns_secalg_t
 alg_fromtext(const char *name) {
 	const char *p = name;
-	if (strncasecmp(p, "hmac-", 5) == 0) {
+	if (strncasecmp(p, "hmac-", 5) == 0)
 		p = &name[5];
-	}
 
-	if (strcasecmp(p, "md5") == 0) {
-		return (DST_ALG_HMACMD5);
-	}
-	if (strcasecmp(p, "sha1") == 0) {
-		return (DST_ALG_HMACSHA1);
-	}
-	if (strcasecmp(p, "sha224") == 0) {
-		return (DST_ALG_HMACSHA224);
-	}
-	if (strcasecmp(p, "sha256") == 0) {
-		return (DST_ALG_HMACSHA256);
-	}
-	if (strcasecmp(p, "sha384") == 0) {
-		return (DST_ALG_HMACSHA384);
-	}
-	if (strcasecmp(p, "sha512") == 0) {
-		return (DST_ALG_HMACSHA512);
-	}
-	return (DST_ALG_UNKNOWN);
+	if (strcasecmp(p, "md5") == 0)
+		return DST_ALG_HMACMD5;
+	if (strcasecmp(p, "sha1") == 0)
+		return DST_ALG_HMACSHA1;
+	if (strcasecmp(p, "sha224") == 0)
+		return DST_ALG_HMACSHA224;
+	if (strcasecmp(p, "sha256") == 0)
+		return DST_ALG_HMACSHA256;
+	if (strcasecmp(p, "sha384") == 0)
+		return DST_ALG_HMACSHA384;
+	if (strcasecmp(p, "sha512") == 0)
+		return DST_ALG_HMACSHA512;
+	return DST_ALG_UNKNOWN;
 }
 
 /*%
@@ -94,20 +87,20 @@ alg_fromtext(const char *name) {
 int
 alg_bits(dns_secalg_t alg) {
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-		return (128);
-	case DST_ALG_HMACSHA1:
-		return (160);
-	case DST_ALG_HMACSHA224:
-		return (224);
-	case DST_ALG_HMACSHA256:
-		return (256);
-	case DST_ALG_HMACSHA384:
-		return (384);
-	case DST_ALG_HMACSHA512:
-		return (512);
-	default:
-		return (0);
+	    case DST_ALG_HMACMD5:
+		return 128;
+	    case DST_ALG_HMACSHA1:
+		return 160;
+	    case DST_ALG_HMACSHA224:
+		return 224;
+	    case DST_ALG_HMACSHA256:
+		return 256;
+	    case DST_ALG_HMACSHA384:
+		return 384;
+	    case DST_ALG_HMACSHA512:
+		return 512;
+	    default:
+		return 0;
 	}
 }
 
@@ -124,31 +117,30 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 	dst_key_t *key = NULL;
 
 	switch (alg) {
-	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 512) {
+	    case DST_ALG_HMACMD5:
+	    case DST_ALG_HMACSHA1:
+	    case DST_ALG_HMACSHA224:
+	    case DST_ALG_HMACSHA256:
+		if (keysize < 1 || keysize > 512)
 			fatal("keysize %d out of range (must be 1-512)\n",
 			      keysize);
-		}
 		break;
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
-		if (keysize < 1 || keysize > 1024) {
+	    case DST_ALG_HMACSHA384:
+	    case DST_ALG_HMACSHA512:
+		if (keysize < 1 || keysize > 1024)
 			fatal("keysize %d out of range (must be 1-1024)\n",
 			      keysize);
-		}
 		break;
-	default:
+	    default:
 		fatal("unsupported algorithm %d\n", alg);
 	}
 
 	DO("initialize dst library", dst_lib_init(mctx, NULL));
 
-	DO("generate key",
-	   dst_key_generate(dns_rootname, alg, keysize, 0, 0, DNS_KEYPROTO_ANY,
-			    dns_rdataclass_in, mctx, &key, NULL));
+	DO("generate key", dst_key_generate(dns_rootname, alg,
+					    keysize, 0, 0, DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key,
+					    NULL));
 
 	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
 
@@ -156,12 +148,11 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 
 	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
 
-	DO("bsse64 encode secret",
-	   isc_base64_totext(&key_rawregion, -1, "", key_txtbuffer));
+	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
+						     key_txtbuffer));
 
-	if (key != NULL) {
+	if (key != NULL)
 		dst_key_free(&key);
-	}
 
 	dst_lib_destroy();
 }
@@ -172,8 +163,9 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
  * the name 'keyname' and the secret in the buffer 'secret'.
  */
 void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg) {
+write_key_file(const char *keyfile, const char *user,
+	       const char *keyname, isc_buffer_t *secret,
+	       dns_secalg_t alg) {
 	isc_result_t result;
 	const char *algname = alg_totext(alg);
 	FILE *fd = NULL;
@@ -181,22 +173,19 @@ write_key_file(const char *keyfile, const char *user, const char *keyname,
 	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
 
 	if (user != NULL) {
-		if (set_user(fd, user) == -1) {
+		if (set_user(fd, user) == -1)
 			fatal("unable to set file owner\n");
-		}
 	}
 
-	fprintf(fd,
-		"key \"%s\" {\n\talgorithm %s;\n"
+	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
 		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname, (int)isc_buffer_usedlength(secret),
+		keyname, algname,
+		(int)isc_buffer_usedlength(secret),
 		(char *)isc_buffer_base(secret));
 	fflush(fd);
-	if (ferror(fd)) {
+	if (ferror(fd))
 		fatal("write to %s failed\n", keyfile);
-	}
-	if (fclose(fd)) {
+	if (fclose(fd))
 		fatal("fclose(%s) failed\n", keyfile);
-	}
 	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }

bin/confgen/keygen.h

@@ -9,33 +9,26 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1
 
 /*! \file */
 
-#include <isc/buffer.h>
 #include <isc/lang.h>
-#include <isc/mem.h>
-
-#include <dns/secalg.h>
 
 ISC_LANG_BEGINDECLS
 
-void
-generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-	     isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+		  isc_buffer_t *key_txtbuffer);
 
-void
-write_key_file(const char *keyfile, const char *user, const char *keyname,
-	       isc_buffer_t *secret, dns_secalg_t alg);
+void write_key_file(const char *keyfile, const char *user,
+		    const char *keyname, isc_buffer_t *secret,
+		    dns_secalg_t alg);
 
-const char *
-alg_totext(dns_secalg_t alg);
-dns_secalg_t
-alg_fromtext(const char *name);
-int
-alg_bits(dns_secalg_t alg);
+const char *alg_totext(dns_secalg_t alg);
+dns_secalg_t alg_fromtext(const char *name);
+int alg_bits(dns_secalg_t alg);
 
 ISC_LANG_ENDDECLS
 

bin/confgen/rndc-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -206,5 +206,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/rndc-confgen.c

@@ -25,7 +25,6 @@
 #include <stdlib.h>
 
 #include <isc/assertions.h>
-#include <isc/attributes.h>
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -44,15 +43,14 @@
 #include <dns/name.h>
 
 #include <dst/dst.h>
-
 #include <confgen/os.h>
 
-#include "keygen.h"
 #include "util.h"
+#include "keygen.h"
 
-#define DEFAULT_KEYNAME "rndc-key"
-#define DEFAULT_SERVER	"127.0.0.1"
-#define DEFAULT_PORT	953
+#define DEFAULT_KEYNAME		"rndc-key"
+#define DEFAULT_SERVER		"127.0.0.1"
+#define DEFAULT_PORT		953
 
 static char program[256];
 const char *progname;
@@ -61,11 +59,12 @@ bool verbose = false;
 
 const char *keyfile, *keydef;
 
-ISC_NORETURN static void
-usage(int status);
+ISC_PLATFORM_NORETURN_PRE static void
+usage(int status) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(int status) {
+
 	fprintf(stderr, "\
 Usage:\n\
  %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
@@ -79,9 +78,9 @@ Usage:\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
-		progname, keydef);
+		 progname, keydef);
 
-	exit(status);
+	exit (status);
 }
 
 int
@@ -109,9 +108,8 @@ main(int argc, char **argv) {
 	keydef = keyfile = RNDC_KEYFILE;
 
 	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS) {
+	if (result != ISC_R_SUCCESS)
 		memmove(program, "rndc-confgen", 13);
-	}
 	progname = program;
 
 	keyname = DEFAULT_KEYNAME;
@@ -131,15 +129,13 @@ main(int argc, char **argv) {
 		case 'A':
 			algname = isc_commandline_argument;
 			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN) {
+			if (alg == DST_ALG_UNKNOWN)
 				fatal("Unsupported algorithm '%s'", algname);
-			}
 			break;
 		case 'b':
 			keysize = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || keysize < 0) {
+			if (*p != '\0' || keysize < 0)
 				fatal("-b requires a non-negative number");
-			}
 			break;
 		case 'c':
 			keyfile = isc_commandline_argument;
@@ -147,7 +143,7 @@ main(int argc, char **argv) {
 		case 'h':
 			usage(0);
 		case 'k':
-		case 'y': /* Compatible with rndc -y. */
+		case 'y':	/* Compatible with rndc -y. */
 			keyname = isc_commandline_argument;
 			break;
 		case 'M':
@@ -159,10 +155,9 @@ main(int argc, char **argv) {
 			break;
 		case 'p':
 			port = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || port < 0 || port > 65535) {
+			if (*p != '\0' || port < 0 || port > 65535)
 				fatal("port '%s' out of range",
 				      isc_commandline_argument);
-			}
 			break;
 		case 'r':
 			fatal("The -r option has been deprecated.");
@@ -171,9 +166,7 @@ main(int argc, char **argv) {
 			serveraddr = isc_commandline_argument;
 			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
 			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
-			{
 				fatal("-s should be an IPv4 or IPv6 address");
-			}
 			break;
 		case 't':
 			chrootdir = isc_commandline_argument;
@@ -189,13 +182,12 @@ main(int argc, char **argv) {
 				fprintf(stderr, "%s: invalid argument -%c\n",
 					program, isc_commandline_option);
 				usage(1);
-			} else {
+			} else
 				usage(0);
-			}
 			break;
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n", program,
-				isc_commandline_option);
+			fprintf(stderr, "%s: unhandled option -%c\n",
+				program, isc_commandline_option);
 			exit(1);
 		}
 	}
@@ -204,22 +196,20 @@ main(int argc, char **argv) {
 	argv += isc_commandline_index;
 	POST(argv);
 
-	if (argc > 0) {
+	if (argc > 0)
 		usage(1);
-	}
 
 	if (alg == DST_ALG_HMACMD5) {
-		fprintf(stderr, "warning: use of hmac-md5 for RNDC keys "
-				"is deprecated; hmac-sha256 is now "
-				"recommended.\n");
+		fprintf(stderr,
+			"warning: use of hmac-md5 for RNDC keys "
+			"is deprecated; hmac-sha256 is now recommended.\n");
 	}
 
-	if (keysize < 0) {
+	if (keysize < 0)
 		keysize = alg_bits(alg);
-	}
 	algname = alg_totext(alg);
 
-	isc_mem_create(&mctx);
+	DO("create memory context", isc_mem_create(0, 0, &mctx));
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
 	generate_key(mctx, alg, keysize, &key_txtbuffer);
@@ -266,16 +256,16 @@ options {\n\
 # End of named.conf\n",
 		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), keyname,
-		       serveraddr, port, keyname, algname,
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       keyname, serveraddr, port,
+		       keyname, algname,
 		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer), serveraddr,
-		       port, serveraddr, keyname);
+		       (char *)isc_buffer_base(&key_txtbuffer),
+		       serveraddr, port, serveraddr, keyname);
 	}
 
-	if (show_final_mem) {
+	if (show_final_mem)
 		isc_mem_stats(mctx, stderr);
-	}
 
 	isc_mem_destroy(&mctx);
 

bin/confgen/rndc-confgen.docbook

@@ -45,7 +45,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/confgen/rndc-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/confgen/unix/Makefile.in

@@ -0,0 +1,28 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
+		${DNS_INCLUDES} ${ISC_INCLUDES}
+
+CDEFINES =
+CWARNINGS =
+
+OBJS =		os.@O@
+
+SRCS =		os.c
+
+TARGETS =	${OBJS}
+
+@BIND9_MAKE_RULES@

bin/confgen/unix/os.c

@@ -9,17 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include <errno.h>
+#include <confgen/os.h>
+
 #include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
 #include <pwd.h>
+#include <errno.h>
 #include <stdio.h>
 #include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#include <confgen/os.h>
 
 int
 set_user(FILE *fd, const char *user) {

bin/confgen/util.c

@@ -9,16 +9,18 @@
  * information regarding copyright ownership.
  */
 
+
 /*! \file */
 
-#include "util.h"
 #include <stdarg.h>
 #include <stdbool.h>
-#include <stdio.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include <isc/print.h>
 
+#include "util.h"
+
 extern bool verbose;
 extern const char *progname;
 

bin/confgen/util.h

@@ -9,26 +9,27 @@
  * information regarding copyright ownership.
  */
 
+
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1
 
 /*! \file */
 
-#include <isc/attributes.h>
-#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/platform.h>
 
-#define NS_CONTROL_PORT 953
+#include <isc/formatcheck.h>
+
+#define NS_CONTROL_PORT		953
 
 #undef DO
-#define DO(name, function)                                                \
-	do {                                                              \
-		result = function;                                        \
-		if (result != ISC_R_SUCCESS)                              \
+#define DO(name, function) \
+	do { \
+		result = function; \
+		if (result != ISC_R_SUCCESS) \
 			fatal("%s: %s", name, isc_result_totext(result)); \
-		else                                                      \
-			notify("%s", name);                               \
+		else \
+			notify("%s", name); \
 	} while (0)
 
 ISC_LANG_BEGINDECLS
@@ -36,8 +37,9 @@ ISC_LANG_BEGINDECLS
 void
 notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
 
-ISC_NORETURN void
-fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+ISC_PLATFORM_NORETURN_PRE void
+fatal(const char *format, ...)
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 ISC_LANG_ENDDECLS
 

bin/confgen/win32/confgentool.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{64964B03-4815-41F0-9057-E766A94AF197}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>confgentool</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -77,8 +71,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>ddnsconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>ddns-confgen</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>ddns-confgen</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -88,8 +82,7 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/confgen/win32/os.c

@@ -9,16 +9,16 @@
  * information regarding copyright ownership.
  */
 
-#include <errno.h>
-#include <fcntl.h>
-#include <io.h>
-#include <stdio.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
 #include <confgen/os.h>
 
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <io.h>
+#include <sys/stat.h>
+
 int
 set_user(FILE *fd, const char *user) {
 	return (0);

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{1E2C1635-3093-4D59-80E7-4743AC10F22F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>rndcconfgen</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,22 +41,19 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>rndc-confgen</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
     <TargetName>rndc-confgen</TargetName>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -82,8 +76,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/delv/Makefile.am

@@ -1,21 +0,0 @@
-include $(top_srcdir)/Makefile.top
-
-AM_CPPFLAGS +=				\
-	-I$(top_builddir)/include	\
-	$(LIBISC_CFLAGS)		\
-	$(LIBDNS_CFLAGS)		\
-	$(LIBISCCFG_CFLAGS)		\
-	$(LIBIRS_CFLAGS)
-
-AM_CPPFLAGS +=				\
-	-DSYSCONFDIR=\"${sysconfdir}\"
-
-bin_PROGRAMS = delv
-
-delv_SOURCES =				\
-	delv.c
-delv_LDADD =				\
-	$(LIBISC_LIBS)			\
-	$(LIBDNS_LIBS)			\
-	$(LIBISCCFG_LIBS)		\
-	$(LIBIRS_LIBS)

bin/delv/Makefile.in

@@ -0,0 +1,82 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} \
+		${OPENSSL_CFLAGS}
+
+CDEFINES =	-DVERSION=\"${VERSION}\" \
+		-DSYSCONFDIR=\"${sysconfdir}\"
+CWARNINGS =
+
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+IRSLIBS =	../../lib/irs/libirs.@A@
+
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+IRSDEPLIBS =	../../lib/irs/libirs.@A@
+
+DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
+
+LIBS =		${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
+
+SUBDIRS =
+
+TARGETS =	delv@EXEEXT@
+
+OBJS =		delv.@O@
+
+SRCS =		delv.c
+
+MANPAGES =	delv.1
+
+HTMLPAGES =	delv.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+delv@EXEEXT@: delv.@O@ ${DEPLIBS}
+	export BASEOBJS="delv.@O@"; \
+	export LIBS0="${DNSLIBS}"; \
+	${FINALBUILDCMD}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: delv@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		delv@EXEEXT@ ${DESTDIR}${bindir}
+	${INSTALL_DATA} ${srcdir}/delv.1 ${DESTDIR}${mandir}/man1
+
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man1/delv.1
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/delv@EXEEXT@
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
+	rm -f ${TARGETS}

bin/delv/delv.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -144,7 +144,7 @@ options\&.
 Note: When reading the trust anchor file,
 \fBdelv\fR
 treats
-\fBtrust\-anchors\fR\fBinitial\-key\fR
+\fBdnssec\-keys\fR\fBinitial\-key\fR
 and
 \fBstatic\-key\fR
 entries identically\&. That is, even if a key is configured with
@@ -409,11 +409,6 @@ Controls whether to use TCP when sending queries\&. The default is to use UDP un
 .RS 4
 Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
 .RE
-.PP
-\fB+[no]yaml\fR
-.RS 4
-Print response data in YAML format\&.
-.RE
 .SH "FILES"
 .PP
 /etc/bind\&.keys
@@ -433,5 +428,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.docbook

@@ -40,7 +40,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -216,7 +215,7 @@
 	  </para>
 	  <para>
 	    Note: When reading the trust anchor file,
-	    <command>delv</command> treats <option>trust-anchors</option>
+	    <command>delv</command> treats <option>dnssec-keys</option>
 	    <option>initial-key</option> and <option>static-key</option>
 	    entries identically.  That is, even if a key is configured
 	    with <command>initial-key</command>, indicating that it is

bin/delv/delv.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -197,7 +197,7 @@
 	  </p>
 	  <p>
 	    Note: When reading the trust anchor file,
-	    <span class="command"><strong>delv</strong></span> treats <code class="option">trust-anchors</code>
+	    <span class="command"><strong>delv</strong></span> treats <code class="option">dnssec-keys</code>
 	    <code class="option">initial-key</code> and <code class="option">static-key</code>
 	    entries identically.  That is, even if a key is configured
 	    with <span class="command"><strong>initial-key</strong></span>, indicating that it is
@@ -548,12 +548,6 @@
 	      in the type's presentation format.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]yaml</code></span></dt>
-<dd>
-	    <p>
-	      Print response data in YAML format.
-	    </p>
-	  </dd>
 </dl></div>
 <p>
 

bin/delv/win32/delv.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BE172EFE-C1DC-4812-BFB9-8C5F8ADB7E9F}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>delv</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -80,8 +74,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/Makefile.am

@@ -1,30 +0,0 @@
-include $(top_srcdir)/Makefile.top
-
-AM_CPPFLAGS +=			\
-	$(LIBISC_CFLAGS)	\
-	$(LIBDNS_CFLAGS)	\
-	$(LIBISCCFG_CFLAGS)	\
-	$(LIBIRS_CFLAGS)	\
-	$(LIBBIND9_CFLAGS)	\
-	$(LIBIDN2_CFLAGS)
-
-LDADD =				\
-	libdighost.la		\
-	$(LIBISC_LIBS)		\
-	$(LIBDNS_LIBS)		\
-	$(LIBISCCFG_LIBS)	\
-	$(LIBIRS_LIBS)		\
-	$(LIBBIND9_LIBS)	\
-	$(LIBIDN2_LIBS)
-
-noinst_LTLIBRARIES = libdighost.la
-
-libdighost_la_SOURCES = \
-	dighost.h	\
-	dighost.c
-
-bin_PROGRAMS = dig host nslookup
-
-nslookup_LDADD =	\
-	$(LDADD)	\
-	$(READLINE_LIB)

bin/dig/Makefile.in

@@ -0,0 +1,114 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+READLINE_LIB = @READLINE_LIB@
+
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
+		${BIND9_INCLUDES} ${ISC_INCLUDES} \
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ \
+		${OPENSSL_CFLAGS}
+
+CDEFINES =	-DVERSION=\"${VERSION}\"
+CWARNINGS =
+
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+IRSLIBS =	../../lib/irs/libirs.@A@
+
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+IRSDEPLIBS =	../../lib/irs/libirs.@A@
+
+DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
+		${ISCDEPLIBS} ${ISCCFGDEPLIBS}
+
+LIBS =		${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
+
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
+
+SUBDIRS =
+
+TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+
+OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
+
+UOBJS =
+
+SRCS =		dig.c dighost.c host.c nslookup.c
+
+MANPAGES =	dig.1 host.1 nslookup.1
+
+HTMLPAGES =	dig.html host.html nslookup.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
+@BIND9_MAKE_RULES@
+
+LDFLAGS =	@LDFLAGS@ @LIBIDN2_LDFLAGS@
+
+dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
+	${FINALBUILDCMD}
+
+host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	export BASEOBJS="host.@O@ dighost.@O@ ${UOBJS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
+	${FINALBUILDCMD}
+
+nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
+	${FINALBUILDCMD}
+
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
+	rm -f ${TARGETS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+
+install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		dig@EXEEXT@ ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		host@EXEEXT@ ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		nslookup@EXEEXT@ ${DESTDIR}${bindir}
+	for m in ${MANPAGES}; do \
+		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
+	done
+
+uninstall::
+	for m in ${MANPAGES}; do \
+		rm -f ${DESTDIR}${mandir}/man1/$$m || exit 1; \
+	done
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/dig@EXEEXT@

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -744,13 +744,6 @@ Display [do not display] the TTL when printing the record\&.
 Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks\&. Implies +ttlid\&.
 .RE
 .PP
-\fB+[no]unexpected\fR
-.RS 4
-Accept [do not accept] answers from unexpected sources\&. By default,
-\fBdig\fR
-won\*(Aqt accept a reply from a source other than the one to which it sent the query\&.
-.RE
-.PP
 \fB+[no]unknownformat\fR
 .RS 4
 Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
@@ -763,13 +756,6 @@ Use [do not use] TCP when querying name servers\&. This alternate syntax to
 is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
 .RE
 .PP
-\fB+[no]yaml\fR
-.RS 4
-Print the responses (and, if
-\fB+qr\fR
-is in use, also the outgoing queries) in a detailed YAML format\&.
-.RE
-.PP
 \fB+[no]zflag\fR
 .RS 4
 Set [do not set] the last unassigned DNS header flag in a DNS query\&. This flag is off by default\&.
@@ -849,5 +835,5 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/dig.docbook

@@ -53,7 +53,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -1270,17 +1269,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]unexpected</option></term>
-	  <listitem>
-	    <para>
-	      Accept [do not accept] answers from unexpected sources.  By
-	      default, <command>dig</command> won't accept a reply from a
-	      source other than the one to which it sent the query.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]unknownformat</option></term>
 	  <listitem>

bin/dig/dig.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2011, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -1000,14 +1000,6 @@
 	      seconds, minutes, hours, days and weeks.  Implies +ttlid.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]unexpected</code></span></dt>
-<dd>
-	    <p>
-	      Accept [do not accept] answers from unexpected sources.  By
-	      default, <span class="command"><strong>dig</strong></span> won't accept a reply from a
-	      source other than the one to which it sent the query.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
 <dd>
 	    <p>
@@ -1025,13 +1017,6 @@
 	      stands for "virtual circuit".
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]yaml</code></span></dt>
-<dd>
-	    <p>
-	      Print the responses (and, if <code class="option">+qr</code> is in use,
-	      also the outgoing queries) in a detailed YAML format.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]zflag</code></span></dt>
 <dd>
 	    <p>

bin/dig/host.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 host \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP \w'\fBhost\fR\ 'u
-\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
+\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
 .SH "DESCRIPTION"
 .PP
 \fBhost\fR
@@ -138,11 +138,6 @@ directive in
 /etc/resolv\&.conf\&.
 .RE
 .PP
-\-p \fIport\fR
-.RS 4
-Specify the port on the server to query\&. The default is 53\&.
-.RE
-.PP
 \-r
 .RS 4
 Non\-recursive query: Setting this option clears the RD (recursion desired) bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
@@ -274,5 +269,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/host.c

@@ -12,22 +12,21 @@
 /*! \file */
 
 #include <inttypes.h>
-#include <limits.h>
 #include <stdbool.h>
 #include <stdlib.h>
+#include <limits.h>
 
 #ifdef HAVE_LOCALE_H
 #include <locale.h>
-#endif /* ifdef HAVE_LOCALE_H */
+#endif
 
 #include <isc/app.h>
-#include <isc/attributes.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -36,10 +35,10 @@
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
-#include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
 
-#include "dighost.h"
+#include <dig/dig.h>
 
 static bool short_form = true, listed_server = false;
 static bool default_lookups = true;
@@ -50,95 +49,119 @@ static dns_rdatatype_t list_type = dns_rdatatype_a;
 static bool printed_server = false;
 static bool ipv4only = false, ipv6only = false;
 
-static const char *opcodetext[] = { "QUERY",	  "IQUERY",	"STATUS",
-				    "RESERVED3",  "NOTIFY",	"UPDATE",
-				    "RESERVED6",  "RESERVED7",	"RESERVED8",
-				    "RESERVED9",  "RESERVED10", "RESERVED11",
-				    "RESERVED12", "RESERVED13", "RESERVED14",
-				    "RESERVED15" };
+static const char *opcodetext[] = {
+	"QUERY",
+	"IQUERY",
+	"STATUS",
+	"RESERVED3",
+	"NOTIFY",
+	"UPDATE",
+	"RESERVED6",
+	"RESERVED7",
+	"RESERVED8",
+	"RESERVED9",
+	"RESERVED10",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15"
+};
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 struct rtype {
 	unsigned int type;
 	const char *text;
 };
 
-struct rtype rtypes[] = { { 1, "has address" },
-			  { 2, "name server" },
-			  { 5, "is an alias for" },
-			  { 11, "has well known services" },
-			  { 12, "domain name pointer" },
-			  { 13, "host information" },
-			  { 15, "mail is handled by" },
-			  { 16, "descriptive text" },
-			  { 19, "x25 address" },
-			  { 20, "ISDN address" },
-			  { 24, "has signature" },
-			  { 25, "has key" },
-			  { 28, "has IPv6 address" },
-			  { 29, "location" },
-			  { 0, NULL } };
+struct rtype rtypes[] = {
+	{ 1, 	"has address" },
+	{ 2, 	"name server" },
+	{ 5, 	"is an alias for" },
+	{ 11,	"has well known services" },
+	{ 12,	"domain name pointer" },
+	{ 13,	"host information" },
+	{ 15,	"mail is handled by" },
+	{ 16,	"descriptive text" },
+	{ 19,	"x25 address" },
+	{ 20,	"ISDN address" },
+	{ 24,	"has signature" },
+	{ 25,	"has key" },
+	{ 28,	"has IPv6 address" },
+	{ 29,	"location" },
+	{ 0, NULL }
+};
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
-ISC_NORETURN static void
-show_usage(void);
+ISC_PLATFORM_NORETURN_PRE static void
+show_usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 show_usage(void) {
-	fputs("Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W "
-	      "time]\n"
-	      "            [-R number] [-m flag] [-p port] hostname [server]\n"
-	      "       -a is equivalent to -v -t ANY\n"
-	      "       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
-	      "       -c specifies query class for non-IN data\n"
-	      "       -C compares SOA records on authoritative nameservers\n"
-	      "       -d is equivalent to -v\n"
-	      "       -l lists all hosts in a domain, using AXFR\n"
-	      "       -m set memory debugging flag (trace|record|usage)\n"
-	      "       -N changes the number of dots allowed before root lookup "
-	      "is done\n"
-	      "       -p specifies the port on the server to query\n"
-	      "       -r disables recursive processing\n"
-	      "       -R specifies number of retries for UDP packets\n"
-	      "       -s a SERVFAIL response should stop query\n"
-	      "       -t specifies the query type\n"
-	      "       -T enables TCP/IP mode\n"
-	      "       -U enables UDP mode\n"
-	      "       -v enables verbose output\n"
-	      "       -V print version number and exit\n"
-	      "       -w specifies to wait forever for a reply\n"
-	      "       -W specifies how long to wait for a reply\n"
-	      "       -4 use IPv4 query transport only\n"
-	      "       -6 use IPv6 query transport only\n",
-	      stderr);
+	fputs(
+"Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]\n"
+"            [-R number] [-m flag] hostname [server]\n"
+"       -a is equivalent to -v -t ANY\n"
+"       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
+"       -c specifies query class for non-IN data\n"
+"       -C compares SOA records on authoritative nameservers\n"
+"       -d is equivalent to -v\n"
+"       -l lists all hosts in a domain, using AXFR\n"
+"       -m set memory debugging flag (trace|record|usage)\n"
+"       -N changes the number of dots allowed before root lookup is done\n"
+"       -r disables recursive processing\n"
+"       -R specifies number of retries for UDP packets\n"
+"       -s a SERVFAIL response should stop query\n"
+"       -t specifies the query type\n"
+"       -T enables TCP/IP mode\n"
+"       -U enables UDP mode\n"
+"       -v enables verbose output\n"
+"       -V print version number and exit\n"
+"       -w specifies to wait forever for a reply\n"
+"       -W specifies how long to wait for a reply\n"
+"       -4 use IPv4 query transport only\n"
+"       -6 use IPv6 query transport only\n", stderr);
 	exit(1);
 }
 
 static void
 host_shutdown(void) {
-	(void)isc_app_shutdown();
+	(void) isc_app_shutdown();
 }
 
 static void
@@ -150,9 +173,9 @@ received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 		char fromtext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
 		TIME_NOW(&now);
-		diff = (int)isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n", bytes, fromtext,
-		       diff / 1000);
+		diff = (int) isc_time_microdiff(&now, &query->time_sent);
+		printf("Received %u bytes from %s in %d ms\n",
+		       bytes, fromtext, diff/1000);
 	}
 }
 
@@ -160,14 +183,14 @@ static void
 trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
-	if (!short_form) {
+	if (!short_form)
 		printf("Trying \"%s\"\n", frm);
-	}
 }
 
 static void
 say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
-	    dig_query_t *query) {
+	    dig_query_t *query)
+{
 	isc_buffer_t *b = NULL;
 	char namestr[DNS_NAME_FORMATSIZE];
 	isc_region_t r;
@@ -175,8 +198,9 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	unsigned int bufsize = BUFSIZ;
 
 	dns_name_format(name, namestr, sizeof(namestr));
-retry:
-	isc_buffer_allocate(mctx, &b, bufsize);
+ retry:
+	result = isc_buffer_allocate(mctx, &b, bufsize);
+	check_result(result, "isc_buffer_allocate");
 	result = dns_rdata_totext(rdata, NULL, b);
 	if (result == ISC_R_NOSPACE) {
 		isc_buffer_free(&b);
@@ -186,9 +210,11 @@ retry:
 	check_result(result, "dns_rdata_totext");
 	isc_buffer_usedregion(b, &r);
 	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t", query->servname);
+		printf("Nameserver %s:\n\t",
+			query->servname);
 	}
-	printf("%s %s %.*s", namestr, msg, (int)r.length, (char *)r.base);
+	printf("%s %s %.*s", namestr,
+	       msg, (int)r.length, (char *)r.base);
 	if (query->lookup->identify) {
 		printf(" on server %s", query->servname);
 	}
@@ -198,7 +224,9 @@ retry:
 
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers, dig_query_t *query) {
+	     const char *section_name, bool headers,
+	     dig_query_t *query)
+{
 	dns_name_t *name, *print_name;
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
@@ -210,24 +238,21 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	bool first;
 	bool no_rdata;
 
-	if (sectionid == DNS_SECTION_QUESTION) {
+	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = true;
-	} else {
+	else
 		no_rdata = false;
-	}
 
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", section_name);
-	}
 
 	dns_name_init(&empty_name, NULL);
 
 	result = dns_message_firstname(msg, sectionid);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 
 	for (;;) {
 		name = NULL;
@@ -237,9 +262,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		first = true;
 		print_name = name;
 
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (query->lookup->rdtype == dns_rdatatype_axfr &&
 			    !((!list_addresses &&
 			       (list_type == dns_rdatatype_any ||
@@ -249,39 +274,36 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 				rdataset->type == dns_rdatatype_aaaa ||
 				rdataset->type == dns_rdatatype_ns ||
 				rdataset->type == dns_rdatatype_ptr))))
-			{
 				continue;
-			}
 			if (list_almost_all &&
-			    (rdataset->type == dns_rdatatype_rrsig ||
-			     rdataset->type == dns_rdatatype_nsec ||
-			     rdataset->type == dns_rdatatype_nsec3))
-			{
+			       (rdataset->type == dns_rdatatype_rrsig ||
+				rdataset->type == dns_rdatatype_nsec ||
+				rdataset->type == dns_rdatatype_nsec3))
 				continue;
-			}
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
-							     print_name, false,
-							     no_rdata, &target);
-				if (result != ISC_R_SUCCESS) {
+							     print_name,
+							     false,
+							     no_rdata,
+							     &target);
+				if (result != ISC_R_SUCCESS)
 					return (result);
-				}
 #ifdef USEINITALWS
 				if (first) {
 					print_name = &empty_name;
 					first = false;
 				}
-#else  /* ifdef USEINITALWS */
+#else
 				UNUSED(first); /* Shut up compiler. */
-#endif /* ifdef USEINITALWS */
+#endif
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
 					struct rtype *t;
 					const char *rtt;
 					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE +
-						      20];
+					char typebuf2[DNS_RDATATYPE_FORMATSIZE
+						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
 
 					for (t = rtypes; t->text != NULL; t++) {
@@ -298,8 +320,8 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 						 "has %s record", typebuf);
 					rtt = typebuf2;
 				found:
-					say_message(print_name, rtt, &rdata,
-						    query);
+					say_message(print_name, rtt,
+						    &rdata, query);
 					dns_rdata_reset(&rdata);
 					loopresult =
 						dns_rdataset_next(rdataset);
@@ -308,19 +330,18 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		}
 		if (!short_form) {
 			isc_buffer_usedregion(&target, &r);
-			if (no_rdata) {
-				printf(";%.*s", (int)r.length, (char *)r.base);
-			} else {
+			if (no_rdata)
+				printf(";%.*s", (int)r.length,
+				       (char *)r.base);
+			else
 				printf("%.*s", (int)r.length, (char *)r.base);
-			}
 		}
 
 		result = dns_message_nextname(msg, sectionid);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
 	return (ISC_R_SUCCESS);
@@ -328,23 +349,24 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 
 static isc_result_t
 printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
-	   const dns_name_t *owner, const char *set_name, bool headers) {
+	   const dns_name_t *owner, const char *set_name,
+	   bool headers)
+{
 	isc_buffer_t target;
 	isc_result_t result;
 	isc_region_t r;
 	char tbuf[4096];
 
 	UNUSED(msg);
-	if (headers) {
+	if (headers)
 		printf(";; %s SECTION:\n", set_name);
-	}
 
 	isc_buffer_init(&target, tbuf, sizeof(tbuf));
 
-	result = dns_rdataset_totext(rdataset, owner, false, false, &target);
-	if (result != ISC_R_SUCCESS) {
+	result = dns_rdataset_totext(rdataset, owner, false, false,
+				     &target);
+	if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	isc_buffer_usedregion(&target, &r);
 	printf("%.*s", (int)r.length, (char *)r.base);
 
@@ -364,23 +386,23 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
 					      dns_rdatatype_cname, 0, NULL,
 					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &cname, NULL);
 		check_result(result, "dns_rdata_tostruct");
-		dns_name_copynf(&cname.cname, qname);
+		dns_name_copy(&cname.cname, qname, NULL);
 		dns_rdata_freestruct(&cname);
 	}
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	bool did_flag = false;
 	dns_rdataset_t *opt, *tsig = NULL;
 	const dns_name_t *tsigname;
@@ -401,7 +423,8 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		printf("Using domain server:\n");
 		printf("Name: %s\n", query->userarg);
-		isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
+		isc_sockaddr_format(&query->sockaddr, sockstr,
+				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
 		printed_server = true;
@@ -411,20 +434,17 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
 
-		if (query->lookup->identify_previous_line) {
+		if (query->lookup->identify_previous_line)
 			printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
 			       query->servname,
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		} else {
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
+		else
 			printf("Host %s not found: %d(%s)\n",
-			       (msg->rcode != dns_rcode_nxdomain)
-				       ? namestr
-				       : query->lookup->textname,
-			       msg->rcode, rcode_totext(msg->rcode));
-		}
+			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+			       query->lookup->textname, msg->rcode,
+			       rcode_totext(msg->rcode));
 		return (ISC_R_SUCCESS);
 	}
 
@@ -436,7 +456,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		/* Add AAAA and MX lookups. */
 		name = dns_fixedname_initname(&fixed);
-		dns_name_copynf(query->lookup->name, name);
+		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
 		lookup = clone_lookup(query->lookup, false);
@@ -502,70 +522,60 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		       msg->counts[DNS_SECTION_AUTHORITY],
 		       msg->counts[DNS_SECTION_ADDITIONAL]);
 		opt = dns_message_getopt(msg);
-		if (opt != NULL) {
+		if (opt != NULL)
 			printf(";; EDNS: version: %u, udp=%u\n",
 			       (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
 			       (unsigned int)opt->rdclass);
-		}
 		tsigname = NULL;
 		tsig = dns_message_gettsig(msg, &tsigname);
-		if (tsig != NULL) {
+		if (tsig != NULL)
 			printf(";; PSEUDOSECTIONS: TSIG\n");
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) && !short_form)
-	{
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) &&
+	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		if (!short_form) {
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+		if (!short_form)
 			printf("\n");
-		}
 		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
 				      !short_form, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
 				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
+	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
 	    !short_form) {
 		printf("\n");
-		result = printsection(msg, DNS_SECTION_ADDITIONAL, "ADDITIONAL",
-				      true, query);
-		if (result != ISC_R_SUCCESS) {
+		result = printsection(msg, DNS_SECTION_ADDITIONAL,
+				      "ADDITIONAL", true, query);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
 	if ((tsig != NULL) && !short_form) {
 		printf("\n");
-		result = printrdata(msg, tsig, tsigname, "PSEUDOSECTION TSIG",
-				    true);
-		if (result != ISC_R_SUCCESS) {
+		result = printrdata(msg, tsig, tsigname,
+				    "PSEUDOSECTION TSIG", true);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		}
 	}
-	if (!short_form) {
+	if (!short_form)
 		printf("\n");
-	}
 
 	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
-	{
+	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		char typestr[DNS_RDATATYPE_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
@@ -577,12 +587,12 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	return (result);
 }
 
-static const char *optstring = "46aAc:dilnm:p:rst:vVwCDN:R:TUW:";
+static const char * optstring = "46aAc:dilnm:rst:vVwCDN:R:TUW:";
 
 /*% version */
 static void
 version(void) {
-	fprintf(stderr, "host %s\n", PACKAGE_VERSION);
+	fputs("host " VERSION "\n", stderr);
 }
 
 static void
@@ -594,77 +604,52 @@ pre_parse_args(int argc, char **argv) {
 		case 'm':
 			memdebugging = true;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
-			{
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			} else if (strcasecmp("record",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("record",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			} else if (strcasecmp("usage",
-					      isc_commandline_argument) == 0) {
+			else if (strcasecmp("usage",
+					    isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			}
 			break;
 
 		case '4':
-			if (ipv6only) {
+			if (ipv6only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv4only = true;
 			break;
 		case '6':
-			if (ipv4only) {
+			if (ipv4only)
 				fatal("only one of -4 and -6 allowed");
-			}
 			ipv6only = true;
 			break;
-		case 'a':
-			break;
-		case 'A':
-			break;
-		case 'c':
-			break;
-		case 'C':
-			break;
-		case 'd':
-			break;
+		case 'a': break;
+		case 'A': break;
+		case 'c': break;
+		case 'C': break;
+		case 'd': break;
 		case 'D':
-			if (debugging) {
+			if (debugging)
 				debugtiming = true;
-			}
 			debugging = true;
 			break;
-		case 'i':
-			break;
-		case 'l':
-			break;
-		case 'n':
-			break;
-		case 'N':
-			break;
-		case 'p':
-			break;
-		case 'r':
-			break;
-		case 'R':
-			break;
-		case 's':
-			break;
-		case 't':
-			break;
-		case 'T':
-			break;
-		case 'U':
-			break;
-		case 'v':
-			break;
+		case 'i': break;
+		case 'l': break;
+		case 'n': break;
+		case 'N': break;
+		case 'r': break;
+		case 'R': break;
+		case 's': break;
+		case 't': break;
+		case 'T': break;
+		case 'U': break;
+		case 'v': break;
 		case 'V':
-			version();
-			exit(0);
-			break;
-		case 'w':
-			break;
-		case 'W':
-			break;
+			  version();
+			  exit(0);
+			  break;
+		case 'w': break;
+		case 'W': break;
 		default:
 			show_usage();
 		}
@@ -690,7 +675,6 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	lookup = make_empty_lookup();
 
 	lookup->servfail_stops = false;
-	lookup->besteffort = false;
 	lookup->comments = false;
 	short_form = !verbose;
 
@@ -710,8 +694,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			lookup->recurse = false;
 			break;
 		case 't':
-			if (strncasecmp(isc_commandline_argument, "ixfr=", 5) ==
-			    0) {
+			if (strncasecmp(isc_commandline_argument,
+					"ixfr=", 5) == 0) {
 				rdtype = dns_rdatatype_ixfr;
 				/* XXXMPA add error checking */
 				serial = strtoul(isc_commandline_argument + 5,
@@ -720,8 +704,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			} else {
 				tr.base = isc_commandline_argument;
 				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(
-					&rdtype, (isc_textregion_t *)&tr);
+				result = dns_rdatatype_fromtext(&rdtype,
+						   (isc_textregion_t *)&tr);
 			}
 
 			if (result != ISC_R_SUCCESS) {
@@ -730,9 +714,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				      isc_commandline_argument);
 			}
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			}
 			lookup->rdtypeset = true;
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
@@ -744,20 +727,18 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				lookup->tcp_mode = true;
 				list_type = rdtype;
 			} else if (rdtype == dns_rdatatype_any) {
-				if (!lookup->tcp_mode_set) {
+				if (!lookup->tcp_mode_set)
 					lookup->tcp_mode = true;
-				}
-			} else {
+			} else
 				list_type = rdtype;
-			}
 			list_addresses = false;
 			default_lookups = false;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
 			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdataclass_fromtext(
-				&rdclass, (isc_textregion_t *)&tr);
+			result = dns_rdataclass_fromtext(&rdclass,
+						   (isc_textregion_t *)&tr);
 
 			if (result != ISC_R_SUCCESS) {
 				fatalexit = 2;
@@ -771,12 +752,11 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'A':
 			list_almost_all = true;
-		/* FALL THROUGH */
+			/* FALL THROUGH */
 		case 'a':
 			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr) {
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
-			}
 			list_type = dns_rdatatype_any;
 			list_addresses = false;
 			lookup->rdtypeset = true;
@@ -801,15 +781,13 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			break;
 		case 'W':
 			timeout = atoi(isc_commandline_argument);
-			if (timeout < 1) {
+			if (timeout < 1)
 				timeout = 1;
-			}
 			break;
 		case 'R':
 			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2) {
+			if (tries < 2)
 				tries = 2;
-			}
 			break;
 		case 'T':
 			lookup->tcp_mode = true;
@@ -831,7 +809,8 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			default_lookups = false;
 			break;
 		case 'N':
-			debug("setting NDOTS to %s", isc_commandline_argument);
+			debug("setting NDOTS to %s",
+			      isc_commandline_argument);
 			ndots = atoi(isc_commandline_argument);
 			break;
 		case 'D':
@@ -846,31 +825,26 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 		case 's':
 			lookup->servfail_stops = true;
 			break;
-		case 'p':
-			port = atoi(isc_commandline_argument);
-			break;
 		}
 	}
 
 	lookup->retries = tries;
 
-	if (isc_commandline_index >= argc) {
+	if (isc_commandline_index >= argc)
 		show_usage();
-	}
 
 	strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 
 	if (argc > isc_commandline_index + 1) {
-		set_nameserver(argv[isc_commandline_index + 1]);
-		debug("server is %s", argv[isc_commandline_index + 1]);
+		set_nameserver(argv[isc_commandline_index+1]);
+		debug("server is %s", argv[isc_commandline_index+1]);
 		listed_server = true;
-	} else {
+	} else
 		check_ra = true;
-	}
 
 	lookup->pending = false;
-	if (get_reverse(store, sizeof(store), hostname, true) == ISC_R_SUCCESS)
-	{
+	if (get_reverse(store, sizeof(store), hostname, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -883,6 +857,17 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	ISC_LIST_APPEND(lookup_list, lookup, link);
 }
 
+static void
+host_error(const char *format, ...) {
+	va_list args;
+
+	printf(";; ");
+	va_start(args, format);
+	vfprintf(stdout, format, args);
+	va_end(args);
+	printf("\n");
+}
+
 int
 main(int argc, char **argv) {
 	isc_result_t result;
@@ -900,6 +885,7 @@ main(int argc, char **argv) {
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = host_shutdown;
+	dighost_error = host_error;
 
 	debug("main()");
 	progname = argv[0];
@@ -909,11 +895,10 @@ main(int argc, char **argv) {
 	setup_libs();
 	setup_system(ipv4only, ipv6only);
 	parse_args(false, argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();

bin/dig/host.docbook

@@ -48,7 +48,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -59,7 +58,6 @@
       <arg choice="opt" rep="norepeat"><option>-aACdlnrsTUwv</option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="port">port</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
@@ -215,15 +213,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the port on the server to query.  The default is 53.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-r</term>
 	<listitem>

bin/dig/host.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -36,7 +36,6 @@
        [<code class="option">-aACdlnrsTUwv</code>]
        [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
        [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>]
-       [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
        [<code class="option">-R <em class="replaceable"><code>number</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
        [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>]
@@ -166,12 +165,6 @@
 	    in <code class="filename">/etc/resolv.conf</code>.
 	  </p>
 	</dd>
-<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
-<dd>
-	  <p>
-	    Specify the port on the server to query.  The default is 53.
-	  </p>
-	</dd>
 <dt><span class="term">-r</span></dt>
 <dd>
 	  <p>

bin/dig/include/.clang-format

@@ -1 +0,0 @@
-../../../.clang-format.headers

bin/dig/include/dig/dig.h

@@ -17,7 +17,10 @@
 #include <inttypes.h>
 #include <stdbool.h>
 
-#include <isc/attributes.h>
+#include <dns/rdatalist.h>
+
+#include <dst/dst.h>
+
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
 #include <isc/formatcheck.h>
@@ -29,24 +32,20 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#include <dns/rdatalist.h>
-
-#include <dst/dst.h>
-
 #ifdef __APPLE__
 #include <TargetConditionals.h>
-#endif /* ifdef __APPLE__ */
+#endif
 
 #define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT + 1)
-#define MXRD   32
+#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXRD 32
 /*% Buffer Size */
-#define BUFSIZE	 512
+#define BUFSIZE 512
 #define COMMSIZE 0xffff
 #ifndef RESOLV_CONF
 /*% location of resolve.conf */
 #define RESOLV_CONF "/etc/resolv.conf"
-#endif /* ifndef RESOLV_CONF */
+#endif
 /*% output buffer */
 #define OUTPUTBUF 32767
 /*% Max RR Limit */
@@ -83,36 +82,67 @@ typedef struct dig_server dig_server_t;
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-#define DIG_QUERY_MAGIC ISC_MAGIC('D', 'i', 'g', 'q')
+#define DIG_QUERY_MAGIC		ISC_MAGIC('D','i','g','q')
+
+#define DIG_VALID_QUERY(x)	ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
-#define DIG_VALID_QUERY(x) ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
 
 /*% The dig_lookup structure */
 struct dig_lookup {
-	bool pending, /*%< Pending a successful answer */
-		waiting_connect, doing_xfr, ns_search_only, /*%< dig
-							     * +nssearch,
-							     * host -C */
+	bool
+		pending, /*%< Pending a successful answer */
+		waiting_connect,
+		doing_xfr,
+		ns_search_only, /*%< dig +nssearch, host -C */
 		identify, /*%< Append an "on server <foo>" message */
 		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					 * message, with newline and tab */
-		ignore, recurse, aaonly, adflag, cdflag, raflag, tcflag, zflag,
-		trace,	    /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch
-			     * */
-		tcp_mode, tcp_mode_set, comments, stats, section_question,
-		section_answer, section_authority, section_additional,
-		servfail_stops, new_search, need_search, done_as_is, besteffort,
-		dnssec, expire, sendcookie, seenbadcookie, badcookie,
-		nsid, /*% Name Server ID (RFC 5001) */
-		tcp_keepalive, header_only, ednsneg, mapped,
-		print_unknown_format, multiline, nottl, noclass, onesoa,
-		use_usec, nocrypto, ttlunits, idnin, idnout, expandaaaa, qr,
-		accept_reply_unexpected_src; /*%  print replies from
-					      * unexpected
-					      *   sources. */
-	char textname[MXNAME];		     /*% Name we're going to be
-					      * looking up */
+					   message, with newline and tab */
+		ignore,
+		recurse,
+		aaonly,
+		adflag,
+		cdflag,
+		raflag,
+		tcflag,
+		zflag,
+		trace, /*% dig +trace */
+		trace_root, /*% initial query for either +trace or +nssearch */
+		tcp_mode,
+		tcp_mode_set,
+		comments,
+		stats,
+		section_question,
+		section_answer,
+		section_authority,
+		section_additional,
+		servfail_stops,
+		new_search,
+		need_search,
+		done_as_is,
+		besteffort,
+		dnssec,
+		expire,
+		sendcookie,
+		seenbadcookie,
+		badcookie,
+		nsid,   /*% Name Server ID (RFC 5001) */
+		tcp_keepalive,
+		header_only,
+		ednsneg,
+		mapped,
+		print_unknown_format,
+		multiline,
+		nottl,
+		noclass,
+		onesoa,
+		use_usec,
+		nocrypto,
+		ttlunits,
+		idnin,
+		idnout,
+		expandaaaa,
+		qr;
+	char textname[MXNAME]; /*% Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
@@ -163,9 +193,16 @@ struct dig_lookup {
 struct dig_query {
 	unsigned int magic;
 	dig_lookup_t *lookup;
-	bool waiting_connect, pending_free, waiting_senddone, first_pass,
-		first_soa_rcvd, second_rr_rcvd, first_repeat_rcvd, recv_made,
-		warn_id, timedout;
+	bool waiting_connect,
+		pending_free,
+		waiting_senddone,
+		first_pass,
+		first_soa_rcvd,
+		second_rr_rcvd,
+		first_repeat_rcvd,
+		recv_made,
+		warn_id,
+		timedout;
 	uint32_t first_rr_serial;
 	uint32_t second_rr_serial;
 	uint32_t msg_count;
@@ -173,8 +210,12 @@ struct dig_query {
 	bool ixfr_axfr;
 	char *servname;
 	char *userarg;
-	isc_buffer_t recvbuf, lengthbuf, tmpsendbuf, sendbuf;
-	char *recvspace, *tmpsendspace, lengthspace[4];
+	isc_buffer_t recvbuf,
+		lengthbuf,
+		tmpsendbuf,
+		sendbuf;
+	char *recvspace, *tmpsendspace,
+		lengthspace[4];
 	isc_socket_t *sock;
 	ISC_LINK(dig_query_t) link;
 	ISC_LINK(dig_query_t) clink;
@@ -208,8 +249,8 @@ extern dig_serverlist_t server_list;
 extern dig_searchlistlist_t search_list;
 extern unsigned int extrabytes;
 
-extern bool check_ra, have_ipv4, have_ipv6, specified_source, usesearch,
-	showsearch, yaml;
+extern bool check_ra, have_ipv4, have_ipv6, specified_source,
+	usesearch, showsearch;
 extern in_port_t port;
 extern unsigned int timeout;
 extern isc_mem_t *mctx;
@@ -248,14 +289,16 @@ getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp);
 isc_result_t
 get_reverse(char *reverse, size_t len, char *value, bool strict);
 
-ISC_NORETURN void
-fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+ISC_PLATFORM_NORETURN_PRE void
+fatal(const char *format, ...)
+ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 void
 warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
-ISC_NORETURN void
-digexit(void);
+ISC_PLATFORM_NORETURN_PRE void
+digexit(void)
+ISC_PLATFORM_NORETURN_POST;
 
 void
 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
@@ -288,10 +331,12 @@ void
 setup_system(bool ipv4only, bool ipv6only);
 
 isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_uint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max, const char *desc);
+parse_xint(uint32_t *uip, const char *value, uint32_t max,
+	   const char *desc);
 
 isc_result_t
 parse_netprefix(isc_sockaddr_t **sap, const char *value);
@@ -318,7 +363,8 @@ void
 set_nameserver(char *opt);
 
 void
-clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest);
+clone_server_list(dig_serverlist_t src,
+		  dig_serverlist_t *dest);
 
 void
 cancel_all(void);
@@ -333,50 +379,42 @@ set_search_domain(char *domain);
  * Routines to be defined in dig.c, host.c, and nslookup.c. and
  * then assigned to the appropriate function pointer
  */
-extern isc_result_t (*dighost_printmessage)(dig_query_t *query,
-					    const isc_buffer_t *msgbuf,
-					    dns_message_t *msg, bool headers);
+extern isc_result_t
+(*dighost_printmessage)(dig_query_t *query, const isc_buffer_t *msgbuf,
+			dns_message_t *msg, bool headers);
 
 /*
  * Print an error message in the appropriate format.
  */
-extern void (*dighost_error)(const char *format, ...);
-
-/*
- * Print a warning message in the appropriate format.
- */
-extern void (*dighost_warning)(const char *format, ...);
-
-/*
- * Print a comment in the appropriate format.
- */
-extern void (*dighost_comments)(dig_lookup_t *lookup, const char *format, ...);
+extern void
+(*dighost_error)(const char *format, ...);
 
 /*%<
  * Print the final result of the lookup.
  */
 
-extern void (*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
-				dig_query_t *query);
+extern void
+(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
+		    dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
  * output of "dig".
  */
 
-extern void (*dighost_trying)(char *frm, dig_lookup_t *lookup);
+extern void
+(*dighost_trying)(char *frm, dig_lookup_t *lookup);
 
-extern void (*dighost_shutdown)(void);
+extern void
+(*dighost_shutdown)(void);
 
-extern void (*dighost_pre_exit_hook)(void);
+extern void
+(*dighost_pre_exit_hook)(void);
 
-void
-save_opt(dig_lookup_t *lookup, char *code, char *value);
+void save_opt(dig_lookup_t *lookup, char *code, char *value);
 
-void
-setup_file_key(void);
-void
-setup_text_key(void);
+void setup_file_key(void);
+void setup_text_key(void);
 
 /*
  * Routines exported from dig.c for use by dig for iOS
@@ -415,4 +453,4 @@ dig_shutdown(void);
 
 ISC_LANG_ENDDECLS
 
-#endif /* ifndef DIG_H */
+#endif

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -233,10 +233,7 @@ Change the default TCP/UDP name server port to
 .RS 4
 Change the type of the information query\&.
 .sp
-(Default = A and then AAAA; abbreviations = q, ty)
-.sp
-\fBNote:\fR
-It is only possible to specify one query type, only the default behavior looks up both when an alternative is not specified\&.
+(Default = A; abbreviations = q, ty)
 .RE
 .PP
 \fB\fI[no]\fR\fR\fBrecurse\fR
@@ -304,5 +301,5 @@ runs or when the standard output is not a tty\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -15,51 +15,52 @@
 #include <unistd.h>
 
 #include <isc/app.h>
-#include <isc/attributes.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/event.h>
-#include <isc/netaddr.h>
 #include <isc/parseint.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/task.h>
 #include <isc/util.h>
+#include <isc/task.h>
+#include <isc/netaddr.h>
 
-#include <dns/byaddr.h>
-#include <dns/fixedname.h>
 #include <dns/message.h>
 #include <dns/name.h>
+#include <dns/fixedname.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
 #include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
+#include <dns/byaddr.h>
 
-#include "dighost.h"
+#include <dig/dig.h>
 
 #if defined(HAVE_READLINE)
 #if defined(HAVE_EDIT_READLINE_READLINE_H)
 #include <edit/readline/readline.h>
 #if defined(HAVE_EDIT_READLINE_HISTORY_H)
 #include <edit/readline/history.h>
-#endif /* if defined(HAVE_EDIT_READLINE_HISTORY_H) */
+#endif
 #elif defined(HAVE_EDITLINE_READLINE_H)
 #include <editline/readline.h>
 #elif defined(HAVE_READLINE_READLINE_H)
 #include <readline/readline.h>
-#if defined(HAVE_READLINE_HISTORY_H)
+#if defined (HAVE_READLINE_HISTORY_H)
 #include <readline/history.h>
-#endif /* if defined(HAVE_READLINE_HISTORY_H) */
-#endif /* if defined(HAVE_EDIT_READLINE_READLINE_H) */
-#endif /* if defined(HAVE_READLINE) */
+#endif
+#endif
+#endif
 
-static bool short_form = true, tcpmode = false, tcpmode_set = false,
-	    identify = false, stats = true, comments = true,
-	    section_question = true, section_answer = true,
-	    section_authority = true, section_additional = true, recurse = true,
-	    aaonly = false, nofail = true, default_lookups = true,
-	    a_noanswer = false;
+static bool short_form = true,
+	tcpmode = false, tcpmode_set = false,
+	identify = false, stats = true,
+	comments = true, section_question = true,
+	section_answer = true, section_authority = true,
+	section_additional = true, recurse = true,
+	aaonly = false, nofail = true,
+	default_lookups = true, a_noanswer = false;
 
 static bool interactive;
 
@@ -71,80 +72,91 @@ static int query_error = 1, print_error = 0;
 
 static char domainopt[DNS_NAME_MAXTEXT];
 
-static const char *rcodetext[] = { "NOERROR",	 "FORMERR",    "SERVFAIL",
-				   "NXDOMAIN",	 "NOTIMP",     "REFUSED",
-				   "YXDOMAIN",	 "YXRRSET",    "NXRRSET",
-				   "NOTAUTH",	 "NOTZONE",    "RESERVED11",
-				   "RESERVED12", "RESERVED13", "RESERVED14",
-				   "RESERVED15", "BADVERS" };
+static const char *rcodetext[] = {
+	"NOERROR",
+	"FORMERR",
+	"SERVFAIL",
+	"NXDOMAIN",
+	"NOTIMP",
+	"REFUSED",
+	"YXDOMAIN",
+	"YXRRSET",
+	"NXRRSET",
+	"NOTAUTH",
+	"NOTZONE",
+	"RESERVED11",
+	"RESERVED12",
+	"RESERVED13",
+	"RESERVED14",
+	"RESERVED15",
+	"BADVERS"
+};
 
 static const char *rtypetext[] = {
-	"rtype_0 = ",	       /* 0 */
-	"internet address = ", /* 1 */
-	"nameserver = ",       /* 2 */
-	"md = ",	       /* 3 */
-	"mf = ",	       /* 4 */
-	"canonical name = ",   /* 5 */
-	"soa = ",	       /* 6 */
-	"mb = ",	       /* 7 */
-	"mg = ",	       /* 8 */
-	"mr = ",	       /* 9 */
-	"rtype_10 = ",	       /* 10 */
-	"protocol = ",	       /* 11 */
-	"name = ",	       /* 12 */
-	"hinfo = ",	       /* 13 */
-	"minfo = ",	       /* 14 */
-	"mail exchanger = ",   /* 15 */
-	"text = ",	       /* 16 */
-	"rp = ",	       /* 17 */
-	"afsdb = ",	       /* 18 */
-	"x25 address = ",      /* 19 */
-	"isdn address = ",     /* 20 */
-	"rt = ",	       /* 21 */
-	"nsap = ",	       /* 22 */
-	"nsap_ptr = ",	       /* 23 */
-	"signature = ",	       /* 24 */
-	"key = ",	       /* 25 */
-	"px = ",	       /* 26 */
-	"gpos = ",	       /* 27 */
-	"has AAAA address ",   /* 28 */
-	"loc = ",	       /* 29 */
-	"next = ",	       /* 30 */
-	"rtype_31 = ",	       /* 31 */
-	"rtype_32 = ",	       /* 32 */
-	"service = ",	       /* 33 */
-	"rtype_34 = ",	       /* 34 */
-	"naptr = ",	       /* 35 */
-	"kx = ",	       /* 36 */
-	"cert = ",	       /* 37 */
-	"v6 address = ",       /* 38 */
-	"dname = ",	       /* 39 */
-	"rtype_40 = ",	       /* 40 */
-	"optional = "	       /* 41 */
+	"rtype_0 = ",			/* 0 */
+	"internet address = ",		/* 1 */
+	"nameserver = ",		/* 2 */
+	"md = ",			/* 3 */
+	"mf = ",			/* 4 */
+	"canonical name = ",		/* 5 */
+	"soa = ",			/* 6 */
+	"mb = ",			/* 7 */
+	"mg = ",			/* 8 */
+	"mr = ",			/* 9 */
+	"rtype_10 = ",			/* 10 */
+	"protocol = ",			/* 11 */
+	"name = ",			/* 12 */
+	"hinfo = ",			/* 13 */
+	"minfo = ",			/* 14 */
+	"mail exchanger = ",		/* 15 */
+	"text = ",			/* 16 */
+	"rp = ",       			/* 17 */
+	"afsdb = ",			/* 18 */
+	"x25 address = ",		/* 19 */
+	"isdn address = ",		/* 20 */
+	"rt = ",			/* 21 */
+	"nsap = ",			/* 22 */
+	"nsap_ptr = ",			/* 23 */
+	"signature = ",			/* 24 */
+	"key = ",			/* 25 */
+	"px = ",			/* 26 */
+	"gpos = ",			/* 27 */
+	"has AAAA address ",		/* 28 */
+	"loc = ",			/* 29 */
+	"next = ",			/* 30 */
+	"rtype_31 = ",			/* 31 */
+	"rtype_32 = ",			/* 32 */
+	"service = ",			/* 33 */
+	"rtype_34 = ",			/* 34 */
+	"naptr = ",			/* 35 */
+	"kx = ",			/* 36 */
+	"cert = ",			/* 37 */
+	"v6 address = ",		/* 38 */
+	"dname = ",			/* 39 */
+	"rtype_40 = ",			/* 40 */
+	"optional = "			/* 41 */
 };
 
 #define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
 
-static void
-flush_lookup_list(void);
-static void
-getinput(isc_task_t *task, isc_event_t *event);
+static void flush_lookup_list(void);
+static void getinput(isc_task_t *task, isc_event_t *event);
 
 static char *
-rcode_totext(dns_rcode_t rcode) {
+rcode_totext(dns_rcode_t rcode)
+{
 	static char buf[sizeof("?65535")];
 	union {
 		const char *consttext;
 		char *deconsttext;
 	} totext;
 
-	if (rcode >= (sizeof(rcodetext) / sizeof(rcodetext[0]))) {
+	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
 		snprintf(buf, sizeof(buf), "?%u", rcode);
 		totext.deconsttext = buf;
-	} else {
+	} else
 		totext.consttext = rcodetext[rcode];
-	}
-	return (totext.deconsttext);
+	return totext.deconsttext;
 }
 
 static void
@@ -203,22 +215,22 @@ printrdata(dns_rdata_t *rdata) {
 	unsigned int size = 1024;
 	bool done = false;
 
-	if (rdata->type < N_KNOWN_RRTYPES) {
+	if (rdata->type < N_KNOWN_RRTYPES)
 		printf("%s", rtypetext[rdata->type]);
-	} else {
+	else
 		printf("rdata_%d = ", rdata->type);
-	}
 
 	while (!done) {
-		isc_buffer_allocate(mctx, &b, size);
+		result = isc_buffer_allocate(mctx, &b, size);
+		if (result != ISC_R_SUCCESS)
+			check_result(result, "isc_buffer_allocate");
 		result = dns_rdata_totext(rdata, NULL, b);
 		if (result == ISC_R_SUCCESS) {
 			printf("%.*s\n", (int)isc_buffer_usedlength(b),
 			       (char *)isc_buffer_base(b));
 			done = true;
-		} else if (result != ISC_R_NOSPACE) {
+		} else if (result != ISC_R_NOSPACE)
 			check_result(result, "dns_rdata_totext");
-		}
 		isc_buffer_free(&b);
 		size *= 2;
 	}
@@ -239,26 +251,25 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	debug("printsection()");
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 				switch (rdata.type) {
 				case dns_rdatatype_a:
 				case dns_rdatatype_aaaa:
-					if (section != DNS_SECTION_ANSWER) {
+					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
-					}
 					dns_name_format(name, namebuf,
 							sizeof(namebuf));
 					printf("Name:\t%s\n", namebuf);
@@ -283,9 +294,9 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -294,7 +305,7 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 
 static isc_result_t
 detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
-	      dns_section_t section) {
+	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
 	dns_rdataset_t *rdataset = NULL;
@@ -323,32 +334,36 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 	}
 
 	result = dns_message_firstname(msg, section);
-	if (result == ISC_R_NOMORE) {
+	if (result == ISC_R_NOMORE)
 		return (ISC_R_SUCCESS);
-	} else if (result != ISC_R_SUCCESS) {
+	else if (result != ISC_R_SUCCESS)
 		return (result);
-	}
 	for (;;) {
 		name = NULL;
-		dns_message_currentname(msg, section, &name);
-		for (rdataset = ISC_LIST_HEAD(name->list); rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link))
-		{
+		dns_message_currentname(msg, section,
+					&name);
+		for (rdataset = ISC_LIST_HEAD(name->list);
+		     rdataset != NULL;
+		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (section == DNS_SECTION_QUESTION) {
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("\t%s, ", namebuf);
-				dns_rdatatype_format(rdataset->type, namebuf,
+				dns_rdatatype_format(rdataset->type,
+						     namebuf,
 						     sizeof(namebuf));
 				printf("type = %s, ", namebuf);
 				dns_rdataclass_format(rdataset->rdclass,
-						      namebuf, sizeof(namebuf));
+						      namebuf,
+						      sizeof(namebuf));
 				printf("class = %s\n", namebuf);
 			}
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
 
-				dns_name_format(name, namebuf, sizeof(namebuf));
+				dns_name_format(name, namebuf,
+						sizeof(namebuf));
 				printf("    ->  %s\n", namebuf);
 
 				switch (rdata.type) {
@@ -365,9 +380,9 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 			}
 		}
 		result = dns_message_nextname(msg, section);
-		if (result == ISC_R_NOMORE) {
+		if (result == ISC_R_NOMORE)
 			break;
-		} else if (result != ISC_R_SUCCESS) {
+		else if (result != ISC_R_SUCCESS) {
 			return (result);
 		}
 	}
@@ -375,7 +390,8 @@ detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query)
+{
 	UNUSED(bytes);
 	UNUSED(from);
 	UNUSED(query);
@@ -398,25 +414,24 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 	while (i-- > 0) {
 		rdataset = NULL;
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-					      dns_rdatatype_cname, 0, NULL,
-					      &rdataset);
-		if (result != ISC_R_SUCCESS) {
+				dns_rdatatype_cname, 0, NULL, &rdataset);
+		if (result != ISC_R_SUCCESS)
 			return;
-		}
 		result = dns_rdataset_first(rdataset);
 		check_result(result, "dns_rdataset_first");
 		dns_rdata_reset(&rdata);
 		dns_rdataset_current(rdataset, &rdata);
 		result = dns_rdata_tostruct(&rdata, &cname, NULL);
 		check_result(result, "dns_rdata_tostruct");
-		dns_name_copynf(&cname.cname, qname);
+		dns_name_copy(&cname.cname, qname, NULL);
 		dns_rdata_freestruct(&cname);
 	}
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
-	     bool headers) {
+printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
+	     dns_message_t *msg, bool headers)
+{
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
 	UNUSED(msgbuf);
@@ -426,7 +441,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	debug("printmessage()");
 
-	if (!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
+	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
 		isc_sockaddr_format(&query->sockaddr, servtext,
 				    sizeof(servtext));
 		printf("Server:\t\t%s\n", query->userarg);
@@ -447,10 +462,10 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 	if (msg->rcode != 0) {
 		char nametext[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name, nametext,
-				sizeof(nametext));
-		printf("** server can't find %s: %s\n", nametext,
-		       rcode_totext(msg->rcode));
+		dns_name_format(query->lookup->name,
+				nametext, sizeof(nametext));
+		printf("** server can't find %s: %s\n",
+		       nametext, rcode_totext(msg->rcode));
 		debug("returning with rcode == 0");
 
 		/* the lookup failed */
@@ -458,7 +473,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 		return (ISC_R_SUCCESS);
 	}
 
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+	if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dig_lookup_t *lookup;
 		dns_fixedname_t fixed;
@@ -466,7 +481,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 
 		/* Add AAAA lookup. */
 		name = dns_fixedname_initname(&fixed);
-		dns_name_copynf(query->lookup->name, name);
+		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
 		lookup = clone_lookup(query->lookup, false);
@@ -482,32 +497,29 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf, dns_message_t *msg,
 	}
 
 	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
-	    (!default_lookups || query->lookup->rdtype == dns_rdatatype_a))
-	{
+	    ( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
 		puts("Non-authoritative answer:");
-	}
-	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
-	} else {
+	else {
 		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
-		{
 			a_noanswer = true;
-		} else if (!default_lookups ||
-			   (query->lookup->rdtype == dns_rdatatype_aaaa &&
-			    a_noanswer))
-		{
+
+		else if (!default_lookups ||
+			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
+			 a_noanswer ) )
 			printf("*** Can't find %s: No answer\n",
-			       query->lookup->textname);
-		}
+				query->lookup->textname);
 	}
 
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
 	    (query->lookup->rdtype != dns_rdatatype_a) &&
-	    (query->lookup->rdtype != dns_rdatatype_aaaa))
-	{
+	    (query->lookup->rdtype != dns_rdatatype_aaaa) ) {
 		puts("\nAuthoritative answers can be found from:");
-		printsection(query, msg, headers, DNS_SECTION_AUTHORITY);
-		printsection(query, msg, headers, DNS_SECTION_ADDITIONAL);
+		printsection(query, msg, headers,
+			     DNS_SECTION_AUTHORITY);
+		printsection(query, msg, headers,
+			     DNS_SECTION_ADDITIONAL);
 	}
 	return (ISC_R_SUCCESS);
 }
@@ -528,32 +540,32 @@ show_settings(bool full, bool serv_only) {
 		check_result(result, "get_address");
 
 		isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
-		printf("Default server: %s\nAddress: %s\n", srv->userarg,
-		       sockstr);
-		if (!full) {
+		printf("Default server: %s\nAddress: %s\n",
+			srv->userarg, sockstr);
+		if (!full)
 			return;
-		}
 		srv = ISC_LIST_NEXT(srv, link);
 	}
-	if (serv_only) {
+	if (serv_only)
 		return;
-	}
 	printf("\nSet options:\n");
-	printf("  %s\t\t\t%s\t\t%s\n", tcpmode ? "vc" : "novc",
-	       short_form ? "nodebug" : "debug", debugging ? "d2" : "nod2");
-	printf("  %s\t\t%s\n", usesearch ? "search" : "nosearch",
+	printf("  %s\t\t\t%s\t\t%s\n",
+	       tcpmode ? "vc" : "novc",
+	       short_form ? "nodebug" : "debug",
+	       debugging ? "d2" : "nod2");
+	printf("  %s\t\t%s\n",
+	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n", timeout,
-	       tries, port, ndots);
+	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n",
+	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
-	for (listent = ISC_LIST_HEAD(search_list); listent != NULL;
-	     listent = ISC_LIST_NEXT(listent, link))
-	{
-		printf("%s", listent->origin);
-		if (ISC_LIST_NEXT(listent, link) != NULL) {
-			printf("/");
-		}
+	for (listent = ISC_LIST_HEAD(search_list);
+	     listent != NULL;
+	     listent = ISC_LIST_NEXT(listent, link)) {
+		     printf("%s", listent->origin);
+		     if (ISC_LIST_NEXT(listent, link) != NULL)
+			     printf("/");
 	}
 	printf("\n");
 }
@@ -567,9 +579,9 @@ testtype(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query type: %s\n", typetext);
 		return (false);
 	}
@@ -584,9 +596,9 @@ testclass(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		return (true);
-	} else {
+	else {
 		printf("unknown query class: %s\n", typetext);
 		return (false);
 	}
@@ -596,41 +608,37 @@ static void
 set_port(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 65535, "port");
-	if (result == ISC_R_SUCCESS) {
-		port = (uint16_t)n;
-	}
+	if (result == ISC_R_SUCCESS)
+		port = (uint16_t) n;
 }
 
 static void
 set_timeout(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		timeout = n;
-	}
 }
 
 static void
 set_tries(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		tries = n;
-	}
 }
 
 static void
 set_ndots(const char *value) {
 	uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 128, "ndots");
-	if (result == ISC_R_SUCCESS) {
+	if (result == ISC_R_SUCCESS)
 		ndots = n;
-	}
 }
 
 static void
 version(void) {
-	fprintf(stderr, "nslookup %s\n", PACKAGE_VERSION);
+	fputs("nslookup " VERSION "\n", stderr);
 }
 
 static void
@@ -643,13 +651,11 @@ setoption(char *opt) {
 	if (CHECKOPT("all", 3)) {
 		show_settings(true, false);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
-		if (testclass(&opt[6])) {
+		if (testclass(&opt[6]))
 			strlcpy(defclass, &opt[6], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
-		if (testclass(&opt[3])) {
+		if (testclass(&opt[3]))
 			strlcpy(defclass, &opt[3], sizeof(defclass));
-		}
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5])) {
 			strlcpy(deftype, &opt[5], sizeof(deftype));
@@ -731,9 +737,9 @@ setoption(char *opt) {
 	} else if (CHECKOPT("sil", 3)) {
 		/* deprecation_msg = false; */
 	} else if (CHECKOPT("fail", 3)) {
-		nofail = false;
+		nofail=false;
 	} else if (CHECKOPT("nofail", 5)) {
-		nofail = true;
+		nofail=true;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
 	} else {
@@ -769,7 +775,8 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, true) == ISC_R_SUCCESS) {
+	if (get_reverse(store, sizeof(store), opt, true)
+	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = true;
@@ -789,21 +796,18 @@ addlookup(char *opt) {
 	lookup->retries = tries;
 	lookup->udpsize = 0;
 	lookup->comments = comments;
-	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set) {
+	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
 		lookup->tcp_mode = true;
-	} else {
+	else
 		lookup->tcp_mode = tcpmode;
-	}
 	lookup->stats = stats;
 	lookup->section_question = section_question;
 	lookup->section_answer = section_answer;
 	lookup->section_authority = section_authority;
 	lookup->section_additional = section_additional;
 	lookup->new_search = true;
-	lookup->besteffort = false;
-	if (nofail) {
+	if (nofail)
 		lookup->servfail_stops = false;
-	}
 	ISC_LIST_INIT(lookup->q);
 	ISC_LINK_INIT(lookup, link);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -820,11 +824,11 @@ do_next_command(char *input) {
 		return;
 	}
 	arg = strtok_r(NULL, " \t\r\n", &last);
-	if ((strcasecmp(ptr, "set") == 0) && (arg != NULL)) {
+	if ((strcasecmp(ptr, "set") == 0) &&
+	    (arg != NULL))
 		setoption(arg);
-	} else if ((strcasecmp(ptr, "server") == 0) ||
-		   (strcasecmp(ptr, "lserver") == 0))
-	{
+	else if ((strcasecmp(ptr, "server") == 0) ||
+		 (strcasecmp(ptr, "lserver") == 0)) {
 		isc_app_block();
 		set_nameserver(arg);
 		check_ra = false;
@@ -832,16 +836,16 @@ do_next_command(char *input) {
 		show_settings(true, true);
 	} else if (strcasecmp(ptr, "exit") == 0) {
 		in_use = false;
-	} else if (strcasecmp(ptr, "help") == 0 || strcasecmp(ptr, "?") == 0) {
+	} else if (strcasecmp(ptr, "help") == 0 ||
+		   strcasecmp(ptr, "?") == 0) {
 		printf("The '%s' command is not yet implemented.\n", ptr);
 	} else if (strcasecmp(ptr, "finger") == 0 ||
-		   strcasecmp(ptr, "root") == 0 || strcasecmp(ptr, "ls") == 0 ||
-		   strcasecmp(ptr, "view") == 0)
-	{
+		   strcasecmp(ptr, "root") == 0 ||
+		   strcasecmp(ptr, "ls") == 0 ||
+		   strcasecmp(ptr, "view") == 0) {
 		printf("The '%s' command is not implemented.\n", ptr);
-	} else {
+	} else
 		addlookup(ptr);
-	}
 }
 
 static void
@@ -855,46 +859,42 @@ get_next_command(void) {
 	if (interactive) {
 #ifdef HAVE_READLINE
 		ptr = readline("> ");
-		if (ptr != NULL) {
+		if (ptr != NULL)
 			add_history(ptr);
-		}
-#else  /* ifdef HAVE_READLINE */
+#else
 		fputs("> ", stderr);
 		fflush(stderr);
 		ptr = fgets(buf, COMMSIZE, stdin);
-#endif /* ifdef HAVE_READLINE */
-	} else {
+#endif
+	} else
 		ptr = fgets(buf, COMMSIZE, stdin);
-	}
 	isc_app_unblock();
 	if (ptr == NULL) {
 		in_use = false;
-	} else {
+	} else
 		do_next_command(ptr);
-	}
 #ifdef HAVE_READLINE
-	if (interactive) {
+	if (interactive)
 		free(ptr);
-	}
-#endif /* ifdef HAVE_READLINE */
+#endif
 	isc_mem_free(mctx, buf);
 }
 
-ISC_NORETURN static void
-usage(void);
+ISC_PLATFORM_NORETURN_PRE static void
+usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "   nslookup [-opt ...]             # interactive mode "
-			"using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] - server    # interactive mode "
-			"using 'server'\n");
-	fprintf(stderr, "   nslookup [-opt ...] host        # just look up "
-			"'host' using default server\n");
-	fprintf(stderr, "   nslookup [-opt ...] host server # just look up "
-			"'host' using 'server'\n");
-	exit(1);
+    fprintf(stderr, "Usage:\n");
+    fprintf(stderr,
+"   nslookup [-opt ...]             # interactive mode using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] - server    # interactive mode using 'server'\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host        # just look up 'host' using default server\n");
+    fprintf(stderr,
+"   nslookup [-opt ...] host server # just look up 'host' using 'server'\n");
+    exit(1);
 }
 
 static void
@@ -910,9 +910,8 @@ parse_args(int argc, char **argv) {
 				exit(0);
 			} else if (argv[0][1] != 0) {
 				setoption(&argv[0][1]);
-			} else {
+			} else
 				have_lookup = true;
-			}
 		} else {
 			if (!have_lookup) {
 				have_lookup = true;
@@ -958,10 +957,10 @@ flush_lookup_list(void) {
 			s = ISC_LIST_NEXT(s, link);
 			ISC_LIST_DEQUEUE(l->my_server_list, sp, link);
 			isc_mem_free(mctx, sp);
+
 		}
-		if (l->sendmsg != NULL) {
+		if (l->sendmsg != NULL)
 			dns_message_destroy(&l->sendmsg);
-		}
 		lp = l;
 		l = ISC_LIST_NEXT(l, link);
 		ISC_LIST_DEQUEUE(lookup_list, lp, link);
@@ -972,9 +971,8 @@ flush_lookup_list(void) {
 static void
 getinput(isc_task_t *task, isc_event_t *event) {
 	UNUSED(task);
-	if (global_event == NULL) {
+	if (global_event == NULL)
 		global_event = event;
-	}
 	while (in_use) {
 		get_next_command();
 		if (ISC_LIST_HEAD(lookup_list) != NULL) {
@@ -985,6 +983,17 @@ getinput(isc_task_t *task, isc_event_t *event) {
 	isc_app_shutdown();
 }
 
+static void
+nsl_error(const char *format, ...) {
+	va_list args;
+
+	printf(";; ");
+	va_start(args, format);
+	vfprintf(stdout, format, args);
+	va_end(args);
+	printf("\n");
+}
+
 int
 main(int argc, char **argv) {
 	isc_result_t result;
@@ -1002,6 +1011,7 @@ main(int argc, char **argv) {
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = query_finished;
+	dighost_error = nsl_error;
 
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
@@ -1011,19 +1021,17 @@ main(int argc, char **argv) {
 
 	setup_system(false, false);
 	parse_args(argc, argv);
-	if (keyfile[0] != 0) {
+	if (keyfile[0] != 0)
 		setup_file_key();
-	} else if (keysecret[0] != 0) {
+	else if (keysecret[0] != 0)
 		setup_text_key();
-	}
-	if (domainopt[0] != '\0') {
+	if (domainopt[0] != '\0')
 		set_search_domain(domainopt);
-	}
-	if (in_use) {
-		result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
-	} else {
+	if (in_use)
+		result = isc_app_onrun(mctx, global_task, onrun_callback,
+				       NULL);
+	else
 		result = isc_app_onrun(mctx, global_task, getinput, NULL);
-	}
 	check_result(result, "isc_app_onrun");
 	in_use = !in_use;
 
@@ -1031,9 +1039,8 @@ main(int argc, char **argv) {
 
 	puts("");
 	debug("done, and starting to shut down");
-	if (global_event != NULL) {
+	if (global_event != NULL)
 		isc_event_free(&global_event);
-	}
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();

bin/dig/nslookup.docbook

@@ -72,7 +72,6 @@
       <year>2017</year>
       <year>2018</year>
       <year>2019</year>
-      <year>2020</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -308,7 +307,7 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </para>
-                  <para>
+		  <para>
                     (Default = IN; abbreviation = cl)
                   </para>
                 </listitem>
@@ -318,10 +317,10 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </para>
-                  <para>
+		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
                   </para>
                 </listitem>
@@ -332,9 +331,9 @@ nslookup -query=hinfo  -timeout=10
                 <listitem>
                   <para>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </para>
-                  <para>
+		  <para>
                     (Default = nod2)
                   </para>
                 </listitem>
@@ -358,7 +357,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </para>
-                  <para>
+		  <para>
                     (Default = search)
                   </para>
                 </listitem>
@@ -370,7 +369,7 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
                   </para>
-                  <para>
+		  <para>
                     (Default = 53; abbreviation = po)
                   </para>
                 </listitem>
@@ -389,15 +388,9 @@ nslookup -query=hinfo  -timeout=10
                   <para>
                     Change the type of the information query.
                   </para>
-                  <para>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <para>
+                    (Default = A; abbreviations = q, ty)
                   </para>
-                    <para>
-                      <emphasis role="bold">Note:</emphasis> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </para>
                 </listitem>
               </varlistentry>
 
@@ -409,7 +402,7 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </para>
-                  <para>
+		  <para>
                     (Default = recurse; abbreviation = [no]rec)
                   </para>
                 </listitem>
@@ -419,9 +412,9 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant>ndots=</constant><replaceable>number</replaceable></term>
                 <listitem>
                   <para>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </para>
                 </listitem>
               </varlistentry>
@@ -452,7 +445,7 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </para>
-                  <para>
+		  <para>
                     (Default = novc)
                   </para>
                 </listitem>
@@ -462,15 +455,15 @@ nslookup -query=hinfo  -timeout=10
                 <term><constant><replaceable><optional>no</optional></replaceable>fail</constant></term>
                 <listitem>
                   <para>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </para>
-                  <para>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </para>
+		  <para>
                     (Default = nofail)
                   </para>
-                </listitem>
-              </varlistentry>
+	        </listitem>
+	      </varlistentry>
 
             </variablelist>
           </para>

bin/dig/nslookup.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2020 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -229,17 +229,17 @@ nslookup -query=hinfo  -timeout=10
                     The class specifies the protocol group of the information.
 
                   </p>
-                  <p>
+		  <p>
                     (Default = IN; abbreviation = cl)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
                   <p>
-                    Turn on or off the display of the full response packet and
-                    any intermediate response packets when searching.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
                   </p>
-                  <p>
+		  <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
                   </p>
                 </dd>
@@ -247,9 +247,9 @@ nslookup -query=hinfo  -timeout=10
 <dd>
                   <p>
                     Turn debugging mode on or off.  This displays more about
-                    what nslookup is doing.
+	            what nslookup is doing.
                   </p>
-                  <p>
+		  <p>
                     (Default = nod2)
                   </p>
                 </dd>
@@ -267,7 +267,7 @@ nslookup -query=hinfo  -timeout=10
                     names in the domain search list to the request until an
                     answer is received.
                   </p>
-                  <p>
+		  <p>
                     (Default = search)
                   </p>
                 </dd>
@@ -276,7 +276,7 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
                   </p>
-                  <p>
+		  <p>
                     (Default = 53; abbreviation = po)
                   </p>
                 </dd>
@@ -289,15 +289,9 @@ nslookup -query=hinfo  -timeout=10
                   <p>
                     Change the type of the information query.
                   </p>
-                  <p>
-                    (Default = A and then AAAA; abbreviations = q, ty)
+		  <p>
+                    (Default = A; abbreviations = q, ty)
                   </p>
-                    <p>
-                      <span class="bold"><strong>Note:</strong></span> It is
-                      only possible to specify one query type, only
-                      the default behavior looks up both when an
-                      alternative is not specified.
-                    </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
 <dd>
@@ -306,16 +300,16 @@ nslookup -query=hinfo  -timeout=10
                     have the
                     information.
                   </p>
-                  <p>
+		  <p>
                     (Default = recurse; abbreviation = [no]rec)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
 <dd>
                   <p>
-                    Set the number of dots (label separators) in a domain
-                    that will disable searching.  Absolute names always
-                    stop searching.
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
@@ -337,21 +331,21 @@ nslookup -query=hinfo  -timeout=10
                     Always use a virtual circuit when sending requests to the
                     server.
                   </p>
-                  <p>
+		  <p>
                     (Default = novc)
                   </p>
                 </dd>
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
 <dd>
                   <p>
-                    Try the next nameserver if a nameserver responds with
-                    SERVFAIL or a referral (nofail) or terminate query
-                    (fail) on such a response.
-                  </p>
-                  <p>
+		    Try the next nameserver if a nameserver responds with
+		    SERVFAIL or a referral (nofail) or terminate query
+		    (fail) on such a response.
+		  </p>
+		  <p>
                     (Default = nofail)
                   </p>
-                </dd>
+	        </dd>
 </dl></div>
 <p>
           </p>

bin/dig/win32/dig.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{F938F9B8-D395-4A40-BEC7-0122D289C692}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dig</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -80,8 +74,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/win32/dighost.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{140DE800-E552-43CC-B0C7-A33A92E368CA}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>dighost</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>.\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -78,8 +72,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>

bin/dig/win32/host.vcxproj.in

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="@TOOLS_VERSION@" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|@PLATFORM@">
       <Configuration>Debug</Configuration>
@@ -14,21 +14,18 @@
     <ProjectGuid>{BA1048A8-6961-4A20-BE12-08BE20611C9D}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>host</RootNamespace>
-    @WINDOWS_TARGET_PLATFORM_VERSION@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>MultiByte</CharacterSet>
-    @PLATFORM_TOOLSET@
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -44,20 +41,17 @@
     <LinkIncremental>true</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <LinkIncremental>false</LinkIncremental>
     <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
     <IntDir>.\$(Configuration)\</IntDir>
-    <IntDirSharingDetected>None</IntDirSharingDetected>
   </PropertyGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
     <ClCompile>
       <PrecompiledHeader>
       </PrecompiledHeader>
-      <WarningLevel>Level4</WarningLevel>
-      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
@@ -80,8 +74,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
     <ClCompile>
-      <WarningLevel>Level1</WarningLevel>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>