put A and AAAA in additional section when responding to type=ANAME queries

- this is only the bare type represetation, with no special processing

.dir-locals.el

@@ -1,88 +0,0 @@
-;;; Directory Local Variables
-;;; For more information see (info "(emacs) Directory Variables")
-
-((c-mode .
-  ((eval .
-	 (set (make-local-variable 'directory-of-current-dir-locals-file)
-	      (file-name-directory (locate-dominating-file default-directory ".dir-locals.el"))
-	      )
-	 )
-   (eval .
-	 (set (make-local-variable 'include-directories)
-	      (list
-
-	       ;; top directory
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "./"))
-
-	       ;; current directory
-	       (expand-file-name (concat default-directory "./"))
-
-	       ;; libisc
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/unix/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/pthreads/include"))
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isc/include"))
-
-	       ;; libdns
-
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/dns/include"))
-
-	       ;; libisccc
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isccc/include"))
-
-	       ;; libisccfg
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/isccfg/include"))
-
-	       ;; libns
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/ns/include"))
-
-	       ;; libirs
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/irs/include"))
-
-	       ;; libbind9
-	       (expand-file-name
-		(concat directory-of-current-dir-locals-file "lib/bind9/include"))
-
-	       (expand-file-name "/usr/local/opt/openssl@1.1/include")
-	       (expand-file-name "/usr/local/opt/libxml2/include/libxml2")
-	       (expand-file-name "/usr/local/opt/json-c/include/json-c/")
-	       (expand-file-name "/usr/local/include")
-	       )
-	      )
-	 )
-
-   (eval setq flycheck-clang-include-path include-directories)
-   (eval setq flycheck-cppcheck-include-path include-directories)
-   (eval setq flycheck-gcc-include-path include-directories)
-   (eval setq flycheck-clang-args
-	 (list
-	  "-include"
-	  (expand-file-name
-	   (concat directory-of-current-dir-locals-file "config.h"))
-	  )
-	 )
-   (eval setq flycheck-gcc-args
-	 (list
-	  "-include"
-	  (expand-file-name
-	   (concat directory-of-current-dir-locals-file "config.h"))
-	  )
-	 )
-   (eval setq flycheck-cppcheck-args
-	 (list
-	  "--enable=all"
-	  "--suppress=missingIncludeSystem"
-	  (concat "-include=" (expand-file-name
-			       (concat directory-of-current-dir-locals-file "config.h")))
-	  )
-	 )
-   )
-  ))

.gitattributes

@@ -1,2 +1,3 @@
 *.sln.in eol=crlf
-*.vcxproj.* eol=crlf
+*.vcxproj.in eol=crlf
+*.vcxproj.filters.in eol=crlf

.gitignore

@@ -1,58 +1,62 @@
-*-symtbl.c
-*.a
-*.gcda
-*.gcno
-*.la
-*.lo
+Makefile
+config.log
+config.h
+config.cache
+config.status
+libtool
+/isc-config.sh
+/configure.lineno
+autom4te.cache/
 *.o
-*.orig
-*.plist/ # ccc-analyzer store its results in .plist directories
-*.rej
+*.lo
 *.so
+*.a
+*.la
+*.gcno
+*.gcda
 *_test
-*~
+*-symtbl.c
+timestamp
+ans.run
+named.run
+named.memstats
+gen.dSYM/
 .ccache/
-.cproject
 .deps/
 .dirstamp
 .libs/
+unit/atf-src/atf-c++/atf-c++.pc
+unit/atf-src/atf-c/atf-c.pc
+unit/atf-src/atf-c/defs.h
+unit/atf-src/atf-c/detail/process_helpers
+unit/atf-src/atf-config/atf-config
+unit/atf-src/atf-report/atf-report
+unit/atf-src/atf-report/fail_helper
+unit/atf-src/atf-report/misc_helpers
+unit/atf-src/atf-report/pass_helper
+unit/atf-src/atf-run/atf-run
+unit/atf-src/atf-run/bad_metadata_helper
+unit/atf-src/atf-run/expect_helpers
+unit/atf-src/atf-run/misc_helpers
+unit/atf-src/atf-run/pass_helper
+unit/atf-src/atf-run/several_tcs_helper
+unit/atf-src/atf-run/zero_tcs_helper
+unit/atf-src/atf-sh/atf-check
+unit/atf-src/atf-sh/atf-sh
+unit/atf-src/atf-sh/misc_helpers
+unit/atf-src/atf-version/atf-version
+unit/atf-src/atf-version/revision.h
+unit/atf-src/atf-version/revision.h.stamp
+unit/atf-src/bconfig.h
+unit/atf-src/bootstrap/atconfig
+unit/atf-src/doc/atf.7
+unit/atf-src/stamp-h1
+unit/atf-src/test-programs/c_helpers
+unit/atf-src/test-programs/cpp_helpers
+unit/atf-src/test-programs/sh_helpers
+# ccc-analyzer store its results in .plist directories
+*.plist/
+*~
 .project
+.cproject
 .settings
-/aclocal.m4
-/ar-lib
-/autom4te.cache/
-/bind.keys.h
-/compile
-/config.cache
-/config.guess
-/config.h
-/config.h.in
-/config.log
-/config.status
-/config.sub
-/configure
-/configure.lineno
-/depcomp
-/install-sh
-/isc-config.sh
-/libltdl/*
-/libtool
-/ltmain.sh
-/m4/libtool.m4
-/m4/ltargz.m4
-/m4/ltdl.m4
-/m4/ltoptions.m4
-/m4/ltsugar.m4
-/m4/ltversion.m4
-/m4/lt~obsolete.m4
-/missing
-/py-compile
-/stamp-h1
-/test-driver
-Makefile
-ans.run
-gen.dSYM/
-kyua.log
-named.memstats
-named.run
-timestamp

.gitlab-ci.yml

@@ -1,686 +1,194 @@
 variables:
-  # Not normally needed, but may be if some script uses `apt-get install`.
   DEBIAN_FRONTEND: noninteractive
-  # Locale settings do not affect the build, but might affect tests.
   LC_ALL: C
-
-  CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
+  DOCKER_DRIVER: overlay2
+  CI_REGISTRY_IMAGE: oerdnj/bind9
   CCACHE_DIR: "/ccache"
-  SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
-
-  # VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml
-  KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results"
-
-  BUILD_PARALLEL_JOBS: 6
-  TEST_PARALLEL_JOBS: 6
 
 stages:
   - precheck
   - build
-  - unit
-  - system
-  - docs
-  - push
-
-### Runner Tag Templates
-
-.linux-amd64: &linux_amd64
-  tags:
-    - linux
-    - amd64
-
-.linux-i386: &linux_i386
-  tags:
-    - linux
-    - i386
-
-### Docker Image Templates
-
-# Alpine Linux
-
-.alpine-3.10-amd64: &alpine_3_10_amd64_image
-  image: "$CI_REGISTRY_IMAGE:alpine-3.10-amd64"
-  <<: *linux_amd64
-
-# CentOS
-
-.centos-centos6-amd64: &centos_centos6_amd64_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64"
-  <<: *linux_amd64
-
-.centos-centos7-amd64: &centos_centos7_amd64_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
-  <<: *linux_amd64
-
-# Debian
+  - test
 
 .debian-jessie-amd64: &debian_jessie_amd64_image
   image: "$CI_REGISTRY_IMAGE:debian-jessie-amd64"
-  <<: *linux_amd64
+  tags:
+    - linux
+    - docker
+
+.debian-jessie-i386: &debian_jessie_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-jessie-i386"
+  tags:
+    - linux
+    - docker
 
 .debian-stretch-amd64: &debian_stretch_amd64_image
   image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
-  <<: *linux_amd64
+  tags:
+    - linux
+    - docker
 
-.debian-stretch-i386: &debian_stretch_i386_image
+.debian-stretch-i386:: &debian_stretch_i386_image
   image: "$CI_REGISTRY_IMAGE:debian-stretch-i386"
-  <<: *linux_i386
+  tags:
+    - linux
+    - docker
 
 .debian-buster-amd64: &debian_buster_amd64_image
   image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
-  <<: *linux_i386
+  tags:
+    - linux
+    - docker
+
+.debian-buster-i386:: &debian_buster_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-buster-i386"
+  tags:
+    - linux
+    - docker
 
 .debian-sid-amd64: &debian_sid_amd64_image
   image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
-  <<: *linux_amd64
+  tags:
+    - linux
+    - docker
 
 .debian-sid-i386: &debian_sid_i386_image
   image: "$CI_REGISTRY_IMAGE:debian-sid-i386"
-  <<: *linux_i386
+  tags:
+    - linux
+    - docker
 
-# Fedora
+.ubuntu-trusty-amd64: &ubuntu_trusty_amd64_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-amd64"
+  tags:
+    - linux
+    - docker
 
-.fedora-30-amd64: &fedora_30_amd64_image
-  image: "$CI_REGISTRY_IMAGE:fedora-30-amd64"
-  <<: *linux_amd64
-
-# Ubuntu
+.ubuntu-trusty-i386: &ubuntu_trusty_i386_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-i386"
+  tags:
+    - linux
+    - docker
 
 .ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image
   image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64"
-  <<: *linux_amd64
+  tags:
+    - linux
+    - docker
 
 .ubuntu-xenial-i386: &ubuntu_xenial_i386_image
   image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-i386"
-  <<: *linux_i386
+  tags:
+    - linux
+    - docker
 
-.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64"
-  <<: *linux_amd64
-
-.ubuntu-bionic-i386: &ubuntu_bionic_i386_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-i386"
-  <<: *linux_i386
-
-### Job Templates
-
-.default-triggering-rules: &default_triggering_rules
-  only:
-    - merge_requests
-    - tags
-    - web
-
-.precheck: &precheck_job
-  <<: *default_triggering_rules
-  <<: *debian_sid_amd64_image
-  stage: precheck
-
-.autoconf: &autoconf_job
-  <<: *default_triggering_rules
-  <<: *debian_sid_amd64_image
-  stage: precheck
-  script:
-    - autoreconf -fi
-  artifacts:
-    untracked: true
-    expire_in: "1 hour"
-
-.configure: &configure |
-    ./configure \
-    --disable-maintainer-mode \
-    --enable-developer \
-    --with-libtool \
-    --disable-static \
-    --with-cmocka \
-    --with-libxml2 \
-    --with-json-c \
-    --prefix=$HOME/.local \
-    --without-make-clean \
-    $EXTRA_CONFIGURE \
-    || cat config.log
-    
 .build: &build_job
-  <<: *default_triggering_rules
   stage: build
   before_script:
     - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
+    - ./autogen.sh
   script:
-    - *configure
-    - make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
-    - test -z "${RUN_MAKE_INSTALL}" || make install
-  dependencies:
-    - autoreconf:sid:amd64
-  needs:
-    - autoreconf:sid:amd64
+    - ./configure --enable-developer --with-libtool --disable-static --with-atf=/usr/local --with-libidn2
+    - make -j${PARALLEL_JOBS_BUILD:-1} -k all V=1
   artifacts:
+    expire_in: '1 hour'
     untracked: true
-    expire_in: "1 hour"
-
-.setup_interfaces: &setup_interfaces |
-    if [ "$(id -u)" -eq "0" ]; then
-      sh -x bin/tests/system/ifconfig.sh up;
-    else
-      sudo sh -x bin/tests/system/ifconfig.sh up;
-    fi
-
-.setup_softhsm: &setup_softhsm |
-    sh -x util/prepare-softhsm2.sh
 
 .system_test: &system_test_job
-  <<: *default_triggering_rules
-  stage: system
-  retry: 2
+  stage: test
   before_script:
-    - *setup_interfaces
-    - *setup_softhsm
+    - rm -rf .ccache
+    - bash -x bin/tests/system/ifconfig.sh up
   script:
-    - ( cd bin/tests && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 )
-    - test -s bin/tests/system/systests.output
+    - cd bin/tests && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1
   artifacts:
     untracked: true
-    expire_in: "1 week"
+    expire_in: '1 week'
     when: on_failure
 
-.kyua_report: &kyua_report_html |
-  kyua report-html \
-       --force \
-       --results-file "$KYUA_RESULT" \
-       --results-filter "" \
-       --output kyua_html
-
 .unit_test: &unit_test_job
-  <<: *default_triggering_rules
-  stage: unit
+  stage: test
   before_script:
-    - *setup_softhsm
+    - export KYUA_RESULT="$CI_PROJECT_DIR/kyua.results"
   script:
     - make unit
   after_script:
-    - *kyua_report_html
+    - kyua report-html --force --results-file kyua.results --results-filter "" --output kyua_html
   artifacts:
     paths:
-      - kyua.log
-      - kyua.results
-      - kyua_html/
-    expire_in: "1 week"
+    - atf.out
+    - kyua.log
+    - kyua.results
+    - kyua_html/
+    expire_in: '1 week'
     when: on_failure
 
-### Job Definitions
-
-# Jobs in the precheck stage
-
-autoreconf:sid:amd64:
-  <<: *autoconf_job
-
-misc:sid:amd64:
-  <<: *precheck_job
+precheck:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  stage: precheck
   script:
-    - sh util/check-ans-prereq.sh
-    - sh util/checklibs.sh > checklibs.out
-    - sh util/tabify-changes < CHANGES > CHANGES.tmp
-    - diff -urNap CHANGES CHANGES.tmp
-    - rm CHANGES.tmp
     - perl util/check-changes CHANGES
     - perl -w util/merge_copyrights
     - diff -urNap util/copyrights util/newcopyrights
     - rm util/newcopyrights
-    - perl -w util/update_copyrights < util/copyrights
-    - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
-    - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
-    - xmllint --noout --nonet --html `git ls-files '*.html'`
-    - sh util/check-win32util-configure
   artifacts:
     paths:
-      - util/newcopyrights
-      - checklibs.out
-    expire_in: "1 week"
+    - util/newcopyrights
+    expire_in: '1 week'
     when: on_failure
 
-🐞:sid:amd64:
-  <<: *precheck_job
-  script:
-    - util/check-cocci
-    - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
+#build:debian:jessie:amd64:
+#  <<: *debian_jessie_amd64_image
+#  <<: *build_job
+#
+#build:debian:jessie:i386:
+#  <<: *debian_jessie_i386_image
+#  <<: *build_job
+#
+#build:debian:stretch:amd64:
+#  <<: *debian_stretch_amd64_image
+#  <<: *build_job
+#
+#build:debian:buster:i386:
+#  <<: *debian_buster_i386_image
+#  <<: *build_job
+#
+#build:ubuntu:trusty:amd64:
+#  <<: *ubuntu_trusty_amd64_image
+#  <<: *build_job
+#
+#build:ubuntu:xenial:i386:
+#  <<: *ubuntu_xenial_i386_image
+#  <<: *build_job
 
-# Jobs for doc builds on Debian Sid (amd64)
-
-docs:sid:amd64:
-  <<: *debian_sid_amd64_image
-  stage: docs
-  script:
-    - ./configure || cat config.log
-    - make -C doc/misc docbook
-    - make -C doc/arm Bv9ARM.html
-  dependencies:
-    - autoreconf:sid:amd64
-  needs:
-    - autoreconf:sid:amd64
-  artifacts:
-    paths:
-      - doc/arm/
-    expire_in: "1 month"
-  only:
-    - merge_requests
-    - tags
-    - web
-    - master@isc-projects/bind9
-    - /^v9_[1-9][0-9]$/@isc-projects/bind9
-
-push:docs:sid:amd64:
-  <<: *debian_sid_amd64_image
-  stage: push
-  dependencies: []
-  script:
-    - curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=master $GITLAB_PAGES_DOCS_TRIGGER_URL
-  only:
-    - master@isc-projects/bind9
-    - /^v9_[1-9][0-9]$/@isc-projects/bind9
-
-# Jobs for regular GCC builds on Alpine Linux 3.10 (amd64)
-
-gcc:alpine3.10:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--enable-dnstap"
-  <<: *alpine_3_10_amd64_image
-  <<: *build_job
-
-system:gcc:alpine3.10:amd64:
-  <<: *alpine_3_10_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:alpine3.10:amd64
-  needs: ["gcc:alpine3.10:amd64"]
-
-unit:gcc:alpine3.10:amd64:
-  <<: *alpine_3_10_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:alpine3.10:amd64
-  needs: ["gcc:alpine3.10:amd64"]
-
-# Jobs for regular GCC builds on CentOS 6 (amd64)
-
-gcc:centos6:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
-  <<: *centos_centos6_amd64_image
-  <<: *build_job
-
-system:gcc:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:centos6:amd64
-  needs: ["gcc:centos6:amd64"]
-
-unit:gcc:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:centos6:amd64
-  needs: ["gcc:centos6:amd64"]
-
-# Jobs for regular GCC builds on CentOS 7 (amd64)
-
-gcc:centos7:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
-  <<: *centos_centos7_amd64_image
-  <<: *build_job
-
-system:gcc:centos7:amd64:
-  <<: *centos_centos7_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:centos7:amd64
-  needs: ["gcc:centos7:amd64"]
-
-unit:gcc:centos7:amd64:
-  <<: *centos_centos7_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:centos7:amd64
-  needs: ["gcc:centos7:amd64"]
-
-# Jobs for regular GCC builds on Debian 8 Jessie (amd64)
-
-gcc:jessie:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--without-cmocka --with-python --disable-geoip"
-  <<: *debian_jessie_amd64_image
-  <<: *build_job
-
-system:gcc:jessie:amd64:
-  <<: *debian_jessie_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:jessie:amd64
-  needs: ["gcc:jessie:amd64"]
-
-unit:gcc:jessie:amd64:
-  <<: *debian_jessie_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:jessie:amd64
-  needs: ["gcc:jessie:amd64"]
-
-# Jobs for regular GCC builds on Debian 9 Stretch (amd64)
-
-gcc:stretch:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-  <<: *debian_stretch_amd64_image
-  <<: *build_job
-
-system:gcc:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:stretch:amd64
-  needs: ["gcc:stretch:amd64"]
-
-unit:gcc:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:stretch:amd64
-  needs: ["gcc:stretch:amd64"]
-
-# Jobs for regular GCC builds on Debian 10 Buster (amd64)
-
-gcc:buster:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-  <<: *debian_buster_amd64_image
-  <<: *build_job
-
-system:gcc:buster:amd64:
-  <<: *debian_buster_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:buster:amd64
-  needs: ["gcc:buster:amd64"]
-
-unit:gcc:buster:amd64:
-  <<: *debian_buster_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:buster:amd64
-  needs: ["gcc:buster:amd64"]
-
-# Jobs for regular GCC builds on Debian Sid (amd64)
-
-gcc:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O3 -g"
-    EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
-    RUN_MAKE_INSTALL: 1
+build:debian:sid:amd64:
   <<: *debian_sid_amd64_image
   <<: *build_job
-
-system:gcc:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:sid:amd64
-  needs: ["gcc:sid:amd64"]
-
-unit:gcc:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:sid:amd64
-  needs: ["gcc:sid:amd64"]
-
-# Jobs for regular GCC builds on Debian Sid (i386)
-
-gcc:sid:i386:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O3 -g"
-    EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --without-python"
+    
+build:debian:sid:i386:
   <<: *debian_sid_i386_image
   <<: *build_job
 
-system:gcc:sid:i386:
-  <<: *debian_sid_i386_image
-  <<: *system_test_job
+unittest:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *unit_test_job
   dependencies:
-    - gcc:sid:i386
-  needs: ["gcc:sid:i386"]
-
-unit:gcc:sid:i386:
+    - build:debian:sid:amd64
+    
+unittest:debian:sid:i386:
   <<: *debian_sid_i386_image
   <<: *unit_test_job
   dependencies:
-    - gcc:sid:i386
-  needs: ["gcc:sid:i386"]
+    - build:debian:sid:i386
 
-# Jobs for regular GCC builds on Fedora 30 (amd64)
-
-gcc:fedora30:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *fedora_30_amd64_image
-  <<: *build_job
-
-system:gcc:fedora30:amd64:
-  <<: *fedora_30_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:fedora30:amd64
-  needs: ["gcc:fedora30:amd64"]
-
-unit:gcc:fedora30:amd64:
-  <<: *fedora_30_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:fedora30:amd64
-  needs: ["gcc:fedora30:amd64"]
-
-# Jobs for regular GCC builds on Ubuntu 16.04 Xenial Xerus (amd64)
-
-gcc:xenial:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--disable-geoip"
-  <<: *ubuntu_xenial_amd64_image
-  <<: *build_job
-
-system:gcc:xenial:amd64:
-  <<: *ubuntu_xenial_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:xenial:amd64
-  needs: ["gcc:xenial:amd64"]
-
-unit:gcc:xenial:amd64:
-  <<: *ubuntu_xenial_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:xenial:amd64
-  needs: ["gcc:xenial:amd64"]
-
-# Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64)
-
-gcc:bionic:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *ubuntu_bionic_amd64_image
-  <<: *build_job
-
-system:gcc:bionic:amd64:
-  <<: *ubuntu_bionic_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - gcc:bionic:amd64
-  needs: ["gcc:bionic:amd64"]
-
-unit:gcc:bionic:amd64:
-  <<: *ubuntu_bionic_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - gcc:bionic:amd64
-  needs: ["gcc:bionic:amd64"]
-
-# Jobs for GCC builds with ASAN enabled on Debian Sid (amd64)
-
-asan:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    LDFLAGS: "-fsanitize=address,undefined"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-system:asan:sid:amd64:
+systemtest:debian:sid:amd64:
   <<: *debian_sid_amd64_image
   <<: *system_test_job
   dependencies:
-    - asan:sid:amd64
-  needs: ["asan:sid:amd64"]
-
-unit:asan:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - asan:sid:amd64
-  needs: ["asan:sid:amd64"]
-
-rwlock:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-system:rwlock:sid:amd64:
-  <<: *debian_sid_amd64_image
+    - build:debian:sid:amd64
+    
+systemtest:debian:sid:i386:
+  <<: *debian_sid_i386_image
   <<: *system_test_job
   dependencies:
-    - rwlock:sid:amd64
-  needs: ["rwlock:sid:amd64"]
-
-unit:rwlock:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - rwlock:sid:amd64
-  needs: ["rwlock:sid:amd64"]
-
-# Jobs for mutex-based atomics on Debian SID (amd64)
-mutexatomics:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    EXTRA_CONFIGURE: "--with-libidn2 --enable-mutex-atomics"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-#system:mutexatomics:sid:amd64:
-#  <<: *debian_sid_amd64_image
-#  <<: *system_test_job
-#  dependencies:
-#    - mutexatomics:sid:amd64
-#    - mutexatomics:sid:amd64
-#  allow_failure: true
-
-#unit:mutexatomics:sid:amd64:
-#  <<: *debian_sid_amd64_image
-#  <<: *unit_test_job
-#  dependencies:
-#    - mutexatomics:sid:amd64
-#  allow_failure: true
-
-# Jobs for Clang builds on Debian Stretch (amd64)
-
-clang:stretch:amd64:
-  variables:
-    CC: clang
-    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
-    EXTRA_CONFIGURE: "--with-python=python3"
-  <<: *debian_stretch_amd64_image
-  <<: *build_job
-
-unit:clang:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - clang:stretch:amd64
-  needs: ["clang:stretch:amd64"]
-
-# Jobs for Clang builds on Debian Stretch (i386)
-
-clang:stretch:i386:
-  variables:
-    CC: clang
-    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
-    EXTRA_CONFIGURE: "--with-python=python2"
-  <<: *debian_stretch_i386_image
-  <<: *build_job
-
-# Jobs for PKCS#11-enabled GCC builds on Debian Sid (amd64)
-
-pkcs11:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-system:pkcs11:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - pkcs11:sid:amd64
-  needs: ["pkcs11:sid:amd64"]
-
-unit:pkcs11:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - pkcs11:sid:amd64
-  needs: ["pkcs11:sid:amd64"]
-
-# Jobs with libtool disabled
-
-nolibtool:sid:amd64:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -Og -g"
-    EXTRA_CONFIGURE: "--with-libidn2 --without-libtool --with-dlopen"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-system:nolibtool:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - nolibtool:sid:amd64
-  needs: ["nolibtool:sid:amd64"]
-
-unit:nolibtool:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - nolibtool:sid:amd64
-  needs: ["nolibtool:sid:amd64"]
+    - build:debian:sid:i386

.gitlab/issue_templates/Bug.md

@@ -9,10 +9,6 @@ email to [security-officer@isc.org](security-officer@isc.org).
 
 (Summarize the bug encountered concisely.)
 
-### BIND version used
-
-(Paste the output of `named -V`.)
-
 ### Steps to reproduce
 
 (How one can reproduce the issue - this is very important.)

.gitlab/issue_templates/release.md

@@ -1,47 +0,0 @@
-## Release Checklist
-
- - [ ] (Manager) Check for the presence of a milestone for the release:
-    - If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
- - [ ] (Manager) Inform Support/Marketing of impending release (and give estimated release dates).
- - (SwEng) Prepare the sources for tarball generation:
-   - [ ] Check perflab to ensure there has been no unexplained drop in performance for the version being released.
-   - [ ] Ensure that there are no outstanding merge requests in the private repository (subscription version only).
-   - [ ] Update API files for libraries with new version information.
-   - [ ] Change software version and library versions in configure.in (new major release only).
-   - [ ] Rebuild configure using autoconf on docs.isc.org.
-   - [ ] Update CHANGES.
-   - [ ] Update CHANGES.SE (subscription branch only).
-   - [ ] Update "version".
-   - [ ] Update "readme.md".
-   - Check the release notes are correct:
-     - [ ] Compare content with merge requests for the release.
-     - [ ] Check formatting.
-   - [ ] Build documentation on docs.isc.org.
-   - [ ] Commit changes and make sure the gitlab-ci tests are passing.
-   - [ ] Push the changes and tag ("alphatag" is an optional string such as "b1", "rc1" etc.). (```git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]```)
-   - [ ] If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` (this allows development to continue on the release branch whilst release engineering continues).
- - [ ] (SwEng) Run the "make release" Jenkins job to produce the tarballs and zips.
- - [ ] (SwEng) Ask QA to sanity check the tarball and zips (passing to them the number of the Jenkins job).
- - [ ] (QA) Sanity check the tarballs.
- - [ ] (QA) Request the signature on the tarballs.
- - [ ] (QA) Check signatures on tarballs.
- - [ ] (QA) Tell Support to handle notification of release.
- - [ ] (Manager) Inform Marketing of the release
- - [ ] (Manager) Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
-
- - [ ] (SwEng) Update DEB and RPM packages
- - [ ] (SwEng) Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`)
-
-## Support
- - [ ] Make tarballs and signatures available to download.
- - [ ] Write release email to bind9-announce.
- - [ ] Write email to bind9-users (if a major release).
- - [ ] Update tickets in case of waiting support customers.
-
-## Marketing
- - [ ] Update BIND Product page if needed
- - [ ] Update BIND Significant Features Matrix in KB if needed
- - [ ] Update BIND -S Edition data sheet if S Edition feature change
- - [ ] Announce on social media
- - [ ] Update [Wikipedia entry for BIND](http://en.wikipedia.org/wiki/BIND).
- - [ ] Write blog article (if a major release).

Atffile

@@ -0,0 +1,5 @@
+Content-Type: application/X-atf-atffile; version="1"
+
+prop: test-suite = bind9
+
+tp: lib

CODE_OF_CONDUCT

@@ -1,79 +0,0 @@
-CODE OF CONDUCT
-
-BIND 9 Code of Conduct
-
-Like the technical community as a whole, the BIND 9 team and community is
-made up of a mixture of professionals and volunteers from all over the
-world, working on every aspect of the mission - including mentorship,
-teaching, and connecting people.
-
-Diversity is one of our huge strengths, but it can also lead to
-communication issues and unhappiness. To that end, we have a few ground
-rules that we ask people to adhere to. This code applies equally to the
-core development team, open source contributors and those seeking help and
-guidance.
-
-This isn't an exhaustive list of things that you can't do. Rather, take it
-in the spirit in which it's intended - a guide to make it easier to enrich
-all of us and the technical communities in which we participate.
-
-This code of conduct applies to all spaces managed by the BIND 9 project
-or Internet Systems Consortium. This includes chat, the mailing lists, the
-issue tracker, and any other fora created by the project team which the
-community uses for communication. In addition, violations of this code
-outside these spaces may affect a person's ability to participate within
-them.
-
-If you believe someone is violating the code of conduct, we ask that you
-report it by emailing conduct@isc.org. For more details please see our
-Reporting Guidelines.
-
-  * Be friendly and patient.
-  * Be welcoming. We strive to be a community that welcomes and supports
-    people of all backgrounds and identities. This includes, but is not
-    limited to members of any race, ethnicity, culture, national origin,
-    colour, immigration status, social and economic class, educational
-    level, sex, sexual orientation, gender identity and expression, age,
-    size, family status, political belief, religion, and mental and
-    physical ability.
-  * Be considerate. Your work will be used by other people, and you in
-    turn will depend on the work of others. Any decision you take will
-    affect users and colleagues, and you should take those consequences
-    into account when making decisions. Remember that we're a world-wide
-    community, so you might not be communicating in someone else's primary
-    language.
-  * Be respectful. Not all of us will agree all the time, but disagreement
-    is no excuse for poor behavior and poor manners. We might all
-    experience some frustration now and then, but we cannot allow that
-    frustration to turn into a personal attack. It's important to remember
-    that a community where people feel uncomfortable or threatened is not
-    a productive one. Members of the BIND 9 community should be respectful
-    when dealing with other members as well as with people outside the
-    BIND 9 community.
-  * Be careful in the words that you choose. We are a community of
-    professionals, and we conduct ourselves professionally. Be kind to
-    others. Do not insult or put down other participants. Harassment and
-    other exclusionary behavior aren't acceptable. This includes, but is
-    not limited to:
-      + Violent threats or language directed against another person.
-      + Discriminatory jokes and language.
-      + Posting sexually explicit or violent material.
-      + Posting (or threatening to post) other people's personally
-        identifying information ("doxing").
-      + Personal insults, especially those using racist or sexist terms.
-      + Unwelcome sexual attention.
-      + Advocating for, or encouraging, any of the above behavior.
-      + Repeated harassment of others. In general, if someone asks you to
-        stop, then stop.
-  * When we disagree, try to understand why. Disagreements, both social
-    and technical, happen all the time and BIND 9 is no exception. It is
-    important that we resolve disagreements and differing views
-    constructively. Remember that we're different. The strength of BIND 9
-    comes from its varied community, people from a wide range of
-    backgrounds. Different people have different perspectives on issues.
-    Being unable to understand why someone holds a viewpoint doesn't mean
-    that they're wrong. Don't forget that it is human to err and blaming
-    each other doesn't get us anywhere. Instead, focus on helping to
-    resolve issues and learning from mistakes.
-
-Original text courtesy of the Django Code of Conduct project.

CODE_OF_CONDUCT.md

@@ -1,71 +0,0 @@
-# BIND 9 Code of Conduct
-
-Like the technical community as a whole, the BIND 9 team and community is made
-up of a mixture of professionals and volunteers from all over the world, working
-on every aspect of the mission - including mentorship, teaching, and connecting
-people.
-
-Diversity is one of our huge strengths, but it can also lead to communication
-issues and unhappiness. To that end, we have a few ground rules that we ask
-people to adhere to. This code applies equally to the core development team, open source contributors and those
-seeking help and guidance.
-
-This isn't an exhaustive list of things that you can't do. Rather, take it in
-the spirit in which it's intended - a guide to make it easier to enrich all of
-us and the technical communities in which we participate.
-
-This code of conduct applies to all spaces managed by the BIND 9 project or
-Internet Systems Consortium. This includes chat, the mailing lists, the issue
-tracker, and any other fora created by the project team which the
-community uses for communication. In addition, violations of this code outside
-these spaces may affect a person's ability to participate within them.
-
-If you believe someone is violating the code of conduct, we ask that you report
-it by emailing [conduct@isc.org](conduct@isc.org). For more details please see
-our [Reporting Guidelines](https://www.isc.org/conductreporting/).
-
-* **Be friendly and patient.**
-* **Be welcoming.** We strive to be a community that welcomes and supports
-  people of all backgrounds and identities. This includes, but is not limited to
-  members of any race, ethnicity, culture, national origin, colour, immigration
-  status, social and economic class, educational level, sex, sexual orientation,
-  gender identity and expression, age, size, family status, political belief,
-  religion, and mental and physical ability.
-* **Be considerate.** Your work will be used by other people, and you in turn
-  will depend on the work of others. Any decision you take will affect users and
-  colleagues, and you should take those consequences into account when making
-  decisions. Remember that we're a world-wide community, so you might not be
-  communicating in someone else's primary language.
-* **Be respectful.** Not all of us will agree all the time, but disagreement is
-  no excuse for poor behavior and poor manners. We might all experience some
-  frustration now and then, but we cannot allow that frustration to turn into a
-  personal attack. It's important to remember that a community where people feel
-  uncomfortable or threatened is not a productive one. Members of the BIND 9
-  community should be respectful when dealing with other members as well as with
-  people outside the BIND 9 community.
-* **Be careful in the words that you choose.** We are a community of
-  professionals, and we conduct ourselves professionally. Be kind to others. Do
-  not insult or put down other participants. Harassment and other exclusionary
-  behavior aren't acceptable. This includes, but is not limited to:
-  * Violent threats or language directed against another person.
-  * Discriminatory jokes and language.
-  * Posting sexually explicit or violent material.
-  * Posting (or threatening to post) other people's personally identifying
-    information ("doxing").
-  * Personal insults, especially those using racist or sexist terms.
-  * Unwelcome sexual attention.
-  * Advocating for, or encouraging, any of the above behavior.
-  * Repeated harassment of others. In general, if someone asks you to stop, then
-    stop.
-* **When we disagree, try to understand why.** Disagreements, both social and
-  technical, happen all the time and BIND 9 is no exception. It is important
-  that we resolve disagreements and differing views constructively. Remember
-  that we're different. The strength of BIND 9 comes from its varied community,
-  people from a wide range of backgrounds. Different people have different
-  perspectives on issues. Being unable to understand why someone holds a
-  viewpoint doesn't mean that they're wrong. Don't forget that it is human to
-  err and blaming each other doesn't get us anywhere. Instead, focus on helping
-  to resolve issues and learning from mistakes.
-
-Original text courtesy of the [Django Code of Conduct](https://www.djangoproject.com/conduct/)
-project.

CONTRIBUTING

@@ -1,5 +1,3 @@
-CONTRIBUTING
-
 BIND Source Access and Contributor Guidelines
 
 Feb 22, 2018
@@ -34,14 +32,6 @@ access to the source repository was restricted just as commit access was.
 That's now changing, with the opening of a public git mirror to the BIND
 source tree (see below).
 
-At Internet Systems Consortium, we're committed to building communities
-that are welcoming and inclusive; environments where people are encouraged
-to share ideas, treat each other with respect, and collaborate towards the
-best solutions. To reinforce our commitment, the Internet Systems
-Consortium has adopted the Contributor Covenant version 1.4 as our Code of
-Conduct for BIND 9 project, as well as for the conduct of our developers
-throughout the industry.
-
 Access to source code
 
 Public BIND releases are always available from the ISC FTP site.

CONTRIBUTING.md

@@ -41,14 +41,6 @@ a release: read access to the source repository was restricted just
 as commit access was.  That's now changing, with the opening of a
 public git mirror to the BIND source tree (see below).
 
-At [Internet Systems Consortium](https://www.isc.org), we're committed to
-building communities that are welcoming and inclusive; environments where people
-are encouraged to share ideas, treat each other with respect, and collaborate
-towards the best solutions. To reinforce our commitment, the [Internet Systems
-Consortium](https://www.isc.org) has adopted the Contributor Covenant version
-1.4 as our Code of Conduct for BIND 9 project, as well as for the conduct of our
-developers throughout the industry.
-
 ### <a name="access"></a>Access to source code
 
 Public BIND releases are always available from the
@@ -116,7 +108,7 @@ ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.
 If you have a crash, you may want to consult
 [‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
 
-### <a name="contrib"></a>Contributing code
+### <a name="bugs"></a>Contributing code
 
 BIND is licensed under the
 [Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2019  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2018  Internet Systems Consortium, Inc. ("ISC")
 
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this

HISTORY

@@ -1,81 +1,5 @@
-HISTORY
-
 Functional enhancements from prior major releases of BIND 9
 
-BIND 9.14
-
-BIND 9.14 (a stable branch based on the 9.13 development branch) includes
-a number of changes from BIND 9.12 and earlier releases. New features
-include:
-
-  * A new "plugin" mechanism has been added to allow query functionality
-    to be extended using dynamically loadable libraries. The "filter-aaaa"
-    feature has been removed from named and is now implemented as a
-    plugin.
-  * Socket and task code has been refactored to improve performance.
-  * QNAME minimization, as described in RFC 7816, is now supported.
-  * "Root key sentinel" support, enabling validating resolvers to indicate
-    via a special query which trust anchors are configured for the root
-    zone.
-  * Secondary zones can now be configured as "mirror" zones; their
-    contents are transferred in as with traditional slave zones, but are
-    subject to DNSSEC validation and are not treated as authoritative data
-    when answering. This makes it easier to configure a local copy of the
-    root zone as described in RFC 7706.
-  * The "validate-except" option allows configuration of domains below
-    which DNSSEC validation should not be performed.
-  * The default value of "dnssec-validation" is now "auto".
-  * IDNA2008 is now supported when linking with libidn2.
-  * "named -V" now outputs the default paths for files used by named and
-    other tools.
-
-In addition, workarounds that were formerly in place to enable resolution
-of domains whose authoritative servers did not respond to EDNS queries
-have been removed. See https://dnsflagday.net for more details.
-
-Cryptographic support has been modernized. BIND now uses the best
-available pseudo-random number generator for the platform on which it's
-built. Very old versions of OpenSSL are no longer supported. Cryptography
-is now mandatory: building BIND without DNSSEC is no longer supported.
-
-Special code to support certain legacy operating systems has also been
-removed; see the file PLATFORMS.md for details of supported platforms. In
-addition to OpenSSL, BIND now requires support for IPv6, threads, and
-standard atomic operations provided by the C compiler.
-
-BIND 9.12
-
-BIND 9.12 includes a number of changes from BIND 9.11 and earlier
-releases. New features include:
-
-  * named and related libraries have been substantially refactored for
-    improved query performance -- particularly on delegation heavy zones
-    -- and for improved readability, maintainability, and testability.
-  * Code implementing the name server query processing logic has been
-    moved into a new libns library, for easier testing and use in tools
-    other than named.
-  * Cached, validated NSEC and other records can now be used to synthesize
-    NXDOMAIN responses.
-  * The DNS Response Policy Service API (DNSRPS) is now supported.
-  * Setting 'max-journal-size default' now limits the size of journal
-    files to twice the size of the zone.
-  * dnstap-read -x prints a hex dump of the wire format of each logged DNS
-    message.
-  * dnstap output files can now be configured to roll automatically when
-    reaching a given size.
-  * Log file timestamps can now also be formatted in ISO 8601 (local) or
-    ISO 8601 (UTC) formats.
-  * Logging channels and dnstap output files can now be configured to use
-    a timestamp as the suffix when rolling to a new file.
-  * 'named-checkconf -l' lists zones found in named.conf.
-  * Added support for the EDNS Padding and Keepalive options.
-  * 'new-zones-directory' option sets the location where the configuration
-    data for zones added by rndc addzone is stored.
-  * The default key algorithm in rndc-confgen is now hmac-sha256.
-  * filter-aaaa-on-v4 and filter-aaaa-on-v6 options are now available by
-    default without a configure option.
-  * The obsolete isc-hmac-fixup command has been removed.
-
 BIND 9.11
 
 BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
@@ -507,11 +431,11 @@ BIND 9.4.0
   * Detect duplicates of UDP queries we are recursing on and drop them.
     New stats category "duplicates".
   * "USE INTERNAL MALLOC" is now runtime selectable.
-  * The lame cache is now done on a <qname,qclass,qtype> basis as some
-    servers only appear to be lame for certain query types.
+  * The lame cache is now done on a basis as some servers only appear to
+    be lame for certain query types.
   * Limit the number of recursive clients that can be waiting for a single
-    query (<qname,qtype,qclass>) to resolve. New options clients-per-query
-    and max-clients-per-query.
+    query () to resolve. New options clients-per-query and
+    max-clients-per-query.
   * dig: report the number of extra bytes still left in the packet after
     processing all the records.
   * Support for IPSECKEY rdata type.
@@ -598,3 +522,4 @@ BIND 9.2.0
     DNSSEC implementation is still considered experimental. For detailed
     information about the state of the DNSSEC implementation, see the file
     doc/misc/dnssec.
+

HISTORY.md

@@ -10,81 +10,6 @@
 -->
 ### Functional enhancements from prior major releases of BIND 9
 
-#### BIND 9.14
-
-BIND 9.14 (a stable branch based on the 9.13 development branch)
-includes a number of changes from BIND 9.12 and earlier releases.
-New features include:
-
-* A new "plugin" mechanism has been added to allow query functionality
-  to be extended using dynamically loadable libraries. The "filter-aaaa"
-  feature has been removed from named and is now implemented as a plugin.
-* Socket and task code has been refactored to improve performance.
-* QNAME minimization, as described in RFC 7816, is now supported.
-* "Root key sentinel" support, enabling validating resolvers to indicate
-  via a special query which trust anchors are configured for the root zone.
-* Secondary zones can now be configured as "mirror" zones; their contents
-  are transferred in as with traditional slave zones, but are subject to
-  DNSSEC validation and are not treated as authoritative data when
-  answering. This makes it easier to configure a local copy of the root
-  zone as described in RFC 7706.
-* The "validate-except" option allows configuration of domains below which
-  DNSSEC validation should not be performed.
-* The default value of "dnssec-validation" is now "auto".
-* IDNA2008 is now supported when linking with `libidn2`.
-* "named -V" now outputs the default paths for files used by named
-  and other tools.
-
-In addition, workarounds that were formerly in place to enable resolution
-of domains whose authoritative servers did not respond to EDNS queries
-have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
-for more details.
-
-Cryptographic support has been modernized. BIND now uses the
-best available pseudo-random number generator for the platform on which
-it's built. Very old versions of OpenSSL are no longer supported.
-Cryptography is now mandatory: building BIND without DNSSEC is no
-longer supported.
-
-Special code to support certain legacy operating systems has also
-been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
-of supported platforms. In addition to OpenSSL, BIND now requires
-support for IPv6, threads, and standard atomic operations provided
-by the C compiler.
-
-#### BIND 9.12
-
-BIND 9.12 includes a number of changes from BIND 9.11 and earlier releases.
-New features include:
-
-* `named` and related libraries have been substantially refactored for
-  improved query performance -- particularly on delegation heavy zones --
-  and for improved readability, maintainability, and testability.
-* Code implementing the name server query processing logic has been moved
-  into a new `libns` library, for easier testing and use in tools other
-  than `named`.
-* Cached, validated NSEC and other records can now be used to synthesize
-  NXDOMAIN responses.
-* The DNS Response Policy Service API (DNSRPS) is now supported.
-* Setting `'max-journal-size default'` now limits the size of journal files
-  to twice the size of the zone.
-* `dnstap-read -x` prints a hex dump of the wire format of each logged
-  DNS message.
-* `dnstap` output files can now be configured to roll automatically when
-  reaching a given size.
-* Log file timestamps can now also be formatted in ISO 8601 (local) or ISO
-  8601 (UTC) formats.
-* Logging channels and `dnstap` output files can now be configured to use a
-  timestamp as the suffix when rolling to a new file.
-* `'named-checkconf -l'` lists zones found in `named.conf`.
-* Added support for the EDNS Padding and Keepalive options.
-* 'new-zones-directory' option sets the location where the configuration
-  data for zones added by rndc addzone is stored.
-* The default key algorithm in `rndc-confgen` is now hmac-sha256.
-* `filter-aaaa-on-v4` and `filter-aaaa-on-v6` options are now available
-  by default without a configure option.
-* The obsolete `isc-hmac-fixup` command has been removed.
-
 #### BIND 9.11
 
 BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier

Makefile.in

@@ -14,12 +14,15 @@ top_builddir =  @top_builddir@
 
 VERSION=@BIND9_VERSION@
 
-SUBDIRS =	make lib fuzz bin doc
+SUBDIRS =	make unit lib bin doc
 TARGETS =
 PREREQS =	bind.keys.h
 
-MANOBJS =	README HISTORY OPTIONS CONTRIBUTING PLATFORMS CODE_OF_CONDUCT \
-		${MANPAGES} ${HTMLPAGES}
+MANPAGES =	isc-config.sh.1
+
+HTMLPAGES =	isc-config.sh.html
+
+MANOBJS =	README HISTORY OPTIONS CONTRIBUTING ${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
@@ -31,7 +34,7 @@ bind.keys.h: ${top_srcdir}/bind.keys ${srcdir}/util/bindkeys.pl
 
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
-	rm -f libtool configure.lineno
+	rm -f libtool isc-config.sh configure.lineno
 	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
 
 # XXX we should clean libtool stuff too.  Only do this after we add rules
@@ -50,14 +53,28 @@ installdirs:
 	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
-install:: installdirs
+install:: isc-config.sh installdirs
+	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
+	rm -f ${DESTDIR}${bindir}/bind9-config
+	@LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
+	${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
+	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
+	@LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
 	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
 
 uninstall::
 	rm -f ${DESTDIR}${sysconfdir}/bind.keys
+	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
+	rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1
+	rm -f ${DESTDIR}${bindir}/bind9-config
+	rm -f ${DESTDIR}${bindir}/isc-config.sh
+
+tags:
+	rm -f TAGS
+	find lib bin -name "*.[ch]" -print | @ETAGS@ -
 
 test check:
-	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>/dev/null || echo fail`"; then \
+	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
 	echo I: NOTE: The tests were not run because they require that; \
 	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
 	echo I:	as alias addresses on the loopback interface.  Please run; \
@@ -72,39 +89,28 @@ force-test: test-force
 
 test-force:
 	status=0; \
-	(cd fuzz && ${MAKE} check) || status=1; \
 	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
 	(test -f ${top_builddir}/unit/unittest.sh && \
 		$(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \
 	exit $$status
 
 README: README.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="README" -f markdown-smart -t html README.md | \
+	${PANDOC} --email-obfuscation=none -s -t html README.md | \
 		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 HISTORY: HISTORY.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="HISTORY" -f markdown-smart -t html HISTORY.md | \
+	${PANDOC} --email-obfuscation=none -s -t html HISTORY.md | \
 		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 OPTIONS: OPTIONS.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="OPTIONS" -f markdown-smart -t html OPTIONS.md | \
+	${PANDOC} --email-obfuscation=none -s -t html OPTIONS.md | \
 		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 
 CONTRIBUTING: CONTRIBUTING.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="CONTRIBUTING" -f markdown-smart -t html CONTRIBUTING.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-PLATFORMS: PLATFORMS.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="PLATFORMS" -f markdown-smart -t html PLATFORMS.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-CODE_OF_CONDUCT: CODE_OF_CONDUCT.md
-	${PANDOC} --email-obfuscation=none -s --metadata title="CODE OF CONDUCT" -f markdown-smart -t html $< | \
+	${PANDOC} --email-obfuscation=none -s -t html CONTRIBUTING.md | \
 		${W3M} -dump -cols 75 -O ascii -T text/html | \
 		sed -e '$${/^$$/d;}' > $@
 

OPTIONS

@@ -1,12 +1,10 @@
-OPTIONS
-
 Setting the STD_CDEFINES environment variable before running configure can
 be used to enable certain compile-time options that are not explicitly
 defined in configure.
 
 Some of these settings are:
 
-         Setting                            Description
+Setting                   Description
                           Overwrite memory with tag values when allocating
 -DISC_MEM_DEFAULTFILL=1   or freeing it; this impairs performance but
                           makes debugging of memory problems easier.
@@ -26,3 +24,4 @@ Some of these settings are:
                           may be useful when debugging
 -DISC_HEAP_CHECK          Test heap consistency after every heap
                           operation; used when debugging
+

PLATFORMS

@@ -1,75 +0,0 @@
-PLATFORMS
-
-Supported platforms
-
-In general, this version of BIND will build and run on any POSIX-compliant
-system with a C99-compliant C compiler, BSD-style sockets with
-RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
-cryptography library. Atomic operations support from the compiler is
-needed, either in the form of builtin operations, C11 atomics or the
-Interlocked family of functions on Windows.
-
-ISC regularly tests BIND on many operating systems and architectures, but
-lacks the resources to test all of them. Consequently, ISC is only able to
-offer support on a "best effort" basis for some.
-
-Regularly tested platforms
-
-As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
-following systems:
-
-  * Debian 8, 9, 10
-  * Ubuntu 16.04, 18.04
-  * Fedora 28, 29
-  * Red Hat Enterprise Linux / CentOS 6, 7
-  * FreeBSD 11.x
-  * OpenBSD 6.2, 6.3
-
-The amd64, i386, armhf and arm64 CPU architectures are all fully
-supported.
-
-Best effort
-
-The following are platforms on which BIND is known to build and run. ISC
-makes every effort to fix bugs on these platforms, but may be unable to do
-so quickly due to lack of hardware, less familiarity on the part of
-engineering staff, and other constraints. With the exception of Windows
-Server 2012 R2, none of these are tested regularly by ISC.
-
-  * Windows Server 2012 R2, 2016 / x64
-  * Windows 10 / x64
-  * macOS 10.12+
-  * Solaris 11
-  * FreeBSD 10.x, 12.0+
-  * OpenBSD 6.4+
-  * NetBSD
-  * Other Linux distributions still supported by their vendors, such as:
-      + Ubuntu 14.04, 18.10+
-      + Gentoo
-      + Arch Linux
-      + Alpine Linux
-  * OpenWRT/LEDE 17.01+
-  * Other CPU architectures (mips, mipsel, sparc, ...)
-
-Unsupported platforms
-
-These are platforms on which BIND 9.15 is known not to build or run:
-
-  * Platforms without at least OpenSSL 1.0.2
-  * Windows 10 / x86
-  * Windows Server 2012 and older
-  * Solaris 10 and older
-  * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
-  * Platforms that don't support atomic operations (via compiler or
-    library)
-  * Linux without NPTL (Native POSIX Thread Library)
-
-Platform quirks
-
-NetBSD 6 i386
-
-The i386 build of NetBSD requires the libatomic library, available from
-the gcc5-libs package. Because this library is in a non-standard path, its
-location must be specified in the configure command line:
-
-LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure

PLATFORMS.md

@@ -1,83 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-## Supported platforms
-
-In general, this version of BIND will build and run on any POSIX-compliant
-system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
-IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
-Atomic operations support from the compiler is needed, either in the form of
-builtin operations, C11 atomics or the Interlocked family of functions on
-Windows.
-
-ISC regularly tests BIND on many operating systems and architectures, but
-lacks the resources to test all of them. Consequently, ISC is only able to
-offer support on a "best effort" basis for some.
-
-### Regularly tested platforms
-
-As of Feb 2019, BIND 9.15 is fully supported and regularly tested on the
-following systems:
-
-* Debian 8, 9, 10
-* Ubuntu 16.04, 18.04
-* Fedora 28, 29
-* Red Hat Enterprise Linux / CentOS 6, 7
-* FreeBSD 11.x
-* OpenBSD 6.2, 6.3
-
-The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
-
-### Best effort
-
-The following are platforms on which BIND is known to build and run.
-ISC makes every effort to fix bugs on these platforms, but may be unable to
-do so quickly due to lack of hardware, less familiarity on the part of
-engineering staff, and other constraints. With the exception of Windows
-Server 2012 R2, none of these are tested regularly by ISC.
-
-* Windows Server 2012 R2, 2016 / x64
-* Windows 10 / x64
-* macOS 10.12+
-* Solaris 11
-* FreeBSD 10.x, 12.0+
-* OpenBSD 6.4+
-* NetBSD
-* Other Linux distributions still supported by their vendors, such as:
-    * Ubuntu 14.04, 18.10+
-    * Gentoo
-    * Arch Linux
-    * Alpine Linux
-* OpenWRT/LEDE 17.01+
-* Other CPU architectures (mips, mipsel, sparc, ...)
-
-## Unsupported platforms
-
-These are platforms on which BIND 9.15 is known *not* to build or run:
-
-* Platforms without at least OpenSSL 1.0.2
-* Windows 10 / x86
-* Windows Server 2012 and older
-* Solaris 10 and older
-* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
-* Platforms that don't support atomic operations (via compiler or library)
-* Linux without NPTL (Native POSIX Thread Library)
-
-## Platform quirks
-
-### NetBSD 6 i386
-
-The i386 build of NetBSD requires the `libatomic` library, available from
-the `gcc5-libs` package.  Because this library is in a non-standard path,
-its location must be specified in the `configure` command line:
-
-```
-LDFLAGS="-L/usr/pkg/gcc5/i486--netbsdelf/lib/ -Wl,-R/usr/pkg/gcc5/i486--netbsdelf/lib/" ./configure
-```

README

@@ -1,5 +1,3 @@
-README
-
 BIND 9
 
 Contents
@@ -7,15 +5,14 @@ Contents
  1. Introduction
  2. Reporting bugs and getting help
  3. Contributing to BIND
- 4. BIND 9.15 features
+ 4. BIND 9.13 features
  5. Building BIND
  6. macOS
- 7. Dependencies
- 8. Compile-time options
- 9. Automated testing
-10. Documentation
-11. Change log
-12. Acknowledgments
+ 7. Compile-time options
+ 8. Automated testing
+ 9. Documentation
+10. Change log
+11. Acknowledgments
 
 Introduction
 
@@ -34,12 +31,12 @@ administrative tools, including the dig and delv DNS lookup tools,
 nsupdate for dynamic DNS zone updates, rndc for remote name server
 administration, and more.
 
-BIND 9 began as a complete re-write of the BIND architecture that was used
-in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
-501(c)(3) public benefit corporation dedicated to providing software and
+BIND 9 is a complete re-write of the BIND architecture that was used in
+versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501
+(c)(3) public benefit corporation dedicated to providing software and
 services in support of the Internet infrastructure, developed BIND 9 and
 is responsible for its ongoing maintenance and improvement. BIND is open
-source software licensed under the terms of the Mozilla Public License,
+source software licenced under the terms of the Mozilla Public License,
 version 2.0.
 
 For a summary of features introduced in past major releases of BIND, see
@@ -51,8 +48,6 @@ the file CHANGES. See below for details on the CHANGES file format.
 For up-to-date release notes and errata, see http://www.isc.org/software/
 bind9/releasenotes
 
-For information about supported platforms, see PLATFORMS.
-
 Reporting bugs and getting help
 
 To report non-security-sensitive bugs or request new features, you may
@@ -87,9 +82,8 @@ ISC maintains a public git repository for BIND; details can be found at
 http://www.isc.org/git/.
 
 Information for BIND contributors can be found in the following files: -
-General information: CONTRIBUTING.md - Code of Conduct: CODE_OF_CONDUCT.md
-- BIND 9 code style: doc/dev/style.md - BIND architecture and developer
-guide: doc/dev/dev.md
+General information: CONTRIBUTING.md - BIND 9 code style: doc/dev/style.md
+- BIND architecture and developer guide: doc/dev/dev.md
 
 Patches for BIND may be submitted as Merge Requests in the ISC GitLab
 server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
@@ -103,28 +97,21 @@ If you prefer, you may also submit code by opening a GitLab Issue and
 including your patch as an attachment, preferably generated by git
 format-patch.
 
-BIND 9.15 features
+BIND 9.13 features
 
-BIND 9.15 is the newest development branch of BIND 9. It includes a number
-of changes from BIND 9.14 and earlier releases. New features include:
+BIND 9.13.0 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.12 and earlier releases. New features
+include:
 
-  * Support for the new GeoIP2 geolocation API
-  * Improved DNSSEC key configuration using dnssec-keys
+  * TBD
 
 Building BIND
 
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have
-been observed on many versions of Linux and UNIX, including RedHat,
-Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
-X, Solaris, HP-UX, and OpenWRT.
-
-BIND requires a cryptography provider library such as OpenSSL or a
-hardware service module supporting PKCS#11. On Linux, BIND requires the
-libcap library to set process privileges, though this requirement can be
-overridden by disabling capability support at compile time. See
-Compile-time options below for details on other libraries that may be
-required to support optional features.
+BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
+support, and a 64-bit integer type. Successful builds have been observed
+on many versions of Linux and UNIX, including RedHat, Fedora, Debian,
+Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris,
+HP-UX, AIX, SCO OpenServer, and OpenWRT.
 
 BIND is also available for Windows 2008 and higher. See win32utils/
 readme1st.txt for details on building for Windows systems.
@@ -140,7 +127,7 @@ make depend. If you're using Emacs, you might find make tags helpful.
 Several environment variables that can be set before running configure
 will affect compilation:
 
-   Variable                            Description
+Variable       Description
 CC             The C compiler to use. configure tries to figure out the
                right one for supported systems.
                C compiler flags. Defaults to include -g and/or -O2 as
@@ -168,55 +155,23 @@ if you have Xcode already installed you can run "xcode-select --install".
 This will add /usr/include to the system and install the compiler and
 other tools so that they can be easily found.
 
-Dependencies
-
-Portions of BIND that are written in Python, including dnssec-keymgr,
-dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-'argparse' and 'ply' modules to be available. 'argparse' is a standard
-module as of Python 2.7 and Python 3.2. 'ply' is available from https://
-pypi.python.org/pypi/ply.
-
 Compile-time options
 
 To see a full list of configuration options, run configure --help.
 
+On most platforms, BIND 9 is built with multithreading support, allowing
+it to take advantage of multiple CPUs. You can configure this by
+specifying --enable-threads or --disable-threads on the configure command
+line. The default is to enable threads, except on some older operating
+systems on which threads are known to have had problems in the past.
+(Note: Prior to BIND 9.10, the default was to disable threads on Linux
+systems; this has now been reversed. On Linux systems, the threaded build
+is known to change BIND's behavior with respect to file permissions; it
+may be necessary to specify a user with the -u option when running named.)
+
 To build shared libraries, specify --with-libtool on the configure command
 line.
 
-For the server to support DNSSEC, you need to build it with crypto
-support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
-installed. If the OpenSSL library is installed in a nonstandard location,
-specify the prefix using --with-openssl=<PREFIX> on the configure command
-line. To use a PKCS#11 hardware service module for cryptographic
-operations, specify the path to the PKCS#11 provider library using
---with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2 http://xmlsoft.org or json-c https://
-github.com/json-c. If these are installed at a nonstandard location, then:
-
-  * for libxml2, specify the prefix using --with-libxml2=/prefix,
-  * for json-c, adjust PKG_CONFIG_PATH.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against libzlib. If this is installed in a nonstandard location,
-specify the prefix using --with-zlib=/prefix.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in
-a nonstandard location, specify the prefix using with-lmdb=/prefix.
-
-To support MaxMind GeoIP2 location-based ACLs, the server must be linked
-with libmaxminddb. This is turned on by default if the library is found;
-if the library is installed in a nonstandard location, specify the prefix
-using --with-maxminddb=/prefix. GeoIP2 support can be switched off with
---disable-geoip.
-
-For DNSTAP packet logging, you must have installed libfstrm https://
-github.com/farsightsec/fstrm and libprotobuf-c https://
-developers.google.com/protocol-buffers, and BIND must be configured with
---enable-dnstap.
-
 Certain compiled-in constants and default settings can be increased to
 values better suited to large servers with abundant memory resources (e.g,
 64-bit servers with 12G or more of memory) by specifying --with-tuning=
@@ -224,10 +179,43 @@ large on the configure command line. This can improve performance on big
 servers, but will consume more memory and may degrade performance on
 smaller systems.
 
-On Linux, process capabilities are managed in user space using the libcap
-library, which can be installed on most Linux systems via the libcap-dev
-or libcap-devel module. Process capability support can also be disabled by
-configuring with --disable-linux-caps.
+For the server to support DNSSEC, you need to build it with crypto
+support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
+installed. If the OpenSSL library is installed in a nonstandard location,
+specify the prefix using "--with-openssl=<PREFIX>" on the configure
+command line. To use a PKCS#11 hardware service module for cryptographic
+operations, specify the path to the PKCS#11 provider library using
+"--with-pkcs11=<PREFIX>", and configure BIND with
+"--enable-native-pkcs11".
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location,
+specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
+
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib. If this is installed in a nonstandard location,
+specify the prefix using --with-zlib=/prefix.
+
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in
+a nonstandard location, specify the prefix using "with-lmdb=/prefix".
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+"--with-geoip". If the library is installed in a nonstandard location, use
+specify the prefix using "--with-geoip=/prefix".
+
+For DNSTAP packet logging, you must have installed libfstrm https://
+github.com/farsightsec/fstrm and libprotobuf-c https://
+developers.google.com/protocol-buffers, and BIND must be configured with
+"--enable-dnstap".
+
+Portions of BIND that are written in Python, including dnssec-keymgr,
+dnssec-coverage, dnssec-checkds, and some of the system tests, require the
+'argparse' and 'ply' modules to be available. 'argparse' is a standard
+module as of Python 2.7 and Python 3.2. 'ply' is available from https://
+pypi.python.org/pypi/ply.
 
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB. This can be done by using
@@ -238,9 +226,9 @@ specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
 command line. By default, fixed rrset-order is disabled to reduce memory
 footprint.
 
-The --enable-querytrace option causes named to log every step of
-processing every query. This should only be enabled when debugging,
-because it has a significant negative impact on query performance.
+If your operating system has integrated support for IPv6, it will be used
+automatically. If you have installed KAME IPv6 separately, use --with-kame
+[=PATH] to specify its location.
 
 make install will install named and the various BIND 9 libraries. By
 default, installation is into /usr/local, but this can be changed with the
@@ -248,8 +236,11 @@ default, installation is into /usr/local, but this can be changed with the
 
 You may specify the option --sysconfdir to set the directory where
 configuration files like named.conf go by default, and --localstatedir to
-set the default parent directory of run/named.pid. --sysconfdir defaults
-to $prefix/etc and --localstatedir defaults to $prefix/var.
+set the default parent directory of run/named.pid. For backwards
+compatibility with BIND 8, --sysconfdir defaults to /etc and
+--localstatedir defaults to /var if no --prefix option is given. If there
+is a --prefix option, sysconfdir defaults to $prefix/etc and localstatedir
+defaults to $prefix/var.
 
 Automated testing
 
@@ -264,10 +255,8 @@ and will be skipped if these are not available. Some tests require Python
 and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the CMocka unit testing framework. To
-build them, use configure --with-cmocka. Execution of tests is done by the
-Kyua test execution engine; if the kyua command is available, then unit
-tests can be run via make test or make unit.
+Unit tests are implemented using Automated Testing Framework (ATF). To run
+them, use configure --with-atf, then run make test or make unit.
 
 Documentation
 
@@ -292,7 +281,7 @@ development BIND 9 is included in the file CHANGES, with the most recent
 changes listed first. Change notes include tags indicating the category of
 the change that was made; these categories are:
 
-   Category                            Description
+Category       Description
 [func]         New feature
 [bug]          General bug fix
 [security]     Fix for a significant security flaw
@@ -320,46 +309,26 @@ releases (i.e., those with version numbers ending in zero). Some new
 functionality may be backported to older releases on a case-by-case basis.
 All other change types may be applied to all currently-supported releases.
 
-Bug report identifiers
-
-Most notes in the CHANGES file include a reference to a bug report or
-issue number. Prior to 2018, these were usually of the form [RT #NNN] and
-referred to entries in the "bind9-bugs" RT database, which was not open to
-the public. More recent entries use the form [GL #NNN] or, less often, [GL
-!NNN], which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publicly readable, unless they include
-information which is confidential or security senstive.
-
-To look up a Gitlab issue by its number, use the URL https://
-gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request,
-use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.
-
-In rare cases, an issue or merge request number may be followed with the
-letter "P". This indicates that the information is in the private ISC
-Gitlab instance, which is not visible to the public.
-
 Acknowledgments
 
   * The original development of BIND 9 was underwritten by the following
     organizations:
 
-      Sun Microsystems, Inc.
-      Hewlett Packard
-      Compaq Computer Corporation
-      IBM
-      Process Software Corporation
-      Silicon Graphics, Inc.
-      Network Associates, Inc.
-      U.S. Defense Information Systems Agency
-      USENIX Association
-      Stichting NLnet - NLnet Foundation
-      Nominum, Inc.
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
 
   * This product includes software developed by the OpenSSL Project for
     use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-
   * This product includes cryptographic software written by Eric Young
     (eay@cryptsoft.com)
-
   * This product includes software written by Tim Hudson
     (tjh@cryptsoft.com)

README.md

@@ -15,10 +15,9 @@
 1. [Introduction](#intro)
 1. [Reporting bugs and getting help](#help)
 1. [Contributing to BIND](#contrib)
-1. [BIND 9.15 features](#features)
+1. [BIND 9.13 features](#features)
 1. [Building BIND](#build)
 1. [macOS](#macos)
-1. [Dependencies](#dependencies)
 1. [Compile-time options](#opts)
 1. [Automated testing](#testing)
 1. [Documentation](#doc)
@@ -42,13 +41,13 @@ administrative tools, including the `dig` and `delv` DNS lookup tools,
 `nsupdate` for dynamic DNS zone updates, `rndc` for remote name server
 administration, and more.
 
-BIND 9 began as a complete re-write of the BIND architecture that was
-used in versions 4 and 8.  Internet Systems Consortium
+BIND 9 is a complete re-write of the BIND architecture that was used in
+versions 4 and 8.  Internet Systems Consortium
 ([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
 corporation dedicated to providing software and services in support of the
 Internet infrastructure, developed BIND 9 and is responsible for its
 ongoing maintenance and improvement.  BIND is open source software
-licensed under the terms of the Mozilla Public License, version 2.0.
+licenced under the terms of the Mozilla Public License, version 2.0.
 
 For a summary of features introduced in past major releases of BIND,
 see the file [HISTORY](HISTORY.md).
@@ -60,8 +59,6 @@ CHANGES file format.
 For up-to-date release notes and errata, see
 [http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
 
-For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
-
 ### <a name="help"/> Reporting bugs and getting help
 
 To report non-security-sensitive bugs or request new features, you may
@@ -98,8 +95,7 @@ ISC maintains a public git repository for BIND; details can be found
 at [http://www.isc.org/git/](http://www.isc.org/git/).
 
 Information for BIND contributors can be found in the following files:
-- General information: [CONTRIBUTING.md](CONTRIBUTING.md)
-- Code of Conduct: [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)
+- General information: [CONTRIBUTING.md](CONTRIBUTING)
 - BIND 9 code style: [doc/dev/style.md](doc/dev/style.md)
 - BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
 
@@ -118,30 +114,21 @@ If you prefer, you may also submit code by opening a
 including your patch as an attachment, preferably generated by
 `git format-patch`.
 
-### <a name="features"/> BIND 9.15 features
+### <a name="features"/> BIND 9.13 features
 
-BIND 9.15 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.14 and earlier releases. New features
+BIND 9.13.0 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.12 and earlier releases.  New features
 include:
 
-* Support for the new GeoIP2 geolocation API
-* Improved DNSSEC key configuration using `dnssec-keys`
-* YAML output for dig, mdig, and delv.
+* TBD
 
 ### <a name="build"/> Building BIND
 
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have been
-observed on many versions of Linux and UNIX, including RedHat, Fedora,
-Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
-Solaris, HP-UX, and OpenWRT.
-
-BIND requires a cryptography provider library such as OpenSSL or a
-hardware service module supporting PKCS#11. On Linux, BIND requires
-the `libcap` library to set process privileges, though this requirement
-can be overridden by disabling capability support at compile time.
-See [Compile-time options](#opts) below for details on other libraries
-that may be required to support optional features.
+BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
+support, and a 64-bit integer type. Successful builds have been observed on
+many versions of Linux and UNIX, including RedHat, Fedora, Debian, Ubuntu,
+SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, HP-UX, AIX,
+SCO OpenServer, and OpenWRT. 
 
 BIND is also available for Windows 2008 and higher.  See
 `win32utils/readme1st.txt` for details on building for Windows
@@ -179,58 +166,24 @@ or if you have Xcode already installed you can run "xcode-select --install".
 This will add /usr/include to the system and install the compiler and other
 tools so that they can be easily found.
 
-### <a name="dependencies"/> Dependencies
-
-Portions of BIND that are written in Python, including
-`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
-system tests, require the 'argparse' and 'ply' modules to be available.
-'argparse' is a standard module as of Python 2.7 and Python 3.2.
-'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
 
 #### <a name="opts"/> Compile-time options
 
 To see a full list of configuration options, run `configure --help`.
 
+On most platforms, BIND 9 is built with multithreading support, allowing it
+to take advantage of multiple CPUs.  You can configure this by specifying
+`--enable-threads` or `--disable-threads` on the `configure` command line.
+The default is to enable threads, except on some older operating systems on
+which threads are known to have had problems in the past.  (Note: Prior to
+BIND 9.10, the default was to disable threads on Linux systems; this has
+now been reversed.  On Linux systems, the threaded build is known to change
+BIND's behavior with respect to file permissions; it may be necessary to
+specify a user with the -u option when running `named`.)
+
 To build shared libraries, specify `--with-libtool` on the `configure`
 command line.
 
-For the server to support DNSSEC, you need to build it with crypto support.
-To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
-OpenSSL library is installed in a nonstandard location, specify the prefix
-using `--with-openssl=<PREFIX>` on the configure command line. To use a
-PKCS#11 hardware service module for cryptographic operations, specify the
-path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
-configure BIND with `--enable-native-pkcs11`.
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2
-[http://xmlsoft.org](http://xmlsoft.org) or json-c
-[https://github.com/json-c](https://github.com/json-c).  If these are
-installed at a nonstandard location, then:
-
-* for libxml2, specify the prefix using `--with-libxml2=/prefix`,
-* for json-c, adjust `PKG_CONFIG_PATH`.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against libzlib.  If this is installed in a nonstandard location,
-specify the prefix using `--with-zlib=/prefix`.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in a
-nonstandard location, specify the prefix using `with-lmdb=/prefix`.
-
-To support MaxMind GeoIP2 location-based ACLs, the server must be linked
-with `libmaxminddb`. This is turned on by default if the library is
-found; if the library is installed in a nonstandard location,
-specify the prefix using `--with-maxminddb=/prefix`. GeoIP2 support
-can be switched off with `--disable-geoip`.
-
-For DNSTAP packet logging, you must have installed libfstrm
-[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
-and libprotobuf-c
-[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
-and BIND must be configured with `--enable-dnstap`.
-
 Certain compiled-in constants and default settings can be increased to
 values better suited to large servers with abundant memory resources (e.g,
 64-bit servers with 12G or more of memory) by specifying
@@ -238,10 +191,45 @@ values better suited to large servers with abundant memory resources (e.g,
 performance on big servers, but will consume more memory and may degrade
 performance on smaller systems.
 
-On Linux, process capabilities are managed in user space using
-the `libcap` library, which can be installed on most Linux systems via
-the `libcap-dev` or `libcap-devel` module. Process capability support can
-also be disabled by configuring with `--disable-linux-caps`.
+For the server to support DNSSEC, you need to build it with crypto support.
+To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
+OpenSSL library is installed in a nonstandard location, specify the prefix
+using "--with-openssl=&lt;PREFIX&gt;" on the configure command line. To use a
+PKCS#11 hardware service module for cryptographic operations, specify the
+path to the PKCS#11 provider library using "--with-pkcs11=&lt;PREFIX&gt;", and
+configure BIND with "--enable-native-pkcs11".
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2
+[http://xmlsoft.org](http://xmlsoft.org) or json-c
+[https://github.com/json-c](https://github.com/json-c).  If these are
+installed at a nonstandard location, specify the prefix using
+`--with-libxml2=/prefix` or `--with-libjson=/prefix`.
+
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib.  If this is installed in a nonstandard location,
+specify the prefix using `--with-zlib=/prefix`.
+
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in a
+nonstandard location, specify the prefix using "with-lmdb=/prefix".
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+"--with-geoip". If the library is installed in a nonstandard location, use
+specify the prefix using "--with-geoip=/prefix".
+
+For DNSTAP packet logging, you must have installed libfstrm
+[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
+and libprotobuf-c
+[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
+and BIND must be configured with "--enable-dnstap".
+
+Portions of BIND that are written in Python, including
+`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
+system tests, require the 'argparse' and 'ply' modules to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2.
+'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
 
 On some platforms it is necessary to explicitly request large file support
 to handle files bigger than 2GB.  This can be done by using
@@ -252,9 +240,9 @@ specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the
 configure command line.  By default, fixed rrset-order is disabled to
 reduce memory footprint.
 
-The `--enable-querytrace` option causes `named` to log every step of
-processing every query. This should only be enabled when debugging, because
-it has a significant negative impact on query performance.
+If your operating system has integrated support for IPv6, it will be used
+automatically.  If you have installed KAME IPv6 separately, use
+`--with-kame[=PATH]` to specify its location.
 
 `make install` will install `named` and the various BIND 9 libraries.  By
 default, installation is into /usr/local, but this can be changed with the
@@ -262,8 +250,11 @@ default, installation is into /usr/local, but this can be changed with the
 
 You may specify the option `--sysconfdir` to set the directory where
 configuration files like `named.conf` go by default, and `--localstatedir`
-to set the default parent directory of `run/named.pid`.   `--sysconfdir`
-defaults to `$prefix/etc` and `--localstatedir` defaults to `$prefix/var`.
+to set the default parent directory of `run/named.pid`.   For backwards
+compatibility with BIND 8, `--sysconfdir` defaults to `/etc` and
+`--localstatedir` defaults to `/var` if no `--prefix` option is given.  If
+there is a `--prefix` option, sysconfdir defaults to `$prefix/etc` and
+localstatedir defaults to `$prefix/var`.
 
 ### <a name="testing"/> Automated testing
 
@@ -278,10 +269,9 @@ and will be skipped if these are not available. Some tests require Python
 and the 'dnspython' module and will be skipped if these are not available.
 See bin/tests/system/README for further details.
 
-Unit tests are implemented using the CMocka unit testing framework.
-To build them, use `configure --with-cmocka`. Execution of tests is done
-by the Kyua test execution engine; if the `kyua` command is available,
-then unit tests can be run via `make test` or `make unit`.
+Unit tests are implemented using Automated Testing Framework (ATF).
+To run them, use `configure --with-atf`, then run `make test` or
+`make unit`.
 
 ### <a name="doc"/> Documentation
 
@@ -329,25 +319,6 @@ releases (i.e., those with version numbers ending in zero).  Some new
 functionality may be backported to older releases on a case-by-case basis.
 All other change types may be applied to all currently-supported releases.
 
-#### Bug report identifiers
-
-Most notes in the CHANGES file include a reference to a bug report or
-issue number. Prior to 2018, these were usually of the form `[RT #NNN]`
-and referred to entries in the "bind9-bugs" RT database, which was not open
-to the public. More recent entries use the form `[GL #NNN]` or, less often,
-`[GL !NNN]`, which, respectively, refer to issues or merge requests in the
-Gitlab database. Most of these are publicly readable, unless they include
-information which is confidential or security senstive.
-
-To look up a Gitlab issue by its number, use the URL
-[https://gitlab.isc.org/isc-projects/bind9/issues/NNN](https://gitlab.isc.org/isc-projects/bind9/issues).
-To look up a merge request, use
-[https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
-
-In rare cases, an issue or merge request number may be followed with the
-letter "P". This indicates that the information is in the private ISC
-Gitlab instance, which is not visible to the public.
-
 ### <a name="ack"/> Acknowledgments
 
 * The original development of BIND 9 was underwritten by the

acconfig.h

@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+/***
+ *** This file is not to be included by any public header files, because
+ *** it does not get installed.
+ ***/
+@TOP@
+
+/** define on DEC OSF to enable 4.4BSD style sa_len support */
+#undef _SOCKADDR_LEN
+
+/** define if your system needs pthread_init() before using pthreads */
+#undef NEED_PTHREAD_INIT
+
+/** define if your system has sigwait() */
+#undef HAVE_SIGWAIT
+
+/** define if sigwait() is the UnixWare flavor */
+#undef HAVE_UNIXWARE_SIGWAIT
+
+/** define on Solaris to get sigwait() to work using pthreads semantics */
+#undef _POSIX_PTHREAD_SEMANTICS
+
+/** define if LinuxThreads is in use */
+#undef HAVE_LINUXTHREADS
+
+/** define if sysconf() is available */
+#undef HAVE_SYSCONF
+
+/** define if sysctlbyname() is available */
+#undef HAVE_SYSCTLBYNAME
+
+/** define if catgets() is available */
+#undef HAVE_CATGETS
+
+/** define if getifaddrs() exists */
+#undef HAVE_GETIFADDRS
+
+/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
+#undef HAVE_IFLIST_SYSCTL
+
+/** define if tzset() is available */
+#undef HAVE_TZSET
+
+/** define if struct addrinfo exists */
+#undef HAVE_ADDRINFO
+
+/** define if getaddrinfo() exists */
+#undef HAVE_GETADDRINFO
+
+/** define if gai_strerror() exists */
+#undef HAVE_GAISTRERROR
+
+/**
+ * define if pthread_setconcurrency() should be called to tell the
+ * OS how many threads we might want to run.
+ */
+#undef CALL_PTHREAD_SETCONCURRENCY
+
+/** define if IPv6 is not disabled */
+#undef WANT_IPV6
+
+/** define if flockfile() is available */
+#undef HAVE_FLOCKFILE
+
+/** define if getc_unlocked() is available */
+#undef HAVE_GETCUNLOCKED
+
+/** Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
+#undef SHUTUP_SPUTAUX
+#ifdef SHUTUP_SPUTAUX
+struct __sFILE;
+extern __inline int __sputaux(int _c, struct __sFILE *_p);
+#endif
+
+/** Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
+#undef SHUTUP_SIGWAIT
+#ifdef SHUTUP_SIGWAIT
+int sigwait(const unsigned int *set, int *sig);
+#endif
+
+/** Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
+#undef SHUTUP_STDARG_CAST
+#if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__)
+#include <stdarg.h>		/** Grr.  Must be included *every time*. */
+/**
+ * The silly continuation line is to keep configure from
+ * commenting out the #undef.
+ */
+
+#undef \
+	va_start
+#define	va_start(ap, last) \
+	do { \
+		union { const void *konst; long *var; } _u; \
+		_u.konst = &(last); \
+		ap = (va_list)(_u.var + __va_words(__typeof(last))); \
+	} while (0)
+#endif /** SHUTUP_STDARG_CAST && __GNUC__ */
+
+/** define if the system has a random number generating device */
+#undef PATH_RANDOMDEV
+
+/** define if pthread_attr_getstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
+
+/** define if pthread_attr_setstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
+
+/** define if you have strerror in the C library. */
+#undef HAVE_STRERROR
+
+/* Define if OpenSSL includes DSA support */
+#undef HAVE_OPENSSL_DSA
+
+/* Define if you have getpassphrase in the C library. */
+#undef HAVE_GETPASSPHRASE
+
+/* Define to the length type used by the socket API (socklen_t, size_t, int). */
+#undef ISC_SOCKADDR_LEN_T
+
+/* Define if threads need PTHREAD_SCOPE_SYSTEM */
+#undef NEED_PTHREAD_SCOPE_SYSTEM
+
+/* Define to 1 if you have the uname library function. */
+#undef HAVE_UNAME

aclocal.m4

@@ -1,387 +1,17 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+sinclude(libtool.m4/libtool.m4)dnl
+sinclude(libtool.m4/ltoptions.m4)dnl
+sinclude(libtool.m4/ltsugar.m4)dnl
+sinclude(libtool.m4/ltversion.m4)dnl
+sinclude(libtool.m4/lt~obsolete.m4)dnl
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+m4_divert_text(HELP_CANON, [[
+  NOTE: If PREFIX is not set, then the default values for --sysconfdir
+  and --localstatedir are /etc and /var, respectively.]])
+m4_divert_text(HELP_END, [[
+Professional support for BIND is provided by Internet Systems Consortium,
+Inc.  Information about paid support and training options is available at
+https://www.isc.org/support.
 
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
-# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
-# serial 12 (pkg-config-0.29.2)
-
-dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-dnl General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-dnl 02111-1307, USA.
-dnl
-dnl As a special exception to the GNU General Public License, if you
-dnl distribute this file as part of a program that contains a
-dnl configuration script generated by Autoconf, you may include it under
-dnl the same distribution terms that you use for the rest of that
-dnl program.
-
-dnl PKG_PREREQ(MIN-VERSION)
-dnl -----------------------
-dnl Since: 0.29
-dnl
-dnl Verify that the version of the pkg-config macros are at least
-dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
-dnl installed version of pkg-config, this checks the developer's version
-dnl of pkg.m4 when generating configure.
-dnl
-dnl To ensure that this macro is defined, also add:
-dnl m4_ifndef([PKG_PREREQ],
-dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
-dnl
-dnl See the "Since" comment for each macro you use to see what version
-dnl of the macros you require.
-m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.2])
-m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
-    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
-])dnl PKG_PREREQ
-
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
-dnl Since: 0.16
-dnl
-dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
-dnl first found in the path. Checks that the version of pkg-config found
-dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
-dnl used since that's the first version where most current features of
-dnl pkg-config existed.
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=m4_default([$1], [0.9.0])
-	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-		PKG_CONFIG=""
-	fi
-fi[]dnl
-])dnl PKG_PROG_PKG_CONFIG
-
-dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------------------------------
-dnl Since: 0.18
-dnl
-dnl Check to see whether a particular set of modules exists. Similar to
-dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
-dnl
-dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
-dnl it's called might be skipped (such as if it is within an "if", you
-dnl have to call PKG_CHECK_EXISTS manually
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
-    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_default([$2], [:])
-m4_ifvaln([$3], [else
-  $3])dnl
-fi])
-
-dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-dnl ---------------------------------------------
-dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
-dnl pkg_failed based on the result.
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
-    pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
-    PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes ],
-		     [pkg_failed=yes])
- else
-    pkg_failed=untried
-fi[]dnl
-])dnl _PKG_CONFIG
-
-dnl _PKG_SHORT_ERRORS_SUPPORTED
-dnl ---------------------------
-dnl Internal check to see if pkg-config supports short errors.
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi[]dnl
-])dnl _PKG_SHORT_ERRORS_SUPPORTED
-
-
-dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl --------------------------------------------------------------
-dnl Since: 0.4.0
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
-dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
-        AC_MSG_RESULT([no])
-        _PKG_SHORT_ERRORS_SUPPORTED
-        if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
-	m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
-        ])
-elif test $pkg_failed = untried; then
-        AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
-        ])
-else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-        AC_MSG_RESULT([yes])
-	$3
-fi[]dnl
-])dnl PKG_CHECK_MODULES
-
-
-dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl ---------------------------------------------------------------------
-dnl Since: 0.29
-dnl
-dnl Checks for existence of MODULES and gathers its build flags with
-dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
-dnl and VARIABLE-PREFIX_LIBS from --libs.
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
-dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
-dnl configure.ac.
-AC_DEFUN([PKG_CHECK_MODULES_STATIC],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])dnl PKG_CHECK_MODULES_STATIC
-
-
-dnl PKG_INSTALLDIR([DIRECTORY])
-dnl -------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable pkgconfigdir as the location where a module
-dnl should install pkg-config .pc files. By default the directory is
-dnl $libdir/pkgconfig, but the default can be changed by passing
-dnl DIRECTORY. The user can override through the --with-pkgconfigdir
-dnl parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
-    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
-    [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_INSTALLDIR
-
-
-dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
-dnl --------------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable noarch_pkgconfigdir as the location where a
-dnl module should install arch-independent pkg-config .pc files. By
-dnl default the directory is $datadir/pkgconfig, but the default can be
-dnl changed by passing DIRECTORY. The user can override through the
-dnl --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
-    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
-    [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_NOARCH_INSTALLDIR
-
-
-dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------
-dnl Since: 0.28
-dnl
-dnl Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])dnl PKG_CHECK_VAR
-
-# AM_CONDITIONAL                                            -*- Autoconf -*-
-
-# Copyright (C) 1997-2018 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_CONDITIONAL(NAME, SHELL-CONDITION)
-# -------------------------------------
-# Define a conditional.
-AC_DEFUN([AM_CONDITIONAL],
-[AC_PREREQ([2.52])dnl
- m4_if([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
-       [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
-AC_SUBST([$1_TRUE])dnl
-AC_SUBST([$1_FALSE])dnl
-_AM_SUBST_NOTMAKE([$1_TRUE])dnl
-_AM_SUBST_NOTMAKE([$1_FALSE])dnl
-m4_define([_AM_COND_VALUE_$1], [$2])dnl
-if $2; then
-  $1_TRUE=
-  $1_FALSE='#'
-else
-  $1_TRUE='#'
-  $1_FALSE=
-fi
-AC_CONFIG_COMMANDS_PRE(
-[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
-  AC_MSG_ERROR([[conditional "$1" was never defined.
-Usually this means the macro was only invoked conditionally.]])
-fi])])
-
-# Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
-# From Jim Meyering
-
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# AM_MAINTAINER_MODE([DEFAULT-MODE])
-# ----------------------------------
-# Control maintainer-specific portions of Makefiles.
-# Default is to disable them, unless 'enable' is passed literally.
-# For symmetry, 'disable' may be passed as well.  Anyway, the user
-# can override the default with the --enable/--disable switch.
-AC_DEFUN([AM_MAINTAINER_MODE],
-[m4_case(m4_default([$1], [disable]),
-       [enable], [m4_define([am_maintainer_other], [disable])],
-       [disable], [m4_define([am_maintainer_other], [enable])],
-       [m4_define([am_maintainer_other], [enable])
-        m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
-AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
-  dnl maintainer-mode's default is 'disable' unless 'enable' is passed
-  AC_ARG_ENABLE([maintainer-mode],
-    [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode],
-      am_maintainer_other[ make rules and dependencies not useful
-      (and sometimes confusing) to the casual installer])],
-    [USE_MAINTAINER_MODE=$enableval],
-    [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
-  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
-  AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
-  MAINT=$MAINTAINER_MODE_TRUE
-  AC_SUBST([MAINT])dnl
-]
-)
-
-# Copyright (C) 2006-2018 Free Software Foundation, Inc.
-#
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# _AM_SUBST_NOTMAKE(VARIABLE)
-# ---------------------------
-# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
-# This macro is traced by Automake.
-AC_DEFUN([_AM_SUBST_NOTMAKE])
-
-# AM_SUBST_NOTMAKE(VARIABLE)
-# --------------------------
-# Public sister of _AM_SUBST_NOTMAKE.
-AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
-
-m4_include([m4/ax_check_compile_flag.m4])
-m4_include([m4/ax_check_openssl.m4])
-m4_include([m4/ax_posix_shell.m4])
-m4_include([m4/ax_pthread.m4])
-m4_include([m4/ax_restore_flags.m4])
-m4_include([m4/ax_save_flags.m4])
-m4_include([m4/libtool.m4])
-m4_include([m4/ltoptions.m4])
-m4_include([m4/ltsugar.m4])
-m4_include([m4/ltversion.m4])
-m4_include([m4/lt~obsolete.m4])
+Help can also often be found on the BIND Users mailing list
+(https://lists.isc.org/mailman/listinfo/bind-users) or in the #bind
+channel of the Freenode IRC service.]])

autogen.sh

@@ -10,4 +10,4 @@
 # information regarding copyright ownership.
 
 # Run this script after modifying configure.in to generate configure
-autoreconf -f -i
+autoreconf -i

bin/Makefile.in

@@ -12,7 +12,7 @@ VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
 SUBDIRS =	named rndc dig delv dnssec tools nsupdate check confgen \
-		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
+		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/Makefile.in

@@ -16,16 +16,15 @@ VERSION=@BIND9_VERSION@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${ISC_INCLUDES} \
-		${OPENSSL_CFLAGS}
+		${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
+CDEFINES = 	@CRYPTO@ -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 NSLIBS =	../../lib/ns/libns.@A@
 
@@ -67,7 +66,7 @@ named-checkzone.@O@: named-checkzone.c
 named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
 		${NSDEPENDLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
 	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
-	export LIBS0="${BIND9LIBS} ${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
+	export LIBS0="${NSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
 	${FINALBUILDCMD}
 
 named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} \
@@ -89,12 +88,12 @@ install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
 
 uninstall::
 	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
-	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
 	rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@

bin/check/check-tool.c

@@ -9,12 +9,13 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
-#include <stdbool.h>
+#include <config.h>
+
 #include <stdio.h>
-#include <inttypes.h>
 
 #ifdef _WIN32
 #include <Winsock2.h>
@@ -60,6 +61,14 @@
 #define CHECK_LOCAL 1
 #endif
 
+#ifdef HAVE_ADDRINFO
+#ifdef HAVE_GETADDRINFO
+#ifdef HAVE_GAISTRERROR
+#define USE_GETADDRINFO
+#endif
+#endif
+#endif
+
 #define CHECK(r) \
 	do { \
 		result = (r); \
@@ -80,27 +89,28 @@ static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
 const char *journal = NULL;
-bool nomerge = true;
+isc_boolean_t nomerge = ISC_TRUE;
 #if CHECK_LOCAL
-bool docheckmx = true;
-bool dochecksrv = true;
-bool docheckns = true;
+isc_boolean_t docheckmx = ISC_TRUE;
+isc_boolean_t dochecksrv = ISC_TRUE;
+isc_boolean_t docheckns = ISC_TRUE;
 #else
-bool docheckmx = false;
-bool dochecksrv = false;
-bool docheckns = false;
+isc_boolean_t docheckmx = ISC_FALSE;
+isc_boolean_t dochecksrv = ISC_FALSE;
+isc_boolean_t docheckns = ISC_FALSE;
 #endif
-dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
-			     DNS_ZONEOPT_CHECKMX |
-			     DNS_ZONEOPT_MANYERRORS |
-			     DNS_ZONEOPT_CHECKNAMES |
-			     DNS_ZONEOPT_CHECKINTEGRITY |
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
+			    DNS_ZONEOPT_CHECKMX |
+			    DNS_ZONEOPT_MANYERRORS |
+			    DNS_ZONEOPT_CHECKNAMES |
+			    DNS_ZONEOPT_CHECKINTEGRITY |
 #if CHECK_SIBLING
-			     DNS_ZONEOPT_CHECKSIBLING |
+			    DNS_ZONEOPT_CHECKSIBLING |
 #endif
-			     DNS_ZONEOPT_CHECKWILDCARD |
-			     DNS_ZONEOPT_WARNMXCNAME |
-			     DNS_ZONEOPT_WARNSRVCNAME;
+			    DNS_ZONEOPT_CHECKWILDCARD |
+			    DNS_ZONEOPT_WARNMXCNAME |
+			    DNS_ZONEOPT_WARNSRVCNAME;
+unsigned int zone_options2 = 0;
 
 /*
  * This needs to match the list in bin/named/log.c.
@@ -134,12 +144,14 @@ add(char *key, int value) {
 
 	if (symtab == NULL) {
 		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   false, &symtab);
+					   ISC_FALSE, &symtab);
 		if (result != ISC_R_SUCCESS)
 			return;
 	}
 
 	key = isc_mem_strdup(sym_mctx, key);
+	if (key == NULL)
+		return;
 
 	symvalue.as_pointer = NULL;
 	result = isc_symtab_define(symtab, key, value, symvalue,
@@ -148,31 +160,32 @@ add(char *key, int value) {
 		isc_mem_free(sym_mctx, key);
 }
 
-static bool
+static isc_boolean_t
 logged(char *key, int value) {
 	isc_result_t result;
 
 	if (symtab == NULL)
-		return (false);
+		return (ISC_FALSE);
 
 	result = isc_symtab_lookup(symtab, key, value, NULL);
 	if (result == ISC_R_SUCCESS)
-		return (true);
-	return (false);
+		return (ISC_TRUE);
+	return (ISC_FALSE);
 }
 
-static bool
+static isc_boolean_t
 checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
 {
+#ifdef USE_GETADDRINFO
 	dns_rdataset_t *rdataset;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	struct addrinfo hints, *ai, *cur;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
-	bool answer = true;
-	bool match;
+	isc_boolean_t answer = ISC_TRUE;
+	isc_boolean_t match;
 	const char *type;
 	void *ptr = NULL;
 	int result;
@@ -221,7 +234,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 				     ownerbuf, namebuf,
 				     cur->ai_canonname);
 			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
@@ -237,7 +250,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0 */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -246,7 +259,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
 
 	/*
@@ -257,13 +270,13 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	result = dns_rdataset_first(a);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(a, &rdata);
-		match = false;
+		match = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			if (cur->ai_family != AF_INET)
 				continue;
 			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
+				match = ISC_TRUE;
 				break;
 			}
 		}
@@ -275,7 +288,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(a);
@@ -287,13 +300,13 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	result = dns_rdataset_first(aaaa);
 	while (result == ISC_R_SUCCESS) {
 		dns_rdataset_current(aaaa, &rdata);
-		match = false;
+		match = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			if (cur->ai_family != AF_INET6)
 				continue;
 			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
 			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
+				match = ISC_TRUE;
 				break;
 			}
 		}
@@ -305,7 +318,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 					       addrbuf, sizeof(addrbuf)));
 			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
-			/* answer = false; */
+			/* answer = ISC_FALSE; */
 		}
 		dns_rdata_reset(&rdata);
 		result = dns_rdataset_next(aaaa);
@@ -316,7 +329,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	 * Check that all addresses appear in the glue.
 	 */
 	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		bool missing_glue = false;
+		isc_boolean_t missing_glue = ISC_FALSE;
 		for (cur = ai; cur != NULL; cur = cur->ai_next) {
 			switch (cur->ai_family) {
 			case AF_INET:
@@ -332,7 +345,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			default:
 				 continue;
 			}
-			match = false;
+			match = ISC_FALSE;
 			if (dns_rdataset_isassociated(rdataset))
 				result = dns_rdataset_first(rdataset);
 			else
@@ -340,7 +353,7 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 			while (result == ISC_R_SUCCESS && !match) {
 				dns_rdataset_current(rdataset, &rdata);
 				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = true;
+					match = ISC_TRUE;
 				dns_rdata_reset(&rdata);
 				result = dns_rdataset_next(rdataset);
 			}
@@ -351,8 +364,8 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 					     inet_ntop(cur->ai_family, ptr,
 						       addrbuf, sizeof(addrbuf)));
 				/* XXX950 make fatal for 9.5.0. */
-				/* answer = false; */
-				missing_glue = true;
+				/* answer = ISC_FALSE; */
+				missing_glue = ISC_TRUE;
 			}
 		}
 		if (missing_glue)
@@ -360,16 +373,20 @@ checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	}
 	freeaddrinfo(ai);
 	return (answer);
+#else
+	return (ISC_TRUE);
+#endif
 }
 
-static bool
+static isc_boolean_t
 checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
 	int level = ISC_LOG_ERROR;
-	bool answer = true;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -413,7 +430,7 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 					add(namebuf, ERR_IS_MXCNAME);
 				}
 				if (level == ISC_LOG_ERROR)
-					answer = false;
+					answer = ISC_FALSE;
 			}
 		}
 		freeaddrinfo(ai);
@@ -431,7 +448,7 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0. */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -440,18 +457,22 @@ checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 			     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
+#else
+	return (ISC_TRUE);
+#endif
 }
 
-static bool
+static isc_boolean_t
 checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
+#ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
 	int level = ISC_LOG_ERROR;
-	bool answer = true;
+	isc_boolean_t answer = ISC_TRUE;
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
@@ -494,7 +515,7 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 					add(namebuf, ERR_IS_SRVCNAME);
 				}
 				if (level == ISC_LOG_ERROR)
-					answer = false;
+					answer = ISC_FALSE;
 			}
 		}
 		freeaddrinfo(ai);
@@ -512,7 +533,7 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 			add(namebuf, ERR_NO_ADDRESSES);
 		}
 		/* XXX950 make fatal for 9.5.0. */
-		return (true);
+		return (ISC_TRUE);
 
 	default:
 		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
@@ -521,8 +542,11 @@ checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 				     namebuf, gai_strerror(result));
 			add(namebuf, ERR_LOOKUP_FAILURE);
 		}
-		return (true);
+		return (ISC_TRUE);
 	}
+#else
+	return (ISC_TRUE);
+#endif
 }
 
 isc_result_t
@@ -566,7 +590,8 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	dns_rdataset_t rdataset;
 	dns_fixedname_t fname;
 	dns_name_t *name;
-	name = dns_fixedname_initname(&fname);
+	dns_fixedname_init(&fname);
+	name = dns_fixedname_name(&fname);
 	dns_rdataset_init(&rdataset);
 
 	CHECK(dns_zone_getdb(zone, &db));
@@ -628,7 +653,7 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	if (dbiter != NULL)
 		dns_dbiterator_destroy(&dbiter);
 	if (version != NULL)
-		dns_db_closeversion(db, &version, false);
+		dns_db_closeversion(db, &version, ISC_FALSE);
 	if (db != NULL)
 		dns_db_detach(&db);
 
@@ -661,12 +686,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
 	isc_buffer_add(&buffer, strlen(zonename));
-	origin = dns_fixedname_initname(&fixorigin);
+	dns_fixedname_init(&fixorigin);
+	origin = dns_fixedname_name(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
-	dns_zone_setdbtype(zone, 1, (const char * const *) dbtype);
-	CHECK(dns_zone_setfile(zone, filename, fileformat,
-			       &dns_master_style_default));
+	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
+	CHECK(dns_zone_setfile2(zone, filename, fileformat));
 	if (journal != NULL)
 		CHECK(dns_zone_setjournal(zone, journal));
 
@@ -675,7 +700,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	CHECK(dns_rdataclass_fromtext(&rdclass, &region));
 
 	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, zone_options, true);
+	dns_zone_setoption(zone, zone_options, ISC_TRUE);
+	dns_zone_setoption2(zone, zone_options2, ISC_TRUE);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
 
 	dns_zone_setmaxttl(zone, maxttl);
@@ -687,7 +713,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	if (dochecksrv)
 		dns_zone_setchecksrv(zone, checksrv);
 
-	CHECK(dns_zone_load(zone, false));
+	CHECK(dns_zone_load(zone));
 
 	/*
 	 * When loading map files we can't catch oversize TTLs during
@@ -712,7 +738,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion)
+	  const isc_uint32_t rawversion)
 {
 	isc_result_t result;
 	FILE *output = stdout;
@@ -738,8 +764,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 		}
 	}
 
-	result = dns_zone_dumptostream(zone, output, fileformat, style,
-				       rawversion);
+	result = dns_zone_dumptostream3(zone, output, fileformat, style,
+					rawversion);
 	if (output != stdout)
 		(void)isc_stdio_close(output);
 
@@ -767,3 +793,4 @@ DestroySockets(void) {
 	WSACleanup();
 }
 #endif
+

bin/check/check-tool.h

@@ -9,22 +9,19 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
 
 /*! \file */
 
-#include <inttypes.h>
-#include <stdbool.h>
-
 #include <isc/lang.h>
 #include <isc/stdio.h>
 #include <isc/types.h>
 
 #include <dns/masterdump.h>
 #include <dns/types.h>
-#include <dns/zone.h>
 
 ISC_LANG_BEGINDECLS
 
@@ -39,7 +36,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion);
+	  const isc_uint32_t rawversion);
 
 #ifdef _WIN32
 void InitSockets(void);
@@ -48,11 +45,12 @@ void DestroySockets(void);
 
 extern int debug;
 extern const char *journal;
-extern bool nomerge;
-extern bool docheckmx;
-extern bool docheckns;
-extern bool dochecksrv;
-extern dns_zoneopt_t zone_options;
+extern isc_boolean_t nomerge;
+extern isc_boolean_t docheckmx;
+extern isc_boolean_t docheckns;
+extern isc_boolean_t dochecksrv;
+extern unsigned int zone_options;
+extern unsigned int zone_options2;
 
 ISC_LANG_ENDDECLS
 

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 named-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP \w'\fBnamed\-checkconf\fR\ 'u
-\fBnamed\-checkconf\fR [\fB\-chjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
+\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
@@ -79,18 +79,6 @@ When loading a zonefile read the journal if it exists\&.
 List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
 .RE
 .PP
-\-c
-.RS 4
-Check "core" configuration only\&. This suppresses the loading of plugin modules, and causes all parameters to
-\fBplugin\fR
-statements to be ignored\&.
-.RE
-.PP
-\-i
-.RS 4
-Ignore warnings on deprecated options\&.
-.RE
-.PP
 \-p
 .RS 4
 Print out the
@@ -148,5 +136,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkconf.c

@@ -9,16 +9,19 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
+#include <config.h>
+
 #include <errno.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdio.h>
 
 #include <isc/commandline.h>
 #include <isc/dir.h>
+#include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -28,7 +31,6 @@
 #include <isc/util.h>
 
 #include <isccfg/namedconf.h>
-#include <isccfg/grammar.h>
 
 #include <bind9/check.h>
 
@@ -45,8 +47,6 @@
 
 static const char *program = "named-checkconf";
 
-static bool loadplugins = true;
-
 isc_log_t *logc = NULL;
 
 #define CHECK(r)\
@@ -62,7 +62,7 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-chijlvz] [-p [-x]] [-t directory] "
+	fprintf(stderr, "usage: %s [-hjlvz] [-p [-x]] [-t directory] "
 		"[named.conf]\n", program);
 	exit(1);
 }
@@ -93,18 +93,18 @@ directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	return (ISC_R_SUCCESS);
 }
 
-static bool
+static isc_boolean_t
 get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
 	int i;
 	for (i = 0;; i++) {
 		if (maps[i] == NULL)
-			return (false);
+			return (ISC_FALSE);
 		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (true);
+			return (ISC_TRUE);
 	}
 }
 
-static bool
+static isc_boolean_t
 get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 	const cfg_listelt_t *element;
 	const cfg_obj_t *checknames;
@@ -115,14 +115,14 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 
 	for (i = 0;; i++) {
 		if (maps[i] == NULL)
-			return (false);
+			return (ISC_FALSE);
 		checknames = NULL;
 		result = cfg_map_get(maps[i], "check-names", &checknames);
 		if (result != ISC_R_SUCCESS)
 			continue;
 		if (checknames != NULL && !cfg_obj_islist(checknames)) {
 			*obj = checknames;
-			return (true);
+			return (ISC_TRUE);
 		}
 		for (element = cfg_list_first(checknames);
 		     element != NULL;
@@ -137,7 +137,7 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 				continue;
 			}
 			*obj = cfg_tuple_get(value, "mode");
-			return (true);
+			return (ISC_TRUE);
 		}
 	}
 }
@@ -170,7 +170,7 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 static isc_result_t
 configure_zone(const char *vclass, const char *view,
 	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
-	       const cfg_obj_t *config, isc_mem_t *mctx, bool list)
+	       const cfg_obj_t *config, isc_mem_t *mctx, isc_boolean_t list)
 {
 	int i = 0;
 	isc_result_t result;
@@ -283,10 +283,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
 			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
 		zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
@@ -303,10 +301,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKMX;
 			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKMX;
 		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
@@ -332,10 +328,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
 			zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_WARNMXCNAME;
 		zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
@@ -352,10 +346,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
 			zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
 		zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
@@ -375,10 +367,8 @@ configure_zone(const char *vclass, const char *view,
 			zone_options |= DNS_ZONEOPT_CHECKSPF;
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 		zone_options |= DNS_ZONEOPT_CHECKSPF;
 	}
@@ -394,10 +384,8 @@ configure_zone(const char *vclass, const char *view,
 		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
 			zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
 			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else {
+		} else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	} else {
 	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
 	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
@@ -407,22 +395,20 @@ configure_zone(const char *vclass, const char *view,
 	fmtobj = NULL;
 	if (get_maps(maps, "masterfile-format", &fmtobj)) {
 		const char *masterformatstr = cfg_obj_asstring(fmtobj);
-		if (strcasecmp(masterformatstr, "text") == 0) {
+		if (strcasecmp(masterformatstr, "text") == 0)
 			masterformat = dns_masterformat_text;
-		} else if (strcasecmp(masterformatstr, "raw") == 0) {
+		else if (strcasecmp(masterformatstr, "raw") == 0)
 			masterformat = dns_masterformat_raw;
-		} else if (strcasecmp(masterformatstr, "map") == 0) {
+		else if (strcasecmp(masterformatstr, "map") == 0)
 			masterformat = dns_masterformat_map;
-		} else {
+		else
 			INSIST(0);
-			ISC_UNREACHABLE();
-		}
 	}
 
 	obj = NULL;
 	if (get_maps(maps, "max-zone-ttl", &obj)) {
 		maxttl = cfg_obj_asuint32(obj);
-		zone_options |= DNS_ZONEOPT_CHECKTTL;
+		zone_options2 |= DNS_ZONEOPT2_CHECKTTL;
 	}
 
 	result = load_zone(mctx, zname, zfile, masterformat,
@@ -436,7 +422,7 @@ configure_zone(const char *vclass, const char *view,
 /*% configure a view */
 static isc_result_t
 configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list)
+	       const cfg_obj_t *vconfig, isc_mem_t *mctx, isc_boolean_t list)
 {
 	const cfg_listelt_t *element;
 	const cfg_obj_t *voptions;
@@ -485,7 +471,7 @@ config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 /*% load zones from the configuration */
 static isc_result_t
 load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
-		      bool list_zones)
+		      isc_boolean_t list_zones)
 {
 	const cfg_listelt_t *element;
 	const cfg_obj_t *views;
@@ -553,18 +539,18 @@ main(int argc, char **argv) {
 	isc_mem_t *mctx = NULL;
 	isc_result_t result;
 	int exit_status = 0;
-	bool load_zones = false;
-	bool list_zones = false;
-	bool print = false;
-	bool nodeprecate = false;
+	isc_entropy_t *ectx = NULL;
+	isc_boolean_t load_zones = ISC_FALSE;
+	isc_boolean_t list_zones = ISC_FALSE;
+	isc_boolean_t print = ISC_FALSE;
 	unsigned int flags = 0;
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	/*
 	 * Process memory debugging argument first.
 	 */
-#define CMDLINE_FLAGS "cdhijlm:t:pvxz"
+#define CMDLINE_FLAGS "dhjlm:t:pvxz"
 	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 		switch (c) {
 		case 'm':
@@ -583,30 +569,22 @@ main(int argc, char **argv) {
 			break;
 		}
 	}
-	isc_commandline_reset = true;
+	isc_commandline_reset = ISC_TRUE;
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
 	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != EOF) {
 		switch (c) {
-		case 'c':
-			loadplugins = false;
-			break;
-
 		case 'd':
 			debug++;
 			break;
 
-		case 'i':
-			nodeprecate = true;
-			break;
-
 		case 'j':
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'l':
-			list_zones = true;
+			list_zones = ISC_TRUE;
 			break;
 
 		case 'm':
@@ -622,7 +600,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'p':
-			print = true;
+			print = ISC_TRUE;
 			break;
 
 		case 'v':
@@ -634,10 +612,10 @@ main(int argc, char **argv) {
 			break;
 
 		case 'z':
-			load_zones = true;
-			docheckmx = false;
-			docheckns = false;
-			dochecksrv = false;
+			load_zones = ISC_TRUE;
+			docheckmx = ISC_FALSE;
+			docheckns = ISC_FALSE;
+			dochecksrv = ISC_FALSE;
 			break;
 
 		case '?':
@@ -677,25 +655,23 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
 
+	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+		      == ISC_R_SUCCESS);
+
 	dns_result_register();
 
 	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
 
-	if (nodeprecate) {
-		cfg_parser_setflags(parser, CFG_PCTX_NODEPRECATED, true);
-	}
 	cfg_parser_setcallback(parser, directory_callback, NULL);
 
 	if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
 	    ISC_R_SUCCESS)
-	{
 		exit(1);
-	}
 
-	result = bind9_check_namedconf(config, loadplugins, logc, mctx);
-	if (result != ISC_R_SUCCESS) {
+	result = bind9_check_namedconf(config, logc, mctx);
+	if (result != ISC_R_SUCCESS)
 		exit_status = 1;
-	}
 
 	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
 		result = load_zones_fromconfig(config, mctx, list_zones);
@@ -713,6 +689,9 @@ main(int argc, char **argv) {
 
 	isc_log_destroy(&logc);
 
+	isc_hash_destroy();
+	isc_entropy_detach(&ectx);
+
 	isc_mem_destroy(&mctx);
 
 #ifdef _WIN32

bin/check/named-checkconf.docbook

@@ -40,7 +40,6 @@
       <year>2015</year>
       <year>2016</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -53,7 +52,7 @@
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>named-checkconf</command>
-      <arg choice="opt" rep="norepeat"><option>-chjlvz</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-hjlvz</option></arg>
       <arg choice="opt" rep="norepeat"><option>-p</option>
 	<arg choice="opt" rep="norepeat"><option>-x</option>
       </arg></arg>
@@ -115,26 +114,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-c</term>
-        <listitem>
-          <para>
-	    Check "core" configuration only. This suppresses the loading
-	    of plugin modules, and causes all parameters to
-	    <command>plugin</command> statements to be ignored.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i</term>
-        <listitem>
-          <para>
-	    Ignore warnings on deprecated options.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-p</term>
         <listitem>

bin/check/named-checkconf.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -33,7 +33,7 @@
 <h2>Synopsis</h2>
     <div class="cmdsynopsis"><p>
       <code class="command">named-checkconf</code> 
-       [<code class="option">-chjlvz</code>]
+       [<code class="option">-hjlvz</code>]
        [<code class="option">-p</code>
 	 [<code class="option">-x</code>
       ]]
@@ -88,20 +88,6 @@
             (e.g. master or slave).
           </p>
         </dd>
-<dt><span class="term">-c</span></dt>
-<dd>
-          <p>
-	    Check "core" configuration only. This suppresses the loading
-	    of plugin modules, and causes all parameters to
-	    <span class="command"><strong>plugin</strong></span> statements to be ignored.
-          </p>
-        </dd>
-<dt><span class="term">-i</span></dt>
-<dd>
-          <p>
-	    Ignore warnings on deprecated options.
-          </p>
-        </dd>
 <dt><span class="term">-p</span></dt>
 <dd>
           <p>

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkzone.c

@@ -9,16 +9,18 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: named-checkzone.c,v 1.65.32.2 2012/02/07 02:45:21 each Exp $ */
 
 /*! \file */
 
-#include <stdbool.h>
+#include <config.h>
+
 #include <stdlib.h>
-#include <inttypes.h>
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
+#include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -45,6 +47,7 @@
 
 static int quiet = 0;
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 dns_zone_t *zone = NULL;
 dns_zonetype_t zonetype = dns_zone_master;
 static int dumpzone = 0;
@@ -106,10 +109,10 @@ main(int argc, char **argv) {
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
 	dns_masterrawheader_t header;
-	uint32_t rawversion = 1, serialnum = 0;
+	isc_uint32_t rawversion = 1, serialnum = 0;
 	dns_ttl_t maxttl = 0;
-	bool snset = false;
-	bool logdump = false;
+	isc_boolean_t snset = ISC_FALSE;
+	isc_boolean_t logdump = ISC_FALSE;
 	FILE *errout = stdout;
 	char *endp;
 
@@ -137,14 +140,12 @@ main(int argc, char **argv) {
 #define PROGCMP(X) \
 	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
 
-	if (PROGCMP("named-checkzone")) {
+	if (PROGCMP("named-checkzone"))
 		progmode = progmode_check;
-	} else if (PROGCMP("named-compilezone")) {
+	else if (PROGCMP("named-compilezone"))
 		progmode = progmode_compile;
-	} else {
+	else
 		INSIST(0);
-		ISC_UNREACHABLE();
-	}
 
 	/* Compilation specific defaults */
 	if (progmode == progmode_compile) {
@@ -161,7 +162,7 @@ main(int argc, char **argv) {
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv,
 			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
@@ -179,33 +180,33 @@ main(int argc, char **argv) {
 			if (ARGCMP("full")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
 						DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
 			} else if (ARGCMP("full-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
+				docheckmx = ISC_TRUE;
+				docheckns = ISC_TRUE;
+				dochecksrv = ISC_TRUE;
 			} else if (ARGCMP("local")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else if (ARGCMP("local-sibling")) {
 				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else if (ARGCMP("none")) {
 				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
 				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
+				docheckmx = ISC_FALSE;
+				docheckns = ISC_FALSE;
+				dochecksrv = ISC_FALSE;
 			} else {
 				fprintf(stderr, "invalid argument to -i: %s\n",
 					isc_commandline_argument);
@@ -222,12 +223,12 @@ main(int argc, char **argv) {
 			break;
 
 		case 'j':
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'J':
 			journal = isc_commandline_argument;
-			nomerge = false;
+			nomerge = ISC_FALSE;
 			break;
 
 		case 'k':
@@ -248,7 +249,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'L':
-			snset = true;
+			snset = ISC_TRUE;
 			endp = NULL;
 			serialnum = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0') {
@@ -259,7 +260,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'l':
-			zone_options |= DNS_ZONEOPT_CHECKTTL;
+			zone_options2 |= DNS_ZONEOPT2_CHECKTTL;
 			endp = NULL;
 			maxttl = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0') {
@@ -507,7 +508,7 @@ main(int argc, char **argv) {
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
 	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
-		logdump = false;
+		logdump = ISC_FALSE;
 	}
 
 	if (isc_commandline_index + 2 != argc)
@@ -521,6 +522,9 @@ main(int argc, char **argv) {
 	if (!quiet)
 		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
 			      == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+		      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
@@ -552,6 +556,8 @@ main(int argc, char **argv) {
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);
+	isc_hash_destroy();
+	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
 #ifdef _WIN32
 	DestroySockets();

bin/check/named-checkzone.docbook

@@ -43,7 +43,6 @@
       <year>2015</year>
       <year>2016</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>

bin/check/named-checkzone.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this

bin/check/win32/checkconf.vcxproj.in

@@ -55,14 +55,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -71,7 +70,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -82,7 +81,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -90,7 +89,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -101,7 +99,7 @@
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
   </ItemDefinitionGroup>

bin/check/win32/checkconf.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/check/win32/checktool.vcxproj.in

@@ -58,14 +58,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -81,7 +80,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -89,7 +88,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>

bin/check/win32/checktool.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/check/win32/checkzone.vcxproj.in

@@ -55,14 +55,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -71,7 +70,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -88,7 +87,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -96,7 +95,6 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -107,7 +105,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
     <PostBuildEvent>

bin/check/win32/checkzone.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/confgen/Makefile.in

@@ -27,9 +27,9 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@

bin/confgen/ddns-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 ddns-confgen \- ddns key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBtsig\-keygen\fR\ 'u
-\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [name]
+\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [name]
 .HP \w'\fBddns\-confgen\fR\ 'u
 \fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-q\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR]
 .SH "DESCRIPTION"
@@ -109,6 +109,17 @@ only\&.) Quiet mode: Print only the key, with no explanatory text or usage examp
 \fBtsig\-keygen\fR\&.
 .RE
 .PP
+\-r \fIrandomfile\fR
+.RS 4
+Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
+.RE
+.PP
 \-s \fIname\fR
 .RS 4
 (\fBddns\-confgen\fR
@@ -144,5 +155,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -17,15 +17,18 @@
  * and the corresponding key and update-policy statements in named.conf.
  */
 
-#include <stdarg.h>
-#include <stdbool.h>
+#include <config.h>
+
 #include <stdlib.h>
+#include <stdarg.h>
 
 #include <isc/assertions.h>
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/file.h>
+#include <isc/keyboard.h>
 #include <isc/mem.h>
 #include <isc/net.h>
 #include <isc/print.h>
@@ -34,7 +37,7 @@
 #include <isc/time.h>
 #include <isc/util.h>
 
-#if USE_PKCS11
+#ifdef PKCS11CRYPTO
 #include <pk11/result.h>
 #endif
 
@@ -54,7 +57,7 @@
 static char program[256];
 const char *progname;
 static enum { progmode_keygen, progmode_confgen} progmode;
-bool verbose = false; /* needed by util.c but not used here */
+isc_boolean_t verbose = ISC_FALSE; /* needed by util.c but not used here */
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(int status) ISC_PLATFORM_NORETURN_POST;
@@ -64,9 +67,10 @@ usage(int status) {
 	if (progmode == progmode_confgen) {
 		fprintf(stderr, "\
 Usage:\n\
- %s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
+ %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
   -a alg:        algorithm (default hmac-sha256)\n\
   -k keyname:    name of the key as it will be used in named.conf\n\
+  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
   -s name:       domain name to be updated using the created key\n\
   -z zone:       name of the zone as it will be used in named.conf\n\
   -q:            quiet mode: print the key, with no explanatory text\n",
@@ -74,8 +78,9 @@ Usage:\n\
 	} else {
 		fprintf(stderr, "\
 Usage:\n\
- %s [-a alg] [keyname]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\n",
+ %s [-a alg] [-r randomfile] [keyname]\n\
+  -a alg:        algorithm (default hmac-sha256)\n\
+  -r randomfile: source of random data (use \"keyboard\" for key timing)\n",
 			 progname);
 	}
 
@@ -85,11 +90,12 @@ Usage:\n\
 int
 main(int argc, char **argv) {
 	isc_result_t result = ISC_R_SUCCESS;
-	bool show_final_mem = false;
-	bool quiet = false;
+	isc_boolean_t show_final_mem = ISC_FALSE;
+	isc_boolean_t quiet = ISC_FALSE;
 	isc_buffer_t key_txtbuffer;
 	char key_txtsecret[256];
 	isc_mem_t *mctx = NULL;
+	const char *randomfile = NULL;
 	const char *keyname = NULL;
 	const char *zone = NULL;
 	const char *self_domain = NULL;
@@ -100,7 +106,7 @@ main(int argc, char **argv) {
 	int len = 0;
 	int ch;
 
-#if USE_PKCS11
+#ifdef PKCS11CRYPTO
 	pk11_result_register();
 #endif
 	dns_result_register();
@@ -122,15 +128,13 @@ main(int argc, char **argv) {
 
 	if (PROGCMP("tsig-keygen")) {
 		progmode = progmode_keygen;
-		quiet = true;
-	} else if (PROGCMP("ddns-confgen")) {
+		quiet = ISC_TRUE;
+	} else if (PROGCMP("ddns-confgen"))
 		progmode = progmode_confgen;
-	} else {
+	else
 		INSIST(0);
-		ISC_UNREACHABLE();
-	}
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((ch = isc_commandline_parse(argc, argv,
 					   "a:hk:Mmr:qs:y:z:")) != -1) {
@@ -155,16 +159,16 @@ main(int argc, char **argv) {
 			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
 			break;
 		case 'm':
-			show_final_mem = true;
+			show_final_mem = ISC_TRUE;
 			break;
 		case 'q':
 			if (progmode == progmode_confgen)
-				quiet = true;
+				quiet = ISC_TRUE;
 			else
 				usage(1);
 			break;
 		case 'r':
-			fatal("The -r option has been deprecated.");
+			randomfile = isc_commandline_argument;
 			break;
 		case 's':
 			if (progmode == progmode_confgen)
@@ -222,6 +226,8 @@ main(int argc, char **argv) {
 		if (suffix != NULL) {
 			len = strlen(keyname) + strlen(suffix) + 2;
 			keybuf = isc_mem_get(mctx, len);
+			if (keybuf == NULL)
+				fatal("failed to allocate memory for keyname");
 			snprintf(keybuf, len, "%s.%s", keyname, suffix);
 			keyname = (const char *) keybuf;
 		}
@@ -229,7 +235,7 @@ main(int argc, char **argv) {
 
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
-	generate_key(mctx, alg, keysize, &key_txtbuffer);
+	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
 
 
 	if (!quiet)

bin/confgen/ddns-confgen.docbook

@@ -37,7 +37,6 @@
       <year>2015</year>
       <year>2016</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -47,6 +46,7 @@
       <command>tsig-keygen</command>
       <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat">name</arg>
     </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
@@ -157,6 +157,23 @@
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
+	<listitem>
+	  <para>
+            Specifies a source of random data for generating the
+            authorization.  If the operating system does not provide a
+            <filename>/dev/random</filename> or equivalent device, the
+            default source of randomness is keyboard input.
+            <filename>randomdev</filename> specifies the name of a
+            character device or file containing random data to be used
+            instead of the default.  The special value
+            <filename>keyboard</filename> indicates that keyboard input
+            should be used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-s <replaceable class="parameter">name</replaceable></term>
 	<listitem>

bin/confgen/ddns-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -35,6 +35,7 @@
       <code class="command">tsig-keygen</code> 
        [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
        [<code class="option">-h</code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [name]
     </p></div>
     <div class="cmdsynopsis"><p>
@@ -135,6 +136,20 @@
             This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
 	  </p>
 	</dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
+<dd>
+	  <p>
+            Specifies a source of random data for generating the
+            authorization.  If the operating system does not provide a
+            <code class="filename">/dev/random</code> or equivalent device, the
+            default source of randomness is keyboard input.
+            <code class="filename">randomdev</code> specifies the name of a
+            character device or file containing random data to be used
+            instead of the default.  The special value
+            <code class="filename">keyboard</code> indicates that keyboard input
+            should be used.
+	  </p>
+	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
 <dd>
 	  <p>

bin/confgen/include/confgen/os.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/keygen.c

@@ -9,15 +9,20 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
 
 /*! \file */
 
+#include <config.h>
+
 #include <stdlib.h>
 #include <stdarg.h>
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
+#include <isc/entropy.h>
 #include <isc/file.h>
+#include <isc/keyboard.h>
 #include <isc/mem.h>
 #include <isc/print.h>
 #include <isc/result.h>
@@ -40,8 +45,10 @@
 const char *
 alg_totext(dns_secalg_t alg) {
 	switch (alg) {
+#ifndef PK11_MD5_DISABLE
 	    case DST_ALG_HMACMD5:
 		return "hmac-md5";
+#endif
 	    case DST_ALG_HMACSHA1:
 		return "hmac-sha1";
 	    case DST_ALG_HMACSHA224:
@@ -66,8 +73,10 @@ alg_fromtext(const char *name) {
 	if (strncasecmp(p, "hmac-", 5) == 0)
 		p = &name[5];
 
+#ifndef PK11_MD5_DISABLE
 	if (strcasecmp(p, "md5") == 0)
 		return DST_ALG_HMACMD5;
+#endif
 	if (strcasecmp(p, "sha1") == 0)
 		return DST_ALG_HMACSHA1;
 	if (strcasecmp(p, "sha224") == 0)
@@ -105,19 +114,26 @@ alg_bits(dns_secalg_t alg) {
 }
 
 /*%
- * Generate a key of size 'keysize' and place it in 'key_txtbuffer'
+ * Generate a key of size 'keysize' using entropy source 'randomfile',
+ * and place it in 'key_txtbuffer'
  */
 void
-generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-	     isc_buffer_t *key_txtbuffer) {
+generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
+	     int keysize, isc_buffer_t *key_txtbuffer) {
 	isc_result_t result = ISC_R_SUCCESS;
+	isc_entropysource_t *entropy_source = NULL;
+	int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
+	int entropy_flags = 0;
+	isc_entropy_t *ectx = NULL;
 	isc_buffer_t key_rawbuffer;
 	isc_region_t key_rawregion;
 	char key_rawsecret[64];
 	dst_key_t *key = NULL;
 
 	switch (alg) {
+#ifndef PK11_MD5_DISABLE
 	    case DST_ALG_HMACMD5:
+#endif
 	    case DST_ALG_HMACSHA1:
 	    case DST_ALG_HMACSHA224:
 	    case DST_ALG_HMACSHA256:
@@ -135,12 +151,31 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 		fatal("unsupported algorithm %d\n", alg);
 	}
 
-	DO("initialize dst library", dst_lib_init(mctx, NULL));
+
+	DO("create entropy context", isc_entropy_create(mctx, &ectx));
+
+#ifdef ISC_PLATFORM_CRYPTORANDOM
+	if (randomfile == NULL) {
+		isc_entropy_usehook(ectx, ISC_TRUE);
+	}
+#endif
+	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
+		randomfile = NULL;
+		open_keyboard = ISC_ENTROPY_KEYBOARDYES;
+	}
+	DO("start entropy source", isc_entropy_usebestsource(ectx,
+							     &entropy_source,
+							     randomfile,
+							     open_keyboard));
+
+	entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
+
+	DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
 
 	DO("generate key", dst_key_generate(dns_rootname, alg,
-					    keysize, 0, 0, DNS_KEYPROTO_ANY,
-					    dns_rdataclass_in, mctx, &key,
-					    NULL));
+					    keysize, 0, 0,
+					    DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key));
 
 	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
 
@@ -151,9 +186,17 @@ generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
 	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
 						     key_txtbuffer));
 
+	/*
+	 * Shut down the entropy source now so the "stop typing" message
+	 * does not muck with the output.
+	 */
+	if (entropy_source != NULL)
+		isc_entropy_destroysource(&entropy_source);
+
 	if (key != NULL)
 		dst_key_free(&key);
 
+	isc_entropy_detach(&ectx);
 	dst_lib_destroy();
 }
 
@@ -189,3 +232,4 @@ write_key_file(const char *keyfile, const char *user,
 		fatal("fclose(%s) failed\n", keyfile);
 	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
 }
+

bin/confgen/keygen.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1
@@ -19,8 +20,8 @@
 
 ISC_LANG_BEGINDECLS
 
-void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-		  isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
+		  int keysize, isc_buffer_t *key_txtbuffer);
 
 void write_key_file(const char *keyfile, const char *user,
 		    const char *keyname, isc_buffer_t *secret,

bin/confgen/rndc-confgen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 rndc-confgen \- rndc key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBrndc\-confgen\fR\ 'u
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
 .SH "DESCRIPTION"
 .PP
 \fBrndc\-confgen\fR
@@ -147,6 +147,17 @@ listens for connections from
 \fBrndc\fR\&. The default is 953\&.
 .RE
 .PP
+\-r \fIrandomfile\fR
+.RS 4
+Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
+/dev/random
+or equivalent device, the default source of randomness is keyboard input\&.
+randomdev
+specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
+keyboard
+indicates that keyboard input should be used\&.
+.RE
+.PP
 \-s \fIaddress\fR
 .RS 4
 Specifies the IP address where
@@ -206,5 +217,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/rndc-confgen.c

@@ -20,15 +20,18 @@
  * controls statement altogether.
  */
 
-#include <stdarg.h>
-#include <stdbool.h>
+#include <config.h>
+
 #include <stdlib.h>
+#include <stdarg.h>
 
 #include <isc/assertions.h>
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/file.h>
+#include <isc/keyboard.h>
 #include <isc/mem.h>
 #include <isc/net.h>
 #include <isc/print.h>
@@ -55,7 +58,7 @@
 static char program[256];
 const char *progname;
 
-bool verbose = false;
+isc_boolean_t verbose = ISC_FALSE;
 
 const char *keyfile, *keydef;
 
@@ -67,7 +70,7 @@ usage(int status) {
 
 	fprintf(stderr, "\
 Usage:\n\
- %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
 [-s addr] [-t chrootdir] [-u user]\n\
   -a:		 generate just the key clause and write it to keyfile (%s)\n\
   -A alg:	 algorithm (default hmac-sha256)\n\
@@ -75,6 +78,7 @@ Usage:\n\
   -c keyfile:	 specify an alternate key file (requires -a)\n\
   -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
   -p port:	 the port named will listen on and rndc will connect to\n\
+  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
@@ -85,12 +89,13 @@ Usage:\n\
 
 int
 main(int argc, char **argv) {
-	bool show_final_mem = false;
+	isc_boolean_t show_final_mem = ISC_FALSE;
 	isc_buffer_t key_txtbuffer;
 	char key_txtsecret[256];
 	isc_mem_t *mctx = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
 	const char *keyname = NULL;
+	const char *randomfile = NULL;
 	const char *serveraddr = NULL;
 	dns_secalg_t alg;
 	const char *algname;
@@ -102,7 +107,7 @@ main(int argc, char **argv) {
 	struct in6_addr addr6_dummy;
 	char *chrootdir = NULL;
 	char *user = NULL;
-	bool keyonly = false;
+	isc_boolean_t keyonly = ISC_FALSE;
 	int len;
 
 	keydef = keyfile = RNDC_KEYFILE;
@@ -117,14 +122,14 @@ main(int argc, char **argv) {
 	serveraddr = DEFAULT_SERVER;
 	port = DEFAULT_PORT;
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 	while ((ch = isc_commandline_parse(argc, argv,
 					   "aA:b:c:hk:Mmp:r:s:t:u:Vy")) != -1)
 	{
 		switch (ch) {
 		case 'a':
-			keyonly = true;
+			keyonly = ISC_TRUE;
 			break;
 		case 'A':
 			algname = isc_commandline_argument;
@@ -151,7 +156,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'm':
-			show_final_mem = true;
+			show_final_mem = ISC_TRUE;
 			break;
 		case 'p':
 			port = strtol(isc_commandline_argument, &p, 10);
@@ -160,7 +165,7 @@ main(int argc, char **argv) {
 				      isc_commandline_argument);
 			break;
 		case 'r':
-			fatal("The -r option has been deprecated.");
+			randomfile = isc_commandline_argument;
 			break;
 		case 's':
 			serveraddr = isc_commandline_argument;
@@ -175,7 +180,7 @@ main(int argc, char **argv) {
 			user = isc_commandline_argument;
 			break;
 		case 'V':
-			verbose = true;
+			verbose = ISC_TRUE;
 			break;
 		case '?':
 			if (isc_commandline_option != '?') {
@@ -212,7 +217,7 @@ main(int argc, char **argv) {
 	DO("create memory context", isc_mem_create(0, 0, &mctx));
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
-	generate_key(mctx, alg, keysize, &key_txtbuffer);
+	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
 
 	if (keyonly) {
 		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
@@ -222,6 +227,8 @@ main(int argc, char **argv) {
 			char *buf;
 			len = strlen(chrootdir) + strlen(keyfile) + 2;
 			buf = isc_mem_get(mctx, len);
+			if (buf == NULL)
+				fatal("isc_mem_get(%d) failed\n", len);
 			snprintf(buf, len, "%s%s%s", chrootdir,
 				 (*keyfile != '/') ? "/" : "", keyfile);
 

bin/confgen/rndc-confgen.docbook

@@ -44,7 +44,6 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -59,6 +58,7 @@
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
       <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
+      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
@@ -191,6 +191,24 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-r <replaceable class="parameter">randomfile</replaceable></term>
+        <listitem>
+          <para>
+            Specifies a source of random data for generating the
+            authorization.  If the operating
+            system does not provide a <filename>/dev/random</filename>
+            or equivalent device, the default source of randomness
+            is keyboard input.  <filename>randomdev</filename>
+            specifies
+            the name of a character device or file containing random
+            data to be used instead of the default.  The special value
+            <filename>keyboard</filename> indicates that keyboard
+            input should be used.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-s <replaceable class="parameter">address</replaceable></term>
         <listitem>

bin/confgen/rndc-confgen.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -40,6 +40,7 @@
        [<code class="option">-h</code>]
        [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
        [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
        [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
@@ -153,6 +154,21 @@
             The default is 953.
           </p>
         </dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
+<dd>
+          <p>
+            Specifies a source of random data for generating the
+            authorization.  If the operating
+            system does not provide a <code class="filename">/dev/random</code>
+            or equivalent device, the default source of randomness
+            is keyboard input.  <code class="filename">randomdev</code>
+            specifies
+            the name of a character device or file containing random
+            data to be used instead of the default.  The special value
+            <code class="filename">keyboard</code> indicates that keyboard
+            input should be used.
+          </p>
+        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
 <dd>
           <p>

bin/confgen/unix/Makefile.in

@@ -7,6 +7,8 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
+# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $
+
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@

bin/confgen/unix/os.c

@@ -9,9 +9,12 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 
+#include <config.h>
+
 #include <confgen/os.h>
 
 #include <fcntl.h>

bin/confgen/util.c

@@ -9,19 +9,22 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 
+#include <config.h>
+
 #include <stdarg.h>
-#include <stdbool.h>
 #include <stdlib.h>
 #include <stdio.h>
 
+#include <isc/boolean.h>
 #include <isc/print.h>
 
 #include "util.h"
 
-extern bool verbose;
+extern isc_boolean_t verbose;
 extern const char *progname;
 
 void

bin/confgen/util.h

@@ -9,6 +9,7 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
 
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1

bin/confgen/win32/confgentool.vcxproj.in

@@ -60,7 +60,6 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -85,7 +84,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>

bin/confgen/win32/confgentool.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -62,7 +62,6 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -71,7 +70,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -96,7 +95,6 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -108,7 +106,7 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)

bin/confgen/win32/ddnsconfgen.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/confgen/win32/os.c

@@ -9,6 +9,10 @@
  * information regarding copyright ownership.
  */
 
+/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
+
+#include <config.h>
+
 #include <confgen/os.h>
 
 #include <fcntl.h>

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -62,7 +62,6 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -71,7 +70,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -90,7 +89,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -102,7 +100,7 @@
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

bin/confgen/win32/rndcconfgen.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/delv/Makefile.in

@@ -16,17 +16,16 @@ VERSION=@BIND9_VERSION@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
-		${IRS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${OPENSSL_CFLAGS}
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	-DVERSION=\"${VERSION}\" \
+CDEFINES =	@CRYPTO@ -DVERSION=\"${VERSION}\" \
 		-DSYSCONFDIR=\"${sysconfdir}\"
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@

bin/delv/delv.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -53,7 +53,7 @@ is a tool for sending DNS queries and validating the results, using the same int
 \fBnamed\fR\&.
 .PP
 \fBdelv\fR
-will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY and DS records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&.
+will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&.
 .PP
 By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by
 \fBdelv\fR
@@ -139,21 +139,21 @@ BIND
 .sp
 Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the
 \fB+root=NAME\fR
-options\&.
+options\&. DNSSEC Lookaside Validation can also be turned on by using the
+\fB+dlv=NAME\fR
+to specify the name of a zone containing DLV records\&.
 .sp
 Note: When reading the trust anchor file,
 \fBdelv\fR
 treats
-\fBdnssec\-keys\fR\fBinitial\-key\fR
-and
-\fBstatic\-key\fR
-entries identically\&. That is, even if a key is configured with
-\fBinitial\-key\fR, indicating that it is meant to be used only as an initializing key for RFC 5011 key maintenance, it is still treated by
+\fBmanaged\-keys\fR
+statements and
+\fBtrusted\-keys\fR
+statements identically\&. That is, for a managed key, it is the
+\fIinitial\fR
+key that is trusted; RFC 5011 key management is not supported\&.
 \fBdelv\fR
-as if it had been configured as a
-\fBstatic\-key\fR\&.
-\fBdelv\fR
-does not consult the managed keys database maintained by
+will not consult the managed\-keys database maintained by
 \fBnamed\fR\&. This means that if either of the keys in
 /etc/bind\&.keys
 is revoked and rolled over, it will be necessary to update
@@ -390,16 +390,25 @@ output\&. The default is to do so\&. Note that (unlike in
 control whether to request DNSSEC records or whether to validate them\&. DNSSEC records are always requested, and validation will always occur unless suppressed by the use of
 \fB\-i\fR
 or
-\fB+noroot\fR\&.
+\fB+noroot\fR
+and
+\fB+nodlv\fR\&.
 .RE
 .PP
 \fB+[no]root[=ROOT]\fR
 .RS 4
-Indicates whether to perform conventional DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then
+Indicates whether to perform conventional (non\-lookaside) DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then
 \fB\-a\fR
 must be used to specify a file containing the key\&.
 .RE
 .PP
+\fB+[no]dlv[=DLV]\fR
+.RS 4
+Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The
+\fB\-a\fR
+option must also be used to specify a file containing the DLV key\&.
+.RE
+.PP
 \fB+[no]tcp\fR
 .RS 4
 Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&.
@@ -428,5 +437,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.docbook

@@ -39,7 +39,6 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -96,7 +95,7 @@
       <command>delv</command> will send to a specified name server all
       queries needed to fetch and validate the requested data; this
       includes the original requested query, subsequent queries to follow
-      CNAME or DNAME chains, and queries for DNSKEY and DS records
+      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
       to establish a chain of trust for DNSSEC validation.
       It does not perform iterative resolution, but simulates the
       behavior of a name server configured for DNSSEC validating and
@@ -211,21 +210,21 @@
 	  <para>
 	    Keys that do not match the root zone name are ignored.
             An alternate key name can be specified using the
-	    <option>+root=NAME</option> options.
+	    <option>+root=NAME</option> options. DNSSEC Lookaside
+            Validation can also be turned on by using the
+	    <option>+dlv=NAME</option> to specify the name of a
+            zone containing DLV records.
 	  </para>
 	  <para>
 	    Note: When reading the trust anchor file,
-	    <command>delv</command> treats <option>dnssec-keys</option>
-	    <option>initial-key</option> and <option>static-key</option>
-	    entries identically.  That is, even if a key is configured
-	    with <command>initial-key</command>, indicating that it is
-	    meant to be used only as an initializing key for RFC 5011
-	    key maintenance, it is still treated by <command>delv</command>
-	    as if it had been configured as a <command>static-key</command>.
-	    <command>delv</command> does not consult the managed keys
-	    database maintained by <command>named</command>. This means
-	    that if either of the keys in
-	    <filename>/etc/bind.keys</filename> is revoked
+	    <command>delv</command> treats <option>managed-keys</option>
+	    statements and <option>trusted-keys</option> statements
+	    identically.  That is, for a managed key, it is the
+	    <emphasis>initial</emphasis> key that is trusted; RFC 5011
+	    key management is not supported. <command>delv</command>
+	    will not consult the managed-keys database maintained by
+	    <command>named</command>. This means that if either of the
+	    keys in <filename>/etc/bind.keys</filename> is revoked
 	    and rolled over, it will be necessary to update
 	    <filename>/etc/bind.keys</filename> to use DNSSEC
 	    validation in <command>delv</command>.
@@ -617,7 +616,8 @@
 	      request DNSSEC records or whether to validate them.
 	      DNSSEC records are always requested, and validation
 	      will always occur unless suppressed by the use of
-	      <option>-i</option> or <option>+noroot</option>.
+	      <option>-i</option> or <option>+noroot</option> and
+	      <option>+nodlv</option>.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -626,7 +626,7 @@
 	  <term><option>+[no]root[=ROOT]</option></term>
 	  <listitem>
 	    <para>
-	      Indicates whether to perform conventional
+	      Indicates whether to perform conventional (non-lookaside)
 	      DNSSEC validation, and if so, specifies the
 	      name of a trust anchor.  The default is to validate using
 	      a trust anchor of "." (the root zone), for which there is
@@ -637,6 +637,18 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]dlv[=DLV]</option></term>
+	  <listitem>
+	    <para>
+	      Indicates whether to perform DNSSEC lookaside validation,
+	      and if so, specifies the name of the DLV trust anchor.
+	      The <option>-a</option> option must also be used to specify
+              a file containing the DLV key.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]tcp</option></term>
 	  <listitem>
@@ -658,16 +670,6 @@
 	    </para>
 	  </listitem>
 	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]yaml</option></term>
-	  <listitem>
-	    <para>
-	      Print response data in YAML format.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
       </variablelist>
 
     </para>

bin/delv/delv.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -83,7 +83,7 @@
       <span class="command"><strong>delv</strong></span> will send to a specified name server all
       queries needed to fetch and validate the requested data; this
       includes the original requested query, subsequent queries to follow
-      CNAME or DNAME chains, and queries for DNSKEY and DS records
+      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
       to establish a chain of trust for DNSSEC validation.
       It does not perform iterative resolution, but simulates the
       behavior of a name server configured for DNSSEC validating and
@@ -193,21 +193,21 @@
 	  <p>
 	    Keys that do not match the root zone name are ignored.
             An alternate key name can be specified using the
-	    <code class="option">+root=NAME</code> options.
+	    <code class="option">+root=NAME</code> options. DNSSEC Lookaside
+            Validation can also be turned on by using the
+	    <code class="option">+dlv=NAME</code> to specify the name of a
+            zone containing DLV records.
 	  </p>
 	  <p>
 	    Note: When reading the trust anchor file,
-	    <span class="command"><strong>delv</strong></span> treats <code class="option">dnssec-keys</code>
-	    <code class="option">initial-key</code> and <code class="option">static-key</code>
-	    entries identically.  That is, even if a key is configured
-	    with <span class="command"><strong>initial-key</strong></span>, indicating that it is
-	    meant to be used only as an initializing key for RFC 5011
-	    key maintenance, it is still treated by <span class="command"><strong>delv</strong></span>
-	    as if it had been configured as a <span class="command"><strong>static-key</strong></span>.
-	    <span class="command"><strong>delv</strong></span> does not consult the managed keys
-	    database maintained by <span class="command"><strong>named</strong></span>. This means
-	    that if either of the keys in
-	    <code class="filename">/etc/bind.keys</code> is revoked
+	    <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
+	    statements and <code class="option">trusted-keys</code> statements
+	    identically.  That is, for a managed key, it is the
+	    <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
+	    key management is not supported. <span class="command"><strong>delv</strong></span>
+	    will not consult the managed-keys database maintained by
+	    <span class="command"><strong>named</strong></span>. This means that if either of the
+	    keys in <code class="filename">/etc/bind.keys</code> is revoked
 	    and rolled over, it will be necessary to update
 	    <code class="filename">/etc/bind.keys</code> to use DNSSEC
 	    validation in <span class="command"><strong>delv</strong></span>.
@@ -517,13 +517,14 @@
 	      request DNSSEC records or whether to validate them.
 	      DNSSEC records are always requested, and validation
 	      will always occur unless suppressed by the use of
-	      <code class="option">-i</code> or <code class="option">+noroot</code>.
+	      <code class="option">-i</code> or <code class="option">+noroot</code> and
+	      <code class="option">+nodlv</code>.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
 <dd>
 	    <p>
-	      Indicates whether to perform conventional
+	      Indicates whether to perform conventional (non-lookaside)
 	      DNSSEC validation, and if so, specifies the
 	      name of a trust anchor.  The default is to validate using
 	      a trust anchor of "." (the root zone), for which there is
@@ -532,6 +533,15 @@
 	      containing the key.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
+<dd>
+	    <p>
+	      Indicates whether to perform DNSSEC lookaside validation,
+	      and if so, specifies the name of the DLV trust anchor.
+	      The <code class="option">-a</code> option must also be used to specify
+              a file containing the DLV key.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd>
 	    <p>

bin/delv/win32/delv.vcxproj.in

@@ -53,15 +53,14 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
@@ -69,7 +68,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -80,7 +79,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -88,8 +87,7 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
@@ -100,7 +98,7 @@
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

bin/delv/win32/delv.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/dig/Makefile.in

@@ -19,17 +19,16 @@ READLINE_LIB = @READLINE_LIB@
 
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
 		${BIND9_INCLUDES} ${ISC_INCLUDES} \
-		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ \
-		${OPENSSL_CFLAGS}
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@
 
-CDEFINES =	-DVERSION=\"${VERSION}\"
+CDEFINES =	-DVERSION=\"${VERSION}\" @CRYPTO@
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -65,8 +64,6 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-LDFLAGS =	@LDFLAGS@ @LIBIDN2_LDFLAGS@
-
 dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
 	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
 	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
@@ -102,12 +99,12 @@ install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
 		nslookup@EXEEXT@ ${DESTDIR}${bindir}
 	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
-	done
+		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
+		done
 
 uninstall::
 	for m in ${MANPAGES}; do \
-		rm -f ${DESTDIR}${mandir}/man1/$$m || exit 1; \
+		rm -f ${DESTDIR}${mandir}/man1/$$m ; \
 	done
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
 	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -74,9 +74,7 @@ will perform an NS query for "\&." (the root)\&.
 It is possible to set per\-user defaults for
 \fBdig\fR
 via
-${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&. The
-\fB\-r\fR
-option disables this feature, for scripts that need predictable behaviour\&.
+${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&.
 .PP
 The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
 \fB\-t\fR
@@ -176,6 +174,11 @@ reads a list of lookup requests to process from the given
 using the command\-line interface\&.
 .RE
 .PP
+\-i
+.RS 4
+Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
+.RE
+.PP
 \-k \fIkeyfile\fR
 .RS 4
 Sign queries using TSIG using a key read from the given file\&. Key files can be generated using
@@ -205,23 +208,15 @@ The domain name to query\&. This is useful to distinguish the
 from other arguments\&.
 .RE
 .PP
-\-r
-.RS 4
-Do not read options from
-${HOME}/\&.digrc\&. This is useful for scripts that need predictable behaviour\&.
-.RE
-.PP
 \-t \fItype\fR
 .RS 4
-The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
 \fItype\fR
 to
 ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
 \fIN\fR\&.
-.sp
-All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
 .RE
 .PP
 \-u
@@ -249,7 +244,9 @@ arguments\&.
 \fBdig\fR
 automatically performs a lookup for a name like
 94\&.2\&.0\&.192\&.in\-addr\&.arpa
-and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&.
+and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain (but see also the
+\fB\-i\fR
+option)\&.
 .RE
 .PP
 \-y \fI[hmac:]\fR\fIkeyname:secret\fR
@@ -361,20 +358,14 @@ Display [do not display] the CLASS when printing the record\&.
 .PP
 \fB+[no]cmd\fR
 .RS 4
-Toggles the printing of the initial comment in the output, identifying the version of
+Toggles the printing of the initial comment in the output identifying the version of
 \fBdig\fR
-and the query options that have been applied\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&. The default is to print this comment\&.
+and the query options that have been applied\&. This comment is printed by default\&.
 .RE
 .PP
 \fB+[no]comments\fR
 .RS 4
-Toggles the display of some comment lines in the output, containing information about the packet header and OPT pseudosection, and the names of the response section\&. The default is to print these comments\&.
-.sp
-Other types of comments in the output are not affected by this option, but can be controlled using other command line switches\&. These include
-\fB+[no]cmd\fR,
-\fB+[no]question\fR,
-\fB+[no]stats\fR, and
-\fB+[no]rrcomments\fR\&.
+Toggle the display of comment lines in the output\&. The default is to print comments\&.
 .RE
 .PP
 \fB+[no]cookie\fR\fB[=####]\fR
@@ -456,11 +447,6 @@ clears the EDNS options to be sent\&.
 Send an EDNS Expire option\&.
 .RE
 .PP
-\fB+[no]expandaaaa\fR
-.RS 4
-When printing AAAA record print all zero nibbles rather than the default RFC 5952 preferred presentation format\&.
-.RE
-.PP
 \fB+[no]fail\fR
 .RS 4
 Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
@@ -478,18 +464,9 @@ Show [or do not show] the IP address and port number that supplied the answer wh
 option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
 .RE
 .PP
-\fB+[no]idnin\fR
-.RS 4
-Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process IDN input when standard output is a tty\&. The IDN processing on input is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
-.RE
-.PP
 \fB+[no]idnout\fR
 .RS 4
-Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process puny code on output when standard output is a tty\&. The puny code processing on output is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
+Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
 .RE
 .PP
 \fB+[no]ignore\fR
@@ -548,7 +525,7 @@ Include an EDNS name server ID request when sending a query\&.
 .RS 4
 When this option is set,
 \fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. Addresses of servers that that did not respond are also printed\&.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
 .RE
 .PP
 \fB+[no]onesoa\fR
@@ -572,17 +549,12 @@ would cause a 48\-byte query to be padded to 64 bytes\&. The default block size
 .PP
 \fB+[no]qr\fR
 .RS 4
-Toggles the display of the query message as it is sent\&. By default, the query is not printed\&.
+Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
 .RE
 .PP
 \fB+[no]question\fR
 .RS 4
-Toggles the display of the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
-.RE
-.PP
-\fB+[no]raflag\fR
-.RS 4
-Set [do not set] the RA (Recursion Available) bit in the query\&. The default is +noraflag\&. This bit should be ignored by the server for QUERY\&.
+Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
 .RE
 .PP
 \fB+[no]rdflag\fR
@@ -595,11 +567,11 @@ A synonym for
 .RS 4
 Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
 \fBdig\fR
-normally sends recursive queries\&. Recursion is automatically disabled when using the
+normally sends recursive queries\&. Recursion is automatically disabled when the
 \fI+nssearch\fR
-option, and when using
+or
 \fI+trace\fR
-except for an initial recursive query to get the list of root servers\&.
+query options are used\&.
 .RE
 .PP
 \fB+retry=T\fR
@@ -630,7 +602,7 @@ determines if the name will be treated as relative or not and hence whether a se
 .PP
 \fB+[no]short\fR
 .RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&. This option always has global effect; it cannot be set globally and then overridden on a per\-lookup basis\&.
+Provide a terse answer\&. The default is to print the answer in a verbose form\&.
 .RE
 .PP
 \fB+[no]showsearch\fR
@@ -660,7 +632,7 @@ causes fields not to be split at all\&. The default is 56 characters, or 44 char
 .PP
 \fB+[no]stats\fR
 .RS 4
-Toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics as a comment after each lookup\&.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
 .RE
 .PP
 \fB+[no]subnet=addr[/prefix\-length]\fR
@@ -674,11 +646,6 @@ for short, sends an EDNS CLIENT\-SUBNET option with an empty address and a sourc
 be used when resolving this query\&.
 .RE
 .PP
-\fB+[no]tcflag\fR
-.RS 4
-Set [do not set] the TC (TrunCation) bit in the query\&. The default is +notcflag\&. This bit should be ignored by the server for QUERY\&.
-.RE
-.PP
 \fB+[no]tcp\fR
 .RS 4
 Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
@@ -808,13 +775,11 @@ If
 \fBdig\fR
 has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
 \fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
-\fI+noidnin\fR
-and
-\fI+noidnout\fR
-or define the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
 \fBIDN_DISABLE\fR
-environment variable\&.
+environment variable\&. The IDN support is disabled if the variable is set when
+\fBdig\fR
+runs\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -826,7 +791,7 @@ ${HOME}/\&.digrc
 \fBhost\fR(1),
 \fBnamed\fR(8),
 \fBdnssec-keygen\fR(8),
-RFC 1035\&.
+RFC1035\&.
 .SH "BUGS"
 .PP
 There are probably too many query options\&.
@@ -835,5 +800,5 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/dig.docbook

@@ -52,7 +52,6 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -132,10 +131,9 @@
 
     <para>
       It is possible to set per-user defaults for <command>dig</command> via
-      <filename>${HOME}/.digrc</filename>. This file is read and any
-      options in it are applied before the command line arguments.
-      The <option>-r</option> option disables this feature, for
-      scripts that need predictable behaviour.
+      <filename>${HOME}/.digrc</filename>.  This file is read and
+      any options in it
+      are applied before the command line arguments.
     </para>
 
     <para>
@@ -273,6 +271,17 @@
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-i</term>
+	<listitem>
+	  <para>
+	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+	    domain, which is no longer in use. Obsolete bit string
+	    label queries (RFC2874) are not attempted.
+	  </para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-k <replaceable class="parameter">keyfile</replaceable></term>
 	<listitem>
@@ -325,26 +334,15 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r</term>
-	<listitem>
-	  <para>
-	    Do not read options from <filename>${HOME}/.digrc</filename>.
-	    This is useful for scripts that need predictable behaviour.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-t <replaceable class="parameter">type</replaceable></term>
 	<listitem>
 	  <para>
-	    The resource record type to query. It can be any valid query
-	    type.  If it is a resource record type supported in BIND 9, it
-	    can be given by the type mnemonic (such as "NS" or "AAAA").
-	    The default query type is "A", unless the <option>-x</option>
-	    option is supplied to indicate a reverse lookup.  A zone
-	    transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query type
+	    which is
+	    supported in BIND 9.  The default query type is "A", unless the
+	    <option>-x</option> option is supplied to indicate a reverse lookup.
+	    A zone transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <parameter>type</parameter> to <literal>ixfr=N</literal>.
 	    The incremental zone transfer will contain the changes
@@ -352,12 +350,6 @@
 	    record was
 	    <parameter>N</parameter>.
 	  </para>
-	  <para>
-	    All resource record types can be expressed as "TYPEnn", where
-	    "nn" is the number of the type. If the resource record type is
-	    not supported in BIND 9, the result will be displayed as
-	    described in RFC 3597.
-	  </para>
 	</listitem>
       </varlistentry>
 
@@ -395,7 +387,8 @@
 	    <literal>94.2.0.192.in-addr.arpa</literal> and sets the
 	    query type and class to PTR and IN respectively. IPv6
 	    addresses are looked up using nibble format under the
-	    IP6.ARPA domain.
+	    IP6.ARPA domain (but see also the <option>-i</option>
+	    option).
 	  </para>
 	</listitem>
       </varlistentry>
@@ -593,11 +586,9 @@
 	  <listitem>
 	    <para>
 	      Toggles the printing of the initial comment in the
-	      output, identifying the version of <command>dig</command>
-	      and the query options that have been applied.  This option
-	      always has global effect; it cannot be set globally
-	      and then overridden on a per-lookup basis.  The default
-	      is to print this comment.
+	      output identifying the version of <command>dig</command>
+	      and the query options that have been applied.  This
+	      comment is printed by default.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -606,18 +597,8 @@
 	  <term><option>+[no]comments</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of some comment lines in the output,
-	      containing information about the packet header and
-	      OPT pseudosection, and the names of the response
-	      section.  The default is to print these comments.
-	    </para>
-	    <para>
-	      Other types of comments in the output are not affected by
-	      this option, but can be controlled using other command
-	      line switches. These include <command>+[no]cmd</command>,
-	      <command>+[no]question</command>,
-	      <command>+[no]stats</command>, and
-	      <command>+[no]rrcomments</command>.
+	      Toggle the display of comment lines in the output.
+	      The default is to print comments.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -759,16 +740,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]expandaaaa</option></term>
-	  <listitem>
-	    <para>
-	      When printing AAAA record print all zero nibbles rather
-	      than the default RFC 5952 preferred presentation format.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]fail</option></term>
 	  <listitem>
@@ -811,13 +782,7 @@
 	    <para>
 	      Process [do not process] IDN domain names on input.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </para>
-	    <para>
-	      The default is to process IDN input when standard output
-	      is a tty.  The IDN processing on input is disabled when
-	      dig output is redirected to files, pipes, and other
-	      non-tty file descriptors.
+	      compile time.  The default is to process IDN input.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -828,13 +793,7 @@
 	    <para>
 	      Convert [do not convert] puny code on output.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </para>
-	    <para>
-	      The default is to process puny code on output when
-	      standard output is a tty.  The puny code processing on
-	      output is disabled when dig output is redirected to
-	      files, pipes, and other non-tty file descriptors.
+	      compile time.  The default is to convert output.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -977,8 +936,8 @@
 	  <term><option>+[no]qr</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of the query message as it is sent.
-	      By default, the query is not printed.
+	      Print [do not print] the query as it is sent.  By
+	      default, the query is not printed.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -987,24 +946,13 @@
 	  <term><option>+[no]question</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the display of the question section of a query
+	      Print [do not print] the question section of a query
 	      when an answer is returned.  The default is to print
 	      the question section as a comment.
 	    </para>
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]raflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the RA (Recursion Available) bit in
-	      the query. The default is +noraflag. This bit should
-	      be ignored by the server for QUERY.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]rdflag</option></term>
 	  <listitem>
@@ -1022,10 +970,8 @@
 	      in the query.  This bit is set by default, which means
 	      <command>dig</command> normally sends recursive
 	      queries.  Recursion is automatically disabled when
-	      using the <parameter>+nssearch</parameter> option, and
-	      when using <parameter>+trace</parameter> except for
-	      an initial recursive query to get the list of root
-	      servers.
+	      the <parameter>+nssearch</parameter> or
+	      <parameter>+trace</parameter> query options are used.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1078,9 +1024,7 @@
 	  <listitem>
 	    <para>
 	      Provide a terse answer.  The default is to print the
-	      answer in a verbose form.  This option always has global
-	      effect; it cannot be set globally and then overridden on
-	      a per-lookup basis.
+	      answer in a verbose form.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1100,7 +1044,7 @@
 	  <listitem>
 	    <para>
 	      This feature is now obsolete and has been removed;
-	      use <command>delv</command> instead.
+              use <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1125,9 +1069,10 @@
 	  <term><option>+[no]stats</option></term>
 	  <listitem>
 	    <para>
-	      Toggles the printing of statistics: when the query was made,
-	      the size of the reply and so on.  The default behavior is to
-	      print the query statistics as a comment after each lookup.
+	      This query option toggles the printing of statistics:
+	      when the query was made, the size of the reply and
+	      so on.  The default behavior is to print the query
+	      statistics.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1151,17 +1096,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]tcflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the TC (TrunCation) bit in the query.
-	      The default is +notcflag.  This bit should be ignored
-	      by the server for QUERY.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]tcp</option></term>
 	  <listitem>
@@ -1195,8 +1129,8 @@
 	  <listitem>
 	    <para>
 	      This feature is related to <command>dig +sigchase</command>,
-	      which is obsolete and has been removed. Use
-	      <command>delv</command> instead.
+              which is obsolete and has been removed. Use
+              <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1241,9 +1175,9 @@
 	  <listitem>
 	    <para>
 	      Formerly specified trusted keys for use with
-	      <command>dig +sigchase</command>.  This feature is now
-	      obsolete and has been removed; use
-	      <command>delv</command> instead.
+              <command>dig +sigchase</command>.  This feature is now
+              obsolete and has been removed; use
+              <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1292,16 +1226,6 @@
 	  </listitem>
 	</varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]yaml</option></term>
-	  <listitem>
-	    <para>
-	      Print the responses (and, if <option>+qr</option> is in use,
-	      also the outgoing queries) in a detailed YAML format.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
 	<varlistentry>
 	  <term><option>+[no]zflag</option></term>
 	  <listitem>
@@ -1375,11 +1299,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <command>dig</command> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, use
+      If you'd like to turn off the IDN support for some reason, use 
       parameters <parameter>+noidnin</parameter> and
-      <parameter>+noidnout</parameter> or define
-      the <envar>IDN_DISABLE</envar> environment variable.
-
+      <parameter>+noidnout</parameter>.
     </para>
   </refsection>
 
@@ -1405,7 +1327,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <citerefentry>
 	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citetitle>RFC 1035</citetitle>.
+      <citetitle>RFC1035</citetitle>.
     </para>
   </refsection>
 

bin/dig/dig.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2011, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -106,10 +106,9 @@
 
     <p>
       It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
-      <code class="filename">${HOME}/.digrc</code>. This file is read and any
-      options in it are applied before the command line arguments.
-      The <code class="option">-r</code> option disables this feature, for
-      scripts that need predictable behaviour.
+      <code class="filename">${HOME}/.digrc</code>.  This file is read and
+      any options in it
+      are applied before the command line arguments.
     </p>
 
     <p>
@@ -228,6 +227,14 @@
 	    <span class="command"><strong>dig</strong></span> using the command-line interface.
 	  </p>
 	</dd>
+<dt><span class="term">-i</span></dt>
+<dd>
+	  <p>
+	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+	    domain, which is no longer in use. Obsolete bit string
+	    label queries (RFC2874) are not attempted.
+	  </p>
+	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
 <dd>
 	  <p>
@@ -267,22 +274,14 @@
 	    the <em class="parameter"><code>name</code></em> from other arguments.
 	  </p>
 	</dd>
-<dt><span class="term">-r</span></dt>
-<dd>
-	  <p>
-	    Do not read options from <code class="filename">${HOME}/.digrc</code>.
-	    This is useful for scripts that need predictable behaviour.
-	  </p>
-	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
 	  <p>
-	    The resource record type to query. It can be any valid query
-	    type.  If it is a resource record type supported in BIND 9, it
-	    can be given by the type mnemonic (such as "NS" or "AAAA").
-	    The default query type is "A", unless the <code class="option">-x</code>
-	    option is supplied to indicate a reverse lookup.  A zone
-	    transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query type
+	    which is
+	    supported in BIND 9.  The default query type is "A", unless the
+	    <code class="option">-x</code> option is supplied to indicate a reverse lookup.
+	    A zone transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
 	    The incremental zone transfer will contain the changes
@@ -290,12 +289,6 @@
 	    record was
 	    <em class="parameter"><code>N</code></em>.
 	  </p>
-	  <p>
-	    All resource record types can be expressed as "TYPEnn", where
-	    "nn" is the number of the type. If the resource record type is
-	    not supported in BIND 9, the result will be displayed as
-	    described in RFC 3597.
-	  </p>
 	</dd>
 <dt><span class="term">-u</span></dt>
 <dd>
@@ -324,7 +317,8 @@
 	    <code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
 	    query type and class to PTR and IN respectively. IPv6
 	    addresses are looked up using nibble format under the
-	    IP6.ARPA domain.
+	    IP6.ARPA domain (but see also the <code class="option">-i</code>
+	    option).
 	  </p>
 	</dd>
 <dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
@@ -481,28 +475,16 @@
 <dd>
 	    <p>
 	      Toggles the printing of the initial comment in the
-	      output, identifying the version of <span class="command"><strong>dig</strong></span>
-	      and the query options that have been applied.  This option
-	      always has global effect; it cannot be set globally
-	      and then overridden on a per-lookup basis.  The default
-	      is to print this comment.
+	      output identifying the version of <span class="command"><strong>dig</strong></span>
+	      and the query options that have been applied.  This
+	      comment is printed by default.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
 <dd>
 	    <p>
-	      Toggles the display of some comment lines in the output,
-	      containing information about the packet header and
-	      OPT pseudosection, and the names of the response
-	      section.  The default is to print these comments.
-	    </p>
-	    <p>
-	      Other types of comments in the output are not affected by
-	      this option, but can be controlled using other command
-	      line switches. These include <span class="command"><strong>+[no]cmd</strong></span>,
-	      <span class="command"><strong>+[no]question</strong></span>,
-	      <span class="command"><strong>+[no]stats</strong></span>, and
-	      <span class="command"><strong>+[no]rrcomments</strong></span>.
+	      Toggle the display of comment lines in the output.
+	      The default is to print comments.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]cookie[<span class="optional">=####</span>]</code></span></dt>
@@ -610,13 +592,6 @@
 	      Send an EDNS Expire option.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]expandaaaa</code></span></dt>
-<dd>
-	    <p>
-	      When printing AAAA record print all zero nibbles rather
-	      than the default RFC 5952 preferred presentation format.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]fail</code></span></dt>
 <dd>
 	    <p>
@@ -644,32 +619,12 @@
 	      server that provided the answer.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
-<dd>
-	    <p>
-	      Process [do not process] IDN domain names on input.
-	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </p>
-	    <p>
-	      The default is to process IDN input when standard output
-	      is a tty.  The IDN processing on input is disabled when
-	      dig output is redirected to files, pipes, and other
-	      non-tty file descriptors.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
 <dd>
 	    <p>
 	      Convert [do not convert] puny code on output.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.
-	    </p>
-	    <p>
-	      The default is to process puny code on output when
-	      standard output is a tty.  The puny code processing on
-	      output is disabled when dig output is redirected to
-	      files, pipes, and other non-tty file descriptors.
+	      compile time.  The default is to convert output.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
@@ -740,8 +695,7 @@
 	      attempts to find the authoritative name servers for
 	      the zone containing the name being looked up and
 	      display the SOA record that each name server has for
-	      the zone. Addresses of servers that that did not
-	      respond are also printed.
+	      the zone.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
@@ -776,26 +730,18 @@
 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
 <dd>
 	    <p>
-	      Toggles the display of the query message as it is sent.
-	      By default, the query is not printed.
+	      Print [do not print] the query as it is sent.  By
+	      default, the query is not printed.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]question</code></span></dt>
 <dd>
 	    <p>
-	      Toggles the display of the question section of a query
+	      Print [do not print] the question section of a query
 	      when an answer is returned.  The default is to print
 	      the question section as a comment.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
-<dd>
-	    <p>
-	      Set [do not set] the RA (Recursion Available) bit in
-	      the query. The default is +noraflag. This bit should
-	      be ignored by the server for QUERY.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
 <dd>
 	    <p>
@@ -809,10 +755,8 @@
 	      in the query.  This bit is set by default, which means
 	      <span class="command"><strong>dig</strong></span> normally sends recursive
 	      queries.  Recursion is automatically disabled when
-	      using the <em class="parameter"><code>+nssearch</code></em> option, and
-	      when using <em class="parameter"><code>+trace</code></em> except for
-	      an initial recursive query to get the list of root
-	      servers.
+	      the <em class="parameter"><code>+nssearch</code></em> or
+	      <em class="parameter"><code>+trace</code></em> query options are used.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+retry=T</code></span></dt>
@@ -853,9 +797,7 @@
 <dd>
 	    <p>
 	      Provide a terse answer.  The default is to print the
-	      answer in a verbose form.  This option always has global
-	      effect; it cannot be set globally and then overridden on
-	      a per-lookup basis.
+	      answer in a verbose form.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
@@ -869,7 +811,7 @@
 <dd>
 	    <p>
 	      This feature is now obsolete and has been removed;
-	      use <span class="command"><strong>delv</strong></span> instead.
+              use <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+split=W</code></span></dt>
@@ -888,9 +830,10 @@
 <dt><span class="term"><code class="option">+[no]stats</code></span></dt>
 <dd>
 	    <p>
-	      Toggles the printing of statistics: when the query was made,
-	      the size of the reply and so on.  The default behavior is to
-	      print the query statistics as a comment after each lookup.
+	      This query option toggles the printing of statistics:
+	      when the query was made, the size of the reply and
+	      so on.  The default behavior is to print the query
+	      statistics.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]subnet=addr[/prefix-length]</code></span></dt>
@@ -909,14 +852,6 @@
 	      this query.
 	    </p>
 	  </dd>
-<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
-<dd>
-	    <p>
-	      Set [do not set] the TC (TrunCation) bit in the query.
-	      The default is +notcflag.  This bit should be ignored
-	      by the server for QUERY.
-	    </p>
-	  </dd>
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd>
 	    <p>
@@ -943,8 +878,8 @@
 <dd>
 	    <p>
 	      This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
-	      which is obsolete and has been removed. Use
-	      <span class="command"><strong>delv</strong></span> instead.
+              which is obsolete and has been removed. Use
+              <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
@@ -980,9 +915,9 @@
 <dd>
 	    <p>
 	      Formerly specified trusted keys for use with
-	      <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
-	      obsolete and has been removed; use
-	      <span class="command"><strong>delv</strong></span> instead.
+              <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
+              obsolete and has been removed; use
+              <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
@@ -1092,11 +1027,10 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, use
-      parameters <em class="parameter"><code>+noidnin</code></em> and
-      <em class="parameter"><code>+noidnout</code></em> or define
+      If you'd like to turn off the IDN support for some reason, defines
       the <code class="envar">IDN_DISABLE</code> environment variable.
-
+      The IDN support is disabled if the variable is set when
+      <span class="command"><strong>dig</strong></span> runs.
     </p>
   </div>
 
@@ -1124,7 +1058,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="citerefentry">
 	<span class="refentrytitle">dnssec-keygen</span>(8)
       </span>,
-      <em class="citetitle">RFC 1035</em>.
+      <em class="citetitle">RFC1035</em>.
     </p>
   </div>
 

bin/dig/host.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -112,6 +112,11 @@ Print debugging traces\&. Equivalent to the
 verbose option\&.
 .RE
 .PP
+\-i
+.RS 4
+Obsolete\&. Use the IP6\&.INT domain for reverse lookups of IPv6 addresses as defined in RFC1886 and deprecated in RFC4159\&. The default is to use IP6\&.ARPA as specified in RFC3596\&.
+.RE
+.PP
 \-l
 .RS 4
 List zone: The
@@ -252,7 +257,7 @@ If
 \fBhost\fR
 has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
 \fBhost\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
 \fBIDN_DISABLE\fR
 environment variable\&. The IDN support is disabled if the variable is set when
 \fBhost\fR
@@ -269,5 +274,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/host.c

@@ -11,8 +11,7 @@
 
 /*! \file */
 
-#include <inttypes.h>
-#include <stdbool.h>
+#include <config.h>
 #include <stdlib.h>
 #include <limits.h>
 
@@ -27,6 +26,7 @@
 #include <isc/string.h>
 #include <isc/util.h>
 #include <isc/task.h>
+#include <isc/stdlib.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -40,14 +40,14 @@
 
 #include <dig/dig.h>
 
-static bool short_form = true, listed_server = false;
-static bool default_lookups = true;
+static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
+static isc_boolean_t default_lookups = ISC_TRUE;
 static int seen_error = -1;
-static bool list_addresses = true;
-static bool list_almost_all = false;
+static isc_boolean_t list_addresses = ISC_TRUE;
+static isc_boolean_t list_almost_all = ISC_FALSE;
 static dns_rdatatype_t list_type = dns_rdatatype_a;
-static bool printed_server = false;
-static bool ipv4only = false, ipv6only = false;
+static isc_boolean_t printed_server = ISC_FALSE;
+static isc_boolean_t ipv4only = ISC_FALSE, ipv6only = ISC_FALSE;
 
 static const char *opcodetext[] = {
 	"QUERY",
@@ -141,6 +141,7 @@ show_usage(void) {
 "       -c specifies query class for non-IN data\n"
 "       -C compares SOA records on authoritative nameservers\n"
 "       -d is equivalent to -v\n"
+"       -i IP6.INT reverse lookups\n"
 "       -l lists all hosts in a domain, using AXFR\n"
 "       -m set memory debugging flag (trace|record|usage)\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
@@ -149,7 +150,6 @@ show_usage(void) {
 "       -s a SERVFAIL response should stop query\n"
 "       -t specifies the query type\n"
 "       -T enables TCP/IP mode\n"
-"       -U enables UDP mode\n"
 "       -v enables verbose output\n"
 "       -V print version number and exit\n"
 "       -w specifies to wait forever for a reply\n"
@@ -224,7 +224,7 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers,
+	     const char *section_name, isc_boolean_t headers,
 	     dig_query_t *query)
 {
 	dns_name_t *name, *print_name;
@@ -235,13 +235,13 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	isc_region_t r;
 	dns_name_t empty_name;
 	char tbuf[4096];
-	bool first;
-	bool no_rdata;
+	isc_boolean_t first;
+	isc_boolean_t no_rdata;
 
 	if (sectionid == DNS_SECTION_QUESTION)
-		no_rdata = true;
+		no_rdata = ISC_TRUE;
 	else
-		no_rdata = false;
+		no_rdata = ISC_FALSE;
 
 	if (headers)
 		printf(";; %s SECTION:\n", section_name);
@@ -259,7 +259,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		dns_message_currentname(msg, sectionid, &name);
 
 		isc_buffer_init(&target, tbuf, sizeof(tbuf));
-		first = true;
+		first = ISC_TRUE;
 		print_name = name;
 
 		for (rdataset = ISC_LIST_HEAD(name->list);
@@ -283,7 +283,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
 							     print_name,
-							     false,
+							     ISC_FALSE,
 							     no_rdata,
 							     &target);
 				if (result != ISC_R_SUCCESS)
@@ -291,7 +291,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 #ifdef USEINITALWS
 				if (first) {
 					print_name = &empty_name;
-					first = false;
+					first = ISC_FALSE;
 				}
 #else
 				UNUSED(first); /* Shut up compiler. */
@@ -350,7 +350,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 static isc_result_t
 printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
 	   const dns_name_t *owner, const char *set_name,
-	   bool headers)
+	   isc_boolean_t headers)
 {
 	isc_buffer_t target;
 	isc_result_t result;
@@ -363,7 +363,7 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
 
 	isc_buffer_init(&target, tbuf, sizeof(tbuf));
 
-	result = dns_rdataset_totext(rdataset, owner, false, false,
+	result = dns_rdataset_totext(rdataset, owner, ISC_FALSE, ISC_FALSE,
 				     &target);
 	if (result != ISC_R_SUCCESS)
 		return (result);
@@ -400,16 +400,13 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
-	     dns_message_t *msg, bool headers)
-{
-	bool did_flag = false;
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
+	isc_boolean_t did_flag = ISC_FALSE;
 	dns_rdataset_t *opt, *tsig = NULL;
 	const dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
 	int force_error;
 
-	UNUSED(msgbuf);
 	UNUSED(headers);
 
 	/*
@@ -427,7 +424,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
-		printed_server = true;
+		printed_server = ISC_TRUE;
 	}
 
 	if (msg->rcode != 0) {
@@ -455,26 +452,27 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 		dns_name_t *name;
 
 		/* Add AAAA and MX lookups. */
-		name = dns_fixedname_initname(&fixed);
+		dns_fixedname_init(&fixed);
+		name = dns_fixedname_name(&fixed);
 		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, false);
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
 			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
 			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
 		}
-		lookup = clone_lookup(query->lookup, false);
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
 			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
 			lookup->rdtype = dns_rdatatype_mx;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -488,31 +486,31 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 		printf(";; flags: ");
 		if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
 			printf("qr");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) {
 			printf("%saa", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
 			printf("%stc", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) {
 			printf("%srd", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) {
 			printf("%sra", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) {
 			printf("%sad", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 		}
 		if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
 			printf("%scd", did_flag ? " " : "");
-			did_flag = true;
+			did_flag = ISC_TRUE;
 			POST(did_flag);
 		}
 		printf("; QUERY: %u, ANSWER: %u, "
@@ -535,7 +533,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
-				      true, query);
+				      ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -543,7 +541,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 		if (!short_form)
 			printf("\n");
 		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
-				      !short_form, query);
+				      ISC_TF(!short_form), query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -552,7 +550,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
-				      true, query);
+				      ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -560,14 +558,14 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 	    !short_form) {
 		printf("\n");
 		result = printsection(msg, DNS_SECTION_ADDITIONAL,
-				      "ADDITIONAL", true, query);
+				      "ADDITIONAL", ISC_TRUE, query);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
 	if ((tsig != NULL) && !short_form) {
 		printf("\n");
 		result = printrdata(msg, tsig, tsigname,
-				    "PSEUDOSECTION TSIG", true);
+				    "PSEUDOSECTION TSIG", ISC_TRUE);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 	}
@@ -602,7 +600,7 @@ pre_parse_args(int argc, char **argv) {
 	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'm':
-			memdebugging = true;
+			memdebugging = ISC_TRUE;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
 			else if (strcasecmp("record",
@@ -616,50 +614,49 @@ pre_parse_args(int argc, char **argv) {
 		case '4':
 			if (ipv6only)
 				fatal("only one of -4 and -6 allowed");
-			ipv4only = true;
+			ipv4only = ISC_TRUE;
 			break;
 		case '6':
 			if (ipv4only)
 				fatal("only one of -4 and -6 allowed");
-			ipv6only = true;
+			ipv6only = ISC_TRUE;
 			break;
 		case 'a': break;
 		case 'A': break;
 		case 'c': break;
-		case 'C': break;
 		case 'd': break;
-		case 'D':
-			if (debugging)
-				debugtiming = true;
-			debugging = true;
-			break;
 		case 'i': break;
 		case 'l': break;
 		case 'n': break;
-		case 'N': break;
 		case 'r': break;
-		case 'R': break;
 		case 's': break;
 		case 't': break;
-		case 'T': break;
-		case 'U': break;
 		case 'v': break;
 		case 'V':
 			  version();
 			  exit(0);
 			  break;
 		case 'w': break;
+		case 'C': break;
+		case 'D':
+			if (debugging)
+				debugtiming = ISC_TRUE;
+			debugging = ISC_TRUE;
+			break;
+		case 'N': break;
+		case 'R': break;
+		case 'T': break;
 		case 'W': break;
 		default:
 			show_usage();
 		}
 	}
-	isc_commandline_reset = true;
+	isc_commandline_reset = ISC_TRUE;
 	isc_commandline_index = 1;
 }
 
 static void
-parse_args(bool is_batchfile, int argc, char **argv) {
+parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	char hostname[MXNAME];
 	dig_lookup_t *lookup;
 	int c;
@@ -668,30 +665,30 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
-	uint32_t serial = 0;
+	isc_uint32_t serial = 0;
 
 	UNUSED(is_batchfile);
 
 	lookup = make_empty_lookup();
 
-	lookup->servfail_stops = false;
-	lookup->comments = false;
+	lookup->servfail_stops = ISC_FALSE;
+	lookup->comments = ISC_FALSE;
 	short_form = !verbose;
 
 	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'l':
-			lookup->tcp_mode = true;
+			lookup->tcp_mode = ISC_TRUE;
 			lookup->rdtype = dns_rdatatype_axfr;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			fatalexit = 3;
 			break;
 		case 'v':
 		case 'd':
-			short_form = false;
+			short_form = ISC_FALSE;
 			break;
 		case 'r':
-			lookup->recurse = false;
+			lookup->recurse = ISC_FALSE;
 			break;
 		case 't':
 			if (strncasecmp(isc_commandline_argument,
@@ -716,23 +713,23 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
-				short_form = false;
-				lookup->tcp_mode = true;
+				short_form = ISC_FALSE;
+				lookup->tcp_mode = ISC_TRUE;
 			} else if (rdtype == dns_rdatatype_ixfr) {
 				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = true;
+				lookup->tcp_mode = ISC_TRUE;
 				list_type = rdtype;
 			} else if (rdtype == dns_rdatatype_any) {
 				if (!lookup->tcp_mode_set)
-					lookup->tcp_mode = true;
+					lookup->tcp_mode = ISC_TRUE;
 			} else
 				list_type = rdtype;
-			list_addresses = false;
-			default_lookups = false;
+			list_addresses = ISC_FALSE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
@@ -746,25 +743,25 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				      isc_commandline_argument);
 			} else {
 				lookup->rdclass = rdclass;
-				lookup->rdclassset = true;
+				lookup->rdclassset = ISC_TRUE;
 			}
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'A':
-			list_almost_all = true;
+			list_almost_all = ISC_TRUE;
 			/* FALL THROUGH */
 		case 'a':
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
 			list_type = dns_rdatatype_any;
-			list_addresses = false;
-			lookup->rdtypeset = true;
-			short_form = false;
-			default_lookups = false;
+			list_addresses = ISC_FALSE;
+			lookup->rdtypeset = ISC_TRUE;
+			short_form = ISC_FALSE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'i':
-			/* deprecated */
+			lookup->ip6_int = ISC_TRUE;
 			break;
 		case 'n':
 			/* deprecated */
@@ -790,23 +787,23 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 				tries = 2;
 			break;
 		case 'T':
-			lookup->tcp_mode = true;
-			lookup->tcp_mode_set = true;
+			lookup->tcp_mode = ISC_TRUE;
+			lookup->tcp_mode_set = ISC_TRUE;
 			break;
 		case 'U':
-			lookup->tcp_mode = false;
-			lookup->tcp_mode_set = true;
+			lookup->tcp_mode = ISC_FALSE;
+			lookup->tcp_mode_set = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
 			lookup->rdtype = dns_rdatatype_ns;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->rdclass = dns_rdataclass_in;
-			lookup->rdclassset = true;
-			lookup->ns_search_only = true;
-			lookup->trace_root = true;
-			lookup->identify_previous_line = true;
-			default_lookups = false;
+			lookup->rdclassset = ISC_TRUE;
+			lookup->ns_search_only = ISC_TRUE;
+			lookup->trace_root = ISC_TRUE;
+			lookup->identify_previous_line = ISC_TRUE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",
@@ -823,7 +820,7 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 			/* Handled by pre_parse_args(). */
 			break;
 		case 's':
-			lookup->servfail_stops = true;
+			lookup->servfail_stops = ISC_TRUE;
 			break;
 		}
 	}
@@ -838,36 +835,25 @@ parse_args(bool is_batchfile, int argc, char **argv) {
 	if (argc > isc_commandline_index + 1) {
 		set_nameserver(argv[isc_commandline_index+1]);
 		debug("server is %s", argv[isc_commandline_index+1]);
-		listed_server = true;
+		listed_server = ISC_TRUE;
 	} else
-		check_ra = true;
+		check_ra = ISC_TRUE;
 
-	lookup->pending = false;
-	if (get_reverse(store, sizeof(store), hostname, true)
-	    == ISC_R_SUCCESS) {
+	lookup->pending = ISC_FALSE;
+	if (get_reverse(store, sizeof(store), hostname,
+			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = true;
-		default_lookups = false;
+		lookup->rdtypeset = ISC_TRUE;
+		default_lookups = ISC_FALSE;
 	} else {
 		strlcpy(lookup->textname, hostname, sizeof(lookup->textname));
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	}
-	lookup->new_search = true;
+	lookup->new_search = ISC_TRUE;
 	ISC_LIST_APPEND(lookup_list, lookup, link);
 }
 
-static void
-host_error(const char *format, ...) {
-	va_list args;
-
-	printf(";; ");
-	va_start(args, format);
-	vfprintf(stdout, format, args);
-	va_end(args);
-	printf("\n");
-}
-
 int
 main(int argc, char **argv) {
 	isc_result_t result;
@@ -885,7 +871,6 @@ main(int argc, char **argv) {
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = host_shutdown;
-	dighost_error = host_error;
 
 	debug("main()");
 	progname = argv[0];
@@ -894,7 +879,7 @@ main(int argc, char **argv) {
 	check_result(result, "isc_app_start");
 	setup_libs();
 	setup_system(ipv4only, ipv6only);
-	parse_args(false, argc, argv);
+	parse_args(ISC_FALSE, argc, argv);
 	if (keyfile[0] != 0)
 		setup_file_key();
 	else if (keysecret[0] != 0)

bin/dig/host.docbook

@@ -47,7 +47,6 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -180,6 +179,18 @@
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-i</term>
+	<listitem>
+	  <para>
+	    Obsolete.
+	    Use the IP6.INT domain for reverse lookups of IPv6
+	    addresses as defined in RFC1886 and deprecated in RFC4159.
+	    The default is to use IP6.ARPA as specified in RFC3596.
+	  </para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-l</term>
 	<listitem>
@@ -378,7 +389,7 @@
       <command>host</command> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
+      If you'd like to turn off the IDN support for some reason, defines
       the <envar>IDN_DISABLE</envar> environment variable.
       The IDN support is disabled if the variable is set when
       <command>host</command> runs.

bin/dig/host.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -138,6 +138,15 @@
 	    Equivalent to the <code class="option">-v</code> verbose option.
 	  </p>
 	</dd>
+<dt><span class="term">-i</span></dt>
+<dd>
+	  <p>
+	    Obsolete.
+	    Use the IP6.INT domain for reverse lookups of IPv6
+	    addresses as defined in RFC1886 and deprecated in RFC4159.
+	    The default is to use IP6.ARPA as specified in RFC3596.
+	  </p>
+	</dd>
 <dt><span class="term">-l</span></dt>
 <dd>
 	  <p>
@@ -302,7 +311,7 @@
       <span class="command"><strong>host</strong></span> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
+      If you'd like to turn off the IDN support for some reason, defines
       the <code class="envar">IDN_DISABLE</code> environment variable.
       The IDN support is disabled if the variable is set when
       <span class="command"><strong>host</strong></span> runs.

bin/dig/include/dig/dig.h

@@ -14,19 +14,16 @@
 
 /*! \file */
 
-#include <inttypes.h>
-#include <stdbool.h>
-
 #include <dns/rdatalist.h>
 
 #include <dst/dst.h>
 
+#include <isc/boolean.h>
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
 #include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/list.h>
-#include <isc/magic.h>
 #include <isc/mem.h>
 #include <isc/print.h>
 #include <isc/sockaddr.h>
@@ -82,14 +79,9 @@ typedef struct dig_server dig_server_t;
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-#define DIG_QUERY_MAGIC		ISC_MAGIC('D','i','g','q')
-
-#define DIG_VALID_QUERY(x)	ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
-
-
 /*% The dig_lookup structure */
 struct dig_lookup {
-	bool
+	isc_boolean_t
 		pending, /*%< Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
@@ -102,13 +94,12 @@ struct dig_lookup {
 		aaonly,
 		adflag,
 		cdflag,
-		raflag,
-		tcflag,
 		zflag,
 		trace, /*% dig +trace */
 		trace_root, /*% initial query for either +trace or +nssearch */
 		tcp_mode,
 		tcp_mode_set,
+		ip6_int,
 		comments,
 		stats,
 		section_question,
@@ -140,15 +131,14 @@ struct dig_lookup {
 		ttlunits,
 		idnin,
 		idnout,
-		expandaaaa,
 		qr;
 	char textname[MXNAME]; /*% Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
 	dns_rdataclass_t rdclass;
-	bool rdtypeset;
-	bool rdclassset;
+	isc_boolean_t rdtypeset;
+	isc_boolean_t rdclassset;
 	char name_space[BUFSIZE];
 	char oname_space[BUFSIZE];
 	isc_buffer_t namebuf;
@@ -166,17 +156,17 @@ struct dig_lookup {
 	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
-	uint32_t retries;
+	isc_uint32_t retries;
 	int nsfound;
-	uint16_t udpsize;
-	int16_t edns;
-	int16_t padding;
-	uint32_t ixfr_serial;
+	isc_uint16_t udpsize;
+	isc_int16_t edns;
+	isc_int16_t padding;
+	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
-	uint32_t msgcounter;
+	isc_uint32_t msgcounter;
 	dns_fixedname_t fdomain;
 	isc_sockaddr_t *ecs_addr;
 	char *cookie;
@@ -191,9 +181,8 @@ struct dig_lookup {
 
 /*% The dig_query structure */
 struct dig_query {
-	unsigned int magic;
 	dig_lookup_t *lookup;
-	bool waiting_connect,
+	isc_boolean_t waiting_connect,
 		pending_free,
 		waiting_senddone,
 		first_pass,
@@ -203,26 +192,30 @@ struct dig_query {
 		recv_made,
 		warn_id,
 		timedout;
-	uint32_t first_rr_serial;
-	uint32_t second_rr_serial;
-	uint32_t msg_count;
-	uint32_t rr_count;
-	bool ixfr_axfr;
+	isc_uint32_t first_rr_serial;
+	isc_uint32_t second_rr_serial;
+	isc_uint32_t msg_count;
+	isc_uint32_t rr_count;
+	isc_boolean_t ixfr_axfr;
 	char *servname;
 	char *userarg;
+	isc_bufferlist_t sendlist,
+		recvlist,
+		lengthlist;
 	isc_buffer_t recvbuf,
 		lengthbuf,
-		tmpsendbuf,
-		sendbuf;
-	char *recvspace, *tmpsendspace,
-		lengthspace[4];
+		slbuf;
+	char *recvspace,
+		lengthspace[4],
+		slspace[4];
 	isc_socket_t *sock;
 	ISC_LINK(dig_query_t) link;
 	ISC_LINK(dig_query_t) clink;
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
 	isc_time_t time_recv;
-	uint64_t byte_count;
+	isc_uint64_t byte_count;
+	isc_buffer_t sendbuf;
 	isc_timer_t *timer;
 };
 
@@ -249,7 +242,7 @@ extern dig_serverlist_t server_list;
 extern dig_searchlistlist_t search_list;
 extern unsigned int extrabytes;
 
-extern bool check_ra, have_ipv4, have_ipv6, specified_source,
+extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
 	usesearch, showsearch;
 extern in_port_t port;
 extern unsigned int timeout;
@@ -264,18 +257,18 @@ extern char keyfile[MXNAME];
 extern char keysecret[MXNAME];
 extern const dns_name_t *hmacname;
 extern unsigned int digestbits;
-extern dns_tsigkey_t *tsigkey;
-extern bool validated;
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
 extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *global_task;
-extern bool free_now;
-extern bool debugging, debugtiming, memdebugging;
-extern bool keep_open;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, debugtiming, memdebugging;
+extern isc_boolean_t keep_open;
 
 extern char *progname;
 extern int tries;
 extern int fatalexit;
-extern bool verbose;
+extern isc_boolean_t verbose;
 
 /*
  * Routines in dighost.c.
@@ -287,7 +280,8 @@ int
 getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp);
 
 isc_result_t
-get_reverse(char *reverse, size_t len, char *value, bool strict);
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+	    isc_boolean_t strict);
 
 ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
@@ -306,7 +300,7 @@ debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 void
 check_result(isc_result_t result, const char *msg);
 
-bool
+isc_boolean_t
 setup_lookup(dig_lookup_t *lookup);
 
 void
@@ -328,14 +322,14 @@ void
 setup_libs(void);
 
 void
-setup_system(bool ipv4only, bool ipv6only);
+setup_system(isc_boolean_t ipv4only, isc_boolean_t ipv6only);
 
 isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max,
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc);
 
 isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max,
+parse_xint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc);
 
 isc_result_t
@@ -345,13 +339,13 @@ void
 parse_hmac(const char *hmacstr);
 
 dig_lookup_t *
-requeue_lookup(dig_lookup_t *lookold, bool servers);
+requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_lookup_t *
 make_empty_lookup(void);
 
 dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, bool servers);
+clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_server_t *
 make_server(const char *servname, const char *userarg);
@@ -375,27 +369,21 @@ destroy_libs(void);
 void
 set_search_domain(char *domain);
 
+char *
+next_token(char **stringp, const char *delim);
+
 /*
  * Routines to be defined in dig.c, host.c, and nslookup.c. and
  * then assigned to the appropriate function pointer
  */
 extern isc_result_t
-(*dighost_printmessage)(dig_query_t *query, const isc_buffer_t *msgbuf,
-			dns_message_t *msg, bool headers);
-
-/*
- * Print an error message in the appropriate format.
- */
-extern void
-(*dighost_error)(const char *format, ...);
-
+(*dighost_printmessage)(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
 /*%<
  * Print the final result of the lookup.
  */
 
 extern void
-(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
-		    dig_query_t *query);
+(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
@@ -431,7 +419,7 @@ dig_setup(int argc, char **argv);
  * Call to supply new parameters for the next lookup
  */
 void
-dig_query_setup(bool, bool, int argc, char **argv);
+dig_query_setup(isc_boolean_t, isc_boolean_t, int argc, char **argv);
 
 /*%<
  * set the main application event cycle running

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -277,17 +277,6 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .PP
 \fBnslookup\fR
 returns with an exit status of 1 if any query failed, and 0 otherwise\&.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBnslookup\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
-\fBnslookup\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBnslookup\fR
-runs or when the standard output is not a tty\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -301,5 +290,5 @@ runs or when the standard output is not a tty\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -9,8 +9,8 @@
  * information regarding copyright ownership.
  */
 
-#include <inttypes.h>
-#include <stdbool.h>
+#include <config.h>
+
 #include <stdlib.h>
 #include <unistd.h>
 
@@ -53,18 +53,18 @@
 #endif
 #endif
 
-static bool short_form = true,
-	tcpmode = false, tcpmode_set = false,
-	identify = false, stats = true,
-	comments = true, section_question = true,
-	section_answer = true, section_authority = true,
-	section_additional = true, recurse = true,
-	aaonly = false, nofail = true,
-	default_lookups = true, a_noanswer = false;
+static isc_boolean_t short_form = ISC_TRUE,
+	tcpmode = ISC_FALSE, tcpmode_set = ISC_FALSE,
+	identify = ISC_FALSE, stats = ISC_TRUE,
+	comments = ISC_TRUE, section_question = ISC_TRUE,
+	section_answer = ISC_TRUE, section_authority = ISC_TRUE,
+	section_additional = ISC_TRUE, recurse = ISC_TRUE,
+	aaonly = ISC_FALSE, nofail = ISC_TRUE,
+	default_lookups = ISC_TRUE, a_noanswer = ISC_FALSE;
 
-static bool interactive;
+static isc_boolean_t interactive;
 
-static bool in_use = false;
+static isc_boolean_t in_use = ISC_FALSE;
 static char defclass[MXRD] = "IN";
 static char deftype[MXRD] = "A";
 static isc_event_t *global_event = NULL;
@@ -213,7 +213,7 @@ printrdata(dns_rdata_t *rdata) {
 	isc_result_t result;
 	isc_buffer_t *b = NULL;
 	unsigned int size = 1024;
-	bool done = false;
+	isc_boolean_t done = ISC_FALSE;
 
 	if (rdata->type < N_KNOWN_RRTYPES)
 		printf("%s", rtypetext[rdata->type]);
@@ -228,7 +228,7 @@ printrdata(dns_rdata_t *rdata) {
 		if (result == ISC_R_SUCCESS) {
 			printf("%.*s\n", (int)isc_buffer_usedlength(b),
 			       (char *)isc_buffer_base(b));
-			done = true;
+			done = ISC_TRUE;
 		} else if (result != ISC_R_NOSPACE)
 			check_result(result, "dns_rdata_totext");
 		isc_buffer_free(&b);
@@ -237,7 +237,7 @@ printrdata(dns_rdata_t *rdata) {
 }
 
 static isc_result_t
-printsection(dig_query_t *query, dns_message_t *msg, bool headers,
+printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
@@ -304,7 +304,7 @@ printsection(dig_query_t *query, dns_message_t *msg, bool headers,
 }
 
 static isc_result_t
-detailsection(dig_query_t *query, dns_message_t *msg, bool headers,
+detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
 	dns_name_t *name;
@@ -429,21 +429,16 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 }
 
 static isc_result_t
-printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
-	     dns_message_t *msg, bool headers)
-{
+printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
-	UNUSED(msgbuf);
-
 	/* I've we've gotten this far, we've reached a server. */
 	query_error = 0;
 
 	debug("printmessage()");
 
 	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
-		isc_sockaddr_format(&query->sockaddr, servtext,
-				    sizeof(servtext));
+		isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
 		printf("Server:\t\t%s\n", query->userarg);
 		printf("Address:\t%s\n", servtext);
 
@@ -453,10 +448,10 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 	if (!short_form) {
 		puts("------------");
 		/*		detailheader(query, msg);*/
-		detailsection(query, msg, true, DNS_SECTION_QUESTION);
-		detailsection(query, msg, true, DNS_SECTION_ANSWER);
-		detailsection(query, msg, true, DNS_SECTION_AUTHORITY);
-		detailsection(query, msg, true, DNS_SECTION_ADDITIONAL);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_QUESTION);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_ANSWER);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_AUTHORITY);
+		detailsection(query, msg, ISC_TRUE, DNS_SECTION_ADDITIONAL);
 		puts("------------");
 	}
 
@@ -480,16 +475,17 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 		dns_name_t *name;
 
 		/* Add AAAA lookup. */
-		name = dns_fixedname_initname(&fixed);
+		dns_fixedname_init(&fixed);
+		name = dns_fixedname_name(&fixed);
 		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, false);
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
 			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
 			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = true;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -503,7 +499,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
 	else {
 		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
-			a_noanswer = true;
+			a_noanswer = ISC_TRUE;
 
 		else if (!default_lookups ||
 			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
@@ -525,7 +521,7 @@ printmessage(dig_query_t *query, const isc_buffer_t *msgbuf,
 }
 
 static void
-show_settings(bool full, bool serv_only) {
+show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	dig_server_t *srv;
 	isc_sockaddr_t sockaddr;
 	dig_searchlist_t *listent;
@@ -570,7 +566,7 @@ show_settings(bool full, bool serv_only) {
 	printf("\n");
 }
 
-static bool
+static isc_boolean_t
 testtype(char *typetext) {
 	isc_result_t result;
 	isc_textregion_t tr;
@@ -580,14 +576,14 @@ testtype(char *typetext) {
 	tr.length = strlen(typetext);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
 	if (result == ISC_R_SUCCESS)
-		return (true);
+		return (ISC_TRUE);
 	else {
 		printf("unknown query type: %s\n", typetext);
-		return (false);
+		return (ISC_FALSE);
 	}
 }
 
-static bool
+static isc_boolean_t
 testclass(char *typetext) {
 	isc_result_t result;
 	isc_textregion_t tr;
@@ -597,24 +593,24 @@ testclass(char *typetext) {
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
 	if (result == ISC_R_SUCCESS)
-		return (true);
+		return (ISC_TRUE);
 	else {
 		printf("unknown query class: %s\n", typetext);
-		return (false);
+		return (ISC_FALSE);
 	}
 }
 
 static void
 set_port(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 65535, "port");
 	if (result == ISC_R_SUCCESS)
-		port = (uint16_t) n;
+		port = (isc_uint16_t) n;
 }
 
 static void
 set_timeout(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
 	if (result == ISC_R_SUCCESS)
 		timeout = n;
@@ -622,7 +618,7 @@ set_timeout(const char *value) {
 
 static void
 set_tries(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
 	if (result == ISC_R_SUCCESS)
 		tries = n;
@@ -630,7 +626,7 @@ set_tries(const char *value) {
 
 static void
 set_ndots(const char *value) {
-	uint32_t n;
+	isc_uint32_t n;
 	isc_result_t result = parse_uint(&n, value, 128, "ndots");
 	if (result == ISC_R_SUCCESS)
 		ndots = n;
@@ -649,7 +645,7 @@ setoption(char *opt) {
 	((l >= N) && (l < sizeof(A)) && (strncasecmp(opt, A, l) == 0))
 
 	if (CHECKOPT("all", 3)) {
-		show_settings(true, false);
+		show_settings(ISC_TRUE, ISC_FALSE);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
 		if (testclass(&opt[6]))
 			strlcpy(defclass, &opt[6], sizeof(defclass));
@@ -659,41 +655,41 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5])) {
 			strlcpy(deftype, &opt[5], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
 		if (testtype(&opt[3])) {
 			strlcpy(deftype, &opt[3], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
 		if (testtype(&opt[10])) {
 			strlcpy(deftype, &opt[10], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
 		if (testtype(&opt[6])) {
 			strlcpy(deftype, &opt[6], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "qu=", 3) == 0) {
 		if (testtype(&opt[3])) {
 			strlcpy(deftype, &opt[3], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "q=", 2) == 0) {
 		if (testtype(&opt[2])) {
 			strlcpy(deftype, &opt[2], sizeof(deftype));
-			default_lookups = false;
+			default_lookups = ISC_FALSE;
 		}
 	} else if (strncasecmp(opt, "domain=", 7) == 0) {
 		strlcpy(domainopt, &opt[7], sizeof(domainopt));
 		set_search_domain(domainopt);
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "do=", 3) == 0) {
 		strlcpy(domainopt, &opt[3], sizeof(domainopt));
 		set_search_domain(domainopt);
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "port=", 5) == 0) {
 		set_port(&opt[5]);
 	} else if (strncasecmp(opt, "po=", 3) == 0) {
@@ -703,43 +699,43 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "t=", 2) == 0) {
 		set_timeout(&opt[2]);
 	} else if (CHECKOPT("recurse", 3)) {
-		recurse = true;
+		recurse = ISC_TRUE;
 	} else if (CHECKOPT("norecurse", 5)) {
-		recurse = false;
+		recurse = ISC_FALSE;
 	} else if (strncasecmp(opt, "retry=", 6) == 0) {
 		set_tries(&opt[6]);
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
 		set_tries(&opt[4]);
 	} else if (CHECKOPT("defname", 3)) {
-		usesearch = true;
+		usesearch = ISC_TRUE;
 	} else if (CHECKOPT("nodefname", 5)) {
-		usesearch = false;
-	} else if (CHECKOPT("vc", 2)) {
-		tcpmode = true;
-		tcpmode_set = true;
-	} else if (CHECKOPT("novc", 4)) {
-		tcpmode = false;
-		tcpmode_set = true;
-	} else if (CHECKOPT("debug", 3)) {
-		short_form = false;
-		showsearch = true;
-	} else if (CHECKOPT("nodebug", 5)) {
-		short_form = true;
-		showsearch = false;
-	} else if (CHECKOPT("d2", 2)) {
-		debugging = true;
-	} else if (CHECKOPT("nod2", 4)) {
-		debugging = false;
-	} else if (CHECKOPT("search", 3)) {
-		usesearch = true;
-	} else if (CHECKOPT("nosearch", 5)) {
-		usesearch = false;
-	} else if (CHECKOPT("sil", 3)) {
-		/* deprecation_msg = false; */
-	} else if (CHECKOPT("fail", 3)) {
-		nofail=false;
-	} else if (CHECKOPT("nofail", 5)) {
-		nofail=true;
+		usesearch = ISC_FALSE;
+	} else if (CHECKOPT("vc", 2) == 0) {
+		tcpmode = ISC_TRUE;
+		tcpmode_set = ISC_TRUE;
+	} else if (CHECKOPT("novc", 4) == 0) {
+		tcpmode = ISC_FALSE;
+		tcpmode_set = ISC_TRUE;
+	} else if (CHECKOPT("debug", 3) == 0) {
+		short_form = ISC_FALSE;
+		showsearch = ISC_TRUE;
+	} else if (CHECKOPT("nodebug", 5) == 0) {
+		short_form = ISC_TRUE;
+		showsearch = ISC_FALSE;
+	} else if (CHECKOPT("d2", 2) == 0) {
+		debugging = ISC_TRUE;
+	} else if (CHECKOPT("nod2", 4) == 0) {
+		debugging = ISC_FALSE;
+	} else if (CHECKOPT("search", 3) == 0) {
+		usesearch = ISC_TRUE;
+	} else if (CHECKOPT("nosearch", 5) == 0) {
+		usesearch = ISC_FALSE;
+	} else if (CHECKOPT("sil", 3) == 0) {
+		/* deprecation_msg = ISC_FALSE; */
+	} else if (CHECKOPT("fail", 3) == 0) {
+		nofail=ISC_FALSE;
+	} else if (CHECKOPT("nofail", 5) == 0) {
+		nofail=ISC_TRUE;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
 	} else {
@@ -758,7 +754,7 @@ addlookup(char *opt) {
 
 	debug("addlookup()");
 
-	a_noanswer = false;
+	a_noanswer = ISC_FALSE;
 
 	tr.base = deftype;
 	tr.length = strlen(deftype);
@@ -775,21 +771,21 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, true)
+	if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
 	    == ISC_R_SUCCESS) {
 		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = true;
+		lookup->rdtypeset = ISC_TRUE;
 	} else {
 		strlcpy(lookup->textname, opt, sizeof(lookup->textname));
 		lookup->rdtype = rdtype;
-		lookup->rdtypeset = true;
+		lookup->rdtypeset = ISC_TRUE;
 	}
 	lookup->rdclass = rdclass;
-	lookup->rdclassset = true;
-	lookup->trace = false;
+	lookup->rdclassset = ISC_TRUE;
+	lookup->trace = ISC_FALSE;
 	lookup->trace_root = lookup->trace;
-	lookup->ns_search_only = false;
+	lookup->ns_search_only = ISC_FALSE;
 	lookup->identify = identify;
 	lookup->recurse = recurse;
 	lookup->aaonly = aaonly;
@@ -797,7 +793,7 @@ addlookup(char *opt) {
 	lookup->udpsize = 0;
 	lookup->comments = comments;
 	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
-		lookup->tcp_mode = true;
+		lookup->tcp_mode = ISC_TRUE;
 	else
 		lookup->tcp_mode = tcpmode;
 	lookup->stats = stats;
@@ -805,9 +801,9 @@ addlookup(char *opt) {
 	lookup->section_answer = section_answer;
 	lookup->section_authority = section_authority;
 	lookup->section_additional = section_additional;
-	lookup->new_search = true;
+	lookup->new_search = ISC_TRUE;
 	if (nofail)
-		lookup->servfail_stops = false;
+		lookup->servfail_stops = ISC_FALSE;
 	ISC_LIST_INIT(lookup->q);
 	ISC_LINK_INIT(lookup, link);
 	ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -818,12 +814,12 @@ addlookup(char *opt) {
 
 static void
 do_next_command(char *input) {
-	char *ptr, *arg, *last;
+	char *ptr, *arg;
 
-	if ((ptr = strtok_r(input, " \t\r\n", &last)) == NULL) {
+	ptr = next_token(&input, " \t\r\n");
+	if (ptr == NULL)
 		return;
-	}
-	arg = strtok_r(NULL, " \t\r\n", &last);
+	arg = next_token(&input, " \t\r\n");
 	if ((strcasecmp(ptr, "set") == 0) &&
 	    (arg != NULL))
 		setoption(arg);
@@ -831,11 +827,11 @@ do_next_command(char *input) {
 		 (strcasecmp(ptr, "lserver") == 0)) {
 		isc_app_block();
 		set_nameserver(arg);
-		check_ra = false;
+		check_ra = ISC_FALSE;
 		isc_app_unblock();
-		show_settings(true, true);
+		show_settings(ISC_TRUE, ISC_TRUE);
 	} else if (strcasecmp(ptr, "exit") == 0) {
-		in_use = false;
+		in_use = ISC_FALSE;
 	} else if (strcasecmp(ptr, "help") == 0 ||
 		   strcasecmp(ptr, "?") == 0) {
 		printf("The '%s' command is not yet implemented.\n", ptr);
@@ -855,6 +851,8 @@ get_next_command(void) {
 
 	fflush(stdout);
 	buf = isc_mem_allocate(mctx, COMMSIZE);
+	if (buf == NULL)
+		fatal("memory allocation failure");
 	isc_app_block();
 	if (interactive) {
 #ifdef HAVE_READLINE
@@ -870,7 +868,7 @@ get_next_command(void) {
 		ptr = fgets(buf, COMMSIZE, stdin);
 	isc_app_unblock();
 	if (ptr == NULL) {
-		in_use = false;
+		in_use = ISC_FALSE;
 	} else
 		do_next_command(ptr);
 #ifdef HAVE_READLINE
@@ -880,29 +878,12 @@ get_next_command(void) {
 	isc_mem_free(mctx, buf);
 }
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-    fprintf(stderr, "Usage:\n");
-    fprintf(stderr,
-"   nslookup [-opt ...]             # interactive mode using default server\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] - server    # interactive mode using 'server'\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] host        # just look up 'host' using default server\n");
-    fprintf(stderr,
-"   nslookup [-opt ...] host server # just look up 'host' using 'server'\n");
-    exit(1);
-}
-
 static void
 parse_args(int argc, char **argv) {
-	bool have_lookup = false;
+	isc_boolean_t have_lookup = ISC_FALSE;
 
-	usesearch = true;
-	for (argc--, argv++; argc > 0 && argv[0] != NULL; argc--, argv++) {
+	usesearch = ISC_TRUE;
+	for (argc--, argv++; argc > 0; argc--, argv++) {
 		debug("main parsing %s", argv[0]);
 		if (argv[0][0] == '-') {
 			if (strncasecmp(argv[0], "-ver", 4) == 0) {
@@ -911,18 +892,15 @@ parse_args(int argc, char **argv) {
 			} else if (argv[0][1] != 0) {
 				setoption(&argv[0][1]);
 			} else
-				have_lookup = true;
+				have_lookup = ISC_TRUE;
 		} else {
 			if (!have_lookup) {
-				have_lookup = true;
-				in_use = true;
+				have_lookup = ISC_TRUE;
+				in_use = ISC_TRUE;
 				addlookup(argv[0]);
 			} else {
-				if (argv[1] != NULL) {
-					usage();
-				}
 				set_nameserver(argv[0]);
-				check_ra = false;
+				check_ra = ISC_FALSE;
 			}
 		}
 	}
@@ -944,6 +922,12 @@ flush_lookup_list(void) {
 						  ISC_SOCKCANCEL_ALL);
 				isc_socket_detach(&q->sock);
 			}
+			if (ISC_LINK_LINKED(&q->recvbuf, link))
+				ISC_LIST_DEQUEUE(q->recvlist, &q->recvbuf,
+						 link);
+			if (ISC_LINK_LINKED(&q->lengthbuf, link))
+				ISC_LIST_DEQUEUE(q->lengthlist, &q->lengthbuf,
+						 link);
 			isc_buffer_invalidate(&q->recvbuf);
 			isc_buffer_invalidate(&q->lengthbuf);
 			qp = q;
@@ -983,35 +967,23 @@ getinput(isc_task_t *task, isc_event_t *event) {
 	isc_app_shutdown();
 }
 
-static void
-nsl_error(const char *format, ...) {
-	va_list args;
-
-	printf(";; ");
-	va_start(args, format);
-	vfprintf(stdout, format, args);
-	va_end(args);
-	printf("\n");
-}
-
 int
 main(int argc, char **argv) {
 	isc_result_t result;
 
-	interactive = isatty(0);
+	interactive = ISC_TF(isatty(0));
 
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
-	check_ra = true;
+	check_ra = ISC_TRUE;
 
 	/* setup dighost callbacks */
 	dighost_printmessage = printmessage;
 	dighost_received = received;
 	dighost_trying = trying;
 	dighost_shutdown = query_finished;
-	dighost_error = nsl_error;
 
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
@@ -1019,7 +991,7 @@ main(int argc, char **argv) {
 	setup_libs();
 	progname = argv[0];
 
-	setup_system(false, false);
+	setup_system(ISC_FALSE, ISC_FALSE);
 	parse_args(argc, argv);
 	if (keyfile[0] != 0)
 		setup_file_key();
@@ -1033,7 +1005,7 @@ main(int argc, char **argv) {
 	else
 		result = isc_app_onrun(mctx, global_task, getinput, NULL);
 	check_result(result, "isc_app_onrun");
-	in_use = !in_use;
+	in_use = ISC_TF(!in_use);
 
 	(void)isc_app_run();
 

bin/dig/nslookup.docbook

@@ -71,7 +71,6 @@
       <year>2016</year>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -479,22 +478,6 @@ nslookup -query=hinfo  -timeout=10
     </para>
   </refsection>
 
-  <refsection><info><title>IDN SUPPORT</title></info>
-
-    <para>
-      If <command>nslookup</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <command>nslookup</command> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when
-      <command>nslookup</command> runs or when the standard output is not
-      a tty.
-    </para>
-  </refsection>
-
   <refsection><info><title>FILES</title></info>
 
     <para><filename>/etc/resolv.conf</filename>

bin/dig/nslookup.html

@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2019 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -362,31 +362,14 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.11"></a><h2>IDN SUPPORT</h2>
-
-    <p>
-      If <span class="command"><strong>nslookup</strong></span> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <span class="command"><strong>nslookup</strong></span> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span class="command"><strong>nslookup</strong></span> runs or when the standard output is not
-      a tty.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.12"></a><h2>FILES</h2>
+<a name="id-1.11"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/resolv.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13"></a><h2>SEE ALSO</h2>
+<a name="id-1.12"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)

bin/dig/win32/dig.vcxproj.in

@@ -53,14 +53,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -69,7 +68,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -80,7 +79,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -88,7 +87,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -100,7 +98,7 @@
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

bin/dig/win32/dig.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/dig/win32/dighost.vcxproj.in

@@ -53,14 +53,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\irs\include;..\..\..\lib\irs\win32\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -78,7 +77,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -86,7 +85,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\irs\include;..\..\..\lib\irs\win32\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>

bin/dig/win32/dighost.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/dig/win32/host.vcxproj.in

@@ -53,14 +53,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -69,7 +68,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -80,7 +79,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -88,7 +87,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@IDN_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -100,7 +98,7 @@
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

bin/dig/win32/host.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/dig/win32/nslookup.vcxproj.in

@@ -53,14 +53,13 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@READLINE_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\irs\include;..\..\..\lib\irs\win32\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -69,7 +68,7 @@
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIBD@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>@READLINE_LIBD@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -80,7 +79,7 @@
       <Optimization>MaxSpeed</Optimization>
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;@CRYPTO@USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <WholeProgramOptimization>false</WholeProgramOptimization>
       <StringPooling>true</StringPooling>
@@ -88,7 +87,6 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <ForcedIncludeFiles>..\..\..\config.h</ForcedIncludeFiles>
       <AdditionalIncludeDirectories>.\;..\include;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@READLINE_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\irs\include;..\..\..\lib\irs\win32\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
@@ -100,7 +98,7 @@
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
       <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIB@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalDependencies>@READLINE_LIB@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>

bin/dig/win32/nslookup.vcxproj.user

@@ -1,3 +1,3 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 </Project>

bin/dnssec/Makefile.in

@@ -15,15 +15,15 @@ VERSION=@BIND9_VERSION@
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} \
-		${OPENSSL_CFLAGS}
+CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
 
-CDEFINES =	-DVERSION=\"${VERSION}\"
+CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
+		@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ ${MAXMINDDB_LIBS} @DNS_CRYPTO_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ ${OPENSSL_LIBS} ${JSON_C_LIBS} ${LIBXML2_LIBS}
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
@@ -116,12 +116,12 @@ installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
 install:: ${TARGETS} installdirs
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
+	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 
 uninstall::
-	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
+	for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t ; done
 
 clean distclean::
 	rm -f ${TARGETS}

bin/dnssec/dnssec-cds.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2017-2019 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -102,7 +102,7 @@ Specify a digest algorithm to use when converting CDNSKEY records to DS records\
 .sp
 The
 \fIalgorithm\fR
-must be one of SHA\-1, SHA\-256, or SHA\-384\&. These values are case insensitive, and the hyphen may be omitted\&. If no algorithm is specified, the default is SHA\-256\&.
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST, or SHA\-384 (SHA384)\&. These values are case insensitive\&. If no algorithm is specified, the default is SHA\-256\&.
 .RE
 .PP
 \-c \fIclass\fR
@@ -293,5 +293,5 @@ RFC 7344\&.
 .RE
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2017-2019 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2017, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-cds.c

@@ -16,13 +16,14 @@
 
 /*! \file */
 
+#include <config.h>
+
 #include <errno.h>
-#include <inttypes.h>
-#include <stdbool.h>
 #include <stdlib.h>
 
 #include <isc/buffer.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/mem.h>
@@ -53,19 +54,25 @@
 
 #include <dst/dst.h>
 
-#if USE_PKCS11
+#ifdef PKCS11CRYPTO
 #include <pk11/result.h>
 #endif
 
 #include "dnssectool.h"
 
+#ifndef PATH_MAX
+#define PATH_MAX 1024   /* AIX, WIN32, and others don't define this. */
+#endif
+
 const char *program = "dnssec-cds";
+int verbose;
 
 /*
  * Infrastructure
  */
 static isc_log_t *lctx = NULL;
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 
 /*
  * The domain we are working on
@@ -75,6 +82,12 @@ static dns_fixedname_t fixed;
 static dns_name_t *name = NULL;
 static dns_rdataclass_t rdclass = dns_rdataclass_in;
 
+/*
+ * List of digest types used by ds_from_cdnskey(), filled in by add_dtype()
+ * from -a arguments. The size of the array is an arbitrary limit.
+ */
+static isc_uint8_t dtype[8];
+
 static const char *startstr  = NULL;	/* from which we derive notbefore */
 static isc_stdtime_t notbefore = 0;	/* restrict sig inception times */
 static dns_rdata_rrsig_t oldestsig;	/* for recording inception time */
@@ -116,7 +129,7 @@ static int nkey; /* number of child zone DNSKEY records */
 typedef struct keyinfo {
 	dns_rdata_t rdata;
 	dst_key_t *dst;
-	dns_secalg_t algo;
+	isc_uint8_t algo;
 	dns_keytag_t tag;
 } keyinfo_t;
 
@@ -150,8 +163,8 @@ verbose_time(int level, const char *msg, isc_stdtime_t time) {
 	if (verbose < 3) {
 		vbprintf(level, "%s %s\n", msg, timestr);
 	} else {
-		vbprintf(level, "%s %s (%" PRIu32 ")\n",
-			 msg, timestr, time);
+		vbprintf(level, "%s %s (%lld)\n",
+			 msg, timestr, (long long)time);
 	}
 }
 
@@ -160,7 +173,8 @@ initname(char *setname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 
-	name = dns_fixedname_initname(&fixed);
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
 	namestr = setname;
 
 	isc_buffer_init(&buf, setname, strlen(setname));
@@ -240,14 +254,14 @@ load_db(const char *filename, dns_db_t **dbp, dns_dbnode_t **nodep) {
 			       rdclass, 0, NULL, dbp);
 	check_result(result, "dns_db_create()");
 
-	result = dns_db_load(*dbp, filename,
-			     dns_masterformat_text, DNS_MASTER_HINT);
+	result = dns_db_load3(*dbp, filename,
+			      dns_masterformat_text, DNS_MASTER_HINT);
 	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) {
 		fatal("can't load %s: %s", filename,
 		      isc_result_totext(result));
 	}
 
-	result = dns_db_findnode(*dbp, name, false, nodep);
+	result = dns_db_findnode(*dbp, name, ISC_FALSE, nodep);
 	if (result != ISC_R_SUCCESS) {
 		fatal("can't find %s node in %s", namestr, filename);
 	}
@@ -301,7 +315,7 @@ get_dsset_name(char *filename, size_t size,
 		}
 		isc_buffer_putstr(&buf, prefix);
 
-		result = dns_name_tofilenametext(name, false, &buf);
+		result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
 		check_result(result, "dns_name_tofilenametext()");
 		if (isc_buffer_availablelength(&buf) == 0) {
 			fatal("%s: pathname too long", path);
@@ -365,9 +379,9 @@ formatset(dns_rdataset_t *rdataset) {
 	 * which just separates fields with spaces. The huge tab stop width
 	 * eliminates any tab characters.
 	 */
-	result = dns_master_stylecreate(&style, styleflags,
-					0, 0, 0, 0, 0, 1000000, 0,
-					mctx);
+	result = dns_master_stylecreate2(&style, styleflags,
+					 0, 0, 0, 0, 0, 1000000, 0,
+					 mctx);
 	check_result(result, "dns_master_stylecreate2 failed");
 
 	result = isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
@@ -389,7 +403,7 @@ formatset(dns_rdataset_t *rdataset) {
 
 static void
 write_parent_set(const char *path, const char *inplace,
-		 bool nsupdate, dns_rdataset_t *rdataset)
+		 isc_boolean_t nsupdate, dns_rdataset_t *rdataset)
 {
 	isc_result_t result;
 	isc_buffer_t *buf = NULL;
@@ -456,7 +470,7 @@ typedef enum { LOOSE, TIGHT } strictness_t;
 /*
  * Find out if any (C)DS record matches a particular (C)DNSKEY.
  */
-static bool
+static isc_boolean_t
 match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 {
 	isc_result_t result;
@@ -469,7 +483,8 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 		dns_rdata_ds_t ds;
 		dns_rdata_t dsrdata = DNS_RDATA_INIT;
 		dns_rdata_t newdsrdata = DNS_RDATA_INIT;
-		bool c;
+		dns_rdatatype_t keytype;
+		isc_boolean_t c;
 
 		dns_rdataset_current(dsset, &dsrdata);
 		result = dns_rdata_tostruct(&dsrdata, &ds, NULL);
@@ -479,8 +494,12 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 			continue;
 		}
 
+		/* allow for both DNSKEY and CDNSKEY */
+		keytype = ki->rdata.type;
+		ki->rdata.type = dns_rdatatype_dnskey;
 		result = dns_ds_buildrdata(name, &ki->rdata, ds.digest_type,
 					   dsbuf, &newdsrdata);
+		ki->rdata.type = keytype;
 		if (result != ISC_R_SUCCESS) {
 			vbprintf(3, "dns_ds_buildrdata("
 				 "keytag=%d, algo=%d, digest=%d): %s\n",
@@ -495,13 +514,13 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 			vbprintf(1, "found matching %s %d %d %d\n",
 				 c ? "CDS" : "DS",
 				 ds.key_tag, ds.algorithm, ds.digest_type);
-			return (true);
+			return (ISC_TRUE);
 		} else if (strictness == TIGHT) {
 			vbprintf(0, "key does not match %s %d %d %d "
 				"when it looks like it should\n",
 				 c ? "CDS" : "DS",
 				 ds.key_tag, ds.algorithm, ds.digest_type);
-			return (false);
+			return (ISC_FALSE);
 		}
 	}
 
@@ -512,7 +531,7 @@ match_key_dsset(keyinfo_t *ki, dns_rdataset_t *dsset, strictness_t strictness)
 		 ? "CDNSKEY" : "DNSKEY",
 		 ki->tag, ki->algo);
 
-	return (false);
+	return (ISC_FALSE);
 }
 
 /*
@@ -530,6 +549,9 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 	nkey = dns_rdataset_count(keyset);
 
 	keytable = isc_mem_get(mctx, sizeof(keyinfo_t) * nkey);
+	if (keytable == NULL) {
+		fatal("out of memory");
+	}
 
 	for (result = dns_rdataset_first(keyset), i = 0;
 	     result == ISC_R_SUCCESS;
@@ -552,7 +574,7 @@ match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
 		ki->algo = dnskey.algorithm;
 
 		dns_rdata_toregion(keyrdata, &r);
-		ki->tag = dst_region_computeid(&r);
+		ki->tag = dst_region_computeid(&r, ki->algo);
 
 		ki->dst = NULL;
 		if (!match_key_dsset(ki, dsset, strictness)) {
@@ -598,15 +620,19 @@ free_keytable(keyinfo_t **keytable_p) {
  * otherwise the key algorithm. This is used by the signature coverage
  * check functions below.
  */
-static dns_secalg_t *
+static isc_uint8_t *
 matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 	      dns_rdataset_t *sigset)
 {
 	isc_result_t result;
-	dns_secalg_t *algo;
+	isc_uint8_t *algo;
 	int i;
 
 	algo = isc_mem_get(mctx, nkey);
+	if (algo == NULL) {
+		fatal("allocating RRSIG/DNSKEY match list: %s",
+		      isc_result_totext(ISC_R_NOMEMORY));
+	}
 	memset(algo, 0, nkey);
 
 	for (result = dns_rdataset_first(sigset);
@@ -645,11 +671,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
 			}
 
 			result = dns_dnssec_verify(name, rdataset, ki->dst,
-						   false, 0, mctx,
-						   &sigrdata, NULL);
-
-			if (result != ISC_R_SUCCESS &&
-			    result != DNS_R_FROMWILDCARD) {
+						   ISC_FALSE, mctx, &sigrdata);
+			if (result != ISC_R_SUCCESS) {
 				vbprintf(1, "skip RRSIG by key %d:"
 					 " verification failed: %s\n",
 					 sig.keyid, isc_result_totext(result));
@@ -681,13 +704,13 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
  * Consume the result of matching_sigs(). When checking records
  * fetched from the child zone, any working signature is enough.
  */
-static bool
-signed_loose(dns_secalg_t *algo) {
-	bool ok = false;
+static isc_boolean_t
+signed_loose(isc_uint8_t *algo) {
+	isc_boolean_t ok = ISC_FALSE;
 	int i;
 	for (i = 0; i < nkey; i++) {
 		if (algo[i] != 0) {
-			ok = true;
+			ok = ISC_TRUE;
 		}
 	}
 	isc_mem_put(mctx, algo, nkey);
@@ -700,10 +723,10 @@ signed_loose(dns_secalg_t *algo) {
  * key algorithm in the DS RRset must have a signature in the DNSKEY
  * RRset.
  */
-static bool
-signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
+static isc_boolean_t
+signed_strict(dns_rdataset_t *dsset, isc_uint8_t *algo) {
 	isc_result_t result;
-	bool all_ok = true;
+	isc_boolean_t all_ok = ISC_TRUE;
 
 	for (result = dns_rdataset_first(dsset);
 	     result == ISC_R_SUCCESS;
@@ -711,23 +734,23 @@ signed_strict(dns_rdataset_t *dsset, dns_secalg_t *algo) {
 	{
 		dns_rdata_t dsrdata = DNS_RDATA_INIT;
 		dns_rdata_ds_t ds;
-		bool ds_ok;
+		isc_boolean_t ds_ok;
 		int i;
 
 		dns_rdataset_current(dsset, &dsrdata);
 		result = dns_rdata_tostruct(&dsrdata, &ds, NULL);
 		check_result(result, "dns_rdata_tostruct(DS)");
 
-		ds_ok = false;
+		ds_ok = ISC_FALSE;
 		for (i = 0; i < nkey; i++) {
 			if (algo[i] == ds.algorithm) {
-				ds_ok = true;
+				ds_ok = ISC_TRUE;
 			}
 		}
 		if (!ds_ok) {
 			vbprintf(0, "missing signature for algorithm %d "
 				 "(key %d)\n", ds.algorithm, ds.key_tag);
-			all_ok = false;
+			all_ok = ISC_FALSE;
 		}
 	}
 
@@ -740,6 +763,10 @@ rdata_get(void) {
 	dns_rdata_t *rdata;
 
 	rdata = isc_mem_get(mctx, sizeof(*rdata));
+	if (rdata == NULL) {
+		fatal("allocating DS rdata: %s",
+		      isc_result_totext(ISC_R_NOMEMORY));
+	}
 	dns_rdata_init(rdata);
 
 	return (rdata);
@@ -797,6 +824,7 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
 				return (ISC_R_NOSPACE);
 			}
 
+			cdnskey->type = dns_rdatatype_dnskey;
 			rdata = rdata_get();
 			result = dns_ds_buildrdata(name, cdnskey, dtype[i],
 						   r.base, rdata);
@@ -814,9 +842,37 @@ ds_from_cdnskey(dns_rdatalist_t *dslist, isc_buffer_t *buf,
 	return (ISC_R_SUCCESS);
 }
 
+/*
+ * For sorting the digest types so that DS records generated
+ * from CDNSKEY records are in canonical order.
+ */
+static int
+cmp_dtype(const void *ap, const void *bp) {
+	int a = *(const isc_uint8_t *)ap;
+	int b = *(const isc_uint8_t *)bp;
+	return (a - b);
+}
+
+static void
+add_dtype(const char *dn) {
+	isc_uint8_t dt;
+	unsigned i, n;
+
+	dt = strtodsdigest(dn);
+	n = sizeof(dtype)/sizeof(dtype[0]);
+	for (i = 0; i < n; i++) {
+		if (dtype[i] == 0 || dtype[i] == dt) {
+			dtype[i] = dt;
+			qsort(dtype, i+1, 1, cmp_dtype);
+			return;
+		}
+	}
+	fatal("too many -a digest type arguments");
+}
+
 static void
 make_new_ds_set(ds_maker_func_t *ds_from_rdata,
-		uint32_t ttl, dns_rdataset_t *rdset)
+		isc_uint32_t ttl, dns_rdataset_t *rdset)
 {
 	unsigned int size = 16;
 	for (;;) {
@@ -824,6 +880,10 @@ make_new_ds_set(ds_maker_func_t *ds_from_rdata,
 		dns_rdatalist_t *dslist;
 
 		dslist = isc_mem_get(mctx, sizeof(*dslist));
+		if (dslist == NULL) {
+			fatal("allocating new DS list: %s",
+			      isc_result_totext(ISC_R_NOMEMORY));
+		}
 
 		dns_rdatalist_init(dslist);
 		dslist->rdclass = rdclass;
@@ -874,14 +934,14 @@ rdata_cmp(const void *rdata1, const void *rdata2) {
  * Ensure that every key identified by the DS RRset has the same set of
  * digest types.
  */
-static bool
+static isc_boolean_t
 consistent_digests(dns_rdataset_t *dsset) {
 	isc_result_t result;
 	dns_rdata_t *arrdata;
 	dns_rdata_ds_t *ds;
 	dns_keytag_t key_tag;
-	dns_secalg_t algorithm;
-	bool match;
+	isc_uint8_t algorithm;
+	isc_boolean_t match;
 	int i, j, n, d;
 
 	/*
@@ -892,6 +952,10 @@ consistent_digests(dns_rdataset_t *dsset) {
 	n = dns_rdataset_count(dsset);
 
 	arrdata = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
+	if (arrdata == NULL) {
+		fatal("allocating DS rdata array: %s",
+		      isc_result_totext(ISC_R_NOMEMORY));
+	}
 
 	for (result = dns_rdataset_first(dsset), i = 0;
 	     result == ISC_R_SUCCESS;
@@ -907,6 +971,10 @@ consistent_digests(dns_rdataset_t *dsset) {
 	 * Convert sorted arrdata to more accessible format
 	 */
 	ds = isc_mem_get(mctx, n * sizeof(dns_rdata_ds_t));
+	if (ds == NULL) {
+		fatal("allocating unpacked DS array: %s",
+		      isc_result_totext(ISC_R_NOMEMORY));
+	}
 
 	for (i = 0; i < n; i++) {
 		result = dns_rdata_tostruct(&arrdata[i], &ds[i], NULL);
@@ -927,7 +995,7 @@ consistent_digests(dns_rdataset_t *dsset) {
 	/*
 	 * Check subsequent keys match the first one
 	 */
-	match = true;
+	match = ISC_TRUE;
 	while (i < n) {
 		key_tag = ds[i].key_tag;
 		algorithm = ds[i].algorithm;
@@ -936,7 +1004,7 @@ consistent_digests(dns_rdataset_t *dsset) {
 			    ds[i+j].algorithm != algorithm ||
 			    ds[i+j].digest_type != ds[j].digest_type)
 			{
-				match = false;
+				match = ISC_FALSE;
 			}
 		}
 		i += d;
@@ -971,7 +1039,7 @@ print_diff(const char *cmd, dns_rdataset_t *rdataset) {
 }
 
 static void
-update_diff(const char *cmd, uint32_t ttl,
+update_diff(const char *cmd, isc_uint32_t ttl,
 	    dns_rdataset_t *addset, dns_rdataset_t *delset)
 {
 	isc_result_t result;
@@ -979,7 +1047,7 @@ update_diff(const char *cmd, uint32_t ttl,
 	dns_dbnode_t *node;
 	dns_dbversion_t *ver;
 	dns_rdataset_t diffset;
-	uint32_t save;
+	isc_uint32_t save;
 
 	db = NULL;
 	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
@@ -991,7 +1059,7 @@ update_diff(const char *cmd, uint32_t ttl,
 	check_result(result, "dns_db_newversion()");
 
 	node = NULL;
-	result = dns_db_findnode(db, name, true, &node);
+	result = dns_db_findnode(db, name, ISC_TRUE, &node);
 	check_result(result, "dns_db_findnode()");
 
 	dns_rdataset_init(&diffset);
@@ -1015,12 +1083,12 @@ update_diff(const char *cmd, uint32_t ttl,
 	}
 
 	dns_db_detachnode(db, &node);
-	dns_db_closeversion(db, &ver, false);
+	dns_db_closeversion(db, &ver, ISC_FALSE);
 	dns_db_detach(&db);
 }
 
 static void
-nsdiff(uint32_t ttl, dns_rdataset_t *oldset, dns_rdataset_t *newset) {
+nsdiff(isc_uint32_t ttl, dns_rdataset_t *oldset, dns_rdataset_t *newset) {
 	if (ttl == 0) {
 		vbprintf(1, "warning: no TTL in nsupdate script\n");
 	}
@@ -1047,7 +1115,7 @@ usage(void) {
 		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Options:\n"
-"    -a <algorithm>     digest algorithm (SHA-1 / SHA-256 / SHA-384)\n"
+"    -a <algorithm>     digest algorithm (SHA-1 / SHA-256 / GOST / SHA-384)\n"
 "    -c <class>         of domain (default IN)\n"
 "    -D                 prefer CDNSKEY records instead of CDS\n"
 "    -d <file|dir>      where to find parent dsset- file\n"
@@ -1068,9 +1136,9 @@ main(int argc, char *argv[]) {
 	const char *ds_path = NULL;
 	const char *inplace = NULL;
 	isc_result_t result;
-	bool prefer_cdnskey = false;
-	bool nsupdate = false;
-	uint32_t ttl = 0;
+	isc_boolean_t prefer_cdnskey = ISC_FALSE;
+	isc_boolean_t nsupdate = ISC_FALSE;
+	isc_uint32_t ttl = 0;
 	int ch;
 	char *endp;
 
@@ -1079,24 +1147,24 @@ main(int argc, char *argv[]) {
 		fatal("out of memory");
 	}
 
-#if USE_PKCS11
+#ifdef PKCS11CRYPTO
 	pk11_result_register();
 #endif
 	dns_result_register();
 
-	isc_commandline_errprint = false;
+	isc_commandline_errprint = ISC_FALSE;
 
 #define OPTIONS "a:c:Dd:f:i:ms:T:uv:V"
 	while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) {
 		switch (ch) {
 		case 'a':
-			add_dtype(strtodsdigest(isc_commandline_argument));
+			add_dtype(isc_commandline_argument);
 			break;
 		case 'c':
 			rdclass = strtoclass(isc_commandline_argument);
 			break;
 		case 'D':
-			prefer_cdnskey = true;
+			prefer_cdnskey = ISC_TRUE;
 			break;
 		case 'd':
 			ds_path = isc_commandline_argument;
@@ -1129,7 +1197,7 @@ main(int argc, char *argv[]) {
 			ttl = strtottl(isc_commandline_argument);
 			break;
 		case 'u':
-			nsupdate = true;
+			nsupdate = ISC_TRUE;
 			break;
 		case 'V':
 			/* Does not return. */
@@ -1163,11 +1231,20 @@ main(int argc, char *argv[]) {
 
 	setup_logging(mctx, &lctx);
 
-	result = dst_lib_init(mctx, NULL);
+	if (ectx == NULL) {
+		setup_entropy(mctx, NULL, &ectx);
+	}
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS) {
+		fatal("could not initialize hash");
+	}
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (result != ISC_R_SUCCESS) {
 		fatal("could not initialize dst: %s",
 		      isc_result_totext(result));
 	}
+	isc_entropy_stopcallbacksources(ectx);
 
 	if (ds_path == NULL) {
 		fatal("missing -d DS pathname");
@@ -1317,6 +1394,8 @@ main(int argc, char *argv[]) {
 	free_all_sets();
 	cleanup_logging(&lctx);
 	dst_lib_destroy();
+	isc_hash_destroy();
+	cleanup_entropy(&ectx);
 	if (verbose > 10) {
 		isc_mem_stats(mctx, stdout);
 	}

bin/dnssec/dnssec-cds.docbook

@@ -40,7 +40,6 @@
     <copyright>
       <year>2017</year>
       <year>2018</year>
-      <year>2019</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -144,9 +143,9 @@
 	    record. This option has no effect when using CDS records.
           </para>
           <para>
-	    The <replaceable>algorithm</replaceable> must be one of
-	    SHA-1, SHA-256, or SHA-384.  These values are case insensitive,
-	    and the hyphen may be omitted.  If no algorithm is specified,
+	    The <replaceable>algorithm</replaceable> must be one of SHA-1
+	    (SHA1), SHA-256 (SHA256), GOST, or SHA-384 (SHA384). These
+	    values are case insensitive. If no algorithm is specified,
 	    the default is SHA-256.
           </para>
         </listitem>