edited for 9.1.2

Allocate the initial buffer for rdata based on the length of the string, to
avoid reallocations and annoying messages.

CHANGES

@@ -1,3 +1,52 @@
+
+	--- 9.1.2 released ---
+
+	--- 9.1.2rc1 released ---
+
+ 820.	[bug]		Name server address lookups failed to follow
+			A6 chains into the glue of local authoritative
+			zones.
+
+ 819.	[bug]		In certain cases, the resolver's attempts to
+			restart an address lookup at the root could cause
+			the fetch to deadlock (with itself) instead of
+			restarting. [RT #1225]
+
+ 818.	[bug]		Certain pathological responses to ANY queries could
+			cause an assertion failure. [RT #1218]
+
+ 816.	[bug]		Report potential problems with log file accessibility
+			at configuration time, since such problems can't
+			reliably be reported at the time they actually occur.
+
+ 815.	[bug]		If a log file was specified with a path separator
+			character (i.e. "/") in its name and the directory
+			did not exist, the log file's name was treated as
+			though it were the directory name. [RT #1189]
+
+ 814.	[bug]		Socket objects left over from accept() failures
+			were incorrectly destroyed, causing corruption
+			of socket manager data structures.
+
+ 813.	[bug]		File descriptors exceeding FD_SETSIZE were handled
+			badly. [RT #1192]
+
+ 812.	[bug]		dig sometimes printed incomplete IXFR responses
+			due to an uninitialized variable. [RT #1188]
+
+ 811.	[bug]		Parentheses were not quoted in zone dumps. [RT #1194]
+
+ 810.	[bug]		The signer name in SIG records was not properly
+ 			downcased when signing/verifying records. [RT #1186]
+
+ 807.	[bug]		When setting up TCP connections for incoming zone
+			transfers, the transfer-source port was not
+			ignored like it should be.
+
+ 804.	[bug]		Attempting to obtain entropy could fail in some
+ 			situations.  This would be most common on systems
+			with user-space threads. [RT #1131]
+
  802.	[bug]		DNSSEC key tags were computed incorrectly in almost
  			all cases. [RT #1146]
 
@@ -5,53 +54,28 @@
  			comments. [RT #1139]
 
  800.	[bug]		dnssec-signzone produced incorrect statistics for
- 			large zones.  [RT #1133]
+ 			large zones. [RT #1133]
 
  799.	[bug]		The ADB didn't find AAAA glue in a zone unless A6
 			glue was also present.
 
- 798.	[bug]		nsupdate should be able to reject bad input lines
-			and continue. [RT #1130]
+	--- 9.1.1 released ---
 
- 797.	[func]		Issue a warning if the 'directory' option contains
- 			a relative path. [RT #269]
+	--- 9.1.1rc7 released ---
 
- 796.	[func]		When a size limit is associated with a log file,
-			only roll it when the size is reached, not every
-			time the log file is opened. [RT #1096]
-
- 795.	[func]		Add the +multiline option to dig. [RT #1095]
-
- 794.	[func]		Implement the "port" and "default-port" statements
- 			in rndc.conf.
-
- 793.	[cleanup]	The DNSSEC tools could create filenames that were
- 			illegal or contained shell metacharacters.  They
-			now use a different text encoding of names that
-			doesn't have these problems. [RT #1101]
-
- 792.	[cleanup]	Replace the OMAPI command channel protocol with a
- 			simpler one.
-
- 791.	[bug]		The command channel now works over IPv6.
+ 791.	[bug]		The control channel did not work over IPv6.
 
  790.	[bug]		Wildcards created using dynamic update or IXFR
 			could fail to match. [RT #1111]
 
- 789.	[bug]		The "localhost" and "localnets" ACLs did not match
-			when used as the second element of a two-element
-			sortlist item.
-
- 788.	[func]		Add the "match-mapped-addresses" option, which
- 			causes IPv6 v4mapped addresses to be treated as
-			IPv4 addresses for the purpose of acl matching.
-
  787.	[bug]		The DNSSEC tools failed to downcase domain
 			names when mapping them into file names.
 
  786.	[bug]		When DNSSEC signing/verifying data, owner names were
 			not properly downcased.
 
+	--- 9.1.1rc6 released ---
+
  785.	[bug]		A race condition in the resolver could cause
 			an assertion failure. [RT #673, #872, #1048]
 
@@ -62,16 +86,11 @@
 			when either using an sdb database or under very
 			rare conditions.
 
- 782.	[func]		Implement the "serial-query-rate" option.
-
- 781.	[func]		Avoid error packet loops by dropping duplicate FORMERR
-			responses. [RT #1006]
-
  780.	[bug]		Error handling code dealing with out of memory or
 			other rare errors could lead to assertion failures
 			by calling functions on unitialized names. [RT #1065]
 
- 779.	[func]		Added the "minimal-responses" option.
+	--- 9.1.1rc5 released ---
 
  778.	[bug]		When starting cache cleaning, cleaning_timer_action()
 			returned without first pausing the iterator, which
@@ -80,32 +99,21 @@
  777.	[bug]		An empty forwarders list in a zone failed to override
 			global forwarders. [RT #995]
 
- 776.	[func]		Improved error reporting in denied messages. [RT #252]
-
- 775.	[placeholder]
-
- 774.	[func]		max-cache-size is implemented.
-
- 773.	[func]		Added isc_rwlock_trylock() to attempt to lock without
-			blocking.
+ 775.   [bug]		Address match lists with invalid netmasks caused
+			the configuration parser to abort with an assertion
+			failure. [RT #996]
 
  772.	[bug]		Owner names could be incorrectly omitted from cache
 			dumps in the presence of negative caching entries.
 			[RT #991]
 
- 771.	[cleanup]	TSIG errors related to unsynchronized clocks
-			are logged better. [RT #919]
+ 686.   [bug]		dig and nslookup can now be properly aborted during
+			blocking operations. [RT #568]
 
- 770.	[func]		Add the "edns yes_or_no" statement to the server
-			clause. [RT #524]
+	--- 9.1.1rc4 released ---
 
- 769.	[func]		Improved error reporting when parsing rdata. [RT #740]
-
- 768.	[bug]		The server did not emit an SOA when a CNAME
-			or DNAME chain ended in NXDOMAIN in an
-			authoritative zone.
-
- 767.	[placeholder]
+ 767.	[bug]		The configuration parser handled invalid ports badly.
+			[RT #961]
 
  766.	[bug]		A few cases in query_find() could leak fname.
 			This would trigger the mpctx->allocated == 0
@@ -113,24 +121,6 @@
 			[RT #739, #776, #798, #812, #818, #821, #845,
 			#892, #935, #966]
 
- 765.	[func]		ACL names are once again case insensitive, like
-			in BIND 8. [RT #252]
-
- 764.	[func]		Configuration files now allow "include" directives
-			in more places, such as inside the "view" statement.
-			[RT #377, #728, #860]
-
- 763.	[func]		Configuration files no longer have reserved words.
-			[RT #731, #753]
-
- 762.	[cleanup]	The named.conf and rndc.conf file parsers have
-			been completely rewritten.
-
- 761.	[bug]		_REENTRANT was still defined when building with
-			--disable-threads.
-
- 760.	[contrib]	Significant enhancements to the pgsql sdb driver.
-
  759.	[bug]		The resolver didn't turn off "avoid fetches" mode
 			when restarting, possibly causing resolution
 			to fail when it should not.  This bug only affected
@@ -141,13 +131,16 @@
 			be useful to be avoided.  This bug only affected
 			platforms which support both IPv4 and IPv6. [RT #927]
 
- 757.	[func]		Log zone transfers.
-
  756.	[bug]		dns_zone_load() could "return" success when no master
 			file was configured.
 
  755.	[bug]		Fix incorrectly formatted log messages in zone.c.
 
+ 709.	[bug]		ANY or SIG queries for data with a TTL of 0
+			would return SERVFAIL. [RT #620]
+
+	--- 9.1.1rc3 released ---
+
  754.	[bug]		Certain failure conditions sending UDP packets
 			could cause the server to retry the transmission
 			indefinitely. [RT #902]
@@ -157,11 +150,6 @@
 			address on a system that doesn't support IPv6.
 			[RT #917]
 
- 752.	[func]		Correct bad tv_usec elements returned by
-			gettimeofday().
-
- 751.	[func]		Log successful zone loads / transfers.	[RT #898]
-
  750.	[bug]		A query should not match a DNAME whose trust level
 			is pending.  [RT #916]
 
@@ -169,9 +157,6 @@
 			server did not return the signature of the DNAME.
 			[RT #915]
 
- 748.	[doc]		List supported RFCs in doc/misc/rfc-compliance.
-			[RT #781]
-
  747.	[bug]		The code to determine whether an IXFR was possible
 			did not properly check for a database that could
 			not have a journal. [RT #865, #908]
@@ -179,9 +164,6 @@
  746.	[bug]		The sdb didn't clone rdatasets properly, causing
 			a crash when the server followed delegations. [RT #905]
 
- 745.	[func]		Report the owner name of records that fail
-			semantic checks while loading.
-
  744.	[bug]		When returning DNS_R_CNAME or DNS_R_DNAME as the
 			result of an ANY or SIG query, the resolver failed
 			to setup the return event's rdatasets, causing an
@@ -191,15 +173,7 @@
 			answers could cause named to stop responding.
 			[RT #861]
 
- 742.	[placeholder]
-
- 741.	[port]		Support openssl-engine. [RT #709]
-
- 740.	[port]		Handle openssl library mismatches slightly better.
-
- 739.	[port]		Look for /dev/random in configure, rather than
-			assuming it will be there for only a predefined
-			set of OSes.
+ 742.	[bug]		dig +domain did not work. [RT #850]
 
  738.	[bug]		If a non-threadsafe sdb driver supported AXFR and
 			received an AXFR request, it would deadlock or die
@@ -207,49 +181,27 @@
 
  737.	[port]		stdtime.c failed to compile on certain platforms.
 
- 736.	[func]		New functions isc_task_{begin,end}exclusive().
+ 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.
 
- 735.	[doc]		Add BIND 4 migration notes.
-
- 734.	[bug]		An attempt to re-lock the zone lock could occur if
-			the server was shutdown during a zone tranfer.
-			[RT #830]
+	--- 9.1.1rc2 released ---
 
  733.	[bug]		Reference counts of dns_acl_t objects need to be
 			locked but were not. [RT #801, #821]
 
- 732.	[bug]		Glue with 0 TTL could also cause SERVFAIL.  [RT #828]
+ 708.	[bug]		When building with --with-openssl, the openssl headers
+			included with BIND 9 should not be used. [RT #702]
 
- 731.	[bug]		Certain zone errors could cause named-checkzone to
-			fail ungracefully.  [RT #819]
-
- 730.	[bug]		lwres_getaddrinfo() returns the correct result when
-			it fails to contact a server. [RT #768]
+	--- 9.1.1rc1 released ---
 
  729.	[port]		pthread_setconcurrency() needs to be called on Solaris.
 
- 728.	[bug]		Fix comment processing on master file directives.
-			[RT# 757]
-
  727.	[port]		Work around OS bug where accept() succeeds but
 			fails to fill in the peer address of the accepted
 			connection, by treating it as an error rather than
 			an assertion failure. [RT #809]
 
- 726.	[func]		Implement the "trace" and "notrace" commands in rndc.
-
- 725.	[bug]		Installing man pages could fail.
-
- 724.	[func]		New libisc functions isc_netaddr_any(),
-			isc_netaddr_any6().
-
  723.	[bug]		Referrals whose NS RRs had a 0 TTL caused the resolver
-			to return DNS_R_SERVFAIL.  [RT #783]
-
- 722.	[func]		Allow incremental loads to be canceled.
-
- 721.	[cleanup]	Load manager and dns_master_loadfilequota() are no
-			more.
+			to return DNS_R_SERVFAIL. [RT #783]
 
  720.	[bug]		Server could enter infinite loop in
 			dispatch.c:do_cancel(). [RT #733]
@@ -257,9 +209,6 @@
  719.	[bug]		Rapid reloads could trigger an assertion failure.
 			[RT #743, #763]
 
- 718.	[cleanup]	"internal" is no longer a reserved word in named.conf.
-			[RT #753, #731]
-
  717.	[bug]		Certain TKEY processing failure modes could
 			reference an uninitialized variable, causing the
 			server to crash. [RT #750]
@@ -270,74 +219,25 @@
  715.	[bug]		Resolving some A6 chains could cause an assertion
 			failure in adb.c. [RT #738]
 
- 714.	[bug]		Preserve interval timers across reloads unless changed.
-			[RT# 729]
-
- 713.	[func]		named-checkconf takes '-t directory' similar to named.
-			[RT #726]
-
- 712.	[bug]		Sending a large signed update message caused an
-			assertion failure. [RT #718]
-
  711.	[bug]		The libisc and liblwres implementations of
 			inet_ntop contained an off by one error.
 
- 710.	[func]		The forwarders statement now takes an optional
-			port. [RT #418]
-
- 709.	[bug]		ANY or SIG queries for data with a TTL of 0
-			would return SERVFAIL. [RT #620]
-
- 708.	[bug]		When building with --with-openssl, the openssl headers
-			included with BIND 9 should not be used. [RT #702]
-
- 707.	[func]		The "filename" argument to named-checkzone is no
-			longer optional, to reduce confusion. [RT #612]
-
  706.	[bug]		Zones with an explicit "allow-update { none; };"
 			were considered dynamic and therefore not reloaded
 			on SIGHUP or "rndc reload".
 
- 705.	[port]		Work out resource limit type for use where rlim_t is
-			not available. [RT #695]
-
- 704.	[port]		RLIMIT_NOFILE is not available on all platforms.
-			[RT #695]
-
- 703.	[port]		sys/select.h is needed on older platforms. [RT #695]
-
- 702.	[func]		If the address 0.0.0.0 is seen in resolv.conf,
-			use 127.0.0.1 instead. [RT #693]
-
- 701.	[func]		Root hints are now fully optional.  Class IN
-			views use compiled-in hints by default, as
-			before.  Non-IN views with no root hints now
-			provide authoritative service but not recursion.
-			A warning is logged if a view has neither root
-			hints nor authoritative data for the root. [RT #696]
-
  700.	[bug]		$GENERATE range check was wrong. [RT #688]
 
- 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]
-
  698.	[bug]		Aborting nsupdate with ^C would lead to several
 			race conditions.
 
- 697.	[bug]		nsupdate was not compatible with the undocumented
-			BIND 8 behavior of ignoring TTLs in "update delete"
-			commands. [RT #693]
-
- 696.	[bug]		lwresd would die with an assertion failure when passed
-			a zero-length name.  [RT #692]
-
- 695.	[bug]		If the resolver attempted to query a blackholed or
-			bogus server, the resolution would fail immediately.
+ 699.	[bug]		The lexer mishandled empty quoted strings. [RT #694]
 
  694.	[bug]		$GENERATE did not produce the last entry.
 			[RT #682, #683]
 
- 693.	[bug]		An empty lwres statement in named.conf caused
-			the server to crash while loading.
+ 693.   [bug]           An empty lwres statement in named.conf caused
+                        the server to crash while loading.
 
  692.	[bug]		Deal with systems that have getaddrinfo() but not
 			gai_strerror(). [RT #679]
@@ -345,19 +245,11 @@
  691.	[bug]		Configuring per-view forwarders caused an assertion
 			failure. [RT #675, #734]
 
- 690.	[func]		$GENERATE now supports DNAME. [RT #654]
-
- 689.	[doc]		man pages are now installed. [RT #210]
-
- 688.	[func]		"make tags" now works on systems with the
-			"Exuberant Ctags" etags.
+	--- 9.1.0 released ---
 
  687.	[bug]		Only say we have IPv6, with sufficent functionality,
 			if it has actually been tested.  [RT #586]
 
- 686.	[bug]		dig and nslookup can now be properly aborted during
-			blocking operations. [RT #568]
-
  685.	[bug]		nslookup should use the search list/domain options
 			from resolv.conf by default. [RT #405, #630]
 
@@ -372,6 +264,14 @@
  680.	[bug]		dns_rdata_fromstruct() mishandled options bigger
 			than 255 octets.
 
+ 652.	[bug]		zone_saveunique() did not report the new name.
+			[RT #668]
+
+ 650.	[bug]		SIG(0) records were being generated and verified
+			incorrectly. [RT #606]
+
+	--- 9.1.0rc1 released ---
+
  679.	[bug]		$INCLUDE could leak memory and file descriptors on
 			reload. [RT #639]
 
@@ -388,56 +288,29 @@
  675.	[bug]		TKEY queries could cause the server to leak
 			memory.
 
- 674.	[func]		Allow messages to be TSIG signed / verified using
-			a offset from the current time.
-
- 673.	[func]		The server can now convert RFC1886-style recursive
-			lookup requests into RFC2874-style lookups, when 
-			enabled using the new option "allow-v6-synthesis".
-
  672.	[bug]		The wrong time was in the "time signed" field when
 			replying with BADTIME error.
 
- 671.	[bug]		The message code was failing to parse a message with
-			no question section and a TSIG record. [RT #628]
-
  670.	[bug]		The lwres replacements for getaddrinfo and
 			getipnodebyname didn't properly check for the
 			existence of the sockaddr sa_len field.
 
- 669.	[func]		dnssec-keygen now makes the public key file
-			non-world-readable for symmetric keys. [RT #403]
-
- 668.	[func]		named-checkzone now reports multiple errors in master
-			files.
-
  667.	[bug]		On Linux, running named with the -u option and a
 			non-world-readable configuration file didn't work.
 			[RT #626]
 
+	--- 9.1.0b3 released ---
+
  666.	[bug]		If a request sent by dig is longer than 512 bytes,
 			use TCP.
 
- 665.	[bug]		Signed responses were not sent when the size of the
-			TSIG + question exceeded the maximum message size.
-			[RT #628]
-
  664.	[bug]		The t_tasks and t_timers module tests are now skipped
 			when building without threads, since they require
 			threads.
 
- 663.	[func]		Accept a size_spec, not just an integer, in the
-			(unimplemented and ignored) max-ixfr-log-size option
-			for compatibility with recent versions of BIND 8.
-			[RT #613]
-
- 662.	[bug]		dns_rdata_fromtext() failed to log certain errors.
-
  661.	[bug]		Certain UDP IXFR requests caused an assertion failure
 			(mpctx->allocated == 0). [RT #355, #394, #623]
 
- 660.	[port]		Detect multiple CPUs on HP-UX and IRIX.
-
  659.	[performance]	Rewrite the name compression code to be much faster.
 
  658.	[cleanup]	Remove all vestiges of 16 bit global compression.
@@ -446,27 +319,12 @@
 			specify a port, use 921, not 53.  Also update the
 			listen-on documentation. [RT #616]
 
- 656.	[func]		Treat an unescaped newline in a quoted string as
-			an error.  This means that TXT records with missing
-			close quotes should have meaningful errors printed.
-
- 655.	[bug]		Improve error reporting on unexpected eof when loading
-			zones. [RT #611]
-
  654.	[bug]		Origin was being forgotten in TCP retries in dig.
 			[RT #574]
 
- 653.	[bug]		+defname option in dig was reversed in sense.  
+ 653.	[bug]		+defname option in dig was reversed in sense.
 			[RT #549]
 
- 652.	[bug]		zone_saveunique() did not report the new name.
-
- 651.	[func]		The AD bit in responses now has the meaning
-			specified in <draft-ietf-dnsext-ad-is-secure>.
-
- 650.	[bug]		SIG(0) records were being generated and verified
-			incorrectly. [RT #606]
-
  649.	[bug]		It was possible to join to an already running fctx
 			after it had "cloned" its events, but before it sent
 			them.  In this case, the event of the newly joined
@@ -476,8 +334,6 @@
 			caused the fetch to fail with a SERVFAIL result.
 			[RT #588, #597, #605, #607]
 
- 648.	[port]		Add support for pre-RFC2133 IPv6 implementations.
-
  647.	[bug]		Resolver queries sent after following multiple
 			referrals had excessively long retransmission
 			timeouts due to incorrectly counting the referrals
@@ -486,12 +342,9 @@
  646.	[bug]		The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
 			didn't _cleanly_ fix the problem it was trying to fix.
 
- 645.	[port]		BSD/OS 3.0 needs pthread_init(). [RT #603]
-
  644.	[bug]		#622 needed more work. [RT #562]
 
- 643.	[bug]		xfrin error messages made more verbose, added class
-			of the zone.  [RT# 599]
+ 645.	[port]		BSD/OS 3.0 needs pthread_init(). [RT #603]
 
  642.	[bug]		Break the exit_check() race in the zone module.
 			[RT #598]
@@ -507,9 +360,9 @@
  639.	[bug]		Reading entropy from the keyboard would sometimes fail.
 			[RT #591]
 
- 638.	[port]		lib/isc/random.c needed to explicitly include time.h
-			to get a prototype for time() when pthreads was not
-			being used. [RT #592]
+ 638.	[port]		lib/isc/random.c needed to explicitly include
+			time.h explicitly to get a prototype for time() when
+			pthreads was not being used. [RT #592]
 
  637.	[port]		Use isc_u?int64_t instead of (unsigned) long long in
 			lib/isc/print.c.  Also allow lib/isc/print.c to
@@ -542,7 +395,7 @@
  628.	[bug]		If the root hints contained only AAAA addresses,
 			named would be unable to perform resolution.
 
- 627.	[bug]		The EDNS0 blackhole detection code of change 324
+ 627.	[bug]		The EDNS0 blackhole detection code of changed 324
 			waited for three retransmissions to each server,
 			which takes much too long when a domain has many
 			name servers and all of them drop EDNS0 queries.
@@ -1055,7 +908,7 @@
 
  471.	[bug]		nsupdate didn't compile on HP/UX 10.20
 
- 470.	[func]		$GENERATE is now supported.  See also
+ 470.	[feature]	$GENERATE is now supported.  See also
 			doc/misc/migration.
 
  469.	[bug]		"query-source address * port 53;" now works.
@@ -1433,7 +1286,7 @@
 			the distribution, in doc/man/dnssec.
 
  353.	[bug]		double increment in lwres/gethost.c:copytobuf().
-			[RT# 187]
+			(RT# 187)
 
  352.	[bug]		Race condition in dns_client_t startup could cause
 			an assertion failure.
@@ -1512,7 +1365,7 @@
 
  332.	[func]		New function dns_name_reset().
 
- 331.	[bug]		Only log "recursion denied" if RD is set. [RT #178]
+ 331.	[bug]		Only log "recursion denied" if RD is set. (RT #178)
 
  330.	[bug]		Many debugging messages were partially formatted
 			even when debugging was turned off, causing a
@@ -1576,7 +1429,7 @@
  316.	[bug]		Generate a warning if we detect an unexpected <eof>
 			but treat as <eol><eof>.
 
- 315.	[bug]		Handle non-empty blanks lines. [RT #163]
+ 315.	[bug]		Handle non-empty blanks lines. (RT #163)
 
  314.	[func]		The named.conf controls statement can now have
 			more than one key specified for the inet clause.
@@ -1614,7 +1467,7 @@
 			name server addresses as authoritative data.
 
  308.	[bug]		Treat a SOA record not at top of zone as an error
-			when loading a zone. [RT #154]
+			when loading a zone. (RT #154)
 
  307.	[bug]		When canceling a query, the resolver didn't check for
 			isc_socket_sendto() calls that did not yet have their
@@ -1622,7 +1475,7 @@
 			destroying the query context and then want to use
 			it again when the send event posted, triggering an
 			assertion as it tried to cancel an already-canceled
-			query.	[RT #77]
+			query.	(RT #77)
 
  306.	[bug]		Reading HMAC-MD5 private key files didn't work.
 
@@ -1638,13 +1491,13 @@
 			instead of returning failure.
 
  303.	[bug]		Add additional sanity checks to differentiate a AXFR
-			response vs a IXFR response. [RT #157]
+			response vs a IXFR response. (RT #157)
 
  302.	[bug]		In dig, host, and nslookup, MXNAME should be large
 			enough to hold any legal domain name in presentation
 			format + terminating NULL.
 
- 301.	[bug]		Uninitalised pointer in host:printmessage(). [RT #159]
+ 301.	[bug]		Uninitalised pointer in host:printmessage(). (RT #159)
 
  300.	[bug]		Using both <isc/net.h> and <lwres/net.h> didn't work
 			on platforms lacking IPv6 because each included their
@@ -1817,7 +1670,7 @@
  257.	[bug]		The server detached the last zone manager reference
 			too early, while it could still be in use by queries.
 			This manifested itself as assertion failures during the
-			shutdown process for busy name servers [RT #133].
+			shutdown process for busy name servers (RT #133).
 
  256.	[func]		isc_ratelimiter_t now has attach/detach semantics, and
 			isc_ratelimiter_shutdown guarantees that the rate

FAQ

@@ -142,3 +142,12 @@ being found.  Why?
 A: Using a parallel or distributed "make" to build BIND 9 is not
 supported, and doesn't work.  If you are using one of these, use
 normal make or gmake instead.
+
+
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is
+logging error messages like "notify to 10.0.0.1#53 failed: unexpected
+end of input".  What's wrong?
+
+A: This error message is caused by a known bug in BIND 8.2.3 and will
+be fixed in 8.2.4.  It can be safely ignored - the notify has been
+acted on by the slave despite the error message.

Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.38 2001/03/27 19:36:55 halley Exp $
+# $Id: Makefile.in,v 1.36.2.1 2001/01/09 22:31:05 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -31,11 +31,6 @@ distclean::
 	rm -f libtool isc-config.sh
 	rm -f util/conf.sh
 
-# XXX we should clean libtool stuff too.  Only do this after we add rules
-# to make it.
-maintainer-clean::
-	rm -f configure
-
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
 

README

@@ -45,43 +45,66 @@ BIND 9
 
 
 
-BIND 9.2
+BIND 9.1.2
 
-	This is a snapshot of the development source tree that
-	will become BIND 9.2.  Bind 9.2 will have a number of 
-	new features over 9.1, including:
+	BIND 9.1.2 is a maintenance release, containing fixes for
+	a number of bugs in 9.1.1 but no new features.
 
-	  - The ability to automatically convert RFC1886-style
-	    recursive lookup requests into RFC2874-style lookups, 
-	    enabled using the new option "allow-v6-synthesis".
-            This allows stub resolvers that support AAAA records
-            but not A6 record chains or binary labels to perform
-            lookups in domains that make use of these IPv6 DNS
-            features.
+	DNSSEC users should note that DNSSEC validation involving
+	algorithms other than RSA will not interoperate between
+	this version of BIND and version 9.1.1 or older, because the
+	older versions use an incorrect formula for calculating key
+	tags of non-RSA keys.
 
-	  - Improved performance.
+	Features introduced in 9.1.0 included:
 
-	An IPv6 capable stub resolver based on the BIND 8 resolver
-	code base and fully backwards compatible with existing BIND 8
-	based resolvers is being developed and will be integrated into
-	the BIND 9 distribution when completed.
+	  - Many BIND 8 features previously unimplemented in BIND 9,
+	    including domain-specific forwarding, the $GENERATE
+	    master file directive, and the "blackhole", "dialup", 
+	    and "sortlist" options
 
-	This distribution already includes a new lightweight stub
-	resolver library and associated resolver daemon that fully
-	support forward and reverse lookups of both IPv4 and IPv6
-	addresses.  This library is still considered experimental and
-	is not a complete replacement for the BIND 8 resolver library.
-	Applications that use the BIND 8 res_* functions to perform
-	DNS lookups or dynamic updates still need to be linked against
-	the BIND 8 libraries.  For DNS lookups, they can also use the
-	new "getrrsetbyname()" API.
+	  - Forwarding of dynamic update requests; this is enabled 
+	    by the "allow-update-forwarding" option
 
-	BIND 9.2 is capable of acting as an authoritative server
+	  - A new, simplified database interface and a number of
+	    sample drivers based on it; see doc/misc/sdb for details
+
+	  - Support for building single-threaded servers for 
+	    environments that do not supply POSIX threads
+
+	  - New configuration options: "min-refresh-time",
+	    "max-refresh-time", "min-retry-time", "max-retry-time",
+	    "additional-from-auth", "additional-from-cache",
+	    "notify explicit"
+
+	  - Faster lookups, particularly in large zones.
+
+	BIND 9.1 also includes experimental implementations of a
+	number of DNS protocols extensions still under development
+	in the IETF.  These include transparent processing of
+	unknown RR types and use of the EDNS "DNSSEC OK" bit to
+	explicitly enable DNSSEC processing in responses.
+
+	Cryptographic operations are now based on the OpenSSL
+	library instead of DNSsafe.
+
+	BIND 9.1 is primarily a name server software distribution.
+	In addition to the name server, it also includes a new
+	lightweight stub resolver library and associated resolver
+	daemon that fully support forward and reverse lookups of both
+	IPv4 and IPv6 addresses.  This library is still considered
+	experimental and is not a complete replacement for the BIND 8
+	resolver library.  Applications that use the BIND 8 res_*
+	functions to perform DNS lookups or dynamic updates still need
+	to be linked against the BIND 8 libraries.  For DNS lookups,
+	they can also use the new "getrrsetbyname()" API.
+
+	BIND 9.1 is capable of acting as an authoritative server
 	for DNSSEC secured zones.  This functionality is believed to
 	be stable and complete except for lacking support for wildcard
 	records in secure zones.
 
-	When acting as a caching server, BIND 9.2 can be configured
+	When acting as a caching server, BIND 9.1 can be configured
 	to perform DNSSEC secure resolution on behalf of its clients.
 	This part of the DNSSEC implementation is still considered
 	experimental.  For detailed information about the state of the
@@ -110,6 +133,7 @@ BIND 9.2
 
 		--with-libtool does not work on AIX.
 
+
 	For a detailed list of user-visible changes from
 	previous releases, see the CHANGES file.
 
@@ -134,7 +158,8 @@ Building
 	Additionally, we have unverified reports of success building
 	previous versions of BIND 9 from users of the following systems:
 
-		Slackware Linux 7.x
+		Slackware Linux 7.0 with 2.4.0-test6 kernel and glibc 2.1.3
+		Slackware Linux 7.0.1 with glibc 2.1.3
 		OpenBSD 2.6, 2.8, -current
 		UnixWare 7.1.1
 		HP-UX 10.20
@@ -206,10 +231,13 @@ Documentation
 	doc/arm directory.
 
 	Some of the programs in the BIND 9 distribution have man pages
-	in their directories.  In particular, the command line
-	options of "named" are documented in /bin/named/named.8.
+	under the doc/man directory.  In particular, the command line
+	options of "named" are documented in doc/man/bind/named.8.
 	There is now also a set of man pages for the lwres library.
 
+	The man pages are currently not installed automatically by
+	"make install".
+
 	If you are upgrading from BIND 8, please read the migration
 	notes in doc/misc/migration.  If you are upgrading from
 	BIND 4, read doc/misc/migration-4to9.

acconfig.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.33 2001/01/18 22:21:22 bwelling Exp $ */
+/* $Id: acconfig.h,v 1.31.2.2 2001/02/07 19:26:16 gson Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because

bin/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.22 2001/01/09 21:39:05 bwelling Exp $
+# $Id: Makefile.in,v 1.21.2.1 2001/01/09 22:31:11 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.11 2001/03/30 00:08:32 bwelling Exp $
+# $Id: Makefile.in,v 1.5.2.1 2001/01/09 22:31:13 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,17 +21,15 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_INCLUDES@
 
-CINCLUDES =	${DNS_INCLUDES} ${ISCCFG_INCLUDES} ${ISC_INCLUDES}
+CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
 CDEFINES =
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 
 LIBS =		@LIBS@
@@ -44,35 +42,22 @@ TARGETS =	named-checkconf named-checkzone
 # Alphabetically
 SRCS =		named-checkconf.c named-checkzone.c check-tool.c
 
-MANPAGES =	named-checkconf.8 named-checkzone.8
-
-HTMLPAGES =	named-checkconf.html named-checkzone.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
-named-checkconf: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} ${ISCCFGDEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ named-checkconf.@O@ \
-	check-tool.@O@ ${ISCCFGLIBS} ${ISCLIBS} ${LIBS}
+named-checkconf: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ named-checkconf.@O@ check-tool.@O@ \
+		${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 named-checkzone: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ named-checkzone.@O@ \
-	check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: named-checkconf named-checkzone installdirs
-	${LIBTOOL} ${INSTALL_PROGRAM} named-checkconf ${DESTDIR}${sbindir}
-	${LIBTOOL} ${INSTALL_PROGRAM} named-checkzone ${DESTDIR}${sbindir}
-	for m in ${MANPAGES}; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8; done
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ named-checkzone.@O@ check-tool.@O@ \
+		${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+
+install:: named-checkconf named-checkzone
+	${LIBTOOL} ${INSTALL_PROGRAM} named-checkconf ${DESTDIR}${sbindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} named-checkzone ${DESTDIR}${sbindir}

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.4 2001/03/03 23:11:33 bwelling Exp $ */
+/* $Id: check-tool.c,v 1.2.2.1 2001/01/09 22:31:14 bwelling Exp $ */
 
 #include <config.h>
 
@@ -27,6 +27,8 @@
 #include <isc/log.h>
 #include <isc/types.h>
 
+#include <dns/log.h>
+
 isc_result_t
 setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
@@ -35,6 +37,8 @@ setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 
 	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_setcontext(log);
+	dns_log_init(log);
+	dns_log_setcontext(log);
 
 	destination.file.stream = stdout;
 	destination.file.name = NULL;

bin/check/check-tool.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.2 2001/01/09 21:39:09 bwelling Exp $ */
+/* $Id: check-tool.h,v 1.1.2.1 2001/01/09 22:31:15 bwelling Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H

bin/check/named-checkconf.8

@@ -1,45 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "NAMED-CHECKCONF" "8" "June 14, 2000" "BIND9" ""
-.SH NAME
-named-checkconf \- named configuration file syntax checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkconf\fR [ \fB-t \fIdirectory\fB\fR ]  \fBfilename\fR
-.SH "DESCRIPTION"
-.PP
-\fBnamed-checkconf\fR checks the syntax, but not
-the semantics, of a named configuration file.
-.SH "OPTIONS"
-.TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
-.TP
-\fBfilename\fR
-The name of the configuration file to be checked. If not
-specified, it defaults to \fI/etc/named.conf\fR.
-.SH "RETURN VALUES"
-.PP
-\fBnamed-checkconf\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/check/named-checkconf.c

@@ -15,93 +15,56 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.7 2001/03/16 23:00:00 bwelling Exp $ */
+/* $Id: named-checkconf.c,v 1.2.2.1 2001/01/09 22:31:16 bwelling Exp $ */
 
 #include <config.h>
 
 #include <errno.h>
 #include <stdlib.h>
-#include <stdio.h>
 
-#include <isc/commandline.h>
-#include <isc/dir.h>
-#include <isc/log.h>
 #include <isc/mem.h>
-#include <isc/result.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
-#include <isccfg/cfg.h>
-#include <isccfg/check.h>
+#include <dns/log.h>
+#include <dns/namedconf.h>
 
 #include "check-tool.h"
 
-isc_log_t *log = NULL;
+static isc_result_t
+zonecbk(dns_c_ctx_t *ctx, dns_c_zone_t *zone, dns_c_view_t *view, void *uap) {
 
-static void
-usage(void) {
-        fprintf(stderr, "usage: named-checkconf [-t directory] [named.conf]\n");
-        exit(1);
+	UNUSED(ctx);
+	UNUSED(uap);
+	UNUSED(zone);
+	UNUSED(view);
+
+	return (ISC_R_SUCCESS);
 }
 
 static isc_result_t
-directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
-	isc_result_t result;
-	char *directory;
-
-	REQUIRE(strcasecmp("directory", clausename) == 0);
-
-	UNUSED(arg);
-	UNUSED(clausename);
-
-	/*
-	 * Change directory.
-	 */
-	directory = cfg_obj_asstring(obj);
-	result = isc_dir_chdir(directory);
-	if (result != ISC_R_SUCCESS) {
-		cfg_obj_log(obj, log, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s",
-			    directory, isc_result_totext(result));
-		return (result);
-	}
+optscbk(dns_c_ctx_t *ctx, void *uap) {
+	UNUSED(ctx);
+	UNUSED(uap);
 
 	return (ISC_R_SUCCESS);
 }
 
 int
 main(int argc, char **argv) {
-	int c;
-	cfg_parser_t *parser = NULL;
-	cfg_obj_t *config = NULL;
+	dns_c_ctx_t *configctx = NULL;
 	const char *conffile = NULL;
 	isc_mem_t *mctx = NULL;
-	isc_result_t result;
+	dns_c_cbks_t callbacks;
+	isc_log_t *log = NULL;
 
-	while ((c = isc_commandline_parse(argc, argv, "t:")) != EOF) {
-		switch (c) {
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s\n",
-					isc_result_totext(result));
-				exit(1);
-			}
-			result = isc_dir_chdir("/");
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chdir: %s\n",
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
+	callbacks.zonecbk = zonecbk;
+	callbacks.optscbk = optscbk;
+	callbacks.zonecbkuap = NULL;
+	callbacks.optscbkuap = NULL;
 
-		default:
-			usage();
-		}
-	}
-
-	if (argv[isc_commandline_index] != NULL)
-		conffile = argv[isc_commandline_index];
+	if (argc > 1)
+		conffile = argv[1];
 	if (conffile == NULL || conffile[0] == '\0')
 		conffile = "/etc/named.conf";
 
@@ -109,19 +72,12 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(setup_logging(mctx, &log) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(cfg_parser_create(mctx, log, &parser) == ISC_R_SUCCESS);
-
-	cfg_parser_setcallback(parser, directory_callback, NULL);
-
-	if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
-	    ISC_R_SUCCESS)
+	if (dns_c_parse_namedconf(conffile, mctx, &configctx, &callbacks) !=
+	    ISC_R_SUCCESS) {
 		exit(1);
+	}
 
-	RUNTIME_CHECK(cfg_check_namedconf(config, log, mctx) == ISC_R_SUCCESS);
-
-	cfg_obj_destroy(parser, &config);
-
-	cfg_parser_destroy(&parser);
+	dns_c_ctx_delete(&configctx);
 
 	isc_log_destroy(&log);
 

bin/check/named-checkconf.docbook

@@ -1,96 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 14, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkconf</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>named-checkconf</application></refname>
-    <refpurpose>named configuration file syntax checking tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>named-checkconf</command>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="req">filename</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>named-checkconf</command> checks the syntax, but not
-	the semantics, of a named configuration file.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-	      chroot to <filename>directory</filename> so that include
-	      directives in the configuration file are processed as if
-	      run by a similarly chrooted named.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-	<listitem>
-	  <para>
-	       The name of the configuration file to be checked.  If not
-	       specified, it defaults to <filename>/etc/named.conf</filename>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>RETURN VALUES</title>
-    <para>
-        <command>named-checkconf</command> returns an exit status of 1 if
-	errors were detected and 0 otherwise.
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>named</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->
-

bin/check/named-checkconf.html

@@ -1,179 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->named-checkconf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
->&nbsp;--&nbsp;named configuration file syntax checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkconf</B
->  [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN20"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkconf</B
-> checks the syntax, but not
-	the semantics, of a named configuration file.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN24"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->	      chroot to <TT
-CLASS="FILENAME"
->directory</TT
-> so that include
-	      directives in the configuration file are processed as if
-	      run by a similarly chrooted named.
-	  </P
-></DD
-><DT
->filename</DT
-><DD
-><P
->	       The name of the configuration file to be checked.  If not
-	       specified, it defaults to <TT
-CLASS="FILENAME"
->/etc/named.conf</TT
->.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN38"
-></A
-><H2
->RETURN VALUES</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkconf</B
-> returns an exit status of 1 if
-	errors were detected and 0 otherwise.
-  </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN42"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN49"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/check/named-checkzone.8

@@ -1,55 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "NAMED-CHECKZONE" "8" "June 13, 2000" "BIND9" ""
-.SH NAME
-named-checkzone \- zone file validity checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkzone\fR [ \fB-d\fR ]  [ \fB-q\fR ]  [ \fB-c \fIclass\fB\fR ]  \fBzonename\fR \fBfilename\fR
-.SH "DESCRIPTION"
-.PP
-\fBnamed-checkzone\fR checks the syntax and integrity of
-a zone file. It performs the same checks as \fBnamed\fR
-does when loading a zone. This makes
-\fBnamed-checkzone\fR useful for checking zone
-files before configuring them into a name server.
-.SH "OPTIONS"
-.TP
-\fB-d\fR
-Enable debugging.
-.TP
-\fB-q\fR
-Quiet mode - exit code only.
-.TP
-\fB-c \fIclass\fB\fR
-Specify the class of the zone. If not specified "IN" is assumed.
-.TP
-\fBzonename\fR
-The domain name of the zone being checked.
-.TP
-\fBfilename\fR
-The name of the zone file.
-.SH "RETURN VALUES"
-.PP
-\fBnamed-checkzone\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fIRFC 1035\fR,
-\fIBIND 9 Administrator Reference Manual\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.12 2001/03/03 23:11:36 bwelling Exp $ */
+/* $Id: named-checkzone.c,v 1.6.2.2 2001/01/11 18:30:28 gson Exp $ */
 
 #include <config.h>
 
@@ -61,7 +61,7 @@ static const char *dbtype[] = { "rbt" };
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: named-checkzone [-dq] [-c class] zonename filename\n");
+		"usage: named-checkzone [-dq] [-c class] zone [filename]\n");
 	exit(1);
 }
 
@@ -105,7 +105,6 @@ setup(char *zonename, char *filename, char *classname) {
 	ERRRET(result, "dns_rdataclass_fromtext");
 
 	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, DNS_ZONEOPT_MANYERRORS, ISC_TRUE);
 
 	result = dns_zone_load(zone);
 
@@ -123,10 +122,12 @@ main(int argc, char **argv) {
 	int c;
 	char *origin = NULL;
 	char *filename = NULL;
+	char *classname;
 	isc_log_t *lctx = NULL;
 	isc_result_t result;
 	char classname_in[] = "IN";
-	char *classname = classname_in;
+
+	classname = classname_in;
 
 	while ((c = isc_commandline_parse(argc, argv, "c:dqs")) != EOF) {
 		switch (c) {
@@ -144,19 +145,20 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (isc_commandline_index + 2 > argc)
+	if (argv[isc_commandline_index] == NULL)
 		usage();
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-	if (!quiet) {
+	if (!quiet)
 		RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS);
-		dns_log_init(lctx);
-		dns_log_setcontext(lctx);
-	}
 
-	origin = argv[isc_commandline_index++];
-	filename = argv[isc_commandline_index++];
-	result = setup(origin, filename, classname);
+	origin = argv[isc_commandline_index];
+	isc_commandline_index++;
+	if (argv[isc_commandline_index] != NULL)
+		filename = argv[isc_commandline_index];
+	else
+		filename = origin;
+	result = setup(origin, filename, (char *)classname);
 	if (!quiet && result == ISC_R_SUCCESS)
 		fprintf(stdout, "OK\n");
 	destroy();

bin/check/named-checkzone.docbook

@@ -1,127 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 13, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkzone</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>named-checkzone</application></refname>
-    <refpurpose>zone file validity checking tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>named-checkzone</command>
-      <arg><option>-d</option></arg>
-      <arg><option>-q</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="req">zonename</arg>
-      <arg choice="req">filename</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>named-checkzone</command> checks the syntax and integrity of
-	a zone file.  It performs the same checks as <command>named</command>
-	does when loading a zone.  This makes
-	<command>named-checkzone</command> useful for checking zone
-	files before configuring them into a name server.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-d</term>
-	<listitem>
-	  <para>
-	      Enable debugging.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-q</term>
-	<listitem>
-	  <para>
-	      Quiet mode - exit code only.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	      Specify the class of the zone.  If not specified "IN" is assumed.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>zonename</term>
-	<listitem>
-	  <para>
-	       The domain name of the zone being checked.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-	<listitem>
-	  <para>
-	       The name of the zone file.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>RETURN VALUES</title>
-    <para>
-        <command>named-checkzone</command> returns an exit status of 1 if
-	errors were detected and 0 otherwise.
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>named</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>RFC 1035</citetitle>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->
-

bin/check/named-checkzone.html

@@ -1,210 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->named-checkzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
->&nbsp;--&nbsp;zone file validity checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkzone</B
->  [<TT
-CLASS="OPTION"
->-d</TT
->] [<TT
-CLASS="OPTION"
->-q</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] {zonename} {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN25"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> checks the syntax and integrity of
-	a zone file.  It performs the same checks as <B
-CLASS="COMMAND"
->named</B
->
-	does when loading a zone.  This makes
-	<B
-CLASS="COMMAND"
->named-checkzone</B
-> useful for checking zone
-	files before configuring them into a name server.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN31"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-d</DT
-><DD
-><P
->	      Enable debugging.
-	  </P
-></DD
-><DT
->-q</DT
-><DD
-><P
->	      Quiet mode - exit code only.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	      Specify the class of the zone.  If not specified "IN" is assumed.
-	  </P
-></DD
-><DT
->zonename</DT
-><DD
-><P
->	       The domain name of the zone being checked.
-	  </P
-></DD
-><DT
->filename</DT
-><DD
-><P
->	       The name of the zone file.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN55"
-></A
-><H2
->RETURN VALUES</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> returns an exit status of 1 if
-	errors were detected and 0 otherwise.
-  </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN59"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->RFC 1035</I
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN67"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/dig/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.21 2001/02/28 11:33:23 marka Exp $
+# $Id: Makefile.in,v 1.17.4.1 2001/01/09 22:31:19 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -48,28 +48,24 @@ UOBJS =
 
 SRCS =		dig.c dighost.c host.c nslookup.c
 
-MANPAGES =	dig.1 host.1
-
 @BIND9_MAKE_RULES@
 
 dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
 install:: dig host nslookup installdirs
 	${LIBTOOL} ${INSTALL_PROGRAM} dig ${DESTDIR}${bindir}
 	${LIBTOOL} ${INSTALL_PROGRAM} host ${DESTDIR}${bindir}
 	${LIBTOOL} ${INSTALL_PROGRAM} nslookup ${DESTDIR}${bindir}
-	for m in ${MANPAGES}; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man1; done

bin/dig/dig.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.144 2001/03/28 03:09:45 bwelling Exp $ */
+/* $Id: dig.c,v 1.131.2.4 2001/03/14 18:08:48 bwelling Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
@@ -31,7 +31,6 @@
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
-#include <dns/masterdump.h>
 #include <dns/message.h>
 #include <dns/name.h>
 #include <dns/rdata.h>
@@ -53,7 +52,7 @@ extern ISC_LIST(dig_searchlist_t) search_list;
 }
 
 
-extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
+extern isc_boolean_t have_ipv6, specified_source,
 	usesearch, qr;
 extern in_port_t port;
 extern unsigned int timeout;
@@ -65,6 +64,7 @@ extern int sendcount;
 extern int ndots;
 extern int tries;
 extern int lookup_counter;
+extern char fixeddomain[MXNAME];
 extern int exitcode;
 extern isc_sockaddr_t bind_address;
 extern char keynametext[MXNAME];
@@ -76,17 +76,15 @@ extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *global_task;
 extern isc_boolean_t free_now;
 dig_lookup_t *default_lookup = NULL;
+extern isc_uint32_t rr_limit;
 
 extern isc_boolean_t debugging, memdebugging;
 char *batchname = NULL;
 FILE *batchfp = NULL;
 char *argv0;
 
-char domainopt[DNS_NAME_MAXTEXT];
-
 isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
-	nibble = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
-	multiline = ISC_FALSE;
+	nibble = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE;
 
 isc_uint16_t bufsize = 0;
 isc_boolean_t forcecomment = ISC_FALSE;
@@ -158,7 +156,7 @@ show_usage(void) {
 "                 +domain=###         (Set default domainname)\n"
 "                 +bufsize=###        (Set EDNS0 Max UDP packet size)\n"
 "                 +[no]search         (Set whether to use searchlist)\n"
-"                 +[no]defname        (Ditto)\n"
+"                 +[no]defname        (Set whether to use default domain)\n"
 "                 +[no]recursive      (Recursive mode)\n"
 "                 +[no]ignore         (Don't revert to TCP for TC responses.)"
 "\n"
@@ -181,8 +179,9 @@ show_usage(void) {
 "                 +[no]nssearch       (Search all authoritative nameservers)\n"
 "                 +[no]identify       (ID responders in short answers)\n"
 "                 +[no]trace          (Trace delegation down from root)\n"
+"                 +rrlimit=###        (Limit number of rr's in xfr)\n"
+"                 +namelimit=###      (Limit number of names in xfr)\n"
 "                 +[no]dnssec         (Request DNSSEC records)\n"
-"                 +[no]multiline      (Print records in an expanded format)\n"
 "        global d-opts and servers (before host name) affect all queries.\n"
 "        local d-opts and servers (after host name) affect only that lookup.\n"
 , stderr);
@@ -192,14 +191,11 @@ show_usage(void) {
  * Callback from dighost.c to print the received message.
  */
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(int bytes, int frmsize, char *frm, dig_query_t *query) {
 	isc_uint64_t diff;
 	isc_time_t now;
 	isc_result_t result;
 	time_t tnow;
-	char fromtext[ISC_SOCKADDR_FORMATSIZE];
-
-	isc_sockaddr_format(from, fromtext, sizeof(fromtext));
 
 	result = isc_time_now(&now);
 	check_result(result, "isc_time_now");
@@ -207,7 +203,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 	if (query->lookup->stats) {
 		diff = isc_time_microdiff(&now, &query->time_sent);
 		printf(";; Query time: %ld msec\n", (long int)diff/1000);
-		printf(";; SERVER: %s(%s)\n", fromtext, query->servname);
+		printf(";; SERVER: %.*s(%s)\n", frmsize, frm,
+		       query->servname);
 		time(&tnow);
 		printf(";; WHEN: %s", ctime(&tnow));
 		if (query->lookup->doing_xfr) {
@@ -228,8 +225,8 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 		puts("");
 	} else if (query->lookup->identify && !short_form) {
 		diff = isc_time_microdiff(&now, &query->time_sent);
-		printf(";; Received %u bytes from %s(%s) in %d ms\n\n",
-		       bytes, fromtext, query->servname,
+		printf(";; Received %u bytes from %.*s(%s) in %d ms\n\n",
+		       bytes, frmsize, frm, query->servname,
 		       (int)diff/1000);
 	}
 }
@@ -341,12 +338,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	dns_messagetextflag_t flags;
 	isc_buffer_t *buf = NULL;
 	unsigned int len = OUTPUTBUF;
-	const dns_master_style_t *style;
-
-	if (multiline)
-		style = &dns_master_style_default;
-	else
-		style = &dns_master_style_debug;
 
 	if (query->lookup->cmdline[0] != 0) {
 		fputs(query->lookup->cmdline, stdout);
@@ -417,72 +408,79 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 			       msg->counts[DNS_SECTION_ANSWER],
 			       msg->counts[DNS_SECTION_AUTHORITY],
 			       msg->counts[DNS_SECTION_ADDITIONAL]);
-		}
-	}
 
-repopulate_buffer:
-
-	if (query->lookup->comments && headers && !short_form)
-	{
-		result = dns_message_pseudosectiontotext(msg,
-			 DNS_PSEUDOSECTION_OPT,
-			 style, flags, buf);
-		if (result == ISC_R_NOSPACE) {
-buftoosmall:
-			len += OUTPUTBUF;
-			isc_buffer_free(&buf);
-			result = isc_buffer_allocate(mctx, &buf, len);
-			if (result == ISC_R_SUCCESS)
-				goto repopulate_buffer;
-			else
-				return (result);
+			result = dns_message_pseudosectiontotext(msg,
+						 DNS_PSEUDOSECTION_OPT,
+						 flags, buf);
+			check_result(result,
+				     "dns_message_pseudosectiontotext");
 		}
-		check_result(result,
-		     "dns_message_pseudosectiontotext");
 	}
 
 	if (query->lookup->section_question && headers) {
 		if (!short_form) {
+		question_again:
 			result = dns_message_sectiontotext(msg,
 						       DNS_SECTION_QUESTION,
-						       style, flags, buf);
-			if (result == ISC_R_NOSPACE)
-				goto buftoosmall;
+						       flags, buf);
+			if (result == ISC_R_NOSPACE) {
+				len += OUTPUTBUF;
+				isc_buffer_free(&buf);
+				result = isc_buffer_allocate(mctx, &buf, len);
+				if (result == ISC_R_SUCCESS)
+					goto question_again;
+			}
 			check_result(result, "dns_message_sectiontotext");
 		}
 	}
 	if (query->lookup->section_answer) {
 		if (!short_form) {
+		answer_again:
 			result = dns_message_sectiontotext(msg,
 						       DNS_SECTION_ANSWER,
-						       style, flags, buf);
-			if (result == ISC_R_NOSPACE)
-				goto buftoosmall;
+						       flags, buf);
+			if (result == ISC_R_NOSPACE) {
+				len += OUTPUTBUF;
+				isc_buffer_free(&buf);
+				result = isc_buffer_allocate(mctx, &buf, len);
+				if (result == ISC_R_SUCCESS)
+					goto answer_again;
+			}
 			check_result(result, "dns_message_sectiontotext");
 		} else {
 			result = short_answer(msg, flags, buf, query);
-			if (result == ISC_R_NOSPACE)
-				goto buftoosmall;
 			check_result(result, "short_answer");
 		}
 	}
 	if (query->lookup->section_authority) {
 		if (!short_form) {
+		authority_again:
 			result = dns_message_sectiontotext(msg,
 						       DNS_SECTION_AUTHORITY,
-						       style, flags, buf);
-			if (result == ISC_R_NOSPACE)
-				goto buftoosmall;
+						       flags, buf);
+			if (result == ISC_R_NOSPACE) {
+				len += OUTPUTBUF;
+				isc_buffer_free(&buf);
+				result = isc_buffer_allocate(mctx, &buf, len);
+				if (result == ISC_R_SUCCESS)
+					goto authority_again;
+			}
 			check_result(result, "dns_message_sectiontotext");
 		}
 	}
 	if (query->lookup->section_additional) {
 		if (!short_form) {
+		additional_again:
 			result = dns_message_sectiontotext(msg,
 						      DNS_SECTION_ADDITIONAL,
-						      style, flags, buf);
-			if (result == ISC_R_NOSPACE)
-				goto buftoosmall;
+						      flags, buf);
+			if (result == ISC_R_NOSPACE) {
+				len += OUTPUTBUF;
+				isc_buffer_free(&buf);
+				result = isc_buffer_allocate(mctx, &buf, len);
+				if (result == ISC_R_SUCCESS)
+					goto additional_again;
+			}
 			check_result(result, "dns_message_sectiontotext");
 			/*
 			 * Only print the signature on the first record.
@@ -491,17 +489,14 @@ buftoosmall:
 				result = dns_message_pseudosectiontotext(
 						   msg,
 						   DNS_PSEUDOSECTION_TSIG,
-						   style, flags, buf);
-				if (result == ISC_R_NOSPACE)
-					goto buftoosmall;
+						   flags, buf);
 				check_result(result,
 					  "dns_message_pseudosectiontotext");
 				result = dns_message_pseudosectiontotext(
 						   msg,
 						   DNS_PSEUDOSECTION_SIG0,
-						   style, flags, buf);
-				if (result == ISC_R_NOSPACE)
-					goto buftoosmall;
+						   flags, buf);
+
 				check_result(result,
 					   "dns_message_pseudosectiontotext");
 			}
@@ -606,7 +601,7 @@ parse_int(char *arg, const char *desc, isc_uint32_t max) {
 /*
  * We're not using isc_commandline_parse() here since the command line
  * syntax of dig is quite a bit different from that which can be described
- * by that routine.
+ * that routine.
  * XXX doc options
  */
 
@@ -707,7 +702,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 	case 'd':
 		switch (cmd[1]) {
 		case 'e': /* defname */
-			usesearch = state;
+			lookup->defname = state;
 			break;
 		case 'n': /* dnssec */	
 			lookup->dnssec = state;
@@ -717,8 +712,9 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				goto need_value;
 			if (!state)
 				goto invalid_option;
-			strncpy(domainopt, value, sizeof(domainopt));
-			domainopt[sizeof(domainopt)-1] = '\0';
+			strncpy(fixeddomain, value, sizeof(fixeddomain));
+			fixeddomain[sizeof(fixeddomain)-1]=0;
+			usesearch = state;
 			break;
 		default:
 			goto invalid_option;
@@ -737,9 +733,6 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			lookup->ignore = ISC_TRUE;
 		}
 		break;
-	case 'm': /* multiline */
-		multiline = state;
-		break;
 	case 'n':
 		switch (cmd[1]) {
 		case 'd': /* ndots */
@@ -785,8 +778,21 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			goto invalid_option;
 		}
 		break;
-	case 'r': /* recurse */
-		lookup->recurse = state;
+	case 'r':
+		switch (cmd[1]) {
+		case 'e': /* recurse */
+			lookup->recurse = state;
+			break;
+		case 'r': /* rrlimit */
+			if (value == NULL)
+				goto need_value;
+			if (!state)
+				goto invalid_option;
+			rr_limit = parse_int(value, "rrlimit", MAXRRLIMIT);
+			break;
+		default:
+			goto invalid_option;
+		}
 		break;
 	case 's':
 		switch (cmd[1]) {
@@ -902,9 +908,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
  */
 static isc_boolean_t
 dash_option(char *option, char *next, dig_lookup_t **lookup,
-	    isc_boolean_t *open_type_class,
-		isc_boolean_t *firstarg,
-		int argc, char **argv)
+	    isc_boolean_t *open_type_class)
 {
 	char cmd, *value, *ptr;
 	isc_result_t result;
@@ -913,8 +917,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
 	char textname[MXNAME];
-	struct in_addr in4;
-	struct in6_addr in6;
 
 	cmd = option[0];
 	if (strlen(option) > 1) {
@@ -944,17 +946,14 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		goto invalid_option;
 	switch (cmd) {
 	case 'b':
-		if (have_ipv6 && inet_pton(AF_INET6, value, &in6) == 1)
-			isc_sockaddr_fromin6(&bind_address, &in6, 0);
-		else if (have_ipv4 && inet_pton(AF_INET, value, &in4) == 1)
-			isc_sockaddr_fromin(&bind_address, &in4, 0);
-		else
-			fatal("invalid address %s", value);
+		get_address(value, 0, &bind_address);
 		specified_source = ISC_TRUE;
 		return (value_from_next);
 	case 'c':
 		if ((*lookup)->rdclassset) {
-			fprintf(stderr, ";; Warning, extra class option\n");
+			fprintf(stderr, ";; Warning, ignoring multiple "
+				"class options\n");
+			return (value_from_next);
 		}
 		*open_type_class = ISC_FALSE;
 		tr.base = value;
@@ -981,42 +980,33 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		port = parse_int(value, "port number", MAXPORT);
 		return (value_from_next);
 	case 't':
+		if ((*lookup)->rdtypeset) {
+			fprintf(stderr, ";; Warning, ignoring multiple "
+				"type options\n");
+			return (value_from_next);
+		}
 		*open_type_class = ISC_FALSE;
 		if (strncasecmp(value, "ixfr=", 5) == 0) {
-			rdtype = dns_rdatatype_ixfr;
-			result = ISC_R_SUCCESS;
+			(*lookup)->rdtype = dns_rdatatype_ixfr;
+			(*lookup)->rdtypeset = ISC_TRUE;
+			(*lookup)->ixfr_serial =
+				parse_int(&value[5], "serial number",
+					  MAXSERIAL);
+			(*lookup)->section_question = plusquest;
+			(*lookup)->comments = pluscomm;
+			return (value_from_next);
 		}
-		else
-		{
-			tr.base = value;
-			tr.length = strlen(value);
-			result = dns_rdatatype_fromtext(&rdtype,
+		tr.base = value;
+		tr.length = strlen(value);
+		result = dns_rdatatype_fromtext(&rdtype,
 						(isc_textregion_t *)&tr);
-		}
 		if (result == ISC_R_SUCCESS) {
-			if ((*lookup)->rdtypeset) {
-				fprintf(stderr, ";; Warning, "
-						"extra type option\n");
-			}
-			if (rdtype == dns_rdatatype_ixfr) {
-				(*lookup)->rdtype = dns_rdatatype_ixfr;
-				(*lookup)->rdtypeset = ISC_TRUE;
-				(*lookup)->ixfr_serial =
-					parse_int(&value[5], "serial number",
-					  	MAXSERIAL);
+			(*lookup)->rdtype = rdtype;
+			(*lookup)->rdtypeset = ISC_TRUE;
+			if (rdtype == dns_rdatatype_axfr) {
 				(*lookup)->section_question = plusquest;
 				(*lookup)->comments = pluscomm;
 			}
-			else
-			{
-				(*lookup)->rdtype = rdtype;
-				(*lookup)->rdtypeset = ISC_TRUE;
-				if (rdtype == dns_rdatatype_axfr) {
-					(*lookup)->section_question = plusquest;
-					(*lookup)->comments = pluscomm;
-				}
-				(*lookup)->ixfr_serial = ISC_FALSE;
-			}
 		} else
 			fprintf(stderr, ";; Warning, ignoring "
 				 "invalid type %s\n",
@@ -1047,16 +1037,11 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 			(*lookup)->trace_root = ISC_TF((*lookup)->trace  ||
 						(*lookup)->ns_search_only);
 			(*lookup)->nibble = nibble;
-			if (!(*lookup)->rdtypeset)
-				(*lookup)->rdtype = dns_rdatatype_ptr;
-			if (!(*lookup)->rdclassset)
-				(*lookup)->rdclass = dns_rdataclass_in;
+			(*lookup)->rdtype = dns_rdatatype_ptr;
+			(*lookup)->rdtypeset = ISC_TRUE;
+			(*lookup)->rdclass = dns_rdataclass_in;
+			(*lookup)->rdclassset = ISC_TRUE;
 			(*lookup)->new_search = ISC_TRUE;
-			if (*lookup && *firstarg)
-			{
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, *lookup, link);
 		} else {
 			fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1189,15 +1174,13 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		} else if (rv[0][0] == '-') {
 			if (rc <= 1) {
 				if (dash_option(&rv[0][1], NULL,
-						&lookup, &open_type_class,
-						&firstarg, argc, argv)) {
+						&lookup, &open_type_class)) {
 					rc--;
 					rv++;
 				}
 			} else {
 				if (dash_option(&rv[0][1], rv[1],
-						&lookup, &open_type_class,
-						&firstarg, argc, argv)) {
+						&lookup, &open_type_class)) {
 					rc--;
 					rv++;
 				}
@@ -1207,44 +1190,36 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			 * Anything which isn't an option
 			 */
 			if (open_type_class) {
+				tr.base = rv[0];
+				tr.length = strlen(rv[0]);
 				if (strncmp(rv[0], "ixfr=", 5) == 0) {
-					rdtype = dns_rdatatype_ixfr;
-					result = ISC_R_SUCCESS;
+					lookup->rdtype = dns_rdatatype_ixfr;
+					lookup->rdtypeset = ISC_TRUE;
+					lookup->ixfr_serial =
+						parse_int(&rv[0][5],
+							  "serial number",
+							  MAXSERIAL);
+					lookup->section_question = plusquest;
+					lookup->comments = pluscomm;
+					continue;
 				}
-				else
-				{
-					tr.base = rv[0];
-					tr.length = strlen(rv[0]);
-					result = dns_rdatatype_fromtext(&rdtype,
-						     	(isc_textregion_t *)&tr);
-				}
-				if (result == ISC_R_SUCCESS)
-				{
+				result = dns_rdatatype_fromtext(&rdtype,
+						     (isc_textregion_t *)&tr);
+				if ((result == ISC_R_SUCCESS) &&
+				    (rdtype != dns_rdatatype_ixfr)) {
 					if (lookup->rdtypeset) {
 						fprintf(stderr, ";; Warning, "
-							"extra type option\n");
+							"ignoring multiple "
+							"type options\n");
+						continue;
 					}
-					if (rdtype == dns_rdatatype_ixfr) {
-						lookup->rdtype = dns_rdatatype_ixfr;
-						lookup->rdtypeset = ISC_TRUE;
-						lookup->ixfr_serial =
-							parse_int(&rv[0][5],
-							  	"serial number",
-							  	MAXSERIAL);
-						lookup->section_question = plusquest;
+					if (rdtype == dns_rdatatype_axfr) {
+						lookup->section_question =
+							plusquest;
 						lookup->comments = pluscomm;
 					}
-					else
-					{
-						lookup->rdtype = rdtype;
-						lookup->rdtypeset = ISC_TRUE;
-						if (rdtype == dns_rdatatype_axfr) {
-							lookup->section_question =
-								plusquest;
-							lookup->comments = pluscomm;
-						}
-						lookup->ixfr_serial = ISC_FALSE;
-					}
+					lookup->rdtype = rdtype;
+					lookup->rdtypeset = ISC_TRUE;
 					continue;
 				}
 				result = dns_rdataclass_fromtext(&rdclass,
@@ -1252,7 +1227,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 				if (result == ISC_R_SUCCESS) {
 					if (lookup->rdclassset) {
 						fprintf(stderr, ";; Warning, "
-							"extra class option\n");
+							"ignoring multiple "
+							"class options\n");
+						continue;
 					}
 					lookup->rdclass = rdclass;
 					lookup->rdclassset = ISC_TRUE;
@@ -1327,10 +1304,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		strcpy(lookup->textname, ".");
 		lookup->rdtype = dns_rdatatype_ns;
 		lookup->rdtypeset = ISC_TRUE;
-		if (firstarg) {
-			printgreeting(argc, argv, lookup);
-			firstarg = ISC_FALSE;
-		}
+		printgreeting(argc, argv, lookup);
 		ISC_LIST_APPEND(lookup_list, lookup, link);
 	}
 }
@@ -1402,10 +1376,6 @@ main(int argc, char **argv) {
 	setup_libs();
 	parse_args(ISC_FALSE, ISC_FALSE, argc, argv);
 	setup_system();
-	if (domainopt[0] != '\0') {
-		set_search_domain(domainopt);
-		usesearch = ISC_TRUE;
-	}
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();
@@ -1415,7 +1385,8 @@ main(int argc, char **argv) {
 		      s, default_lookup);
 		s2 = s;
 		s = ISC_LIST_NEXT(s, link);
-		ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link);
+		ISC_LIST_DEQUEUE(default_lookup->my_server_list,
+				 (dig_server_t *)s2, link);
 		isc_mem_free(mctx, s2);
 	}
 	isc_mem_free(mctx, default_lookup);

bin/dig/dighost.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.198 2001/03/28 03:09:47 bwelling Exp $ */
+/* $Id: dighost.c,v 1.174.2.8 2001/04/26 18:20:47 gson Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -91,7 +91,9 @@ isc_boolean_t
 	cancel_now = ISC_FALSE,
 	usesearch = ISC_FALSE,
 	qr = ISC_FALSE,
-	is_dst_up = ISC_FALSE;
+	is_dst_up = ISC_FALSE,
+	have_domain = ISC_FALSE;
+
 in_port_t port = 53;
 unsigned int timeout = 0;
 isc_mem_t *mctx = NULL;
@@ -108,7 +110,8 @@ int sockcount = 0;
 int ndots = -1;
 int tries = 2;
 int lookup_counter = 0;
-
+char fixeddomain[MXNAME] = "";
+dig_searchlist_t *fixedsearch = NULL;
 /*
  * Exit Codes:
  *   0   Everything went well, including things like NXDOMAIN
@@ -133,6 +136,7 @@ isc_boolean_t memdebugging = ISC_FALSE;
 char *progname = NULL;
 isc_mutex_t lookup_lock;
 dig_lookup_t *current_lookup = NULL;
+isc_uint32_t rr_limit = INT_MAX;
 
 /*
  * Apply and clear locks at the event level in global task.
@@ -206,7 +210,6 @@ isc_result_t
 get_reverse(char *reverse, char *value, isc_boolean_t nibble) {
 	int adrs[4];
 	char working[MXNAME];
-	int remaining;
 	int i, n;
 	isc_result_t result;
 
@@ -221,15 +224,12 @@ get_reverse(char *reverse, char *value, isc_boolean_t nibble) {
 		if (n == 0) {
 			return (DNS_R_BADDOTTEDQUAD);
 		}
-		reverse[MXNAME - 1] = 0;
 		for (i = n - 1; i >= 0; i--) {
-			snprintf(working, sizeof(working), "%d.",
+			snprintf(working, MXNAME/8, "%d.",
 				 adrs[i]);
-			remaining = MXNAME - strlen(reverse) - 1;
-			strncat(reverse, working, remaining);
+			strncat(reverse, working, MXNAME);
 		}
-		remaining = MXNAME - strlen(reverse) - 1;
-		strncat(reverse, "in-addr.arpa.", remaining);
+		strncat(reverse, "in-addr.arpa.", MXNAME);
 		result = ISC_R_SUCCESS;
 	} else if (strspn(value, "0123456789abcdefABCDEF:") 
 		   == strlen(value)) {
@@ -350,9 +350,9 @@ make_empty_lookup(void) {
 		       __FILE__, __LINE__);
 	looknew->pending = ISC_TRUE;
 	looknew->textname[0] = 0;
-	looknew->cmdline[0] = 0;
-	looknew->rdtype = dns_rdatatype_a;
-	looknew->rdclass = dns_rdataclass_in;
+	looknew->cmdline[0] = 0; /* Not copied in clone_lookup! */
+	looknew->rdtype = dns_rdatatype_none;
+	looknew->rdclass = dns_rdataclass_none;
 	looknew->rdtypeset = ISC_FALSE;
 	looknew->rdclassset = ISC_FALSE;
 	looknew->sendspace = NULL;
@@ -364,10 +364,10 @@ make_empty_lookup(void) {
 	looknew->current_query = NULL;
 	looknew->doing_xfr = ISC_FALSE;
 	looknew->ixfr_serial = ISC_FALSE;
+	looknew->defname = ISC_FALSE;
 	looknew->trace = ISC_FALSE;
 	looknew->trace_root = ISC_FALSE;
 	looknew->identify = ISC_FALSE;
-	looknew->identify_previous_line = ISC_FALSE;
 	looknew->ignore = ISC_FALSE;
 	looknew->servfail_stops = ISC_FALSE;
 	looknew->besteffort = ISC_TRUE;
@@ -378,7 +378,6 @@ make_empty_lookup(void) {
 	looknew->adflag = ISC_FALSE;
 	looknew->cdflag = ISC_FALSE;
 	looknew->ns_search_only = ISC_FALSE;
-	looknew->ns_search_only_leafnode = ISC_FALSE;
 	looknew->origin = NULL;
 	looknew->querysig = NULL;
 	looknew->retries = tries;
@@ -419,19 +418,18 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 
 	looknew = make_empty_lookup();
 	INSIST(looknew != NULL);
-	strncpy(looknew->textname, lookold->textname, MXNAME);
-	strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
-	looknew->textname[MXNAME-1] = 0;
+	strncpy(looknew->textname, lookold-> textname, MXNAME);
+	looknew->textname[MXNAME-1]=0;
 	looknew->rdtype = lookold->rdtype;
 	looknew->rdclass = lookold->rdclass;
 	looknew->rdtypeset = lookold->rdtypeset;
 	looknew->rdclassset = lookold->rdclassset;
 	looknew->doing_xfr = lookold->doing_xfr;
 	looknew->ixfr_serial = lookold->ixfr_serial;
+	looknew->defname = lookold->defname;
 	looknew->trace = lookold->trace;
 	looknew->trace_root = lookold->trace_root;
 	looknew->identify = lookold->identify;
-	looknew->identify_previous_line = lookold->identify_previous_line;
 	looknew->ignore = lookold->ignore;
 	looknew->servfail_stops = lookold->servfail_stops;
 	looknew->besteffort = lookold->besteffort;
@@ -442,7 +440,6 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 	looknew->adflag = lookold->adflag;
 	looknew->cdflag = lookold->cdflag;
 	looknew->ns_search_only = lookold->ns_search_only;
-	looknew->ns_search_only_leafnode = lookold->ns_search_only_leafnode;
 	looknew->tcp_mode = lookold->tcp_mode;
 	looknew->comments = lookold->comments;
 	looknew->stats = lookold->stats;
@@ -451,9 +448,10 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 	looknew->section_authority = lookold->section_authority;
 	looknew->section_additional = lookold->section_additional;
 	looknew->retries = lookold->retries;
+	looknew->origin = lookold->origin;
 #ifdef DNS_OPT_NEWCODES_LIVE
-	strncpy(looknew->viewname, lookold->viewname, MXNAME);
-	strncpy(looknew->zonename, lookold->zonename, MXNAME);
+	strncpy(looknew->viewname, lookold-> viewname, MXNAME);
+	strncpy(looknew->zonename, lookold-> zonename, MXNAME);
 #endif /* DNS_OPT_NEWCODES_LIVE */
 
 	if (servers)
@@ -514,7 +512,8 @@ setup_text_key(void) {
 		fatal("Memory allocation failure in %s:%d",
 		      __FILE__, __LINE__);
 	isc_buffer_init(&secretbuf, secretstore, secretsize);
-	result = isc_base64_decodestring(keysecret, &secretbuf);
+	result = isc_base64_decodestring(mctx, keysecret,
+					 &secretbuf);
 	if (result != ISC_R_SUCCESS) {
 		printf(";; Couldn't create key %s: %s\n",
 		       keynametext, isc_result_totext(result));
@@ -596,19 +595,6 @@ setup_file_key(void) {
 		isc_mem_free(mctx, secretstore);
 }
 
-static dig_searchlist_t *
-make_searchlist_entry(char *domain) {
-	dig_searchlist_t *search;
-	search = isc_mem_allocate(mctx, sizeof(*search));
-	if (search == NULL)
-		fatal("Memory allocation failure in %s:%d",
-		      __FILE__, __LINE__);
-	strncpy(search->origin, domain, MXNAME);
-	search->origin[MXNAME-1] = 0;
-	ISC_LINK_INIT(search, link);
-	return (search);
-}
-
 /*
  * Setup the system as a whole, reading key information and resolv.conf
  * settings.
@@ -619,7 +605,7 @@ setup_system(void) {
 	FILE *fp;
 	char *ptr;
 	dig_server_t *srv;
-	dig_searchlist_t *search, *domain = NULL;
+	dig_searchlist_t *search;
 	isc_boolean_t get_servers;
 	char *input;
 
@@ -629,61 +615,88 @@ setup_system(void) {
 	get_servers = ISC_TF(server_list.head == NULL);
 	fp = fopen(RESOLVCONF, "r");
 	/* XXX Use lwres resolv.conf reader */
-	if (fp == NULL)
-		goto no_file;
-
-	while (fgets(rcinput, MXNAME, fp) != 0) {
-		input = rcinput;
-		ptr = next_token(&input, " \t\r\n");
-		if (ptr != NULL) {
-			if (get_servers &&
-			    strcasecmp(ptr, "nameserver") == 0) {
-				debug("got a nameserver line");
-				ptr = next_token(&input, " \t\r\n");
-				if (ptr != NULL) {
-					srv = make_server(ptr);
-					ISC_LIST_APPEND(server_list, srv, link);
-				}
-			} else if (strcasecmp(ptr, "options") == 0) {
-				ptr = next_token(&input, " \t\r\n");
-				if (ptr != NULL) {
-					if((strncasecmp(ptr, "ndots:",
-							6) == 0) &&
-					   (ndots == -1)) {
-						ndots = atoi(
-							     &ptr[6]);
-						debug("ndots is %d.",
-						      ndots);
+	if (fp != NULL) {
+		while (fgets(rcinput, MXNAME, fp) != 0) {
+			input = rcinput;
+			ptr = next_token(&input, " \t\r\n");
+			if (ptr != NULL) {
+				if (get_servers &&
+				    strcasecmp(ptr, "nameserver") == 0) {
+					debug("got a nameserver line");
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr != NULL) {
+						srv = make_server(ptr);
+						ISC_LIST_APPEND
+							(server_list,
+							 srv, link);
+					}
+				} else if (strcasecmp(ptr, "options") == 0) {
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr != NULL) {
+						if((strncasecmp(ptr, "ndots:",
+							    6) == 0) &&
+						    (ndots == -1)) {
+							ndots = atoi(
+							      &ptr[6]);
+							debug("ndots is "
+							       "%d.",
+							       ndots);
+						}
+					}
+				} else if (strcasecmp(ptr, "search") == 0){
+					while ((ptr = next_token(&input, " \t\r\n"))
+					       != NULL) {
+						debug("adding search %s",
+						      ptr);
+						search = isc_mem_allocate(
+						   mctx, sizeof(struct
+								dig_server));
+						if (search == NULL)
+							fatal("Memory "
+							      "allocation "
+							      "failure in %s:"
+							      "%d", __FILE__,
+							      __LINE__);
+						strncpy(search->
+							origin,
+							ptr,
+							MXNAME);
+						search->origin[MXNAME-1]=0;
+						ISC_LIST_INITANDAPPEND
+							(search_list,
+							 search,
+							 link);
+					}
+				} else if ((strcasecmp(ptr, "domain") == 0) &&
+					   (fixeddomain[0] == 0 )){
+					have_domain = ISC_TRUE;
+					while ((ptr = next_token(&input, " \t\r\n"))
+					       != NULL) {
+						search = isc_mem_allocate(
+						   mctx, sizeof(struct
+								dig_server));
+						if (search == NULL)
+							fatal("Memory "
+							      "allocation "
+							      "failure in %s:"
+							      "%d", __FILE__,
+							      __LINE__);
+						strncpy(search->
+							origin,
+							ptr,
+							MXNAME - 1);
+						search->origin[MXNAME-1]=0;
+						ISC_LIST_INITANDPREPEND
+							(search_list,
+							 search,
+							 link);
 					}
-				}
-			} else if (strcasecmp(ptr, "search") == 0){
-				while ((ptr = next_token(&input, " \t\r\n"))
-				       != NULL) {
-					debug("adding search %s", ptr);
-					search = make_searchlist_entry(ptr);
-					ISC_LIST_INITANDAPPEND(search_list,
-							       search, link);
-				}
-			} else if (strcasecmp(ptr, "domain") == 0) {
-				while ((ptr = next_token(&input, " \t\r\n"))
-				       != NULL) {
-					if (domain != NULL)
-						isc_mem_free(mctx, domain);
-					domain = make_searchlist_entry(ptr);
 				}
 			}
 		}
+		fclose(fp);
 	}
-	fclose(fp);
- no_file:
 
-	if (ISC_LIST_EMPTY(search_list) && domain != NULL) {
-		ISC_LIST_INITANDAPPEND(search_list, domain, link);
-		domain = NULL;
-	}
-	if (domain != NULL)
-		isc_mem_free(mctx, domain);
-	
 	if (ndots == -1)
 		ndots = 1;
 
@@ -698,27 +711,6 @@ setup_system(void) {
 		setup_text_key();
 }
 
-static void
-clear_searchlist(void) {
-	dig_searchlist_t *search;
-	while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
-		ISC_LIST_UNLINK(search_list, search, link);
-		isc_mem_free(mctx, search);
-	}
-}
-
-/*
- * Override the search list derived from resolv.conf by 'domain'.
- */
-void
-set_search_domain(char *domain) {
-	dig_searchlist_t *search;
-	
-	clear_searchlist();
-	search = make_searchlist_entry(domain);
-	ISC_LIST_APPEND(search_list, search, link);
-}
-
 /*
  * Setup the ISC and DNS libraries for use by the system.
  */
@@ -822,7 +814,7 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_boolean_t dnssec
 	rdata->data = NULL;
 	rdata->length = 0;
 #ifdef DNS_OPT_NEWCODES_LIVE
-	for (i = 0; i < optlist.used; i++)
+	for (i=0; i<optlist.used; i++)
 		optsize += optlist.attrs[i].value.length + 4;
 	result = isc_buffer_allocate(mctx, &rdatabuf, optsize);
 	check_result(result, "isc_buffer_allocate");
@@ -1027,9 +1019,9 @@ check_next_lookup(dig_lookup_t *lookup) {
  * Create and queue a new lookup as a followup to the current lookup,
  * based on the supplied message and section.  This is used in trace and
  * name server search modes to start a new lookup using servers from
- * NS records in a reply. Returns the number of followup lookups made.
+ * NS records in a reply.
  */
-static int
+static void
 followup_lookup(dns_message_t *msg, dig_query_t *query,
 		dns_section_t section) {
 	dig_lookup_t *lookup = NULL;
@@ -1042,7 +1034,6 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 	isc_region_t r;
 	isc_boolean_t success = ISC_FALSE;
 	int len;
-	int numLookups = 0;
 
 	INSIST(!free_now);
 
@@ -1054,9 +1045,8 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 			isc_result_totext(result));
 		if ((section == DNS_SECTION_ANSWER) &&
 		    (query->lookup->trace || query->lookup->ns_search_only))
-			numLookups +=
-			    followup_lookup(msg, query, DNS_SECTION_AUTHORITY);
-		return numLookups;
+			followup_lookup(msg, query, DNS_SECTION_AUTHORITY);
+		return;
 	}
 
 	debug("following up %s", query->lookup->textname);
@@ -1094,7 +1084,6 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 					debug("found NS %d %.*s",
 						 (int)r.length, (int)r.length,
 						 (char *)r.base);
-					numLookups++;
 					if (!success) {
 						success = ISC_TRUE;
 						lookup_counter++;
@@ -1103,6 +1092,7 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 							(query->lookup,
 							 ISC_FALSE);
 						lookup->doing_xfr = ISC_FALSE;
+						lookup->defname = ISC_FALSE;
 						if (section ==
 						    DNS_SECTION_ANSWER) {
 						      lookup->trace =
@@ -1117,9 +1107,6 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 						      lookup->ns_search_only =
 							query->
 							lookup->ns_search_only;
-						      lookup->ns_search_only_leafnode =
-							query->
-							lookup->ns_search_only_leafnode;
 						}
 						lookup->trace_root = ISC_FALSE;
 					}
@@ -1142,17 +1129,12 @@ followup_lookup(dns_message_t *msg, dig_query_t *query,
 	}
 	if ((lookup == NULL) && (section == DNS_SECTION_ANSWER) &&
 	    (query->lookup->trace || query->lookup->ns_search_only))
-		numLookups +=
-			followup_lookup(msg, query, DNS_SECTION_AUTHORITY);
-
-	return numLookups;
+		followup_lookup(msg, query, DNS_SECTION_AUTHORITY);
 }
 
 /*
- * Create and queue a new lookup using the next origin from the search
+ * Create and queue a new lookup using the next origin from the origin
  * list, read in setup_system().
- *
- * Return ISC_TRUE iff there was another searchlist entry.
  */
 static isc_boolean_t
 next_origin(dns_message_t *msg, dig_query_t *query) {
@@ -1165,6 +1147,16 @@ next_origin(dns_message_t *msg, dig_query_t *query) {
 	debug("next_origin()");
 	debug("following up %s", query->lookup->textname);
 
+	if (fixedsearch == query->lookup->origin) {
+		/*
+		 * This is a fixed domain search; there is no next entry.
+		 * While we're here, clear out the fixedsearch alloc.
+		 */
+		isc_mem_free(mctx, fixedsearch);
+		fixedsearch = NULL;
+		query->lookup->origin = NULL;
+		return (ISC_FALSE);
+	}
 	if (!usesearch)
 		/*
 		 * We're not using a search list, so don't even think
@@ -1178,6 +1170,7 @@ next_origin(dns_message_t *msg, dig_query_t *query) {
 		return (ISC_FALSE);
 	cancel_lookup(query->lookup);
 	lookup = requeue_lookup(query->lookup, ISC_TRUE);
+	lookup->defname = ISC_FALSE;
 	lookup->origin = ISC_LIST_NEXT(query->lookup->origin, link);
 	return (ISC_TRUE);
 }
@@ -1262,7 +1255,6 @@ setup_lookup(dig_lookup_t *lookup) {
 	dig_query_t *query;
 	isc_region_t r;
 	isc_buffer_t b;
-	dns_compress_t cctx;
 	char store[MXNAME];
 
 	REQUIRE(lookup != NULL);
@@ -1300,10 +1292,26 @@ setup_lookup(dig_lookup_t *lookup) {
 	 * is TRUE or we got a domain line in the resolv.conf file.
 	 */
 	/* XXX New search here? */
-	if ((count_dots(lookup->textname) >= ndots) || !usesearch)
+	if ((count_dots(lookup->textname) >= ndots) ||
+	    (!lookup->defname && !usesearch))
 		lookup->origin = NULL; /* Force abs lookup */
-	else if (lookup->origin == NULL && lookup->new_search && usesearch) {
-		lookup->origin = ISC_LIST_HEAD(search_list);
+	else if (lookup->origin == NULL && lookup->new_search &&
+		 (usesearch || have_domain)) {
+		if (fixeddomain[0] != 0) {
+			debug("using fixed domain %s", fixeddomain);
+			if (fixedsearch != NULL)
+				isc_mem_free(mctx, fixedsearch);
+			fixedsearch = isc_mem_allocate(mctx,
+						sizeof(struct dig_server));
+			if (fixedsearch == NULL)
+				fatal("Memory allocation failure in %s:%d",
+				      __FILE__, __LINE__);
+			strncpy(fixedsearch->origin, fixeddomain,
+				sizeof(fixedsearch->origin));
+			fixedsearch->origin[sizeof(fixedsearch->origin)-1]=0;
+			lookup->origin = fixedsearch;
+		} else
+			lookup->origin = ISC_LIST_HEAD(search_list);
 	}
 	if (lookup->origin != NULL) {
 		debug("trying origin %s", lookup->origin->origin);
@@ -1362,7 +1370,7 @@ setup_lookup(dig_lookup_t *lookup) {
 			dns_message_puttempname(lookup->sendmsg,
 						&lookup->name);
 			isc_buffer_init(&b, store, MXNAME);
-			fatal("'%s' is not a legal name "
+			fatal("'%s' is not a legal name syntax "
 			      "(%s)", lookup->textname,
 			      dns_result_totext(result));
 		}
@@ -1418,6 +1426,14 @@ setup_lookup(dig_lookup_t *lookup) {
 		lookup->tcp_mode = ISC_TRUE;
 	}
 
+	/*
+	 * Change NONE lookups to something meaningful.
+	 */
+	if (!lookup->rdtypeset)
+		lookup->rdtype = dns_rdatatype_a;
+	if (!lookup->rdclassset)
+		lookup->rdclass = dns_rdataclass_in;
+
 	add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
 		     lookup->rdtype);
 
@@ -1438,22 +1454,18 @@ setup_lookup(dig_lookup_t *lookup) {
 	if (lookup->sendspace == NULL)
 		fatal("memory allocation failure");
 
-	result = dns_compress_init(&cctx, -1, mctx);
-	check_result(result, "dns_compress_init");
-
 	debug("starting to render the message");
 	isc_buffer_init(&lookup->sendbuf, lookup->sendspace, COMMSIZE);
-	result = dns_message_renderbegin(lookup->sendmsg, &cctx,
-					 &lookup->sendbuf);
+	result = dns_message_renderbegin(lookup->sendmsg, &lookup->sendbuf);
 	check_result(result, "dns_message_renderbegin");
 #ifndef DNS_OPT_NEWCODES_LIVE
 	if (lookup->udpsize > 0 || lookup->dnssec) {
 #else /* DNS_OPT_NEWCODES_LIVE */
 	if (lookup->udpsize > 0 ||  || lookup->dnssec ||
-	    lookup->zonename[0] != 0 || lookup->viewname[0] != 0) {
+	    lookup->zonename[0] !=0 || lookup->viewname[0] != 0) {
 		dns_fixedname_t fname;
 		isc_buffer_t namebuf, *wirebuf = NULL;
-		dns_compress_t zcctx;
+		dns_compress_t cctx;
 		dns_optlist_t optlist;
 		dns_optattr_t optattr[2];
 #endif /* DNS_OPT_NEWCODES_LIVE */
@@ -1477,12 +1489,12 @@ setup_lookup(dig_lookup_t *lookup) {
 						   dns_rootname, ISC_FALSE,
 						   NULL);
 			check_result(result, "; illegal zone option");
-			result = dns_compress_init(&zcctx, 0, mctx);
+			result = dns_compress_init(&cctx, 0, mctx);
 			check_result(result, "dns_compress_init");
 			result = isc_buffer_allocate(mctx, &wirebuf,
 						     MXNAME);
 			check_result(result, "isc_buffer_allocate");
-			result = dns_name_towire(&(fname.name), &zcctx,
+			result = dns_name_towire(&(fname.name), &cctx,
 						 wirebuf);
 			check_result(result, "dns_name_towire");
 			optattr[optlist.used].value.base =
@@ -1490,7 +1502,7 @@ setup_lookup(dig_lookup_t *lookup) {
 			optattr[optlist.used].value.length =
 				isc_buffer_usedlength(wirebuf);
 			optlist.used++;
-			dns_compress_invalidate(&zcctx);
+			dns_compress_invalidate(&cctx);
 		}
 		if (lookup->viewname[0] != 0) {
 			optattr[optlist.used].code = DNS_OPTCODE_VIEW;
@@ -1519,8 +1531,6 @@ setup_lookup(dig_lookup_t *lookup) {
 	check_result(result, "dns_message_renderend");
 	debug("done rendering");
 
-	dns_compress_invalidate(&cctx);
-
 	/*
 	 * Force TCP mode if the request is larger than 512 bytes.
 	 */
@@ -1544,6 +1554,8 @@ setup_lookup(dig_lookup_t *lookup) {
 		query->first_pass = ISC_TRUE;
 		query->first_soa_rcvd = ISC_FALSE;
 		query->second_rr_rcvd = ISC_FALSE;
+		query->first_repeat_rcvd = ISC_FALSE;
+		query->first_rr_serial = 0;
 		query->second_rr_serial = 0;
 		query->servname = serv->servername;
 		query->rr_count = 0;
@@ -1715,10 +1727,10 @@ send_tcp_connect(dig_query_t *query) {
 				    global_task, connect_done, query);
 	check_result(result, "isc_socket_connect");
 	/*
-	 * If we're at the endgame of a nameserver search, we need to
-	 * immediately bring up all the queries.  Do it here.
+	 * If we're doing a nameserver search, we need to immediately
+	 * bring up all the queries.  Do it here.
 	 */
-	if (l->ns_search_only_leafnode) {
+	if (l->ns_search_only) {
 		debug("sending next, since searching");
 		next = ISC_LIST_NEXT(query, link);
 		if (next != NULL)
@@ -1793,10 +1805,10 @@ send_udp(dig_query_t *query) {
 	check_result(result, "isc_socket_sendtov");
 	sendcount++;
 	/*
-	 * If we're at the endgame of a nameserver search, we need to
-	 * immediately bring up all the queries.  Do it here.
+	 * If we're doing a nameserver search, we need to immediately
+	 * bring up all the queries.  Do it here.
 	 */
-	if (l->ns_search_only_leafnode) {
+	if (l->ns_search_only) {
 		debug("sending next, since searching");
 		next = ISC_LIST_NEXT(query, link);
 		if (next != NULL)
@@ -2110,6 +2122,9 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
 	dns_rdata_soa_t soa;
 	isc_result_t result;
 	isc_buffer_t b;
+	isc_region_t r;
+	char abspace[MXNAME];
+	isc_boolean_t atlimit=ISC_FALSE;
 
 	debug("check_for_more_data()");
 
@@ -2140,6 +2155,8 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
 				continue;
 			do {
 				query->rr_count++;
+				if (query->rr_count >= rr_limit)
+					atlimit = ISC_TRUE;
 				dns_rdata_reset(&rdata);
 				dns_rdataset_current(rdataset, &rdata);
 				/*
@@ -2248,11 +2265,22 @@ check_for_more_data(dig_query_t *query, dns_message_t *msg,
 		}
 		result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
 	} while (result == ISC_R_SUCCESS);
+	if (atlimit) {
+	doexit:
+		isc_buffer_init(&b, abspace, MXNAME);
+		result = isc_sockaddr_totext(&sevent->address, &b);
+		check_result(result,
+			     "isc_sockaddr_totext");
+		isc_buffer_usedregion(&b, &r);
+		received(b.used, r.length,
+			 (char *)r.base, query);
+		if (atlimit)
+			if (exitcode < 7)
+				exitcode = 7;
+		return (ISC_TRUE);
+	}
 	launch_next_query(query, ISC_FALSE);
 	return (ISC_FALSE);
- doexit:
-	received(b.used, &sevent->address, query);
-	return (ISC_TRUE);
 }
 
 /*
@@ -2266,6 +2294,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 	isc_buffer_t *b = NULL;
 	dns_message_t *msg = NULL;
 	isc_result_t result;
+	isc_buffer_t ab;
+	char abspace[MXNAME];
+	isc_region_t r;
 	dig_lookup_t *n, *l;
 	isc_boolean_t docancel = ISC_FALSE;
 	unsigned int local_timeout;
@@ -2290,7 +2321,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 
 	if ((l->tcp_mode) && (l->timer != NULL))
 		isc_timer_touch(l->timer);
-	if ((!l->pending && !l->ns_search_only && !l->ns_search_only_leafnode)
+	if ((!l->pending && !l->ns_search_only)
 	    || cancel_now) {
 		debug("no longer pending.  Got %s",
 			isc_result_totext(sevent->result));
@@ -2461,93 +2492,40 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 					if (!next_origin(msg, query)) {
 						printmessage(query, msg,
 							     ISC_TRUE);
-						received(b->used, 
-							 &sevent->address,
+						isc_buffer_init(&ab, abspace,
+								MXNAME);
+						result = isc_sockaddr_totext(
+							&sevent->address,
+							&ab);
+						check_result(result,
+						      "isc_sockaddr_totext");
+						isc_buffer_usedregion(&ab, &r);
+						received(b->used, r.length,
+							 (char *)r.base,
 							 query);
 					}
 				} else {
 					result = dns_message_firstname
 						(msg,DNS_SECTION_ANSWER);
-					if (l->ns_search_only)
-					{
-						if ((result != ISC_R_SUCCESS) || l->trace_root)
-						{
-							/*
-							 * We didn't get an
-							 * answer section,
-							 * or else this is
-							 * the first initial
-							 * SOA query (in which
-							 * case we will in fact
-							 * get an answer
-							 * section but it won't
-							 * be the right one).
-							 * In either case,
-							 * our next query
-							 * should be an NS.
-							 */
-							l->rdtype = dns_rdatatype_ns;
-						}
-						else
-						{
-							/*
-							 * We got an answer
-							 * section for our
-							 * NS query! Yay!
-							 * Now we shift gears,
-							 * set the leafnode bit
-							 * and look for SOAs
-							 * in all the servers
-							 * we got back in our
-							 * answer section.
-							 */
-							l->rdtype = dns_rdatatype_soa;
-							l->ns_search_only_leafnode = ISC_TRUE;
-							if (followup_lookup(msg, query,
-								DNS_SECTION_ANSWER) == 0)
-							{
-								docancel = ISC_TRUE;
-							}
-						}
-					}
 					if ((result != ISC_R_SUCCESS) ||
 					    l->trace_root)
-					{
-						/*
-						 * This is executed regardless
-						 * of whether we're doing
-						 * ns_search_only, but because
-						 * of the way the logic works,
-						 * it's mutually exclusive
-						 * with the other call to
-						 * followup_lookup above. This
-						 * is a good thing because we
-						 * want to call followup_lookup
-						 * at most once per query.
-						 * 
-						 * The idea here is that
-						 * if we didn't get an answer
-						 * section (or if it's the
-						 * initial root query) then
-						 * we want to take whatever is
-						 * in the authority section and
-						 * follow up with them.
-						 */
-						if (followup_lookup(msg, query,
-							DNS_SECTION_AUTHORITY)
-							== 0)
-						{
-							docancel = ISC_TRUE;
-						}
-					}
+						followup_lookup(msg, query,
+							DNS_SECTION_AUTHORITY);
 				}
 			} else if ((msg->rcode != 0) &&
 				 (l->origin != NULL)) {
 				if (!next_origin(msg, query)) {
 					printmessage(query, msg,
 						     ISC_TRUE);
-					received(b->used,
-						 &sevent->address,
+					isc_buffer_init(&ab, abspace, MXNAME);
+					result = isc_sockaddr_totext(
+							     &sevent->address,
+							     &ab);
+					check_result(result,
+						     "isc_sockaddr_totext");
+					isc_buffer_usedregion(&ab, &r);
+					received(b->used, r.length,
+						 (char *)r.base,
 						 query);
 				}
 			} else {
@@ -2555,7 +2533,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 			}
 		} else if ((dns_message_firstname(msg, DNS_SECTION_ANSWER)
 			    == ISC_R_SUCCESS) &&
-			   (l->ns_search_only || l->ns_search_only_leafnode) &&
+			   l->ns_search_only &&
 			   !l->trace_root ) {
 			printmessage(query, msg, ISC_TRUE);
 		}
@@ -2570,8 +2548,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 				UNLOCK_LOOKUP;
 				return;
 			}
-			if (! docancel)
-				docancel = check_for_more_data(query, msg, sevent);
+			docancel = check_for_more_data(query, msg, sevent);
 			if (docancel) {
 				dns_message_destroy(&msg);
 				clear_query(query);
@@ -2585,16 +2562,18 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 		else {
 			if ((msg->rcode == 0) ||
 			    (l->origin == NULL)) {
-				received(b->used, 
-					 &sevent->address,
+				isc_buffer_init(&ab, abspace, MXNAME);
+				result = isc_sockaddr_totext(&sevent->address,
+							     &ab);
+				check_result(result, "isc_sockaddr_totext");
+				isc_buffer_usedregion(&ab, &r);
+				received(b->used, r.length,
+					 (char *)r.base,
 					 query);
 			}
-			if (!(query->lookup->ns_search_only ||
-			      query->lookup->ns_search_only_leafnode))
-				query->lookup->pending = ISC_FALSE;
-			if (!(query->lookup->ns_search_only ||
-			      query->lookup->ns_search_only_leafnode) ||
-			    query->lookup->trace_root || docancel) {
+			query->lookup->pending = ISC_FALSE;
+			if (!query->lookup->ns_search_only ||
+			    query->lookup->trace_root) {
 				dns_message_destroy(&msg);
 				cancel_lookup(l);
 			}
@@ -2671,13 +2650,13 @@ get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
 			hints.ai_family = PF_UNSPEC;
 		debug ("before getaddrinfo()");
 		isc_app_block();
-		result = getaddrinfo(host, NULL, &hints, &res);
+ 		result = getaddrinfo(host, NULL, &hints, &res);
 		isc_app_unblock();
 		if (result != 0) {
 			fatal("Couldn't find server '%s': %s",
 			      host, gai_strerror(result));
 		}
-		memcpy(&sockaddr->type.sa, res->ai_addr, res->ai_addrlen);
+		memcpy(&sockaddr->type.sa,res->ai_addr, res->ai_addrlen);
 		sockaddr->length = res->ai_addrlen;
 		isc_sockaddr_setport(sockaddr, port);
 		freeaddrinfo(res);
@@ -2778,6 +2757,7 @@ void
 destroy_libs(void) {
 	void *ptr;
 	dig_server_t *s;
+	dig_searchlist_t *o;
 
 	debug("destroy_libs()");
 	if (global_task != NULL) {
@@ -2803,6 +2783,11 @@ destroy_libs(void) {
 
 	free_now = ISC_TRUE;
 
+	if (fixedsearch != NULL) {
+		debug("freeing fixed search");
+		isc_mem_free(mctx, fixedsearch);
+		fixedsearch = NULL;
+	}
 	s = ISC_LIST_HEAD(server_list);
 	while (s != NULL) {
 		debug("freeing global server %p", s);
@@ -2810,7 +2795,13 @@ destroy_libs(void) {
 		s = ISC_LIST_NEXT(s, link);
 		isc_mem_free(mctx, ptr);
 	}
-	clear_searchlist();
+	o = ISC_LIST_HEAD(search_list);
+	while (o != NULL) {
+		debug("freeing search %p", o);
+		ptr = o;
+		o = ISC_LIST_NEXT(o, link);
+		isc_mem_free(mctx, ptr);
+	}
 	if (commctx != NULL) {
 		debug("freeing commctx");
 		isc_mempool_destroy(&commctx);

bin/dig/host.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.66 2001/03/14 18:08:17 bwelling Exp $ */
+/* $Id: host.c,v 1.60.4.2 2001/03/14 18:08:50 bwelling Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
@@ -45,12 +45,13 @@ extern ISC_LIST(dig_lookup_t) lookup_list;
 extern ISC_LIST(dig_server_t) server_list;
 extern ISC_LIST(dig_searchlist_t) search_list;
 
-extern isc_boolean_t usesearch;
 extern isc_boolean_t debugging;
 extern unsigned int timeout;
 extern isc_mem_t *mctx;
 extern int ndots;
 extern int tries;
+extern isc_boolean_t usesearch;
+extern int lookup_counter;
 extern char *progname;
 extern isc_task_t *global_task;
 
@@ -229,20 +230,17 @@ dighost_shutdown(void) {
 }
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
-{
+received(int bytes, int frmsize, char *frm, dig_query_t *query) {
 	isc_time_t now;
 	isc_result_t result;
 	int diff;
 
 	if (!short_form) {
-		char fromtext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
 		result = isc_time_now(&now);
 		check_result(result, "isc_time_now");
 		diff = isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n",
-		       bytes, fromtext, diff/1000);
+		printf("Received %u bytes from %.*s in %d ms\n",
+		       bytes, frmsize, frm, diff/1000);
 	}
 }
 
@@ -251,7 +249,7 @@ trying(int frmsize, char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
 	if (!short_form)
-		printf("Trying \"%.*s\"\n", frmsize, frm);
+		printf ("Trying \"%.*s\"\n", frmsize, frm);
 }
 
 static void
@@ -272,16 +270,12 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	result = dns_rdata_totext(rdata, NULL, b2);
 	check_result(result, "dns_rdata_totext");
 	isc_buffer_usedregion(b2, &r2);
-	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t",
-			query->servname);
-	}
-	printf("%.*s %s %.*s", (int)r.length, (char *)r.base,
-	       msg, (int)r2.length, (char *)r2.base);
+	printf ( "%.*s %s %.*s", (int)r.length, (char *)r.base,
+		 msg, (int)r2.length, (char *)r2.base);
 	if (query->lookup->identify) {
-		printf(" on server %s", query->servname);
+		printf (" on server %s", query->servname);
 	}
-	printf("\n");
+	printf ("\n");
 	isc_buffer_free(&b);
 	isc_buffer_free(&b2);
 }
@@ -352,7 +346,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 				while (loopresult == ISC_R_SUCCESS) {
 					dns_rdataset_current(rdataset, &rdata);
 					if (rdata.type <= 103)
-						rtt = rtypetext[rdata.type];
+						rtt=rtypetext[rdata.type];
 					else if (rdata.type == 249)
 						rtt = "key";
 					else if (rdata.type == 250)
@@ -422,14 +416,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 
 	UNUSED(headers);
 
-	/*
-	 * Special case. If we're doing an ns_search_only query, but we're
-	 * still following pointers, haven't gotten to the real NS records
-	 * yet, don't print anything.
-	 */
-	if (query->lookup->ns_search_only && !query->lookup->ns_search_only_leafnode)
-		return (ISC_R_SUCCESS);
-
 	if (listed_server) {
 		printf("Using domain server:\n");
 		printf("Name: %s\n", query->servname);
@@ -590,8 +576,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 						   (isc_textregion_t *)&tr);
 
 			if (result != ISC_R_SUCCESS)
-				fprintf(stderr,"Warning: invalid type: %s\n",
-					isc_commandline_argument);
+				fprintf (stderr,"Warning: invalid type: %s\n",
+					 isc_commandline_argument);
 			else {
 				lookup->rdtype = rdtype;
 				lookup->rdtypeset = ISC_TRUE;
@@ -604,8 +590,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 						   (isc_textregion_t *)&tr);
 
 			if (result != ISC_R_SUCCESS)
-				fprintf(stderr,"Warning: invalid class: %s\n",
-					isc_commandline_argument);
+				fprintf (stderr,"Warning: invalid class: %s\n",
+					 isc_commandline_argument);
 			else {
 				lookup->rdclass = rdclass;
 				lookup->rdclassset = ISC_TRUE;
@@ -647,7 +633,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			lookup->rdclassset = ISC_TRUE;
 			lookup->ns_search_only = ISC_TRUE;
 			lookup->trace_root = ISC_TRUE;
-			lookup->identify_previous_line = ISC_TRUE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",

bin/dig/include/dig/dig.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.67 2001/02/17 01:05:30 gson Exp $ */
+/* $Id: dig.h,v 1.60.4.1 2001/01/09 22:31:26 bwelling Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -83,10 +83,7 @@ struct dig_lookup {
 		waiting_connect,
 		doing_xfr,
 		ns_search_only,
-		ns_search_only_leafnode,
-		identify, /* Append an "on server <foo>" message */
-		identify_previous_line, /* Prepend a "Nameserver <foo>:"
-					   message, with newline and tab */
+		identify,
 		ignore,
 		recurse,
 		aaonly,
@@ -94,6 +91,7 @@ struct dig_lookup {
 		cdflag,
 		trace,
 		trace_root,
+		defname,
 		tcp_mode,
 		nibble,
 		comments,
@@ -242,26 +240,14 @@ cancel_all(void);
 void
 destroy_libs(void);
 
-void
-set_search_domain(char *domain);
-
 /*
- * Routines to be defined in dig.c, host.c, and nslookup.c.
+ * Routines needed in dig.c and host.c.
  */
-
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
-/*
- * Print the final result of the lookup.
- */
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
-/*
- * Print a message about where and when the response
- * was received from, like the final comment in the
- * output of "dig".
- */
+received(int bytes, int frmsize, char *frm, dig_query_t *query);
 
 void
 trying(int frmsize, char *frm, dig_lookup_t *lookup);

bin/dig/nslookup.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.82 2001/03/16 22:13:41 bwelling Exp $ */
+/* $Id: nslookup.c,v 1.69.2.5 2001/03/16 22:14:00 bwelling Exp $ */
 
 #include <config.h>
 
@@ -39,7 +39,6 @@ extern int h_errno;
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
-#include <dns/rdatastruct.h>
 #include <dns/rdatatype.h>
 #include <dns/byaddr.h>
 
@@ -61,6 +60,7 @@ extern int sendcount;
 extern int ndots;
 extern int tries;
 extern int lookup_counter;
+extern char fixeddomain[MXNAME];
 extern int exitcode;
 extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *global_task;
@@ -77,14 +77,12 @@ isc_boolean_t identify = ISC_FALSE,
 	comments = ISC_TRUE, section_question = ISC_TRUE,
 	section_answer = ISC_TRUE, section_authority = ISC_TRUE,
 	section_additional = ISC_TRUE, recurse = ISC_TRUE,
-	aaonly = ISC_FALSE;
+	defname = ISC_TRUE, aaonly = ISC_FALSE;
 isc_boolean_t busy = ISC_FALSE, in_use = ISC_FALSE;
 char defclass[MXRD] = "IN";
 char deftype[MXRD] = "A";
 isc_event_t *global_event = NULL;
 
-char domainopt[DNS_NAME_MAXTEXT];
-
 static const char *rcodetext[] = {
 	"NOERROR",
 	"FORMERR",
@@ -149,7 +147,6 @@ static const char *rtypetext[] = {
 	"rtype_40 = ",			/* 40 */
 	"optional = "};			/* 41 */
 
-#define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
 
 static void flush_lookup_list(void);
 static void getinput(isc_task_t *task, isc_event_t *event);
@@ -169,76 +166,32 @@ dighost_shutdown(void) {
 	isc_task_send(global_task, &event);
 }
 
-static void
-printsoa(dns_rdata_t *rdata) {
-	dns_rdata_soa_t soa;
-	isc_result_t result;
-	char namebuf[DNS_NAME_FORMATSIZE];
-
-	result = dns_rdata_tostruct(rdata, &soa, NULL);
-	check_result(result, "dns_rdata_tostruct");
-
-	dns_name_format(&soa.origin, namebuf, sizeof(namebuf));
-	printf("\torigin = %s\n", namebuf);
-	dns_name_format(&soa.mname, namebuf, sizeof(namebuf));
-	printf("\tmail addr = %s\n", namebuf);
-	printf("\tserial = %u\n", soa.serial);
-	printf("\trefresh = %u\n", soa.refresh);
-	printf("\tretry = %u\n", soa.retry);
-	printf("\texpire = %u\n", soa.expire);
-	printf("\tminimum = %u\n", soa.minimum);
-	dns_rdata_freestruct(&soa);
+void
+received(int bytes, int frmsize, char *frm, dig_query_t *query) {
+	UNUSED(bytes);
+	UNUSED(frmsize);
+	UNUSED(frm);
+	UNUSED(query);
 }
 
-static void
-printa(dns_rdata_t *rdata) {
-	isc_result_t result;
-	char text[sizeof("255.255.255.255")];
-	isc_buffer_t b;
+void
+trying(int frmsize, char *frm, dig_lookup_t *lookup) {
+	UNUSED(frmsize);
+	UNUSED(frm);
+	UNUSED(lookup);
 
-	isc_buffer_init(&b, text, sizeof(text));
-	result = dns_rdata_totext(rdata, NULL, &b);
-	check_result(result, "dns_rdata_totext");
-	printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b),
-	       (char *)isc_buffer_base(&b));
-}
-
-static void
-printrdata(dns_rdata_t *rdata) {
-	isc_result_t result;
-	isc_buffer_t *b = NULL;
-	unsigned int size = 1024;
-	isc_boolean_t done = ISC_FALSE;
-
-	if (rdata->type < N_KNOWN_RRTYPES)
-		printf("%s", rtypetext[rdata->type]);
-	else
-		printf("rdata_%d = ", rdata->type);
-
-	while (!done) {
-		result = isc_buffer_allocate(mctx, &b, size);
-		if (result != ISC_R_SUCCESS)
-			check_result(result, "isc_buffer_allocate");
-		result = dns_rdata_totext(rdata, NULL, b);
-		if (result == ISC_R_SUCCESS) {
-			printf("%.*s\n", (int)isc_buffer_usedlength(b),
-			       (char *)isc_buffer_base(b));
-			done = ISC_TRUE;
-		} else if (result != ISC_R_NOSPACE)
-			check_result(result, "dns_rdata_totext");
-		isc_buffer_free(&b);
-		size *= 2;
-	}
 }
 
 static isc_result_t
 printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
+	isc_buffer_t *b = NULL;
 	dns_name_t *name;
 	dns_rdataset_t *rdataset = NULL;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
-	char namebuf[DNS_NAME_FORMATSIZE];
+	char *ptr;
+	char *input;
 
 	UNUSED(query);
 	UNUSED(headers);
@@ -250,6 +203,8 @@ printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 		return (ISC_R_SUCCESS);
 	else if (result != ISC_R_SUCCESS)
 		return (result);
+	result = isc_buffer_allocate(mctx, &b, MXNAME);
+	check_result(result, "isc_buffer_allocate");
 	for (;;) {
 		name = NULL;
 		dns_message_currentname(msg, section,
@@ -264,24 +219,105 @@ printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 				case dns_rdatatype_a:
 					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
-					dns_name_format(name, namebuf,
-							sizeof(namebuf));
-					printf("Name:\t%s\n", namebuf);
-					printa(&rdata);
+					isc_buffer_clear(b);
+					result = dns_name_totext(name,
+							ISC_TRUE,
+							b);
+					check_result(result,
+						     "dns_name_totext");
+					printf("Name:\t%.*s\n",
+					       (int)isc_buffer_usedlength(b),
+					       (char*)isc_buffer_base(b));
+					isc_buffer_clear(b);
+					result = dns_rdata_totext(&rdata,
+								  NULL,
+								  b);
+					check_result(result,
+						     "dns_rdata_totext");
+					printf("Address: %.*s\n",
+					       (int)isc_buffer_usedlength(b),
+					       (char*)isc_buffer_base(b));
 					break;
 				case dns_rdatatype_soa:
-					dns_name_format(name, namebuf,
-							sizeof(namebuf));
-					printf("%s\n", namebuf);
-					printsoa(&rdata);
+					isc_buffer_clear(b);
+					result = dns_name_totext(name,
+							ISC_TRUE,
+							b);
+					check_result(result,
+						     "dns_name_totext");
+					printf("%.*s\n",
+					       (int)isc_buffer_usedlength(b),
+					       (char*)isc_buffer_base(b));
+					isc_buffer_clear(b);
+					result = dns_rdata_totext(&rdata,
+								  NULL,
+								  b);
+					check_result(result,
+						     "dns_rdata_totext");
+					((char *)isc_buffer_used(b))[0]=0;
+					input = isc_buffer_base(b);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\torigin = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tmail addr = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tserial = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\trefresh = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tretry = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\texpire = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tminimum = %s\n",
+					       ptr);
 					break;
 				default:
 				def_short_section:
-					dns_name_format(name, namebuf,
-							sizeof(namebuf));
-					printf("%s\t", namebuf);
-					printrdata(&rdata);
-					break;
+					isc_buffer_clear(b);
+					result = dns_name_totext(name,
+							ISC_TRUE,
+							b);
+					check_result(result,
+						     "dns_name_totext");
+					if (rdata.type <= 41)
+						printf("%.*s\t%s",
+						(int)isc_buffer_usedlength(b),
+						(char*)isc_buffer_base(b),
+						rtypetext[rdata.type]);
+					else
+						printf("%.*s\trdata_%d = ",
+						(int)isc_buffer_usedlength(b),
+						(char*)isc_buffer_base(b),
+						 rdata.type);
+					isc_buffer_clear(b);
+					result = dns_rdata_totext(&rdata,
+								  NULL, b);
+					check_result(result,
+						     "dns_rdata_totext");
+					printf("%.*s\n",
+					       (int)isc_buffer_usedlength(b),
+					       (char*)isc_buffer_base(b));
 				}
 				dns_rdata_reset(&rdata);
 				loopresult = dns_rdataset_next(rdataset);
@@ -291,9 +327,11 @@ printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 		if (result == ISC_R_NOMORE)
 			break;
 		else if (result != ISC_R_SUCCESS) {
+			isc_buffer_free (&b);
 			return (result);
 		}
 	}
+	isc_buffer_free(&b);
 	return (ISC_R_SUCCESS);
 }
 
@@ -301,10 +339,13 @@ static isc_result_t
 detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	     dns_section_t section) {
 	isc_result_t result, loopresult;
+	isc_buffer_t *b = NULL;
 	dns_name_t *name;
 	dns_rdataset_t *rdataset = NULL;
 	dns_rdata_t rdata = DNS_RDATA_INIT;
-	char namebuf[DNS_NAME_FORMATSIZE];
+	char namestore[DNS_NAME_MAXTEXT + 1]; /* Leave room for the NULL */
+	char *ptr;
+	char *input;
 
 	UNUSED(query);
 
@@ -332,6 +373,8 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 		return (ISC_R_SUCCESS);
 	else if (result != ISC_R_SUCCESS)
 		return (result);
+	result = isc_buffer_allocate(mctx, &b, MXNAME);
+	check_result(result, "isc_buffer_allocate");
 	for (;;) {
 		name = NULL;
 		dns_message_currentname(msg, section,
@@ -340,33 +383,92 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 		     rdataset != NULL;
 		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
 			if (section == DNS_SECTION_QUESTION) {
-				dns_name_format(name, namebuf,
-						sizeof(namebuf));
-				printf("\t%s, ", namebuf);
+				dns_name_format(name, namestore,
+						sizeof(namestore));
+				printf("\t%s, ", namestore);
 				dns_rdatatype_format(rdataset->type,
-						     namebuf,
-						     sizeof(namebuf));
-				printf("type = %s, ", namebuf);
+						     namestore,
+						     sizeof(namestore));
+				printf("type = %s, ", namestore);
 				dns_rdataclass_format(rdataset->rdclass,
-						      namebuf,
-						      sizeof(namebuf));
-				printf("class = %s\n", namebuf);
+						      namestore,
+						      sizeof(namestore));
+				printf("class = %s\n", namestore);
 			}
 			loopresult = dns_rdataset_first(rdataset);
 			while (loopresult == ISC_R_SUCCESS) {
 				dns_rdataset_current(rdataset, &rdata);
-
-				dns_name_format(name, namebuf,
-						sizeof(namebuf));
-				printf("    ->  %s\n", namebuf);
-
+				isc_buffer_clear(b);
+				result = dns_name_totext(name,
+							 ISC_TRUE,
+							 b);
+				check_result(result,
+					     "dns_name_totext");
+				printf("    ->  %.*s\n",
+				       (int)isc_buffer_usedlength(b),
+				       (char*)isc_buffer_base(b));
 				switch (rdata.type) {
 				case dns_rdatatype_soa:
-					printsoa(&rdata);
+					isc_buffer_clear(b);
+					result = dns_rdata_totext(&rdata,
+								  NULL,
+								  b);
+					check_result(result,
+						     "dns_rdata_totext");
+					((char *)isc_buffer_used(b))[0]=0;
+					input = isc_buffer_base(b);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\torigin = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tmail addr = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tserial = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\trefresh = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tretry = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\texpire = %s\n",
+					       ptr);
+					ptr = next_token(&input, " \t\r\n");
+					if (ptr == NULL)
+						break;
+					printf("\tminimum = %s\n",
+					       ptr);
 					break;
 				default:
-					printf("\t");
-					printrdata(&rdata);
+					isc_buffer_clear(b);
+					if (rdata.type <= 41)
+						printf("\t%s",
+						rtypetext[rdata.type]);
+					else
+						printf("\trdata_%d = ",
+						 rdata.type);
+					isc_buffer_clear(b);
+					result = dns_rdata_totext(&rdata,
+								  NULL, b);
+					check_result(result,
+						     "dns_rdata_totext");
+					printf("%.*s\n",
+					       (int)isc_buffer_usedlength(b),
+					       (char*)isc_buffer_base(b));
 				}
 				dns_rdata_reset(&rdata);
 				loopresult = dns_rdataset_next(rdataset);
@@ -376,42 +478,47 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 		if (result == ISC_R_NOMORE)
 			break;
 		else if (result != ISC_R_SUCCESS) {
+			isc_buffer_free (&b);
 			return (result);
 		}
 	}
+	isc_buffer_free(&b);
 	return (ISC_R_SUCCESS);
 }
 
-void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
-{
-	UNUSED(bytes);
-	UNUSED(from);
-	UNUSED(query);
-}
-
-void
-trying(int frmsize, char *frm, dig_lookup_t *lookup) {
-	UNUSED(frmsize);
-	UNUSED(frm);
-	UNUSED(lookup);
-
-}
-
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
-	char servtext[ISC_SOCKADDR_FORMATSIZE];	
+	isc_buffer_t *b = NULL;
+	isc_region_t r;
+	isc_result_t result;
 
 	debug("printmessage()");
-
-	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
+	debug("continuing on with rcode != 0");
+	result = isc_buffer_allocate(mctx, &b, MXNAME);
+	check_result(result, "isc_buffer_allocate");
 	printf("Server:\t\t%s\n", query->servname);
-	printf("Address:\t%s\n", servtext);
-	
+	result = isc_sockaddr_totext(&query->sockaddr, b);
+	check_result(result, "isc_sockaddr_totext");
+	printf("Address:\t%.*s\n", (int)isc_buffer_usedlength(b),
+	       (char*)isc_buffer_base(b));
+	isc_buffer_free(&b);
 	puts("");
 
-	if (!short_form) {
-		isc_boolean_t headers = ISC_TRUE;
+	if (msg->rcode != 0) {
+		result = isc_buffer_allocate(mctx, &b, MXNAME);
+		check_result(result, "isc_buffer_allocate");
+		result = dns_name_totext(query->lookup->name, ISC_FALSE,
+					 b);
+		check_result(result, "dns_name_totext");
+		isc_buffer_usedregion(b, &r);
+		printf("** server can't find %.*s: %s\n",
+		       (int)r.length, (char*)r.base,
+		       rcodetext[msg->rcode]);
+		isc_buffer_free(&b);
+		debug("returning with rcode == 0");
+		return (ISC_R_SUCCESS);
+	}
+	if (!short_form){
 		puts("------------");
 		/*		detailheader(query, msg);*/
 		detailsection(query, msg, headers, DNS_SECTION_QUESTION);
@@ -421,16 +528,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		puts("------------");
 	}
 
-	if (msg->rcode != 0) {
-		char nametext[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name,
-				nametext, sizeof(nametext));
-		printf("** server can't find %s: %s\n", nametext,
-		       rcodetext[msg->rcode]);
-		debug("returning with rcode == 0");
-		return (ISC_R_SUCCESS);
-	}
-
 	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0)
 		puts("Non-authoritative answer:");
 	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
@@ -476,26 +573,25 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	}
 	if (serv_only)
 		return;
-	printf("\nSet options:\n");
-	printf("  %s\t\t\t%s\t\t%s\n",
-	       tcpmode ? "vc" : "novc",
-	       short_form ? "nodebug" : "debug",
-	       debugging ? "d2" : "nod2");
-	printf("  %s\t\t%s\n",
-	       usesearch ? "search" : "nosearch",
-	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %d\t\tretry = %d\tport = %d\n",
-	       timeout, tries, port);
-	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
-	printf("  srchlist = ");
-	for (listent = ISC_LIST_HEAD(search_list);
-	     listent != NULL;
-	     listent = ISC_LIST_NEXT(listent, link)) {
-		     printf("%s", listent->origin);
-		     if (ISC_LIST_NEXT(listent, link) != NULL)
-			     printf("/");
-	}
-	printf("\n");
+	printf("\n\tSet options:\n");
+	printf("\t  %s\t\t\t%s\t\t%s\n",
+		tcpmode?"vc":"novc", short_form?"nodebug":"debug",
+		debugging?"d2":"nod2");
+	printf("\t  %s\t\t%s\t%s\n",
+		defname?"defname":"nodefname",
+		usesearch?"search  ":"nosearch",
+		recurse?"recurse":"norecurse");
+	printf("\t  timeout = %d\t\tretry = %d\tport = %d\n",
+		timeout, tries, port);
+	printf("\t  querytype = %-8s\tclass = %s\n", deftype, defclass);
+	if (fixeddomain[0] != 0)
+		printf("\t  domain = %s\n", fixeddomain);
+	else if (!ISC_LIST_EMPTY(search_list)) {
+		listent = ISC_LIST_HEAD(search_list);
+		printf("\t  domain = %s\n", listent->origin);
+	} else
+		printf("\t  domain =\n");
+
 }
 
 static isc_boolean_t
@@ -535,7 +631,7 @@ testclass(char *typetext) {
 static void
 safecpy(char *dest, char *src, int size) {
 	strncpy(dest, src, size);
-	dest[size-1] = 0;
+	dest[size-1]=0;
 }
 	
 
@@ -545,32 +641,30 @@ setoption(char *opt) {
 		show_settings(ISC_TRUE, ISC_FALSE);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
 		if (testclass(&opt[6]))
-			safecpy(defclass, &opt[6], sizeof(defclass));
+			safecpy(defclass, &opt[6], MXRD);
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
 		if (testclass(&opt[3]))
-			safecpy(defclass, &opt[3], sizeof(defclass));
+			safecpy(defclass, &opt[3], MXRD);
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5]))
-			safecpy(deftype, &opt[5], sizeof(deftype));
+			safecpy(deftype, &opt[5], MXRD);
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
 		if (testtype(&opt[3]))
-			safecpy(deftype, &opt[3], sizeof(deftype));
+			safecpy(deftype, &opt[3], MXRD);
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
 		if (testtype(&opt[10]))
-			safecpy(deftype, &opt[10], sizeof(deftype));
+			safecpy(deftype, &opt[10], MXRD);
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
 		if (testtype(&opt[6]))
-			safecpy(deftype, &opt[6], sizeof(deftype));
+			safecpy(deftype, &opt[6], MXRD);
 	} else if (strncasecmp(opt, "qu=", 3) == 0) {
 		if (testtype(&opt[3]))
-			safecpy(deftype, &opt[3], sizeof(deftype));
+			safecpy(deftype, &opt[3], MXRD);
 	} else if (strncasecmp(opt, "domain=", 7) == 0) {
-		safecpy(domainopt, &opt[7], sizeof(domainopt));
-		set_search_domain(domainopt);
+		safecpy(fixeddomain, &opt[7], MXNAME);
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "do=", 3) == 0) {
-		safecpy(domainopt, &opt[3], sizeof(domainopt));
-		set_search_domain(domainopt);
+		safecpy(fixeddomain, &opt[3], MXNAME);
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "port=", 5) == 0) {
 		port = atoi(&opt[5]);
@@ -589,9 +683,9 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
 		tries = atoi(&opt[4]);
  	} else if (strncasecmp(opt, "def", 3) == 0) {
-		usesearch = ISC_TRUE;
+		defname = ISC_TRUE;
 	} else if (strncasecmp(opt, "nodef", 5) == 0) {
-		usesearch = ISC_FALSE;
+		defname = ISC_FALSE;
  	} else if (strncasecmp(opt, "vc", 3) == 0) {
 		tcpmode = ISC_TRUE;
 	} else if (strncasecmp(opt, "novc", 5) == 0) {
@@ -697,14 +791,14 @@ static void
 setsrv(char *opt) {
 	dig_server_t *srv;
 
-	if (opt == NULL)
+	if (opt == NULL) {
 		return;
-
+	}
 	flush_server_list();
-	srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
+	srv=isc_mem_allocate(mctx, sizeof(struct dig_server));
 	if (srv == NULL)
-		fatal("memory allocation failure");
-	safecpy(srv->servername, opt, sizeof(srv->servername));
+		fatal("Memory allocation failure.");
+	safecpy(srv->servername, opt, MXNAME-1);
 	ISC_LIST_INITANDAPPEND(server_list, srv, link);
 }
 
@@ -716,7 +810,7 @@ get_next_command(void) {
 
 	buf = isc_mem_allocate(mctx, COMMSIZE);
 	if (buf == NULL)
-		fatal("memory allocation failure");
+		fatal("Memory allocation failure.");
 	fputs("> ", stderr);
 	isc_app_block();
 	ptr = fgets(buf, COMMSIZE, stdin);
@@ -868,8 +962,7 @@ main(int argc, char **argv) {
 "the `-sil[ent]' option to prevent this message from appearing.\n", stderr);
 	}
 	setup_system();
-	if (domainopt[0] != '\0')
-		set_search_domain(domainopt);
+
 	if (in_use)
 		result = isc_app_onrun(mctx, global_task, onrun_callback,
 				       NULL);

bin/dnssec/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.18 2001/03/30 22:50:20 bwelling Exp $
+# $Id: Makefile.in,v 1.13.2.1 2001/01/09 22:31:28 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -50,48 +50,28 @@ SRCS =		dnssec-keygen.c dnssec-makekeyset.c \
 		dnssec-signkey.c dnssec-signzone.c \
 		dnssectool.c
 
-MANPAGES =	dnssec-keygen.8 \
-		dnssec-makekeyset.8 \
-		dnssec-signkey.8 \
-		dnssec-signzone.8
-
-HTMLPAGES =	dnssec-keygen.html \
-		dnssec-makekeyset.html \
-		dnssec-signkey.html \
-		dnssec-signzone.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
 dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
 dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
 
 dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
 
 dnssec-signzone.@O@: dnssec-signzone.c
-	${LIBTOOL} ${PURIFY} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" -c $<
+	${LIBTOOL} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" -c $<
 
 dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: ${TARGETS} installdirs
-	for t in ${TARGETS}; do ${LIBTOOL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8; done
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
 
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+
+install:: ${TARGETS} installdirs
+	for t in ${TARGETS}; do ${LIBTOOL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done

bin/dnssec/dnssec-keygen.8

@@ -1,165 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "DNSSEC-KEYGEN" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-keygen \- DNSSEC key generation tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ]  [ \fB-e\fR ]  [ \fB-g \fIgenerator\fB\fR ]  [ \fB-h\fR ]  [ \fB-p \fIprotocol\fB\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-s \fIstrength\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBname\fR
-.SH "DESCRIPTION"
-.PP
-\fBdnssec-keygen\fR generates keys for DNSSEC
-(Secure DNS), as defined in RFC 2535. It can also generate
-keys for use with TSIG (Transaction Signatures), as
-defined in RFC 2845.
-.SH "OPTIONS"
-.TP
-\fB-a \fIalgorithm\fB\fR
-Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR must be one of RSAMD5 or RSA,
-DSA, DH (Diffie Hellman), or HMAC-MD5. These values
-are case insensitive.
-
-Note that for DNSSEC, DSA is a mandatory to implement algorithm,
-and RSA is recommended. For TSIG, HMAC-MD5 is mandatory.
-.TP
-\fB-b \fIkeysize\fB\fR
-Specifies the number of bits in the key. The choice of key
-size depends on the algorithm used. RSA keys must be between
-512 and 2048 bits. Diffie Hellman keys must be between
-128 and 4096 bits. DSA keys must be between 512 and 1024
-bits and an exact multiple of 64. HMAC-MD5 keys must be
-between 1 and 512 bits.
-.TP
-\fB-n \fInametype\fB\fR
-Specifies the owner type of the key. The value of
-\fBnametype\fR must either be ZONE (for a DNSSEC
-zone key), HOST or ENTITY (for a key associated with a host),
-or USER (for a key associated with a user). These values are
-case insensitive.
-.TP
-\fB-c \fIclass\fB\fR
-Indicates that the DNS record containing the key should have
-the specified class. If not specified, class IN is used.
-.TP
-\fB-e\fR
-If generating an RSA key, use a large exponent.
-.TP
-\fB-g \fIgenerator\fB\fR
-If generating a Diffie Hellman key, use this generator.
-Allowed values are 2 and 5. If no generator
-is specified, a known prime from RFC 2539 will be used
-if possible; otherwise the default is 2.
-.TP
-\fB-h\fR
-Prints a short summary of the options and arguments to
-\fBdnssec-keygen\fR.
-.TP
-\fB-p \fIprotocol\fB\fR
-Sets the protocol value for the generated key. The protocol
-is a number between 0 and 255. The default is 2 (email) for
-keys of type USER and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in
-RFC 2535 and its successors.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-s \fIstrength\fB\fR
-Specifies the strength value of the key. The strength is
-a number between 0 and 15, and currently has no defined
-purpose in DNSSEC.
-.TP
-\fB-t \fItype\fB\fR
-Indicates the use of the key. \fBtype\fR must be
-one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
-is AUTHCONF. AUTH refers to the ability to authenticate
-data, and CONF the ability to encrypt data.
-.TP
-\fB-v \fIlevel\fB\fR
-Sets the debugging level.
-.SH "GENERATED KEYS"
-.PP
-When \fBdnssec-keygen\fR completes successfully,
-it prints a string of the form \fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for
-the key it has generated. These strings can be used as arguments
-to \fBdnssec-makekeyset\fR.
-.TP 0.2i
-\(bu
-\fInnnn\fR is the key name.
-.TP 0.2i
-\(bu
-\fIaaa\fR is the numeric representation of the
-algorithm.
-.TP 0.2i
-\(bu
-\fIiiiii\fR is the key identifier (or footprint).
-.PP
-\fBdnssec-keygen\fR creates two file, with names based
-on the printed string. \fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR contains the private
-key.
-.PP
-.PP
-The \fI.key\fR file contains a DNS KEY record that
-can be inserted into a zone file (directly or with a $INCLUDE
-statement).
-.PP
-.PP
-The \fI.private\fR file contains algorithm specific
-fields. For obvious security reasons, this file does not have
-general read permission.
-.PP
-.PP
-Both \fI.key\fR and \fI.private\fR
-files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
-.PP
-.SH "EXAMPLE"
-.PP
-To generate a 768-bit DSA key for the domain
-\fBexample.com\fR, the following command would be
-issued:
-.PP
-\fBdnssec-keygen -a DSA -b 768 -n ZONE example.com\fR
-.PP
-The command would print a string of the form:
-.PP
-\fBKexample.com.+003+26160\fR
-.PP
-In this example, \fBdnssec-keygen\fR creates
-the files \fIKexample.com.+003+26160.key\fR and
-\fIKexample.com.+003+26160.private\fR
-.SH "SEE ALSO"
-.PP
-\fBdnssec-makekeyset\fR(8),
-\fBdnssec-signkey\fR(8),
-\fBdnssec-signzone\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR,
-\fIRFC 2845\fR,
-\fIRFC 2539\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/dnssec/dnssec-keygen.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.47 2001/02/15 23:26:29 bwelling Exp $ */
+/* $Id: dnssec-keygen.c,v 1.45.2.1 2001/01/09 22:31:29 bwelling Exp $ */
 
 #include <config.h>
 
@@ -56,34 +56,31 @@ dsa_size_ok(int size) {
 
 static void
 usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
-		program);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5"
-		"\n");
-	fprintf(stderr, "    -b key size, in bits:\n");
-	fprintf(stderr, "        RSA:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "        DH:\t\t[128..4096]\n");
-	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
-	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -c class (default: IN)\n");
-	fprintf(stderr, "    -e use large exponent (RSA only)\n");
-	fprintf(stderr, "    -g use specified generator (DH only)\n");
-	fprintf(stderr, "    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+	printf("Usage:\n");
+	printf("    %s -a alg -b bits -n type [options] name\n\n", program);
+	printf("Required options:\n");
+	printf("    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
+	printf("    -b key size, in bits:\n");
+	printf("        RSA:\t\t[512..%d]\n", MAX_RSA);
+	printf("        DH:\t\t[128..4096]\n");
+	printf("        DSA:\t\t[512..1024] and divisible by 64\n");
+	printf("        HMAC-MD5:\t[1..512]\n");
+	printf("    -n nametype: ZONE | HOST | ENTITY | USER\n");
+	printf("    name: owner of the key\n");
+	printf("Other options:\n");
+	printf("    -c class (default: IN)\n");
+	printf("    -e use large exponent (RSA only)\n");
+	printf("    -g use specified generator (DH only)\n");
+	printf("    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
 	       "(default: AUTHCONF)\n");
-	fprintf(stderr, "    -p protocol value "
+	printf("    -p protocol value "
 	       "(default: 2 [email] for USER, 3 [dnssec] otherwise)\n");
-	fprintf(stderr, "    -s strength value this key signs DNS records "
-		"with (default: 0)\n");
-	fprintf(stderr, "    -r randomdev (a file containing random data)\n");
-	fprintf(stderr, "    -v verbose level\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-		"K<name>+<alg>+<id>.private\n");
+	printf("    -s strength value this key signs DNS records with "
+	       "(default: 0)\n");
+	printf("    -r randomdev (a file containing random data)\n");
+	printf("    -v verbose level\n");
+	printf("Output:\n");
+	printf("     K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private\n");
 
 	exit (-1);
 }

bin/dnssec/dnssec-keygen.docbook

@@ -1,309 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keygen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keygen</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keygen</command>
-      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
-      <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
-      <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-e</option></arg>
-      <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>dnssec-keygen</command> generates keys for DNSSEC
-	(Secure DNS), as defined in RFC 2535.  It can also generate
-	keys for use with TSIG (Transaction Signatures), as
-	defined in RFC 2845.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-	      Selects the cryptographic algorithm.  The value of
-	      <option>algorithm</option> must be one of RSAMD5 or RSA,
-	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
-	      are case insensitive.
-	  </para>
-	  <para>
-	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
-	      and RSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-b <replaceable class="parameter">keysize</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the number of bits in the key.  The choice of key
-	       size depends on the algorithm used.  RSA keys must be between
-	       512 and 2048 bits.  Diffie Hellman keys must be between
-	       128 and 4096 bits.  DSA keys must be between 512 and 1024
-	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
-	       between 1 and 512 bits.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the owner type of the key.  The value of
-	       <option>nametype</option> must either be ZONE (for a DNSSEC
-	       zone key), HOST or ENTITY (for a key associated with a host),
-	       or USER (for a key associated with a user).  These values are
-	       case insensitive.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	       Indicates that the DNS record containing the key should have
-	       the specified class.  If not specified, class IN is used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e</term>
-	<listitem>
-	  <para>
-	       If generating an RSA key, use a large exponent.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-g <replaceable class="parameter">generator</replaceable></term>
-	<listitem>
-	  <para>
-	       If generating a Diffie Hellman key, use this generator.
-	       Allowed values are 2 and 5.  If no generator
-	       is specified, a known prime from RFC 2539 will be used
-	       if possible; otherwise the default is 2.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-	<listitem>
-	  <para>
-	       Prints a short summary of the options and arguments to
-	       <command>dnssec-keygen</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the protocol value for the generated key.  The protocol
-	       is a number between 0 and 255.  The default is 2 (email) for
-	       keys of type USER and 3 (DNSSEC) for all other key types.
-	       Other possible values for this argument are listed in
-	       RFC 2535 and its successors.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the source of randomness.  If the operating
-	       system does not provide a <filename>/dev/random</filename>
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <filename>randomdev</filename> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <filename>keyboard</filename> indicates that keyboard
-	       input should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">strength</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the strength value of the key.  The strength is
-	       a number between 0 and 15, and currently has no defined
-	       purpose in DNSSEC.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	       Indicates the use of the key.  <option>type</option> must be
-	       one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-	       is AUTHCONF.  AUTH refers to the ability to authenticate
-	       data, and CONF the ability to encrypt data.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEYS</title>
-    <para>
-        When <command>dnssec-keygen</command> completes successfully,
-	it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-	to the standard output.  This is an identification string for
-	the key it has generated.  These strings can be used as arguments
-	to <command>dnssec-makekeyset</command>.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para>
-          <filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          <filename>aaa</filename> is the numeric representation of the
-          algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para>
-          <filename>iiiii</filename> is the key identifier (or footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para>
-        <command>dnssec-keygen</command> creates two file, with names based
-	on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-	contains the public key, and
-	<filename>Knnnn.+aaa+iiiii.private</filename> contains the private
-	key.
-    </para>
-    <para>
-        The <filename>.key</filename> file contains a DNS KEY record that
-	can be inserted into a zone file (directly or with a $INCLUDE
-	statement).
-    </para>
-    <para>
-        The <filename>.private</filename> file contains algorithm specific
-	fields.  For obvious security reasons, this file does not have
-	general read permission.
-    </para>
-    <para>
-        Both <filename>.key</filename> and <filename>.private</filename>
-	files are generated for symmetric encryption algorithm such as
-	HMAC-MD5, even though the public and private key are equivalent.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-        To generate a 768-bit DSA key for the domain
-	<userinput>example.com</userinput>, the following command would be
-	issued:
-    </para>
-    <para>
-        <userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
-    </para>
-    <para>
-        The command would print a string of the form:
-    </para>
-    <para>
-        <userinput>Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-        In this example, <command>dnssec-keygen</command> creates
-	the files <filename>Kexample.com.+003+26160.key</filename> and
-	<filename>Kexample.com.+003+26160.private</filename>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>dnssec-makekeyset</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signkey</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2535</citetitle>,
-      <citetitle>RFC 2845</citetitle>,
-      <citetitle>RFC 2539</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keygen.html

@@ -1,572 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->dnssec-keygen</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
->&nbsp;--&nbsp;DNSSEC key generation tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-keygen</B
->  {-a <TT
-CLASS="REPLACEABLE"
-><I
->algorithm</I
-></TT
->} {-b <TT
-CLASS="REPLACEABLE"
-><I
->keysize</I
-></TT
->} {-n <TT
-CLASS="REPLACEABLE"
-><I
->nametype</I
-></TT
->} [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e</TT
->] [<TT
-CLASS="OPTION"
->-g <TT
-CLASS="REPLACEABLE"
-><I
->generator</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p <TT
-CLASS="REPLACEABLE"
-><I
->protocol</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->strength</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->type</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {name}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> generates keys for DNSSEC
-	(Secure DNS), as defined in RFC 2535.  It can also generate
-	keys for use with TSIG (Transaction Signatures), as
-	defined in RFC 2845.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN52"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a <TT
-CLASS="REPLACEABLE"
-><I
->algorithm</I
-></TT
-></DT
-><DD
-><P
->	      Selects the cryptographic algorithm.  The value of
-	      <TT
-CLASS="OPTION"
->algorithm</TT
-> must be one of RSAMD5 or RSA,
-	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
-	      are case insensitive.
-	  </P
-><P
->	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
-	      and RSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </P
-></DD
-><DT
->-b <TT
-CLASS="REPLACEABLE"
-><I
->keysize</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the number of bits in the key.  The choice of key
-	       size depends on the algorithm used.  RSA keys must be between
-	       512 and 2048 bits.  Diffie Hellman keys must be between
-	       128 and 4096 bits.  DSA keys must be between 512 and 1024
-	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
-	       between 1 and 512 bits.
-	  </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->nametype</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the owner type of the key.  The value of
-	       <TT
-CLASS="OPTION"
->nametype</TT
-> must either be ZONE (for a DNSSEC
-	       zone key), HOST or ENTITY (for a key associated with a host),
-	       or USER (for a key associated with a user).  These values are
-	       case insensitive.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Indicates that the DNS record containing the key should have
-	       the specified class.  If not specified, class IN is used.
-	  </P
-></DD
-><DT
->-e</DT
-><DD
-><P
->	       If generating an RSA key, use a large exponent.
-	  </P
-></DD
-><DT
->-g <TT
-CLASS="REPLACEABLE"
-><I
->generator</I
-></TT
-></DT
-><DD
-><P
->	       If generating a Diffie Hellman key, use this generator.
-	       Allowed values are 2 and 5.  If no generator
-	       is specified, a known prime from RFC 2539 will be used
-	       if possible; otherwise the default is 2.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.
-	  </P
-></DD
-><DT
->-p <TT
-CLASS="REPLACEABLE"
-><I
->protocol</I
-></TT
-></DT
-><DD
-><P
->	       Sets the protocol value for the generated key.  The protocol
-	       is a number between 0 and 255.  The default is 2 (email) for
-	       keys of type USER and 3 (DNSSEC) for all other key types.
-	       Other possible values for this argument are listed in
-	       RFC 2535 and its successors.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
-	       input should be used.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->strength</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the strength value of the key.  The strength is
-	       a number between 0 and 15, and currently has no defined
-	       purpose in DNSSEC.
-	  </P
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->type</I
-></TT
-></DT
-><DD
-><P
->	       Indicates the use of the key.  <TT
-CLASS="OPTION"
->type</TT
-> must be
-	       one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-	       is AUTHCONF.  AUTH refers to the ability to authenticate
-	       data, and CONF the ability to encrypt data.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN121"
-></A
-><H2
->GENERATED KEYS</H2
-><P
->        When <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> completes successfully,
-	it prints a string of the form <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii</TT
->
-	to the standard output.  This is an identification string for
-	the key it has generated.  These strings can be used as arguments
-	to <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.
-    </P
-><P
-></P
-><UL
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->nnnn</TT
-> is the key name.
-        </P
-></LI
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->aaa</TT
-> is the numeric representation of the
-          algorithm.
-        </P
-></LI
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->iiiii</TT
-> is the key identifier (or footprint).
-        </P
-></LI
-></UL
-><P
->        <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates two file, with names based
-	on the printed string.  <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.key</TT
->
-	contains the public key, and
-	<TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.private</TT
-> contains the private
-	key.
-    </P
-><P
->        The <TT
-CLASS="FILENAME"
->.key</TT
-> file contains a DNS KEY record that
-	can be inserted into a zone file (directly or with a $INCLUDE
-	statement).
-    </P
-><P
->        The <TT
-CLASS="FILENAME"
->.private</TT
-> file contains algorithm specific
-	fields.  For obvious security reasons, this file does not have
-	general read permission.
-    </P
-><P
->        Both <TT
-CLASS="FILENAME"
->.key</TT
-> and <TT
-CLASS="FILENAME"
->.private</TT
->
-	files are generated for symmetric encryption algorithm such as
-	HMAC-MD5, even though the public and private key are equivalent.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN148"
-></A
-><H2
->EXAMPLE</H2
-><P
->        To generate a 768-bit DSA key for the domain
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->, the following command would be
-	issued:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-keygen -a DSA -b 768 -n ZONE example.com</B
-></TT
->
-    </P
-><P
->        The command would print a string of the form:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates
-	the files <TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.key</TT
-> and
-	<TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.private</TT
->
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN161"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signzone</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2845</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2539</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN177"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/dnssec/dnssec-makekeyset.8

@@ -1,110 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "DNSSEC-MAKEKEYSET" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-makekeyset \- DNSSEC zone signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-makekeyset\fR [ \fB-a\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-h\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-t\fIttl\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBkey\fR\fI...\fR
-.SH "DESCRIPTION"
-.PP
-\fBdnssec-makekeyset\fR generates a key set from one
-or more keys created by \fBdnssec-keygen\fR. It creates
-a file containing a KEY record for each key, and self-signs the key
-set with each zone key. The output file is of the form
-\fIkeyset-nnnn.\fR, where \fInnnn\fR
-is the zone name.
-.SH "OPTIONS"
-.TP
-\fB-a\fR
-Verify all generated signatures.
-.TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
-.TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time realtive to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
-.TP
-\fB-h\fR
-Prints a short summary of the options and arguments to
-\fBdnssec-makekeyset\fR.
-.TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-t \fIttl\fB\fR
-Specify the TTL (time to live) of the KEY and SIG records.
-The default is 3600 seconds.
-.TP
-\fB-v \fIlevel\fB\fR
-Sets the debugging level.
-.TP
-\fBkey\fR
-Lists the keys included in the keyset file. These keys
-are expressed in the form \fIKnnnn.+aaa+iiiii\fR
-as generated by \fBdnssec-keygen\fR.
-.SH "EXAMPLE"
-.PP
-The following command generates a keyset containing the DSA key for
-\fBexample.com\fR generated in the
-\fBdnssec-keygen\fR man page.
-.PP
-\fBdnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160\fR
-.PP
-In this example, \fBdnssec-makekeyset\fR creates
-the file \fIkeyset-example.com.\fR. This file
-contains the specified key and a self-generated signature.
-.PP
-The DNS administrator for \fBexample.com\fR could
-send \fIkeyset-example.com.\fR to the DNS
-administrator for \fB.com\fR for signing, if the
-\&.com zone is DNSSEC-aware and the administrators of the two zones
-have some mechanism for authenticating each other and exchanging
-the keys and signatures securely.
-.SH "SEE ALSO"
-.PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-signkey\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/dnssec/dnssec-makekeyset.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-makekeyset.c,v 1.51 2001/03/27 23:43:12 bwelling Exp $ */
+/* $Id: dnssec-makekeyset.c,v 1.45.4.2 2001/03/26 19:11:53 gson Exp $ */
 
 #include <config.h>
 
@@ -99,32 +99,6 @@ usage(void) {
 	exit(0);
 }
 
-static isc_boolean_t
-zonekey_on_list(dst_key_t *key) {
-	keynode_t *keynode;
-	for (keynode = ISC_LIST_HEAD(keylist);
-	     keynode != NULL;
-	     keynode = ISC_LIST_NEXT(keynode, link))
-	{
-		if (dst_key_compare(keynode->key, key))
-			return (ISC_TRUE);
-	}
-	return (ISC_FALSE);
-}
-
-static isc_boolean_t
-rdata_on_list(dns_rdata_t *rdata, dns_rdatalist_t *list) {
-	dns_rdata_t *trdata;
-	for (trdata = ISC_LIST_HEAD(list->rdata);
-	     trdata != NULL;
-	     trdata = ISC_LIST_NEXT(trdata, link))
-	{
-		if (dns_rdata_compare(trdata, rdata) == 0)
-			return (ISC_TRUE);
-	}
-	return (ISC_FALSE);
-}
-
 int
 main(int argc, char *argv[]) {
 	int i, ch;
@@ -246,6 +220,7 @@ main(int argc, char *argv[]) {
 
 	for (i = 0; i < argc; i++) {
 		char namestr[DNS_NAME_FORMATSIZE];
+		dns_fixedname_t fname;
 		isc_buffer_t namebuf;
 
 		key = NULL;
@@ -257,10 +232,14 @@ main(int argc, char *argv[]) {
 			rdatalist.rdclass = dst_key_class(key);
 
 		isc_buffer_init(&namebuf, namestr, sizeof namestr);
-		result = dns_name_tofilenametext(dst_key_name(key),
-						 ISC_FALSE,
-						 &namebuf);
-		check_result(result, "dns_name_tofilenametext");
+		dns_fixedname_init(&fname);
+		dns_name_downcase(dst_key_name(key),
+				  dns_fixedname_name(&fname),
+				  NULL);
+		result = dns_name_totext(dns_fixedname_name(&fname),
+					 ISC_FALSE,
+					 &namebuf);
+		check_result(result, "dns_name_totext");
 		isc_buffer_putuint8(&namebuf, 0);
 		
 		if (savedname == NULL) {
@@ -293,7 +272,13 @@ main(int argc, char *argv[]) {
 		if (domain == NULL) {
 			dns_fixedname_init(&fdomain);
 			domain = dns_fixedname_name(&fdomain);
-			dns_name_copy(dst_key_name(key), domain, NULL);
+			isc_buffer_init(&b, namestr, strlen(namestr));
+			isc_buffer_add(&b, strlen(namestr));
+			result = dns_name_fromtext(domain, &b, dns_rootname,
+						   ISC_FALSE, NULL);
+			if (result != ISC_R_SUCCESS)
+				fatal("%s is not a valid name: %s",
+				      namestr, isc_result_totext(result));
 		}
 		if (dst_key_iszonekey(key)) {
 			dst_key_t *zonekey = NULL;
@@ -303,15 +288,11 @@ main(int argc, char *argv[]) {
 			if (result != ISC_R_SUCCESS)
 				fatal("failed to read private key %s: %s",
 				      argv[i], isc_result_totext(result));
-			if (!zonekey_on_list(zonekey)) {
-				keynode = isc_mem_get(mctx,
-						      sizeof (keynode_t));
-				if (keynode == NULL)
-					fatal("out of memory");
-				keynode->key = zonekey;
-				ISC_LIST_INITANDAPPEND(keylist, keynode, link);
-			} else
-				dst_key_free(&zonekey);
+			keynode = isc_mem_get(mctx, sizeof (keynode_t));
+			if (keynode == NULL)
+				fatal("out of memory");
+			keynode->key = zonekey;
+			ISC_LIST_INITANDAPPEND(keylist, keynode, link);
 		}
 		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
 		if (rdata == NULL)
@@ -328,12 +309,7 @@ main(int argc, char *argv[]) {
 		isc_buffer_usedregion(&b, &r);
 		dns_rdata_fromregion(rdata, rdatalist.rdclass,
 				     dns_rdatatype_key, &r);
-		if (!rdata_on_list(rdata, &rdatalist))
-			ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
-		else {
-			isc_mem_put(mctx, data, BUFSIZE);
-			isc_mem_put(mctx, rdata, sizeof *rdata);
-		}
+		ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
 		dst_key_free(&key);
 	}
 
@@ -392,7 +368,7 @@ main(int argc, char *argv[]) {
 	}
 
 	db = NULL;
-	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
 			       rdataset.rdclass, 0, NULL, &db);
 	if (result != ISC_R_SUCCESS) {
 		char domainstr[DNS_NAME_FORMATSIZE];

bin/dnssec/dnssec-makekeyset.docbook

@@ -1,215 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-makekeyset</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-makekeyset</application></refname>
-    <refpurpose>DNSSEC zone signing tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-makekeyset</command>
-      <arg><option>-a</option></arg>
-      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-p</option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-t</option><replaceable class="parameter">ttl</replaceable></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req" rep="repeat">key</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>dnssec-makekeyset</command> generates a key set from one
-	or more keys created by <command>dnssec-keygen</command>.  It creates
-	a file containing a KEY record for each key, and self-signs the key
-	set with each zone key.  The output file is of the form
-	<filename>keyset-nnnn.</filename>, where <filename>nnnn</filename>
-	is the zone name.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a</term>
-	<listitem>
-	  <para>
-	      Verify all generated signatures.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">start-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <option>start-time</option> is specified, the current
-	       time is used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e <replaceable class="parameter">end-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       expire.  As with <option>start-time</option>, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <option>end-time</option> is
-	       specified, 30 days from the start time is used as a default.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-	<listitem>
-	  <para>
-	       Prints a short summary of the options and arguments to
-	       <command>dnssec-makekeyset</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p</term>
-	<listitem>
-	  <para>
-	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the source of randomness.  If the operating
-	       system does not provide a <filename>/dev/random</filename>
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <filename>randomdev</filename> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <filename>keyboard</filename> indicates that keyboard
-	       input should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">ttl</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the TTL (time to live) of the KEY and SIG records.
-	       The default is 3600 seconds.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>key</term>
-	<listitem>
-	  <para>
-	       Lists the keys included in the keyset file.  These keys
-	       are expressed in the form <filename>Knnnn.+aaa+iiiii</filename>
-	       as generated by <command>dnssec-keygen</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-        The following command generates a keyset containing the DSA key for
-	<userinput>example.com</userinput> generated in the
-	<command>dnssec-keygen</command> man page.
-    </para>
-    <para>
-        <userinput>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-        In this example, <command>dnssec-makekeyset</command> creates
-	the file <filename>keyset-example.com.</filename>.  This file
-	contains the specified key and a self-generated signature.
-    </para>
-    <para>
-        The DNS administrator for <userinput>example.com</userinput> could
-	send <filename>keyset-example.com.</filename> to the DNS
-	administrator for <userinput>.com</userinput> for signing, if the
-	.com zone is DNSSEC-aware and the administrators of the two zones
-	have some mechanism for authenticating each other and exchanging
-	the keys and signatures securely.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signkey</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2535</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-makekeyset.html

@@ -1,404 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->dnssec-makekeyset</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-makekeyset</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-makekeyset</SPAN
->&nbsp;--&nbsp;DNSSEC zone signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t</TT
-><TT
-CLASS="REPLACEABLE"
-><I
->ttl</I
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {key...}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN38"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> generates a key set from one
-	or more keys created by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.  It creates
-	a file containing a KEY record for each key, and self-signs the key
-	set with each zone key.  The output file is of the form
-	<TT
-CLASS="FILENAME"
->keyset-nnnn.</TT
->, where <TT
-CLASS="FILENAME"
->nnnn</TT
->
-	is the zone name.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN45"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
-	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
-	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
-	       input should be used.
-	  </P
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->ttl</I
-></TT
-></DT
-><DD
-><P
->	       Specify the TTL (time to live) of the KEY and SIG records.
-	       The default is 3600 seconds.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	       Lists the keys included in the keyset file.  These keys
-	       are expressed in the form <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii</TT
->
-	       as generated by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN98"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The following command generates a keyset containing the DSA key for
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> generated in the
-	<B
-CLASS="COMMAND"
->dnssec-keygen</B
-> man page.
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->keyset-example.com.</TT
->.  This file
-	contains the specified key and a self-generated signature.
-    </P
-><P
->        The DNS administrator for <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> could
-	send <TT
-CLASS="FILENAME"
->keyset-example.com.</TT
-> to the DNS
-	administrator for <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
-> for signing, if the
-	.com zone is DNSSEC-aware and the administrators of the two zones
-	have some mechanism for authenticating each other and exchanging
-	the keys and signatures securely.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN112"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN123"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/dnssec/dnssec-signkey.8

@@ -1,105 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "DNSSEC-SIGNKEY" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-signkey \- DNSSEC key set signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-signkey\fR [ \fB-a\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-h\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBkeyset\fR \fBkey\fR\fI...\fR
-.SH "DESCRIPTION"
-.PP
-\fBdnssec-signkey\fR signs a keyset. Typically
-the keyset will be for a child zone, and will have been generated
-by \fBdnssec-makekeyset\fR. The child zone's keyset
-is signed with the zone keys for its parent zone. The output file
-is of the form \fIsignedkey-nnnn.\fR, where
-\fInnnn\fR is the zone name.
-.SH "OPTIONS"
-.TP
-\fB-a\fR
-Verify all generated signatures.
-.TP
-\fB-c \fIclass\fB\fR
-Specifies the DNS class of the key sets.
-.TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
-.TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time realtive to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
-.TP
-\fB-h\fR
-Prints a short summary of the options and arguments to
-\fBdnssec-signkey\fR.
-.TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-v \fIlevel\fB\fR
-Sets the debugging level.
-.TP
-\fBkeyset\fR
-The file containing the child's keyset.
-.TP
-\fBkey\fR
-The keys used to sign the child's keyset.
-.SH "EXAMPLE"
-.PP
-The DNS administrator for a DNSSEC-aware \fB.com\fR
-zone would use the following command to sign the
-\fIkeyset\fR file for \fBexample.com\fR
-created by \fBdnssec-makekeyset\fR with a key generated
-by \fBdnssec-keygen\fR:
-.PP
-\fBdnssec-signkey keyset-example.com. Kcom.+003+51944\fR
-.PP
-In this example, \fBdnssec-signkey\fR creates
-the file \fIsignedkey-example.com.\fR, which
-contains the \fBexample.com\fR keys and the
-signatures by the \fB.com\fR keys.
-.SH "SEE ALSO"
-.PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-makekeyset\fR(8),
-\fBdnssec-signzone\fR(8).
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/dnssec/dnssec-signkey.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signkey.c,v 1.49 2001/03/27 22:57:41 bwelling Exp $ */
+/* $Id: dnssec-signkey.c,v 1.45.2.2 2001/03/26 19:11:55 gson Exp $ */
 
 #include <config.h>
 
@@ -30,7 +30,6 @@
 #include <isc/util.h>
 
 #include <dns/db.h>
-#include <dns/dbiterator.h>
 #include <dns/dnssec.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -38,7 +37,6 @@
 #include <dns/rdataclass.h>
 #include <dns/rdatalist.h>
 #include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
 #include <dns/rdatastruct.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
@@ -163,8 +161,6 @@ main(int argc, char *argv[]) {
 	dns_db_t *db;
 	dns_dbnode_t *node;
 	dns_dbversion_t *version;
-	dns_dbiterator_t *dbiter;
-	dns_rdatasetiter_t *rdsiter;
 	dst_key_t *key = NULL;
 	dns_rdata_t *rdata;
 	dns_rdata_t sigrdata = DNS_RDATA_INIT;
@@ -173,6 +169,7 @@ main(int argc, char *argv[]) {
 	dns_rdata_sig_t sig;
 	isc_result_t result;
 	isc_buffer_t b;
+	isc_region_t r;
 	isc_textregion_t tr;
 	isc_log_t *log = NULL;
 	keynode_t *keynode;
@@ -260,46 +257,19 @@ main(int argc, char *argv[]) {
 	if (strlen(argv[0]) < 8 || strncmp(argv[0], "keyset-", 7) != 0)
 		fatal("keyset file '%s' must start with keyset-", argv[0]);
 
-	db = NULL;
-	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
-			       rdclass, 0, NULL, &db);
-	check_result(result, "dns_db_create()");
-
-	result = dns_db_load(db, argv[0]);
-	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-		fatal("failed to load database from '%s': %s", argv[0],
-		      isc_result_totext(result));
-
 	dns_fixedname_init(&fdomain);
 	domain = dns_fixedname_name(&fdomain);
-
-	dbiter = NULL;
-	result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
-	check_result(result, "dns_db_createiterator()");
-
-	result = dns_dbiterator_first(dbiter);
-	check_result(result, "dns_dbiterator_first()");
-	while (result == ISC_R_SUCCESS) {
-		node = NULL;
-		dns_dbiterator_current(dbiter, &node, domain);
-		rdsiter = NULL;
-		result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
-		check_result(result, "dns_db_allrdatasets()");
-		result = dns_rdatasetiter_first(rdsiter);
-		dns_rdatasetiter_destroy(&rdsiter);
-		if (result == ISC_R_SUCCESS)
-			break;
-		dns_db_detachnode(db, &node);
-		result = dns_dbiterator_next(dbiter);
-	}
-	dns_dbiterator_destroy(&dbiter);
+	isc_buffer_init(&b, argv[0] + strlen("keyset-"),
+			strlen(argv[0]) - strlen("keyset-"));
+	isc_buffer_add(&b, strlen(argv[0]) - strlen("keyset-"));
+	result = dns_name_fromtext(domain, &b, dns_rootname, ISC_TRUE, NULL);
 	if (result != ISC_R_SUCCESS)
-		fatal("failed to find data in keyset file");
-
+		fatal("'%s' does not contain a valid domain name", argv[0]);
 	isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
-	result = dns_name_tofilenametext(domain, ISC_FALSE, &b);
-	check_result(result, "dns_name_tofilenametext()");
-	isc_buffer_putuint8(&b, 0);
+	result = dns_name_totext(domain, ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
+	isc_buffer_usedregion(&b, &r);
+	tdomain[r.length] = 0;
 
 	output = isc_mem_allocate(mctx,
 				  strlen("signedkey-") + strlen(tdomain) + 1);
@@ -308,9 +278,28 @@ main(int argc, char *argv[]) {
 	strcpy(output, "signedkey-");
 	strcat(output, tdomain);
 
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	check_result(result, "dns_db_create()");
+
+	result = dns_db_load(db, argv[0]);
+	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+		fatal("failed to load database from '%s': %s", argv[0],
+		      isc_result_totext(result));
+
 	version = NULL;
 	dns_db_newversion(db, &version);
 
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_FALSE, &node);
+	if (result != ISC_R_SUCCESS) {
+		char domainstr[DNS_NAME_FORMATSIZE];
+		dns_name_format(domain, domainstr, sizeof domainstr);
+		fatal("failed to find database node '%s': %s",
+		      domainstr, isc_result_totext(result));
+	}
+
 	dns_rdataset_init(&rdataset);
 	dns_rdataset_init(&sigrdataset);
 	result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,

bin/dnssec/dnssec-signkey.docbook

@@ -1,219 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-signkey</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-signkey</application></refname>
-    <refpurpose>DNSSEC key set signing tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-signkey</command>
-      <arg><option>-a</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-p</option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">keyset</arg>
-      <arg choice="req" rep="repeat">key</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>dnssec-signkey</command> signs a keyset.  Typically
-	the keyset will be for a child zone, and will have been generated
-	by <command>dnssec-makekeyset</command>.  The child zone's keyset
-	is signed with the zone keys for its parent zone.  The output file
-	is of the form <filename>signedkey-nnnn.</filename>, where
-	<filename>nnnn</filename> is the zone name.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a</term>
-	<listitem>
-	  <para>
-	      Verify all generated signatures.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the DNS class of the key sets.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">start-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <option>start-time</option> is specified, the current
-	       time is used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e <replaceable class="parameter">end-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       expire.  As with <option>start-time</option>, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <option>end-time</option> is
-	       specified, 30 days from the start time is used as a default.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-	<listitem>
-	  <para>
-	       Prints a short summary of the options and arguments to
-	       <command>dnssec-signkey</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p</term>
-	<listitem>
-	  <para>
-	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the source of randomness.  If the operating
-	       system does not provide a <filename>/dev/random</filename>
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <filename>randomdev</filename> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <filename>keyboard</filename> indicates that keyboard
-	       input should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>keyset</term>
-	  <listitem>
-	    <para>
-	        The file containing the child's keyset.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>key</term>
-	  <listitem>
-	    <para>
-	        The keys used to sign the child's keyset.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-        The DNS administrator for a DNSSEC-aware <userinput>.com</userinput>
-	zone would use the following command to sign the
-	<filename>keyset</filename> file for <userinput>example.com</userinput>
-	created by <command>dnssec-makekeyset</command> with a key generated
-	by <command>dnssec-keygen</command>:
-    </para>
-    <para>
-        <userinput>dnssec-signkey keyset-example.com. Kcom.+003+51944</userinput>
-    </para>
-    <para>
-        In this example, <command>dnssec-signkey</command> creates
-	the file <filename>signedkey-example.com.</filename>, which
-	contains the <userinput>example.com</userinput> keys and the
-	signatures by the <userinput>.com</userinput> keys.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-makekeyset</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-signkey.html

@@ -1,404 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->dnssec-signkey</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-signkey</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-signkey</SPAN
->&nbsp;--&nbsp;DNSSEC key set signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-signkey</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {keyset} {key...}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN39"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-signkey</B
-> signs a keyset.  Typically
-	the keyset will be for a child zone, and will have been generated
-	by <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.  The child zone's keyset
-	is signed with the zone keys for its parent zone.  The output file
-	is of the form <TT
-CLASS="FILENAME"
->signedkey-nnnn.</TT
->, where
-	<TT
-CLASS="FILENAME"
->nnnn</TT
-> is the zone name.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN46"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the DNS class of the key sets.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
-	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
-	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-signkey</B
->.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
-	       input should be used.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->keyset</DT
-><DD
-><P
->	        The file containing the child's keyset.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	        The keys used to sign the child's keyset.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN101"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The DNS administrator for a DNSSEC-aware <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
->
-	zone would use the following command to sign the
-	<TT
-CLASS="FILENAME"
->keyset</TT
-> file for <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->
-	created by <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> with a key generated
-	by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-signkey keyset-example.com. Kcom.+003+51944</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-signkey</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->signedkey-example.com.</TT
->, which
-	contains the <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> keys and the
-	signatures by the <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
-> keys.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN116"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signzone</SPAN
->(8)</SPAN
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN128"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/dnssec/dnssec-signzone.8

@@ -1,152 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "DNSSEC-SIGNZONE" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-signzone \- DNSSEC zone signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-signzone\fR [ \fB-a\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-d \fIdirectory\fB\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-f \fIoutput-file\fB\fR ]  [ \fB-h\fR ]  [ \fB-i \fIinterval\fB\fR ]  [ \fB-n \fInthreads\fB\fR ]  [ \fB-o \fIorigin\fB\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-t\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBzonefile\fR [ \fBkey\fR\fI...\fR ] 
-.SH "DESCRIPTION"
-.PP
-\fBdnssec-signzone\fR signs a zone. It generates NXT
-and SIG records and produces a signed version of the zone. If there
-is a \fIsignedkey\fR file from the zone's parent,
-the parent's signatures will be incorporated into the generated
-signed zone file. The security status of delegations from the the
-signed zone (that is, whether the child zones are secure or not) is
-determined by the presence or absence of a
-\fIsignedkey\fR file for each child zone.
-.SH "OPTIONS"
-.TP
-\fB-a\fR
-Verify all generated signatures.
-.TP
-\fB-c \fIclass\fB\fR
-Specifies the DNS class of the zone.
-.TP
-\fB-d \fIdirectory\fB\fR
-Look for \fIsignedkey\fR files in
-\fBdirectory\fR as the directory 
-.TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
-.TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time realtive to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
-.TP
-\fB-f \fIoutput-file\fB\fR
-The name of the output file containing the signed zone. The
-default is to append \fI.signed\fR to the
-input file.
-.TP
-\fB-h\fR
-Prints a short summary of the options and arguments to
-\fBdnssec-signzone\fR.
-.TP
-\fB-i \fIinterval\fB\fR
-When a previously signed zone is passed as input, records
-may be resigned. The \fBinterval\fR option
-specifies the cycle interval as an offset from the current
-time (in seconds). If a SIG record expires after the
-cycle interval, it is retained. Otherwise, it is considered
-to be expiring soon, and it will be replaced.
-
-The default cycle interval is one quarter of the difference
-between the signature end and start times. So if neither
-\fBend-time\fR or \fBstart-time\fR
-are specified, \fBdnssec-signzone\fR generates
-signatures that are valid for 30 days, with a cycle
-interval of 7.5 days. Therefore, if any existing SIG records
-are due to expire in less than 7.5 days, they would be
-replaced.
-.TP
-\fB-n \fIncpus\fB\fR
-Specifies the number of threads to use. By default, one
-thread is started for each detected CPU.
-.TP
-\fB-o \fIorigin\fB\fR
-The zone origin. If not specified, the name of the zone file
-is assumed to be the origin.
-.TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
-.TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
-.TP
-\fB-t\fR
-Print statistics at completion.
-.TP
-\fB-v \fIlevel\fB\fR
-Sets the debugging level.
-.TP
-\fBzonefile\fR
-The file containing the zone to be signed.
-Sets the debugging level.
-.TP
-\fBkey\fR
-The keys used to sign the zone. If no keys are specified, the
-default all zone keys that have private key files in the
-current directory.
-.SH "EXAMPLE"
-.PP
-The following command signs the \fBexample.com\fR
-zone with the DSA key generated in the \fBdnssec-keygen\fR
-man page. The zone's keys must be in the zone. If there are
-\fIsignedkey\fR files associated with this zone
-or any child zones, they must be in the current directory.
-\fBexample.com\fR, the following command would be
-issued:
-.PP
-\fBdnssec-signzone -o example.com db.example.com Kexample.com.+003+26160\fR
-.PP
-The command would print a string of the form:
-.PP
-In this example, \fBdnssec-signzone\fR creates
-the file \fIdb.example.com.signed\fR. This file
-should be referenced in a zone statement in a
-\fInamed.conf\fR file.
-.SH "SEE ALSO"
-.PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-signkey\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/dnssec/dnssec-signzone.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.136 2001/03/31 02:12:23 bwelling Exp $ */
+/* $Id: dnssec-signzone.c,v 1.126.2.4 2001/04/09 20:50:37 gson Exp $ */
 
 #include <config.h>
 
@@ -28,7 +28,6 @@
 #include <isc/commandline.h>
 #include <isc/entropy.h>
 #include <isc/event.h>
-#include <isc/file.h>
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/os.h>
@@ -43,6 +42,7 @@
 #include <dns/diff.h>
 #include <dns/dnssec.h>
 #include <dns/fixedname.h>
+#include <dns/journal.h>
 #include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/master.h>
@@ -99,7 +99,6 @@ static isc_mem_t *mctx = NULL;
 static isc_entropy_t *ectx = NULL;
 static dns_ttl_t zonettl;
 static FILE *fp;
-static char *tempfile = NULL;
 static const dns_master_style_t *masterstyle = &dns_master_style_explicitttl;
 static unsigned int nsigned = 0, nretained = 0, ndropped = 0;
 static unsigned int nverified = 0, nverifyfailed = 0;
@@ -117,7 +116,6 @@ static unsigned int ntasks = 0;
 static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
 static unsigned int assigned = 0, completed = 0;
 static isc_boolean_t nokeys = ISC_FALSE;
-static isc_boolean_t removefile = ISC_FALSE;
 
 #define INCSTAT(counter)		\
 	if (printstats) {		\
@@ -507,6 +505,7 @@ static void
 opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
        dns_db_t **dbp)
 {
+	dns_fixedname_t fname;
 	char filename[256];
 	isc_buffer_t b;
 	isc_result_t result;
@@ -518,8 +517,10 @@ opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
 			isc_buffer_putstr(&b, "/");
 	}
 	isc_buffer_putstr(&b, prefix);
-	result = dns_name_tofilenametext(name, ISC_FALSE, &b);
-	check_result(result, "dns_name_tofilenametext()");
+	dns_fixedname_init(&fname);
+	(void)dns_name_downcase(name, dns_fixedname_name(&fname), NULL);
+	result = dns_name_totext(dns_fixedname_name(&fname), ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
 	if (isc_buffer_availablelength(&b) == 0) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(name, namestr, sizeof namestr);
@@ -527,7 +528,7 @@ opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
 	}
 	isc_buffer_putuint8(&b, 0);
 
-	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
 			       rdclass, 0, NULL, dbp);
 	check_result(result, "dns_db_create()");
 
@@ -1488,12 +1489,6 @@ usage(void) {
 	exit(0);
 }
 
-static void
-removetempfile(void) {
-	if (removefile)
-		isc_file_remove(tempfile);
-}
-
 int
 main(int argc, char *argv[]) {
 	int i, ch;
@@ -1508,11 +1503,12 @@ main(int argc, char *argv[]) {
 	isc_boolean_t pseudorandom = ISC_FALSE;
 	unsigned int eflags;
 	isc_boolean_t free_output = ISC_FALSE;
-	int tempfilelen;
 	dns_rdataclass_t rdclass;
 	isc_textregion_t r;
 	isc_task_t **tasks = NULL;
 
+
+
 	check_result(isc_app_start(), "isc_app_start");
 
 	result = isc_mem_create(0, 0, &mctx);
@@ -1720,22 +1716,11 @@ main(int argc, char *argv[]) {
 	result = dns_db_newversion(gdb, &gversion);
 	check_result(result, "dns_db_newversion()");
 
-	tempfilelen = strlen(output) + 20;
-	tempfile = isc_mem_get(mctx, tempfilelen);
-	if (tempfile == NULL)
-		fatal("out of memory");
-
-	result = isc_file_mktemplate(output, tempfile, tempfilelen);
-	check_result(result, "isc_file_mktemplate");
-
 	fp = NULL;
-	result = isc_file_openunique(tempfile, &fp);
+	result = isc_stdio_open(output, "w", &fp);
 	if (result != ISC_R_SUCCESS)
-		fatal("failed to open temporary output file: %s",
+		fatal("failed to open output file %s: %s", output,
 		      isc_result_totext(result));
-	removefile = ISC_TRUE;
-	setfatalcallback(&removetempfile);
-
 	print_time(fp);
 	print_version(fp);
 
@@ -1781,12 +1766,6 @@ main(int argc, char *argv[]) {
 
 	result = isc_stdio_close(fp);
 	check_result(result, "isc_stdio_close");
-	removefile = ISC_FALSE;
-
-	result = isc_file_rename(tempfile, output);
-	if (result != ISC_R_SUCCESS)
-		fatal("failed to rename temp file to %s: %s\n",
-		      output, isc_result_totext(result));
 
 	DESTROYLOCK(&namelock);
 	if (printstats)
@@ -1805,8 +1784,6 @@ main(int argc, char *argv[]) {
 		isc_mem_put(mctx, key, sizeof(signer_key_t));
 	}
 
-	isc_mem_put(mctx, tempfile, tempfilelen);
-
 	if (free_output)
 		isc_mem_free(mctx, output);
 

bin/dnssec/dnssec-signzone.docbook

@@ -1,307 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-
-<refentry>
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-signzone</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-signzone</application></refname>
-    <refpurpose>DNSSEC zone signing tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-signzone</command>
-      <arg><option>-a</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
-      <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
-      <arg><option>-p</option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-t</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">zonefile</arg>
-      <arg rep="repeat">key</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-        <command>dnssec-signzone</command> signs a zone.  It generates NXT
-	and SIG records and produces a signed version of the zone.  If there
-	is a <filename>signedkey</filename> file from the zone's parent,
-	the parent's signatures will be incorporated into the generated
-	signed zone file.  The security status of delegations from the the
-        signed zone (that is, whether the child zones are secure or not) is
-        determined by the presence or absence of a
-	<filename>signedkey</filename> file for each child zone.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a</term>
-	<listitem>
-	  <para>
-	      Verify all generated signatures.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the DNS class of the zone.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-d <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-	       Look for <filename>signedkey</filename> files in
-	       <option>directory</option> as the directory 
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">start-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <option>start-time</option> is specified, the current
-	       time is used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e <replaceable class="parameter">end-time</replaceable></term>
-	<listitem>
-	  <para>
-	       Specify the date and time when the generated SIG records
-	       expire.  As with <option>start-time</option>, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <option>end-time</option> is
-	       specified, 30 days from the start time is used as a default.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">output-file</replaceable></term>
-	<listitem>
-	  <para>
-	       The name of the output file containing the signed zone.  The
-	       default is to append <filename>.signed</filename> to the
-	       input file.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-	<listitem>
-	  <para>
-	       Prints a short summary of the options and arguments to
-	       <command>dnssec-signzone</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">interval</replaceable></term>
-	<listitem>
-	  <para>
-	       When a previously signed zone is passed as input, records
-	       may be resigned.  The <option>interval</option> option
-	       specifies the cycle interval as an offset from the current
-	       time (in seconds).  If a SIG record expires after the
-	       cycle interval, it is retained.  Otherwise, it is considered
-	       to be expiring soon, and it will be replaced.
-	  </para>
-	  <para>
-	       The default cycle interval is one quarter of the difference
-	       between the signature end and start times.  So if neither
-	       <option>end-time</option> or <option>start-time</option>
-	       are specified, <command>dnssec-signzone</command> generates
-	       signatures that are valid for 30 days, with a cycle
-	       interval of 7.5 days.  Therefore, if any existing SIG records
-	       are due to expire in less than 7.5 days, they would be
-	       replaced.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">ncpus</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the number of threads to use.  By default, one
-	       thread is started for each detected CPU.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-o <replaceable class="parameter">origin</replaceable></term>
-	<listitem>
-	  <para>
-	       The zone origin.  If not specified, the name of the zone file
-	       is assumed to be the origin.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p</term>
-	<listitem>
-	  <para>
-	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-	<listitem>
-	  <para>
-	       Specifies the source of randomness.  If the operating
-	       system does not provide a <filename>/dev/random</filename>
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <filename>randomdev</filename> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <filename>keyboard</filename> indicates that keyboard
-	       input should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t</term>
-	<listitem>
-	  <para>
-	       Print statistics at completion.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	       Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>zonefile</term>
-	<listitem>
-	  <para>
-	       The file containing the zone to be signed.
-	       Sets the debugging level.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>key</term>
-	<listitem>
-	  <para>
-	       The keys used to sign the zone.  If no keys are specified, the
-	       default all zone keys that have private key files in the
-	       current directory.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-        The following command signs the <userinput>example.com</userinput>
-	zone with the DSA key generated in the <command>dnssec-keygen</command>
-	man page.  The zone's keys must be in the zone.  If there are
-	<filename>signedkey</filename> files associated with this zone
-	or any child zones, they must be in the current directory.
-	<userinput>example.com</userinput>, the following command would be
-	issued:
-    </para>
-    <para>
-        <userinput>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-        The command would print a string of the form:
-    </para>
-    <para>
-        In this example, <command>dnssec-signzone</command> creates
-	the file <filename>db.example.com.signed</filename>.  This file
-	should be referenced in a zone statement in a
-	<filename>named.conf</filename> file.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-      <citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signkey</refentrytitle>
-	<manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2535</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-        <corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-signzone.html

@@ -1,553 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->dnssec-signzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.61
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
->&nbsp;--&nbsp;DNSSEC zone signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-signzone</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-d <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-f <TT
-CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-i <TT
-CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-n <TT
-CLASS="REPLACEABLE"
-><I
->nthreads</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-o <TT
-CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t</TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {zonefile} [key...]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN56"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> signs a zone.  It generates NXT
-	and SIG records and produces a signed version of the zone.  If there
-	is a <TT
-CLASS="FILENAME"
->signedkey</TT
-> file from the zone's parent,
-	the parent's signatures will be incorporated into the generated
-	signed zone file.  The security status of delegations from the the
-        signed zone (that is, whether the child zones are secure or not) is
-        determined by the presence or absence of a
-	<TT
-CLASS="FILENAME"
->signedkey</TT
-> file for each child zone.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN62"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the DNS class of the zone.
-	  </P
-></DD
-><DT
->-d <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->	       Look for <TT
-CLASS="FILENAME"
->signedkey</TT
-> files in
-	       <TT
-CLASS="OPTION"
->directory</TT
-> as the directory 
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       become valid.  This can be either an absolute or relative
-	       time.  An absolute start time is indicated by a number
-	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-	       14:45:00 UTC on May 30th, 2000.  A relative start time is
-	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
-	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
-	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-	       to the start time is indicated with +N, which is N seconds from
-	       the start time.  A time realtive to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
-	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-f <TT
-CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
-></DT
-><DD
-><P
->	       The name of the output file containing the signed zone.  The
-	       default is to append <TT
-CLASS="FILENAME"
->.signed</TT
-> to the
-	       input file.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-signzone</B
->.
-	  </P
-></DD
-><DT
->-i <TT
-CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
-></DT
-><DD
-><P
->	       When a previously signed zone is passed as input, records
-	       may be resigned.  The <TT
-CLASS="OPTION"
->interval</TT
-> option
-	       specifies the cycle interval as an offset from the current
-	       time (in seconds).  If a SIG record expires after the
-	       cycle interval, it is retained.  Otherwise, it is considered
-	       to be expiring soon, and it will be replaced.
-	  </P
-><P
->	       The default cycle interval is one quarter of the difference
-	       between the signature end and start times.  So if neither
-	       <TT
-CLASS="OPTION"
->end-time</TT
-> or <TT
-CLASS="OPTION"
->start-time</TT
->
-	       are specified, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> generates
-	       signatures that are valid for 30 days, with a cycle
-	       interval of 7.5 days.  Therefore, if any existing SIG records
-	       are due to expire in less than 7.5 days, they would be
-	       replaced.
-	  </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->ncpus</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the number of threads to use.  By default, one
-	       thread is started for each detected CPU.
-	  </P
-></DD
-><DT
->-o <TT
-CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
-></DT
-><DD
-><P
->	       The zone origin.  If not specified, the name of the zone file
-	       is assumed to be the origin.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
-	       but less secure, than using real random data.  This option
-	       may be useful when signing large zones or when the entropy
-	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
-	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
-	       the name of a character device or file containing random
-	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
-	       input should be used.
-	  </P
-></DD
-><DT
->-t</DT
-><DD
-><P
->	       Print statistics at completion.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->zonefile</DT
-><DD
-><P
->	       The file containing the zone to be signed.
-	       Sets the debugging level.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	       The keys used to sign the zone.  If no keys are specified, the
-	       default all zone keys that have private key files in the
-	       current directory.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN154"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The following command signs the <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->
-	zone with the DSA key generated in the <B
-CLASS="COMMAND"
->dnssec-keygen</B
->
-	man page.  The zone's keys must be in the zone.  If there are
-	<TT
-CLASS="FILENAME"
->signedkey</TT
-> files associated with this zone
-	or any child zones, they must be in the current directory.
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->, the following command would be
-	issued:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        The command would print a string of the form:
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->db.example.com.signed</TT
->.  This file
-	should be referenced in a zone statement in a
-	<TT
-CLASS="FILENAME"
->named.conf</TT
-> file.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN168"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN179"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/dnssec/dnssectool.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.28 2001/03/31 02:12:24 bwelling Exp $ */
+/* $Id: dnssectool.c,v 1.26.2.1 2001/01/09 22:31:35 bwelling Exp $ */
 
 #include <config.h>
 
@@ -45,7 +45,6 @@ extern const char *program;
 static isc_entropysource_t *source = NULL;
 static isc_keyboard_t kbd;
 static isc_boolean_t wantkeyboard = ISC_FALSE;
-static fatalcallback_t *fatalcallback = NULL;
 
 void
 fatal(const char *format, ...) {
@@ -56,16 +55,9 @@ fatal(const char *format, ...) {
 	vfprintf(stderr, format, args);
 	va_end(args);
 	fprintf(stderr, "\n");
-	if (fatalcallback != NULL)
-		(*fatalcallback)();
 	exit(1);
 }
 
-void
-setfatalcallback(fatalcallback_t *callback) {
-	fatalcallback = callback;
-}
-
 void
 check_result(isc_result_t result, const char *message) {
 	if (result != ISC_R_SUCCESS) {

bin/dnssec/dnssectool.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.14 2001/03/31 02:12:26 bwelling Exp $ */
+/* $Id: dnssectool.h,v 1.12.4.1 2001/01/09 22:31:36 bwelling Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
@@ -25,14 +25,9 @@
 #include <dns/rdatastruct.h>
 #include <dst/dst.h>
 
-typedef void (fatalcallback_t)(void);
-
 void
 fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
-void
-setfatalcallback(fatalcallback_t *callback);
-
 void
 check_result(isc_result_t result, const char *message);
 

bin/lwresd/.cvsignore

@@ -1,5 +1,5 @@
 Makefile
-timestamp
 .libs
 *.la
 *.lo
+lwresd

bin/lwresd/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2001  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.3 2001/02/02 01:01:22 sjacob Exp $
+# $Id: Makefile.in,v 1.13.4.1 2001/01/09 22:31:38 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -23,38 +23,35 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_INCLUDES@
 
-CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
+CINCLUDES =	${LWRES_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES}
 
 CDEFINES =
 CWARNINGS =
 
-DNSLIBS =	../../../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
-ISCLIBS =	../../../../lib/isc/libisc.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@
+LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
-DNSDEPLIBS =	../../../../lib/dns/libdns.@A@
-ISCDEPLIBS =	../../../../lib/isc/libisc.@A@
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS} ${LWRESDEPLIBS}
 
-LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
+LIBS =		${DNSLIBS} ${ISCLIBS} ${LWRESLIBS} @LIBS@
 
-TARGETS =	keycreate keydelete
+TARGETS =	lwresd
 
-CREATEOBJS =	keycreate.@O@
-DELETEOBJS =	keydelete.@O@
+OBJS =		main.@O@ client.@O@ err_pkt.@O@ \
+		process_gabn.@O@ process_gnba.@O@ process_noop.@O@
 
-SRCS =		keycreate.c keydelete.c
+SRCS =		main.c client.c err_pkt.c \
+		process_gabn.c process_gnba.c process_noop.c
 
 @BIND9_MAKE_RULES@
 
-all: keycreate keydelete
-
-keycreate: ${CREATEOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ ${CREATEOBJS} ${LIBS}
-
-keydelete: ${DELETEOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ ${DELETEOBJS} ${LIBS}
+lwresd: ${OBJS} ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
-

bin/lwresd/client.c

@@ -0,0 +1,387 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: client.c,v 1.30.4.1 2001/01/09 22:31:39 bwelling Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/util.h>
+
+#include <dns/view.h>
+#include <dns/log.h>
+
+#include "client.h"
+
+void
+DP(int level, const char *format, ...) {
+	va_list args;
+
+	va_start(args, format);
+	isc_log_vwrite(dns_lctx,
+		       DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ADB,
+		       ISC_LOG_DEBUG(level), format, args);
+	va_end(args);
+}
+
+void
+hexdump(char *msg, void *base, size_t len) {
+	unsigned char *p;
+	unsigned int cnt;
+	char buffer[180];
+	char *n;
+
+	p = base;
+	cnt = 0;
+	n = buffer;
+	*n = 0;
+
+	printf("*** %s (%u bytes @ %p)\n", msg, len, base);
+
+	while (cnt < len) {
+		if (cnt % 16 == 0) {
+			n = buffer;
+			n += sprintf(buffer, "%p: ", p);
+		} else if (cnt % 8 == 0) {
+			*n++ = ' ';
+			*n++ = '|';
+			*n = 0;
+		}
+		n += sprintf(n, " %02x", *p++);
+		cnt++;
+
+		if (cnt % 16 == 0) {
+			DP(80, buffer);
+			n = buffer;
+			*n = 0;
+		}
+	}
+
+	if (n != buffer) {
+		DP(80, buffer);
+		n = buffer;
+		*n = 0;
+	}
+}
+
+static void
+clientmgr_can_die(clientmgr_t *cm) {
+	if ((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) == 0)
+		return;
+
+	if (ISC_LIST_HEAD(cm->running) != NULL)
+		return;
+
+	lwres_context_destroy(&cm->lwctx);
+	dns_view_detach(&cm->view);
+	isc_task_detach(&cm->task);
+}
+
+static void
+process_request(client_t *client) {
+	lwres_buffer_t b;
+	isc_result_t result;
+
+	lwres_buffer_init(&b, client->buffer, client->recvlength);
+	lwres_buffer_add(&b, client->recvlength);
+
+	result = lwres_lwpacket_parseheader(&b, &client->pkt);
+	if (result != ISC_R_SUCCESS) {
+		DP(50, "invalid packet header received");
+		goto restart;
+	}
+
+	DP(50, "opcode %08x", client->pkt.opcode);
+
+	switch (client->pkt.opcode) {
+	case LWRES_OPCODE_GETADDRSBYNAME:
+		process_gabn(client, &b);
+		return;
+	case LWRES_OPCODE_GETNAMEBYADDR:
+		process_gnba(client, &b);
+		return;
+	case LWRES_OPCODE_NOOP:
+		process_noop(client, &b);
+		return;
+	default:
+		DP(50, "unknown opcode %08x", client->pkt.opcode);
+		goto restart;
+	}
+
+	/*
+	 * Drop the packet.
+	 */
+ restart:
+	DP(50, "restarting client %p...", client);
+	client_state_idle(client);
+}
+
+void
+client_recv(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	clientmgr_t *cm = client->clientmgr;
+	isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+	INSIST(dev->region.base == client->buffer);
+	INSIST(CLIENT_ISRECV(client));
+
+	CLIENT_SETRECVDONE(client);
+
+	INSIST((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0);
+	cm->flags &= ~CLIENTMGR_FLAG_RECVPENDING;
+
+	DP(50, "event received: task %p, length %u, result %u (%s)",
+	       task, dev->n, dev->result, isc_result_totext(dev->result));
+
+	if (dev->result != ISC_R_SUCCESS) {
+		isc_event_free(&ev);
+		dev = NULL;
+
+		/*
+		 * Go idle.
+		 */
+		client_state_idle(client);
+
+		return;
+	}
+
+	/*
+	 * XXXMLG If we wanted to run on ipv6 as well, we'd need the pktinfo
+	 * bits.  Right now we don't, so don't remember them.
+	 */
+	client->recvlength = dev->n;
+	client->address = dev->address;
+	isc_event_free(&ev);
+	dev = NULL;
+
+	client_start_recv(cm);
+
+	process_request(client);
+}
+
+/*
+ * This function will start a new recv() on a socket for this client manager.
+ */
+isc_result_t
+client_start_recv(clientmgr_t *cm) {
+	client_t *client;
+	isc_result_t result;
+	isc_region_t r;
+
+	if ((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) != 0)
+		return (ISC_R_SUCCESS);
+
+	/*
+	 * If a recv is already running, don't bother.
+	 */
+	if ((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0)
+		return (ISC_R_SUCCESS);
+
+	/*
+	 * If we have no idle slots, just return success.
+	 */
+	client = ISC_LIST_HEAD(cm->idle);
+	if (client == NULL)
+		return (ISC_R_SUCCESS);
+	INSIST(CLIENT_ISIDLE(client));
+
+	/*
+	 * Issue the recv.  If it fails, return that it did.
+	 */
+	r.base = client->buffer;
+	r.length = LWRES_RECVLENGTH;
+	result = isc_socket_recv(cm->sock, &r, 0, cm->task, client_recv,
+				 client);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Set the flag to say we've issued a recv() call.
+	 */
+	cm->flags |= CLIENTMGR_FLAG_RECVPENDING;
+
+	/*
+	 * Remove the client from the idle list, and put it on the running
+	 * list.
+	 */
+	CLIENT_SETRECV(client);
+	ISC_LIST_UNLINK(cm->idle, client, link);
+	ISC_LIST_APPEND(cm->running, client, link);
+
+	return (ISC_R_SUCCESS);
+}
+
+void
+client_shutdown(isc_task_t *task, isc_event_t *ev) {
+	clientmgr_t *cm = ev->ev_arg;
+
+	REQUIRE(task == cm->task);
+	REQUIRE(ev->ev_type == LWRD_SHUTDOWN);
+	REQUIRE((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) == 0);
+
+	DP(50, "got shutdown event, task %p", task);
+
+	/*
+	 * Cancel any pending I/O.
+	 */
+	if ((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0)
+		isc_socket_cancel(cm->sock, task, ISC_SOCKCANCEL_ALL);
+
+	/*
+	 * Run through the running client list and kill off any finds
+	 * in progress.
+	 */
+	/* XXXMLG */
+
+	cm->flags |= CLIENTMGR_FLAG_SHUTTINGDOWN;
+}
+
+/*
+ * Do all the crap needed to move a client from the run queue to the idle
+ * queue.
+ */
+void
+client_state_idle(client_t *client) {
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	INSIST(client->sendbuf == NULL);
+	INSIST(client->sendlength == 0);
+	INSIST(client->arg == NULL);
+	INSIST(client->v4find == NULL);
+	INSIST(client->v6find == NULL);
+
+	ISC_LIST_UNLINK(cm->running, client, link);
+	ISC_LIST_PREPEND(cm->idle, client, link);
+
+	CLIENT_SETIDLE(client);
+
+	clientmgr_can_die(cm);
+
+	client_start_recv(cm);
+}
+
+void
+client_send(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	clientmgr_t *cm = client->clientmgr;
+	isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+	UNUSED(task);
+	UNUSED(dev);
+
+	INSIST(CLIENT_ISSEND(client));
+	INSIST(client->sendbuf == dev->region.base);
+
+	DP(50, "task %p for client %p got send-done event", task, client);
+
+	if (client->sendbuf != client->buffer)
+		lwres_context_freemem(cm->lwctx, client->sendbuf,
+				      client->sendlength);
+	client->sendbuf = NULL;
+	client->sendlength = 0;
+
+	client_state_idle(client);
+
+	isc_event_free(&ev);
+}
+
+void
+client_initialize(client_t *client, clientmgr_t *cmgr) {
+	client->clientmgr = cmgr;
+	ISC_LINK_INIT(client, link);
+	CLIENT_SETIDLE(client);
+	client->arg = NULL;
+
+	client->recvlength = 0;
+
+	client->sendbuf = NULL;
+	client->sendlength = 0;
+
+	client->find = NULL;
+	client->v4find = NULL;
+	client->v6find = NULL;
+	client->find_wanted = 0;
+
+	client->options = 0;
+	client->byaddr = NULL;
+	client->addrinfo = NULL;
+
+	ISC_LIST_APPEND(cmgr->idle, client, link);
+}
+
+void
+client_init_aliases(client_t *client) {
+	int i;
+
+	for (i = 0 ; i < LWRES_MAX_ALIASES ; i++) {
+		client->aliases[i] = NULL;
+		client->aliaslen[i] = 0;
+	}
+	for (i = 0 ; i < LWRES_MAX_ADDRS ; i++) {
+		client->addrs[i].family = 0;
+		client->addrs[i].length = 0;
+		memset(client->addrs[i].address, 0, LWRES_ADDR_MAXLEN);
+		LWRES_LINK_INIT(&client->addrs[i], link);
+	}
+}
+
+void
+client_init_gabn(client_t *client) {
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_aliases(client);
+	client->gabn.naliases = 0;
+	client->gabn.naddrs = 0;
+	client->gabn.realname = NULL;
+	client->gabn.aliases = client->aliases;
+	client->gabn.realnamelen = 0;
+	client->gabn.aliaslen = client->aliaslen;
+	LWRES_LIST_INIT(client->gabn.addrs);
+	client->gabn.base = NULL;
+	client->gabn.baselen = 0;
+
+	/*
+	 * Set up the internal buffer to point to the receive region.
+	 */
+	isc_buffer_init(&client->recv_buffer, client->buffer,
+			LWRES_RECVLENGTH);
+}
+
+void
+client_init_gnba(client_t *client) {
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_aliases(client);
+	client->gnba.naliases = 0;
+	client->gnba.realname = NULL;
+	client->gnba.aliases = client->aliases;
+	client->gnba.realnamelen = 0;
+	client->gnba.aliaslen = client->aliaslen;
+	client->gnba.base = NULL;
+	client->gnba.baselen = 0;
+
+	isc_buffer_init(&client->recv_buffer, client->buffer,
+			LWRES_RECVLENGTH);
+}

bin/lwresd/client.h

@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: client.h,v 1.18.4.1 2001/01/09 22:31:40 bwelling Exp $ */
+
+#ifndef LWD_CLIENT_H
+#define LWD_CLIENT_H 1
+
+#include <isc/event.h>
+#include <isc/eventclass.h>
+#include <isc/netaddr.h>
+#include <isc/sockaddr.h>
+#include <isc/types.h>
+
+#include <dns/fixedname.h>
+#include <dns/types.h>
+
+#include <lwres/lwres.h>
+
+#define LWRD_EVENTCLASS		ISC_EVENTCLASS(4242)
+
+#define LWRD_SHUTDOWN		(LWRD_EVENTCLASS + 0x0001)
+
+typedef struct client_s client_t;
+typedef struct clientmgr_s clientmgr_t;
+
+struct client_s {
+	isc_sockaddr_t		address;	/* where to reply */
+	clientmgr_t	       *clientmgr;	/* our parent */
+	ISC_LINK(client_t)	link;
+	unsigned int		state;
+	void		       *arg;		/* packet processing state */
+
+	/*
+	 * Received data info.
+	 */
+	unsigned char		buffer[LWRES_RECVLENGTH]; /* receive buffer */
+	isc_uint32_t		recvlength;	/* length recv'd */
+	lwres_lwpacket_t	pkt;
+
+	/*
+	 * Send data state.  If sendbuf != buffer (that is, the send buffer
+	 * isn't our receive buffer) it will be freed to the lwres_context_t.
+	 */
+	unsigned char	       *sendbuf;
+	isc_uint32_t		sendlength;
+	isc_buffer_t		recv_buffer;
+
+	/*
+	 * gabn (get address by name) state info.
+	 */
+	dns_adbfind_t		*find;
+	dns_adbfind_t		*v4find;
+	dns_adbfind_t		*v6find;
+	unsigned int		find_wanted;	/* Addresses we want */
+	dns_fixedname_t		target_name;
+	lwres_gabnresponse_t	gabn;
+
+	/*
+	 * gnba (get name by address) state info.
+	 */
+	lwres_gnbaresponse_t	gnba;
+	dns_byaddr_t	       *byaddr;
+	unsigned int		options;
+	isc_netaddr_t		na;
+	dns_adbaddrinfo_t      *addrinfo;
+
+	/*
+	 * Alias and address info.  This is copied up to the gabn/gnba
+	 * structures eventually.
+	 *
+	 * XXXMLG We can keep all of this in a client since we only service
+	 * three packet types right now.  If we started handling more,
+	 * we'd need to use "arg" above and allocate/destroy things.
+	 */
+	char		       *aliases[LWRES_MAX_ALIASES];
+	isc_uint16_t		aliaslen[LWRES_MAX_ALIASES];
+	lwres_addr_t		addrs[LWRES_MAX_ADDRS];
+};
+
+/*
+ * Client states.
+ *
+ * _IDLE	The client is not doing anything at all.
+ *
+ * _RECV	The client is waiting for data after issuing a socket recv().
+ *
+ * _RECVDONE	Data has been received, and is being processed.
+ *
+ * _FINDWAIT	An adb (or other) request was made that cannot be satisfied
+ *		immediately.  An event will wake the client up.
+ *
+ * _SEND	All data for a response has completed, and a reply was
+ *		sent via a socket send() call.
+ *
+ * Badly formatted state table:
+ *
+ *	IDLE -> RECV when client has a recv() queued.
+ *
+ *	RECV -> RECVDONE when recvdone event received.
+ *
+ *	RECVDONE -> SEND if the data for a reply is at hand.
+ *	RECVDONE -> FINDWAIT if more searching is needed, and events will
+ *		eventually wake us up again.
+ *
+ *	FINDWAIT -> SEND when enough data was received to reply.
+ *
+ *	SEND -> IDLE when a senddone event was received.
+ *
+ *	At any time -> IDLE on error.  Sometimes this will be -> SEND
+ *	instead, if enough data is on hand to reply with a meaningful
+ *	error.
+ *
+ *	Packets which are badly formatted may or may not get error returns.
+ */
+#define CLIENT_STATE_IDLE		1
+#define CLIENT_STATE_RECV		2
+#define CLIENT_STATE_RECVDONE		3
+#define CLIENT_STATE_FINDWAIT		4
+#define CLIENT_STATE_SEND		5
+#define CLIENT_STATE_SENDDONE		6
+
+#define CLIENT_ISIDLE(c)	((c)->state == CLIENT_STATE_IDLE)
+#define CLIENT_ISRECV(c)	((c)->state == CLIENT_STATE_RECV)
+#define CLIENT_ISRECVDONE(c)	((c)->state == CLIENT_STATE_RECVDONE)
+#define CLIENT_ISFINDWAIT(c)	((c)->state == CLIENT_STATE_FINDWAIT)
+#define CLIENT_ISSEND(c)	((c)->state == CLIENT_STATE_SEND)
+
+/*
+ * Overall magic test that means we're not idle.
+ */
+#define CLIENT_ISRUNNING(c)	(!CLIENT_ISIDLE(c))
+
+#define CLIENT_SETIDLE(c)	((c)->state = CLIENT_STATE_IDLE)
+#define CLIENT_SETRECV(c)	((c)->state = CLIENT_STATE_RECV)
+#define CLIENT_SETRECVDONE(c)	((c)->state = CLIENT_STATE_RECVDONE)
+#define CLIENT_SETFINDWAIT(c)	((c)->state = CLIENT_STATE_FINDWAIT)
+#define CLIENT_SETSEND(c)	((c)->state = CLIENT_STATE_SEND)
+#define CLIENT_SETSENDDONE(c)	((c)->state = CLIENT_STATE_SENDDONE)
+
+struct clientmgr_s {
+	isc_mem_t	       *mctx;
+	isc_task_t	       *task;		/* owning task */
+	isc_socket_t	       *sock;		/* socket to use */
+	dns_view_t	       *view;
+	unsigned int		flags;
+	isc_event_t		sdev;		/* shutdown event */
+	lwres_context_t	       *lwctx;		/* lightweight proto context */
+	ISC_LIST(client_t)	idle;		/* idle client slots */
+	ISC_LIST(client_t)	running;	/* running clients */
+};
+
+#define CLIENTMGR_FLAG_RECVPENDING		0x00000001
+#define CLIENTMGR_FLAG_SHUTTINGDOWN		0x00000002
+
+void client_initialize(client_t *, clientmgr_t *);
+isc_result_t client_start_recv(clientmgr_t *);
+void client_state_idle(client_t *);
+
+void client_recv(isc_task_t *, isc_event_t *);
+void client_shutdown(isc_task_t *, isc_event_t *);
+void client_send(isc_task_t *, isc_event_t *);
+
+/*
+ * Processing functions of various types.
+ */
+void process_gabn(client_t *, lwres_buffer_t *);
+void process_gnba(client_t *, lwres_buffer_t *);
+void process_noop(client_t *, lwres_buffer_t *);
+
+void error_pkt_send(client_t *, isc_uint32_t);
+
+void client_init_aliases(client_t *);
+void client_init_gabn(client_t *);
+void client_init_gnba(client_t *);
+
+void DP(int level, const char *format, ...);
+void hexdump(char *msg, void *base, size_t len);
+
+#endif /* LWD_CLIENT_H */

bin/lwresd/err_pkt.c

@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: err_pkt.c,v 1.7.4.1 2001/01/09 22:31:41 bwelling Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include "client.h"
+
+/*
+ * Generate an error packet for the client, schedule a send, and put us in
+ * the SEND state.
+ *
+ * The client->pkt structure will be modified to form an error return.
+ * The receiver needs to verify that it is in fact an error, and do the
+ * right thing with it.  The opcode will be unchanged.  The result needs
+ * to be set before calling this function.
+ *
+ * The only change this code makes is to set the receive buffer size to the
+ * size we use, set the reply bit, and recompute any security information.
+ */
+void
+error_pkt_send(client_t *client, isc_uint32_t _result) {
+	isc_result_t result;
+	int lwres;
+	isc_region_t r;
+	lwres_buffer_t b;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	REQUIRE(CLIENT_ISRUNNING(client));
+
+	/*
+	 * Since we are only sending the packet header, we can safely toss
+	 * the receive buffer.  This means we won't need to allocate space
+	 * for sending an error reply.  This is a Good Thing.
+	 */
+	client->pkt.length = LWRES_LWPACKET_LENGTH;
+	client->pkt.pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = _result;
+
+	lwres_buffer_init(&b, client->buffer, LWRES_RECVLENGTH);
+	lwres = lwres_lwpacket_renderheader(&b, &client->pkt);
+	if (lwres != LWRES_R_SUCCESS) {
+		client_state_idle(client);
+		return;
+	}
+
+	r.base = client->buffer;
+	r.length = b.used;
+	client->sendbuf = client->buffer;
+	result = isc_socket_sendto(cm->sock, &r, cm->task, client_send, client,
+				   &client->address, NULL);
+	if (result != ISC_R_SUCCESS) {
+		client_state_idle(client);
+		return;
+	}
+
+	CLIENT_SETSEND(client);
+}

bin/lwresd/main.c

@@ -0,0 +1,509 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: main.c,v 1.45.4.1 2001/01/09 22:31:42 bwelling Exp $ */
+
+/*
+ * Main program for the Lightweight Resolver Daemon.
+ *
+ * To paraphrase the old saying about X11, "It's not a lightweight deamon
+ * for resolvers, it's a deamon for lightweight resolvers".
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/cache.h>
+#include <dns/db.h>
+#include <dns/dispatch.h>
+#include <dns/log.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+#include <dns/rootns.h>
+#include <dns/view.h>
+
+#include "client.h"
+
+/*
+ * The goal number of clients we can handle will be NTASKS * NRECVS.
+ */
+#define NTASKS		20	/* tasks to create to handle lwres queries */
+#define NRECVS		 5	/* max clients per task */
+#define NTHREADS	 1	/* # threads to create in thread manager */
+
+/*
+ * Array of client managers.  Each of these will have a task associated
+ * with it.
+ */
+clientmgr_t    *cmgr;
+unsigned int	ntasks;	/* number of tasks actually created */
+
+dns_view_t *view;
+
+isc_taskmgr_t *taskmgr;
+isc_socketmgr_t *sockmgr;
+isc_timermgr_t *timermgr;
+dns_dispatchmgr_t *dispatchmgr;
+
+isc_sockaddrlist_t forwarders;
+
+static isc_logmodule_t logmodules[] = {
+	{ "main",	 		0 },
+	{ NULL, 			0 }
+};
+
+#define LWRES_LOGMODULE_MAIN		(&logmodules[0])
+
+static isc_logcategory_t logcategories[] = {
+	{ "network",	 		0 },
+	{ NULL, 			0 }
+};
+
+#define LWRES_LOGCATEGORY_NETWORK	(&logcategories[0])
+
+
+static isc_result_t
+create_view(isc_mem_t *mctx) {
+	dns_cache_t *cache;
+	isc_result_t result;
+	dns_db_t *rootdb;
+	unsigned int attrs;
+	dns_dispatch_t *disp4 = NULL;
+	dns_dispatch_t *disp6 = NULL;
+
+	view = NULL;
+	cache = NULL;
+
+	/*
+	 * View.
+	 */
+	result = dns_view_create(mctx, dns_rdataclass_in, "_default", &view);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * Cache.
+	 */
+	result = dns_cache_create(mctx, taskmgr, timermgr, dns_rdataclass_in,
+				  "rbt", 0, NULL, &cache);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+	dns_view_setcache(view, cache);
+	dns_cache_detach(&cache);
+
+	/*
+	 * Resolver.
+	 *
+	 * XXXMLG hardwired number of tasks.
+	 */
+
+	if (isc_net_probeipv4() == ISC_R_SUCCESS) {
+		isc_sockaddr_t any4;
+
+		isc_sockaddr_any(&any4);
+		attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+		result = dns_dispatch_getudp(dispatchmgr, sockmgr,
+					     taskmgr, &any4, 512, 6, 1024,
+					     17, 19, attrs, attrs, &disp4);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+	}
+
+	if (isc_net_probeipv6() == ISC_R_SUCCESS) {
+		isc_sockaddr_t any6;
+
+		isc_sockaddr_any6(&any6);
+
+		attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
+		result = dns_dispatch_getudp(dispatchmgr, sockmgr,
+					     taskmgr, &any6, 512, 6, 1024,
+					     17, 19, attrs, attrs, &disp6);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+	}
+
+	result = dns_view_createresolver(view, taskmgr, 16, sockmgr,
+					 timermgr, 0, dispatchmgr,
+					 disp4, disp6);
+
+	if (disp4 != NULL)
+		dns_dispatch_detach(&disp4);
+	if (disp6 != NULL)
+		dns_dispatch_detach(&disp6);
+
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	rootdb = NULL;
+	result = dns_rootns_create(mctx, dns_rdataclass_in, NULL, &rootdb);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+	dns_view_sethints(view, rootdb);
+	dns_db_detach(&rootdb);
+
+	/*
+	 * If we have forwarders, set them here.
+	 */
+	if (ISC_LIST_HEAD(forwarders) != NULL) {
+		isc_sockaddr_t *sa;
+
+		dns_resolver_setforwarders(view->resolver, &forwarders);
+		dns_resolver_setfwdpolicy(view->resolver, dns_fwdpolicy_only);
+		sa = ISC_LIST_HEAD(forwarders);
+		while (sa != NULL) {
+			ISC_LIST_UNLINK(forwarders, sa, link);
+			isc_mem_put(mctx, sa, sizeof (*sa));
+			sa = ISC_LIST_HEAD(forwarders);
+		}
+
+	}
+
+	dns_view_freeze(view);
+
+	return (ISC_R_SUCCESS);
+
+out:
+	if (view != NULL)
+		dns_view_detach(&view);
+
+	return (result);
+}
+
+/*
+ * Wrappers around our memory management stuff, for the lwres functions.
+ */
+static void *
+mem_alloc(void *arg, size_t size) {
+	return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+	isc_mem_put(arg, mem, size);
+}
+
+static void
+parse_resolv_conf(isc_mem_t *mem) {
+	lwres_context_t *lwctx;
+	lwres_conf_t *lwc;
+	int lwresult;
+	struct in_addr ina;
+	struct in6_addr ina6;
+	isc_sockaddr_t *sa;
+	int i;
+
+	lwctx = NULL;
+	lwresult = lwres_context_create(&lwctx, mem, mem_alloc, mem_free,
+					LWRES_CONTEXT_SERVERMODE);
+	if (lwresult != LWRES_R_SUCCESS)
+		return;
+
+	lwresult = lwres_conf_parse(lwctx, "/etc/resolv.conf");
+	if (lwresult != LWRES_R_SUCCESS)
+		goto out;
+
+#if 1
+	lwres_conf_print(lwctx, stderr);
+#endif
+
+	lwc = lwres_conf_get(lwctx);
+	INSIST(lwc != NULL);
+
+	/*
+	 * Run through the list of nameservers, and set them to be our
+	 * forwarders.
+	 */
+	for (i = 0 ; i < lwc->nsnext ; i++) {
+		switch (lwc->nameservers[i].family) {
+		case AF_INET:
+			sa = isc_mem_get(mem, sizeof *sa);
+			INSIST(sa != NULL);
+			memcpy(&ina.s_addr, lwc->nameservers[i].address, 4);
+			isc_sockaddr_fromin(sa, &ina, 53);
+			ISC_LIST_APPEND(forwarders, sa, link);
+			sa = NULL;
+			break;
+		case AF_INET6:
+			sa = isc_mem_get(mem, sizeof *sa);
+			INSIST(sa != NULL);
+			memcpy(&ina6.s6_addr, lwc->nameservers[i].address, 16);
+			isc_sockaddr_fromin6(sa, &ina6, 53);
+			ISC_LIST_APPEND(forwarders, sa, link);
+			sa = NULL;
+			break;
+		default:
+			break;
+		}
+	}
+
+ out:
+	lwres_conf_clear(lwctx);
+	lwres_context_destroy(&lwctx);
+}
+
+int
+main(int argc, char **argv) {
+	isc_mem_t *mem;
+	isc_socket_t *sock;
+	isc_sockaddr_t localhost;
+	struct in_addr lh_addr;
+	isc_result_t result;
+	unsigned int i, j;
+	client_t *client;
+	isc_logdestination_t destination;
+	isc_log_t *lctx;
+	isc_logconfig_t *lcfg;
+
+	UNUSED(argc);
+	UNUSED(argv);
+
+	dns_result_register();
+
+	result = isc_app_start();
+	INSIST(result == ISC_R_SUCCESS);
+
+	mem = NULL;
+	result = isc_mem_create(0, 0, &mem);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Set up logging.
+	 */
+	lctx = NULL;
+        result = isc_log_create(mem, &lctx, &lcfg);
+	INSIST(result == ISC_R_SUCCESS);
+	isc_log_registermodules(lctx, logmodules);
+	isc_log_registercategories(lctx, logcategories);
+	isc_log_setcontext(lctx);
+	dns_log_init(lctx);
+	dns_log_setcontext(lctx);
+
+	destination.file.stream = stderr;
+	destination.file.name = NULL;
+	destination.file.versions = ISC_LOG_ROLLNEVER;
+	destination.file.maximum_size = 0;
+	result = isc_log_createchannel(lcfg, "_default",
+				       ISC_LOG_TOFILEDESC,
+				       ISC_LOG_DYNAMIC,
+				       &destination, ISC_LOG_PRINTTIME);
+	INSIST(result == ISC_R_SUCCESS);
+	result = isc_log_usechannel(lcfg, "_default", NULL, NULL);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Set the initial debug level.
+	 */
+	isc_log_setdebuglevel(lctx, 99);
+
+	/*
+	 * Create a task manager.
+	 */
+	taskmgr = NULL;
+	result = isc_taskmgr_create(mem, NTHREADS, 0, &taskmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a socket manager.
+	 */
+	sockmgr = NULL;
+	result = isc_socketmgr_create(mem, &sockmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a timer manager.
+	 */
+	timermgr = NULL;
+	result = isc_timermgr_create(mem, &timermgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a dispatch manager.
+	 */
+	dispatchmgr = NULL;
+	result = dns_dispatchmgr_create(mem, NULL, &dispatchmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Read resolv.conf to get our forwarders.
+	 */
+	ISC_LIST_INIT(forwarders);
+	parse_resolv_conf(mem);
+
+	/*
+	 * Initialize the DNS bits.  Start by loading our built-in
+	 * root hints.
+	 */
+	result = create_view(mem);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * We'll need a socket.  It will be a UDP socket, and bound to
+	 * 127.0.0.1 port LWRES_UDP_PORT.
+	 */
+	sock = NULL;
+	result = isc_socket_create(sockmgr, AF_INET, isc_sockettype_udp,
+				   &sock);
+	INSIST(result == ISC_R_SUCCESS);
+
+	lh_addr.s_addr = htonl(INADDR_LOOPBACK);
+	isc_sockaddr_fromin(&localhost, &lh_addr, LWRES_UDP_PORT);
+
+	result = isc_socket_bind(sock, &localhost);
+	if (result != ISC_R_SUCCESS) {
+		isc_log_write(lctx, LWRES_LOGCATEGORY_NETWORK,
+			      LWRES_LOGMODULE_MAIN, ISC_LOG_ERROR,
+			      "binding lwres protocol socket to port %d: %s",
+			      LWRES_UDP_PORT,
+			      isc_result_totext(result));
+		exit(1);
+	}
+
+	INSIST(result == ISC_R_SUCCESS);
+
+	cmgr = isc_mem_get(mem, sizeof(clientmgr_t) * NTASKS);
+	INSIST(cmgr != NULL);
+
+	/*
+	 * Create one task for each client manager.
+	 */
+	for (i = 0 ; i < NTASKS ; i++) {
+		cmgr[i].task = NULL;
+		cmgr[i].sock = sock;
+		cmgr[i].view = NULL;
+		cmgr[i].flags = 0;
+		result = isc_task_create(taskmgr, 0, &cmgr[i].task);
+		if (result != ISC_R_SUCCESS)
+			break;
+		ISC_EVENT_INIT(&cmgr[i].sdev, sizeof(isc_event_t),
+			       ISC_EVENTATTR_NOPURGE,
+			       0, LWRD_SHUTDOWN,
+			       client_shutdown, &cmgr[i], cmgr[i].task,
+			       NULL, NULL);
+		ISC_LIST_INIT(cmgr[i].idle);
+		ISC_LIST_INIT(cmgr[i].running);
+		isc_task_setname(cmgr[i].task, "lwresd client", &cmgr[i]);
+		cmgr[i].mctx = mem;
+		cmgr[i].lwctx = NULL;
+		result = lwres_context_create(&cmgr[i].lwctx, mem,
+					      mem_alloc, mem_free,
+					      LWRES_CONTEXT_SERVERMODE);
+		if (result != ISC_R_SUCCESS) {
+			isc_task_detach(&cmgr[i].task);
+			break;
+		}
+		dns_view_attach(view, &cmgr[i].view);
+	}
+	INSIST(i > 0);
+	ntasks = i;  /* remember how many we managed to create */
+
+	/*
+	 * Now, run through each client manager and populate it with
+	 * client structures.  Do this by creating one receive for each
+	 * task, in a loop, so each task has a chance of getting at least
+	 * one client structure.
+	 */
+	for (i = 0 ; i < NRECVS ; i++) {
+		client = isc_mem_get(mem, sizeof(client_t) * ntasks);
+		if (client == NULL)
+			break;
+		for (j = 0 ; j < ntasks ; j++)
+			client_initialize(&client[j], &cmgr[j]);
+	}
+	INSIST(i > 0);
+
+	/*
+	 * Issue one read request for each task we have.
+	 */
+	for (j = 0 ; j < ntasks ; j++) {
+		result = client_start_recv(&cmgr[j]);
+		INSIST(result == ISC_R_SUCCESS);
+	}
+
+	/*
+	 * Wait for ^c or kill.
+	 */
+	isc_app_run();
+
+	/*
+	 * Send a shutdown event to every task.
+	 */
+	for (j = 0 ; j < ntasks ; j++) {
+		isc_event_t *ev;
+
+		ev = &cmgr[j].sdev;
+		isc_task_send(cmgr[j].task, &ev);
+	}
+
+	/*
+	 * Kill off the view.
+	 */
+	dns_view_detach(&view);
+
+	/*
+	 * Wait for the tasks to all die.
+	 */
+	isc_taskmgr_destroy(&taskmgr);
+
+	/*
+	 * Wait for everything to die off by waiting for the sockets
+	 * to be detached.
+	 */
+	isc_socket_detach(&sock);
+	isc_socketmgr_destroy(&sockmgr);
+
+	isc_timermgr_destroy(&timermgr);
+
+	/*
+	 * Free up memory allocated.  This is somewhat magical.  We allocated
+	 * the client_t's in blocks, but the first task always has the
+	 * first pointer.  Just loop here, freeing them.
+	 */
+	client = ISC_LIST_HEAD(cmgr[0].idle);
+	while (client != NULL) {
+		ISC_LIST_UNLINK(cmgr[0].idle, client, link);
+		isc_mem_put(mem, client, sizeof(client_t) * ntasks);
+		client = ISC_LIST_HEAD(cmgr[0].idle);
+	}
+	INSIST(ISC_LIST_EMPTY(cmgr[0].running));
+
+	/*
+	 * Now, kill off the client manager structures.
+	 */
+	isc_mem_put(mem, cmgr, sizeof(clientmgr_t) * NTASKS);
+	cmgr = NULL;
+
+	dns_dispatchmgr_destroy(&dispatchmgr);
+
+	isc_log_destroy(&lctx);
+
+	/*
+	 * Kill the memory system.
+	 */
+	isc_mem_destroy(&mem);
+
+	isc_app_finish();
+
+	return (0);
+}

bin/lwresd/process_gabn.c

@@ -0,0 +1,526 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: process_gabn.c,v 1.31.4.1 2001/01/09 22:31:44 bwelling Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>		/* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/events.h>
+#include <dns/result.h>
+
+#include "client.h"
+
+#define NEED_V4(c)	((((c)->find_wanted & LWRES_ADDRTYPE_V4) != 0) \
+			 && ((c)->v4find == NULL))
+#define NEED_V6(c)	((((c)->find_wanted & LWRES_ADDRTYPE_V6) != 0) \
+			 && ((c)->v6find == NULL))
+
+static void start_find(client_t *);
+
+/*
+ * Destroy any finds.  This can be used to "start over from scratch" and
+ * should only be called when events are _not_ being generated by the finds.
+ */
+static void
+cleanup_gabn(client_t *client) {
+	dns_adbfind_t *v4;
+
+	DP(50, "cleaning up client %p", client);
+
+	v4 = client->v4find;
+
+	if (client->v4find != NULL)
+		dns_adb_destroyfind(&client->v4find);
+	if (client->v6find != NULL) {
+		if (client->v6find == v4)
+			client->v6find = NULL;
+		else
+			dns_adb_destroyfind(&client->v6find);
+	}
+}
+
+static void
+setup_addresses(client_t *client, dns_adbfind_t *find, unsigned int at) {
+	dns_adbaddrinfo_t *ai;
+	lwres_addr_t *addr;
+	int af;
+	const struct sockaddr *sa;
+	const struct sockaddr_in *sin;
+	const struct sockaddr_in6 *sin6;
+
+	if (at == DNS_ADBFIND_INET)
+		af = AF_INET;
+	else
+		af = AF_INET6;
+
+	ai = ISC_LIST_HEAD(find->list);
+	while (ai != NULL && client->gabn.naddrs < LWRES_MAX_ADDRS) {
+		sa = &ai->sockaddr.type.sa;
+		if (sa->sa_family != af)
+			goto next;
+
+		addr = &client->addrs[client->gabn.naddrs];
+
+		switch (sa->sa_family) {
+		case AF_INET:
+			sin = &ai->sockaddr.type.sin;
+			addr->family = LWRES_ADDRTYPE_V4;
+			memcpy(addr->address, &sin->sin_addr, 4);
+			addr->length = 4;
+			break;
+		case AF_INET6:
+			sin6 = &ai->sockaddr.type.sin6;
+			addr->family = LWRES_ADDRTYPE_V6;
+			memcpy(addr->address, &sin6->sin6_addr, 16);
+			addr->length = 16;
+			break;
+		default:
+			goto next;
+		}
+
+		DP(50, "adding address %p, family %d, length %d",
+		   addr->address, addr->family, addr->length);
+
+		client->gabn.naddrs++;
+		REQUIRE(!LWRES_LINK_LINKED(addr, link));
+		LWRES_LIST_APPEND(client->gabn.addrs, addr, link);
+
+	next:
+		ai = ISC_LIST_NEXT(ai, publink);
+	}
+}
+
+static void
+generate_reply(client_t *client) {
+	isc_result_t result;
+	int lwres;
+	isc_region_t r;
+	lwres_buffer_t lwb;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+	lwb.base = NULL;
+
+	DP(50, "generating gabn reply for client %p", client);
+
+	/*
+	 * We must make certain the client->find is not still active.
+	 * If it is either the v4 or v6 answer, just set it to NULL and
+	 * let the cleanup code destroy it.  Otherwise, destroy it now.
+	 */
+	if (client->find == client->v4find || client->find == client->v6find)
+		client->find = NULL;
+	else
+		if (client->find != NULL)
+			dns_adb_destroyfind(&client->find);
+
+	/*
+	 * perhaps there are some here?
+	 */
+	if (NEED_V6(client) && client->v4find != NULL)
+		client->v6find = client->v4find;
+
+	/*
+	 * Run through the finds we have and wire them up to the gabn
+	 * structure.
+	 */
+	LWRES_LIST_INIT(client->gabn.addrs);
+	if (client->v4find != NULL)
+		setup_addresses(client, client->v4find, DNS_ADBFIND_INET);
+	if (client->v6find != NULL)
+		setup_addresses(client, client->v6find, DNS_ADBFIND_INET6);
+
+	/*
+	 * Render the packet.
+	 */
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+
+	/*
+	 * If there are no addresses and no aliases, return failure.
+	 */
+	if (client->gabn.naddrs == 0 && client->gabn.naliases == 0)
+		client->pkt.result = LWRES_R_NOTFOUND;
+	else
+		client->pkt.result = LWRES_R_SUCCESS;
+
+	lwres = lwres_gabnresponse_render(cm->lwctx, &client->gabn,
+					  &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(cm->sock, &r, cm->task, client_send, client,
+				   &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	CLIENT_SETSEND(client);
+
+	/*
+	 * All done!
+	 */
+	cleanup_gabn(client);
+
+	return;
+
+ out:
+	cleanup_gabn(client);
+
+	if (lwb.base != NULL)
+		lwres_context_freemem(client->clientmgr->lwctx,
+				      lwb.base, lwb.length);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}
+
+/*
+ * Take the current real name, move it to an alias slot (if any are
+ * open) then put this new name in as the real name for the target.
+ *
+ * Return success if it can be rendered, otherwise failure.  Note that
+ * not having enough alias slots open is NOT a failure.
+ */
+static isc_result_t
+add_alias(client_t *client) {
+	isc_buffer_t b;
+	isc_result_t result;
+	isc_uint16_t naliases;
+
+	b = client->recv_buffer;
+
+	/*
+	 * Render the new name to the buffer.
+	 */
+	result = dns_name_totext(dns_fixedname_name(&client->target_name),
+				 ISC_TRUE, &client->recv_buffer);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Are there any open slots?
+	 */
+	naliases = client->gabn.naliases;
+	if (naliases < LWRES_MAX_ALIASES) {
+		client->gabn.aliases[naliases] = client->gabn.realname;
+		client->gabn.aliaslen[naliases] = client->gabn.realnamelen;
+		client->gabn.naliases++;
+	}
+
+	/*
+	 * Save this name away as the current real name.
+	 */
+	client->gabn.realname = (char *)(b.base) + b.used;
+	client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+	return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+store_realname(client_t *client) {
+	isc_buffer_t b;
+	isc_result_t result;
+
+	b = client->recv_buffer;
+
+	/*
+	 * Render the new name to the buffer.
+	 */
+	result = dns_name_totext(dns_fixedname_name(&client->target_name),
+				 ISC_TRUE, &client->recv_buffer);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Save this name away as the current real name.
+	 */
+	client->gabn.realname = (char *) b.base + b.used;
+	client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+	return (ISC_R_SUCCESS);
+}
+
+static void
+process_gabn_finddone(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	isc_eventtype_t evtype;
+	isc_boolean_t claimed;
+
+	DP(50, "find done for task %p, client %p", task, client);
+
+	evtype = ev->ev_type;
+	isc_event_free(&ev);
+
+	/*
+	 * No more info to be had?  If so, we have all the good stuff
+	 * right now, so we can render things.
+	 */
+	claimed = ISC_FALSE;
+	if (evtype == DNS_EVENT_ADBNOMOREADDRESSES) {
+		if (NEED_V4(client)) {
+			client->v4find = client->find;
+			claimed = ISC_TRUE;
+		}
+		if (NEED_V6(client)) {
+			client->v6find = client->find;
+			claimed = ISC_TRUE;
+		}
+		if (client->find != NULL) {
+			if (claimed)
+				client->find = NULL;
+			else
+				dns_adb_destroyfind(&client->find);
+
+		}
+		generate_reply(client);
+		return;
+	}
+
+	/*
+	 * We probably don't need this find anymore.  We're either going to
+	 * reissue it, or an error occurred.  Either way, we're done with
+	 * it.
+	 */
+	if ((client->find != client->v4find)
+	    && (client->find != client->v6find)) {
+		dns_adb_destroyfind(&client->find);
+	} else {
+		client->find = NULL;
+	}
+
+	/*
+	 * We have some new information we can gather.  Run off and fetch
+	 * it.
+	 */
+	if (evtype == DNS_EVENT_ADBMOREADDRESSES) {
+		start_find(client);
+		return;
+	}
+
+	/*
+	 * An error or other strangeness happened.  Drop this query.
+	 */
+	cleanup_gabn(client);
+	error_pkt_send(client, LWRES_R_FAILURE);
+}
+
+static void
+start_find(client_t *client) {
+	unsigned int options;
+	isc_result_t result;
+	isc_boolean_t claimed;
+
+	DP(50, "starting find for client %p", client);
+
+	/*
+	 * Issue a find for the name contained in the request.  We won't
+	 * set the bit that says "anything is good enough" -- we want it
+	 * all.
+	 */
+	options = 0;
+	options |= DNS_ADBFIND_WANTEVENT;
+	options |= DNS_ADBFIND_RETURNLAME;
+
+	/*
+	 * Set the bits up here to mark that we want this address family
+	 * and that we do not currently have a find pending.  We will
+	 * set that bit again below if it turns out we will get an event.
+	 */
+	if (NEED_V4(client))
+		options |= DNS_ADBFIND_INET;
+	if (NEED_V6(client))
+		options |= DNS_ADBFIND_INET6;
+
+ find_again:
+	INSIST(client->find == NULL);
+	result = dns_adb_createfind(client->clientmgr->view->adb,
+				    client->clientmgr->task,
+				    process_gabn_finddone, client,
+				    dns_fixedname_name(&client->target_name),
+				    dns_rootname, options, 0,
+				    dns_fixedname_name(&client->target_name),
+				    client->clientmgr->view->dstport,
+				    &client->find);
+
+	/*
+	 * Did we get an alias?  If so, save it and re-issue the query.
+	 */
+	if (result == DNS_R_ALIAS) {
+		DP(50, "found alias, restarting query");
+		dns_adb_destroyfind(&client->find);
+		cleanup_gabn(client);
+		result = add_alias(client);
+		if (result != ISC_R_SUCCESS) {
+			DP(50, "out of buffer space adding alias");
+			error_pkt_send(client, LWRES_R_FAILURE);
+			return;
+		}
+		goto find_again;
+	}
+
+	DP(50, "find returned %d (%s)", result, isc_result_totext(result));
+
+	/*
+	 * Did we get an error?
+	 */
+	if (result != ISC_R_SUCCESS) {
+		if (client->find != NULL)
+			dns_adb_destroyfind(&client->find);
+		cleanup_gabn(client);
+		error_pkt_send(client, LWRES_R_FAILURE);
+		return;
+	}
+
+	claimed = ISC_FALSE;
+
+	/*
+	 * Did we get our answer to V4 addresses?
+	 */
+	if (NEED_V4(client)
+	    && ((client->find->query_pending & DNS_ADBFIND_INET) == 0)) {
+		DP(50, "client %p ipv4 satisfied by find %p", client,
+		   client->find);
+		claimed = ISC_TRUE;
+		client->v4find = client->find;
+	}
+
+	/*
+	 * Did we get our answer to V6 addresses?
+	 */
+	if (NEED_V6(client)
+	    && ((client->find->query_pending & DNS_ADBFIND_INET6) == 0)) {
+		DP(50, "client %p ipv6 satisfied by find %p", client,
+		   client->find);
+		claimed = ISC_TRUE;
+		client->v6find = client->find;
+	}
+
+	/*
+	 * If we're going to get an event, set our internal pending flag
+	 * and return.  When we get an event back we'll do the right
+	 * thing, basically by calling this function again, perhaps with a
+	 * new target name.
+	 *
+	 * If we have both v4 and v6, and we are still getting an event,
+	 * we have a programming error, so die hard.
+	 */
+	if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) {
+		DP(50, "event will be sent");
+		INSIST(client->v4find == NULL || client->v6find == NULL);
+		return;
+	}
+	DP(50, "no event will be sent");
+	if (claimed)
+		client->find = NULL;
+	else
+		dns_adb_destroyfind(&client->find);
+
+	/*
+	 * We seem to have everything we asked for, or at least we are
+	 * able to respond with things we've learned.
+	 */
+
+	generate_reply(client);
+}
+
+/*
+ * When we are called, we can be assured that:
+ *
+ *	client->sockaddr contains the address we need to reply to,
+ *
+ *	client->pkt contains the packet header data,
+ *
+ *	the packet "checks out" overall -- any MD5 hashes or crypto
+ *	bits have been verified,
+ *
+ *	"b" points to the remaining data after the packet header
+ *	was parsed off.
+ *
+ *	We are in a the RECVDONE state.
+ *
+ * From this state we will enter the SEND state if we happen to have
+ * everything we need or we need to return an error packet, or to the
+ * FINDWAIT state if we need to look things up.
+ */
+void
+process_gabn(client_t *client, lwres_buffer_t *b) {
+	isc_result_t result;
+	lwres_gabnrequest_t *req;
+	isc_buffer_t namebuf;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+
+	req = NULL;
+
+	result = lwres_gabnrequest_parse(client->clientmgr->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+
+	isc_buffer_init(&namebuf, req->name, req->namelen);
+	isc_buffer_add(&namebuf, req->namelen);
+
+	dns_fixedname_init(&client->target_name);
+	result = dns_name_fromtext(dns_fixedname_name(&client->target_name),
+				   &namebuf, dns_rootname, ISC_FALSE, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	client->find_wanted = req->addrtypes;
+	DP(50, "client %p looking for addrtypes %08x",
+	   client, client->find_wanted);
+
+	/*
+	 * We no longer need to keep this around.
+	 */
+	lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_gabn(client);
+
+	result = store_realname(client);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * Start the find.
+	 */
+	start_find(client);
+
+	return;
+
+	/*
+	 * We're screwed.  Return an error packet to our caller.
+	 */
+ out:
+	if (req != NULL)
+		lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/lwresd/process_gnba.c

@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: process_gnba.c,v 1.26.4.1 2001/01/09 22:31:46 bwelling Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>		/* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/byaddr.h>
+#include <dns/result.h>
+
+#include "client.h"
+
+static void start_byaddr(client_t *);
+
+static void
+byaddr_done(isc_task_t *task, isc_event_t *event) {
+	client_t *client;
+	clientmgr_t *cm;
+	dns_byaddrevent_t *bevent;
+	int lwres;
+	lwres_buffer_t lwb;
+	dns_name_t *name;
+	isc_result_t result;
+	isc_region_t r;
+	isc_buffer_t b;
+	lwres_gnbaresponse_t *gnba;
+	isc_uint16_t naliases;
+	isc_stdtime_t now;
+
+	UNUSED(task);
+
+	lwb.base = NULL;
+	client = event->ev_arg;
+	cm = client->clientmgr;
+	INSIST(client->byaddr == (dns_byaddr_t *)event->ev_sender);
+
+	bevent = (dns_byaddrevent_t *)event;
+	gnba = &client->gnba;
+
+	DP(50, "byaddr event result = %s",
+	   isc_result_totext(bevent->result));
+
+	result = bevent->result;
+	if (result != ISC_R_SUCCESS) {
+		dns_byaddr_destroy(&client->byaddr);
+		isc_event_free(&event);
+		bevent = NULL;
+
+		/*
+		 * Were we trying bitstring or nibble mode?  If bitstring,
+		 * and we got FORMERROR or SERVFAIL, set the flag to
+		 * avoid bitstring lables for 10 minutes.  If we got any
+		 * other error (NXDOMAIN, etc) just try again without
+		 * bitstrings, and let our cache handle the negative answer
+		 * for bitstrings.
+		 */
+		if ((client->options & DNS_BYADDROPT_IPV6NIBBLE) != 0) {
+			dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+			error_pkt_send(client, LWRES_R_FAILURE);
+			return;
+		}
+
+		isc_stdtime_get(&now);
+		if (result == DNS_R_FORMERR ||
+		    result == DNS_R_SERVFAIL ||
+		    result == ISC_R_FAILURE)
+			dns_adb_setavoidbitstring(cm->view->adb,
+						  client->addrinfo, now + 600);
+
+		/*
+		 * Fall back to nibble reverse if the default of bitstrings
+		 * fails.
+		 */
+		client->options |= DNS_BYADDROPT_IPV6NIBBLE;
+
+		start_byaddr(client);
+		return;
+	}
+
+	name = ISC_LIST_HEAD(bevent->names);
+	while (name != NULL) {
+		b = client->recv_buffer;
+
+		result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+		DP(50, "found name '%.*s'",
+		   client->recv_buffer.used - b.used,
+		   (char *)(b.base) + b.used);
+		if (gnba->realname == NULL) {
+			gnba->realname = (char *)(b.base) + b.used;
+			gnba->realnamelen = client->recv_buffer.used - b.used;
+		} else {
+			naliases = gnba->naliases;
+			if (naliases >= LWRES_MAX_ALIASES)
+				break;
+			gnba->aliases[naliases] = (char *)(b.base) + b.used;
+			gnba->aliaslen[naliases] =
+				client->recv_buffer.used - b.used;
+			gnba->naliases++;
+		}
+		name = ISC_LIST_NEXT(name, link);
+	}
+
+	dns_byaddr_destroy(&client->byaddr);
+	dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+	isc_event_free(&event);
+
+	/*
+	 * Render the packet.
+	 */
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = LWRES_R_SUCCESS;
+
+	lwres = lwres_gnbaresponse_render(cm->lwctx,
+					  gnba, &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(cm->sock, &r,
+				   cm->task, client_send,
+				   client, &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	CLIENT_SETSEND(client);
+
+	return;
+
+ out:
+	if (client->byaddr != NULL)
+		dns_byaddr_destroy(&client->byaddr);
+	if (client->addrinfo != NULL)
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+	if (lwb.base != NULL)
+		lwres_context_freemem(cm->lwctx,
+				      lwb.base, lwb.length);
+
+	isc_event_free(&event);
+}
+
+static void
+start_byaddr(client_t *client) {
+	isc_result_t result;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	INSIST(client->byaddr == NULL);
+
+	result = dns_byaddr_create(cm->mctx, &client->na, cm->view,
+				   client->options, cm->task, byaddr_done,
+				   client, &client->byaddr);
+	if (result != ISC_R_SUCCESS) {
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+		error_pkt_send(client, LWRES_R_FAILURE);
+		return;
+	}
+}
+
+void
+process_gnba(client_t *client, lwres_buffer_t *b) {
+	lwres_gnbarequest_t *req;
+	isc_result_t result;
+	isc_sockaddr_t sa;
+	clientmgr_t *cm;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+	INSIST(client->byaddr == NULL);
+
+	cm = client->clientmgr;
+	req = NULL;
+
+	result = lwres_gnbarequest_parse(cm->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+	if (req->addr.address == NULL)
+		goto out;
+
+	client->options = 0;
+	if (req->addr.family == LWRES_ADDRTYPE_V4) {
+		client->na.family = AF_INET;
+		if (req->addr.length != 4)
+			goto out;
+		memcpy(&client->na.type.in, req->addr.address, 4);
+	} else if (req->addr.family == LWRES_ADDRTYPE_V6) {
+		client->na.family = AF_INET6;
+		if (req->addr.length != 16)
+			goto out;
+		memcpy(&client->na.type.in6, req->addr.address, 16);
+	} else {
+		goto out;
+	}
+	isc_sockaddr_fromnetaddr(&sa, &client->na, 53);
+
+	DP(50, "client %p looking for addrtype %08x",
+	   client, req->addr.family);
+
+	/*
+	 * We no longer need to keep this around.
+	 */
+	lwres_gnbarequest_free(cm->lwctx, &req);
+
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_gnba(client);
+	client->options = 0;
+
+	/*
+	 * See if we should skip the byaddr bit.
+	 */
+	INSIST(client->addrinfo == NULL);
+	result = dns_adb_findaddrinfo(cm->view->adb, &sa,
+				      &client->addrinfo, 0);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	if (client->addrinfo->avoid_bitstring > 0)
+		client->options |= DNS_BYADDROPT_IPV6NIBBLE;
+
+	/*
+	 * Start the find.
+	 */
+	start_byaddr(client);
+
+	return;
+
+	/*
+	 * We're screwed.  Return an error packet to our caller.
+	 */
+ out:
+	if (req != NULL)
+		lwres_gnbarequest_free(cm->lwctx, &req);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/lwresd/process_noop.c

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: process_noop.c,v 1.9.4.1 2001/01/09 22:31:47 bwelling Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include "client.h"
+
+void
+process_noop(client_t *client, lwres_buffer_t *b) {
+	lwres_nooprequest_t *req;
+	lwres_noopresponse_t resp;
+	isc_result_t result;
+	lwres_result_t lwres;
+	isc_region_t r;
+	lwres_buffer_t lwb;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+	INSIST(client->byaddr == NULL);
+
+	req = NULL;
+
+	result = lwres_nooprequest_parse(client->clientmgr->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = LWRES_R_SUCCESS;
+
+	resp.datalength = req->datalength;
+	resp.data = req->data;
+
+	lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
+					  &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(client->clientmgr->sock, &r,
+				   client->clientmgr->task, client_send,
+				   client, &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * We can now destroy request.
+	 */
+	lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+	CLIENT_SETSEND(client);
+
+	return;
+
+ out:
+	if (req != NULL)
+		lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+	if (lwb.base != NULL)
+		lwres_context_freemem(client->clientmgr->lwctx,
+				      lwb.base, lwb.length);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/named/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.73 2001/03/27 19:37:23 halley Exp $
+# $Id: Makefile.in,v 1.63.4.1 2001/01/09 22:31:48 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -32,38 +32,34 @@ DBDRIVER_INCLUDES =
 DBDRIVER_LIBS =
 
 CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
-		${LWRES_INCLUDES} ${DNS_INCLUDES} \
-		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
-		${DBDRIVER_INCLUDES}
+		${LWRES_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+		${OMAPI_INCLUDES} ${DBDRIVER_INCLUDES}
 
 CDEFINES =
 CWARNINGS =
 
+OMAPILIBS =	../../lib/omapi/libomapi.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS =	../../lib/isccc/libisccc.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
+OMAPIDEPLIBS =	../../lib/omapi/libomapi.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} \
-		${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
+DEPLIBS =	${LWRESDEPLIBS} ${OMAPIDEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} \
-		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
+LIBS =		${LWRESLIBS} ${OMAPILIBS} ${DNSLIBS} ${ISCLIBS} \
+		${DBDRIVER_LIBS} @LIBS@
 
 SUBDIRS =	unix
 
 TARGETS =	named lwresd
 
-OBJS =		aclconf.@O@ client.@O@ config.@O@ control.@O@ controlconf.@O@ interfacemgr.@O@ \
-		listenlist.@O@ log.@O@ logconf.@O@ main.@O@ notify.@O@ \
-		query.@O@ server.@O@ sortlist.@O@ \
+OBJS =		aclconf.@O@ client.@O@ interfacemgr.@O@ listenlist.@O@ \
+		log.@O@ logconf.@O@ main.@O@ notify.@O@ omapi.@O@ \
+		omapiconf.@O@ query.@O@ server.@O@ sortlist.@O@ \
 		tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
 		zoneconf.@O@ \
 		lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
@@ -72,21 +68,15 @@ OBJS =		aclconf.@O@ client.@O@ config.@O@ control.@O@ controlconf.@O@ interfacem
 
 UOBJS =		unix/os.@O@
 
-SRCS =		aclconf.c client.c config.c control.c controlconf.c interfacemgr.c \
-		listenlist.c log.c logconf.c main.c notify.c \
-		query.c server.c sortlist.c \
+SRCS =		aclconf.c client.c interfacemgr.c listenlist.c \
+		log.c logconf.c main.c notify.c omapi.c \
+		omapiconf.c query.c server.c sortlist.c \
 		tkeyconf.c tsigconf.c update.c xfrout.c \
 		zoneconf.c \
 		lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
 		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
 		$(DBDRIVER_SRCS)
 
-MANPAGES =	named.8 lwresd.8
-
-HTMLPAGES =	named.html lwresd.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
 main.@O@: main.c
@@ -94,31 +84,19 @@ main.@O@: main.c
 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
 		-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
 
-config.@O@: config.c
-	${LIBTOOL} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
-		-c ${srcdir}/config.c
-
 named: ${OBJS} ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${PURIFY} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
 
 lwresd: named
 	rm -f lwresd
 	@LN@ named lwresd
 
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
+clean distclean::
 	rm -f ${TARGETS}
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
 install:: named lwresd installdirs
 	${LIBTOOL} ${INSTALL_PROGRAM} named ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f lwresd; @LN@ named lwresd)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} $$m ${DESTDIR}${mandir}/man8; done

bin/named/aclconf.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.26 2001/03/04 21:21:20 bwelling Exp $ */
+/* $Id: aclconf.c,v 1.24.4.1 2001/01/09 22:31:49 bwelling Exp $ */
 
 #include <config.h>
 
@@ -46,59 +46,34 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) {
 	}
 }
 
-/*
- * Find the definition of the named acl whose name is "name".
- */
 static isc_result_t
-get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
-	isc_result_t result;
-	cfg_obj_t *acls = NULL;
-	cfg_listelt_t *elt;
-	
-	result = cfg_map_get(cctx, "acl", &acls);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	for (elt = cfg_list_first(acls);
-	     elt != NULL;
-	     elt = cfg_list_next(elt)) {
-		cfg_obj_t *acl = cfg_listelt_value(elt);
-		const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
-		if (strcasecmp(aclname, name) == 0) {
-			*ret = cfg_tuple_get(acl, "value");
-			return (ISC_R_SUCCESS);
-		}
-	}
-	return (ISC_R_NOTFOUND);
-}
-
-static isc_result_t
-convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
+convert_named_acl(char *aclname, dns_c_ctx_t *cctx,
 		  ns_aclconfctx_t *ctx, isc_mem_t *mctx,
 		  dns_acl_t **target)
 {
 	isc_result_t result;
-	cfg_obj_t *cacl = NULL;
+	dns_c_acl_t *cacl;
 	dns_acl_t *dacl;
-	char *aclname = cfg_obj_asstring(nameobj);
 
 	/* Look for an already-converted version. */
 	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
 	     dacl != NULL;
 	     dacl = ISC_LIST_NEXT(dacl, nextincache))
 	{
-		if (strcasecmp(aclname, dacl->name) == 0) {
+		if (strcmp(aclname, dacl->name) == 0) {
 			dns_acl_attach(dacl, target);
 			return (ISC_R_SUCCESS);
 		}
 	}
 	/* Not yet converted.  Convert now. */
-	result = get_acl_def(cctx, aclname, &cacl);
+	result = dns_c_acltable_getacl(cctx->acls, aclname, &cacl);
 	if (result != ISC_R_SUCCESS) {
-		cfg_obj_log(nameobj, dns_lctx, ISC_LOG_WARNING,
-			    "undefined ACL '%s'", aclname);
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
+			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
+			      "undefined ACL '%s'", aclname);
 		return (result);
 	}
-	result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl);
+	result = ns_acl_fromconfig(cacl->ipml, cctx, ctx, mctx, &dacl);
 	if (result != ISC_R_SUCCESS)
 		return (result);
 	dacl->name = isc_mem_strdup(dacl->mctx, aclname);
@@ -110,12 +85,11 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 }
 
 static isc_result_t
-convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
+convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 	dns_fixedname_t fixname;
 	unsigned int keylen;
-	const char *txtname = cfg_obj_asstring(keyobj);
 
 	keylen = strlen(txtname);
 	isc_buffer_init(&buf, txtname, keylen);
@@ -124,33 +98,34 @@ convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
 	result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
 				   dns_rootname, ISC_FALSE, NULL);
 	if (result != ISC_R_SUCCESS) {
-		cfg_obj_log(keyobj, dns_lctx, ISC_LOG_WARNING,
-			    "key name '%s' is not a valid domain name",
-			    txtname);
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
+			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
+			      "key name \"%s\" is not a valid domain name",
+			      txtname);
 		return (result);
 	}
 	return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
 }
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
-		  ns_aclconfctx_t *ctx,
-		  isc_mem_t *mctx,
-		  dns_acl_t **target)
+ns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
+		   dns_c_ctx_t *cctx,
+		   ns_aclconfctx_t *ctx,
+		   isc_mem_t *mctx,
+		   dns_acl_t **target)
 {
 	isc_result_t result;
 	unsigned int count;
 	dns_acl_t *dacl = NULL;
 	dns_aclelement_t *de;
-	cfg_listelt_t *elt;
+	dns_c_ipmatchelement_t *ce;
 
 	REQUIRE(target != NULL && *target == NULL);
 
 	count = 0;
-	for (elt = cfg_list_first(caml);
-	     elt != NULL;
-	     elt = cfg_list_next(elt))
+	for (ce = ISC_LIST_HEAD(caml->elements);
+	     ce != NULL;
+	     ce = ISC_LIST_NEXT(ce, next))
 		count++;
 
 	result = dns_acl_create(mctx, count, &dacl);
@@ -158,63 +133,59 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 		return (result);
 
 	de = dacl->elements;
-	for (elt = cfg_list_first(caml);
-	     elt != NULL;
-	     elt = cfg_list_next(elt))
+	for (ce = ISC_LIST_HEAD(caml->elements);
+	     ce != NULL;
+	     ce = ISC_LIST_NEXT(ce, next))
 	{
-		cfg_obj_t *ce = cfg_listelt_value(elt);
-		if (cfg_obj_istuple(ce)) {
-			/* This must be a negated element. */
-			ce = cfg_tuple_get(ce, "value");
-			de->negative = ISC_TRUE;
-		} else {
-			de->negative = ISC_FALSE;
-		}
-
-		if (cfg_obj_isnetprefix(ce)) {
-			/* Network prefix */
+		de->negative = dns_c_ipmatchelement_isneg(ce);
+		switch (ce->type) {
+		case dns_c_ipmatch_pattern:
 			de->type = dns_aclelementtype_ipprefix;
-
-			cfg_obj_asnetprefix(ce,
-					    &de->u.ip_prefix.address,
-					    &de->u.ip_prefix.prefixlen);
-		} else if (cfg_obj_istype(ce, &cfg_type_keyref)) {
-			/* Key name */
+			isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
+						 &ce->u.direct.address);
+			/* XXX "mask" is a misnomer */
+			de->u.ip_prefix.prefixlen = ce->u.direct.mask;
+			break;
+		case dns_c_ipmatch_key:
 			de->type = dns_aclelementtype_keyname;
 			dns_name_init(&de->u.keyname, NULL);
-			result = convert_keyname(ce, mctx, &de->u.keyname);
+			result = convert_keyname(ce->u.key, mctx,
+						 &de->u.keyname);
 			if (result != ISC_R_SUCCESS)
 				goto cleanup;
-		} else if (cfg_obj_islist(ce)) {
-			/* Nested ACL */
+			break;
+		case dns_c_ipmatch_indirect:
 			de->type = dns_aclelementtype_nestedacl;
-			result = ns_acl_fromconfig(ce, cctx, ctx, mctx,
+			result = ns_acl_fromconfig(ce->u.indirect.list,
+						    cctx, ctx, mctx,
+						    &de->u.nestedacl);
+			if (result != ISC_R_SUCCESS)
+				goto cleanup;
+			break;
+		case dns_c_ipmatch_localhost:
+			de->type = dns_aclelementtype_localhost;
+			break;
+
+		case dns_c_ipmatch_any:
+			de->type = dns_aclelementtype_any;
+			break;
+
+		case dns_c_ipmatch_localnets:
+			de->type = dns_aclelementtype_localnets;
+			break;
+		case dns_c_ipmatch_acl:
+			de->type = dns_aclelementtype_nestedacl;
+			result = convert_named_acl(ce->u.aclname,
+						   cctx, ctx, mctx,
 						   &de->u.nestedacl);
 			if (result != ISC_R_SUCCESS)
 				goto cleanup;
-		} else if (cfg_obj_isstring(ce)) {
-			/* ACL name */
-			char *name = cfg_obj_asstring(ce);
-			if (strcasecmp(name, "localhost") == 0) {
-				de->type = dns_aclelementtype_localhost;
-			} else if (strcasecmp(name, "localnets") == 0) {
-				de->type = dns_aclelementtype_localnets;
-			}  else if (strcasecmp(name, "any") == 0) {
-				de->type = dns_aclelementtype_any;
-			}  else if (strcasecmp(name, "none") == 0) {
-				de->type = dns_aclelementtype_any;
-				de->negative = ! de->negative;
-			} else {
-				de->type = dns_aclelementtype_nestedacl;
-				result = convert_named_acl(ce, cctx, ctx, mctx,
-							   &de->u.nestedacl);
-				if (result != ISC_R_SUCCESS)
-					goto cleanup;
-			}
-		} else {
-			cfg_obj_log(ce, dns_lctx, ISC_LOG_WARNING,
-				    "address match list contains "
-				    "unsupported element type");
+			break;
+		default:
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
+				      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
+				      "address match list contains "
+				      "unsupported element type");
 			result = ISC_R_FAILURE;
 			goto cleanup;
 		}

bin/named/client.c

@@ -15,14 +15,14 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.161 2001/03/26 21:32:52 bwelling Exp $ */
+/* $Id: client.c,v 1.136.2.5 2001/04/19 18:54:51 gson Exp $ */
 
 #include <config.h>
 
-#include <isc/mutex.h>
 #include <isc/print.h>
-#include <isc/string.h>
+#include <isc/mutex.h>
 #include <isc/task.h>
+#include <isc/string.h>
 #include <isc/timer.h>
 #include <isc/util.h>
 
@@ -134,10 +134,10 @@ struct ns_clientmgr {
  * client manager's list of active clients.
  *
  * If it is a TCP client object, it has a TCP listener socket
- * and an outstanding TCP listen request.
+ * and an outstading TCP listen request.
  *
- * If it is a UDP client object, it has a UDP listener socket
- * and an outstanding UDP receive request.
+ * If it is a UDP client object, it is associated with a
+ * dispatch and has an outstanding dispatch request.
  */
 
 #define NS_CLIENTSTATE_READING  3
@@ -152,7 +152,8 @@ struct ns_clientmgr {
 /*
  * The client object has received a request and is working
  * on it.  It has a view, and it may  have any of a non-reset OPT,
- * recursion quota, and an outstanding write request.
+ * recursion quota, and an outstanding write request.  If it
+ * is a UDP client object, it has a dispatch event.
  */
 
 #define NS_CLIENTSTATE_MAX      9
@@ -165,7 +166,6 @@ struct ns_clientmgr {
 
 static void client_read(ns_client_t *client);
 static void client_accept(ns_client_t *client);
-static void client_udprecv(ns_client_t *client);
 static void clientmgr_destroy(ns_clientmgr_t *manager);
 static isc_boolean_t exit_check(ns_client_t *client);
 static void ns_client_endrequest(ns_client_t *client);
@@ -191,9 +191,14 @@ client_deactivate(ns_client_t *client) {
 	if (client->tcplistener != NULL)
 		isc_socket_detach(&client->tcplistener);
 
-	if (client->udpsocket != NULL)
-		isc_socket_detach(&client->udpsocket);
-
+	if (client->dispentry != NULL) {
+		dns_dispatchevent_t **deventp;
+		if (client->dispevent != NULL)
+			deventp = &client->dispevent;
+		else
+			deventp = NULL;
+		dns_dispatch_removerequest(&client->dispentry, deventp);
+	}
 	if (client->dispatch != NULL)
 		dns_dispatch_detach(&client->dispatch);
 
@@ -231,9 +236,7 @@ client_free(ns_client_t *client) {
 	INSIST(client->recursionquota == NULL);
 
 	ns_query_free(client);
-	isc_mem_put(client->mctx, client->recvbuf, RECV_BUFFER_SIZE);
-	isc_event_free((isc_event_t **)&client->sendevent);
-	isc_event_free((isc_event_t **)&client->recvevent);
+	isc_mem_put(client->mctx, client->sendbuf, SEND_BUFFER_SIZE);
 	isc_timer_detach(&client->timer);
 
 	if (client->tcpbuf != NULL)
@@ -264,6 +267,7 @@ client_free(ns_client_t *client) {
 			need_clientmgr_destroy = ISC_TRUE;
 		UNLOCK(&manager->lock);
 	}
+
 	/*
 	 * Detaching the task must be done after unlinking from
 	 * the manager's lists because the manager accesses
@@ -280,15 +284,14 @@ client_free(ns_client_t *client) {
 		clientmgr_destroy(manager);
 }
 
-void
-ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
+static void
+set_timeout(ns_client_t *client, unsigned int seconds) {
 	isc_result_t result;
 	isc_interval_t interval;
 
 	isc_interval_set(&interval, seconds, 0);
 	result = isc_timer_reset(client->timer, isc_timertype_once, NULL,
 				 &interval, ISC_FALSE);
-	client->timerset = ISC_TRUE;
 	if (result != ISC_R_SUCCESS) {
 		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
@@ -336,14 +339,13 @@ exit_check(ns_client_t *client) {
 			if (TCP_CLIENT(client))
 				socket = client->tcpsocket;
 			else
-				socket = client->udpsocket;
+				socket =
+				dns_dispatch_getsocket(client->dispatch);
 			isc_socket_cancel(socket, client->task,
 					  ISC_SOCKCANCEL_SEND);
 		}
 
-		if (! (client->nsends == 0 && client->nrecvs == 0 &&
-		       client->references == 0))
-		{
+		if (! (client->nsends == 0 && client->references == 0)) {
 			/*
 			 * Still waiting for I/O cancel completion.
 			 * or lingering references.
@@ -391,12 +393,8 @@ exit_check(ns_client_t *client) {
 		if (client->tcpquota != NULL)
 			isc_quota_detach(&client->tcpquota);
 
-		if (client->timerset) {
-			(void) isc_timer_reset(client->timer,
-					       isc_timertype_inactive,
-					       NULL, NULL, ISC_TRUE);
-			client->timerset = ISC_FALSE;
-		}
+		(void) isc_timer_reset(client->timer, isc_timertype_inactive,
+				       NULL, NULL, ISC_TRUE);
 
 		client->peeraddr_valid = ISC_FALSE;
 
@@ -414,8 +412,16 @@ exit_check(ns_client_t *client) {
 		if (NS_CLIENTSTATE_READY == client->newstate) {
 			if (TCP_CLIENT(client)) {
 				client_accept(client);
-			} else
-				client_udprecv(client);
+			} else {
+				/*
+				 * Give the processed dispatch event back to
+				 * the dispatch. This tells the dispatch
+				 * that we are ready to receive the next event.
+				 */
+				dns_dispatch_freeevent(client->dispatch,
+						       client->dispentry,
+						       &client->dispevent);
+			}
 			client->newstate = NS_CLIENTSTATE_MAX;
 			return (ISC_TRUE);
 		}
@@ -435,16 +441,6 @@ exit_check(ns_client_t *client) {
 			return (ISC_TRUE);
 		}
 		/* Accept cancel is complete. */
-
-		if (client->nrecvs > 0)
-			isc_socket_cancel(client->udpsocket, client->task,
-					  ISC_SOCKCANCEL_RECV);
-		if (! (client->nrecvs == 0)) {
-			/* Still waiting for recv cancel completion. */
-			return (ISC_TRUE);
-		}
-		/* Recv cancel is complete. */
-
 		client_deactivate(client);
 		client->state = NS_CLIENTSTATE_INACTIVE;
 		INSIST(client->recursionquota == NULL);
@@ -473,6 +469,7 @@ exit_check(ns_client_t *client) {
 static void
 client_start(isc_task_t *task, isc_event_t *event) {
 	ns_client_t *client = (ns_client_t *) event->ev_arg;
+	isc_result_t result;
 
 	INSIST(task == client->task);
 
@@ -481,7 +478,25 @@ client_start(isc_task_t *task, isc_event_t *event) {
 	if (TCP_CLIENT(client)) {
 		client_accept(client);
 	} else {
-		client_udprecv(client);
+		result = dns_dispatch_addrequest(client->dispatch,
+						 client->task,
+						 client_request,
+						 client,
+						 &client->dispentry);
+
+		if (result != ISC_R_SUCCESS) {
+			ns_client_log(client,
+				      DNS_LOGCATEGORY_SECURITY,
+				      NS_LOGMODULE_CLIENT,
+				      ISC_LOG_DEBUG(3),
+				      "dns_dispatch_addrequest() "
+				      "failed: %s",
+				      isc_result_totext(result));
+			/*
+			 * Not much we can do here but log the failure;
+			 * the client will effectively go idle.
+			 */
+		}
 	}
 }
 
@@ -521,7 +536,6 @@ ns_client_endrequest(ns_client_t *client) {
 	INSIST(client->naccepts == 0);
 	INSIST(client->nreads == 0);
 	INSIST(client->nsends == 0);
-	INSIST(client->nrecvs == 0);
 	INSIST(client->state == NS_CLIENTSTATE_WORKING);
 
 	CTRACE("endrequest");
@@ -627,7 +641,6 @@ client_senddone(isc_task_t *task, isc_event_t *event) {
 	client = sevent->ev_arg;
 	REQUIRE(NS_CLIENT_VALID(client));
 	REQUIRE(task == client->task);
-	REQUIRE(sevent == client->sendevent);
 
 	UNUSED(task);
 
@@ -648,36 +661,28 @@ client_senddone(isc_task_t *task, isc_event_t *event) {
 		client->tcpbuf = NULL;
 	}
 
+	isc_event_free(&event);
+
 	if (exit_check(client))
 		return;
 
 	ns_client_next(client, ISC_R_SUCCESS);
 }
 
-/*
- * We only want to fail with ISC_R_NOSPACE when called from
- * ns_client_sendraw() and not when called from ns_client_send(),
- * tcpbuffer is NULL when called from ns_client_sendraw() and
- * length != 0.  tcpbuffer != NULL when called from ns_client_send()
- * and length == 0.
- */
-
 static isc_result_t
 client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
 		    isc_buffer_t *tcpbuffer, isc_uint32_t length,
-		    unsigned char *sendbuf, unsigned char **datap)
+		    unsigned char **datap)
 {
 	unsigned char *data;
 	isc_uint32_t bufsize;
 	isc_result_t result;
 
 	INSIST(datap != NULL);
-	INSIST((tcpbuffer == NULL && length != 0) ||
-	       (tcpbuffer != NULL && length == 0));
 
 	if (TCP_CLIENT(client)) {
 		INSIST(client->tcpbuf == NULL);
-		if (length + 2 > TCP_BUFFER_SIZE) {
+		if (tcpbuffer == NULL && length + 2 > TCP_BUFFER_SIZE) {
 			result = ISC_R_NOSPACE;
 			goto done;
 		}
@@ -692,16 +697,15 @@ client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
 			isc_buffer_init(buffer, data + 2, TCP_BUFFER_SIZE - 2);
 		} else {
 			isc_buffer_init(buffer, data, TCP_BUFFER_SIZE);
-			INSIST(length <= 0xffff);
-			isc_buffer_putuint16(buffer, (isc_uint16_t)length);
+			isc_buffer_putuint16(buffer, length);
 		}
 	} else {
-		data = sendbuf;
+		data = client->sendbuf;
 		if (client->udpsize < SEND_BUFFER_SIZE)
 			bufsize = client->udpsize;
 		else
 			bufsize = SEND_BUFFER_SIZE;
-		if (length > bufsize) {
+		if (tcpbuffer == NULL && length > bufsize) {
 			result = ISC_R_NOSPACE;
 			goto done;
 		}
@@ -723,24 +727,21 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 	isc_socket_t *socket;
 	isc_netaddr_t netaddr;
 	int match;
-	unsigned int sockflags = ISC_SOCKFLAG_IMMEDIATE;
 
 	if (TCP_CLIENT(client)) {
 		socket = client->tcpsocket;
 		address = NULL;
 	} else {
-		socket = client->udpsocket;
-		address = &client->peeraddr;
+		socket = dns_dispatch_getsocket(client->dispatch);
+		address = &client->dispevent->addr;
 
 		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 		if (ns_g_server->blackholeacl != NULL &&
 		    dns_acl_match(&netaddr, NULL,
 			    	  ns_g_server->blackholeacl,
-				  &ns_g_server->aclenv,
-				  &match, NULL) == ISC_R_SUCCESS &&
+				  NULL, &match, NULL) == ISC_R_SUCCESS &&
 		    match > 0)
 			return (DNS_R_BLACKHOLED);
-		sockflags |= ISC_SOCKFLAG_NORETRY;
 	}
 
 	if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0)
@@ -752,15 +753,10 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 
 	CTRACE("sendto");
 	
-	result = isc_socket_sendto2(socket, &r, client->task,
-				    address, pktinfo,
-				    client->sendevent, sockflags);
-	if (result == ISC_R_SUCCESS || result == ISC_R_INPROGRESS) {
+	result = isc_socket_sendto(socket, &r, client->task, client_senddone,
+				   client, address, pktinfo);
+	if (result == ISC_R_SUCCESS) {
 		client->nsends++;
-		if (result == ISC_R_SUCCESS)
-			client_senddone(client->task,
-					(isc_event_t *)client->sendevent);
-		result = ISC_R_SUCCESS;
 	}
 	return (result);
 }
@@ -772,7 +768,6 @@ ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
 	isc_buffer_t buffer;
 	isc_region_t r;
 	isc_region_t *mr;
-	unsigned char sendbuf[SEND_BUFFER_SIZE];
 
 	REQUIRE(NS_CLIENT_VALID(client));
 
@@ -784,8 +779,7 @@ ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
 		goto done;
 	}
 
-	result = client_allocsendbuf(client, &buffer, NULL, mr->length,
-				     sendbuf, &data);
+	result = client_allocsendbuf(client, &buffer, NULL, mr->length, &data);
 	if (result != ISC_R_SUCCESS)
 		goto done;
 
@@ -818,9 +812,6 @@ ns_client_send(ns_client_t *client) {
 	isc_buffer_t buffer;
 	isc_buffer_t tcpbuffer;
 	isc_region_t r;
-	dns_compress_t cctx;
-	isc_boolean_t cleanup_cctx = ISC_FALSE;
-	unsigned char sendbuf[SEND_BUFFER_SIZE];
 
 	REQUIRE(NS_CLIENT_VALID(client));
 
@@ -832,34 +823,24 @@ ns_client_send(ns_client_t *client) {
 	/*
 	 * XXXRTH  The following doesn't deal with TCP buffer resizing.
 	 */
-	result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0,
-				     sendbuf, &data);
+	result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0, &data);
 	if (result != ISC_R_SUCCESS)
 		goto done;
 
-	result = dns_compress_init(&cctx, -1, client->mctx);
-	if (result != ISC_R_SUCCESS)
-		goto done;
-	cleanup_cctx = ISC_TRUE;
-
-	result = dns_message_renderbegin(client->message, &cctx, &buffer);
+	result = dns_message_renderbegin(client->message, &buffer);
 	if (result != ISC_R_SUCCESS)
 		goto done;
 	if (client->opt != NULL) {
 		result = dns_message_setopt(client->message, client->opt);
+		if (result != ISC_R_SUCCESS)
+			goto done;
 		/*
 		 * XXXRTH dns_message_setopt() should probably do this...
 		 */
 		client->opt = NULL;
-		if (result != ISC_R_SUCCESS)
-			goto done;
 	}
 	result = dns_message_rendersection(client->message,
 					   DNS_SECTION_QUESTION, 0);
-	if (result == ISC_R_NOSPACE) {
-		client->message->flags |= DNS_MESSAGEFLAG_TC;
-		goto renderend;
-	}
 	if (result != ISC_R_SUCCESS)
 		goto done;
 	result = dns_message_rendersection(client->message,
@@ -888,11 +869,6 @@ ns_client_send(ns_client_t *client) {
 	if (result != ISC_R_SUCCESS)
 		goto done;
 
-	if (cleanup_cctx) {
-		dns_compress_invalidate(&cctx);
-		cleanup_cctx = ISC_FALSE;
-	}
-
 	if (TCP_CLIENT(client)) {
 		isc_buffer_usedregion(&buffer, &r);
 		isc_buffer_putuint16(&tcpbuffer, (isc_uint16_t) r.length);
@@ -908,10 +884,6 @@ ns_client_send(ns_client_t *client) {
 		isc_mem_put(client->mctx, client->tcpbuf, TCP_BUFFER_SIZE);
 		client->tcpbuf = NULL;
 	}
-
-	if (cleanup_cctx)
-		dns_compress_invalidate(&cctx);
-
 	ns_client_next(client, result);
 }
 
@@ -951,33 +923,6 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
 		}
 	}
 	message->rcode = rcode;
-
-	/*
-	 * FORMERR loop avoidance:  If we sent a FORMERR message
-	 * with the same ID to the same client less than two
-	 * seconds ago, assume that we are in an infinite error 
-	 * packet dialog with a server for some protocol whose 
-	 * error responses look enough like DNS queries to
-	 * elicit a FORMERR response.  Drop a packet to break
-	 * the loop.
-	 */
-	if (rcode == dns_rcode_formerr) {
-		if (isc_sockaddr_equal(&client->peeraddr,
-				       &client->formerrcache.addr) &&
-		    message->id == client->formerrcache.id &&
-		    client->requesttime - client->formerrcache.time < 2) {
-			/* Drop packet. */
-			ns_client_log(client, NS_LOGCATEGORY_CLIENT,
-				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
-				      "possible error packet loop, "
-				      "FORMERR dropped");
-			ns_client_next(client, result);
-			return;
-		}
-		client->formerrcache.addr = client->peeraddr;
-		client->formerrcache.time = client->requesttime;
-		client->formerrcache.id = message->id;
-	}
 	ns_client_send(client);
 }
 
@@ -1077,7 +1022,7 @@ client_addopt(ns_client_t *client) {
 	rdatalist->covers = 0;
 
 	/*
-	 * Set the maximum UDP buffer size.
+	 * Set Maximum UDP buffer size.
 	 */
 	rdatalist->rdclass = RECV_BUFFER_SIZE;
 
@@ -1187,17 +1132,16 @@ client_getoptattrs(ns_client_t *client, dns_rdataset_t *opt) {
 
 
 /*
- * Handle an incoming request event from the socket (UDP case)
+ * Handle an incoming request event from the dispatch (UDP case)
  * or tcpmsg (TCP case).
  */
 static void
 client_request(isc_task_t *task, isc_event_t *event) {
 	ns_client_t *client;
-	isc_socketevent_t *sevent;
+	dns_dispatchevent_t *devent;
 	isc_result_t result;
 	isc_result_t sigresult;
 	isc_buffer_t *buffer;
-	isc_buffer_t tbuffer;
 	dns_view_t *view;
 	dns_rdataset_t *opt;
 	isc_boolean_t ra; 	/* Recursion available. */
@@ -1216,23 +1160,24 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	       NS_CLIENTSTATE_READING :
 	       NS_CLIENTSTATE_READY);
 
-	if (event->ev_type == ISC_SOCKEVENT_RECVDONE) {
+	RWLOCK(&ns_g_server->conflock, isc_rwlocktype_read);
+	dns_zonemgr_lockconf(ns_g_server->zonemgr, isc_rwlocktype_read);
+
+	if (event->ev_type == DNS_EVENT_DISPATCH) {
 		INSIST(!TCP_CLIENT(client));
-		sevent = (isc_socketevent_t *)event;
-		REQUIRE(sevent == client->recvevent);
-		isc_buffer_init(&tbuffer, sevent->region.base, sevent->n);
-		isc_buffer_add(&tbuffer, sevent->n);
-		buffer = &tbuffer;
-		result = sevent->result;
-		client->peeraddr = sevent->address;
+		devent = (dns_dispatchevent_t *)event;
+		REQUIRE(client->dispentry != NULL);
+		client->dispevent = devent;
+		buffer = &devent->buffer;
+		result = devent->result;
+		client->peeraddr = devent->addr;
 		client->peeraddr_valid = ISC_TRUE;
-		if ((sevent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
+		if ((devent->attributes & ISC_SOCKEVENTATTR_PKTINFO) != 0) {
 			client->attributes |= NS_CLIENTATTR_PKTINFO;
-			client->pktinfo = sevent->pktinfo;
+			client->pktinfo = devent->pktinfo;
 		}
-		if ((sevent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
+		if ((devent->attributes & ISC_SOCKEVENTATTR_MULTICAST) != 0)
 			client->attributes |= NS_CLIENTATTR_MULTICAST;
-		client->nrecvs--;
 	} else {
 		INSIST(TCP_CLIENT(client));
 		REQUIRE(event->ev_type == DNS_EVENT_TCPMSG);
@@ -1252,18 +1197,20 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		      TCP_CLIENT(client) ? "TCP" : "UDP");
 
 	if (exit_check(client))
-		goto cleanup;
+		goto cleanup_serverlock;
 	client->state = client->newstate = NS_CLIENTSTATE_WORKING;
 
 	isc_stdtime_get(&client->requesttime);
 	client->now = client->requesttime;
 
+	set_timeout(client, 60);
+
 	if (result != ISC_R_SUCCESS) {
 		if (TCP_CLIENT(client))
 			ns_client_next(client, result);
 		else
 			isc_task_shutdown(client->task);
-		goto cleanup;
+		goto cleanup_serverlock;
 	}
 
 	if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
@@ -1278,24 +1225,18 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	result = dns_message_parse(client->message, buffer, 0);
 	if (result != ISC_R_SUCCESS) {
 		ns_client_error(client, result);
-		goto cleanup;
+		goto cleanup_serverlock;
 	}
 
 	/*
-	 * We expect a query, not a response.  If this is a UDP response,
-	 * forward it to the dispatcher.  If it's a TCP response,
-	 * discarded it here.
+	 * We expect a query, not a response.  Unexpected UDP responses
+	 * are discarded early by the dispatcher, but TCP responses
+	 * bypass the dispatcher and must be discarded here.
 	 */
 	if ((client->message->flags & DNS_MESSAGEFLAG_QR) != 0) {
-		if (TCP_CLIENT(client)) {
-			CTRACE("unexpected response");
-			ns_client_next(client, DNS_R_FORMERR);
-			goto cleanup;
-		} else {
-			dns_dispatch_importrecv(client->dispatch, event);
-			ns_client_next(client, ISC_R_SUCCESS);
-			goto cleanup;
-		}
+		CTRACE("unexpected response");
+		ns_client_next(client, DNS_R_FORMERR);
+		goto cleanup_serverlock;
 	}
 
 	/*
@@ -1310,6 +1251,13 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		 */
 		client->udpsize = opt->rdclass;
 
+		/*
+		 * If the requested UDP buffer size is less than 512,
+		 * ignore it and use 512.
+		 */
+		if (client->udpsize < 512)
+			client->udpsize = 512;
+
 #ifdef DNS_OPT_NEWCODES
 		/*
 		 * Get the flags out of the OPT record.
@@ -1330,7 +1278,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		/*
 		 * Get the flags out of the OPT record.
 		 */
-		client->extflags = (isc_uint16_t)(opt->ttl & 0xFFFF);
+		client->extflags = opt->ttl & 0xFFFF;
 #endif /* DNS_OPT_NEWCODES */		
 
 		/*
@@ -1339,7 +1287,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		result = client_addopt(client);
 		if (result != ISC_R_SUCCESS) {
 			ns_client_error(client, result);
-			goto cleanup;
+			goto cleanup_serverlock;
 		}
 
 		/*
@@ -1350,7 +1298,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		version = (opt->ttl & 0x00FF0000) >> 16;
 		if (version != 0) {
 			ns_client_error(client, DNS_R_BADVERS);
-			goto cleanup;
+			goto cleanup_serverlock;
 		}
 	}
 
@@ -1359,11 +1307,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
 			      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
 			      "message class could not be determined");
 		ns_client_error(client, DNS_R_FORMERR);
-		goto cleanup;
+		goto cleanup_serverlock;
 	}
 
 	/*
 	 * Find a view that matches the client's source address.
+	 *
+	 * XXXRTH  View list management code will be moving to its own module
+	 *         soon.
 	 */
 	for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
 	     view != NULL;
@@ -1407,13 +1358,25 @@ client_request(isc_task_t *task, isc_event_t *event) {
 			      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
 			      "no matching view in class '%s'", classname);
 		ns_client_error(client, DNS_R_REFUSED);
-		goto cleanup;
+		goto cleanup_serverlock;
 	}
 
 	ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 		      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(5),
 		      "using view '%s'", view->name);
 
+	/*
+	 * Lock the view's configuration data for reading.
+	 * We must attach a separate view reference for this
+	 * purpose instad of using client->view, because
+	 * client->view may or may not be detached at the point
+	 * when we return from this event handler depending
+	 * on whether the request handler causes ns_client_next()
+	 * to be called or not.
+	 */
+	dns_view_attach(client->view, &client->lockview);
+	RWLOCK(&client->lockview->conflock, isc_rwlocktype_read);
+
 	/*
 	 * Check for a signature.  We log bad signatures regardless of
 	 * whether they ultimately cause the request to be rejected or
@@ -1445,7 +1408,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
 		      client->message->opcode == dns_opcode_update)) {
 			ns_client_error(client, sigresult);
-			goto cleanup;
+			goto cleanup_viewlock;
 		}
 	} else {
 		/* There is a signature, but it is bad. */
@@ -1456,7 +1419,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		if (!(client->message->tsigstatus == dns_tsigerror_badkey &&
 		      client->message->opcode == dns_opcode_update)) {
 			ns_client_error(client, sigresult);
-			goto cleanup;
+			goto cleanup_viewlock;
 		}
 	}
 
@@ -1488,12 +1451,10 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		break;
 	case dns_opcode_update:
 		CTRACE("update");
-		ns_client_settimeout(client, 60);
 		ns_update_start(client, sigresult);
 		break;
 	case dns_opcode_notify:
 		CTRACE("notify");
-		ns_client_settimeout(client, 60);
 		ns_notify_start(client);
 		break;
 	case dns_opcode_iquery:
@@ -1505,8 +1466,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		ns_client_error(client, DNS_R_NOTIMP);
 	}
 
- cleanup:
-	return;
+ cleanup_viewlock:
+	RWUNLOCK(&client->lockview->conflock, isc_rwlocktype_read);
+	dns_view_detach(&client->lockview);
+ cleanup_serverlock:
+	dns_zonemgr_unlockconf(ns_g_server->zonemgr, isc_rwlocktype_read);
+	RWUNLOCK(&ns_g_server->conflock, isc_rwlocktype_read);
 }
 
 static void
@@ -1573,7 +1538,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 				  client, &client->timer);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_task;
-	client->timerset = ISC_FALSE;
 
 	client->message = NULL;
 	result = dns_message_create(manager->mctx, DNS_MESSAGE_INTENTPARSE,
@@ -1582,33 +1546,12 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 		goto cleanup_timer;
 
 	/* XXXRTH  Hardwired constants */
-
-	client->sendevent = (isc_socketevent_t *)
-			    isc_event_allocate(manager->mctx, client,
-					       ISC_SOCKEVENT_SENDDONE,
-					       client_senddone, client,
-					       sizeof(isc_socketevent_t));
-	if (client->sendevent == NULL) {
+	client->sendbuf = isc_mem_get(manager->mctx, SEND_BUFFER_SIZE);
+	if  (client->sendbuf == NULL) {
 		result = ISC_R_NOMEMORY;
 		goto cleanup_message;
 	}
 
-	client->recvbuf = isc_mem_get(manager->mctx, RECV_BUFFER_SIZE);
-	if  (client->recvbuf == NULL) {
-		result = ISC_R_NOMEMORY;
-		goto cleanup_sendevent;
-	}
-
-	client->recvevent = (isc_socketevent_t *)
-			    isc_event_allocate(manager->mctx, client,
-					       ISC_SOCKEVENT_RECVDONE,
-					       client_request, client,
-					       sizeof(isc_socketevent_t));
-	if (client->recvevent == NULL) {
-		result = ISC_R_NOMEMORY;
-		goto cleanup_recvbuf;
-	}
-
 	client->magic = NS_CLIENT_MAGIC;
 	client->mctx = manager->mctx;
 	client->manager = NULL;
@@ -1617,12 +1560,13 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 	client->naccepts = 0;
 	client->nreads = 0;
 	client->nsends = 0;
-	client->nrecvs = 0;
 	client->references = 0;
 	client->attributes = 0;
 	client->view = NULL;
+	client->lockview = NULL;
 	client->dispatch = NULL;
-	client->udpsocket = NULL;
+	client->dispentry = NULL;
+	client->dispevent = NULL;
 	client->tcplistener = NULL;
 	client->tcpsocket = NULL;
 	client->tcpmsg_valid = ISC_FALSE;
@@ -1646,13 +1590,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 	ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
 		       NS_EVENT_CLIENTCONTROL, client_start, client, client,
 		       NULL, NULL);
-	/*
-	 * Initialize FORMERR cache to sentinel value that will not match
-	 * any actual FORMERR response.
-	 */
-	isc_sockaddr_any(&client->formerrcache.addr);
-	client->formerrcache.time = 0;
-	client->formerrcache.id = 0;
 	ISC_LINK_INIT(client, link);
 	client->list = NULL;
 
@@ -1663,7 +1600,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 	 */
 	result = ns_query_init(client);
 	if (result != ISC_R_SUCCESS)
-		goto cleanup_recvevent;
+		goto cleanup_sendbuf;
 
 	CTRACE("create");
 
@@ -1671,14 +1608,8 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 
 	return (ISC_R_SUCCESS);
 
- cleanup_recvevent:
-	isc_event_free((isc_event_t **)&client->recvevent);
-
- cleanup_recvbuf:
-	isc_mem_put(manager->mctx, client->recvbuf, RECV_BUFFER_SIZE);
-
- cleanup_sendevent:
-	isc_event_free((isc_event_t **)&client->sendevent);
+ cleanup_sendbuf:
+	isc_mem_put(manager->mctx, client->sendbuf, SEND_BUFFER_SIZE);
 
 	client->magic = 0;
 
@@ -1712,7 +1643,7 @@ client_read(ns_client_t *client) {
 	 * Set a timeout to limit the amount of time we will wait
 	 * for a request on this TCP connection.
 	 */
-	ns_client_settimeout(client, 30);
+	set_timeout(client, 30);
 
 	client->state = client->newstate = NS_CLIENTSTATE_READING;
 	INSIST(client->nreads == 0);
@@ -1857,33 +1788,6 @@ client_accept(ns_client_t *client) {
 	UNLOCK(&client->interface->lock);
 }
 
-static void
-client_udprecv(ns_client_t *client) {
-	isc_result_t result;
-	isc_region_t r;
-
-	CTRACE("udprecv");
-
-	r.base = client->recvbuf;
-	r.length = RECV_BUFFER_SIZE;
-	result = isc_socket_recv2(client->udpsocket, &r, 1,
-				  client->task, client->recvevent, 0);
-	if (result != ISC_R_SUCCESS) {
-		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "isc_socket_recv() failed: %s",
-				 isc_result_totext(result));
-		/*
-		 * This cannot happen in the current implementation, since
-		 * isc_socket_recv2() cannot fail if flags == 0A
-		 *
-		 * If this does fail, we just go idle.
-		 */
-		return;
-	}
-	INSIST(client->nrecvs == 0);
-	client->nrecvs++;
-}
-
 void
 ns_client_attach(ns_client_t *source, ns_client_t **targetp) {
 	REQUIRE(NS_CLIENT_VALID(source));
@@ -2074,12 +1978,8 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 			isc_socket_attach(ifp->tcpsocket,
 					  &client->tcplistener);
 		} else {
-			isc_socket_t *sock;
-
 			dns_dispatch_attach(ifp->udpdispatch,
 					    &client->dispatch);
-			sock = dns_dispatch_getsocket(client->dispatch);
-			isc_socket_attach(sock, &client->udpsocket);
 		}
 		client->manager = manager;
 		ISC_LIST_APPEND(manager->active, client, link);
@@ -2180,14 +2080,3 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 	va_end(ap);
 }
 
-void
-ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
-		 char *buf, size_t len) 
-{
-        char namebuf[DNS_NAME_FORMATSIZE];
-        char classbuf[DNS_RDATACLASS_FORMATSIZE];
-
-        dns_name_format(name, namebuf, sizeof(namebuf));
-        dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
-        (void)snprintf(buf, len, "%s '%s/%s'", msg, namebuf, classbuf);
-}

bin/named/config.c

@@ -1,437 +0,0 @@
-/*
- * Copyright (C) 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: config.c,v 1.8 2001/03/26 21:32:53 bwelling Exp $ */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <isc/buffer.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/region.h>
-#include <isc/result.h>
-#include <isc/sockaddr.h>
-#include <isc/util.h>
-
-#include <isccfg/cfg.h>
-
-#include <dns/fixedname.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/zone.h>
-
-#include <named/config.h>
-#include <named/globals.h>
-
-static char defaultconf[] = "\
-options {\n\
-#	blackhole {none;};\n\
-	coresize default;\n\
-	datasize default;\n\
-	deallocate-on-exit true;\n\
-#	directory <none>\n\
-	dump-file \"named_dump.db\";\n\
-	fake-iquery no;\n\
-	files default;\n\
-	has-old-clients false;\n\
-	heartbeat-interval 3600;\n\
-	host-statistics no;\n\
-	interface-interval 3600;\n\
-	listen-on {any;};\n\
-	listen-on-v6 {none;};\n\
-	match-mapped-addresses no;\n\
-	memstatistics-file \"named.memstats\";\n\
-	multiple-cnames no;\n\
-#	named-xfer <obsolete>;\n\
-#	pid-file \"" NS_LOCALSTATEDIR "/named.pid\"; /* or /lwresd.pid */\n\
-	port 53;\n\
-"
-#ifdef PATH_RANDOMDEV
-"\
-	random-device \"" PATH_RANDOMDEV "\";\n\
-"
-#endif
-"\
-	recursive-clients 1000;\n\
-	rrset-order {order cyclic;};\n\
-	serial-queries 20;\n\
-	serial-query-rate 20;\n\
-	stacksize default;\n\
-	statistics-file \"named.stats\";\n\
-	statistics-interval 3600;\n\
-	tcp-clients 100;\n\
-#	tkey-dhkey <none>\n\
-#	tkey-gssapi-credential <none>\n\
-#	tkey-domain <none>\n\
-	transfers-per-ns 2;\n\
-	transfers-in 10;\n\
-	transfers-out 10;\n\
-	treat-cr-as-space true;\n\
-	use-id-pool true;\n\
-	use-ixfr true;\n\
-	version \""VERSION"\";\n\
-\n\
-	/* view */\n\
-	allow-notify {none;};\n\
-	allow-update-forwarding {none;};\n\
-	allow-recursion {any;};\n\
-	allow-v6-synthesis {none;};\n\
-#	sortlist <none>\n\
-#	topology <none>\n\
-	auth-nxdomain false;\n\
-	minimal-responses false;\n\
-	recursion true;\n\
-	provide-ixfr true;\n\
-	request-ixfr true;\n\
-	fetch-glue no;\n\
-	rfc2308-type1 no;\n\
-	additional-from-auth true;\n\
-	additional-from-cache true;\n\
-	query-source address *;\n\
-	query-source-v6 address *;\n\
-	notify-source *;\n\
-	notify-source-v6 *;\n\
-	cleaning-interval 3600;\n\
-	min-roots 2;\n\
-	lame-ttl 600;\n\
-	max-ncache-ttl 10800; /* 3 hours */\n\
-	max-cache-ttl 604800; /* 1 week */\n\
-	transfer-format many-answers;\n\
-	max-cache-size 0;\n\
-	check-names master ignore;\n\
-	check-names slave ignore;\n\
-	check-names response ignore;\n\
-\n\
-	/* zone */\n\
-	allow-query {any;};\n\
-	allow-transfer {any;};\n\
-	notify yes;\n\
-#	also-notify <none>\n\
-	dialup no;\n\
-#	forward <none>\n\
-#	forwarders <none>\n\
-	maintain-ixfr-base no;\n\
-#	max-ixfr-log-size <obsolete>\n\
-	transfer-source *;\n\
-	transfer-source-v6 *;\n\
-	max-transfer-time-in 7200;\n\
-	max-transfer-time-out 7200;\n\
-	max-transfer-idle-in 3600;\n\
-	max-transfer-idle-out 3600;\n\
-	max-retry-time 1209600; /* 2 weeks */\n\
-	min-retry-time 500;\n\
-	max-refresh-time 2419200; /* 4 weeks */\n\
-	min-refresh-time 300;\n\
-	sig-validity-interval 30; /* days */\n\
-	zone-statistics false;\n\
-};";
-
-isc_result_t
-ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
-	isc_buffer_t b;
-
-	isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
-	isc_buffer_add(&b, sizeof(defaultconf) - 1);
-	return (cfg_parse_buffer(parser, &b, &cfg_type_namedconf, conf));
-}
-
-isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj) {
-	int i;
-
-	for (i = 0; ; i++) {
-		if (maps[i] == NULL)
-			return (ISC_R_NOTFOUND);
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (ISC_R_SUCCESS);
-	}
-}
-
-int
-ns_config_listcount(cfg_obj_t *list) {
-	cfg_listelt_t *e;
-	int i = 0;
-
-	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
-		i++;
-
-	return (i);
-}
-
-isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t *classp) {
-	char *str;
-	isc_textregion_t r;
-
-	if (!cfg_obj_isstring(classobj)) {
-		*classp = dns_rdataclass_in;
-		return (ISC_R_SUCCESS);
-	}
-	str = cfg_obj_asstring(classobj);
-	r.base = str;
-	r.length = strlen(str);
-	return (dns_rdataclass_fromtext(classp, &r));
-}
-
-dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
-	dns_zonetype_t ztype = dns_zone_none;
-	char *str;
-
-	str = cfg_obj_asstring(zonetypeobj);
-	if (strcmp(str, "master") == 0)
-		ztype = dns_zone_master;
-	else if (strcmp(str, "slave") == 0)
-		ztype = dns_zone_slave;
-	else if (strcmp(str, "stub") == 0)
-		ztype = dns_zone_stub;
-	else
-		INSIST(0);
-	return (ztype);
-}
-
-isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
-		    in_port_t defport, isc_mem_t *mctx,
-		    isc_sockaddr_t **addrsp, isc_uint32_t *countp)
-{
-	int count, i = 0;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
-	cfg_listelt_t *element;
-	isc_sockaddr_t *addrs;
-	in_port_t port;
-	isc_result_t result;
-
-	INSIST(addrsp != NULL && *addrsp == NULL);
-
-	addrlist = cfg_tuple_get(list, "addresses");
-	count = ns_config_listcount(addrlist);
-
-	portobj = cfg_tuple_get(list, "port");
-	if (cfg_obj_isuint32(portobj)) {
-		isc_uint32_t val = cfg_obj_asuint32(portobj);
-		if (val > ISC_UINT16_MAX) {
-			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
-				    "port '%u' out of range", val);
-			return (ISC_R_RANGE);
-		}
-		port = (in_port_t) val;
-	} else if (defport != 0)
-		port = defport;
-	else {
-		result = ns_config_getport(config, &port);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-
-	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
-	if (addrs == NULL)
-		return (ISC_R_NOMEMORY);
-
-	for (element = cfg_list_first(addrlist);
-	     element != NULL;
-	     element = cfg_list_next(element), i++)
-	{
-		INSIST(i < count);
-		addrs[i] = *cfg_obj_assockaddr(cfg_listelt_value(element));
-		if (isc_sockaddr_getport(&addrs[i]) == 0)
-			isc_sockaddr_setport(&addrs[i], port);
-	}
-	INSIST(i == count);
-
-	*addrsp = addrs;
-	*countp = count;
-
-	return (ISC_R_SUCCESS);
-}
-
-void
-ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
-		    isc_uint32_t count)
-{
-	INSIST(addrsp != NULL && *addrsp != NULL);
-
-	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
-	*addrsp = NULL;
-}
-
-isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keysp,
-			  isc_uint32_t *countp)
-{
-	isc_uint32_t count, i = 0;
-	isc_result_t result;
-	cfg_listelt_t *element;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
-	in_port_t port;
-	dns_fixedname_t fname;
-	isc_sockaddr_t *addrs = NULL;
-	dns_name_t **keys = NULL;
-
-	INSIST(addrsp != NULL && *addrsp == NULL);
-
-	addrlist = cfg_tuple_get(list, "addresses");
-	count = ns_config_listcount(addrlist);
-
-	portobj = cfg_tuple_get(list, "port");
-	if (cfg_obj_isuint32(portobj)) {
-		isc_uint32_t val = cfg_obj_asuint32(portobj);
-		if (val > ISC_UINT16_MAX) {
-			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
-				    "port '%u' out of range", val);
-			return (ISC_R_RANGE);
-		}
-		port = (in_port_t) val;
-	} else {
-		result = ns_config_getport(config, &port);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-
-	result = ISC_R_NOMEMORY;
-
-	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
-	if (addrs == NULL)
-		goto cleanup;
-
-	keys = isc_mem_get(mctx, count * sizeof(dns_name_t *));
-	if (keys == NULL)
-		goto cleanup;
-
-	for (element = cfg_list_first(addrlist);
-	     element != NULL;
-	     element = cfg_list_next(element), i++)
-	{
-		cfg_obj_t *addr;
-		cfg_obj_t *key;
-		char *keystr;
-		isc_buffer_t b;
-
-		INSIST(i < count);
-
-		addr = cfg_tuple_get(cfg_listelt_value(element), "sockaddr");
-		key = cfg_tuple_get(cfg_listelt_value(element), "key");
-
-		addrs[i] = *cfg_obj_assockaddr(addr);
-		if (isc_sockaddr_getport(&addrs[i]) == 0)
-			isc_sockaddr_setport(&addrs[i], port);
-
-		keys[i] = NULL;
-		if (!cfg_obj_isstring(key))
-			continue;
-		keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
-		if (keys[i] == NULL)
-			goto cleanup;
-		dns_name_init(keys[i], NULL);
-		
-		keystr = cfg_obj_asstring(key);
-		isc_buffer_init(&b, keystr, strlen(keystr));
-		isc_buffer_add(&b, strlen(keystr));
-		dns_fixedname_init(&fname);
-		result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
-					   dns_rootname, ISC_FALSE, NULL);
-		if (result != ISC_R_SUCCESS)
-			goto cleanup;
-		result = dns_name_dup(dns_fixedname_name(&fname), mctx,
-				      keys[i]);
-		if (result != ISC_R_SUCCESS)
-			goto cleanup;
-	}
-	INSIST(i == count);
-
-	*addrsp = addrs;
-	*keysp = keys;
-	*countp = count;
-
-	return (ISC_R_SUCCESS);
-
- cleanup:
-	if (addrs != NULL)
-		isc_mem_put(mctx, addrs, count * sizeof(isc_sockaddr_t));
-	if (keys != NULL) {
-		unsigned int j;
-		for (j = 0 ; j <= i; j++) {
-			if (keys[j] == NULL)
-				continue;
-			if (dns_name_dynamic(keys[j]))
-				dns_name_free(keys[j], mctx);
-			isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
-		}
-		isc_mem_put(mctx, keys, count * sizeof(dns_name_t *));
-	}
-	return (result);
-}
-
-void
-ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
-			  dns_name_t ***keysp, isc_uint32_t count)
-{
-	unsigned int i;
-	dns_name_t **keys = *keysp;
-
-	INSIST(addrsp != NULL && *addrsp != NULL);
-
-	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
-	for (i = 0; i < count; i++) {
-		if (keys[i] == NULL)
-			continue;
-		if (dns_name_dynamic(keys[i]))
-			dns_name_free(keys[i], mctx);
-		isc_mem_put(mctx, keys[i], sizeof(dns_name_t));
-	}
-	isc_mem_put(mctx, *keysp, count * sizeof(dns_name_t *));
-	*addrsp = NULL;
-	*keysp = NULL;
-}
-
-isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
-	cfg_obj_t *maps[3];
-	cfg_obj_t *options = NULL;
-	cfg_obj_t *portobj = NULL;
-	isc_result_t result;
-	int i;
-
-	if (ns_g_port != 0) {
-		*portp = ns_g_port;
-		return (ISC_R_SUCCESS);
-	}
-
-	cfg_map_get(config, "options", &options);
-	i = 0;
-	if (options != NULL)
-		maps[i++] = options;
-	maps[i++] = ns_g_defaults;
-	maps[i] = NULL;
-
-	result = ns_config_get(maps, "port", &portobj);
-	INSIST(result == ISC_R_SUCCESS);
-	if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
-		cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
-			    "port '%u' out of range",
-			    cfg_obj_asuint32(portobj));
-		return (ISC_R_RANGE);
-	}
-	*portp = (in_port_t)cfg_obj_asuint32(portobj);
-	return (ISC_R_SUCCESS);
-}

bin/named/control.c

@@ -1,102 +0,0 @@
-#include <config.h>
-
-#include <string.h>
-
-#include <isc/app.h>
-#include <isc/event.h>
-#include <isc/mem.h>
-#include <isc/util.h>
-
-#include <isccc/alist.h>
-#include <isccc/cc.h>
-#include <isccc/result.h>
-
-#include <named/control.h>
-#include <named/log.h>
-#include <named/server.h>
-
-static isc_boolean_t
-command_compare(const char *text, const char *command) {
-	if (strncasecmp(text, command, strlen(command)) == 0 &&
-	    (text[strlen(command)] == 0 || text[strlen(command)] == ' '))
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
-/*
- * This is the function that is called to process an incoming command when a
- * message is received.  It is called once for each name/value pair in the
- * message's object value list or something.
- */
-isc_result_t
-ns_control_docommand(isccc_sexpr_t *message) {
-	isccc_sexpr_t *data;
-	char *command;
-	isc_result_t result;
-
-	data = isccc_alist_lookup(message, "_data");
-	if (data == NULL) {
-		/*
-		 * No data section.
-		 */
-		return (ISC_R_FAILURE);
-	}
-
-	result = isccc_cc_lookupstring(data, "type", &command);
-	if (result != ISC_R_SUCCESS) {
-		/*
-		 * We have no idea what this is.
-		 */
-		return (result);
-	}
-
-	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-		      NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(1),
-		      "received control channel command '%s'",
-		      command);
-
-	/*
-	 * Compare the 'command' parameter against all known control commands.
-	 */
-	if (command_compare(command, NS_COMMAND_RELOAD)) {
-		result = ns_server_reloadcommand(ns_g_server, command);
-	} else if (command_compare(command, NS_COMMAND_REFRESH)) {
-		result = ns_server_refreshcommand(ns_g_server, command);
-	} else if (command_compare(command, NS_COMMAND_HALT)) {
-		ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
-		isc_app_shutdown();
-		result = ISC_R_SUCCESS;
-	} else if (command_compare(command, NS_COMMAND_STOP)) {
-		ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
-		isc_app_shutdown();
-		result = ISC_R_SUCCESS;
-	} else if (command_compare(command, NS_COMMAND_RELOADCONFIG) ||
-		   command_compare(command, NS_COMMAND_RELOADZONES)) {
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
-			      "unimplemented channel command '%s'",
-			      command);
-		result = ISC_R_NOTIMPLEMENTED;
-	} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
-		result = ns_server_dumpstats(ns_g_server);
-	} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
-		result = ns_server_togglequerylog(ns_g_server);
-	} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
-		ns_server_dumpdb(ns_g_server);
-		result = ISC_R_SUCCESS;
-	} else if (command_compare(command, NS_COMMAND_TRACE)) {
-		result = ns_server_setdebuglevel(ns_g_server, command);
-	} else if (command_compare(command, NS_COMMAND_NOTRACE)) {
-		ns_g_debuglevel = 0;
-		isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
-		result = ISC_R_SUCCESS;
-	} else {
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
-			      "unknown control channel command '%s'",
-			      command);
-		result = ISC_R_NOTIMPLEMENTED;
-	}
-
-	return (result);
-}

bin/named/controlconf.c

@@ -1,963 +0,0 @@
-#include <config.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/event.h>
-#include <isc/mem.h>
-#include <isc/once.h>
-#include <isc/result.h>
-#include <isc/stdtime.h>
-#include <isc/string.h>
-#include <isc/timer.h>
-#include <isc/util.h>
-
-#include <isccfg/cfg.h>
-
-#include <isccc/alist.h>
-#include <isccc/cc.h>
-#include <isccc/ccmsg.h>
-#include <isccc/events.h>
-#include <isccc/result.h>
-#include <isccc/sexpr.h>
-#include <isccc/util.h>
-
-#include <dns/result.h>
-
-#include <named/control.h>
-#include <named/log.h>
-#include <named/server.h>
-
-/*
- * Note: Listeners and connections are not locked.  All event handlers are
- * executed by the server task, and all callers of exported routines must
- * be running under the server task.
- */
-
-typedef struct controlkey controlkey_t;
-typedef ISC_LIST(controlkey_t) controlkeylist_t;
-
-typedef struct controlconnection controlconnection_t;
-typedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
-
-typedef struct controllistener controllistener_t;
-typedef ISC_LIST(controllistener_t) controllistenerlist_t;
-
-struct controlkey {
-	char *				keyname;
-	isc_region_t			secret;
-	ISC_LINK(controlkey_t)		link;
-};
-
-struct controlconnection {
-	isc_socket_t *			sock;
-	isccc_ccmsg_t			ccmsg;
-	isc_boolean_t			ccmsg_valid;
-	isc_boolean_t			sending;
-	isc_timer_t *			timer;
-	unsigned char			buffer[2048];
-	controllistener_t *		listener;
-	ISC_LINK(controlconnection_t)	link;
-};
-
-struct controllistener {
-	isc_mem_t *			mctx;
-	isc_task_t *			task;
-	isc_sockaddr_t			address;
-	isc_socket_t *			sock;
-	dns_acl_t *			acl;
-	isc_boolean_t			listening;
-	isc_boolean_t			exiting;
-	controlkeylist_t		keys;
-	controlconnectionlist_t		connections;
-	ISC_LINK(controllistener_t)	link;
-};
-
-static controllistenerlist_t listeners;
-static isc_mutex_t listeners_lock;
-static isc_once_t once = ISC_ONCE_INIT;
-
-static void control_newconn(isc_task_t *task, isc_event_t *event);
-static void control_recvmessage(isc_task_t *task, isc_event_t *event);
-
-static void
-initialize_mutex(void) {
-	RUNTIME_CHECK(isc_mutex_init(&listeners_lock) == ISC_R_SUCCESS);
-}
-
-static void
-free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
-	if (key->keyname != NULL)
-		isc_mem_free(mctx, key->keyname);
-	if (key->secret.base != NULL)
-		isc_mem_put(mctx, key->secret.base, key->secret.length);
-	isc_mem_put(mctx, key, sizeof(*key));
-}
-
-static void
-free_controlkeylist(controlkeylist_t *keylist, isc_mem_t *mctx) {
-	while (!ISC_LIST_EMPTY(*keylist)) {
-		controlkey_t *key = ISC_LIST_HEAD(*keylist);
-		ISC_LIST_UNLINK(*keylist, key, link);
-		free_controlkey(key, mctx);
-	}
-}
-
-static void
-free_listener(controllistener_t *listener) {
-	INSIST(listener->exiting);
-	INSIST(!listener->listening);
-	INSIST(ISC_LIST_EMPTY(listener->connections));
-
-	if (listener->sock != NULL)
-		isc_socket_detach(&listener->sock);
-
-	free_controlkeylist(&listener->keys, listener->mctx);
-
-	if (listener->acl != NULL)
-		dns_acl_detach(&listener->acl);
-
-	isc_mem_put(listener->mctx, listener, sizeof(*listener));
-}
-
-static void
-maybe_free_listener(controllistener_t *listener) {
-	if (listener->exiting &&
-	    !listener->listening &&
-	    ISC_LIST_EMPTY(listener->connections))
-		free_listener(listener);
-}
-
-static void
-maybe_free_connection(controlconnection_t *conn) {
-	controllistener_t *listener = conn->listener;
-
-	if (conn->timer != NULL)
-		isc_timer_detach(&conn->timer);
-
-	if (conn->ccmsg_valid) {
-		isccc_ccmsg_cancelread(&conn->ccmsg);
-		return;
-	}
-
-	if (conn->sending) {
-		isc_socket_cancel(conn->sock, listener->task,
-				  ISC_SOCKCANCEL_SEND);
-		return;
-	}
-
-	ISC_LIST_UNLINK(listener->connections, conn, link);
-	isc_mem_put(listener->mctx, conn, sizeof(*conn));
-}
-
-static void
-shutdown_listener(controllistener_t *listener) {
-	isc_boolean_t destroy = ISC_TRUE;
-
-	listener->exiting = ISC_TRUE;
-
-	if (!ISC_LIST_EMPTY(listener->connections)) {
-		controlconnection_t *conn;
-		for (conn = ISC_LIST_HEAD(listener->connections);
-		     conn != NULL;
-		     conn = ISC_LIST_NEXT(conn, link))
-			maybe_free_connection(conn);
-		destroy = ISC_FALSE;
-	}
-
-	if (listener->sock != NULL) {
-		isc_socket_cancel(listener->sock, listener->task,
-				  ISC_SOCKCANCEL_ACCEPT);
-		destroy = ISC_FALSE;
-	}
-
-	if (destroy)
-		free_listener(listener);
-}
-
-static isc_boolean_t
-address_ok(isc_sockaddr_t *sockaddr, dns_acl_t *acl) {
-	isc_netaddr_t netaddr;
-	isc_result_t result;
-	int match;
-
-	isc_netaddr_fromsockaddr(&netaddr, sockaddr);
-
-	result = dns_acl_match(&netaddr, NULL, acl,
-			       &ns_g_server->aclenv, &match, NULL);
-
-	if (result != ISC_R_SUCCESS || match <= 0)
-		return (ISC_FALSE);
-	else
-		return (ISC_TRUE);
-}
-
-static isc_result_t
-control_accept(controllistener_t *listener) {
-	isc_result_t result;
-	result = isc_socket_accept(listener->sock,
-				   listener->task,
-				   control_newconn, listener);
-	if (result != ISC_R_SUCCESS)
-		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "isc_socket_accept() failed: %s",
-				 isc_result_totext(result));
-	else
-		listener->listening = ISC_TRUE;
-	return (result);
-}
-
-static isc_result_t
-control_listen(controllistener_t *listener) {
-	isc_result_t result;
-
-	result = isc_socket_listen(listener->sock, 0);
-	if (result != ISC_R_SUCCESS)
-		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "isc_socket_listen() failed: %s",
-				 isc_result_totext(result));
-	return (result);
-}
-
-static void
-control_next(controllistener_t *listener) {
-	(void)control_accept(listener);
-}
-
-static void
-control_senddone(isc_task_t *task, isc_event_t *event) {
-	isc_socketevent_t *sevent = (isc_socketevent_t *) event;
-	controlconnection_t *conn = event->ev_arg;
-	controllistener_t *listener = conn->listener;
-	isc_socket_t *sock = (isc_socket_t *)sevent->ev_sender;
-	isc_result_t result;
-
-	REQUIRE(conn->sending);
-
-	UNUSED(task);
-
-	conn->sending = ISC_FALSE;
-
-	if (sevent->result != ISC_R_SUCCESS &&
-	    sevent->result != ISC_R_CANCELED)
-	{
-		char socktext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_t peeraddr;
-
-		(void)isc_socket_getpeername(sock, &peeraddr);
-		isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
-			      "error sending command response to %s: %s",
-			      socktext, isc_result_totext(sevent->result));
-	}
-	isc_event_free(&event);
-
-	result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
-					 control_recvmessage, conn);
-	if (result != ISC_R_SUCCESS) {
-		isc_socket_detach(&conn->sock);
-		maybe_free_connection(conn);
-		maybe_free_listener(listener);
-	}
-}
-
-static inline void
-log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
-	char socktext[ISC_SOCKADDR_FORMATSIZE];
-	isc_sockaddr_t peeraddr;
-
-	(void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
-	isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
-	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-		      NS_LOGMODULE_CONTROL, ISC_LOG_ERROR,
-		      "invalid command from %s: %s",
-		      socktext, isc_result_totext(result));
-}
-
-static void
-control_recvmessage(isc_task_t *task, isc_event_t *event) {
-	controlconnection_t *conn;
-	controllistener_t *listener;
-	controlkey_t *key;
-	isccc_sexpr_t *request = NULL;
-	isccc_sexpr_t *response = NULL;
-	isccc_region_t ccregion;
-	isccc_region_t secret;
-	isc_stdtime_t now;
-	isc_buffer_t b;
-	isc_region_t r;
-	isc_uint32_t len;
-	isc_result_t result;
-	isc_result_t eresult;
-
-	REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG);
-
-	conn = event->ev_arg;
-	listener = conn->listener;
-	key = ISC_LIST_HEAD(listener->keys);
-
-	if (conn->ccmsg.result != ISC_R_SUCCESS) {
-		if (conn->ccmsg.result != ISC_R_CANCELED &&
-		    conn->ccmsg.result != ISC_R_EOF)
-			log_invalid(&conn->ccmsg, conn->ccmsg.result);
-		goto cleanup;
-	}
-
-	ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
-	ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
-	request = NULL;
-	secret.rstart = key->secret.base;
-	secret.rend = key->secret.base + key->secret.length;
-	result = isccc_cc_fromwire(&ccregion, &request, &secret);
-	if (result != ISC_R_SUCCESS) {
-		log_invalid(&conn->ccmsg, result);
-		goto cleanup;
-	}
-
-	/* We shouldn't be getting a reply. */
-	if (isccc_cc_isreply(request)) {
-		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
-		goto cleanup;
-	}
-
-	eresult = ns_control_docommand(request);
-
-	isc_stdtime_get(&now);
-	result = isccc_cc_createresponse(request, now, now + 60, &response);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-	if (eresult != ISC_R_SUCCESS) {
-		isccc_sexpr_t *data;
-
-		data = isccc_alist_lookup(response, "_data");
-		if (data != NULL) {
-			const char *estr = isc_result_totext(eresult);
-			if (isccc_cc_definestring(data, "err", estr) == NULL)
-				goto cleanup;
-		}
-	}
-
-	ccregion.rstart = conn->buffer + 4;
-	ccregion.rend = conn->buffer + sizeof(conn->buffer);
-	result = isccc_cc_towire(response, &ccregion, &secret);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-	isc_buffer_init(&b, conn->buffer, 4);
-	len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
-	isc_buffer_putuint32(&b, len - 4);
-	r.base = conn->buffer;
-	r.length = len;
-
-	result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-	conn->sending = ISC_TRUE;
-
-	if (request != NULL)
-		isccc_sexpr_free(&request);
-	if (request != NULL)
-		isccc_sexpr_free(&response);
-	return;
-
- cleanup:
-	isc_socket_detach(&conn->sock);
-	isccc_ccmsg_invalidate(&conn->ccmsg);
-	conn->ccmsg_valid = ISC_FALSE;
-	maybe_free_connection(conn);
-	maybe_free_listener(listener);
-	if (request != NULL)
-		isccc_sexpr_free(&request);
-	if (request != NULL)
-		isccc_sexpr_free(&response);
-}
-
-static void
-control_timeout(isc_task_t *task, isc_event_t *event) {
-	controlconnection_t *conn = event->ev_arg;
-
-	UNUSED(task);
-
-	isc_timer_detach(&conn->timer);
-	maybe_free_connection(conn);
-
-	isc_event_free(&event);
-}
-
-static isc_result_t
-newconnection(controllistener_t *listener, isc_socket_t *sock) {
-	controlconnection_t *conn;
-	isc_interval_t interval;
-	isc_result_t result;
-
-	conn = isc_mem_get(listener->mctx, sizeof(*conn));
-	if (conn == NULL)
-		return (ISC_R_NOMEMORY);
-	
-	conn->sock = sock;
-	isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
-	conn->ccmsg_valid = ISC_TRUE;
-	conn->sending = ISC_FALSE;
-	conn->timer = NULL;
-	isc_interval_set(&interval, 60, 0);
-	result = isc_timer_create(ns_g_timermgr, isc_timertype_once,
-				  NULL, &interval, listener->task,
-				  control_timeout, conn, &conn->timer);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-
-	conn->listener = listener;
-	ISC_LINK_INIT(conn, link);
-
-	result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
-					 control_recvmessage, conn);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-	isccc_ccmsg_setmaxsize(&conn->ccmsg, 2048);
-
-	ISC_LIST_APPEND(listener->connections, conn, link);
-	return (ISC_R_SUCCESS);
-
- cleanup:
-	isccc_ccmsg_invalidate(&conn->ccmsg);
-	if (conn->timer != NULL)
-		isc_timer_detach(&conn->timer);
-	isc_mem_put(listener->mctx, conn, sizeof(*conn));
-	return (result);
-}
-
-static void
-control_newconn(isc_task_t *task, isc_event_t *event) {
-	isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
-	controllistener_t *listener = event->ev_arg;
-	isc_socket_t *sock;
-	isc_sockaddr_t peeraddr;
-	isc_result_t result;
-
-	UNUSED(task);
-
-	if (nevent->result != ISC_R_SUCCESS) {
-		if (nevent->result == ISC_R_CANCELED) {
-			isc_socket_detach(&listener->sock);
-			listener->listening = ISC_FALSE;
-			shutdown_listener(listener);
-			goto cleanup;
-		}
-		goto restart;
-	}
-
-	sock = nevent->newsocket;
-	(void)isc_socket_getpeername(sock, &peeraddr);
-	if (!address_ok(&peeraddr, listener->acl)) {
-		char socktext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
-			      "rejected command channel message from %s",
-			      socktext);
-		goto restart;
-	}
-
-	result = newconnection(listener, sock);
-	if (result != ISC_R_SUCCESS) {
-		char socktext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
-		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
-			      "dropped command channel from %s: %s",
-			      socktext, isc_result_totext(result));
-		goto restart;
-	}
-
- restart:
-	control_next(listener);
- cleanup:
-	isc_event_free(&event);
-}
-
-void
-ns_control_shutdown(isc_boolean_t exiting) {
-	controllistener_t *listener;
-	controllistener_t *next;
-
-	RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
-
-	if (exiting) {
-		/*
-		 * When not exiting, this function is called from
-		 * ns_control_configure(), which already holds the lock.
-		 */
-		LOCK(&listeners_lock);
-	}
-
-
-	for (listener = ISC_LIST_HEAD(listeners);
-	     listener != NULL;
-	     listener = next)
-	{
-		/*
-		 * This is asynchronous.  As listeners shut down, they will
-		 * call their callbacks.
-		 */
-		next = ISC_LIST_NEXT(listener, link);
-		ISC_LIST_UNLINK(listeners, listener, link);
-		shutdown_listener(listener);
-	}
-
-	if (exiting)
-		UNLOCK(&listeners_lock);
-}
-
-static isc_result_t
-cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
-	cfg_listelt_t *element;
-	const char *str;
-	cfg_obj_t *obj;
-
-	for (element = cfg_list_first(keylist);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		obj = cfg_listelt_value(element);
-		str = cfg_obj_asstring(cfg_map_getname(obj));
-		if (strcasecmp(str, keyname) == 0)
-			break;
-	}
-	if (element == NULL)
-		return (ISC_R_NOTFOUND);
-	obj = cfg_listelt_value(element);
-	*objp = obj;
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
-		     controlkeylist_t *keyids)
-{
-	cfg_listelt_t *element;
-	char *newstr = NULL;
-	const char *str;
-	cfg_obj_t *obj;
-	controlkey_t *key = NULL;
-
-	for (element = cfg_list_first(keylist);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		obj = cfg_listelt_value(element);
-		str = cfg_obj_asstring(obj);
-		newstr = isc_mem_strdup(mctx, str);
-		if (newstr == NULL)
-			goto cleanup;
-		key = isc_mem_get(mctx, sizeof(*key));
-		if (key == NULL)
-			goto cleanup;
-		key->keyname = newstr;
-		key->secret.base = NULL;
-		key->secret.length = 0;
-		ISC_LINK_INIT(key, link);
-		ISC_LIST_APPEND(*keyids, key, link);
-		key = NULL;
-		newstr = NULL;
-	}
-	return (ISC_R_SUCCESS);
-
- cleanup:
-	if (newstr != NULL)
-		isc_mem_free(mctx, newstr);
-	if (key != NULL)
-		isc_mem_put(mctx, key, sizeof(*key));
-	free_controlkeylist(keyids, mctx);
-	return (ISC_R_NOMEMORY);
-}
-
-static void
-register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
-	      controlkeylist_t *keyids, isc_mem_t *mctx, char *socktext)
-{
-	controlkey_t *keyid, *next;
-	cfg_obj_t *keydef;
-	char secret[1024];
-	isc_buffer_t b;
-	isc_result_t result;
-
-	/*
-	 * Find the keys corresponding to the keyids used by this listener.
-	 */
-	for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
-		next = ISC_LIST_NEXT(keyid, link);
-
-		result = cfgkeylist_find(keylist, keyid->keyname, &keydef);
-		if (result != ISC_R_SUCCESS) {
-			cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-				    "couldn't find key %s for use with "
-				    "command channel %s",
-				    keyid->keyname, socktext);
-			ISC_LIST_UNLINK(*keyids, keyid, link);
-			free_controlkey(keyid, mctx);
-		} else {
-			cfg_obj_t *algobj = NULL;
-			cfg_obj_t *secretobj = NULL;
-			char *algstr = NULL;
-			char *secretstr = NULL;
-
-			(void)cfg_map_get(keydef, "algorithm", &algobj);
-			(void)cfg_map_get(keydef, "secret", &secretobj);
-			INSIST(algobj != NULL && secretobj != NULL);
-
-			algstr = cfg_obj_asstring(algobj);
-			secretstr = cfg_obj_asstring(secretobj);
-
-			if (strcasecmp(algstr, "hmac-md5") != 0) {
-				cfg_obj_log(control, ns_g_lctx,
-					    ISC_LOG_WARNING,
-					    "unsupported algorithm '%s' in "
-					    "key '%s' for use with command "
-					    "channel %s",
-					    algstr, keyid->keyname, socktext);
-				ISC_LIST_UNLINK(*keyids, keyid, link);
-				free_controlkey(keyid, mctx);
-				continue;
-			}
-
-			isc_buffer_init(&b, secret, sizeof(secret));
-			result = isc_base64_decodestring(secretstr, &b);
-
-			if (result != ISC_R_SUCCESS) {
-				cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
-					    "secret for key '%s' on "
-					    "command channel %s: %s",
-					    keyid->keyname, socktext,
-					    isc_result_totext(result));
-				ISC_LIST_UNLINK(*keyids, keyid, link);
-				free_controlkey(keyid, mctx);
-				continue;
-			}
-
-			keyid->secret.length = isc_buffer_usedlength(&b);
-			keyid->secret.base = isc_mem_get(mctx,
-							 keyid->secret.length);
-			if (keyid->secret.base == NULL) {
-				cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
-					   "couldn't register key '%s': "
-					   "out of memory", keyid->keyname);
-				ISC_LIST_UNLINK(*keyids, keyid, link);
-				free_controlkey(keyid, mctx);
-				break;
-			}
-			memcpy(keyid->secret.base, isc_buffer_base(&b),
-			       keyid->secret.length);
-		}
-	}
-}
-
-static void
-update_listener(controllistener_t **listenerp, cfg_obj_t *control,
-		cfg_obj_t *config, isc_sockaddr_t *addr,
-		ns_aclconfctx_t *aclconfctx, char *socktext)
-{
-	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *keylist;
-	dns_acl_t *new_acl = NULL;
-	controlkeylist_t keys;
-	isc_result_t result;
-
-	for (listener = ISC_LIST_HEAD(listeners);
-	     listener != NULL;
-	     listener = ISC_LIST_NEXT(listener, link))
-		if (isc_sockaddr_equal(addr, &listener->address))
-			break;
-
-	if (listener == NULL) {
-		*listenerp = NULL;
-		return;
-	}
-		
-	/*
-	 * There is already a listener for this sockaddr.
-	 * Update the access list and key information.
-	 *
-	 * First, keep the old access list unless a new one can be made.
-	 */
-	allow = cfg_tuple_get(control, "allow");
-	result = ns_acl_fromconfig(allow, config, aclconfctx,
-				   listener->mctx, &new_acl);
-	if (result == ISC_R_SUCCESS) {
-		dns_acl_detach(&listener->acl);
-		dns_acl_attach(new_acl, &listener->acl);
-		dns_acl_detach(&new_acl);
-	} else
-		/* XXXDCL say the old acl is still used? */
-		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-			    "couldn't install new acl for "
-			    "command channel %s: %s",
-			    socktext, isc_result_totext(result));
-
-	keylist = cfg_tuple_get(control, "keys");
-	ISC_LIST_INIT(keys);
-	result = controlkeylist_fromcfg(keylist, listener->mctx, &keys);
-	if (result != ISC_R_SUCCESS)
-		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-			    "couldn't install new keys for "
-			    "command channel %s: %s",
-			    socktext, isc_result_totext(result));
-	else {
-		free_controlkeylist(&listener->keys, listener->mctx);
-		listener->keys = keys;
-	}
-
-	*listenerp = listener;
-}
-
-static void
-add_listener(isc_mem_t *mctx, controllistener_t **listenerp,
-	     cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr,
-	     ns_aclconfctx_t *aclconfctx, char *socktext)
-{
-	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *keys;
-	dns_acl_t *new_acl = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-
-	listener = isc_mem_get(mctx, sizeof(*listener));
-	if (listener == NULL)
-		result = ISC_R_NOMEMORY;
-
-	if (result == ISC_R_SUCCESS) {
-		listener->mctx = mctx;
-		listener->task = ns_g_server->task;
-		listener->address = *addr;
-		listener->sock = NULL;
-		listener->listening = ISC_FALSE;
-		listener->exiting = ISC_FALSE;
-		listener->acl = NULL;
-		ISC_LINK_INIT(listener, link);
-		ISC_LIST_INIT(listener->keys);
-		ISC_LIST_INIT(listener->connections);
-
-		/*
-		 * Make the acl.
-		 */
-		allow = cfg_tuple_get(control, "allow");
-		result = ns_acl_fromconfig(allow, config, aclconfctx, mctx,
-					   &new_acl);
-	}
-
-	if (result == ISC_R_SUCCESS) {
-		dns_acl_attach(new_acl, &listener->acl);
-		dns_acl_detach(&new_acl);
-
-		keys = cfg_tuple_get(control, "keys");
-		result = controlkeylist_fromcfg(keys, listener->mctx,
-					      &listener->keys);
-		if (result != ISC_R_SUCCESS)
-			cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-				    "couldn't install new keys for "
-				    "command channel %s: %s",
-				    socktext, isc_result_totext(result));
-	}
-
-	if (result == ISC_R_SUCCESS) {
-		int pf = isc_sockaddr_pf(&listener->address);
-		if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
-		    (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
-			result = ISC_R_FAMILYNOSUPPORT;
-	}
-
-	if (result == ISC_R_SUCCESS)
-		result = isc_socket_create(ns_g_socketmgr,
-					   isc_sockaddr_pf(&listener->address),
-					   isc_sockettype_tcp,
-					   &listener->sock);
-
-	if (result == ISC_R_SUCCESS)
-		result = isc_socket_bind(listener->sock,
-					 &listener->address);
-
-	if (result == ISC_R_SUCCESS)
-		result = control_listen(listener);
-
-	if (result == ISC_R_SUCCESS)
-		result = control_accept(listener);
-
-	if (result == ISC_R_SUCCESS) {
-		isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
-			      NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
-			      "command channel listening on %s", socktext);
-		*listenerp = listener;
-
-	} else {
-		if (listener != NULL) {
-			listener->exiting = ISC_TRUE;
-			free_listener(listener);
-		}
-
-		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-			    "couldn't add command channel %s: %s",
-			    socktext, isc_result_totext(result));
-
-		*listenerp = NULL;
-	}
-
-	/* XXXDCL return error results? fail hard? */
-}
-
-isc_result_t
-ns_control_configure(isc_mem_t *mctx, cfg_obj_t *config,
-		     ns_aclconfctx_t *aclconfctx)
-{
-	controllistener_t *listener;
-	controllistenerlist_t new_listeners;
-	cfg_obj_t *controlslist = NULL;
-	cfg_obj_t *keylist = NULL;
-	cfg_listelt_t *element, *element2;
-	char socktext[ISC_SOCKADDR_FORMATSIZE];
-
-	RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
-
-	ISC_LIST_INIT(new_listeners);
-
-	/*
-	 * Get te list of named.conf 'controls' statements.
-	 */
-	(void)cfg_map_get(config, "controls", &controlslist);
-
-	LOCK(&listeners_lock);
-	/*
-	 * Run through the new control channel list, noting sockets that
-	 * are already being listened on and moving them to the new list.
-	 *
-	 * Identifying duplicates addr/port combinations is left to either
-	 * the underlying config code, or to the bind attempt getting an
-	 * address-in-use error.
-	 */
-	if (controlslist != NULL) {
-		(void)cfg_map_get(config, "key", &keylist);
-		if (keylist == NULL)
-			cfg_obj_log(controlslist, ns_g_lctx, ISC_LOG_WARNING,
-				    "no key statements for use by "
-				    "control channels");
-
-		for (element = cfg_list_first(controlslist);
-		     element != NULL;
-		     element = cfg_list_next(element))
-		{
-			cfg_obj_t *controls;
-			cfg_obj_t *inetcontrols = NULL;
-
-			controls = cfg_listelt_value(element);
-			(void)cfg_map_get(controls, "inet", &inetcontrols);
-			if (inetcontrols == NULL)
-				continue;
-
-			for (element2 = cfg_list_first(inetcontrols);
-			     element2 != NULL;
-			     element2 = cfg_list_next(element2))
-			{
-				cfg_obj_t *control;
-				cfg_obj_t *obj;
-				isc_sockaddr_t *addr;
-
-				/*
-				 * The parser handles BIND 8 configuration file
-				 * syntax, so it allows unix phrases as well
-				 * inet phrases with no keys{} clause.
-				 *
-				 * "unix" phrases have been reported as
-				 * unsupported by the parser.
-				 *
-				 * The keylist == NULL case was already warned
-				 * about a few lines above.
-				 */
-				control = cfg_listelt_value(element2);
-
-				obj = cfg_tuple_get(control, "address");
-				addr = cfg_obj_assockaddr(obj);
-				if (isc_sockaddr_getport(addr) == 0)
-					isc_sockaddr_setport(addr,
-							     NS_CONTROL_PORT);
-
-				isc_sockaddr_format(addr, socktext,
-						    sizeof(socktext));
-
-				obj = cfg_tuple_get(control, "keys");
-
-				if (cfg_obj_isvoid(obj)) {
-					cfg_obj_log(obj, ns_g_lctx,
-						    ISC_LOG_ERROR,
-						    "no keys clause in "
-						    "control channel %s",
-						    socktext);
-					continue;
-				}
-
-				if (cfg_list_first(obj) == NULL) {
-					cfg_obj_log(obj, ns_g_lctx,
-						    ISC_LOG_ERROR,
-						    "no keys specified in "
-						    "control channel %s",
-						    socktext);
-					continue;
-				}
-
-				if (keylist == NULL)
-					continue;
-
-				isc_log_write(ns_g_lctx,
-					      ISC_LOGCATEGORY_GENERAL,
-					      NS_LOGMODULE_CONTROL,
-					      ISC_LOG_DEBUG(9),
-					      "processing control channel %s",
-					      socktext);
-
-				update_listener(&listener, control, config,
-						addr, aclconfctx, socktext);
-
-				if (listener != NULL)
-					/*
-					 * Remove the listener from the old
-					 * list, so it won't be shut down.
-					 */
-					ISC_LIST_UNLINK(listeners, listener,
-							link);
-				else
-					/*
-					 * This is a new listener.
-					 */
-					add_listener(mctx, &listener, control,
-						     config, addr, aclconfctx,
-						     socktext);
-	
-				if (listener != NULL) {
-					register_keys(control, keylist,
-						      &listener->keys,
-						      listener->mctx,
-						      socktext);
-
-					ISC_LIST_APPEND(new_listeners,
-							listener, link);
-				}
-			}
-		}
-	}
-
-	/*
-	 * ns_control_shutdown() will stop whatever is on the global listeners
-	 * list, which currently only has whatever sockaddr was in the previous
-	 * configuration (if any) that does not remain in the current
-	 * configuration.
-	 */
-	ns_control_shutdown(ISC_FALSE);
-
-	/*
-	 * Put all of the valid listeners on the listeners list.
-	 * Anything already on listeners in the process of shutting down
-	 * will be taken care of by listen_done().
-	 */
-	ISC_LIST_APPENDLIST(listeners, new_listeners, link);
-
-	UNLOCK(&listeners_lock);
-
-	return (ISC_R_SUCCESS);
-}

bin/named/include/named/aclconf.h

@@ -15,15 +15,14 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.h,v 1.12 2001/03/04 21:21:31 bwelling Exp $ */
+/* $Id: aclconf.h,v 1.10.4.1 2001/01/09 22:32:22 bwelling Exp $ */
 
 #ifndef NS_ACLCONF_H
 #define NS_ACLCONF_H 1
 
 #include <isc/lang.h>
 
-#include <isccfg/cfg.h>
-
+#include <dns/confctx.h>
 #include <dns/types.h>
 
 typedef struct ns_aclconfctx {
@@ -49,8 +48,8 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx);
  */
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
+ns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
+		  dns_c_ctx_t *cctx,
 		  ns_aclconfctx_t *ctx,
 		  isc_mem_t *mctx,
 		  dns_acl_t **target);

bin/named/include/named/client.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.57 2001/03/19 20:52:21 gson Exp $ */
+/* $Id: client.h,v 1.48.4.1 2001/01/09 22:32:23 bwelling Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -89,27 +89,26 @@ struct ns_client {
 	ns_clientmgr_t *	manager;
 	int			state;
 	int			newstate;
+	isc_boolean_t		disconnect;
 	int			naccepts;
 	int			nreads;
 	int			nsends;
-	int			nrecvs;
 	int			references;
 	unsigned int		attributes;
 	isc_task_t *		task;
 	dns_view_t *		view;
+	dns_view_t *		lockview;
 	dns_dispatch_t *	dispatch;
-	isc_socket_t *		udpsocket;
+	dns_dispentry_t *	dispentry;
+	dns_dispatchevent_t *	dispevent;
 	isc_socket_t *		tcplistener;
 	isc_socket_t *		tcpsocket;
 	unsigned char *		tcpbuf;
 	dns_tcpmsg_t		tcpmsg;
 	isc_boolean_t		tcpmsg_valid;
 	isc_timer_t *		timer;
-	isc_boolean_t 		timerset;
 	dns_message_t *		message;
-	isc_socketevent_t *	sendevent;
-	isc_socketevent_t *	recvevent;
-	unsigned char *		recvbuf;
+	unsigned char *		sendbuf;
 	dns_rdataset_t *	opt;
 	isc_uint16_t		udpsize;
 	isc_uint16_t		extflags;
@@ -133,17 +132,6 @@ struct ns_client {
 	isc_boolean_t		peeraddr_valid;
 	struct in6_pktinfo	pktinfo;
 	isc_event_t		ctlevent;
-	/*
-	 * Information about recent FORMERR response(s), for
-	 * FORMERR loop avoidance.  This is separate for each
-	 * client object rather than global only to avoid
-	 * the need for locking.
-	 */
-	struct {
-		isc_sockaddr_t		addr;
-		isc_stdtime_t		time;
-		dns_messageid_t		id;
-	} formerrcache;
 	ISC_LINK(ns_client_t)	link;
 	/*
 	 * The list 'link' is part of, or NULL if not on any list.
@@ -231,12 +219,6 @@ ns_client_replace(ns_client_t *client);
  * leaving the dispatch/socket without service.
  */
 
-void
-ns_client_settimeout(ns_client_t *client, unsigned int seconds);
-/*
- * Set a timer in the client to go off in the specified amount of time.
- */
-
 isc_result_t
 ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 		    isc_timermgr_t *timermgr, ns_clientmgr_t **managerp);
@@ -303,8 +285,4 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 	      isc_logmodule_t *module, int level,
 	      const char *fmt, ...);
 
-void
-ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
-                 char *buf, size_t len);
-
 #endif /* NAMED_CLIENT_H */

bin/named/include/named/config.h

@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
-
-/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
-
-#ifndef NAMED_CONFIG_H
-#define NAMED_CONFIG_H 1
-
-#include <isccfg/cfg.h>
-
-#include <dns/types.h>
-#include <dns/zone.h>
-
-isc_result_t
-ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);
-
-isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
-
-int
-ns_config_listcount(cfg_obj_t *list);
-
-isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t *classp);
-
-dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj);
-
-isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
-		    in_port_t defport, isc_mem_t *mctx,
-		    isc_sockaddr_t **addrsp, isc_uint32_t *countp);
-
-void
-ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
-		    isc_uint32_t count);
-
-isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keys,
-			  isc_uint32_t *countp);
-
-void
-ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
-			  dns_name_t ***keys, isc_uint32_t count);
-
-isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp);
-
-#endif /* NAMED_CONFIG_H */

bin/named/include/named/control.h

@@ -1,35 +0,0 @@
-#ifndef NAMED_CONTROL_H
-#define NAMED_CONTROL_H 1
-
-#include <isccc/types.h>
-
-#include <named/aclconf.h>
-
-#define NS_CONTROL_PORT			953
-
-#define NS_COMMAND_STOP		"stop"
-#define NS_COMMAND_HALT		"halt"
-#define NS_COMMAND_RELOAD	"reload"
-#define NS_COMMAND_RELOADCONFIG	"reload-config"
-#define NS_COMMAND_RELOADZONES	"reload-zones"
-#define NS_COMMAND_REFRESH	"refresh"
-#define NS_COMMAND_DUMPSTATS	"stats"
-#define NS_COMMAND_QUERYLOG	"querylog"
-#define NS_COMMAND_DUMPDB	"dumpdb"
-#define NS_COMMAND_TRACE	"trace"
-#define NS_COMMAND_NOTRACE	"notrace"
-
-isc_result_t
-ns_control_init(void);
-
-isc_result_t
-ns_control_configure(isc_mem_t *mctx, cfg_obj_t *config,
-		     ns_aclconfctx_t *aclconfctx);
-
-void
-ns_control_shutdown(isc_boolean_t exiting);
-
-isc_result_t
-ns_control_docommand(isccc_sexpr_t *message);
-
-#endif /* NAMED_CONTROL_H */

bin/named/include/named/globals.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.54 2001/03/27 00:44:36 bwelling Exp $ */
+/* $Id: globals.h,v 1.51.2.1 2001/01/09 22:32:25 bwelling Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -24,10 +24,10 @@
 #include <isc/log.h>
 #include <isc/net.h>
 
-#include <isccfg/cfg.h>
-
 #include <dns/zone.h>
 
+#include <omapi/types.h>
+
 #include <named/types.h>
 
 #undef EXTERN
@@ -52,7 +52,7 @@ EXTERN isc_entropy_t *		ns_g_entropy		INIT(NULL);
  */
 EXTERN isc_timermgr_t *		ns_g_timermgr		INIT(NULL);
 EXTERN isc_socketmgr_t *	ns_g_socketmgr		INIT(NULL);
-EXTERN cfg_parser_t *		ns_g_parser		INIT(NULL);
+EXTERN omapi_object_t *		ns_g_omapimgr		INIT(NULL);
 EXTERN const char *		ns_g_version		INIT(VERSION);
 EXTERN in_port_t		ns_g_port		INIT(0);
 EXTERN in_port_t		lwresd_g_listenport	INIT(0);
@@ -72,8 +72,6 @@ EXTERN unsigned int		ns_g_debuglevel		INIT(0);
 /*
  * Current configuration information.
  */
-EXTERN cfg_obj_t *		ns_g_config		INIT(NULL);
-EXTERN cfg_obj_t *		ns_g_defaults		INIT(NULL);
 EXTERN const char *		ns_g_conffile		INIT(NS_SYSCONFDIR
 							     "/named.conf");
 EXTERN const char *		lwresd_g_conffile	INIT(NS_SYSCONFDIR

bin/named/include/named/interfacemgr.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.h,v 1.22 2001/01/09 21:40:14 bwelling Exp $ */
+/* $Id: interfacemgr.h,v 1.21.4.1 2001/01/09 22:32:26 bwelling Exp $ */
 
 #ifndef NAMED_INTERFACEMGR_H
 #define NAMED_INTERFACEMGR_H 1

bin/named/include/named/listenlist.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.h,v 1.10 2001/01/09 21:40:16 bwelling Exp $ */
+/* $Id: listenlist.h,v 1.9.4.1 2001/01/09 22:32:27 bwelling Exp $ */
 
 #ifndef NAMED_LISTENLIST_H
 #define NAMED_LISTENLIST_H 1

bin/named/include/named/log.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.h,v 1.18 2001/03/27 00:44:38 bwelling Exp $ */
+/* $Id: log.h,v 1.16.4.1 2001/01/09 22:32:28 bwelling Exp $ */
 
 #ifndef NAMED_LOG_H
 #define NAMED_LOG_H 1
@@ -47,7 +47,7 @@
 #define NS_LOGMODULE_XFER_IN		(&ns_g_modules[6])
 #define NS_LOGMODULE_XFER_OUT		(&ns_g_modules[7])
 #define NS_LOGMODULE_NOTIFY		(&ns_g_modules[8])
-#define NS_LOGMODULE_CONTROL		(&ns_g_modules[9])
+#define NS_LOGMODULE_OMAPI		(&ns_g_modules[9])
 #define NS_LOGMODULE_LWRESD		(&ns_g_modules[10])
 
 isc_result_t

bin/named/include/named/logconf.h

@@ -15,18 +15,20 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.10 2001/03/04 21:21:33 bwelling Exp $ */
+/* $Id: logconf.h,v 1.8.4.1 2001/01/09 22:32:29 bwelling Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1
 
 #include <isc/log.h>
 
+#include <dns/conflog.h>
+
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt);
+ns_log_configure(isc_logconfig_t *logconf, dns_c_logginglist_t *clog);
 /*
  * Set up the logging configuration in '*logconf' according to
- * the named.conf data in 'logstmt'.
+ * the named.conf data in 'clog'.
  */
 
 #endif /* NAMED_LOGCONF_H */

bin/named/include/named/lwaddr.h

@@ -15,10 +15,9 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.h,v 1.3 2001/03/10 06:40:29 tale Exp $ */
+/* $Id: lwaddr.h,v 1.1.4.1 2001/01/09 22:32:30 bwelling Exp $ */
 
 #include <lwres/lwres.h>
-#include <lwres/net.h>
 
 isc_result_t
 lwaddr_netaddr_fromlwresaddr(isc_netaddr_t *na, lwres_addr_t *la);

bin/named/include/named/lwdclient.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.12 2001/01/22 22:29:04 gson Exp $ */
+/* $Id: lwdclient.h,v 1.10.4.1 2001/01/09 22:32:31 bwelling Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1
@@ -80,6 +80,7 @@ struct ns_lwdclient {
 	dns_byaddr_t	       *byaddr;
 	unsigned int		options;
 	isc_netaddr_t		na;
+	dns_adbaddrinfo_t      *addrinfo;
 
 	/*
 	 * grbn (get rrset by name) state info.

bin/named/include/named/lwresd.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.11 2001/03/04 21:21:34 bwelling Exp $ */
+/* $Id: lwresd.h,v 1.9.4.1 2001/01/09 22:32:33 bwelling Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1
@@ -23,8 +23,7 @@
 #include <isc/types.h>
 #include <isc/sockaddr.h>
 
-#include <isccfg/cfg.h>
-
+#include <dns/confctx.h>
 #include <dns/types.h>
 
 struct ns_lwresd {
@@ -56,11 +55,13 @@ struct ns_lwreslistener {
  * Configure lwresd.
  */
 isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config);
+ns_lwresd_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx);
 
+/*
+ * Create a configuration context based on resolv.conf and default parameters.
+ */
 isc_result_t
-ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
-			   cfg_obj_t **configp);
+ns_lwresd_parseresolvconf(isc_mem_t *mctx, dns_c_ctx_t **ctxp);
 
 /*
  * Trigger shutdown.
@@ -72,7 +73,8 @@ ns_lwresd_shutdown(void);
  * Manager functions
  */
 isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwresd_t **lwresdp);
+ns_lwdmanager_create(isc_mem_t *mctx, dns_c_lwres_t *lwres,
+		     ns_lwresd_t **lwresdp);
 
 void
 ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp);

bin/named/include/named/lwsearch.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.h,v 1.3 2001/01/09 21:40:22 bwelling Exp $ */
+/* $Id: lwsearch.h,v 1.2.4.1 2001/01/09 22:32:34 bwelling Exp $ */
 
 #ifndef NAMED_LWSEARCH_H
 #define NAMED_LWSEARCH_H 1

bin/named/include/named/main.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.h,v 1.7 2001/01/09 21:40:23 bwelling Exp $ */
+/* $Id: main.h,v 1.6.4.1 2001/01/09 22:32:35 bwelling Exp $ */
 
 #ifndef NAMED_MAIN_H
 #define NAMED_MAIN_H 1

bin/named/include/named/notify.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: notify.h,v 1.9 2001/01/09 21:40:24 bwelling Exp $ */
+/* $Id: notify.h,v 1.8.4.1 2001/01/09 22:32:36 bwelling Exp $ */
 
 #ifndef NAMED_NOTIFY_H
 #define NAMED_NOTIFY_H 1

bin/named/include/named/omapi.h

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: omapi.h,v 1.17.2.1 2001/01/09 22:32:37 bwelling Exp $ */
+
+#ifndef NAMED_OMAPI_H
+#define NAMED_OMAPI_H 1
+
+#include <dns/confctx.h>
+
+#include <omapi/omapi.h>
+
+#include <named/aclconf.h>
+
+#define NS_OMAPI_PORT			953
+
+/*
+ * This string is the registration name of objects of type control_object_t.
+ */
+#define NS_OMAPI_CONTROL		"control"
+
+
+#define NS_OMAPI_COMMAND_STOP		"stop"
+#define NS_OMAPI_COMMAND_HALT		"halt"
+#define NS_OMAPI_COMMAND_RELOAD		"reload"
+#define NS_OMAPI_COMMAND_RELOADCONFIG	"reload-config"
+#define NS_OMAPI_COMMAND_RELOADZONES	"reload-zones"
+#define NS_OMAPI_COMMAND_REFRESH	"refresh"
+#define NS_OMAPI_COMMAND_DUMPSTATS      "stats"
+#define NS_OMAPI_COMMAND_QUERYLOG	"querylog"
+#define NS_OMAPI_COMMAND_DUMPDB		"dumpdb"
+
+isc_result_t
+ns_omapi_init(void);
+
+isc_result_t
+ns_omapi_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx,
+		   ns_aclconfctx_t *aclconfctx);
+
+void
+ns_omapi_shutdown(isc_boolean_t exiting);
+
+#endif /* NAMED_OMAPI_H */

bin/named/include/named/query.h

@@ -15,14 +15,13 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.h,v 1.28 2001/03/14 19:33:00 halley Exp $ */
+/* $Id: query.h,v 1.23.4.1 2001/01/09 22:32:38 bwelling Exp $ */
 
 #ifndef NAMED_QUERY_H
 #define NAMED_QUERY_H 1
 
 #include <isc/types.h>
 #include <isc/buffer.h>
-#include <isc/netaddr.h>
 
 #include <dns/types.h>
 #include <dns/a6.h>
@@ -39,9 +38,9 @@ typedef struct ns_dbversion {
 struct ns_query {
 	unsigned int			attributes;
 	unsigned int			restarts;
-	isc_boolean_t			timerset;
 	dns_name_t *			qname;
 	dns_name_t *			origqname;
+	dns_rdataset_t *		qrdataset;
 	unsigned int			dboptions;
 	unsigned int			fetchoptions;
 	dns_db_t *			gluedb;
@@ -51,12 +50,6 @@ struct ns_query {
 	isc_bufferlist_t		namebufs;
 	ISC_LIST(ns_dbversion_t)	activeversions;
 	ISC_LIST(ns_dbversion_t)	freeversions;
-	/*
-	 * Additional state used during IPv6 response synthesis only.
-	 */
-	struct {
-		isc_netaddr_t na;
-	} synth;
 };
 
 #define NS_QUERYATTR_RECURSIONOK	0x0001
@@ -69,8 +62,6 @@ struct ns_query {
 #define NS_QUERYATTR_QUERYOK		0x0080
 #define NS_QUERYATTR_WANTRECURSION	0x0100
 #define NS_QUERYATTR_WANTDNSSEC		0x0200
-#define NS_QUERYATTR_NOAUTHORITY	0x0400
-#define NS_QUERYATTR_NOADDITIONAL	0x0800
 
 isc_result_t
 ns_query_init(ns_client_t *client);

bin/named/include/named/server.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.52 2001/02/14 03:50:08 gson Exp $ */
+/* $Id: server.h,v 1.48.2.1 2001/01/09 22:32:39 bwelling Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
@@ -41,17 +41,16 @@ struct ns_server {
 
 	isc_task_t *		task;
 
+	/* Common rwlock for the server's configurable data. */
+	isc_rwlock_t		conflock;
+
 	/* Configurable data. */
 	isc_quota_t		xfroutquota;
 	isc_quota_t		tcpquota;
 	isc_quota_t		recursionquota;
 	dns_acl_t		*blackholeacl;
 
-        /*
-	 * Current ACL environment.  This defines the
-	 * current values of the localhost and localnets
-	 * ACLs.
-	 */
+	/* Not really configurable, but covered by conflock. */
 	dns_aclenv_t		aclenv;
 
 	/* Server data structures. */
@@ -61,11 +60,8 @@ struct ns_server {
 	ns_interfacemgr_t *	interfacemgr;
 	dns_db_t *		in_roothints;
 	dns_tkeyctx_t *		tkeyctx;
-
 	isc_timer_t *		interface_timer;
 	isc_timer_t *		heartbeat_timer;
-	isc_uint32_t		interface_interval;
-	isc_uint32_t		heartbeat_interval;
 
 	isc_mutex_t		reload_event_lock;
 	isc_event_t *		reload_event;
@@ -142,10 +138,4 @@ ns_server_dumpstats(ns_server_t *server);
 isc_result_t
 ns_server_dumpdb(ns_server_t *server);
 
-/*
- * Change or increment the server debug level.
- */
-isc_result_t
-ns_server_setdebuglevel(ns_server_t *server, char *args);
-
 #endif /* NAMED_SERVER_H */

bin/named/include/named/sortlist.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sortlist.h,v 1.4 2001/01/09 21:40:29 bwelling Exp $ */
+/* $Id: sortlist.h,v 1.3.4.1 2001/01/09 22:32:40 bwelling Exp $ */
 
 #ifndef NAMED_SORTLIST_H
 #define NAMED_SORTLIST_H 1

bin/named/include/named/tkeyconf.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tkeyconf.h,v 1.9 2001/03/04 21:21:36 bwelling Exp $ */
+/* $Id: tkeyconf.h,v 1.7.4.1 2001/01/09 22:32:41 bwelling Exp $ */
 
 #ifndef NS_TKEYCONF_H
 #define NS_TKEYCONF_H 1
@@ -23,19 +23,19 @@
 #include <isc/types.h>
 #include <isc/lang.h>
 
-#include <isccfg/cfg.h>
+#include <dns/confctx.h>
 
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx,
-		      dns_tkeyctx_t **tctxp);
+ns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
+		       dns_tkeyctx_t **tctxp);
 /*
  * 	Create a TKEY context and configure it, including the default DH key
- *	and default domain, according to 'options'.
+ *	and default domain, according to 'cfg'.
  *
  *	Requires:
- *		'cfg' is a valid configuration options object.
+ *		'cfg' is a valid configuration context.
  *		'mctx' is not NULL
  *		'ectx' is not NULL
  *		'tctx' is not NULL

bin/named/include/named/tsigconf.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tsigconf.h,v 1.9 2001/03/04 21:21:37 bwelling Exp $ */
+/* $Id: tsigconf.h,v 1.7.4.1 2001/01/09 22:32:43 bwelling Exp $ */
 
 #ifndef NS_TSIGCONF_H
 #define NS_TSIGCONF_H 1
@@ -23,17 +23,19 @@
 #include <isc/types.h>
 #include <isc/lang.h>
 
+#include <dns/confctx.h>
+
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig,
-			  isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
+ns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
+			   isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
 /*
  * Create a TSIG key ring and configure it according to the 'key'
- * statements in the global and view configuration objects.
+ * statements in 'confview' and 'confctx'.
  *
  *	Requires:
- *		'config' is not NULL.
+ *		'confctx' is a valid configuration context.
  *		'mctx' is not NULL
  *		'ring' is not NULL, and '*ring' is NULL
  *

bin/named/include/named/types.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.18 2001/01/09 21:40:32 bwelling Exp $ */
+/* $Id: types.h,v 1.17.4.1 2001/01/09 22:32:44 bwelling Exp $ */
 
 #ifndef NAMED_TYPES_H
 #define NAMED_TYPES_H 1

bin/named/include/named/update.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.h,v 1.8 2001/01/09 21:40:33 bwelling Exp $ */
+/* $Id: update.h,v 1.7.4.1 2001/01/09 22:32:45 bwelling Exp $ */
 
 #ifndef NAMED_UPDATE_H
 #define NAMED_UPDATE_H 1

bin/named/include/named/xfrout.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.h,v 1.7 2001/01/09 21:40:34 bwelling Exp $ */
+/* $Id: xfrout.h,v 1.6.4.1 2001/01/09 22:32:46 bwelling Exp $ */
 
 #ifndef NAMED_XFROUT_H
 #define NAMED_XFROUT_H 1

bin/named/include/named/zoneconf.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.h,v 1.16 2001/03/04 21:21:39 bwelling Exp $ */
+/* $Id: zoneconf.h,v 1.14.4.1 2001/01/09 22:32:47 bwelling Exp $ */
 
 #ifndef NS_ZONECONF_H
 #define NS_ZONECONF_H 1
@@ -23,15 +23,13 @@
 #include <isc/lang.h>
 #include <isc/types.h>
 
-#include <isccfg/cfg.h>
-
 #include <named/aclconf.h>
 
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
-		  ns_aclconfctx_t *ac, dns_zone_t *zone);
+ns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, dns_c_zone_t *czone,
+		   ns_aclconfctx_t *ac, dns_zone_t *zone);
 /*
  * Configure or reconfigure a zone according to the named.conf
  * data in 'cctx' and 'czone'.
@@ -48,14 +46,20 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
  */
 
 isc_boolean_t
-ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig);
+ns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone);
 /*
  * If 'zone' can be safely reconfigured according to the configuration
- * data in 'zconfig', return ISC_TRUE.  If the configuration data is so
+ * data in 'czone', return ISC_TRUE.  If the configuration data is so
  * different from the current zone state that the zone needs to be destroyed
  * and recreated, return ISC_FALSE.
  */
 
+isc_result_t
+ns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zonemgr);
+/*
+ * Configure the zone manager according to the named.conf data
+ * in 'cctx'.
+ */
 ISC_LANG_ENDDECLS
 
 #endif /* NS_ZONECONF_H */

bin/named/interfacemgr.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.57 2001/02/27 04:20:44 bwelling Exp $ */
+/* $Id: interfacemgr.c,v 1.54.2.1 2001/01/09 22:31:52 bwelling Exp $ */
 
 #include <config.h>
 
@@ -244,7 +244,6 @@ ns_interface_listenudp(ns_interface_t *ifp) {
 		attrs |= DNS_DISPATCHATTR_IPV4;
 	else
 		attrs |= DNS_DISPATCHATTR_IPV6;
-	attrs |= DNS_DISPATCHATTR_NOLISTEN;
 	attrmask = 0;
 	attrmask |= DNS_DISPATCHATTR_UDP | DNS_DISPATCHATTR_TCP;
 	attrmask |= DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_IPV6;
@@ -270,8 +269,6 @@ ns_interface_listenudp(ns_interface_t *ifp) {
 	return (ISC_R_SUCCESS);
 
  addtodispatch_failure:
-	dns_dispatch_changeattributes(ifp->udpdispatch, 0,
-				      DNS_DISPATCHATTR_NOLISTEN);
 	dns_dispatch_detach(&ifp->udpdispatch);
  udp_dispatch_failure:
 	return (result);
@@ -376,11 +373,8 @@ ns_interface_destroy(ns_interface_t *ifp) {
 
 	ns_interface_shutdown(ifp);
 
-	if (ifp->udpdispatch != NULL) {
-		dns_dispatch_changeattributes(ifp->udpdispatch, 0,
-					      DNS_DISPATCHATTR_NOLISTEN);
+	if (ifp->udpdispatch != NULL)
 		dns_dispatch_detach(&ifp->udpdispatch);
-	}
 	if (ifp->tcpsocket != NULL)
 		isc_socket_detach(&ifp->tcpsocket);
 
@@ -674,15 +668,12 @@ ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose) {
 
 	mgr->generation++;	/* Increment the generation count. */
 
-	if (isc_net_probeipv6() == ISC_R_SUCCESS)
+	if (isc_net_probeipv6() == ISC_R_SUCCESS) {
 		do_ipv6(mgr);
-#ifdef WANT_IPV6
-	else
+	} else
 		isc_log_write(IFMGR_COMMON_LOGARGS,
 			      verbose ? ISC_LOG_INFO : ISC_LOG_DEBUG(1),
 			      "no IPv6 interfaces found");
-#endif
-
 	if (isc_net_probeipv4() == ISC_R_SUCCESS)
 		do_ipv4(mgr);
 	else

bin/named/listenlist.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.c,v 1.9 2001/01/09 21:39:43 bwelling Exp $ */
+/* $Id: listenlist.c,v 1.8.4.1 2001/01/09 22:31:53 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/log.c

@@ -15,14 +15,12 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.c,v 1.31 2001/03/27 00:44:31 bwelling Exp $ */
+/* $Id: log.c,v 1.27.2.1 2001/01/09 22:31:54 bwelling Exp $ */
 
 #include <config.h>
 
 #include <isc/result.h>
 
-#include <isccfg/log.h>
-
 #include <named/log.h>
 
 /*
@@ -52,7 +50,7 @@ static isc_logmodule_t modules[] = {
 	{ "xfer-in",	 		0 },
 	{ "xfer-out",	 		0 },
 	{ "notify",	 		0 },
-	{ "control",	 		0 },
+	{ "omapi",	 		0 },
 	{ "lwresd",	 		0 },
 	{ NULL, 			0 }
 };
@@ -77,7 +75,6 @@ ns_log_init(isc_boolean_t safe) {
 	isc_log_setcontext(ns_g_lctx);
 	dns_log_init(ns_g_lctx);
 	dns_log_setcontext(ns_g_lctx);
-	cfg_log_init(ns_g_lctx);
 
 	if (safe)
 		result = ns_log_setsafechannels(lcfg);

bin/named/logconf.c

@@ -15,17 +15,13 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.28 2001/03/04 21:21:22 bwelling Exp $ */
+/* $Id: logconf.c,v 1.26.4.3 2001/05/02 19:34:10 gson Exp $ */
 
 #include <config.h>
 
-#include <isc/offset.h>
 #include <isc/result.h>
+#include <isc/stdio.h>
 #include <isc/string.h>
-#include <isc/syslog.h>
-
-#include <isccfg/cfg.h>
-#include <isccfg/log.h>
 
 #include <named/log.h>
 #include <named/logconf.h>
@@ -40,35 +36,42 @@
  * in 'ccat' and add it to 'lctx'.
  */
 static isc_result_t
-category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
+category_fromconf(dns_c_logcat_t *ccat, isc_logconfig_t *lctx) {
 	isc_result_t result;
-	const char *catname;
+	unsigned int i;
 	isc_logcategory_t *category;
 	isc_logmodule_t *module;
-	cfg_obj_t *destinations = NULL;
-	cfg_listelt_t *element = NULL;
 
-	catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name"));
-	category = isc_log_categorybyname(ns_g_lctx, catname);
+	category = isc_log_categorybyname(ns_g_lctx, ccat->catname);
 	if (category == NULL) {
-		cfg_obj_log(ccat, ns_g_lctx, ISC_LOG_ERROR,
-			    "unknown logging category '%s' ignored",
-			    catname);
+		isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_CONFIG,
+			      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+			      "unknown logging category '%s' ignored",
+			      ccat->catname);
 		/*
 		 * Allow further processing by returning success.
 		 */
 		return (ISC_R_SUCCESS);
 	}
 
+#ifdef notyet
+	module = isc_log_modulebyname(ns_g_lctx, ccat->modname);
+	if (module == NULL) {
+		isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_CONFIG,
+			      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+			      "unknown logging module '%s' ignored",
+			      ccat->modname);
+		/*
+		 * Allow further processing by returning success.
+		 */
+		return (ISC_R_SUCCESS);
+	}
+#else
 	module = NULL;
+#endif
 
-	destinations = cfg_tuple_get(ccat, "destinations");
-	for (element = cfg_list_first(destinations);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		cfg_obj_t *channel = cfg_listelt_value(element);
-		char *channelname = cfg_obj_asstring(channel);
+	for (i = 0; i < ccat->nextcname; i++) {
+		char *channelname = ccat->channel_names[i];
 
 		result = isc_log_usechannel(lctx, channelname, category,
 					    module);
@@ -88,170 +91,181 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
  * in 'cchan' and add it to 'lctx'.
  */
 static isc_result_t
-channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
+channel_fromconf(dns_c_logchan_t *cchan, isc_logconfig_t *lctx) {
 	isc_result_t result;
 	isc_logdestination_t dest;
 	unsigned int type;
 	unsigned int flags = 0;
 	int level;
-	const char *channelname;
-	cfg_obj_t *fileobj = NULL;
-	cfg_obj_t *syslogobj = NULL;
-	cfg_obj_t *nullobj = NULL;
-	cfg_obj_t *stderrobj = NULL;
-	cfg_obj_t *severity = NULL;
-	int i;
-
-	channelname = cfg_obj_asstring(cfg_map_getname(channel));
-
-	(void)cfg_map_get(channel, "file", &fileobj);
-	(void)cfg_map_get(channel, "syslog", &syslogobj);
-	(void)cfg_map_get(channel, "null", &nullobj);
-	(void)cfg_map_get(channel, "stderr", &stderrobj);
-
-	i = 0;
-	if (fileobj != NULL)
-		i++;
-	if (syslogobj != NULL)
-		i++;
-	if (nullobj != NULL)
-		i++;
-	if (stderrobj != NULL)
-		i++;
-
-	if (i != 1) {
-		cfg_obj_log(channel, ns_g_lctx, ISC_LOG_ERROR,
-			      "channel '%s': exactly one of file, syslog, "
-			      "null, and stderr must be present", channelname);
-		return (ISC_R_FAILURE);
-	}
+	dns_c_logseverity_t severity;
 
 	type = ISC_LOG_TONULL;
-	
-	if (fileobj != NULL) {
-		cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
-		cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
-		cfg_obj_t *versionsobj = cfg_tuple_get(fileobj, "versions");
-		isc_int32_t versions = ISC_LOG_ROLLNEVER;
-		isc_offset_t size = ISC_OFFSET_MAXIMUM;
-
+	switch (cchan->ctype) {
+	case dns_c_logchan_file:
 		type = ISC_LOG_TOFILE;
-		
-		if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
-			versions = cfg_obj_asuint32(versionsobj);
-		if (sizeobj != NULL &&
-		    cfg_obj_isuint64(sizeobj) &&
-		    cfg_obj_asuint64(sizeobj) < ISC_OFFSET_MAXIMUM)
-			size = (isc_offset_t)cfg_obj_asuint64(sizeobj);
-		dest.file.stream = NULL;
-		dest.file.name = cfg_obj_asstring(pathobj);
-		dest.file.versions = versions;
-		dest.file.maximum_size = size;
-	} else if (syslogobj != NULL) {
-		int facility = LOG_DAEMON;
-
-		type = ISC_LOG_TOSYSLOG;
-
-		if (cfg_obj_isstring(syslogobj)) {
-			char *facilitystr = cfg_obj_asstring(syslogobj);
-			(void)isc_syslog_facilityfromstring(facilitystr,
-							    &facility);
+		{
+			const char *path = NULL;
+			isc_int32_t versions = ISC_LOG_ROLLNEVER;
+			/*
+			 * XXXDCL should be isc_offset_t, but that
+			 * is incompatible with dns_c_logchan_getsize.
+			 */
+			isc_uint32_t size = 0;
+			(void)dns_c_logchan_getpath(cchan, &path);
+			if (path == NULL) {
+				isc_log_write(ns_g_lctx,
+					      DNS_LOGCATEGORY_CONFIG,
+					      NS_LOGMODULE_SERVER,
+					      ISC_LOG_ERROR,
+					      "file log channel has "
+					      "no file name");
+				return (ISC_R_UNEXPECTED);
+			}
+			(void)dns_c_logchan_getversions(cchan,
+							(isc_uint32_t *)
+							&versions);
+			(void)dns_c_logchan_getsize(cchan, &size);
+			dest.file.stream = NULL;
+			dest.file.name = cchan->u.filec.path;
+			dest.file.versions = versions;
+			dest.file.maximum_size = size;
 		}
-		dest.facility = facility;
-	} else if (stderrobj != NULL) {
+		break;
+
+	case dns_c_logchan_syslog:
+		type = ISC_LOG_TOSYSLOG;
+		{
+			int facility = LOG_DAEMON;
+			(void)dns_c_logchan_getfacility(cchan, &facility);
+			dest.facility = facility;
+		}
+		break;
+
+	case dns_c_logchan_stderr:
 		type = ISC_LOG_TOFILEDESC;
-		dest.file.stream = stderr;
-		dest.file.name = NULL;
-		dest.file.versions = ISC_LOG_ROLLNEVER;
-		dest.file.maximum_size = 0;
+		{
+			dest.file.stream = stderr;
+			dest.file.name = NULL;
+			dest.file.versions = ISC_LOG_ROLLNEVER;
+			dest.file.maximum_size = 0;
+		}
+
+	case dns_c_logchan_null:
+		break;
 	}
 
 	/*
 	 * Munge flags.
 	 */
 	{
-		cfg_obj_t *printcat = NULL;
-		cfg_obj_t *printsev = NULL;
-		cfg_obj_t *printtime = NULL;
+		isc_boolean_t printcat = ISC_FALSE;
+		isc_boolean_t printsev = ISC_FALSE;
+		isc_boolean_t printtime = ISC_FALSE;
 
-		(void)cfg_map_get(channel, "print-category", &printcat);
-		(void)cfg_map_get(channel, "print-severity", &printsev);
-		(void)cfg_map_get(channel, "print-time", &printtime);
+		(void)dns_c_logchan_getprintcat(cchan, &printcat);
+		(void)dns_c_logchan_getprintsev(cchan, &printsev);
+		(void)dns_c_logchan_getprinttime(cchan, &printtime);
 
-		if (printcat != NULL && cfg_obj_asboolean(printcat))
+		if (printcat)
 			flags |= ISC_LOG_PRINTCATEGORY;
-		if (printtime != NULL && cfg_obj_asboolean(printtime))
+		if (printtime)
 			flags |= ISC_LOG_PRINTTIME;
-		if (printsev != NULL && cfg_obj_asboolean(printsev))
+		if (printsev)
 			flags |= ISC_LOG_PRINTLEVEL;
+		/* XXX ISC_LOG_PRINTMODULE */
 	}
 
 	level = ISC_LOG_INFO;
-	if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) {
-		if (cfg_obj_isstring(severity)) {
-			char *str = cfg_obj_asstring(severity);
-			if (strcasecmp(str, "critical") == 0)
-				level = ISC_LOG_CRITICAL;
-			else if (strcasecmp(str, "error") == 0)
-				level = ISC_LOG_ERROR;
-			else if (strcasecmp(str, "warning") == 0)
-				level = ISC_LOG_WARNING;
-			else if (strcasecmp(str, "notice") == 0)
-				level = ISC_LOG_NOTICE;
-			else if (strcasecmp(str, "info") == 0)
-				level = ISC_LOG_INFO;
-			else if (strcasecmp(str, "dynamic") == 0)
-				level = ISC_LOG_DYNAMIC;
-		} else
-			/* debug */
-			level = cfg_obj_asuint32(severity);
+	if (dns_c_logchan_getseverity(cchan, &severity) == ISC_R_SUCCESS) {
+		switch (severity) {
+		case dns_c_log_critical:
+			level = ISC_LOG_CRITICAL;
+			break;
+		case dns_c_log_error:
+			level = ISC_LOG_ERROR;
+			break;
+		case dns_c_log_warn:
+			level = ISC_LOG_WARNING;
+			break;
+		case dns_c_log_notice:
+			level = ISC_LOG_NOTICE;
+			break;
+		case dns_c_log_info:
+			level = ISC_LOG_INFO;
+			break;
+		case dns_c_log_debug:
+			(void)dns_c_logchan_getdebuglevel(cchan, &level);
+			break;
+		case dns_c_log_dynamic:
+			level = ISC_LOG_DYNAMIC;
+			break;
+		default:
+			level = ISC_LOG_INFO;
+			break;
+		}
 	}
 
-	result = isc_log_createchannel(lctx, channelname,
+	result = isc_log_createchannel(lctx, cchan->name,
 				       type, level, &dest, flags);
+
+	if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
+		FILE *fp;
+		
+		/*
+		 * Test that the file can be opened, since isc_log_open()
+		 * can't effectively report failures when called in
+		 * isc_log_doit().
+		 */
+		result = isc_stdio_open(dest.file.name, "a", &fp);
+		if (result != ISC_R_SUCCESS)
+			isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_CONFIG,
+				      NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
+				      "logging channel '%s' file '%s': %s",
+				      cchan->name, dest.file.name,
+				      isc_result_totext(result));
+		else
+			(void)isc_stdio_close(fp);
+
+		/*
+		 * Allow named to continue by returning success.
+		 */
+		result = ISC_R_SUCCESS;
+	}
+
 	return (result);
 }
 
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) {
+ns_log_configure(isc_logconfig_t *lcctx, dns_c_logginglist_t *clog) {
 	isc_result_t result;
-	cfg_obj_t *channels = NULL;
-	cfg_obj_t *categories = NULL;
-	cfg_listelt_t *element;
+	dns_c_logchan_t *cchan;
+	dns_c_logcat_t *ccat;
 	isc_boolean_t default_set = ISC_FALSE;
 
-	CHECK(ns_log_setdefaultchannels(logconf));
+	CHECK(ns_log_setdefaultchannels(lcctx));
 
-	(void)cfg_map_get(logstmt, "channel", &channels);
-	for (element = cfg_list_first(channels);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		cfg_obj_t *channel = cfg_listelt_value(element);
-		CHECK(channel_fromconf(channel, logconf));
+	for (cchan = ISC_LIST_HEAD(clog->channels);
+	     cchan != NULL;
+	     cchan = ISC_LIST_NEXT(cchan, next)) {
+		CHECK(channel_fromconf(cchan, lcctx));
 	}
 
-	(void)cfg_map_get(logstmt, "category", &categories);
-	for (element = cfg_list_first(categories);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		cfg_obj_t *category = cfg_listelt_value(element);
-		CHECK(category_fromconf(category, logconf));
-		if (!default_set) {
-			cfg_obj_t *catname = cfg_tuple_get(category, "name");
-			if (strcmp(cfg_obj_asstring(catname), "default"))
-				default_set = ISC_TRUE;
-		}
+	for (ccat = ISC_LIST_HEAD(clog->categories);
+	     ccat != NULL;
+	     ccat = ISC_LIST_NEXT(ccat, next)) {
+		CHECK(category_fromconf(ccat, lcctx));
+		if (! default_set)
+			default_set =
+				ISC_TF(strcmp(ccat->catname, "default") == 0);
 	}
 
-	if (!default_set)
-		CHECK(ns_log_setdefaultcategory(logconf));
+	if (! default_set)
+		CHECK(ns_log_setdefaultcategory(lcctx));
 
 	return (ISC_R_SUCCESS);
 
  cleanup:
-	if (logconf != NULL)
-		isc_logconfig_destroy(&logconf);
+	if (lcctx != NULL)
+		isc_logconfig_destroy(&lcctx);
 	return (result);
 }

bin/named/lwaddr.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.c,v 1.3 2001/01/09 21:39:46 bwelling Exp $ */
+/* $Id: lwaddr.c,v 1.2.2.1 2001/01/09 22:31:56 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdclient.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.c,v 1.13 2001/01/22 22:29:02 gson Exp $ */
+/* $Id: lwdclient.c,v 1.11.4.1 2001/01/09 22:31:57 bwelling Exp $ */
 
 #include <config.h>
 
@@ -441,6 +441,7 @@ ns_lwdclient_initialize(ns_lwdclient_t *client, ns_lwdclientmgr_t *cmgr) {
 
 	client->options = 0;
 	client->byaddr = NULL;
+	client->addrinfo = NULL;
 
 	client->lookup = NULL;
 

bin/named/lwderror.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwderror.c,v 1.7 2001/01/09 21:39:49 bwelling Exp $ */
+/* $Id: lwderror.c,v 1.6.4.1 2001/01/09 22:31:58 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdgabn.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.13 2001/01/22 22:12:16 bwelling Exp $ */
+/* $Id: lwdgabn.c,v 1.10.4.1 2001/01/09 22:32:00 bwelling Exp $ */
 
 #include <config.h>
 
@@ -608,8 +608,6 @@ ns_lwdclient_processgabn(ns_lwdclient_t *client, lwres_buffer_t *b) {
 					 b, &client->pkt, &req);
 	if (result != LWRES_R_SUCCESS)
 		goto out;
-	if (req->name == NULL)
-		goto out;
 
 	isc_buffer_init(&namebuf, req->name, req->namelen);
 	isc_buffer_add(&namebuf, req->namelen);

bin/named/lwdgnba.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgnba.c,v 1.12 2001/01/22 22:29:01 gson Exp $ */
+/* $Id: lwdgnba.c,v 1.8.4.1 2001/01/09 22:32:01 bwelling Exp $ */
 
 #include <config.h>
 
@@ -46,6 +46,7 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
 	isc_buffer_t b;
 	lwres_gnbaresponse_t *gnba;
 	isc_uint16_t naliases;
+	isc_stdtime_t now;
 
 	UNUSED(task);
 
@@ -66,7 +67,16 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
 		isc_event_free(&event);
 		bevent = NULL;
 
+		/*
+		 * Were we trying bitstring or nibble mode?  If bitstring,
+		 * and we got FORMERROR or SERVFAIL, set the flag to
+		 * avoid bitstring labels for 10 minutes.  If we got any
+		 * other error (NXDOMAIN, etc) just try again without
+		 * bitstrings, and let our cache handle the negative answer
+		 * for bitstrings.
+		 */
 		if ((client->options & DNS_BYADDROPT_IPV6NIBBLE) != 0) {
+			dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
 			if (result == DNS_R_NCACHENXDOMAIN ||
 			    result == DNS_R_NCACHENXRRSET ||
 			    result == DNS_R_NXDOMAIN ||
@@ -78,6 +88,13 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
 			return;
 		}
 
+		isc_stdtime_get(&now);
+		if (result == DNS_R_FORMERR ||
+		    result == DNS_R_SERVFAIL ||
+		    result == ISC_R_FAILURE)
+			dns_adb_setavoidbitstring(cm->view->adb,
+						  client->addrinfo, now + 600);
+
 		/*
 		 * Fall back to nibble reverse if the default of bitstrings
 		 * fails.
@@ -88,10 +105,8 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
 		return;
 	}
 
-	for (name = ISC_LIST_HEAD(bevent->names);
-	     name != NULL;
-	     name = ISC_LIST_NEXT(name, link))
-	{
+	name = ISC_LIST_HEAD(bevent->names);
+	while (name != NULL) {
 		b = client->recv_buffer;
 
 		result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
@@ -112,9 +127,11 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
 				client->recv_buffer.used - b.used;
 			gnba->naliases++;
 		}
+		name = ISC_LIST_NEXT(name, link);
 	}
 
 	dns_byaddr_destroy(&client->byaddr);
+	dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
 	isc_event_free(&event);
 
 	/*
@@ -145,6 +162,8 @@ byaddr_done(isc_task_t *task, isc_event_t *event) {
  out:
 	if (client->byaddr != NULL)
 		dns_byaddr_destroy(&client->byaddr);
+	if (client->addrinfo != NULL)
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
 	if (lwb.base != NULL)
 		lwres_context_freemem(cm->lwctx,
 				      lwb.base, lwb.length);
@@ -166,6 +185,7 @@ start_byaddr(ns_lwdclient_t *client) {
 				   client->options, cm->task, byaddr_done,
 				   client, &client->byaddr);
 	if (result != ISC_R_SUCCESS) {
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
 		ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
 		return;
 	}
@@ -251,6 +271,18 @@ ns_lwdclient_processgnba(ns_lwdclient_t *client, lwres_buffer_t *b) {
 	init_gnba(client);
 	client->options = 0;
 
+	/*
+	 * See if we should skip the byaddr bit.
+	 */
+	INSIST(client->addrinfo == NULL);
+	result = dns_adb_findaddrinfo(cm->view->adb, &sa,
+				      &client->addrinfo, 0);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	if (client->addrinfo->avoid_bitstring > 0)
+		client->options |= DNS_BYADDROPT_IPV6NIBBLE;
+
 	/*
 	 * Start the find.
 	 */

bin/named/lwdgrbn.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgrbn.c,v 1.11 2001/01/24 01:42:41 bwelling Exp $ */
+/* $Id: lwdgrbn.c,v 1.6.2.2 2001/01/23 02:05:11 gson Exp $ */
 
 #include <config.h>
 
@@ -39,6 +39,37 @@
 
 static void start_lookup(ns_lwdclient_t *);
 
+static isc_result_t
+count_rdatasets(dns_db_t *db, dns_dbnode_t *node, lwres_uint16_t *count) {
+	dns_rdatasetiter_t *iter = NULL;
+	int n = 0;
+	isc_result_t result;
+
+	result = dns_db_allrdatasets(db, node, NULL, 0, &iter);
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
+	for (result = dns_rdatasetiter_first(iter);
+	     result == ISC_R_SUCCESS;
+	     result = dns_rdatasetiter_next(iter))
+	{
+		dns_rdataset_t set;
+
+		dns_rdataset_init(&set);
+		dns_rdatasetiter_current(iter, &set);
+		if (set.type == dns_rdatatype_sig)
+			n += dns_rdataset_count(&set);
+		dns_rdataset_disassociate(&set);
+	}
+	if (result != ISC_R_NOMORE)
+		goto cleanup;
+	*count = n;
+	result = ISC_R_SUCCESS;
+ cleanup:
+	if (iter != NULL)
+		dns_rdatasetiter_destroy(&iter);
+	return (result);
+}
+
 static isc_result_t
 fill_array(int *pos, dns_rdataset_t *rdataset,
 	   int size, unsigned char **rdatas, lwres_uint16_t *rdatalen)
@@ -67,127 +98,6 @@ fill_array(int *pos, dns_rdataset_t *rdataset,
 	return (result);
 }
 
-static isc_result_t
-iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
-	     isc_mem_t *mctx)
-{
-	int used = 0, count;
-	int size = 8, oldsize = 0;
-	unsigned char **rdatas = NULL, **oldrdatas = NULL, **newrdatas = NULL;
-	lwres_uint16_t *lens = NULL, *oldlens = NULL, *newlens = NULL;
-	dns_rdatasetiter_t *iter = NULL;
-	dns_rdataset_t set;
-	dns_ttl_t ttl = ISC_INT32_MAX;
-	lwres_uint32_t flags = LWRDATA_VALIDATED;
-	isc_result_t result = ISC_R_NOMEMORY;
-
-	result = dns_db_allrdatasets(db, node, NULL, 0, &iter);
-	if (result != ISC_R_SUCCESS)
-		goto out;
-
-	rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
-	if (rdatas == NULL)
-		goto out;
-	lens = isc_mem_get(mctx, size * sizeof(*lens));
-	if (lens == NULL)
-		goto out;
-
-	for (result = dns_rdatasetiter_first(iter);
-	     result == ISC_R_SUCCESS;
-	     result = dns_rdatasetiter_next(iter))
-	{
-		result = ISC_R_NOMEMORY;
-		dns_rdataset_init(&set);
-		dns_rdatasetiter_current(iter, &set);
-
-		if (set.type != dns_rdatatype_sig) {
-			dns_rdataset_disassociate(&set);
-			continue;
-		}
-
-		count = dns_rdataset_count(&set);
-		if (used + count > size) {
-			/* copy & reallocate */
-			oldsize = size;
-			oldrdatas = rdatas;
-			oldlens = lens;
-			rdatas = NULL;
-			lens = NULL;
-
-			size *= 2;
-
-			rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
-			if (rdatas == NULL)
-				goto out;
-			lens = isc_mem_get(mctx, size * sizeof(*lens));
-			if (lens == NULL)
-				goto out;
-			memcpy(rdatas, oldrdatas, used * sizeof(*rdatas));
-			memcpy(lens, oldlens, used * sizeof(*lens));
-			isc_mem_put(mctx, oldrdatas,
-				    oldsize * sizeof(*oldrdatas));
-			isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
-			oldrdatas = NULL;
-			oldlens = NULL;
-		}
-		if (set.ttl < ttl)
-			ttl = set.ttl;
-		if (set.trust != dns_trust_secure)
-			flags &= (~LWRDATA_VALIDATED);
-		result = fill_array(&used, &set, size, rdatas, lens);
-		dns_rdataset_disassociate(&set);
-		if (result != ISC_R_SUCCESS)
-			goto out;
-	}
-	if (result == ISC_R_NOMORE)
-		result = ISC_R_SUCCESS;
-	if (result != ISC_R_SUCCESS)
-		goto out;
-	dns_rdatasetiter_destroy(&iter);
-
-	/*
-	 * If necessary, shrink and copy the arrays.
-	 */
-	if (size != used) {
-		result = ISC_R_NOMEMORY;
-		newrdatas = isc_mem_get(mctx, used * sizeof(*rdatas));
-		if (newrdatas == NULL)
-			goto out;
-		newlens = isc_mem_get(mctx, used * sizeof(*lens));
-		if (newlens == NULL)
-			goto out;
-		memcpy(newrdatas, rdatas, used * sizeof(*rdatas));
-		memcpy(newlens, lens, used * sizeof(*lens));
-		isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
-		isc_mem_put(mctx, lens, size * sizeof(*lens));
-		grbn->rdatas = newrdatas;
-		grbn->rdatalen = newlens;
-	} else {
-		grbn->rdatas = rdatas;
-		grbn->rdatalen = lens;
-	}
-	grbn->nrdatas = used;
-	grbn->ttl = ttl;
-	grbn->flags = flags;
-	return (ISC_R_SUCCESS);
-
- out:
-	dns_rdatasetiter_destroy(&iter);
-	if (rdatas != NULL)
-		isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
-	if (lens != NULL)
-		isc_mem_put(mctx, lens, size * sizeof(*lens));
-	if (oldrdatas != NULL)
-		isc_mem_put(mctx, oldrdatas, oldsize * sizeof(*oldrdatas));
-	if (oldlens != NULL)
-		isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
-	if (newrdatas != NULL)
-		isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
-	if (newlens != NULL)
-		isc_mem_put(mctx, newlens, used * sizeof(*oldlens));
-	return (result);
-}
-
 static void
 lookup_done(isc_task_t *task, isc_event_t *event) {
 	ns_lwdclient_t *client;
@@ -250,17 +160,30 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 
 	grbn->flags = 0;
 
-	grbn->nrdatas = 0;
+	rdataset = levent->rdataset;
+	if (rdataset != NULL)
+		grbn->nrdatas = dns_rdataset_count(rdataset);
+	else {
+		result = count_rdatasets(levent->db, levent->node,
+					 &grbn->nrdatas);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+	}
 	grbn->rdatas = NULL;
 	grbn->rdatalen = NULL;
 
-	grbn->nsigs = 0;
+	sigrdataset = levent->sigrdataset;
+	if (sigrdataset != NULL)
+		grbn->nsigs = dns_rdataset_count(sigrdataset);
+	else
+		grbn->nsigs = 0;
+
 	grbn->sigs = NULL;
 	grbn->siglen = NULL;
 
 	result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
 	if (result != ISC_R_SUCCESS)
-		goto out;
+			goto out;
 	grbn->realname = (char *)isc_buffer_used(&b);
 	grbn->realnamelen = isc_buffer_usedlength(&client->recv_buffer) -
 			    isc_buffer_usedlength(&b);
@@ -270,58 +193,82 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 	grbn->rdclass = cm->view->rdclass;
 	grbn->rdtype = client->rdtype;
 
-	rdataset = levent->rdataset;
-	if (rdataset != NULL) {
-		/* The normal case */
-		grbn->nrdatas = dns_rdataset_count(rdataset);
-		grbn->rdatas = isc_mem_get(cm->mctx, grbn->nrdatas *
-					   sizeof(unsigned char *));
-		if (grbn->rdatas == NULL)
-			goto out;
-		grbn->rdatalen = isc_mem_get(cm->mctx, grbn->nrdatas *
-					     sizeof(lwres_uint16_t));
-		if (grbn->rdatalen == NULL)
-			goto out;
+	/* If rdataset is NULL, get this later. */
+	if (rdataset == NULL)
+		grbn->ttl = ISC_INT32_MAX;
+	else
+		grbn->ttl = rdataset->ttl;
 
+	/* If rdataset is NULL, remove this later. */
+	if (rdataset == NULL || rdataset->trust == dns_trust_secure)
+		grbn->flags |= LWRDATA_VALIDATED;
+
+	grbn->rdatas = isc_mem_get(cm->mctx,
+				   grbn->nrdatas * sizeof(unsigned char *));
+	if (grbn->rdatas == NULL)
+		goto out;
+	grbn->rdatalen = isc_mem_get(cm->mctx,
+				     grbn->nrdatas * sizeof(lwres_uint16_t));
+	if (grbn->rdatalen == NULL)
+		goto out;
+
+	if (rdataset != NULL) {
 		i = 0;
 		result = fill_array(&i, rdataset, grbn->nrdatas, grbn->rdatas,
 				    grbn->rdatalen);
+		if (result != ISC_R_SUCCESS || i != grbn->nrdatas)
+			goto out;
+	} else {
+		dns_rdatasetiter_t *iter = NULL;
+		dns_rdataset_t set;
+
+		result = dns_db_allrdatasets(levent->db, levent->node,
+					     NULL, 0, &iter);
 		if (result != ISC_R_SUCCESS)
 			goto out;
-		INSIST(i == grbn->nrdatas);
-		grbn->ttl = rdataset->ttl;
-		if (rdataset->trust == dns_trust_secure)
-			grbn->flags |= LWRDATA_VALIDATED;
-	} else {
-		/* The SIG query case */
-		result = iterate_node(grbn, levent->db, levent->node,
-				      cm->mctx);
-		if (result != ISC_R_SUCCESS)
+		i = 0;
+		for (result = dns_rdatasetiter_first(iter);
+		     result == ISC_R_SUCCESS;
+		     result = dns_rdatasetiter_next(iter))
+		{
+			dns_rdataset_init(&set);
+			dns_rdatasetiter_current(iter, &set);
+			if (set.type != dns_rdatatype_sig) {
+				dns_rdataset_disassociate(&set);
+				continue;
+			}
+			if (set.ttl < grbn->ttl)
+				grbn->ttl = set.ttl;
+			if (set.trust < dns_trust_secure)
+				grbn->flags &= (~LWRDATA_VALIDATED);
+			result = fill_array(&i, &set, grbn->nrdatas,
+					    grbn->rdatas, grbn->rdatalen);
+			dns_rdataset_disassociate(&set);
+			if (result != ISC_R_SUCCESS)
+				break;
+		}
+		dns_rdatasetiter_destroy(&iter);
+		if (result == ISC_R_NOMORE)
+			result = ISC_R_SUCCESS;
+		if (result != ISC_R_SUCCESS || i != grbn->nrdatas)
 			goto out;
 	}
-	ns_lwdclient_log(50, "filled in %d rdata%s", grbn->nrdatas,
-			 (grbn->nrdatas == 1) ? "" : "s");
 
-	sigrdataset = levent->sigrdataset;
+	grbn->sigs = isc_mem_get(cm->mctx, grbn->nsigs *
+				 sizeof(unsigned char *));
+	if (grbn->sigs == NULL)
+		goto out;
+	grbn->siglen = isc_mem_get(cm->mctx, grbn->nsigs *
+				   sizeof(lwres_uint16_t));
+	if (grbn->siglen == NULL)
+		goto out;
+	
 	if (sigrdataset != NULL) {
-		grbn->nsigs = dns_rdataset_count(sigrdataset);
-		grbn->sigs = isc_mem_get(cm->mctx, grbn->nsigs *
-					 sizeof(unsigned char *));
-		if (grbn->sigs == NULL)
-			goto out;
-		grbn->siglen = isc_mem_get(cm->mctx, grbn->nsigs *
-					   sizeof(lwres_uint16_t));
-		if (grbn->siglen == NULL)
-			goto out;
-
 		i = 0;
 		result = fill_array(&i, sigrdataset, grbn->nsigs, grbn->sigs,
 				    grbn->siglen);
-		if (result != ISC_R_SUCCESS)
+		if (result != ISC_R_SUCCESS || i != grbn->nsigs)
 			goto out;
-		INSIST(i == grbn->nsigs);
-		ns_lwdclient_log(50, "filled in %d signature%s", grbn->nsigs,
-				 (grbn->nsigs == 1) ? "" : "s");
 	}
 
 	dns_lookup_destroy(&client->lookup);
@@ -345,12 +292,10 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 	isc_mem_put(cm->mctx, grbn->rdatalen,
 		    grbn->nrdatas * sizeof(lwres_uint16_t));
 
-	if (grbn->sigs != NULL)
-		isc_mem_put(cm->mctx, grbn->sigs,
-			    grbn->nsigs * sizeof(unsigned char *));
-	if (grbn->siglen != NULL)
-		isc_mem_put(cm->mctx, grbn->siglen,
-			    grbn->nsigs * sizeof(lwres_uint16_t));
+	isc_mem_put(cm->mctx, grbn->sigs,
+		    grbn->nsigs * sizeof(unsigned char *));
+	isc_mem_put(cm->mctx, grbn->siglen,
+		    grbn->nsigs * sizeof(lwres_uint16_t));
 
 	r.base = lwb.base;
 	r.length = lwb.used;
@@ -386,9 +331,6 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 
 	if (event != NULL)
 		isc_event_free(&event);
-
-	ns_lwdclient_log(50, "error constructing getrrsetbyname response");
-	ns_lwdclient_errorpktsend(client, LWRES_R_FAILURE);
 }
 
 static void

bin/named/lwdnoop.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdnoop.c,v 1.6 2001/01/09 21:39:53 bwelling Exp $ */
+/* $Id: lwdnoop.c,v 1.5.4.1 2001/01/09 22:32:03 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwresd.8

@@ -1,136 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "LWRESD" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-lwresd \- lightweight resolver daemon
-.SH SYNOPSIS
-.sp
-\fBlwresd\fR [ \fB-C \fIconfig-file\fB\fR ]  [ \fB-d \fIdebug-level\fB\fR ]  [ \fB-f\fR ]  [ \fB-g\fR ]  [ \fB-i \fIpid-file\fB\fR ]  [ \fB-n \fI#cpus\fB\fR ]  [ \fB-P \fIport\fB\fR ]  [ \fB-p \fIport\fB\fR ]  [ \fB-s\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-u \fIuser\fB\fR ]  [ \fB-v\fR ] 
-.SH "DESCRIPTION"
-.PP
-\fBlwresd\fR is the daemon providing name lookup
-services to clients that use the BIND 9 lightweight resolver
-library. It is essentially a stripped-down, caching-only name
-server that answers queries using the BIND 9 lightweight
-resolver protocol rather than the DNS protocol.
-.PP
-\fBlwresd\fR listens for resolver queries on a
-UDP port on the IPv4 loopback interface, 127.0.0.1. This
-means that \fBlwresd\fR can only be used by
-processes running on the local machine. By default UDP port
-number 921 is used for lightweight resolver requests and
-responses.
-.PP
-Incoming lightweight resolver requests are decoded by the
-server which then resolves them using the DNS protocol. When
-the DNS lookup completes, \fBlwresd\fR encodes
-the answers in the lightweight resolver format and returns
-them to the client that made the request.
-.PP
-If \fI/etc/resolv.conf\fR contains any
-\fBnameserver\fR entries, \fBlwresd\fR
-sends recursive DNS queries to those servers. This is similar
-to the use of forwarders in a caching name server. If no
-\fBnameserver\fR entries are present, or if
-forwarding fails, \fBlwresd\fR resolves the
-queries autonomously starting at the root name servers, using
-a built-in list of root server hints.
-.SH "OPTIONS"
-.TP
-\fB-C \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
-\fI/etc/resolv.conf\fR.
-.TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBlwresd\fR become
-more verbose as the debug level increases.
-.TP
-\fB-f\fR
-Run the server in the foreground (i.e. do not daemonize).
-.TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
-.TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBlwresd\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
-.TP
-\fB-P \fIport\fB\fR
-Listen for lightweight resolver queries on port
-\fIport\fR. If
-not specified, the default is port 921.
-.TP
-\fB-p \fIport\fB\fR
-Send DNS lookups to port \fIport\fR. If not
-specified, the default is port 53. This provides a
-way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard
-port number.
-.TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR on exit.
-.sp
-.RS
-.B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
-.RE
-.sp
-.TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
-.RS
-.B "Warning:"
-This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
-.RE
-.sp
-.TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
-.TP
-\fB-v\fR
-Report the version number and exit.
-.SH "FILES"
-.TP
-\fB\fI/etc/resolv.conf\fB\fR
-The default configuration file.
-.TP
-\fB\fI/var/run/lwresd.pid\fB\fR
-The default process-id file.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fBlwres\fR(3),
-\fBresolver\fR(5).
-.SH "AUTHOR"
-.PP
-Internet Software Consortium

bin/named/lwresd.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.36 2001/04/02 22:52:07 bwelling Exp $ */
+/* $Id: lwresd.c,v 1.27.2.2 2001/01/19 02:37:51 gson Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.
@@ -33,18 +33,16 @@
 #include <isc/magic.h>
 #include <isc/mem.h>
 #include <isc/once.h>
-#include <isc/print.h>
 #include <isc/socket.h>
 #include <isc/task.h>
 #include <isc/util.h>
 
-#include <isccfg/cfg.h>
-
+#include <dns/confctx.h>
+#include <dns/conflwres.h>
 #include <dns/log.h>
 #include <dns/result.h>
 #include <dns/view.h>
 
-#include <named/config.h>
 #include <named/globals.h>
 #include <named/log.h>
 #include <named/lwaddr.h>
@@ -98,32 +96,88 @@ ns__lwresd_memfree(void *arg, void *mem, size_t size) {
 	} while (0)
 
 static isc_result_t
-buffer_putstr(isc_buffer_t *b, const char *s) {
-	unsigned int len = strlen(s);
-	if (isc_buffer_availablelength(b) <= len)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putmem(b, (const unsigned char *)s, len);
+parse_sortlist(lwres_conf_t *lwc, isc_mem_t *mctx,
+	       dns_c_ipmatchlist_t **sortlist)
+{
+	dns_c_ipmatchlist_t *inner = NULL, *middle = NULL, *outer = NULL;
+	dns_c_ipmatchelement_t *element = NULL;
+	int i;
+	isc_result_t result;
+
+	REQUIRE(sortlist != NULL && *sortlist == NULL);
+
+	REQUIRE (lwc->sortlistnxt > 0);
+
+	CHECK(dns_c_ipmatchlist_new(mctx, &middle));
+
+	CHECK(dns_c_ipmatchany_new(mctx, &element));
+	ISC_LIST_APPEND(middle->elements, element, next);
+	element = NULL;
+
+	CHECK(dns_c_ipmatchlist_new(mctx, &inner));
+	for (i = 0; i < lwc->sortlistnxt; i++) {
+		isc_sockaddr_t sa;
+		isc_netaddr_t ma;
+		unsigned int mask;
+
+		CHECK(lwaddr_sockaddr_fromlwresaddr(&sa,
+						    &lwc->sortlist[i].addr,
+						    0));
+		CHECK(lwaddr_netaddr_fromlwresaddr(&ma,
+						   &lwc->sortlist[i].mask));
+		CHECK(isc_netaddr_masktoprefixlen(&ma, &mask));
+		CHECK(dns_c_ipmatchpattern_new(mctx, &element, sa, mask));
+		ISC_LIST_APPEND(inner->elements, element, next);
+		element = NULL;
+	}
+
+	CHECK(dns_c_ipmatchindirect_new(mctx, &element, inner, NULL));
+	dns_c_ipmatchlist_detach(&inner);
+	ISC_LIST_APPEND(middle->elements, element, next);
+	element = NULL;
+
+	CHECK(dns_c_ipmatchlist_new(mctx, &outer));
+	CHECK(dns_c_ipmatchindirect_new(mctx, &element, middle, NULL));
+	dns_c_ipmatchlist_detach(&middle);
+	ISC_LIST_APPEND(outer->elements, element, next);
+
+	*sortlist = outer;
+
 	return (ISC_R_SUCCESS);
+ cleanup:
+	if (inner != NULL)
+		dns_c_ipmatchlist_detach(&inner);
+	if (outer != NULL)
+		dns_c_ipmatchlist_detach(&outer);
+	if (element != NULL)
+		dns_c_ipmatchelement_delete(mctx, &element);
+	return (result);
 }
 
 /*
  * Convert a resolv.conf file into a config structure.
  */
 isc_result_t
-ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
-			   cfg_obj_t **configp)
-{
-	char text[4096];
-	char str[16];
-	isc_buffer_t b;
+ns_lwresd_parseresolvconf(isc_mem_t *mctx, dns_c_ctx_t **ctxp) {
+	dns_c_ctx_t *ctx = NULL;
 	lwres_context_t *lwctx = NULL;
 	lwres_conf_t *lwc = NULL;
 	isc_sockaddr_t sa;
-	isc_netaddr_t na;
 	int i;
+	in_port_t port;
+	dns_c_iplist_t *forwarders = NULL;
+	dns_c_iplist_t *locallist = NULL;
+	dns_c_lwreslist_t *lwreslist = NULL;
+	dns_c_lwres_t *lwres = NULL;
+	dns_c_search_t *search = NULL;
+	dns_c_searchlist_t *searchlist = NULL;
+	dns_c_ipmatchlist_t *sortlist = NULL;
 	isc_result_t result;
 	lwres_result_t lwresult;
+	struct in_addr localhost;
 
+	CHECK(dns_c_ctx_new(mctx, &ctx));
+	
 	lwctx = NULL;
 	lwresult = lwres_context_create(&lwctx, mctx, ns__lwresd_memalloc,
 					ns__lwresd_memfree,
@@ -142,135 +196,108 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
 	lwc = lwres_conf_get(lwctx);
 	INSIST(lwc != NULL);
 
-	isc_buffer_init(&b, text, sizeof(text));
-
-	CHECK(buffer_putstr(&b, "options {\n"));
-
 	/*
 	 * Build the list of forwarders.
 	 */
 	if (lwc->nsnext > 0) {
-		CHECK(buffer_putstr(&b, "\tforwarders {\n"));
+		CHECK(dns_c_iplist_new(mctx, lwc->nsnext, &forwarders));
+
+		if (ns_g_port != 0)
+			port = ns_g_port;
+		else
+			port = 53;
 
 		for (i = 0 ; i < lwc->nsnext ; i++) {
 			CHECK(lwaddr_sockaddr_fromlwresaddr(
 							&sa,
 							&lwc->nameservers[i],
-							ns_g_port));
-			isc_netaddr_fromsockaddr(&na, &sa);
-			CHECK(buffer_putstr(&b, "\t\t"));
-			CHECK(isc_netaddr_totext(&na, &b));
-			CHECK(buffer_putstr(&b, ";\n"));
+							port));
+			if (result != ISC_R_SUCCESS)
+				continue;
+			CHECK(dns_c_iplist_append(forwarders, sa, NULL));
+		}
+	
+		if (forwarders->nextidx != 0) {
+			CHECK(dns_c_ctx_setforwarders(ctx, ISC_FALSE,
+						      forwarders));
+			forwarders = NULL;
+			CHECK(dns_c_ctx_setforward(ctx, dns_c_forw_first));
+		}
+	}
+
+	/*
+	 * Build the search path
+	 */
+	if (lwc->searchnxt > 0) {
+		CHECK(dns_c_searchlist_new(mctx, &searchlist));
+		for (i = 0; i < lwc->searchnxt; i++) {
+			search = NULL;
+			CHECK(dns_c_search_new(mctx, lwc->search[i], &search));
+			dns_c_searchlist_append(searchlist, search);
 		}
-		CHECK(buffer_putstr(&b, "\t};\n"));
 	}
 
 	/*
 	 * Build the sortlist
 	 */
 	if (lwc->sortlistnxt > 0) {
-		CHECK(buffer_putstr(&b, "\tsortlist {\n"));
-		CHECK(buffer_putstr(&b, "\t\t{\n"));
-		CHECK(buffer_putstr(&b, "\t\t\tany;\n"));
-		CHECK(buffer_putstr(&b, "\t\t\t{\n"));
-		for (i = 0 ; i < lwc->sortlistnxt; i++) {
-			lwres_addr_t *lwaddr = &lwc->sortlist[i].addr;
-			lwres_addr_t *lwmask = &lwc->sortlist[i].mask;
-			unsigned int mask;
-
-			CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwmask, 0));
-			isc_netaddr_fromsockaddr(&na, &sa);
-			result = isc_netaddr_masktoprefixlen(&na, &mask);
-			if (result != ISC_R_SUCCESS) {
-				char addrtext[ISC_NETADDR_FORMATSIZE];
-				isc_netaddr_format(&na, addrtext,
-						   sizeof(addrtext));
-				isc_log_write(ns_g_lctx,
-					      NS_LOGCATEGORY_GENERAL,
-					      NS_LOGMODULE_LWRESD,
-					      ISC_LOG_ERROR,
-					      "processing sortlist: '%s' is "
-					      "not a valid netmask",
-					      addrtext);
-				goto cleanup;
-			}
-
-			CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, lwaddr, 0));
-			isc_netaddr_fromsockaddr(&na, &sa);
-
-			CHECK(buffer_putstr(&b, "\t\t\t\t"));
-			CHECK(isc_netaddr_totext(&na, &b));
-			snprintf(str, sizeof(str), "%u", mask);
-			CHECK(buffer_putstr(&b, "/"));
-			CHECK(buffer_putstr(&b, str));
-			CHECK(buffer_putstr(&b, ";\n"));
-		}
-		CHECK(buffer_putstr(&b, "\t\t\t};\n"));
-		CHECK(buffer_putstr(&b, "\t\t};\n"));
-		CHECK(buffer_putstr(&b, "\t};\n"));
+		CHECK(parse_sortlist(lwc, mctx, &sortlist));
+		CHECK(dns_c_ctx_setsortlist(ctx, sortlist));
+		dns_c_ipmatchlist_detach(&sortlist);
 	}
 
-	CHECK(buffer_putstr(&b, "};\n\n"));
+	CHECK(dns_c_lwreslist_new(mctx, &lwreslist));
+	CHECK(dns_c_lwres_new(mctx, &lwres));
 
-	CHECK(buffer_putstr(&b, "lwres {\n"));
+	port = lwresd_g_listenport;
+	if (port == 0)
+		port = LWRES_UDP_PORT;
 
-	/*
-	 * Build the search path
-	 */
-	if (lwc->searchnxt > 0) {
-		if (lwc->searchnxt > 0) {
-			CHECK(buffer_putstr(&b, "\tsearch {\n"));
-			for (i = 0; i < lwc->searchnxt; i++) {
-				CHECK(buffer_putstr(&b, "\t\t\""));
-				CHECK(buffer_putstr(&b, lwc->search[i]));
-			        CHECK(buffer_putstr(&b, "\";\n"));
-			}
-			CHECK(buffer_putstr(&b, "\t};\n"));
-		}
+	if (lwc->lwnext == 0) {
+		localhost.s_addr = htonl(INADDR_LOOPBACK);
+		isc_sockaddr_fromin(&sa, &localhost, port);
+	} else {
+		CHECK(lwaddr_sockaddr_fromlwresaddr(&sa, &lwc->lwservers[0],
+						    port));
 	}
 
-	/*
-	 * Build the ndots line
-	 */
-	if (lwc->ndots != 1) {
-		CHECK(buffer_putstr(&b, "\tndots "));
-		snprintf(str, sizeof(str), "%u", lwc->ndots);
-		CHECK(buffer_putstr(&b, str));
-		CHECK(buffer_putstr(&b, ";\n"));
-	}
+	CHECK(dns_c_iplist_new(mctx, 1, &locallist));
+	CHECK(dns_c_iplist_append(locallist, sa, NULL));
 
-	/*
-	 * Build the listen-on line
-	 */
-	if (lwc->lwnext > 0) {
-		CHECK(buffer_putstr(&b, "\tlisten-on {\n"));
+	CHECK(dns_c_lwres_setlistenon(lwres, locallist));
+	dns_c_iplist_detach(&locallist);
 
-		for (i = 0 ; i < lwc->lwnext ; i++) {
-			CHECK(lwaddr_sockaddr_fromlwresaddr(&sa,
-							    &lwc->lwservers[i],
-							    0));
-			isc_netaddr_fromsockaddr(&na, &sa);
-			CHECK(buffer_putstr(&b, "\t\t"));
-			CHECK(isc_netaddr_totext(&na, &b));
-			CHECK(buffer_putstr(&b, ";\n"));
-		}
-		CHECK(buffer_putstr(&b, "\t};\n"));
-	}
+	CHECK(dns_c_lwres_setsearchlist(lwres, searchlist));
+	searchlist = NULL;
 
-	CHECK(buffer_putstr(&b, "};\n"));
+	CHECK(dns_c_lwres_setndots(lwres, lwc->ndots));
 
-#if 0
-	printf("%.*s\n",
-	       (int)isc_buffer_usedlength(&b),
-	       (char *)isc_buffer_base(&b));
-#endif
+	CHECK(dns_c_lwreslist_append(lwreslist, lwres));
+	lwres = NULL;
 
-	lwres_conf_clear(lwctx);
-	lwres_context_destroy(&lwctx);
+	CHECK(dns_c_ctx_setlwres(ctx, lwreslist));
+	lwreslist = NULL;
 
-	return (cfg_parse_buffer(pctx, &b, &cfg_type_namedconf, configp));
+	*ctxp = ctx;
+
+	result = ISC_R_SUCCESS;
 
  cleanup:
+	if (result != ISC_R_SUCCESS) {
+		if (forwarders != NULL)
+			dns_c_iplist_detach(&forwarders);
+		if (locallist != NULL)
+			dns_c_iplist_detach(&locallist);
+		if (searchlist != NULL)
+			dns_c_searchlist_delete(&searchlist);
+		if (sortlist != NULL)
+			dns_c_ipmatchlist_detach(&sortlist);
+		if (lwres != NULL)
+			dns_c_lwres_delete(&lwres);
+		if (lwreslist != NULL)
+			dns_c_lwreslist_delete(&lwreslist);
+		dns_c_ctx_delete(&ctx);
+	}
 
 	if (lwctx != NULL) {
 		lwres_conf_clear(lwctx);
@@ -285,14 +312,12 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
  * Handle lwresd manager objects
  */
 isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
+ns_lwdmanager_create(isc_mem_t *mctx, dns_c_lwres_t *lwres,
 		     ns_lwresd_t **lwresdp)
 {
 	ns_lwresd_t *lwresd;
 	const char *vname;
-	dns_rdataclass_t vclass;
-	cfg_obj_t *obj, *viewobj, *searchobj;
-	cfg_listelt_t *element;
+	dns_c_search_t *search;
 	isc_result_t result;
 
 	INSIST(lwresdp != NULL && *lwresdp == NULL);
@@ -304,45 +329,29 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
 	lwresd->mctx = NULL;
 	isc_mem_attach(mctx, &lwresd->mctx);
 	lwresd->view = NULL;
+	lwresd->ndots = lwres->ndots;
 	lwresd->search = NULL;
 	lwresd->refs = 1;
 
-	obj = NULL;
-	(void)cfg_map_get(lwres, "ndots", &obj);
-	if (obj != NULL)
-		lwresd->ndots = cfg_obj_asuint32(obj);
-	else
-		lwresd->ndots = 1;
-
 	RUNTIME_CHECK(isc_mutex_init(&lwresd->lock) == ISC_R_SUCCESS);
 
 	lwresd->shutting_down = ISC_FALSE;
 
-	viewobj = NULL;
-	(void)cfg_map_get(lwres, "view", &viewobj);
-	if (viewobj != NULL) {
-		vname = cfg_obj_asstring(cfg_tuple_get(viewobj, "name"));
-		obj = cfg_tuple_get(viewobj, "class");
-		result = ns_config_getclass(obj, &vclass);
-		if (result != ISC_R_SUCCESS)
-			goto fail;
-	} else {
+	if (lwres->view == NULL)
 		vname = "_default";
-		vclass = dns_rdataclass_in;
-	}
+	else
+		vname = lwres->view;
 
-	result = dns_viewlist_find(&ns_g_server->viewlist, vname, vclass,
-				   &lwresd->view);
+	result = dns_viewlist_find(&ns_g_server->viewlist, vname,
+				   lwres->viewclass, &lwresd->view);
 	if (result != ISC_R_SUCCESS) {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
 			      NS_LOGMODULE_LWRESD, ISC_LOG_WARNING,
-			      "couldn't find view %s", vname);
+			      "couldn't find view %s", lwres->view);
 		goto fail;
 	}
 
-	searchobj = NULL;
-	cfg_map_get(lwres, "search", &searchobj);
-	if (searchobj != NULL) {
+	if (lwres->searchlist != NULL) {
 		lwresd->search = NULL;
 		result = ns_lwsearchlist_create(lwresd->mctx,
 						&lwresd->search);
@@ -352,24 +361,19 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
 				      "couldn't create searchlist");
 			goto fail;
 		}
-		for (element = cfg_list_first(searchobj);
-		     element != NULL;
-		     element = cfg_list_next(element))
+		for (search = ISC_LIST_HEAD(lwres->searchlist->searches);
+		     search != NULL;
+		     search = ISC_LIST_NEXT(search, next))
 		{
-			cfg_obj_t *search;
-			char *searchstr;
 			isc_buffer_t namebuf;
 			dns_fixedname_t fname;
 			dns_name_t *name;
 
-			search = cfg_listelt_value(element);
-			searchstr = cfg_obj_asstring(search);
-
 			dns_fixedname_init(&fname);
 			name = dns_fixedname_name(&fname);
-			isc_buffer_init(&namebuf, searchstr,
-					strlen(searchstr));
-			isc_buffer_add(&namebuf, strlen(searchstr));
+			isc_buffer_init(&namebuf, search->search,
+					strlen(search->search));
+			isc_buffer_add(&namebuf, strlen(search->search));
 			result = dns_name_fromtext(name, &namebuf,
 						   dns_rootname, ISC_FALSE,
 						   NULL);
@@ -379,7 +383,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
 					      NS_LOGMODULE_LWRESD,
 					      ISC_LOG_WARNING,
 					      "invalid name %s in searchlist",
-					      searchstr);
+					      search->search);
 				continue;
 			}
 
@@ -540,12 +544,6 @@ static isc_result_t
 listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
 	isc_socket_t *sock = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
-	int pf;
-
-	pf = isc_sockaddr_pf(address);
-	if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
-	    (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
-		return (ISC_R_FAMILYNOSUPPORT);
 
 	listener->address = *address;
 
@@ -558,7 +556,8 @@ listener_bind(ns_lwreslistener_t *listener, isc_sockaddr_t *address) {
 	}
 
 	sock = NULL;
-	result = isc_socket_create(ns_g_socketmgr, pf,
+	result = isc_socket_create(ns_g_socketmgr,
+				   isc_sockaddr_pf(&listener->address),
 				   isc_sockettype_udp, &sock);
 	if (result != ISC_R_SUCCESS) {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
@@ -733,24 +732,22 @@ configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd,
 }
 
 isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) {
-	cfg_obj_t *lwreslist = NULL;
-	cfg_obj_t *lwres = NULL;
-	cfg_obj_t *listenerslist = NULL;
-	cfg_listelt_t *element = NULL;
+ns_lwresd_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx) {
+	dns_c_lwres_t *lwres = NULL;
+	dns_c_lwreslist_t *list = NULL;
 	ns_lwreslistener_t *listener;
 	ns_lwreslistenerlist_t newlisteners;
 	isc_result_t result;
 	char socktext[ISC_SOCKADDR_FORMATSIZE];
 
 	REQUIRE(mctx != NULL);
-	REQUIRE(config != NULL);
+	REQUIRE(cctx != NULL);
 
 	RUNTIME_CHECK(isc_once_do(&once, initialize_mutex) == ISC_R_SUCCESS);
 
 	ISC_LIST_INIT(newlisteners);
 
-	result = cfg_map_get(config, "lwres", &lwreslist);
+	result = dns_c_ctx_getlwres(cctx, &list);
 	if (result != ISC_R_SUCCESS)
 		return (ISC_R_SUCCESS);
 
@@ -763,57 +760,42 @@ ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) {
 	 * the underlying config code, or to the bind attempt getting an
 	 * address-in-use error.
 	 */
-	for (element = cfg_list_first(lwreslist);
-	     element != NULL;
-	     element = cfg_list_next(element))
+	for (lwres = dns_c_lwreslist_head(list);
+	     lwres != NULL;
+	     lwres = dns_c_lwreslist_next(lwres))
 	{
+		unsigned int i;
 		ns_lwresd_t *lwresd;
-		in_port_t port;
-		isc_sockaddr_t *addrs = NULL;
-		isc_uint32_t count;
 
-		lwres = cfg_listelt_value(element);
 		lwresd = NULL;
 		result = ns_lwdmanager_create(mctx, lwres, &lwresd);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 
-		port = lwresd_g_listenport;
-		if (port == 0)
-			port = LWRES_UDP_PORT;
-
-		listenerslist = NULL;
-		cfg_map_get(lwres, "listen-on", &listenerslist);
-		if (listenerslist == NULL) {
+		if (lwres->listeners == NULL) {
 			struct in_addr localhost;
+			in_port_t port;
 			isc_sockaddr_t address;
 
+			port = lwresd_g_listenport;
+			if (port == 0)
+				port = LWRES_UDP_PORT;
 			localhost.s_addr = htonl(INADDR_LOOPBACK);
 			isc_sockaddr_fromin(&address, &localhost, port);
 			result = configure_listener(&address, lwresd,
 						    mctx, &newlisteners);
 		} else {
-			isc_uint32_t i;
-
-			result = ns_config_getiplist(config, listenerslist,
-						     port, mctx,
-						     &addrs, &count);
-			if (result != ISC_R_SUCCESS)
-				goto failure;
-			
-			for (i = 0; i < count; i++) {
-				result = configure_listener(&addrs[i], lwresd,
+			isc_sockaddr_t *address;
+			for (i = 0; i < lwres->listeners->nextidx; i++) {
+				address = &lwres->listeners->ips[i];
+				result = configure_listener(address, lwresd,
 							    mctx,
 							    &newlisteners);
 				if (result != ISC_R_SUCCESS)
-					goto failure;
+					break;
 			}
 		}
 
-	failure:
-		if (addrs != NULL)
-			ns_config_putiplist(mctx, &addrs, count);
-
 		ns_lwdmanager_detach(&lwresd);
 		if (result != ISC_R_SUCCESS)
 			return (result);

bin/named/lwresd.docbook

@@ -1,299 +0,0 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: lwresd.docbook,v 1.2 2001/03/27 20:11:03 bwelling Exp $ -->
-
-<refentry>
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>lwresd</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>lwresd</application></refname>
-    <refpurpose>lightweight resolver daemon</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>lwresd</command>
-      <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
-      <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
-      <arg><option>-f</option></arg>
-      <arg><option>-g</option></arg>
-      <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
-      <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg>
-      <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
-      <arg><option>-s</option></arg>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
-      <arg><option>-v</option></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para>
-	<command>lwresd</command> is the daemon providing name lookup
-	services to clients that use the BIND 9 lightweight resolver
-	library.  It is essentially a stripped-down, caching-only name
-	server that answers queries using the BIND 9 lightweight
-	resolver protocol rather than the DNS protocol.
-    </para>
-    <para>
-	<command>lwresd</command> listens for resolver queries on a
-	UDP port on the IPv4 loopback interface, 127.0.0.1.  This
-	means that <command>lwresd</command> can only be used by
-	processes running on the local machine.  By default UDP port
-	number 921 is used for lightweight resolver requests and
-	responses.
-    </para>
-    <para>
-	Incoming lightweight resolver requests are decoded by the
-	server which then resolves them using the DNS protocol.  When
-	the DNS lookup completes, <command>lwresd</command> encodes
-	the answers in the lightweight resolver format and returns
-	them to the client that made the request.
-    </para>
-    <para>
-	If <filename>/etc/resolv.conf</filename> contains any
-	<option>nameserver</option> entries, <command>lwresd</command>
-	sends recursive DNS queries to those servers.  This is similar
-	to the use of forwarders in a caching name server.  If no
-	<option>nameserver</option> entries are present, or if
-	forwarding fails, <command>lwresd</command> resolves the
-	queries autonomously starting at the root name servers, using
-	a built-in list of root server hints.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-C <replaceable class="parameter">config-file</replaceable></term>
-	<listitem>
-	  <para>
-		Use <replaceable
-		class="parameter">config-file</replaceable> as the
-		configuration file instead of the default,
-		<filename>/etc/resolv.conf</filename>.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-d <replaceable class="parameter">debug-level</replaceable></term>
-	<listitem>
-	  <para>
-		Set the daemon's debug level to <replaceable
-		class="parameter">debug-level</replaceable>.
-		Debugging traces from <command>lwresd</command> become
-		more verbose as the debug level increases.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-f</term>
-	<listitem>
-	  <para>
-		Run the server in the foreground (i.e. do not daemonize).
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-g</term>
-	<listitem>
-	  <para>
-		Run the server in the foreground and force all logging
-		to <filename>stderr</filename>.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-n <replaceable class="parameter">#cpus</replaceable></term>
-	<listitem>
-	  <para>
-		Create <replaceable
-		class="parameter">#cpus</replaceable> worker threads
-		to take advantage of multiple CPUs.  If not specified,
-		<command>lwresd</command> will try to determine the
-		number of CPUs present and create one thread per CPU.
-		If it is unable to determine the number of CPUs, a
-		single worker thread will be created.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-P <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-		Listen for lightweight resolver queries on port
-		<replaceable class="parameter">port</replaceable>.  If
-		not specified, the default is port 921.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port</replaceable></term>
-	<listitem>
-	  <para>
-		Send DNS lookups to port <replaceable
-		class="parameter">port</replaceable>.  If not
-		specified, the default is port 53.  This provides a
-		way of testing the lightweight resolver daemon with a
-		name server that listens for queries on a non-standard
-		port number.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s</term>
-	<listitem>
-	  <para>
-		Write memory usage statistics to <filename>stdout</filename> on exit.
-          </para>
-	  <note>
-	    <para>
-		This option is mainly of interest to BIND 9 developers
-		and may be removed or changed in a future release.
-	    </para>
-	  </note>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t <replaceable class="parameter">directory</replaceable></term>
-	<listitem>
-	  <para>
-		<function>chroot()</function> to <replaceable
-		class="parameter">directory</replaceable> after
-		processing the command line arguments, but before
-		reading the configuration file.
-          </para>
-	  <warning>
-	    <para>
-		This option should be used in conjunction with the
-		<option>-u</option> option, as chrooting a process
-		running as root doesn't enhance security on most
-		systems; the way <function>chroot()</function> is
-		defined allows a process with root privileges to
-		escape a chroot jail.
-	    </para>
-	  </warning>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-u <replaceable class="parameter">user</replaceable></term>
-	<listitem>
-	  <para>
-		<function>setuid()</function> to <replaceable
-		class="parameter">user</replaceable> after completing
-		privileged operations, such as creating sockets that
-		listen on privileged ports.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-v</term>
-	<listitem>
-	  <para>
-		Report the version number and exit.
-          </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-
-    <variablelist>
-
-      <varlistentry>
-	<term><filename>/etc/resolv.conf</filename></term>
-	<listitem>
-	  <para>
-		The default configuration file.
-          </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term><filename>/var/run/lwresd.pid</filename></term>
-	<listitem>
-	  <para>
-		The default process-id file.
-          </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para>
-	<citerefentry>
-	  <refentrytitle>named</refentrytitle>
-	  <manvolnum>8</manvolnum>
-        </citerefentry>,
-	<citerefentry>
-	  <refentrytitle>lwres</refentrytitle>
-	  <manvolnum>3</manvolnum>
-        </citerefentry>,
-	<citerefentry>
-	  <refentrytitle>resolver</refentrytitle>
-	  <manvolnum>5</manvolnum>
-        </citerefentry>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para>
-	<corpauthor>Internet Software Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry>
-
-
-<!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/named/lwresd.html

@@ -1,537 +0,0 @@
-<!--
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- - DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- - INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- - FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- - NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--->
-<HTML
-><HEAD
-><TITLE
->lwresd</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.63
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
->&nbsp;--&nbsp;lightweight resolver daemon</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->lwresd</B
->  [<TT
-CLASS="OPTION"
->-C <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-d <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-f</TT
->] [<TT
-CLASS="OPTION"
->-g</TT
->] [<TT
-CLASS="OPTION"
->-i <TT
-CLASS="REPLACEABLE"
-><I
->pid-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-n <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-P <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-p <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s</TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-u <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v</TT
->]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->DESCRIPTION</H2
-><P
->	<B
-CLASS="COMMAND"
->lwresd</B
-> is the daemon providing name lookup
-	services to clients that use the BIND 9 lightweight resolver
-	library.  It is essentially a stripped-down, caching-only name
-	server that answers queries using the BIND 9 lightweight
-	resolver protocol rather than the DNS protocol.
-    </P
-><P
->	<B
-CLASS="COMMAND"
->lwresd</B
-> listens for resolver queries on a
-	UDP port on the IPv4 loopback interface, 127.0.0.1.  This
-	means that <B
-CLASS="COMMAND"
->lwresd</B
-> can only be used by
-	processes running on the local machine.  By default UDP port
-	number 921 is used for lightweight resolver requests and
-	responses.
-    </P
-><P
->	Incoming lightweight resolver requests are decoded by the
-	server which then resolves them using the DNS protocol.  When
-	the DNS lookup completes, <B
-CLASS="COMMAND"
->lwresd</B
-> encodes
-	the answers in the lightweight resolver format and returns
-	them to the client that made the request.
-    </P
-><P
->	If <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-> contains any
-	<TT
-CLASS="OPTION"
->nameserver</TT
-> entries, <B
-CLASS="COMMAND"
->lwresd</B
->
-	sends recursive DNS queries to those servers.  This is similar
-	to the use of forwarders in a caching name server.  If no
-	<TT
-CLASS="OPTION"
->nameserver</TT
-> entries are present, or if
-	forwarding fails, <B
-CLASS="COMMAND"
->lwresd</B
-> resolves the
-	queries autonomously starting at the root name servers, using
-	a built-in list of root server hints.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN63"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-C <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-></DT
-><DD
-><P
->		Use <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-> as the
-		configuration file instead of the default,
-		<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.
-          </P
-></DD
-><DT
->-d <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
-></DT
-><DD
-><P
->		Set the daemon's debug level to <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
->.
-		Debugging traces from <B
-CLASS="COMMAND"
->lwresd</B
-> become
-		more verbose as the debug level increases.
-          </P
-></DD
-><DT
->-f</DT
-><DD
-><P
->		Run the server in the foreground (i.e. do not daemonize).
-          </P
-></DD
-><DT
->-g</DT
-><DD
-><P
->		Run the server in the foreground and force all logging
-		to <TT
-CLASS="FILENAME"
->stderr</TT
->.
-          </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-></DT
-><DD
-><P
->		Create <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-> worker threads
-		to take advantage of multiple CPUs.  If not specified,
-		<B
-CLASS="COMMAND"
->lwresd</B
-> will try to determine the
-		number of CPUs present and create one thread per CPU.
-		If it is unable to determine the number of CPUs, a
-		single worker thread will be created.
-          </P
-></DD
-><DT
->-P <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></DT
-><DD
-><P
->		Listen for lightweight resolver queries on port
-		<TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
->.  If
-		not specified, the default is port 921.
-          </P
-></DD
-><DT
->-p <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></DT
-><DD
-><P
->		Send DNS lookups to port <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
->.  If not
-		specified, the default is port 53.  This provides a
-		way of testing the lightweight resolver daemon with a
-		name server that listens for queries on a non-standard
-		port number.
-          </P
-></DD
-><DT
->-s</DT
-><DD
-><P
->		Write memory usage statistics to <TT
-CLASS="FILENAME"
->stdout</TT
-> on exit.
-          </P
-><DIV
-CLASS="NOTE"
-><BLOCKQUOTE
-CLASS="NOTE"
-><P
-><B
->Note: </B
->		This option is mainly of interest to BIND 9 developers
-		and may be removed or changed in a future release.
-	    </P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->		<TT
-CLASS="FUNCTION"
->chroot()</TT
-> to <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-> after
-		processing the command line arguments, but before
-		reading the configuration file.
-          </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
->		This option should be used in conjunction with the
-		<TT
-CLASS="OPTION"
->-u</TT
-> option, as chrooting a process
-		running as root doesn't enhance security on most
-		systems; the way <TT
-CLASS="FUNCTION"
->chroot()</TT
-> is
-		defined allows a process with root privileges to
-		escape a chroot jail.
-	    </P
-></TD
-></TR
-></TABLE
-></DIV
-></DD
-><DT
->-u <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-></DT
-><DD
-><P
->		<TT
-CLASS="FUNCTION"
->setuid()</TT
-> to <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-> after completing
-		privileged operations, such as creating sockets that
-		listen on privileged ports.
-          </P
-></DD
-><DT
->-v</DT
-><DD
-><P
->		Report the version number and exit.
-          </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN137"
-></A
-><H2
->FILES</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></DT
-><DD
-><P
->		The default configuration file.
-          </P
-></DD
-><DT
-><TT
-CLASS="FILENAME"
->/var/run/lwresd.pid</TT
-></DT
-><DD
-><P
->		The default process-id file.
-          </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN150"
-></A
-><H2
->SEE ALSO</H2
-><P
->	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->lwres</SPAN
->(3)</SPAN
->,
-	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->resolver</SPAN
->(5)</SPAN
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN162"
-></A
-><H2
->AUTHOR</H2
-><P
->	Internet Software Consortium
-    </P
-></DIV
-></BODY
-></HTML
->

bin/named/lwsearch.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.c,v 1.7 2001/01/09 21:39:55 bwelling Exp $ */
+/* $Id: lwsearch.c,v 1.6.2.1 2001/01/09 22:32:06 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/main.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.107 2001/03/29 04:23:51 gson Exp $ */
+/* $Id: main.c,v 1.97.2.1 2001/01/09 22:32:07 bwelling Exp $ */
 
 #include <config.h>
 
@@ -27,19 +27,14 @@
 #include <isc/commandline.h>
 #include <isc/entropy.h>
 #include <isc/os.h>
-#include <isc/platform.h>
 #include <isc/resource.h>
 #include <isc/task.h>
 #include <isc/timer.h>
 #include <isc/util.h>
 
-#include <isccc/result.h>
-
 #include <dns/dispatch.h>
-#include <dns/result.h>
-#include <dns/view.h>
-
 #include <dst/result.h>
+#include <dns/view.h>
 
 /*
  * Defining NS_MAIN provides storage declarations (rather than extern)
@@ -47,10 +42,10 @@
  */
 #define NS_MAIN 1
 
-#include <named/control.h>
 #include <named/globals.h>	/* Explicit, though named/log.h includes it. */
 #include <named/interfacemgr.h>
 #include <named/log.h>
+#include <named/omapi.h>
 #include <named/os.h>
 #include <named/server.h>
 #include <named/lwresd.h>
@@ -373,12 +368,8 @@ static isc_result_t
 create_managers(void) {
 	isc_result_t result;
 
-#ifdef ISC_PLATFORM_USETHREADS
 	if (ns_g_cpus == 0)
 		ns_g_cpus = isc_os_ncpus();
-#else
-	ns_g_cpus = 1;
-#endif
 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER,
 		      ISC_LOG_INFO, "using %u CPU%s",
 		      ns_g_cpus, ns_g_cpus == 1 ? "" : "s");
@@ -414,6 +405,10 @@ create_managers(void) {
 		return (ISC_R_UNEXPECTED);
 	}
 
+#ifdef PATH_RANDOMDEV
+	(void)isc_entropy_createfilesource(ns_g_entropy, PATH_RANDOMDEV);
+#endif
+
 	return (ISC_R_SUCCESS);
 }
 
@@ -421,16 +416,16 @@ static void
 destroy_managers(void) {
 	if (!ns_g_lwresdonly)
 		/*
-		 * The command channel listeners need to be stopped here so
-		 * that isc_taskmgr_destroy() won't block on the server task.
+		 * The omapi listeners need to be stopped here so that
+		 * isc_taskmgr_destroy() won't block on the omapi task.
 		 */
-		ns_control_shutdown(ISC_TRUE);
+		ns_omapi_shutdown(ISC_TRUE);
 
 	ns_lwresd_shutdown();
 
 	isc_entropy_detach(&ns_g_entropy);
 	/*
-	 * isc_taskmgr_destroy() will block until all tasks have exited,
+	 * isc_taskmgr_destroy() will  block until all tasks have exited,
 	 */
 	isc_taskmgr_destroy(&ns_g_taskmgr);
 	isc_timermgr_destroy(&ns_g_timermgr);
@@ -502,6 +497,13 @@ setup(void) {
 	/* xxdb_init(); */
 
 	ns_server_create(ns_g_mctx, &ns_g_server);
+
+	if (!ns_g_lwresdonly) {
+		result = ns_omapi_init();
+		if (result != ISC_R_SUCCESS)
+			ns_main_earlyfatal("ns_omapi_init() failed: %s",
+					   isc_result_totext(result));
+	}
 }
 
 static void
@@ -543,7 +545,6 @@ main(int argc, char *argv[]) {
 
 	dns_result_register();
 	dst_result_register();
-	isccc_result_register();
 
 	parse_command_line(argc, argv);
 
@@ -571,10 +572,8 @@ main(int argc, char *argv[]) {
 
 	cleanup();
 
-	if (want_stats) {
+	if (want_stats)
 		isc_mem_stats(ns_g_mctx, stdout);
-		isc_mutex_stats(stdout);
-	}
 	isc_mem_destroy(&ns_g_mctx);
 
 	isc_app_finish();

bin/named/named.8

@@ -1,164 +0,0 @@
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.TH "NAMED" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-named \- Internet domain name server
-.SH SYNOPSIS
-.sp
-\fBnamed\fR [ \fB-c \fIconfig-file\fB\fR ]  [ \fB-d \fIdebug-level\fB\fR ]  [ \fB-f\fR ]  [ \fB-g\fR ]  [ \fB-n \fI#cpus\fB\fR ]  [ \fB-p \fIport\fB\fR ]  [ \fB-s\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-u \fIuser\fB\fR ]  [ \fB-v\fR ]  [ \fB-x \fIcache-file\fB\fR ] 
-.SH "DESCRIPTION"
-.PP
-\fBnamed\fR is a Domain Name System (DNS) server,
-part of the BIND 9 distribution from ISC. For more
-information on the DNS, see RFCs 1033, 1034, and 1035.
-.PP
-When invoked without arguments, \fBnamed\fR will
-read the default configuration file
-\fI/etc/named.conf\fR, read any initial
-data, and listen for queries.
-.SH "OPTIONS"
-.TP
-\fB-c \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
-\fI/etc/named.conf\fR. To
-ensure that reloading the configuration file continues
-to work after the server has changed its working
-directory due to to a possible
-\fBdirectory\fR option in the configuration
-file, \fIconfig-file\fR should be
-an absolute pathname.
-.TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBnamed\fR become
-more verbose as the debug level increases.
-.TP
-\fB-f\fR
-Run the server in the foreground (i.e. do not daemonize).
-.TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
-.TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBnamed\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
-.TP
-\fB-p \fIport\fB\fR
-Listen for queries on port \fIport\fR. If not
-specified, the default is port 53.
-.TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR on exit.
-.sp
-.RS
-.B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
-.RE
-.sp
-.TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
-.RS
-.B "Warning:"
-This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
-.RE
-.sp
-.TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
-.sp
-.RS
-.B "Note:"
-On Linux, \fBnamed\fR uses the kernel's
-capability mechanism to drop all root privileges
-except the ability to \fBbind()\fR to a
-privileged port and set process resource limits.
-Unfortunately, this means that the \fB-u\fR
-option only works when \fBnamed\fR is run
-on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
-later, since previous kernels did not allow privileges
-to be retained after \fBsetuid()\fR.
-.RE
-.sp
-.TP
-\fB-v\fR
-Report the version number and exit.
-.TP
-\fB-x \fIcache-file\fB\fR
-Load data from \fIcache-file\fR into the
-cache of the default view.
-.sp
-.RS
-.B "Warning:"
-This option must not be used. It is only of interest
-to BIND 9 developers and may be removed or changed in a
-future release.
-.RE
-.sp
-.SH "SIGNALS"
-.PP
-In routine operation, signals should not be used to control
-the nameserver; \fBrndc\fR should be used
-instead.
-.TP
-\fBSIGHUP\fR
-Force a reload of the server.
-.TP
-\fBSIGINT, SIGTERM\fR
-Shut down the server.
-.PP
-The result of sending any other signals to the server is undefined.
-.PP
-.SH "CONFIGURATION"
-.PP
-The \fBnamed\fR configuration file is too complex
-to describe in detail here. A complete description is
-provided in the \fIBIND 9 Administrator Reference
-Manual\fR.
-.SH "FILES"
-.TP
-\fB\fI/etc/named.conf\fB\fR
-The default configuration file.
-.TP
-\fB\fI/var/run/named.pid\fB\fR
-The default process-id file.
-.SH "SEE ALSO"
-.PP
-\fIRFC 1033\fR,
-\fIRFC 1034\fR,
-\fIRFC 1035\fR,
-\fBrndc\fR(8),
-\fBlwresd\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
-.SH "AUTHOR"
-.PP
-Internet Software Consortium