9.4.0a6

a non slave/stub zone. [RT # 16073]

.cvsignore

@@ -5,3 +5,5 @@ config.cache
 config.status
 libtool
 isc-config.sh
+configure.lineno
+autom4te.cache

Atffile

@@ -1,5 +0,0 @@
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = bind9
-
-tp: lib

COPYRIGHT

@@ -1,14 +1,30 @@
-Copyright (C) 1996-2000  Internet Software Consortium.
+Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
-THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+$Id: COPYRIGHT,v 1.9.18.2 2006/01/04 00:37:23 marka Exp $
+
+Portions Copyright (C) 1996-2001  Nominum, Inc.
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

HISTORY

@@ -1,313 +0,0 @@
-Summary of functional enhancements from prior major releases of BIND 9:
-
-BIND 9.6.0
-
-        Full NSEC3 support
-
-        Automatic zone re-signing
-
-	New update-policy methods tcp-self and 6to4-self
-
-        The BIND 8 resolver library, libbind, has been removed from the
-        BIND 9 distribution and is now available as a separate download.
-
-	Change the default pid file location from /var/run to
-	/var/run/{named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
-	GSS-TSIG support (RFC 3645).
-
-	DHCID support.
-
-	Experimental http server and statistics support for named via xml.
-
-	More detailed statistics counters including those supported in BIND 8.
-
-	Faster ACL processing.
-
-	Use Doxygen to generate internal documentation.
-
-        Efficient LRU cache-cleaning mechanism.
-
-        NSID support.
-
-BIND 9.4.0
-
-	Implemented "additional section caching (or acache)", an
-	internal cache framework for additional section content to
-	improve response performance.  Several configuration options
-	were provided to control the behavior.
-
-	New notify type 'master-only'.  Enable notify for master
-	zones only.
-
-	Accept 'notify-source' style syntax for query-source.
-
-	rndc now allows addresses to be set in the server clauses.
-
-	New option "allow-query-cache".  This lets "allow-query"
-	be used to specify the default zone access level rather
-	than having to have every zone override the global value.
-	"allow-query-cache" can be set at both the options and view
-	levels.  If "allow-query-cache" is not set then "allow-recursion"
-	is used if set, otherwise "allow-query" is used if set
-	unless "recursion no;" is set in which case "none;" is used,
-	otherwise the default (localhost; localnets;) is used.
-
-	rndc: the source address can now be specified.
-
-	ixfr-from-differences now takes master and slave in addition
-	to yes and no at the options and view levels.
-
-	Allow the journal's name to be changed via named.conf.
-
-	'rndc notify zone [class [view]]' resend the NOTIFY messages
-	for the specified zone.
-
-	'dig +trace' now randomly selects the next servers to try.
-	Report if there is a bad delegation.
-
-	Improve check-names error messages.
-
-	Make public the function to read a key file, dst_key_read_public().
-
-	dig now returns the byte count for axfr/ixfr.
-			
-	allow-update is now settable at the options / view level.
-
-	named-checkconf now checks the logging configuration.
-
-	host now can turn on memory debugging flags with '-m'.
-
-	Don't send notify messages to self.
-
-	Perform sanity checks on NS records which refer to 'in zone' names.
-
-	New zone option "notify-delay".  Specify a minimum delay
-	between sets of NOTIFY messages.
-
-	Extend adjusting TTL warning messages.
-
-	Named and named-checkzone can now both check for non-terminal
-	wildcard records.
-
-	"rndc freeze/thaw" now freezes/thaws all zones.
-
-	named-checkconf now check acls to verify that they only
-	refer to existing acls.
-
-	The server syntax has been extended to support a range of
-	servers.
-
-	Report differences between hints and real NS rrset and
-	associated address records.
-
-	Preserve the case of domain names in rdata during zone
-	transfers.
-
-	Restructured the data locking framework using architecture
-	dependent atomic operations (when available), improving
-	response performance on multi-processor machines significantly.
-	x86, x86_64, alpha, powerpc, and mips are currently supported.
-
-	UNIX domain controls are now supported.
-
-	Add support for additional zone file formats for improving
-	loading performance.  The masterfile-format option in
-	named.conf can be used to specify a non-default format.  A
-	separate command named-compilezone was provided to generate
-	zone files in the new format.  Additionally, the -I and -O
-	options for dnssec-signzone specify the input and output
-	formats.
-
-	dnssec-signzone can now randomize signature end times
-	(dnssec-signzone -j jitter).
-
-	Add support for CH A record.
-
-	Add additional zone data constancy checks.  named-checkzone
-	has extended checking of NS, MX and SRV record and the hosts
-	they reference.  named has extended post zone load checks.
-	New zone options: check-mx and integrity-check.
-
-
-	edns-udp-size can now be overridden on a per server basis.
-
-	dig can now specify the EDNS version when making a query.
-
-	Added framework for handling multiple EDNS versions.
-
-	Additional memory debugging support to track size and mctx
-	arguments.
-
-	Detect duplicates of UDP queries we are recursing on and
-	drop them.  New stats category "duplicates".
-
-	"USE INTERNAL MALLOC" is now runtime selectable.
-
-	The lame cache is now done on a <qname,qclass,qtype> basis
-	as some servers only appear to be lame for certain query
-	types.
-
-	Limit the number of recursive clients that can be waiting
-	for a single query (<qname,qtype,qclass>) to resolve.  New
-	options clients-per-query and max-clients-per-query.
-
-	dig: report the number of extra bytes still left in the
-	packet after processing all the records.
-
-	Support for IPSECKEY rdata type.
-
-	Raise the UDP recieve buffer size to 32k if it is less than 32k.
-
-	x86 and x86_64 now have seperate atomic locking implementations.
-
-	named-checkconf now validates update-policy entries.
-
-	Attempt to make the amount of work performed in a iteration
-	self tuning.  The covers nodes clean from the cache per
-	iteration, nodes written to disk when rewriting a master
-	file and nodes destroyed per iteration when destroying a
-	zone or a cache.
-
-	ISC string copy API.
-
-	Automatic empty zone creation for D.F.IP6.ARPA and friends.
-	Note: RFC 1918 zones are not yet covered by this but are
-	likely to be in a future release.
-
-	New options: empty-server, empty-contact, empty-zones-enable
-	and disable-empty-zone.
-
-	dig now has a '-q queryname' and '+showsearch' options.
-
-	host/nslookup now continue (default)/fail on SERVFAIL.
-
-	dig now warns if 'RA' is not set in the answer when 'RD'
-	was set in the query.  host/nslookup skip servers that fail
-	to set 'RA' when 'RD' is set unless a server is explicitly
-	set.
-
-	Integrate contibuted DLZ code into named.
-
-	Integrate contibuted IDN code from JPNIC.
-
-	libbind: corresponds to that from BIND 8.4.7.
-
-BIND 9.3.0
-
-	DNSSEC is now DS based (RFC 3658).
-	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
-
-	DNSSEC lookaside validation.
-
-	check-names is now implemented.
-	rrset-order in more complete.
-
-	IPv4/IPv6 transition support, dual-stack-servers.
-
-	IXFR deltas can now be generated when loading master files,
-	ixfr-from-differences.
-
-	It is now possible to specify the size of a journal, max-journal-size.
-
-	It is now possible to define a named set of master servers to be
-	used in masters clause, masters.
-
-	The advertised EDNS UDP size can now be set, edns-udp-size.
-
-	allow-v6-synthesis has been obsoleted.
-
-	NOTE:
-	* Zones containing MD and MF will now be rejected.
-	* dig, nslookup name. now report "Not Implemented" as
-	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
-	  that are looking for NOTIMPL.
-
-	libbind: corresponds to that from BIND 8.4.5.
-
-BIND 9.2.0
-
-	The size of the cache can now be limited using the
-        "max-cache-size" option.
-
-	The server can now automatically convert RFC1886-style recursive
-	lookup requests into RFC2874-style lookups, when enabled using the
-	new option "allow-v6-synthesis".  This allows stub resolvers that
-	support AAAA records but not A6 record chains or binary labels to
-	perform lookups in domains that make use of these IPv6 DNS
-	features.
-
-	Performance has been improved.
-
-	The man pages now use the more portable "man" macros rather than
-	the "mandoc" macros, and are installed by "make install".
-
-	The named.conf parser has been completely rewritten.  It now
-	supports "include" directives in more places such as inside "view"
-	statements, and it no longer has any reserved words.
-
-	The "rndc status" command is now implemented.
-
-	rndc can now be configured automatically.
-
-	A BIND 8 compatible stub resolver library is now included in
-	lib/bind.
-
-	OpenSSL has been removed from the distribution.  This means that to
-	use DNSSEC, OpenSSL must be installed and the --with-openssl option
-	must be supplied to configure.  This does not apply to the use of
-	TSIG, which does not require OpenSSL.
-
-	The source distribution now builds on Windows.  See
-	win32utils/readme1.txt and win32utils/win32-build.txt for details.
-
-	This distribution also includes a new lightweight stub
-	resolver library and associated resolver daemon that fully
-	support forward and reverse lookups of both IPv4 and IPv6
-	addresses.  This library is considered experimental and
-	is not a complete replacement for the BIND 8 resolver library.
-	Applications that use the BIND 8 res_* functions to perform
-	DNS lookups or dynamic updates still need to be linked against
-	the BIND 8 libraries.  For DNS lookups, they can also use the
-	new "getrrsetbyname()" API.
-
-	BIND 9.2 is capable of acting as an authoritative server
-	for DNSSEC secured zones.  This functionality is believed to
-	be stable and complete except for lacking support for
-	verifications involving wildcard records in secure zones.
-
-	When acting as a caching server, BIND 9.2 can be configured
-	to perform DNSSEC secure resolution on behalf of its clients.
-	This part of the DNSSEC implementation is still considered
-	experimental.  For detailed information about the state of the
-	DNSSEC implementation, see the file doc/misc/dnssec.
-
-	There are a few known bugs:
-
-	    On some systems, IPv6 and IPv4 sockets interact in
-	    unexpected ways.  For details, see doc/misc/ipv6.
-	    To reduce the impact of these problems, the server
-	    no longer listens for requests on IPv6 addresses
-	    by default.  If you need to accept DNS queries over
-	    IPv6, you must specify "listen-on-v6 { any; };"
-	    in the named.conf options statement.
-
-	    FreeBSD prior to 4.2 (and 4.2 if running as non-root)
-	    and OpenBSD prior to 2.8 log messages like
-	    "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
-	    This is due to a bug in "/dev/random" and impacts the
-	    server's DNSSEC support.
-
-	    OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
-	    OS X 10.2 (Darwin 6.0) reports errors like
-	    "fcntl(3, F_SETFL, 4): Operation not supported by device".
-	    This is due to a bug in "/dev/random" and impacts the
-	    server's DNSSEC support.
-
-	    --with-libtool does not work on AIX.
-
-	A bug in some versions of the Microsoft DNS server can cause zone
-        transfers from a BIND 9 server to a W2K server to fail.  For details,
-	see the "Zone Transfers" section in doc/misc/migration.

Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 1998-2000  Internet Software Consortium.
-# 
+# Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2002  Internet Software Consortium.
+#
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-# 
-# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-# SOFTWARE.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.21.2.6 2000/07/27 01:48:49 gson Exp $
+# $Id: Makefile.in,v 1.43.18.4 2006/05/19 00:04:01 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,49 +21,48 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-SUBDIRS =	make lib bin
+SUBDIRS =	make lib bin doc @LIBBIND@
 TARGETS =
-DISTFILES =	CHANGES COPYRIGHT Makefile.in README \
-		acconfig.h aclocal.m4 config.guess config.h.in config.h.win32 \
-		config.status.win32 config.sub configure configure.in \
-		isc-config.sh.in install-sh libtool.m4 ltconfig ltmain.sh \
-		lib make contrib \
-		version
-DOCDISTFILES =	arm draft misc rfc
-DOCMANDISTFILES = bin dnssec
-BINDISTFILES =	Makefile.in dig dnssec named nsupdate rndc tests
 
 @BIND9_MAKE_RULES@
 
+distclean::
+	@if [ "X@LIBBIND@" = "X" ] ; then \
+		i=lib/bind; \
+		echo "making $@ in `pwd`/$$i"; \
+		(cd $$i; ${MAKE} ${MAKEDEFS} $@) || exit 1; \
+	fi
+
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
-	rm -f libtool isc-config.sh
-	rm -f util/conf.sh
+	rm -f libtool isc-config.sh configure.lineno
+	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
 
-cleandir: distclean
+# XXX we should clean libtool stuff too.  Only do this after we add rules
+# to make it.
+maintainer-clean::
+	rm -f configure
 
-install:: isc-config.sh
-	${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
+	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
 
-kit: kitclean
-	mkdir bind-${VERSION}
-	@(cd bind-${VERSION}; for i in ${DISTFILES}; do ln -s ../$$i $$i; done)
-	mkdir bind-${VERSION}/doc
-	@(cd bind-${VERSION}/doc; for i in ${DOCDISTFILES}; do \
-		ln -s ../../doc/$$i $$i; done)
-	mkdir bind-${VERSION}/doc/man
-	@(cd bind-${VERSION}/doc/man; for i in ${DOCMANDISTFILES}; do \
-		ln -s ../../../doc/man/$$i $$i; done)
-	mkdir bind-${VERSION}/bin
-	@(cd bind-${VERSION}/bin; for i in ${BINDISTFILES}; do \
-		ln -s ../../bin/$$i $$i; done)
-	gtar -c -v -z -h --exclude '*CVS*' -f bind-${VERSION}.tar.gz \
-		bind-${VERSION}
-	rm -rf bind-${VERSION}
-
-kitclean: distclean
-	rm -rf bind-${VERSION}
+install:: isc-config.sh installdirs
+	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
 
 tags:
 	rm -f TAGS
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
+
+check: test
+
+test:
+	(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
+
+FAQ: FAQ.xml
+	${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
+	${W3M} -T text/html -dump >$@.tmp
+	mv $@.tmp $@
+
+clean::
+	rm -f FAQ.tmp

README

@@ -1,4 +1,3 @@
-
 BIND 9
 
 	BIND version 9 is a major rewrite of nearly all aspects of the
@@ -11,8 +10,7 @@ BIND 9
 
 		- IP version 6
 			Answers DNS queries on IPv6 sockets
-			IPv6 resource records (A6, DNAME, etc.)
-			Bitstring Labels
+			IPv6 resource records (AAAA)
 			Experimental IPv6 Resolver Library
 
 		- DNS Protocol Enhancements
@@ -42,31 +40,326 @@ BIND 9
 		U.S. Defense Information Systems Agency
 		USENIX Association
 		Stichting NLnet - NLnet Foundation
+		Nominum, Inc.
 
 
-BIND 9.0.1
+BIND 9.4.0
 
-	BIND 9.0.1 is a maintenance release, containing fixes for a 
-	number of bugs in BIND 9.0.0 but no new features (with the 
-	exception of a few minor features added to dig, host, and 
-	nslookup).
+	BIND 9.4.0 has a number of new features over 9.3,
+	including:
 
-	Like BIND 9.0.0, BIND 9.0.1 is primarily a name server software
-	distribution.  In addition to the name server, it also includes 
-	a new lightweight stub resolver library and associated resolver
-	daemon that fully support forward and reverse lookups of both
-	IPv4 and IPv6 addresses.  This library is still considered
-	experimental and is not a complete replacement for the BIND 8
-	resolver library.  In particular, applications that use the
-	BIND 8 res_* functions to perform DNS queries or dynamic
-	updates still need to be linked against the BIND 8 libraries.
+	Implemented "additional section caching (or acache)", an
+	internal cache framework for additional section content to
+	improve response performance.  Several configuration options
+	were provided to control the behavior.
 
-	BIND 9.0.1 is capable of acting as an authoritative server
+	New notify type 'master-only'.  Enable notify for master
+	zones only.
+
+	Accept 'notify-source' style syntax for query-source.
+
+	rndc now allows addresses to be set in the server clauses.
+
+	New option "allow-query-cache".  This lets allow-query be
+	used to specify the default zone access level rather than
+	having to have every zone override the global value.
+	allow-query-cache can be set at both the options and view
+	levels.  If allow-query-cache is not set allow-query applies.
+
+	rndc: the source address can now be specified.
+
+	ixfr-from-differences now takes master and slave in addition
+	to yes and no at the options and view levels.
+
+	Allow the journal's name to be changed via named.conf.
+
+	'rndc notify zone [class [view]]' resend the NOTIFY messages
+	for the specified zone.
+
+	'dig +trace' now randomly selects the next servers to try.
+	Report if there is a bad delegation.
+
+	Improve check-names error messages.
+
+	Make public the function to read a key file, dst_key_read_public().
+
+	dig now returns the byte count for axfr/ixfr.
+			
+	allow-update is now settable at the options / view level.
+
+	named-checkconf now checks the logging configuration.
+
+	host now can turn on memory debugging flags with '-m'.
+
+	Don't send notify messages to self.
+
+	Perform sanity checks on NS records which refer to 'in zone' names.
+
+	New zone option "notify-delay".  Specify a minimum delay
+	between sets of NOTIFY messages.
+
+	Extend adjusting TTL warning messages.
+
+	Named and named-checkzone can now both check for non-terminal
+	wildcard records.
+
+	"rndc freeze/thaw" now freezes/thaws all zones.
+
+	named-checkconf now check acls to verify that they only
+	refer to existing acls.
+
+	The server syntax has been extended to support a range of
+	servers.
+
+	Report differences between hints and real NS rrset and
+	associated address records.
+
+	Preserve the case of domain names in rdata during zone
+	transfers.
+
+	Restructured the data locking framework using architecture
+	dependent atomic operations (when available), improving
+	response performance on multi-processor machines significantly.
+	x86, x86_64, alpha, powerpc, and mips are currently supported.
+
+	UNIX domain controls are now supported.
+
+	Add support for additional zone file formats for improving
+	loading performance.  The masterfile-format option in
+	named.conf can be used to specify a non-default format.  A
+	separate command named-compilezone was provided to generate
+	zone files in the new format.  Additionally, the -I and -O
+	options for dnssec-signzone specify the input and output
+	formats.
+
+	dnssec-signzone can now randomize signature end times
+	(dnssec-signzone -j jitter).
+
+	Add support for CH A record.
+
+	Add additional zone data constancy checks.  named-checkzone
+	has extended checking of NS, MX and SRV record and the hosts
+	they reference.  named has extended post zone load checks.
+	New zone options: check-mx and integrity-check.
+
+	edns-udp-size can now be overridden on a per server basis.
+
+	dig can now specify the EDNS version when making a query.
+
+	Added framework for handling multiple EDNS versions.
+
+	Additional memory debugging support to track size and mctx
+	arguments.
+
+	Detect duplicates of UDP queries we are recursing on and
+	drop them.  New stats category "duplicates".
+
+	Meory management. "USE INTERNAL MALLOC" is now runtime selectable.
+
+	The lame cache is now done on a <qname,qclass,qtype> basis
+	as some servers only appear to be lame for certain query
+	types.
+
+	Limit the number of recursive clients that can be waiting
+	for a single query (<qname,qtype,qclass>) to resolve.  New
+	options clients-per-query and max-clients-per-query.
+
+	dig: report the number of extra bytes still left in the
+	packet after processing all the records.
+
+	Support for IPSECKEY rdata type.
+
+	Raise the UDP recieve buffer size to 32k if it is less than 32k.
+
+	x86 and x86_64 now have seperate atomic locking implementations.
+
+	named-checkconf now validates update-policy entries.
+
+	Attempt to make the amount of work performed in a iteration
+	self tuning.  The covers nodes clean from the cache per
+	iteration, nodes written to disk when rewriting a master
+	file and nodes destroyed per iteration when destroying a
+	zone or a cache.
+
+	ISC string copy API.
+
+	Automatic empty zone creation for D.F.IP6.ARPA and friends.
+	Note: RFC 1918 zones are not yet covered by this but are
+	likely to be in a future release.
+
+	New options: empty-server, empty-contact, empty-zones-enable
+	and disable-empty-zone.
+
+	dig now has a '-q queryname' and '+showsearch' options.
+
+	host/nslookup now continue (default)/fail on SERVFAIL.
+
+	dig now warns if 'RA' is not set in the answer when 'RD'
+	was set in the query.  host/nslookup skip servers that fail
+	to set 'RA' when 'RD' is set unless a server is explicitly
+	set.
+
+	Integrate contibuted DLZ code into named.
+
+	Integrate contibuted IDN code from JPNIC.
+
+	Validate pending NS RRsets, in the authority section, prior
+	to returning them if it can be done without requiring DNSKEYs
+	to be fetched.
+
+	It is now possible to configure named to accept expired
+	RRSIGs.  Default "dnssec-accept-expired no;".  Setting
+	"dnssec-accept-expired yes;" leaves named vulnerable to
+	replay attacks.
+
+	Addition memory leakage checks.
+
+	The maximum EDNS UDP response named will send can now be
+	set in named.conf (max-udp-size).  This is independent of
+	the advertised receive buffer (edns-udp-size).
+
+	Named now falls back to advertising EDNS with a 512 byte
+	receive buffer if the initial EDNS queries fail.
+
+	Control the zeroing of the negative response TTL to a soa
+	query.  Defaults "zero-no-soa-ttl yes;" and
+	"zero-no-soa-ttl-cache no;".
+			
+	Seperate out MX and SRV to CNAME checks.
+
+	dig/nslookup/host: warn about missing "QR".
+
+	TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
+	HMACSHA512 support.
+
+	dnssec-signzone: output the SOA record as the first record
+	in the signed zone.
+
+	Two new update policies.  "selfsub" and "selfwild".
+
+	dig, nslookup and host now advertise a 4096 byte EDNS UDP
+	buffer size by default.
+
+	Report when a zone is removed.
+
+	DS/DLV SHA256 digest algorithm support.
+
+	Implement "rrset-order fixed".
+
+	Check the KSK flag when updating a secure dynamic zone.
+	New zone option "update-check-ksk yes;".
+
+	It is now possible to explicitly enable DNSSEC validation.
+	default dnssec-validation no; to be changed to yes in 9.5.0.
+
+	It is now posssible to enable/disable DNSSEC validation
+	from rndc.  This is useful for the mobile hosts where the
+	current connection point breaks DNSSEC (firewall/proxy).
+
+		rndc validation newstate [view]
+
+	dnssec-signzone can now update the SOA record of the signed
+	zone, either as an increment or as the system time().
+
+	Statistics about acache now recorded and sent to log.
+
+	libbind: corresponds to that from BIND 8.4.7.
+
+BIND 9.3.0
+
+	BIND 9.3.0 has a number of new features over 9.2,
+	including:
+
+	DNSSEC is now DS based (RFC 3658).
+	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
+
+	DNSSEC lookaside validation.
+
+	check-names is now implemented.
+	rrset-order in more complete.
+
+	IPv4/IPv6 transition support, dual-stack-servers.
+
+	IXFR deltas can now be generated when loading master files,
+	ixfr-from-differences.
+
+	It is now possible to specify the size of a journal, max-journal-size.
+
+	It is now possible to define a named set of master servers to be
+	used in masters clause, masters.
+
+	The advertised EDNS UDP size can now be set, edns-udp-size.
+
+	allow-v6-synthesis has been obsoleted.
+
+	NOTE:
+	* Zones containing MD and MF will now be rejected.
+	* dig, nslookup name. now report "Not Implemented" as
+	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
+	  that are looking for NOTIMPL.
+
+	libbind: corresponds to that from BIND 8.4.5.
+
+BIND 9.2.0
+
+	BIND 9.2.0 has a number of new features over 9.1,
+	including:
+
+	  - The size of the cache can now be limited using the
+            "max-cache-size" option.
+
+	  - The server can now automatically convert RFC1886-style
+	    recursive lookup requests into RFC2874-style lookups, 
+	    when enabled using the new option "allow-v6-synthesis".
+            This allows stub resolvers that support AAAA records
+            but not A6 record chains or binary labels to perform
+            lookups in domains that make use of these IPv6 DNS
+            features.
+
+	  - Performance has been improved.
+
+	  - The man pages now use the more portable "man" macros
+	    rather than the "mandoc" macros, and are installed
+            by "make install".
+
+          - The named.conf parser has been completely rewritten.
+            It now supports "include" directives in more
+            places such as inside "view" statements, and it no
+            longer has any reserved words.
+
+          - The "rndc status" command is now implemented.
+
+	  - rndc can now be configured automatically.
+
+	  - A BIND 8 compatible stub resolver library is now
+	    included in lib/bind.
+
+	  - OpenSSL has been removed from the distribution.  This
+	    means that to use DNSSEC, OpenSSL must be installed and
+	    the --with-openssl option must be supplied to configure.
+	    This does not apply to the use of TSIG, which does not
+	    require OpenSSL.
+
+	  - The source distribution now builds on Windows NT/2000.
+	    See win32utils/readme1.txt and win32utils/win32-build.txt
+	    for details.
+
+	This distribution also includes a new lightweight stub
+	resolver library and associated resolver daemon that fully
+	support forward and reverse lookups of both IPv4 and IPv6
+	addresses.  This library is considered experimental and
+	is not a complete replacement for the BIND 8 resolver library.
+	Applications that use the BIND 8 res_* functions to perform
+	DNS lookups or dynamic updates still need to be linked against
+	the BIND 8 libraries.  For DNS lookups, they can also use the
+	new "getrrsetbyname()" API.
+
+	BIND 9.2 is capable of acting as an authoritative server
 	for DNSSEC secured zones.  This functionality is believed to
-	be stable and complete except for lacking support for wildcard
-	records in secure zones.
+	be stable and complete except for lacking support for
+	verifications involving wildcard records in secure zones.
 
-	When acting as a caching server, BIND 9.0.1 can be configured
+	When acting as a caching server, BIND 9.2 can be configured
 	to perform DNSSEC secure resolution on behalf of its clients.
 	This part of the DNSSEC implementation is still considered
 	experimental.  For detailed information about the state of the
@@ -74,10 +367,6 @@ BIND 9.0.1
 
 	There are a few known bugs:
 
-		The option "query-source * port 53;" will not work as
-		expected.  Instead of the wildcard address "*", you need 
-		to use an explicit source IP address.
-
 		On some systems, IPv6 and IPv4 sockets interact in
 		unexpected ways.  For details, see doc/misc/ipv6.
 		To reduce the impact of these problems, the server
@@ -86,55 +375,65 @@ BIND 9.0.1
 		IPv6, you must specify "listen-on-v6 { any; };"
 		in the named.conf options statement.
 
-		There are known problems with thread signal handling 
-		under Solaris 2.6.
+		FreeBSD prior to 4.2 (and 4.2 if running as non-root)
+		and OpenBSD prior to 2.8 log messages like
+		"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
+		This is due to a bug in "/dev/random" and impacts the
+		server's DNSSEC support.
 
-		The "isc_timer_reset" test sometimes fails on HP-UX 11
-		for unknown reasons, but the server itself seems to
-		run fine.
-
-		On FreeBSD systems, the server logs error messages
-		like "fcntl(8, F_SETFL, 4): Inappropriate ioctl for
-		device".  This is due to a bug in the FreeBSD
-		/dev/random device.  The bug has been reported
-		to the FreeBSD maintainers.  Versions of OpenBSD
-		prior to 2.8 have a similar problem.
-
-		The configure option --disable-ipv6 is not functional.
+		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
+		OS X 10.2 (Darwin 6.0) reports errors like
+		"fcntl(3, F_SETFL, 4): Operation not supported by device".
+		This is due to a bug in "/dev/random" and impacts the
+		server's DNSSEC support.
 
 		--with-libtool does not work on AIX.
 
-		Due to bugs in the dnssafe library, RSA keys longer
-		than 2000 bits are not supported.
+	A bug in the Windows 2000 DNS server can cause zone transfers
+	from a BIND 9 server to a W2K server to fail.  For details,
+	see the "Zone Transfers" section in doc/misc/migration.
+
+	For a detailed list of user-visible changes from
+	previous releases, see the CHANGES file.
+
 
 Building
 
 	BIND 9 currently requires a UNIX system with an ANSI C compiler,
-	basic POSIX support, and a good pthreads implementation.
+	basic POSIX support, and a 64 bit integer type.
 
 	We've had successful builds and tests on the following systems:
 
-		AIX 4.3
-		COMPAQ Tru64 UNIX 4.0D
-		COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
-		FreeBSD 3.4-STABLE
-		HP-UX 11
-		IRIX64 6.5
-		NetBSD-current (with unproven-pthreads-0.17)
-		Red Hat Linux 6.0, 6.1, 6.2
-		Solaris 2.6, 7, 8
+		COMPAQ Tru64 UNIX 5.1B
+		FreeBSD 4.10, 5.2.1
+		HP-UX 11.11
+		NetBSD 1.5
+		Slackware Linux 8.1
+		Solaris 8, 9, 9 (x86)
+		Windows NT/2000/XP/2003
 
-	Additionally, we have unverified reports of success from users
-	of the following systems:
+	Additionally, we have unverified reports of success building
+	previous versions of BIND 9 from users of the following systems:
 
-		Slackware Linux 7.0 with 2.4.0-test6 kernel and glibc 2.1.3
-		OpenBSD 2.6, 2.8, -current
+		AIX 5L
+		SuSE Linux 7.0
+		Slackware Linux 7.x, 8.0
+	        Red Hat Linux 7.1
+		Debian GNU/Linux 2.2 and 3.0
+		Mandrake 8.1
+		OpenBSD 2.6, 2.8, 2.9
+		UnixWare 7.1.1
+		HP-UX 10.20
+		BSD/OS 4.2
+		Mac OS X 10.1, 10.3.8
 
 	To build, just
 
 		./configure
 		make
 
+	Do not use a parallel "make".
+
 	Several environment variables that can be set before running
 	configure will affect compilation:
 
@@ -144,7 +443,7 @@ Building
 
 	    CFLAGS
 		C compiler flags.  Defaults to include -g and/or -O2
-		as supported by the compiler.
+		as supported by the compiler.  
 
 	    STD_CINCLUDES
 		System header file directories.	 Can be used to specify
@@ -155,28 +454,90 @@ Building
 		Any additional preprocessor symbols you want defined.
 		Defaults to empty string.
 
+		Possible settings:
+		Change the default syslog facility of named/lwresd.
+		  -DISC_FACILITY=LOG_LOCAL0	
+		Enable DNSSEC signature chasing support in dig.
+		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
+				    -DDIG_SIGCHASE_BU=1)
+		Disable dropping queries from particular well known ports.
+		  -DNS_CLIENT_DROPPORT=0
+
+	    LDFLAGS
+		Linker flags. Defaults to empty string.
+
+	The following need to be set when cross compiling.
+
+	    BUILD_CC
+		The native C compiler.
+	    BUILD_CFLAGS (optional)
+	    BUILD_CPPFLAGS (optional)
+		Possible Settings:
+		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
+	    BUILD_LDFLAGS (optional)
+	    BUILD_LIBS (optional)
+
 	To build shared libraries, specify "--with-libtool" on the
 	configure command line.
 
+	For the server to support DNSSEC, you need to build it
+	with crypto support.  You must have OpenSSL 0.9.5a
+	or newer installed and specify "--with-openssl" on the
+	configure command line.  If OpenSSL is installed under
+	a nonstandard prefix, you can tell configure where to
+	look for it using "--with-openssl=/prefix".
+
+	To build libbind (the BIND 8 resolver library), specify
+	"--enable-libbind" on the configure command line.
+
+	On some platforms, BIND 9 can be built with multithreading
+	support, allowing it to take advantage of multiple CPUs.
+	You can specify whether to build a multithreaded BIND 9 
+	by specifying "--enable-threads" or "--disable-threads"
+	on the configure command line.  The default is operating
+	system dependent.
+
 	If your operating system has integrated support for IPv6, it
 	will be used automatically.  If you have installed KAME IPv6
 	separately, use "--with-kame[=PATH]" to specify its location.
-	
-	To see additional configure options, run "configure --help".
 
 	"make install" will install "named" and the various BIND 9 libraries.
 	By default, installation is into /usr/local, but this can be changed
 	with the "--prefix" option when running "configure".
 
+	You may specify the option "--sysconfdir" to set the directory 
+	where configuration files like "named.conf" go by default,
+	and "--localstatedir" to set the default parent directory
+	of "run/named.pid".   For backwards compatibility with BIND 8,
+	--sysconfdir defaults to "/etc" and --localstatedir defaults to
+	"/var" if no --prefix option is given.  If there is a --prefix
+	option, sysconfdir defaults to "$prefix/etc" and localstatedir
+	defaults to "$prefix/var".
+
+	To see additional configure options, run "configure --help".
+	Note that the help message does not reflect the BIND 8 
+	compatibility defaults for sysconfdir and localstatedir.
+
 	If you're planning on making changes to the BIND 9 source, you
 	should also "make depend".  If you're using Emacs, you might find
 	"make tags" helpful.
 
+	If you need to re-run configure please run "make distclean" first.
+	This will ensure that all the option changes take.
+
 	Building with gcc is not supported, unless gcc is the vendor's usual
 	compiler (e.g. the various BSD systems, Linux).
+	
+	Known compiler issues:
+	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
+	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
+	* gcc-3.3.5 powerpc generates incorrect code at -02.
+	* Irix, MipsPRO 7.4.1m is known to cause problems.
 
-	Parts of the library can be tested by running "make test" from the
-	bin/tests subdirectory.
+	A limited test suite can be run with "make test".  Many of
+	the tests require you to configure a set of virtual IP addresses
+	on your system, and some require Perl; see bin/tests/system/README
+	for details.
 
 
 Documentation
@@ -186,14 +547,16 @@ Documentation
 	doc/arm directory.
 
 	Some of the programs in the BIND 9 distribution have man pages
-	under the doc/man directory.  In particular, the command line
-	options of "named" are documented in doc/man/bind/named.8.
-
-	The man pages are currently not installed automatically by
-	"make install".
+	in their directories.  In particular, the command line
+	options of "named" are documented in /bin/named/named.8.
+	There is now also a set of man pages for the lwres library.
 
 	If you are upgrading from BIND 8, please read the migration
-	notes in doc/misc/migration.
+	notes in doc/misc/migration.  If you are upgrading from
+	BIND 4, read doc/misc/migration-4to9.
+
+	Frequently asked questions and their answers can be found in
+	FAQ.
 
 
 Bug Reports and Mailing Lists
@@ -202,13 +565,18 @@ Bug Reports and Mailing Lists
 
 		bind9-bugs@isc.org
 
-	To join the BIND 9 Users mailing list, send mail to
+	To join the BIND Users mailing list, send mail to
 
-		bind9-users-request@isc.org
+		bind-users-request@isc.org
+
+	archives of which can be found via
+
+		http://www.isc.org/ops/lists/
 
 	If you're planning on making changes to the BIND 9 source
-	code, you might want to join the BIND 9 Workers mailing list.
+	code, you might want to join the BIND Workers mailing list.
 	Send mail to
 
-		bind9-workers-request@isc.org
+		bind-workers-request@isc.org
+
 

README.idnkit

@@ -0,0 +1,112 @@
+
+			BIND-9 IDN patch
+
+	       Japan Network Information Center (JPNIC)
+
+
+* What is this patch for?
+
+This patch adds internationalized domain name (IDN) support to BIND-9.
+You'll get internationalized version of dig/host/nslookup commands.
+
+    + internationalized dig/host/nslookup
+	dig/host/nslookup accepts non-ASCII domain names in the local
+	codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
+	the locale information.  The domain names are normalized and
+	converted to the encoding on the DNS protocol, and sent to DNS
+	servers.  The replies are converted back to the local codeset
+	and displayed.
+
+
+* Compilation & installation
+
+0. Prerequisite
+
+You have to build and install idnkit before building this patched version
+of bind-9.
+
+1. Running configure script
+
+Run `configure' in the top directory.  See `README' for the
+configuration options.
+
+This patch adds the following 4 options to `configure'.  You should
+at least specify `--with-idn' option to enable IDN support.
+
+    --with-idn[=IDN_PREFIX]
+	To enable IDN support, you have to specify `--with-idn' option.
+	The argument IDN_PREFIX is the install prefix of idnkit.  If
+	IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX')
+	is assumed.
+
+    --with-libiconv[=LIBICONV_PREFIX]
+	Specify this option if idnkit you have installed links GNU
+	libiconv.  The argument LIBICONV_PREFIX is install prefix of
+	GNU libiconv.  If the argument is omitted, PREFIX (derived
+	from `--prefix=PREFIX') is assumed.
+
+	`--with-libiconv' is shorthand option for GNU libiconv.
+
+	    --with-libiconv=/usr/local
+
+	This is equivalent to:
+
+	    --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv'
+
+	`--with-libiconv' assumes that your C compiler has `-R'
+	option, and that the option adds the specified run-time path
+	to an exacutable binary.  If `-R' option of your compiler has
+	different meaning, or your compiler lacks the option, you
+	should use `--with-iconv' option instead.  Binary command
+	without run-time path information might be unexecutable.
+	In that case, you would see an error message like:
+
+	    error in loading shared libraries: libiconv.so.2: cannot
+	    open shared object file
+
+	If both `--with-libiconv' and `--with-iconv' options are
+	specified, `--with-iconv' is prior to `--with-libiconv'.
+
+    --with-iconv=ICONV_LIBSPEC
+	If your libc doens't provide iconv(), you need to specify the
+	library containing iconv() with this option.  `ICONV_LIBSPEC'
+	is the argument(s) to `cc' or `ld' to link the library, for
+	example, `--with-iconv="-L/usr/local/lib -liconv"'.
+	You don't need to specify the header file directory for "iconv.h"
+	to the compiler, as it isn't included directly by bind-9 with
+	this patch.
+
+    --with-idnlib=IDN_LIBSPEC
+	With this option, you can explicitly specify the argument(s)
+	to `cc' or `ld' to link the idnkit's library, `libidnkit'.  If
+	this option is not specified, `-L${PREFIX}/lib -lidnkit' is
+	assumed, where ${PREFIX} is the installation prefix specified
+	with `--with-idn' option above.  You may need to use this
+	option to specify extra argments, for example,
+	`--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
+
+Please consult `README' for other configuration options.
+
+Note that if you want to specify some extra header file directories,
+you should use the environment variable STD_CINCLUDES instead of
+CFLAGS, as described in README.
+
+2. Compilation and installation
+
+After running "configure", just do
+
+	make
+	make install
+
+for compiling and installing.
+
+
+* Contact information
+
+Please see http//www.nic.ad.jp/en/idn/ for the latest news
+about idnkit and this patch.
+
+Bug reports and comments on this kit should be sent to
+mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
+
+; $Id: README.idnkit,v 1.2.2.2 2005/09/12 02:12:08 marka Exp $

REDIRECT-NOTES

@@ -1,35 +0,0 @@
-Redirect zones are used to find answers to queries when normal resolution
-would result in NXDOMAIN being returned.  Only one redirect zone per view
-is currently supported.
-
-To redirect to 100.100.100.2 and 2001:ffff:ffff::100.100.100.2 on NXDOMAIN
-one would configure the redirect zone like this.
-
-zone "." {
-	type redirect;
-	file "redirect.db";
-};
-
-redirect.db:
-$TTL 300
-@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0
-@ IN NS ns.example.net
-;
-; NS records do not need address records in this zone as it is not in the
-; normal namespace.
-;
-*. IN A 100.100.100.2
-*. IN AAAA 2001:ffff:ffff::100.100.100.2
-
-To redirect all Spanish names (under .ES) one would use entries like these:
-
-*.ES. IN A 100.100.100.3
-*.ES. IN AAAA 2001:ffff:ffff::100.100.100.3
-
-To redirect all commercial Spanish names (under COM.ES) one would use
-entries like these:
-*.COM.ES. IN A 100.100.100.4
-*.COM.ES. IN AAAA 2001:ffff:ffff::100.100.100.4
-
-The redirect zone supports all possible types.  It is not limited to
-A and AAAA record.

TODO

@@ -1,18 +0,0 @@
-
-1.	Rdataset/Rdatalist Union
-2.	ev_ prefix for ISC_EVENT_COMMON
-3.	Finish mempool conversion of message.c
-4.	Improve buffer & region APIs (inline?)
-5.	isc/util.h publish or perish
-6.	magic number listing
-7.	Eliminate dns_result_t and old DNS_R_ codes
-8.	Check base 64 code; does it have the problems that
-	the BIND 8 code does?
-9.	Authority is optional if we have answers?
-10.	AD bit setting.
-11.	KEY duplication (answer + additional) in any query
-12.	Fix rdata META flag to be set for TSIG, TKEY, OPT
-13.	Intergrate (replace?) old per zone SOA timers with zomemgr
-14.	RWlock for zonemgr zone list
-15.	CHAOS A's
-16.	implement "doc" checks out of zonemgr.

acconfig.h

@@ -1,21 +1,23 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2003  Internet Software Consortium.
+ *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.23 2000/06/22 21:48:56 tale Exp $ */
+/* $Id: acconfig.h,v 1.44.18.5 2005/04/29 00:15:20 marka Exp $ */
+
+/*! \file */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -23,76 +25,97 @@
  ***/
 @TOP@
 
-/* define on DEC OSF to enable 4.4BSD style sa_len support */
+/** define to `int' if <sys/types.h> doesn't define.  */
+#undef ssize_t
+
+/** define on DEC OSF to enable 4.4BSD style sa_len support */
 #undef _SOCKADDR_LEN
 
-/* define if your system needs pthread_init() before using pthreads */
+/** define if your system needs pthread_init() before using pthreads */
 #undef NEED_PTHREAD_INIT
 
-/* define if your system has sigwait() */
+/** define if your system has sigwait() */
 #undef HAVE_SIGWAIT
 
-/* define if sigwait() is the UnixWare flavor */
+/** define if sigwait() is the UnixWare flavor */
 #undef HAVE_UNIXWARE_SIGWAIT
 
-/* define on Solaris to get sigwait() to work using pthreads semantics */
+/** define on Solaris to get sigwait() to work using pthreads semantics */
 #undef _POSIX_PTHREAD_SEMANTICS
 
-/* define if LinuxThreads is in use */
+/** define if LinuxThreads is in use */
 #undef HAVE_LINUXTHREADS
 
-/* define if sysconf() is available */
+/** define if sysconf() is available */
 #undef HAVE_SYSCONF
 
-/* define if catgets() is available */
+/** define if sysctlbyname() is available */
+#undef HAVE_SYSCTLBYNAME
+
+/** define if catgets() is available */
 #undef HAVE_CATGETS
 
-/* define if you have the NET_RT_IFLIST sysctl variable. */
+/** define if getifaddrs() exists */
+#undef HAVE_GETIFADDRS
+
+/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
 #undef HAVE_IFLIST_SYSCTL
 
-/* define if you need to #define _XPG4_2 before including sys/socket.h */
-#undef NEED_XPG4_2_BEFORE_SOCKET_H
-
-/* define if you need to #define _XOPEN_SOURCE_ENTENDED before including
- * sys/socket.h
- */
-#undef NEED_XSE_BEFORE_SOCKET_H
-
-/* define if chroot() is available */
+/** define if chroot() is available */
 #undef HAVE_CHROOT
 
-/* define if struct addrinfo exists */
+/** define if tzset() is available */
+#undef HAVE_TZSET
+
+/** define if struct addrinfo exists */
 #undef HAVE_ADDRINFO
 
-/* define is getaddrinfo() exists */
+/** define if getaddrinfo() exists */
 #undef HAVE_GETADDRINFO
 
-/* define if pthread_setconcurrency() should be called to tell the
+/** define if gai_strerror() exists */
+#undef HAVE_GAISTRERROR
+
+/** define if arc4random() exists */
+#undef HAVE_ARC4RANDOM
+
+/**
+ * define if pthread_setconcurrency() should be called to tell the
  * OS how many threads we might want to run.
  */
 #undef CALL_PTHREAD_SETCONCURRENCY
 
-/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
+/** define if IPv6 is not disabled */
+#undef WANT_IPV6
+
+/** define if flockfile() is available */
+#undef HAVE_FLOCKFILE
+
+/** define if getc_unlocked() is available */
+#undef HAVE_GETCUNLOCKED
+
+/** Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
 #undef SHUTUP_SPUTAUX
 #ifdef SHUTUP_SPUTAUX
 struct __sFILE;
 extern __inline int __sputaux(int _c, struct __sFILE *_p);
 #endif
 
-/* Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
+/** Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
 #undef SHUTUP_SIGWAIT
 #ifdef SHUTUP_SIGWAIT
 int sigwait(const unsigned int *set, int *sig);
 #endif
 
-/* Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
+/** Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
 #undef SHUTUP_STDARG_CAST
 #if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__)
-#include <stdarg.h>		/* Grr.  Must be included *every time*. */
-/*
+#include <stdarg.h>		/** Grr.  Must be included *every time*. */
+/**
  * The silly continuation line is to keep configure from
  * commenting out the #undef.
  */
+ 
 #undef \
 	va_start
 #define	va_start(ap, last) \
@@ -101,4 +124,28 @@ int sigwait(const unsigned int *set, int *sig);
 		_u.konst = &(last); \
 		ap = (va_list)(_u.var + __va_words(__typeof(last))); \
 	} while (0)
-#endif /* SHUTUP_STDARG_CAST && __GNUC__ */
+#endif /** SHUTUP_STDARG_CAST && __GNUC__ */
+
+/** define if the system has a random number generating device */
+#undef PATH_RANDOMDEV
+
+/** define if pthread_attr_getstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
+
+/** define if pthread_attr_setstacksize() is available */
+#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
+
+/** define if you have strerror in the C library. */
+#undef HAVE_STRERROR
+
+/** Define if you are running under Compaq TruCluster. */
+#undef HAVE_TRUCLUSTER
+
+/* Define if OpenSSL includes DSA support */
+#undef HAVE_OPENSSL_DSA
+
+/* Define to the length type used by the socket API (socklen_t, size_t, int). */
+#undef ISC_SOCKADDR_LEN_T
+
+/* Define if threads need PTHREAD_SCOPE_SYSTEM */
+#undef NEED_PTHREAD_SCOPE_SYSTEM

bin/Makefile.in

@@ -1,25 +1,25 @@
-# Copyright (C) 1998-2000  Internet Software Consortium.
-# 
+# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2001  Internet Software Consortium.
+#
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-# 
-# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-# SOFTWARE.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.15.2.2 2000/06/29 00:05:25 gson Exp $
+# $Id: Makefile.in,v 1.23 2004/03/05 04:57:10 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests nsupdate
+SUBDIRS =	named rndc dig dnssec tests nsupdate check
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.24.18.4 2005/09/07 00:29:53 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -32,7 +32,6 @@ CWARNINGS =
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
@@ -40,8 +39,7 @@ ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
-LIBS =		${ISCLIBS} @LIBS@
-NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
+LIBS =		@LIBS@
 
 SUBDIRS =
 
@@ -71,14 +69,13 @@ named-checkzone.@O@: named-checkzone.c
 
 named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
 		${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
-	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
-	export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
+	${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	export BASEOBJS="named-checkzone.@O@ check-tool.@O@"; \
-	export LIBS0="${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	named-checkzone.@O@ check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/check/check-tool.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,30 +15,25 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
+/* $Id: check-tool.c,v 1.10.18.13 2006/01/07 00:23:34 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
 #include <stdio.h>
-
-#ifdef _WIN32
-#include <Winsock2.h>
-#endif
+#include <string.h>
 
 #include "check-tool.h"
+#include <isc/util.h>
+
 #include <isc/buffer.h>
 #include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/netdb.h>
 #include <isc/net.h>
+#include <isc/netdb.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
-#include <isc/string.h>
-#include <isc/symtab.h>
 #include <isc/types.h>
-#include <isc/util.h>
 
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -49,16 +44,6 @@
 #include <dns/types.h>
 #include <dns/zone.h>
 
-#include <isccfg/log.h>
-
-#ifndef CHECK_SIBLING
-#define CHECK_SIBLING 1
-#endif
-
-#ifndef CHECK_LOCAL
-#define CHECK_LOCAL 1
-#endif
-
 #ifdef HAVE_ADDRINFO
 #ifdef HAVE_GETADDRINFO
 #ifdef HAVE_GAISTRERROR
@@ -72,38 +57,20 @@
 		result = (r); \
 		if (result != ISC_R_SUCCESS) \
 			goto cleanup; \
-	} while (0)
-
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
+	} while (0)   
 
 static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
 isc_boolean_t nomerge = ISC_TRUE;
-#if CHECK_LOCAL
 isc_boolean_t docheckmx = ISC_TRUE;
 isc_boolean_t dochecksrv = ISC_TRUE;
 isc_boolean_t docheckns = ISC_TRUE;
-#else
-isc_boolean_t docheckmx = ISC_FALSE;
-isc_boolean_t dochecksrv = ISC_FALSE;
-isc_boolean_t docheckns = ISC_FALSE;
-#endif
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS | 
 			    DNS_ZONEOPT_CHECKMX |
 			    DNS_ZONEOPT_MANYERRORS |
 			    DNS_ZONEOPT_CHECKNAMES |
 			    DNS_ZONEOPT_CHECKINTEGRITY |
-#if CHECK_SIBLING
-			    DNS_ZONEOPT_CHECKSIBLING |
-#endif
 			    DNS_ZONEOPT_CHECKWILDCARD |
 			    DNS_ZONEOPT_WARNMXCNAME |
 			    DNS_ZONEOPT_WARNSRVCNAME;
@@ -119,62 +86,9 @@ static isc_logcategory_t categories[] = {
 	{ "queries",	     0 },
 	{ "unmatched", 	     0 },
 	{ "update-security", 0 },
-	{ "query-errors",    0 },
 	{ NULL,		     0 }
 };
 
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-}
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   ISC_FALSE, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static isc_boolean_t
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (ISC_FALSE);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
 static isc_boolean_t
 checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
@@ -209,53 +123,34 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf,
-				     cur->ai_canonname);
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
-			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0 */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 	if (a == NULL || aaaa == NULL)
@@ -278,13 +173,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
 		}
@@ -308,13 +202,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET6, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = ISC_FALSE; */
 		}
@@ -326,48 +219,42 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		isc_boolean_t missing_glue = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = ISC_FALSE;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = ISC_TRUE;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = ISC_FALSE; */
-				missing_glue = ISC_TRUE;
-			}
+	for (cur = ai; cur != NULL; cur = cur->ai_next) {
+		switch (cur->ai_family) {
+		case AF_INET:
+			rdataset = a;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			type = "A";
+			break;
+		case AF_INET6:
+			rdataset = aaaa;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			type = "AAAA";
+			break;
+		default:
+			 continue;
+		}
+		match = ISC_FALSE;
+		if (dns_rdataset_isassociated(rdataset))
+			result = dns_rdataset_first(rdataset);
+		else
+			result = ISC_R_FAILURE;
+		while (result == ISC_R_SUCCESS && !match) {
+			dns_rdataset_current(rdataset, &rdata);
+			if (memcmp(ptr, rdata.data, rdata.length) == 0)
+				match = ISC_TRUE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(rdataset);
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "missing GLUE %s record (%s)",
+				     ownerbuf, namebuf, type,
+				     inet_ntop(cur->ai_family, ptr,
+					       addrbuf, sizeof(addrbuf)));
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -379,7 +266,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 static isc_boolean_t
 checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
+	struct addrinfo hints, *ai;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
@@ -399,33 +286,19 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME '%s' "
-						     "(illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
+				dns_zone_log(zone, ISC_LOG_WARNING,
+					     "%s/MX '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -437,23 +310,16 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
+		dns_zone_log(zone, ISC_LOG_WARNING,
 			     "getaddrinfo(%s) failed: %s",
 			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
 		return (ISC_TRUE);
 	}
 #else
@@ -464,7 +330,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 static isc_boolean_t
 checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
+	struct addrinfo hints, *ai;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
@@ -484,32 +350,19 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME '%s' (illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
+				dns_zone_log(zone, level,
+					     "%s/SRV '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -521,23 +374,16 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 #else
@@ -546,7 +392,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 }
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
+setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
@@ -556,9 +402,8 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	isc_log_setcontext(log);
 	dns_log_init(log);
 	dns_log_setcontext(log);
-	cfg_log_init(log);
 
-	destination.file.stream = errout;
+	destination.file.stream = stdout;
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
@@ -601,7 +446,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	isc_buffer_add(&buffer, strlen(zonename));
 	dns_fixedname_init(&fixorigin);
 	origin = dns_fixedname_name(&fixorigin);
-	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
+	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
+				ISC_FALSE, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
 	CHECK(dns_zone_setfile2(zone, filename, fileformat));
@@ -635,21 +481,20 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 /*% dump the zone */
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const isc_uint32_t rawversion)
+	  dns_masterformat_t fileformat, const dns_master_style_t *style)
 {
 	isc_result_t result;
 	FILE *output = stdout;
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0)
+		if (filename != NULL)
 			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
 				zonename, filename);
 		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
 	}
 
-	if (filename != NULL && strcmp(filename, "-") != 0) {
+	if (filename != NULL) {
 		result = isc_stdio_open(filename, "w+", &output);
 
 		if (result != ISC_R_SUCCESS) {
@@ -659,33 +504,10 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 		}
 	}
 
-	result = dns_zone_dumptostream3(zone, output, fileformat, style,
-					rawversion);
-	if (output != stdout)
+	result = dns_zone_dumptostream2(zone, output, fileformat, style);
+
+	if (filename != NULL)
 		(void)isc_stdio_close(output);
 
 	return (result);
 }
-
-#ifdef _WIN32
-void
-InitSockets(void) {
-	WORD wVersionRequested;
-	WSADATA wsaData;
-	int err;
-
-	wVersionRequested = MAKEWORD(2, 0);
-
-	err = WSAStartup( wVersionRequested, &wsaData );
-	if (err != 0) {
-		fprintf(stderr, "WSAStartup() failed: %d\n", err);
-		exit(1);
-	}
-}
-
-void
-DestroySockets(void) {
-	WSACleanup();
-}
-#endif
-

bin/check/check-tool.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
+/* $Id: check-tool.h,v 1.7.18.4 2005/06/20 01:19:25 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -23,7 +23,6 @@
 /*! \file */
 
 #include <isc/lang.h>
-#include <isc/stdio.h>
 #include <isc/types.h>
 
 #include <dns/masterdump.h>
@@ -32,7 +31,7 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
+setup_logging(isc_mem_t *mctx, isc_log_t **logp);
 
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
@@ -41,13 +40,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const isc_uint32_t rawversion);
-
-#ifdef _WIN32
-void InitSockets(void);
-void DestroySockets(void);
-#endif
+	  dns_masterformat_t fileformat, const dns_master_style_t *style);
 
 extern int debug;
 extern isc_boolean_t nomerge;

bin/check/named-checkconf.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,17 +13,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.33 2009/12/29 01:14:03 tbox Exp $
+.\" $Id: named-checkconf.8,v 1.16.18.8 2005/10/13 02:52:58 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: named\-checkconf
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 14, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -33,73 +30,33 @@
 named\-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
-checks the syntax, but not the semantics, of a
-\fBnamed\fR
-configuration file. The file is parsed and checked for syntax errors, along with all files included by it. If no file is specified,
-\fI/etc/named.conf\fR
-is read by default.
-.PP
-Note: files that
-\fBnamed\fR
-reads in separate parser contexts, such as
-\fIrndc.key\fR
-and
-\fIbind.keys\fR, are not automatically read by
-\fBnamed\-checkconf\fR. Configuration errors in these files may cause
-\fBnamed\fR
-to fail to run, even if
-\fBnamed\-checkconf\fR
-was successful.
-\fBnamed\-checkconf\fR
-can be run on these files explicitly, however.
+checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
+.TP
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkconf\fR
 program and exit.
-.RE
-.PP
-\-p
-.RS 4
-Print out the
-\fInamed.conf\fR
-and included files in canonical form if no errors were detected.
-.RE
-.PP
+.TP
 \-z
-.RS 4
-Perform a test load of all master zones found in
+Perform a check load the master zonefiles found in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP
 \-j
-.RS 4
 When loading a zonefile read the journal if it exists.
-.RE
-.PP
+.TP
 filename
-.RS 4
 The name of the configuration file to be checked. If not specified, it defaults to
 \fI/etc/named.conf\fR.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkconf\fR
@@ -107,13 +64,7 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fBnamed\-checkzone\fR(8),
 BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/check/named-checkconf.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */
 
 /*! \file */
 
@@ -47,8 +47,6 @@
 
 #include "check-tool.h"
 
-static const char *program = "named-checkconf";
-
 isc_log_t *logc = NULL;
 
 #define CHECK(r)\
@@ -59,14 +57,11 @@ isc_log_t *logc = NULL;
 	} while (0)
 
 /*% usage */
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-p] [-v] [-z] [-t directory] "
-		"[named.conf]\n", program);
-	exit(1);
+        fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] "
+		"[named.conf]\n");
+        exit(1);
 }
 
 /*% directory callback */
@@ -176,9 +171,9 @@ configure_zone(const char *vclass, const char *view,
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj))
-		zclass = vclass;
-	else
+        if (!cfg_obj_isstring(classobj))
+                zclass = vclass;
+        else
 		zclass = cfg_obj_asstring(classobj);
 
 	zoptions = cfg_tuple_get(zconfig, "options");
@@ -190,39 +185,21 @@ configure_zone(const char *vclass, const char *view,
 		if (obj != NULL)
 			maps[i++] = obj;
 	}
-	maps[i] = NULL;
+	maps[i++] = NULL;
 
 	cfg_map_get(zoptions, "type", &typeobj);
 	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
 	if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
 		return (ISC_R_SUCCESS);
-	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL)
-		return (ISC_R_SUCCESS);
+        cfg_map_get(zoptions, "database", &dbobj);
+        if (dbobj != NULL)
+                return (ISC_R_SUCCESS);
 	cfg_map_get(zoptions, "file", &fileobj);
 	if (fileobj == NULL)
 		return (ISC_R_FAILURE);
 	zfile = cfg_obj_asstring(fileobj);
 
-	obj = NULL;
-	if (get_maps(maps, "check-dup-records", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options |= DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-		zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-	}
-
 	obj = NULL;
 	if (get_maps(maps, "check-mx", &obj)) {
 		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
@@ -247,8 +224,7 @@ configure_zone(const char *vclass, const char *view,
 			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 		else
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-mx-cname", &obj)) {
@@ -308,8 +284,8 @@ configure_zone(const char *vclass, const char *view,
 		} else
 			INSIST(0);
 	} else {
-	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
-	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+               zone_options |= DNS_ZONEOPT_CHECKNAMES;
+               zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
 	masterformat = dns_masterformat_text;
@@ -408,15 +384,6 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
 	return (result);
 }
 
-static void
-output(void *closure, const char *text, int textlen) {
-	UNUSED(closure);
-	if (fwrite(text, 1, textlen, stdout) != (size_t)textlen) {
-		perror("fwrite");
-		exit(1);
-	}
-}
-
 /*% The main processing routine */
 int
 main(int argc, char **argv) {
@@ -429,11 +396,8 @@ main(int argc, char **argv) {
 	int exit_status = 0;
 	isc_entropy_t *ectx = NULL;
 	isc_boolean_t load_zones = ISC_FALSE;
-	isc_boolean_t print = ISC_FALSE;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
+	
+	while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -450,10 +414,12 @@ main(int argc, char **argv) {
 					isc_result_totext(result));
 				exit(1);
 			}
-			break;
-
-		case 'p':
-			print = ISC_TRUE;
+			result = isc_dir_chdir("/");
+			if (result != ISC_R_SUCCESS) {
+				fprintf(stderr, "isc_dir_chdir: %s\n",
+					isc_result_totext(result));
+				exit(1);
+			}
 			break;
 
 		case 'v':
@@ -467,34 +433,19 @@ main(int argc, char **argv) {
 			dochecksrv = ISC_FALSE;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
+			usage();
 		}
 	}
 
-	if (isc_commandline_index + 1 < argc)
-		usage();
 	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
 	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
 
-#ifdef _WIN32
-	InitSockets();
-#endif
-
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS);
 
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
@@ -520,8 +471,6 @@ main(int argc, char **argv) {
 			exit_status = 1;
 	}
 
-	if (print && exit_status == 0)
-		cfg_print(config, output, NULL);
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);
@@ -535,9 +484,5 @@ main(int argc, char **argv) {
 
 	isc_mem_destroy(&mctx);
 
-#ifdef _WIN32
-	DestroySockets();
-#endif
-
 	return (exit_status);
 }

bin/check/named-checkconf.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.22 2009/12/28 23:21:16 each Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.8.18.5 2005/07/19 05:55:41 marka Exp $ -->
 <refentry id="man.named-checkconf">
   <refentryinfo>
     <date>June 14, 2000</date>
@@ -34,8 +34,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -54,12 +52,10 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>named-checkconf</command>
-      <arg><option>-h</option></arg>
       <arg><option>-v</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="req">filename</arg>
-      <arg><option>-p</option></arg>
       <arg><option>-z</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -67,21 +63,8 @@
   <refsect1>
     <title>DESCRIPTION</title>
     <para><command>named-checkconf</command>
-      checks the syntax, but not the semantics, of a
-      <command>named</command> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <filename>/etc/named.conf</filename> is read
-      by default.
-    </para>
-    <para>
-      Note: files that <command>named</command> reads in separate
-      parser contexts, such as <filename>rndc.key</filename> and
-      <filename>bind.keys</filename>, are not automatically read
-      by <command>named-checkconf</command>.  Configuration
-      errors in these files may cause <command>named</command> to
-      fail to run, even if <command>named-checkconf</command> was
-      successful.  <command>named-checkconf</command> can be run
-      on these files explicitly, however.
+      checks the syntax, but not the semantics, of a named
+      configuration file.
     </para>
   </refsect1>
 
@@ -89,20 +72,12 @@
     <title>OPTIONS</title>
 
     <variablelist>
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that include
+            chroot to <filename>directory</filename> so that
+            include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
           </para>
@@ -119,22 +94,12 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-	    Print out the <filename>named.conf</filename> and included files
-	    in canonical form if no errors were detected.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-z</term>
         <listitem>
           <para>
-	    Perform a test load of all master zones found in
-	    <filename>named.conf</filename>.
+            Perform a check load the master zonefiles found in
+            <filename>named.conf</filename>.
           </para>
         </listitem>
       </varlistentry>
@@ -175,9 +140,6 @@
     <para><citerefentry>
         <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>
   </refsect1>

bin/check/named-checkconf.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkconf.html,v 1.33 2009/12/29 01:14:03 tbox Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.9.18.14 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkconf"></a><div class="titlepage"></div>
@@ -29,38 +29,22 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>DESCRIPTION</h2>
+<a name="id2525192"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
-      checks the syntax, but not the semantics, of a
-      <span><strong class="command">named</strong></span> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <code class="filename">/etc/named.conf</code> is read
-      by default.
-    </p>
-<p>
-      Note: files that <span><strong class="command">named</strong></span> reads in separate
-      parser contexts, such as <code class="filename">rndc.key</code> and
-      <code class="filename">bind.keys</code>, are not automatically read
-      by <span><strong class="command">named-checkconf</strong></span>.  Configuration
-      errors in these files may cause <span><strong class="command">named</strong></span> to
-      fail to run, even if <span><strong class="command">named-checkconf</strong></span> was
-      successful.  <span><strong class="command">named-checkconf</strong></span> can be run
-      on these files explicitly, however.
+      checks the syntax, but not the semantics, of a named
+      configuration file.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543444"></a><h2>OPTIONS</h2>
+<a name="id2525204"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that include
+            chroot to <code class="filename">directory</code> so that
+            include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
           </p></dd>
@@ -69,15 +53,10 @@
             Print the version of the <span><strong class="command">named-checkconf</strong></span>
             program and exit.
           </p></dd>
-<dt><span class="term">-p</span></dt>
-<dd><p>
-	    Print out the <code class="filename">named.conf</code> and included files
-	    in canonical form if no errors were detected.
-          </p></dd>
 <dt><span class="term">-z</span></dt>
 <dd><p>
-	    Perform a test load of all master zones found in
-	    <code class="filename">named.conf</code>.
+            Perform a check load the master zonefiles found in
+            <code class="filename">named.conf</code>.
           </p></dd>
 <dt><span class="term">-j</span></dt>
 <dd><p>
@@ -91,21 +70,20 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543568"></a><h2>RETURN VALUES</h2>
+<a name="id2525297"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543579"></a><h2>SEE ALSO</h2>
+<a name="id2525308"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543609"></a><h2>AUTHOR</h2>
+<a name="id2525330"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/named-checkzone.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,17 +13,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.49 2011/12/22 18:10:10 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.18.18.15 2006/01/07 03:40:23 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: named\-checkzone
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 13, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -33,9 +30,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
@@ -48,46 +45,30 @@ useful for checking zone files before configuring them into a name server.
 \fBnamed\-compilezone\fR
 is similar to
 \fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
+\fBnamed\fR. When manaully specified otherwise, the check levels must at least be as strict as those specified in the
 \fBnamed\fR
 configuration file.
 .SH "OPTIONS"
-.PP
+.TP
 \-d
-.RS 4
 Enable debugging.
-.RE
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
+.TP
 \-q
-.RS 4
 Quiet mode \- exit code only.
-.RE
-.PP
+.TP
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkzone\fR
 program and exit.
-.RE
-.PP
+.TP
 \-j
-.RS 4
 When loading the zone file read the journal if it exists.
-.RE
-.PP
+.TP
 \-c \fIclass\fR
-.RS 4
-Specify the class of the zone. If not specified, "IN" is assumed.
-.RE
-.PP
+Specify the class of the zone. If not specified "IN" is assumed.
+.TP
 \-i \fImode\fR
-.RS 4
-Perform post\-load zone integrity checks. Possible modes are
+Perform post load zone integrity checks. Possible modes are
 \fB"full"\fR
 (default),
 \fB"full\-sibling"\fR,
@@ -110,7 +91,7 @@ only checks SRV records which refer to in\-zone hostnames.
 .sp
 Mode
 \fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
+checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue addresses records in the zone match those advertised by the child. Mode
 \fB"local"\fR
 only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
 .sp
@@ -127,37 +108,23 @@ respectively.
 Mode
 \fB"none"\fR
 disables the checks.
-.RE
-.PP
+.TP
 \-f \fIformat\fR
-.RS 4
 Specify the format of the zone file. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR.
-.RE
-.PP
+.TP
 \-F \fIformat\fR
-.RS 4
-Specify the format of the output file specified. For
-\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
-.sp
-Possible formats are
+Specify the format of the output file specified. Possible formats are
 \fB"text"\fR
 (default) and
-\fB"raw"\fR
-or
-\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
-\fBnamed\fR.
-\fB"raw=N"\fR
-specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
-\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
-.RE
-.PP
+\fB"raw"\fR. For
+\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
+.TP
 \-k \fImode\fR
-.RS 4
 Perform
-\fB"check\-names"\fR
+\fB"check\-name"\fR
 checks with the specified failure mode. Possible modes are
 \fB"fail"\fR
 (default for
@@ -166,33 +133,22 @@ checks with the specified failure mode. Possible modes are
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
-\-L \fIserial\fR
-.RS 4
-When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
-.RE
-.PP
+.TP
 \-m \fImode\fR
-.RS 4
 Specify whether MX records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP
 \-M \fImode\fR
-.RS 4
 Check if a MX record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP
 \-n \fImode\fR
-.RS 4
 Specify whether NS records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR
 (default for
@@ -201,85 +157,53 @@ Specify whether NS records should be checked to see if they are addresses. Possi
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP
 \-o \fIfilename\fR
-.RS 4
 Write zone output to
-\fIfilename\fR. If
-\fIfilename\fR
-is
-\fI\-\fR
-then write to standard out. This is mandatory for
+\fIfilename\fR. This is mandatory for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
-\-r \fImode\fR
-.RS 4
-Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
+.TP
 \-s \fIstyle\fR
-.RS 4
 Specify the style of the dumped zone file. Possible styles are
 \fB"full"\fR
 (default) and
-\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
+\fB"default"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the default format is more human\-readable and is thus suitable for editing by hand. For
 \fBnamed\-checkzone\fR
 this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
-.RE
-.PP
+.TP
 \-S \fImode\fR
-.RS 4
 Check if a SRV record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP
 \-w \fIdirectory\fR
-.RS 4
 chdir to
 \fIdirectory\fR
 so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP
 \-D
-.RS 4
 Dump zone file in canonical format. This is always enabled for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
+.TP
 \-W \fImode\fR
-.RS 4
 Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP
 zonename
-.RS 4
 The domain name of the zone being checked.
-.RE
-.PP
+.TP
 filename
-.RS 4
 The name of the zone file.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkzone\fR
@@ -287,14 +211,8 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fBnamed\-checkconf\fR(8),
 RFC 1035,
 BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/check/named-checkzone.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.65 2011/12/22 17:29:22 each Exp $ */
+/* $Id: named-checkzone.c,v 1.29.18.14 2006/01/07 00:23:34 marka Exp $ */
 
 /*! \file */
 
@@ -39,7 +39,6 @@
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
-#include <dns/master.h>
 #include <dns/masterdump.h>
 #include <dns/name.h>
 #include <dns/rdataclass.h>
@@ -71,23 +70,16 @@ static enum { progmode_check, progmode_compile } progmode;
 		} \
 	} while (0)
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] "
+		"usage: %s [-djqvD] [-c class] [-o output] "
 		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-r (ignore|warn|fail)] "
-		"[-i (full|full-sibling|local|local-sibling|none)] "
-		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
-		"[-W (ignore|warn)] "
-		"%s zonename filename\n",
-		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "-o filename");
+		"[-i (full|local|none)] [-M (ignore|warn|fail)] "
+		"[-S (ignore|warn|fail)] [-W (ignore|warn)] "
+		"zonename filename\n", prog_name);
 	exit(1);
 }
 
@@ -113,18 +105,10 @@ main(int argc, char **argv) {
 	const char *outputformatstr = NULL;
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
-	dns_masterrawheader_t header;
-	isc_uint32_t rawversion = 1, serialnum = 0;
-	isc_boolean_t snset = ISC_FALSE;
-	isc_boolean_t logdump = ISC_FALSE;
-	FILE *errout = stdout;
-	char *endp;
 
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL)
-		prog_name = strrchr(argv[0], '\\');
 	if (prog_name != NULL)
 		prog_name++;
 	else
@@ -135,13 +119,9 @@ main(int argc, char **argv) {
 	 */
 	if (strncmp(prog_name, "lt-", 3) == 0)
 		prog_name += 3;
-
-#define PROGCMP(X) \
-	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
-
-	if (PROGCMP("named-checkzone"))
+	if (strcmp(prog_name, "named-checkzone") == 0)
 		progmode = progmode_check;
-	else if (PROGCMP("named-compilezone"))
+	else if (strcmp(prog_name, "named-compilezone") == 0)
 		progmode = progmode_compile;
 	else
 		INSIST(0);
@@ -150,19 +130,15 @@ main(int argc, char **argv) {
 	if (progmode == progmode_compile) {
 		zone_options |= (DNS_ZONEOPT_CHECKNS |
 				 DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
+	}
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
-	isc_commandline_errprint = ISC_FALSE;
-
 	while ((c = isc_commandline_parse(argc, argv,
-			       "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+					  "c:df:i:jk:m:n:qst:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -240,17 +216,6 @@ main(int argc, char **argv) {
 			}
 			break;
 
-		case 'L':
-			snset = ISC_TRUE;
-			endp = NULL;
-			serialnum = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
-				fprintf(stderr, "source serial number "
-						"must be numeric");
-				exit(1);
-			}
-			break;
-
 		case 'n':
 			if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
@@ -260,7 +225,7 @@ main(int argc, char **argv) {
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
 			} else if (ARGCMP("fail")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS|
-						DNS_ZONEOPT_FATALNS;
+					        DNS_ZONEOPT_FATALNS;
 			} else {
 				fprintf(stderr, "invalid argument to -n: %s\n",
 					isc_commandline_argument);
@@ -285,44 +250,10 @@ main(int argc, char **argv) {
 			}
 			break;
 
-		case 'o':
-			output_filename = isc_commandline_argument;
-			break;
-
 		case 'q':
 			quiet++;
 			break;
 
-		case 'r':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-				zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR |
-						DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKDUPRR |
-						  DNS_ZONEOPT_CHECKDUPRRFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -r: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 's':
-			if (ARGCMP("full"))
-				outputstyle = &dns_master_style_full;
-			else if (ARGCMP("relative")) {
-				outputstyle = &dns_master_style_default;
-			} else {
-				fprintf(stderr,
-					"unknown or unsupported style: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
 		case 't':
 			result = isc_dir_chroot(isc_commandline_argument);
 			if (result != ISC_R_SUCCESS) {
@@ -331,6 +262,29 @@ main(int argc, char **argv) {
 					isc_result_totext(result));
 				exit(1);
 			}
+			result = isc_dir_chdir("/");
+			if (result != ISC_R_SUCCESS) {
+				fprintf(stderr, "isc_dir_chdir: %s\n",
+					isc_result_totext(result));
+				exit(1);
+			}
+			break;
+
+		case 's':
+			if (ARGCMP("full"))
+				outputstyle = &dns_master_style_full;
+			else if (ARGCMP("default")) {
+				outputstyle = &dns_master_style_default;
+			} else {
+				fprintf(stderr,
+					"unknown or unsupported style: %s\n",
+					isc_commandline_argument);
+				exit(1);
+			}
+			break;
+
+		case 'o':
+			output_filename = isc_commandline_argument;
 			break;
 
 		case 'v':
@@ -386,17 +340,17 @@ main(int argc, char **argv) {
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					prog_name, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				prog_name, isc_commandline_option);
-			exit(1);
+			usage();
+		}
+	}
+
+	if (progmode == progmode_compile) {
+		dumpzone = 1;	/* always dump */
+		if (output_filename == NULL) {
+			fprintf(stderr,
+				"output file required, but not specified\n");
+			usage();
 		}
 	}
 
@@ -414,11 +368,7 @@ main(int argc, char **argv) {
 			inputformat = dns_masterformat_text;
 		else if (strcasecmp(inputformatstr, "raw") == 0)
 			inputformat = dns_masterformat_raw;
-		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
-			inputformat = dns_masterformat_raw;
-			fprintf(stderr,
-				"WARNING: input format raw, version ignored\n");
-		} else {
+		else {
 			fprintf(stderr, "unknown file format: %s\n",
 			    inputformatstr);
 			exit(1);
@@ -426,65 +376,23 @@ main(int argc, char **argv) {
 	}
 
 	if (outputformatstr != NULL) {
-		if (strcasecmp(outputformatstr, "text") == 0) {
+		if (strcasecmp(outputformatstr, "text") == 0)
 			outputformat = dns_masterformat_text;
-		} else if (strcasecmp(outputformatstr, "raw") == 0) {
+		else if (strcasecmp(outputformatstr, "raw") == 0)
 			outputformat = dns_masterformat_raw;
-		} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
-			char *end;
-
-			outputformat = dns_masterformat_raw;
-			rawversion = strtol(outputformatstr + 4, &end, 10);
-			if (end == outputformatstr + 4 || *end != '\0' ||
-			    rawversion > 1U) {
-				fprintf(stderr,
-					"unknown raw format version\n");
-				exit(1);
-			}
-		} else {
+		else {
 			fprintf(stderr, "unknown file format: %s\n",
 				outputformatstr);
 			exit(1);
 		}
 	}
 
-	if (progmode == progmode_compile) {
-		dumpzone = 1;	/* always dump */
-		logdump = !quiet;
-		if (output_filename == NULL) {
-			fprintf(stderr,
-				"output file required, but not specified\n");
-			usage();
-		}
-	}
-
-	if (output_filename != NULL)
-		dumpzone = 1;
-
-	/*
-	 * If we are outputing to stdout then send the informational
-	 * output to stderr.
-	 */
-	if (dumpzone &&
-	    (output_filename == NULL ||
-	     strcmp(output_filename, "-") == 0 ||
-	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0)) {
-		errout = stderr;
-		logdump = ISC_FALSE;
-	}
-
-	if (isc_commandline_index + 2 != argc)
+	if (isc_commandline_index + 2 > argc)
 		usage();
 
-#ifdef _WIN32
-	InitSockets();
-#endif
-
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 	if (!quiet)
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
-			      == ISC_R_SUCCESS);
+		RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
 		      == ISC_R_SUCCESS);
@@ -496,34 +404,24 @@ main(int argc, char **argv) {
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   &zone);
 
-	if (snset) {
-		dns_master_initrawheader(&header);
-		header.flags = DNS_MASTERRAW_SOURCESERIALSET;
-		header.sourceserial = serialnum;
-		dns_zone_setrawdata(zone, &header);
-	}
-
 	if (result == ISC_R_SUCCESS && dumpzone) {
-		if (logdump) {
-			fprintf(errout, "dump zone to %s...", output_filename);
-			fflush(errout);
+		if (!quiet && progmode == progmode_compile) {
+			fprintf(stdout, "dump zone to %s...", output_filename);
+			fflush(stdout);
 		}
 		result = dump_zone(origin, zone, output_filename,
-				   outputformat, outputstyle, rawversion);
-		if (logdump)
-			fprintf(errout, "done\n");
+				   outputformat, outputstyle);
+		if (!quiet && progmode == progmode_compile)
+			fprintf(stdout, "done\n");
 	}
 
 	if (!quiet && result == ISC_R_SUCCESS)
-		fprintf(errout, "OK\n");
+		fprintf(stdout, "OK\n");
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);
 	isc_hash_destroy();
 	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
-#ifdef _WIN32
-	DestroySockets();
-#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.11.18.13 2006/01/07 00:23:34 marka Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -35,10 +35,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -59,7 +55,6 @@
     <cmdsynopsis>
       <command>named-checkzone</command>
       <arg><option>-d</option></arg>
-      <arg><option>-h</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-q</option></arg>
       <arg><option>-v</option></arg>
@@ -71,9 +66,7 @@
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -97,14 +90,12 @@
       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg choice="req">zonename</arg>
       <arg choice="req">filename</arg>
     </cmdsynopsis>
@@ -125,7 +116,7 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <command>named</command>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<command>named</command> configuration file.
      </para>
@@ -144,15 +135,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-q</term>
         <listitem>
@@ -185,7 +167,7 @@
         <term>-c <replaceable class="parameter">class</replaceable></term>
         <listitem>
           <para>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
+            Specify the class of the zone.  If not specified "IN" is assumed.
           </para>
         </listitem>
       </varlistentry>
@@ -194,7 +176,7 @@
         <term>-i <replaceable class="parameter">mode</replaceable></term>
 	<listitem>
 	  <para>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <command>"full"</command> (default),
 	      <command>"full-sibling"</command>,
 	      <command>"local"</command>,
@@ -216,7 +198,7 @@
 	  <para>
 	      Mode <command>"full"</command> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <command>"local"</command> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -250,20 +232,12 @@
 	<listitem>
 	  <para>
 	    Specify the format of the output file specified.
+	    Possible formats are <command>"text"</command> (default)
+	    and <command>"raw"</command>.
 	    For <command>named-checkzone</command>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
 	  </para>
-	  <para>
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command> or <command>"raw=N"</command>,
-            which store the zone in a binary format for rapid loading
-            by <command>named</command>.  <command>"raw=N"</command>
-            specifies the format version of the raw zone file: if N
-            is 0, the raw file can be read by any version of
-            <command>named</command>; if N is 1, the file can be read
-            by release 9.9.0 or higher.  The default is 1.
-	  </para>
 	</listitem>
       </varlistentry>
 
@@ -271,7 +245,7 @@
         <term>-k <replaceable class="parameter">mode</replaceable></term>
         <listitem>
           <para>
-            Perform <command>"check-names"</command> checks with the
+            Perform <command>"check-name"</command> checks with the
 	    specified failure mode.
             Possible modes are <command>"fail"</command>
 	    (default for <command>named-compilezone</command>),
@@ -282,17 +256,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-L <replaceable class="parameter">serial</replaceable></term>
-        <listitem>
-          <para>
-            When compiling a zone to 'raw' format, set the "source serial" 
-            value in the header to the specified serial number.  (This is
-            expected to be used primarily for testing purposes.)
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-m <replaceable class="parameter">mode</replaceable></term>
         <listitem>
@@ -337,36 +300,21 @@
         <listitem>
           <para>
             Write zone output to <filename>filename</filename>.
-	    If <filename>filename</filename> is <filename>-</filename> then
-	    write to standard out.
 	    This is mandatory for <command>named-compilezone</command>.
           </para>
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.  
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-s <replaceable class="parameter">style</replaceable></term>
 	<listitem>
 	  <para>
 	    Specify the style of the dumped zone file.
 	    Possible styles are <command>"full"</command> (default)
-	    and <command>"relative"</command>.
+	    and <command>"default"</command>.
 	    The full format is most suitable for processing
 	    automatically by a separate script.
-	    On the other hand, the relative format is more
+	    On the other hand, the default format is more
 	    human-readable and is thus suitable for editing by hand.
 	    For <command>named-checkzone</command>
 	    this does not cause any effects unless it dumps the zone
@@ -393,7 +341,7 @@
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that
+            chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -473,9 +421,6 @@
     <para><citerefentry>
         <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
-      </citerefentry>,
       <citetitle>RFC 1035</citetitle>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>

bin/check/named-checkzone.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.49 2011/12/22 18:10:10 tbox Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.11.18.21 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkzone"></a><div class="titlepage"></div>
@@ -29,11 +29,11 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543715"></a><h2>DESCRIPTION</h2>
+<a name="id2525474"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -47,22 +47,18 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <span><strong class="command">named</strong></span>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<span><strong class="command">named</strong></span> configuration file.
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543750"></a><h2>OPTIONS</h2>
+<a name="id2525509"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
             Enable debugging.
           </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-q</span></dt>
 <dd><p>
             Quiet mode - exit code only.
@@ -78,12 +74,12 @@
           </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
+            Specify the class of the zone.  If not specified "IN" is assumed.
           </p></dd>
 <dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
 <dd>
 <p>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <span><strong class="command">"full"</strong></span> (default),
 	      <span><strong class="command">"full-sibling"</strong></span>,
 	      <span><strong class="command">"local"</strong></span>,
@@ -105,7 +101,7 @@
 <p>
 	      Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <span><strong class="command">"local"</strong></span> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -128,27 +124,17 @@
 	    and <span><strong class="command">"raw"</strong></span>.
 	  </p></dd>
 <dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
-<dd>
-<p>
+<dd><p>
 	    Specify the format of the output file specified.
+	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
+	    and <span><strong class="command">"raw"</strong></span>.
 	    For <span><strong class="command">named-checkzone</strong></span>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
-	  </p>
-<p>
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
-            which store the zone in a binary format for rapid loading
-            by <span><strong class="command">named</strong></span>.  <span><strong class="command">"raw=N"</strong></span>
-            specifies the format version of the raw zone file: if N
-            is 0, the raw file can be read by any version of
-            <span><strong class="command">named</strong></span>; if N is 1, the file can be read
-            by release 9.9.0 or higher.  The default is 1.
-	  </p>
-</dd>
+	  </p></dd>
 <dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
 <dd><p>
-            Perform <span><strong class="command">"check-names"</strong></span> checks with the
+            Perform <span><strong class="command">"check-name"</strong></span> checks with the
 	    specified failure mode.
             Possible modes are <span><strong class="command">"fail"</strong></span>
 	    (default for <span><strong class="command">named-compilezone</strong></span>),
@@ -156,12 +142,6 @@
 	    (default for <span><strong class="command">named-checkzone</strong></span>) and
             <span><strong class="command">"ignore"</strong></span>.
           </p></dd>
-<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
-<dd><p>
-            When compiling a zone to 'raw' format, set the "source serial" 
-            value in the header to the specified serial number.  (This is
-            expected to be used primarily for testing purposes.)
-          </p></dd>
 <dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
 <dd><p>
             Specify whether MX records should be checked to see if they
@@ -189,26 +169,16 @@
 <dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
 <dd><p>
             Write zone output to <code class="filename">filename</code>.
-	    If <code class="filename">filename</code> is <code class="filename">-</code> then
-	    write to standard out.
 	    This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
           </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.  
-            Possible modes are <span><strong class="command">"fail"</strong></span>,
-            <span><strong class="command">"warn"</strong></span> (default) and
-            <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
 <dd><p>
 	    Specify the style of the dumped zone file.
 	    Possible styles are <span><strong class="command">"full"</strong></span> (default)
-	    and <span><strong class="command">"relative"</strong></span>.
+	    and <span><strong class="command">"default"</strong></span>.
 	    The full format is most suitable for processing
 	    automatically by a separate script.
-	    On the other hand, the relative format is more
+	    On the other hand, the default format is more
 	    human-readable and is thus suitable for editing by hand.
 	    For <span><strong class="command">named-checkzone</strong></span>
 	    this does not cause any effects unless it dumps the zone
@@ -225,7 +195,7 @@
 	  </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that
+            chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -263,22 +233,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544499"></a><h2>RETURN VALUES</h2>
+<a name="id2526108"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544579"></a><h2>SEE ALSO</h2>
+<a name="id2526120"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544612"></a><h2>AUTHOR</h2>
+<a name="id2526145"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/win32/checktool.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=checktool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checktool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "checktool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checktool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/checktool.lib"
-
-!ELSEIF  "$(CFG)" == "checktool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/checktool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checktool - Win32 Release"
-# Name "checktool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\check-tool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/check/win32/checktool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/namedcheckconf.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,6 +88,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE="..\check-tool.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\named-checkconf.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckconf.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "namedcheckconf - Win32 Release"
 
 OUTDIR=.\Release
@@ -133,12 +58,11 @@ CLEAN :
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "$(OUTDIR)\namedcheckconf.bsc"
 	-@erase "..\..\..\Build\Release\named-checkconf.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
 BSC32_SBRS= \
@@ -163,7 +87,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
 
@@ -198,12 +121,11 @@ CLEAN :
 	-@erase "$(OUTDIR)\namedcheckconf.bsc"
 	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
 	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
 BSC32_SBRS= \
@@ -228,7 +150,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -366,39 +287,3 @@ SOURCE="..\named-checkconf.c"
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/check/win32/namedcheckzone.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
 # SUBTRACT CPP /Fr
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
@@ -51,7 +51,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -67,7 +67,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -76,7 +76,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -89,6 +89,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE="..\check-tool.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\named-checkzone.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckzone.mak

@@ -25,81 +25,6 @@ NULL=
 NULL=nul
 !ENDIF 
 
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "namedcheckzone - Win32 Release"
 
 OUTDIR=.\Release
@@ -124,13 +49,12 @@ CLEAN :
 	-@erase "$(INTDIR)\named-checkzone.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\named-checkzone.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -168,19 +92,17 @@ BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc"
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" /machine:I386 /out:"../../../Build/Release/named-checkzone.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" /machine:I386 /out:"../../../Build/Release/named-checkzone.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\check-tool.obj" \
 	"$(INTDIR)\named-checkzone.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib"
 
 "..\..\..\Build\Release\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -215,13 +137,12 @@ CLEAN :
 	-@erase "$(OUTDIR)\namedcheckzone.bsc"
 	-@erase "..\..\..\Build\Debug\named-checkzone.exe"
 	-@erase "..\..\..\Build\Debug\named-checkzone.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -266,19 +187,17 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\check-tool.obj" \
 	"$(INTDIR)\named-checkzone.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib"
 
 "..\..\..\Build\Debug\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -384,21 +303,3 @@ SOURCE="..\named-checkzone.c"
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/confgen/.cvsignore

@@ -1,3 +0,0 @@
-Makefile
-ddns-confgen
-rndc-confgen

bin/confgen/Makefile.in

@@ -1,101 +0,0 @@
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
-	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
-
-CDEFINES =
-CWARNINGS =
-
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-
-RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
-RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
-
-LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
-
-NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
-
-CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
-
-SRCS=		rndc-confgen.c ddns-confgen.c
-
-SUBDIRS =	unix
-
-TARGETS =	rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@
-
-MANPAGES =	rndc-confgen.8 ddns-confgen.8
-
-HTMLPAGES =	rndc-confgen.html ddns-confgen.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-UOBJS =		unix/os.@O@
-
-@BIND9_MAKE_RULES@
-
-rndc-confgen.@O@: rndc-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
-		-c ${srcdir}/rndc-confgen.c
-
-ddns-confgen.@O@: ddns-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
-
-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ddns-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/ddns-confgen.8 ${DESTDIR}${mandir}/man8
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS}

bin/confgen/ddns-confgen.8

@@ -1,143 +0,0 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: ddns-confgen.8,v 1.10 2009/09/19 01:14:52 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: ddns\-confgen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jan 29, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DDNS\-CONFGEN" "8" "Jan 29, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-ddns\-confgen \- ddns key generation tool
-.SH "SYNOPSIS"
-.HP 13
-\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR] [\fB\-q\fR] [name]
-.SH "DESCRIPTION"
-.PP
-\fBddns\-confgen\fR
-generates a key for use by
-\fBnsupdate\fR
-and
-\fBnamed\fR. It simplifies configuration of dynamic zones by generating a key and providing the
-\fBnsupdate\fR
-and
-\fBnamed.conf\fR
-syntax that will be needed to use it, including an example
-\fBupdate\-policy\fR
-statement.
-.PP
-If a domain name is specified on the command line, it will be used in the name of the generated key and in the sample
-\fBnamed.conf\fR
-syntax. For example,
-\fBddns\-confgen example.com\fR
-would generate a key called "ddns\-key.example.com", and sample
-\fBnamed.conf\fR
-command that could be used in the zone definition for "example.com".
-.PP
-Note that
-\fBnamed\fR
-itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fR.
-\fBddns\-confgen\fR
-is only needed when a more elaborate configuration is required: for instance, if
-\fBnsupdate\fR
-is to be used from a remote system.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512. The default is hmac\-sha256.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBddns\-confgen\fR.
-.RE
-.PP
-\-k \fIkeyname\fR
-.RS 4
-Specifies the key name of the DDNS authentication key. The default is
-\fBddns\-key\fR
-when neither the
-\fB\-s\fR
-nor
-\fB\-z\fR
-option is specified; otherwise, the default is
-\fBddns\-key\fR
-as a separate label followed by the argument of the option, e.g.,
-\fBddns\-key.example.com.\fR
-The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods.
-.RE
-.PP
-\-q
-.RS 4
-Quiet mode: Print only the key, with no explanatory text or usage examples.
-.RE
-.PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
-.RE
-.PP
-\-s \fIname\fR
-.RS 4
-Single host mode: The example
-\fBnamed.conf\fR
-text shows how to set an update policy for the specified
-\fIname\fR
-using the "name" nametype. The default key name is ddns\-key.\fIname\fR. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key name. This option cannot be used with the
-\fB\-z\fR
-option.
-.RE
-.PP
-\-z \fIzone\fR
-.RS 4
-zone mode: The example
-\fBnamed.conf\fR
-text shows how to set an update policy for the specified
-\fIzone\fR
-using the "zonesub" nametype, allowing updates to all subdomain names within that
-\fIzone\fR. This option cannot be used with the
-\fB\-s\fR
-option.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBnsupdate\fR(1),
-\fBnamed.conf\fR(5),
-\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/confgen/ddns-confgen.c

@@ -1,258 +0,0 @@
-/*
- * Copyright (C) 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: ddns-confgen.c,v 1.11 2011/03/12 04:59:46 tbox Exp $ */
-
-/*! \file */
-
-/**
- * ddns-confgen generates configuration files for dynamic DNS. It can
- * be used as a convenient alternative to writing the ddns.key file
- * and the corresponding key and update-policy statements in named.conf.
- */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/assertions.h>
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-#define DEFAULT_KEYNAME		"ddns-key"
-
-static char program[256];
-const char *progname;
-
-isc_boolean_t verbose = ISC_FALSE;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(int status) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(int status) {
-
-	fprintf(stderr, "\
-Usage:\n\
- %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\
-  -k keyname:    name of the key as it will be used in named.conf\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-  -s name:       domain name to be updated using the created key\n\
-  -z zone:       name of the zone as it will be used in named.conf\n\
-  -q:            quiet mode: print the key, with no explanatory text\n",
-		 progname);
-
-	exit (status);
-}
-
-int
-main(int argc, char **argv) {
-	isc_boolean_t show_final_mem = ISC_FALSE;
-	isc_boolean_t quiet = ISC_FALSE;
-	isc_buffer_t key_txtbuffer;
-	char key_txtsecret[256];
-	isc_mem_t *mctx = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-	const char *randomfile = NULL;
-	const char *keyname = NULL;
-	const char *zone = NULL;
-	const char *self_domain = NULL;
-	char *keybuf = NULL;
-	dns_secalg_t alg = DST_ALG_HMACSHA256;
-	const char *algname = alg_totext(alg);
-	int keysize = 256;
-	int len = 0;
-	int ch;
-
-	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS)
-		memcpy(program, "ddns-confgen", 13);
-	progname = program;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "a:hk:Mmr:qs:Vy:z:")) != -1) {
-		switch (ch) {
-		case 'a':
-			algname = isc_commandline_argument;
-			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN)
-				fatal("Unsupported algorithm '%s'", algname);
-			keysize = alg_bits(alg);
-			break;
-		case 'h':
-			usage(0);
-		case 'k':
-		case 'y':
-			keyname = isc_commandline_argument;
-			break;
-		case 'M':
-			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
-			break;
-		case 'm':
-			show_final_mem = ISC_TRUE;
-			break;
-		case 'q':
-			quiet = ISC_TRUE;
-			break;
-		case 'r':
-			randomfile = isc_commandline_argument;
-			break;
-		case 's':
-			self_domain = isc_commandline_argument;
-			break;
-		case 'V':
-			verbose = ISC_TRUE;
-			break;
-		case 'z':
-			zone = isc_commandline_argument;
-			break;
-		case '?':
-			if (isc_commandline_option != '?') {
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-				usage(1);
-			} else
-				usage(0);
-			break;
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	argc -= isc_commandline_index;
-	argv += isc_commandline_index;
-	POST(argv);
-
-	if (self_domain != NULL && zone != NULL)
-		usage(1);	/* -s and -z cannot coexist */
-
-	if (argc > 0)
-		usage(1);
-
-	DO("create memory context", isc_mem_create(0, 0, &mctx));
-
-	if (keyname == NULL) {
-		const char *suffix = NULL;
-
-		keyname = DEFAULT_KEYNAME;
-		if (self_domain != NULL)
-			suffix = self_domain;
-		else if (zone != NULL)
-			suffix = zone;
-		if (suffix != NULL) {
-			len = strlen(keyname) + strlen(suffix) + 2;
-			keybuf = isc_mem_get(mctx, len);
-			if (keybuf == NULL)
-				fatal("failed to allocate memory for keyname");
-			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *) keybuf;
-		}
-	}
-
-	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
-
-	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
-
-
-	if (!quiet)
-		printf("\
-# To activate this key, place the following in named.conf, and\n\
-# in a separate keyfile on the system or systems from which nsupdate\n\
-# will be run:\n");
-
-	printf("\
-key \"%s\" {\n\
-	algorithm %s;\n\
-	secret \"%.*s\";\n\
-};\n",
-	       keyname, algname,
-	       (int)isc_buffer_usedlength(&key_txtbuffer),
-	       (char *)isc_buffer_base(&key_txtbuffer));
-
-	if (!quiet) {
-		if (self_domain != NULL) {
-			printf("\n\
-# Then, in the \"zone\" statement for the zone containing the\n\
-# name \"%s\", place an \"update-policy\" statement\n\
-# like this one, adjusted as needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s name %s ANY;\n\
-};\n",
-			       self_domain, keyname, self_domain);
-		} else if (zone != NULL) {
-			printf("\n\
-# Then, in the \"zone\" definition statement for \"%s\",\n\
-# place an \"update-policy\" statement like this one, adjusted as \n\
-# needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s zonesub ANY;\n\
-};\n",
-			       zone, keyname);
-		} else {
-			printf("\n\
-# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
-# update, place an \"update-policy\" statement granting update permission\n\
-# to this key.  For example, the following statement grants this key\n\
-# permission to update any name within the zone:\n\
-update-policy {\n\
-	grant %s zonesub ANY;\n\
-};\n",
-			       keyname);
-		}
-
-		printf("\n\
-# After the keyfile has been placed, the following command will\n\
-# execute nsupdate using this key:\n\
-nsupdate -k <keyfile>\n");
-
-	}
-
-	if (keybuf != NULL)
-		isc_mem_put(mctx, keybuf, len);
-
-	if (show_final_mem)
-		isc_mem_stats(mctx, stderr);
-
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/confgen/ddns-confgen.docbook

@@ -1,218 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-	       "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: ddns-confgen.docbook,v 1.6 2009/09/18 22:08:55 fdupont Exp $ -->
-<refentry id="man.ddns-confgen">
-  <refentryinfo>
-    <date>Jan 29, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>ddns-confgen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>ddns-confgen</application></refname>
-    <refpurpose>ddns key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>ddns-confgen</command>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
-      <group>
-        <arg choice="plain">-s <replaceable class="parameter">name</replaceable></arg>
-        <arg choice="plain">-z <replaceable class="parameter">zone</replaceable></arg>
-      </group>
-      <arg><option>-q</option></arg>
-      <arg choice="opt">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>ddns-confgen</command>
-      generates a key for use by <command>nsupdate</command>
-      and <command>named</command>.  It simplifies configuration
-      of dynamic zones by generating a key and providing the
-      <command>nsupdate</command> and <command>named.conf</command>
-      syntax that will be needed to use it, including an example
-      <command>update-policy</command> statement.
-    </para>
-
-    <para>
-      If a domain name is specified on the command line, it will
-      be used in the name of the generated key and in the sample
-      <command>named.conf</command> syntax.  For example,
-      <command>ddns-confgen example.com</command> would
-      generate a key called "ddns-key.example.com", and sample
-      <command>named.conf</command> command that could be used
-      in the zone definition for "example.com".
-    </para>
-
-    <para>
-      Note that <command>named</command> itself can configure a
-      local DDNS key for use with <command>nsupdate -l</command>.
-      <command>ddns-confgen</command> is only needed when a 
-      more elaborate configuration is required: for instance, if
-      <command>nsupdate</command> is to be used from a remote system.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Prints a short summary of the options and arguments to
-	    <command>ddns-confgen</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-k <replaceable class="parameter">keyname</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <constant>ddns-key</constant> when neither
-	    the <option>-s</option> nor <option>-z</option> option is
-	    specified; otherwise, the default
-	    is <constant>ddns-key</constant> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <constant>ddns-key.example.com.</constant>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q</term>
-	<listitem>
-	  <para>
-	    Quiet mode:  Print only the key, with no explanatory text or
-            usage examples.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <filename>/dev/random</filename> or equivalent device, the
-            default source of randomness is keyboard input.
-            <filename>randomdev</filename> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard input
-            should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s <replaceable class="parameter">name</replaceable></term>
-	<listitem>
-	  <para>
-	    Single host mode: The example <command>named.conf</command> text
-	    shows how to set an update policy for the specified
-	    <replaceable class="parameter">name</replaceable>
-	    using the "name" nametype.
-	    The default key name is
-	    ddns-key.<replaceable class="parameter">name</replaceable>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <option>-z</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-z <replaceable class="parameter">zone</replaceable></term>
-	<listitem>
-	  <para>
-	    zone mode:  The example <command>named.conf</command> text
-            shows how to set an update policy for the specified
-	    <replaceable class="parameter">zone</replaceable>
-	    using the "zonesub" nametype, allowing updates to all subdomain
-	    names within
-	    that <replaceable class="parameter">zone</replaceable>.
-	    This option cannot be used with the <option>-s</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-	<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/confgen/ddns-confgen.html

@@ -1,141 +0,0 @@
-<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: ddns-confgen.html,v 1.10 2009/09/19 01:14:52 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.ddns-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">ddns-confgen</span> &#8212; ddns key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">ddns-confgen</strong></span>
-      generates a key for use by <span><strong class="command">nsupdate</strong></span>
-      and <span><strong class="command">named</strong></span>.  It simplifies configuration
-      of dynamic zones by generating a key and providing the
-      <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named.conf</strong></span>
-      syntax that will be needed to use it, including an example
-      <span><strong class="command">update-policy</strong></span> statement.
-    </p>
-<p>
-      If a domain name is specified on the command line, it will
-      be used in the name of the generated key and in the sample
-      <span><strong class="command">named.conf</strong></span> syntax.  For example,
-      <span><strong class="command">ddns-confgen example.com</strong></span> would
-      generate a key called "ddns-key.example.com", and sample
-      <span><strong class="command">named.conf</strong></span> command that could be used
-      in the zone definition for "example.com".
-    </p>
-<p>
-      Note that <span><strong class="command">named</strong></span> itself can configure a
-      local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>.
-      <span><strong class="command">ddns-confgen</strong></span> is only needed when a 
-      more elaborate configuration is required: for instance, if
-      <span><strong class="command">nsupdate</strong></span> is to be used from a remote system.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543454"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-	  </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Prints a short summary of the options and arguments to
-	    <span><strong class="command">ddns-confgen</strong></span>.
-	  </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <code class="constant">ddns-key</code> when neither
-	    the <code class="option">-s</code> nor <code class="option">-z</code> option is
-	    specified; otherwise, the default
-	    is <code class="constant">ddns-key</code> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <code class="constant">ddns-key.example.com.</code>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </p></dd>
-<dt><span class="term">-q</span></dt>
-<dd><p>
-	    Quiet mode:  Print only the key, with no explanatory text or
-            usage examples.
-	  </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <code class="filename">/dev/random</code> or equivalent device, the
-            default source of randomness is keyboard input.
-            <code class="filename">randomdev</code> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard input
-            should be used.
-	  </p></dd>
-<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
-	    Single host mode: The example <span><strong class="command">named.conf</strong></span> text
-	    shows how to set an update policy for the specified
-	    <em class="replaceable"><code>name</code></em>
-	    using the "name" nametype.
-	    The default key name is
-	    ddns-key.<em class="replaceable"><code>name</code></em>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <code class="option">-z</code> option.
-	  </p></dd>
-<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
-<dd><p>
-	    zone mode:  The example <span><strong class="command">named.conf</strong></span> text
-            shows how to set an update policy for the specified
-	    <em class="replaceable"><code>zone</code></em>
-	    using the "zonesub" nametype, allowing updates to all subdomain
-	    names within
-	    that <em class="replaceable"><code>zone</code></em>.
-	    This option cannot be used with the <code class="option">-s</code> option.
-	  </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543642"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543681"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/confgen/include/confgen/os.h

@@ -1,39 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-/*! \file */
-
-#ifndef RNDC_OS_H
-#define RNDC_OS_H 1
-
-#include <isc/lang.h>
-#include <stdio.h>
-
-ISC_LANG_BEGINDECLS
-
-int set_user(FILE *fd, const char *user);
-/*%<
- * Set the owner of the file referenced by 'fd' to 'user'.
- * Returns:
- *   0 		success
- *   -1 	insufficient permissions, or 'user' does not exist.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif

bin/confgen/keygen.c

@@ -1,218 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/result.h>
-#include <isc/string.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-/*%
- * Convert algorithm type to string.
- */
-const char *
-alg_totext(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return "hmac-md5";
-	    case DST_ALG_HMACSHA1:
-		return "hmac-sha1";
-	    case DST_ALG_HMACSHA224:
-		return "hmac-sha224";
-	    case DST_ALG_HMACSHA256:
-		return "hmac-sha256";
-	    case DST_ALG_HMACSHA384:
-		return "hmac-sha384";
-	    case DST_ALG_HMACSHA512:
-		return "hmac-sha512";
-	    default:
-		return "(unknown)";
-	}
-}
-
-/*%
- * Convert string to algorithm type.
- */
-dns_secalg_t
-alg_fromtext(const char *name) {
-	if (strcmp(name, "hmac-md5") == 0)
-		return DST_ALG_HMACMD5;
-	if (strcmp(name, "hmac-sha1") == 0)
-		return DST_ALG_HMACSHA1;
-	if (strcmp(name, "hmac-sha224") == 0)
-		return DST_ALG_HMACSHA224;
-	if (strcmp(name, "hmac-sha256") == 0)
-		return DST_ALG_HMACSHA256;
-	if (strcmp(name, "hmac-sha384") == 0)
-		return DST_ALG_HMACSHA384;
-	if (strcmp(name, "hmac-sha512") == 0)
-		return DST_ALG_HMACSHA512;
-	return DST_ALG_UNKNOWN;
-}
-
-/*%
- * Return default keysize for a given algorithm type.
- */
-int
-alg_bits(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return 128;
-	    case DST_ALG_HMACSHA1:
-		return 160;
-	    case DST_ALG_HMACSHA224:
-		return 224;
-	    case DST_ALG_HMACSHA256:
-		return 256;
-	    case DST_ALG_HMACSHA384:
-		return 384;
-	    case DST_ALG_HMACSHA512:
-		return 512;
-	    default:
-		return 0;
-	}
-}
-
-/*%
- * Generate a key of size 'keysize' using entropy source 'randomfile',
- * and place it in 'key_txtbuffer'
- */
-void
-generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-	     int keysize, isc_buffer_t *key_txtbuffer) {
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_entropysource_t *entropy_source = NULL;
-	int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-	int entropy_flags = 0;
-	isc_entropy_t *ectx = NULL;
-	isc_buffer_t key_rawbuffer;
-	isc_region_t key_rawregion;
-	char key_rawsecret[64];
-	dst_key_t *key = NULL;
-
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		if (keysize < 1 || keysize > 512)
-			fatal("keysize %d out of range (must be 1-512)\n",
-			      keysize);
-		break;
-	    case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 256)
-			fatal("keysize %d out of range (must be 1-256)\n",
-			      keysize);
-		break;
-	    default:
-		fatal("unsupported algorithm %d\n", alg);
-	}
-
-
-	DO("create entropy context", isc_entropy_create(mctx, &ectx));
-
-	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
-		randomfile = NULL;
-		open_keyboard = ISC_ENTROPY_KEYBOARDYES;
-	}
-	DO("start entropy source", isc_entropy_usebestsource(ectx,
-							     &entropy_source,
-							     randomfile,
-							     open_keyboard));
-
-	entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
-
-	DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
-
-	DO("generate key", dst_key_generate(dns_rootname, alg,
-					    keysize, 0, 0,
-					    DNS_KEYPROTO_ANY,
-					    dns_rdataclass_in, mctx, &key));
-
-	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
-
-	DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
-
-	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
-
-	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
-						     key_txtbuffer));
-
-	/*
-	 * Shut down the entropy source now so the "stop typing" message
-	 * does not muck with the output.
-	 */
-	if (entropy_source != NULL)
-		isc_entropy_destroysource(&entropy_source);
-
-	if (key != NULL)
-		dst_key_free(&key);
-
-	isc_entropy_detach(&ectx);
-	dst_lib_destroy();
-}
-
-/*%
- * Write a key file to 'keyfile'.  If 'user' is non-NULL,
- * make that user the owner of the file.  The key will have
- * the name 'keyname' and the secret in the buffer 'secret'.
- */
-void
-write_key_file(const char *keyfile, const char *user,
-	       const char *keyname, isc_buffer_t *secret,
-	       dns_secalg_t alg) {
-	isc_result_t result;
-	const char *algname = alg_totext(alg);
-	FILE *fd = NULL;
-
-	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
-
-	if (user != NULL) {
-		if (set_user(fd, user) == -1)
-			fatal("unable to set file owner\n");
-	}
-
-	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
-		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname,
-		(int)isc_buffer_usedlength(secret),
-		(char *)isc_buffer_base(secret));
-	fflush(fd);
-	if (ferror(fd))
-		fatal("write to %s failed\n", keyfile);
-	if (fclose(fd))
-		fatal("fclose(%s) failed\n", keyfile);
-	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
-}
-

bin/confgen/keygen.h

@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-#ifndef RNDC_KEYGEN_H
-#define RNDC_KEYGEN_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-
-ISC_LANG_BEGINDECLS
-
-void generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-		  int keysize, isc_buffer_t *key_txtbuffer);
-
-void write_key_file(const char *keyfile, const char *user,
-		    const char *keyname, isc_buffer_t *secret,
-		    dns_secalg_t alg);
-
-const char *alg_totext(dns_secalg_t alg);
-dns_secalg_t alg_fromtext(const char *name);
-int alg_bits(dns_secalg_t alg);
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_KEYGEN_H */

bin/confgen/rndc-confgen.c

@@ -1,271 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2007-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001, 2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
-
-/*! \file */
-
-/**
- * rndc-confgen generates configuration files for rndc. It can be used
- * as a convenient alternative to writing the rndc.conf file and the
- * corresponding controls and key statements in named.conf by hand.
- * Alternatively, it can be run with the -a option to set up a
- * rndc.key file and avoid the need for a rndc.conf file and a
- * controls statement altogether.
- */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/assertions.h>
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-#define DEFAULT_KEYLENGTH	128		/*% Bits. */
-#define DEFAULT_KEYNAME		"rndc-key"
-#define DEFAULT_SERVER		"127.0.0.1"
-#define DEFAULT_PORT		953
-
-static char program[256];
-const char *progname;
-
-isc_boolean_t verbose = ISC_FALSE;
-
-const char *keyfile, *keydef;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(int status) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(int status) {
-
-	fprintf(stderr, "\
-Usage:\n\
- %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
-[-s addr] [-t chrootdir] [-u user]\n\
-  -a:		 generate just the key clause and write it to keyfile (%s)\n\
-  -b bits:	 from 1 through 512, default %d; total length of the secret\n\
-  -c keyfile:	 specify an alternate key file (requires -a)\n\
-  -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
-  -p port:	 the port named will listen on and rndc will connect to\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-  -s addr:	 the address to which rndc should connect\n\
-  -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
-  -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
-		 progname, keydef, DEFAULT_KEYLENGTH);
-
-	exit (status);
-}
-
-int
-main(int argc, char **argv) {
-	isc_boolean_t show_final_mem = ISC_FALSE;
-	isc_buffer_t key_txtbuffer;
-	char key_txtsecret[256];
-	isc_mem_t *mctx = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-	const char *keyname = NULL;
-	const char *randomfile = NULL;
-	const char *serveraddr = NULL;
-	dns_secalg_t alg = DST_ALG_HMACMD5;
-	const char *algname = alg_totext(alg);
-	char *p;
-	int ch;
-	int port;
-	int keysize;
-	struct in_addr addr4_dummy;
-	struct in6_addr addr6_dummy;
-	char *chrootdir = NULL;
-	char *user = NULL;
-	isc_boolean_t keyonly = ISC_FALSE;
-	int len;
-
-	keydef = keyfile = RNDC_KEYFILE;
-
-	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS)
-		memcpy(program, "rndc-confgen", 13);
-	progname = program;
-
-	keyname = DEFAULT_KEYNAME;
-	keysize = DEFAULT_KEYLENGTH;
-	serveraddr = DEFAULT_SERVER;
-	port = DEFAULT_PORT;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) {
-		switch (ch) {
-		case 'a':
-			keyonly = ISC_TRUE;
-			break;
-		case 'b':
-			keysize = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || keysize < 0)
-				fatal("-b requires a non-negative number");
-			if (keysize < 1 || keysize > 512)
-				fatal("-b must be in the range 1 through 512");
-			break;
-		case 'c':
-			keyfile = isc_commandline_argument;
-			break;
-		case 'h':
-			usage(0);
-		case 'k':
-		case 'y':	/* Compatible with rndc -y. */
-			keyname = isc_commandline_argument;
-			break;
-		case 'M':
-			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
-			break;
-
-		case 'm':
-			show_final_mem = ISC_TRUE;
-			break;
-		case 'p':
-			port = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || port < 0 || port > 65535)
-				fatal("port '%s' out of range",
-				      isc_commandline_argument);
-			break;
-		case 'r':
-			randomfile = isc_commandline_argument;
-			break;
-		case 's':
-			serveraddr = isc_commandline_argument;
-			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
-			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
-				fatal("-s should be an IPv4 or IPv6 address");
-			break;
-		case 't':
-			chrootdir = isc_commandline_argument;
-			break;
-		case 'u':
-			user = isc_commandline_argument;
-			break;
-		case 'V':
-			verbose = ISC_TRUE;
-			break;
-		case '?':
-			if (isc_commandline_option != '?') {
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-				usage(1);
-			} else
-				usage(0);
-			break;
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	argc -= isc_commandline_index;
-	argv += isc_commandline_index;
-	POST(argv);
-
-	if (argc > 0)
-		usage(1);
-
-	DO("create memory context", isc_mem_create(0, 0, &mctx));
-	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
-
-	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
-
-	if (keyonly) {
-		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
-			       keyname, &key_txtbuffer, alg);
-
-		if (chrootdir != NULL) {
-			char *buf;
-			len = strlen(chrootdir) + strlen(keyfile) + 2;
-			buf = isc_mem_get(mctx, len);
-			if (buf == NULL)
-				fatal("isc_mem_get(%d) failed\n", len);
-			snprintf(buf, len, "%s%s%s", chrootdir,
-				 (*keyfile != '/') ? "/" : "", keyfile);
-
-			write_key_file(buf, user, keyname, &key_txtbuffer, alg);
-			isc_mem_put(mctx, buf, len);
-		}
-	} else {
-		printf("\
-# Start of rndc.conf\n\
-key \"%s\" {\n\
-	algorithm %s;\n\
-	secret \"%.*s\";\n\
-};\n\
-\n\
-options {\n\
-	default-key \"%s\";\n\
-	default-server %s;\n\
-	default-port %d;\n\
-};\n\
-# End of rndc.conf\n\
-\n\
-# Use with the following in named.conf, adjusting the allow list as needed:\n\
-# key \"%s\" {\n\
-# 	algorithm %s;\n\
-# 	secret \"%.*s\";\n\
-# };\n\
-# \n\
-# controls {\n\
-# 	inet %s port %d\n\
-# 		allow { %s; } keys { \"%s\"; };\n\
-# };\n\
-# End of named.conf\n",
-		       keyname, algname,
-		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer),
-		       keyname, serveraddr, port,
-		       keyname, algname,
-		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer),
-		       serveraddr, port, serveraddr, keyname);
-	}
-
-	if (show_final_mem)
-		isc_mem_stats(mctx, stderr);
-
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/confgen/unix/Makefile.in

@@ -1,35 +0,0 @@
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
-		${DNS_INCLUDES} ${ISC_INCLUDES}
-
-CDEFINES =
-CWARNINGS =
-
-OBJS =		os.@O@
-
-SRCS =		os.c
-
-TARGETS =	${OBJS}
-
-@BIND9_MAKE_RULES@

bin/confgen/unix/os.c

@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <confgen/os.h>
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <errno.h>
-#include <stdio.h>
-#include <sys/stat.h>
-
-int
-set_user(FILE *fd, const char *user) {
-	struct passwd *pw;
-
-	pw = getpwnam(user);
-	if (pw == NULL) {
-		errno = EINVAL;
-		return (-1);
-	}
-	return (fchown(fileno(fd), pw->pw_uid, -1));
-}

bin/confgen/util.c

@@ -1,56 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#include <isc/boolean.h>
-
-#include "util.h"
-
-extern isc_boolean_t verbose;
-extern const char *progname;
-
-void
-notify(const char *fmt, ...) {
-	va_list ap;
-
-	if (verbose) {
-		va_start(ap, fmt);
-		vfprintf(stderr, fmt, ap);
-		va_end(ap);
-		fputs("\n", stderr);
-	}
-}
-
-void
-fatal(const char *format, ...) {
-	va_list args;
-
-	fprintf(stderr, "%s: ", progname);
-	va_start(args, format);
-	vfprintf(stderr, format, args);
-	va_end(args);
-	fprintf(stderr, "\n");
-	exit(1);
-}

bin/confgen/util.h

@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
-
-#ifndef RNDC_UTIL_H
-#define RNDC_UTIL_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-#include <isc/platform.h>
-
-#include <isc/formatcheck.h>
-
-#define NS_CONTROL_PORT		953
-
-#undef DO
-#define DO(name, function) \
-	do { \
-		result = function; \
-		if (result != ISC_R_SUCCESS) \
-			fatal("%s: %s", name, isc_result_totext(result)); \
-		else \
-			notify("%s", name); \
-	} while (0)
-
-ISC_LANG_BEGINDECLS
-
-void
-notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_UTIL_H */

bin/confgen/win32/confgentool.dsp

@@ -1,135 +0,0 @@
-# Microsoft Developer Studio Project File - Name="confgentool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=confgentool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak" CFG="confgentool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "confgentool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "confgentool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "confgentool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Release/confgentool.lib"
-
-!ELSEIF  "$(CFG)" == "confgentool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug /out:"Debug/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Debug/confgentool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "confgentool - Win32 Release"
-# Name "confgentool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\keygen.h
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\keygen.c
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\os.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/confgen/win32/confgentool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "confgentool"=".\confgentool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/ddnsconfgen.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="ddnsconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe"
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "ddnsconfgen - Win32 Release"
-# Name "ddnsconfgen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\ddns-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/confgen/win32/ddnsconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "ddnsconfgen"=".\ddnsconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/ddnsconfgen.mak

@@ -1,337 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on ddnsconfgen.dsp
-!IF "$(CFG)" == ""
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to ddnsconfgen - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "ddnsconfgen - Win32 Release" && "$(CFG)" != "ddnsconfgen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\ddns-confgen.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\ddns-confgen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\ddnsconfgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\ddns-confgen.pdb" /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\ddns-confgen.exe" "$(OUTDIR)\ddnsconfgen.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\os.sbr"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\ddns-confgen.sbr"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\keygen.sbr"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\util.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\ddnsconfgen.bsc"
-	-@erase "$(OUTDIR)\ddns-confgen.pdb"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.exe"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\os.sbr" \
-	"$(INTDIR)\ddns-confgen.sbr" \
-	"$(INTDIR)\keygen.sbr" \
-	"$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\ddnsconfgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\ddns-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("ddnsconfgen.dep")
-!INCLUDE "ddnsconfgen.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "ddnsconfgen.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release" || "$(CFG)" == "ddnsconfgen - Win32 Debug"
-SOURCE=.\os.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-SOURCE="..\ddns-confgen.c"
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\ddns-confgen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\ddns-confgen.obj"	"$(INTDIR)\ddns-confgen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\keygen.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\keygen.obj"	"$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\util.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/confgen/win32/os.c

@@ -1,34 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-#include <config.h>
-
-#include <confgen/os.h>
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <stdio.h>
-#include <io.h>
-#include <sys/stat.h>
-
-int
-set_user(FILE *fd, const char *user) {
-	return (0);
-}

bin/confgen/win32/rndcconfgen.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=rndcconfgen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe"
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "rndcconfgen - Win32 Release"
-# Name "rndcconfgen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\rndc-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/confgen/win32/rndcconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "rndconfgen"=".\rndconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/rndcconfgen.mak

@@ -1,336 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
-!IF "$(CFG)" == ""
-CFG=rndcconfgen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to rndcconfgen - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "rndcconfgen - Win32 Release" && "$(CFG)" != "rndcconfgen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "rndcconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "rndcconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\rndc-confgen.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\rndc-confgen.obj"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\rndc-confgen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" /machine:I386 /out:"../../../Build/Release/rndc-confgen.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\rndc-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\os.sbr"
-	-@erase "$(INTDIR)\rndc-confgen.obj"
-	-@erase "$(INTDIR)\rndc-confgen.sbr"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\keygen.sbr"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\util.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\confgen.bsc"
-	-@erase "$(OUTDIR)\rndc-confgen.pdb"
-	-@erase "..\..\..\Build\Debug\rndc-confgen.exe"
-	-@erase "..\..\..\Build\Debug\rndc-confgen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\os.sbr" \
-	"$(INTDIR)\rndc-confgen.sbr" \
-	"$(INTDIR)\keygen.sbr" \
-	"$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\rndc-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("confgen.dep")
-!INCLUDE "confgen.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "confgen.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "rndcconfgen - Win32 Release" || "$(CFG)" == "rndcconfgen - Win32 Debug"
-SOURCE=.\os.c
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-SOURCE="..\rndc-confgen.c"
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\rndc-confgen.obj"	"$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\keygen.c
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\keygen.obj"	"$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\util.c
-
-!IF  "$(CFG)" == "rndcconfgen - Win32 Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - Win32 Debug"
-
-
-"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/.cvsignore

@@ -2,3 +2,5 @@ Makefile
 dig
 host
 nslookup
+*.lo
+.libs

bin/dig/Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
-# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.10.2.4 2000/10/21 01:35:17 gson Exp $
+# $Id: Makefile.in,v 1.33.18.6 2005/09/09 14:11:04 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,26 +21,35 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_INCLUDES@
+@BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES}
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+		${ISC_INCLUDES} ${LWRES_INCLUDES}
 
 CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
+ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+BIND9LIBS =	../../lib/bind9/libbind9.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
+LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
+ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
+BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
+LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
+		${LWRESDEPLIBS}
 
-LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
+LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
+		${ISCCFGLIBS} @IDNLIBS@ @LIBS@
 
 SUBDIRS =
 
-TARGETS =	dig host nslookup
+TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
 
 OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
 
@@ -48,26 +57,45 @@ UOBJS =
 
 SRCS =		dig.c dighost.c host.c nslookup.c
 
+MANPAGES =	dig.1 host.1 nslookup.1
+
+HTMLPAGES =	dig.html host.html nslookup.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
+
 @BIND9_MAKE_RULES@
 
-dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-clean distclean::
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+clean distclean maintainer-clean::
 	rm -f ${TARGETS}
 
 installdirs:
-	if [ ! -d ${DESTDIR}${bindir} ]; then \
-		mkdir ${DESTDIR}${bindir}; \
-	fi
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
-install:: dig host nslookup installdirs
-	${LIBTOOL} ${INSTALL_PROGRAM} dig ${DESTDIR}${bindir}
-	${LIBTOOL} ${INSTALL_PROGRAM} host ${DESTDIR}${bindir}
-	${LIBTOOL} ${INSTALL_PROGRAM} nslookup ${DESTDIR}${bindir}
+install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		dig@EXEEXT@ ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		host@EXEEXT@ ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
+		nslookup@EXEEXT@ ${DESTDIR}${bindir}
+	for m in ${MANPAGES}; do \
+		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
+		done

bin/dig/dig.1

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,17 +13,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.56 2011/11/05 01:14:48 tbox Exp $
+.\" $Id: dig.1,v 1.23.18.15 2006/01/28 02:15:40 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: dig
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -33,7 +30,7 @@
 dig \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP 4
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
 .HP 4
 \fBdig\fR [\fB\-h\fR]
 .HP 4
@@ -50,7 +47,7 @@ Although
 \fBdig\fR
 is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
 \fB\-h\fR
-option is given. Unlike earlier versions, the BIND 9 implementation of
+option is given. Unlike earlier versions, the BIND9 implementation of
 \fBdig\fR
 allows multiple lookups to be issued from the command line.
 .PP
@@ -59,38 +56,25 @@ Unless it is told to query a specific name server,
 will try each of the servers listed in
 \fI/etc/resolv.conf\fR.
 .PP
-When no command line arguments or options are given,
-\fBdig\fR
-will perform an NS query for "." (the root).
+When no command line arguments or options are given, will perform an NS query for "." (the root).
 .PP
 It is possible to set per\-user defaults for
 \fBdig\fR
 via
 \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
-.PP
-The IN and CH class names overlap with the IN and CH top level domains names. Either use the
-\fB\-t\fR
-and
-\fB\-c\fR
-options to specify the type and class, use the
-\fB\-q\fR
-the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
 .SH "SIMPLE USAGE"
 .PP
 A typical invocation of
 \fBdig\fR
 looks like:
 .sp
-.RS 4
 .nf
  dig @server name type 
 .fi
-.RE
 .sp
 where:
-.PP
+.TP
 \fBserver\fR
-.RS 4
 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
 \fIserver\fR
 argument is a hostname,
@@ -102,15 +86,11 @@ argument is provided,
 consults
 \fI/etc/resolv.conf\fR
 and queries the name servers listed there. The reply from the name server that responds is displayed.
-.RE
-.PP
+.TP
 \fBname\fR
-.RS 4
 is the name of the resource record that is to be looked up.
-.RE
-.PP
+.TP
 \fBtype\fR
-.RS 4
 indicates what type of query is required \(em ANY, A, MX, SIG, etc.
 \fItype\fR
 can be any valid query type. If no
@@ -118,7 +98,6 @@ can be any valid query type. If no
 argument is supplied,
 \fBdig\fR
 will perform a lookup for an A record.
-.RE
 .SH "OPTIONS"
 .PP
 The
@@ -130,21 +109,17 @@ The default query class (IN for internet) is overridden by the
 \fB\-c\fR
 option.
 \fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
+is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
 .PP
 The
 \fB\-f\fR
 option makes
 \fBdig \fR
 operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
 \fBdig\fR
 using the command\-line interface.
 .PP
-The
-\fB\-m\fR
-option enables memory usage debugging.
-.PP
 If a non\-standard port number is to be queried, the
 \fB\-p\fR
 option is used.
@@ -166,7 +141,7 @@ to only use IPv6 query transport.
 The
 \fB\-t\fR
 option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
 \fItype\fR
@@ -177,11 +152,11 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone
 The
 \fB\-q\fR
 option sets the query name to
-\fIname\fR. This useful do distinguish the
+\fIname\fR. This useful do distingish the
 \fIname\fR
 from other arguments.
 .PP
-Reverse lookups \(em mapping addresses to names \(em are simplified by the
+Reverse lookups \- mapping addresses to names \- are simplified by the
 \fB\-x\fR
 option.
 \fIaddr\fR
@@ -231,26 +206,19 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k
 no
 to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
 \fB+keyword=value\fR. The query options are:
-.PP
+.TP
 \fB+[no]tcp\fR
-.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.RE
-.PP
+Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.TP
 \fB+[no]vc\fR
-.RS 4
 Use [do not use] TCP when querying name servers. This alternate syntax to
 \fI+[no]tcp\fR
 is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.RE
-.PP
+.TP
 \fB+[no]ignore\fR
-.RS 4
 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.RE
-.PP
+.TP
 \fB+domain=somename\fR
-.RS 4
 Set the search list to contain the single domain
 \fIsomename\fR, as if specified in a
 \fBdomain\fR
@@ -258,59 +226,39 @@ directive in
 \fI/etc/resolv.conf\fR, and enable search list processing as if the
 \fI+search\fR
 option were given.
-.RE
-.PP
+.TP
 \fB+[no]search\fR
-.RS 4
 Use [do not use] the search list defined by the searchlist or domain directive in
 \fIresolv.conf\fR
 (if any). The search list is not used by default.
-.RE
-.PP
+.TP
 \fB+[no]showsearch\fR
-.RS 4
 Perform [do not perform] a search showing intermediate results.
-.RE
-.PP
+.TP
 \fB+[no]defname\fR
-.RS 4
 Deprecated, treated as a synonym for
 \fI+[no]search\fR
-.RE
-.PP
+.TP
 \fB+[no]aaonly\fR
-.RS 4
 Sets the "aa" flag in the query.
-.RE
-.PP
+.TP
 \fB+[no]aaflag\fR
-.RS 4
 A synonym for
 \fI+[no]aaonly\fR.
-.RE
-.PP
+.TP
 \fB+[no]adflag\fR
-.RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
-.RE
-.PP
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
+.TP
 \fB+[no]cdflag\fR
-.RS 4
 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.RE
-.PP
+.TP
 \fB+[no]cl\fR
-.RS 4
 Display [do not display] the CLASS when printing the record.
-.RE
-.PP
+.TP
 \fB+[no]ttlid\fR
-.RS 4
 Display [do not display] the TTL when printing the record.
-.RE
-.PP
+.TP
 \fB+[no]recurse\fR
-.RS 4
 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
 \fBdig\fR
 normally sends recursive queries. Recursion is automatically disabled when the
@@ -318,130 +266,75 @@ normally sends recursive queries. Recursion is automatically disabled when the
 or
 \fI+trace\fR
 query options are used.
-.RE
-.PP
+.TP
 \fB+[no]nssearch\fR
-.RS 4
 When this option is set,
 \fBdig\fR
 attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.RE
-.PP
+.TP
 \fB+[no]trace\fR
-.RS 4
 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
 \fBdig\fR
 makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.sp
-\fB+dnssec\fR
-is also set when +trace is set to better emulate the default queries from a nameserver.
-.RE
-.PP
+.TP
 \fB+[no]cmd\fR
-.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
+toggles the printing of the initial comment in the output identifying the version of
 \fBdig\fR
 and the query options that have been applied. This comment is printed by default.
-.RE
-.PP
+.TP
 \fB+[no]short\fR
-.RS 4
 Provide a terse answer. The default is to print the answer in a verbose form.
-.RE
-.PP
+.TP
 \fB+[no]identify\fR
-.RS 4
 Show [or do not show] the IP address and port number that supplied the answer when the
 \fI+short\fR
 option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.RE
-.PP
+.TP
 \fB+[no]comments\fR
-.RS 4
 Toggle the display of comment lines in the output. The default is to print comments.
-.RE
-.PP
-\fB+[no]rrcomments\fR
-.RS 4
-Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
-.RE
-.PP
-\fB+split=W\fR
-.RS 4
-Split long hex\- or base64\-formatted fields in resource records into chunks of
-\fIW\fR
-characters (where
-\fIW\fR
-is rounded up to the nearest multiple of 4).
-\fI+nosplit\fR
-or
-\fI+split=0\fR
-causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
-.RE
-.PP
+.TP
 \fB+[no]stats\fR
-.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
-.RE
-.PP
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
+.TP
 \fB+[no]qr\fR
-.RS 4
 Print [do not print] the query as it is sent. By default, the query is not printed.
-.RE
-.PP
+.TP
 \fB+[no]question\fR
-.RS 4
 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.RE
-.PP
+.TP
 \fB+[no]answer\fR
-.RS 4
 Display [do not display] the answer section of a reply. The default is to display it.
-.RE
-.PP
+.TP
 \fB+[no]authority\fR
-.RS 4
 Display [do not display] the authority section of a reply. The default is to display it.
-.RE
-.PP
+.TP
 \fB+[no]additional\fR
-.RS 4
 Display [do not display] the additional section of a reply. The default is to display it.
-.RE
-.PP
+.TP
 \fB+[no]all\fR
-.RS 4
 Set or clear all display flags.
-.RE
-.PP
+.TP
 \fB+time=T\fR
-.RS 4
 Sets the timeout for a query to
 \fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
+seconds. The default time out is 5 seconds. An attempt to set
 \fIT\fR
 to less than 1 will result in a query timeout of 1 second being applied.
-.RE
-.PP
+.TP
 \fB+tries=T\fR
-.RS 4
 Sets the number of times to try UDP queries to server to
 \fIT\fR
 instead of the default, 3. If
 \fIT\fR
 is less than or equal to zero, the number of tries is silently rounded up to 1.
-.RE
-.PP
+.TP
 \fB+retry=T\fR
-.RS 4
 Sets the number of times to retry UDP queries to server to
 \fIT\fR
 instead of the default, 2. Unlike
 \fI+tries\fR, this does not include the initial query.
-.RE
-.PP
+.TP
 \fB+ndots=D\fR
-.RS 4
 Set the number of dots that have to appear in
 \fIname\fR
 to
@@ -453,60 +346,39 @@ or
 \fBdomain\fR
 directive in
 \fI/etc/resolv.conf\fR.
-.RE
-.PP
+.TP
 \fB+bufsize=B\fR
-.RS 4
 Set the UDP message buffer size advertised using EDNS0 to
 \fIB\fR
 bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
-.RE
-.PP
+.TP
 \fB+edns=#\fR
-.RS 4
 Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
 \fB+noedns\fR
-clears the remembered EDNS version. EDNS is set to 0 by default.
-.RE
-.PP
+clears the remembered EDNS version.
+.TP
 \fB+[no]multiline\fR
-.RS 4
 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
 \fBdig\fR
 output.
-.RE
-.PP
-\fB+[no]onesoa\fR
-.RS 4
-Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
-.RE
-.PP
+.TP
 \fB+[no]fail\fR
-.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
-.RE
-.PP
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
+.TP
 \fB+[no]besteffort\fR
-.RS 4
 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.RE
-.PP
+.TP
 \fB+[no]dnssec\fR
-.RS 4
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.RE
-.PP
+.TP
 \fB+[no]sigchase\fR
-.RS 4
 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP
 \fB+trusted\-key=####\fR
-.RS 4
 Specifies a file containing trusted keys to be used with
 \fB+sigchase\fR. Each DNSKEY record must be on its own line.
 .sp
-If not specified,
+If not specified
 \fBdig\fR
 will look for
 \fI/etc/trusted\-key.key\fR
@@ -515,17 +387,9 @@ then
 in the current directory.
 .sp
 Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP
 \fB+[no]topdown\fR
-.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
-\fB+[no]nsid\fR
-.RS 4
-Include an EDNS name server ID request when sending a query.
-.RE
+When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
 .SH "MULTIPLE QUERIES"
 .PP
 The BIND 9 implementation of
@@ -542,11 +406,9 @@ A global set of query options, which should be applied to all queries, can also
 \fB+[no]cmd\fR
 option) can be overridden by a query\-specific set of query options. For example:
 .sp
-.RS 4
 .nf
 dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
 .fi
-.RE
 .sp
 shows how
 \fBdig\fR
@@ -587,8 +449,3 @@ RFC1035.
 .SH "BUGS"
 .PP
 There are probably too many query options.
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br

bin/dig/dig.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ -->
+<!-- $Id: dig.docbook,v 1.17.18.13 2006/01/27 23:57:44 marka Exp $ -->
 <refentry id="man.dig">
 
   <refentryinfo>
@@ -41,11 +41,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -65,7 +60,6 @@
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-m</option></arg>
       <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
       <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@@ -109,7 +103,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <option>-h</option> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <command>dig</command> allows multiple lookups to be issued
       from the
       command line.
@@ -123,8 +117,8 @@
     </para>
 
     <para>
-      When no command line arguments or options are given,
-      <command>dig</command> will perform an NS query for "." (the root).
+      When no command line arguments or options are given, will perform an
+      NS query for "." (the root).
     </para>
 
     <para>
@@ -134,14 +128,6 @@
       are applied before the command line arguments.
     </para>
 
-    <para>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <option>-t</option> and
-      <option>-c</option> options to specify the type and class, 
-      use the <option>-q</option> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </para>
-
   </refsect1>
 
   <refsect1>
@@ -221,7 +207,7 @@
       The default query class (IN for internet) is overridden by the
       <option>-c</option> option.  <parameter>class</parameter> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </para>
 
     <para>
@@ -230,17 +216,11 @@
       in batch mode by reading a list of lookup requests to process from the
       file <parameter>filename</parameter>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <command>dig</command> using the command-line interface.
     </para>
 
-    <para>
-      The <option>-m</option> option enables memory usage debugging.
-      <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
-           documented in include/isc/mem.h -->
-    </para>
-
     <para>
       If a non-standard port number is to be queried, the
       <option>-p</option> option is used.  <parameter>port#</parameter> is
@@ -262,7 +242,7 @@
       The <option>-t</option> option sets the query type to
       <parameter>type</parameter>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <option>-x</option> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -274,12 +254,12 @@
 
     <para>
       The <option>-q</option> option sets the query name to 
-      <parameter>name</parameter>.  This useful do distinguish the
+      <parameter>name</parameter>.  This useful do distingish the
       <parameter>name</parameter> from other arguments.
     </para>
 
     <para>
-      Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <option>-x</option> option.  <parameter>addr</parameter> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -354,7 +334,7 @@
           <listitem>
             <para>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </para>
@@ -452,20 +432,17 @@
 
         <varlistentry>
           <term><option>+[no]adflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.  This
-	      bit is set by default.
-	    </para>
-	  </listitem>
-	</varlistentry>
+          <listitem>
+            <para>
+              Set [do not set] the AD (authentic data) bit in the query.  The
+              AD bit
+              currently has a standard meaning only in responses, not in
+              queries,
+              but the ability to set the bit in the query is provided for
+              completeness.
+            </para>
+          </listitem>
+        </varlistentry>
 
         <varlistentry>
           <term><option>+[no]cdflag</option></term>
@@ -499,17 +476,19 @@
 
         <varlistentry>
           <term><option>+[no]recurse</option></term>
-	  <listitem>
-	    <para>
-	      Toggle the setting of the RD (recursion desired) bit
-	      in the query.  This bit is set by default, which means
-	      <command>dig</command> normally sends recursive
-	      queries.  Recursion is automatically disabled when
-	      the <parameter>+nssearch</parameter> or
-	      <parameter>+trace</parameter> query options are used.
-	    </para>
-	  </listitem>
-	</varlistentry>
+          <listitem>
+            <para>
+              Toggle the setting of the RD (recursion desired) bit in the
+              query.
+              This bit is set by default, which means <command>dig</command>
+              normally sends recursive queries.  Recursion is automatically
+              disabled
+              when the <parameter>+nssearch</parameter> or
+              <parameter>+trace</parameter> query options are
+              used.
+            </para>
+          </listitem>
+        </varlistentry>
 
         <varlistentry>
           <term><option>+[no]nssearch</option></term>
@@ -529,27 +508,26 @@
         <varlistentry>
           <term><option>+[no]trace</option></term>
           <listitem>
-	    <para>
-	      Toggle tracing of the delegation path from the root
-	      name servers for the name being looked up.  Tracing
-	      is disabled by default.  When tracing is enabled,
-	      <command>dig</command> makes iterative queries to
-	      resolve the name being looked up.  It will follow
-	      referrals from the root servers, showing the answer
-	      from each server that was used to resolve the lookup.
-	    </para>
-	    <para>
-	      <command>+dnssec</command> is also set when +trace is
-	      set to better emulate the default queries from a nameserver.
-	    </para>
-	  </listitem>
-	</varlistentry>
+            <para>
+              Toggle tracing of the delegation path from the root name servers
+              for
+              the name being looked up.  Tracing is disabled by default.  When
+              tracing is enabled, <command>dig</command> makes
+              iterative queries to
+              resolve the name being looked up.  It will follow referrals from
+              the
+              root servers, showing the answer from each server that was used
+              to
+              resolve the lookup.
+            </para>
+          </listitem>
+        </varlistentry>
 
         <varlistentry>
           <term><option>+[no]cmd</option></term>
           <listitem>
             <para>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <command>dig</command> and the query
               options that have
@@ -588,35 +566,8 @@
           <listitem>
             <para>
               Toggle the display of comment lines in the output.  The default
-              is to print comments.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]rrcomments</option></term>
-          <listitem>
-            <para>
-              Toggle the display of per-record comments in the output (for
-              example, human-readable key information about DNSKEY records).
-              The default is not to print record comments unless multiline
-              mode is active.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+split=W</option></term>
-          <listitem>
-            <para>
-              Split long hex- or base64-formatted fields in resource
-              records into chunks of <parameter>W</parameter> characters
-              (where <parameter>W</parameter> is rounded up to the nearest
-              multiple of 4).
-              <parameter>+nosplit</parameter> or
-              <parameter>+split=0</parameter> causes fields not to be
-              split at all.  The default is 56 characters, or 44 characters
-              when multiline mode is active.
+              is to
+              print comments.
             </para>
           </listitem>
         </varlistentry>
@@ -628,7 +579,7 @@
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </para>
           </listitem>
@@ -702,8 +653,8 @@
             <para>
 
               Sets the timeout for a query to
-              <parameter>T</parameter> seconds.  The default
-	      timeout is 5 seconds.
+              <parameter>T</parameter> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <parameter>T</parameter> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -776,10 +727,9 @@
 	  <listitem>
 	    <para>
 	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause
-	       a EDNS query to be sent.  <option>+noedns</option>
-	       clears the remembered EDNS version.  EDNS is set to
-	       0 by default.
+	       are 0 to 255.  Setting the EDNS version will cause a
+	       EDNS query to be sent.  <option>+noedns</option> clears the
+	       remembered EDNS version.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -796,17 +746,6 @@
           </listitem>
         </varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]onesoa</option></term>
-	  <listitem>
-	    <para>
-	      Print only one (starting) SOA record when performing
-	      an AXFR. The default is to print both the starting and
-	      ending SOA records.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
         <varlistentry>
           <term><option>+[no]fail</option></term>
           <listitem>
@@ -815,7 +754,7 @@
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </para>
           </listitem>
         </varlistentry>
@@ -860,7 +799,7 @@
 	      on its own line.
             </para>
 	    <para>
-	      If not specified, <command>dig</command> will look for
+	      If not specified <command>dig</command> will look for
 	      <filename>/etc/trusted-key.key</filename> then
 	      <filename>trusted-key.key</filename> in the current directory.
 	    </para>
@@ -874,21 +813,13 @@
           <term><option>+[no]topdown</option></term>
           <listitem>
             <para>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </para>
           </listitem>
         </varlistentry>
 
-        <varlistentry>
-          <term><option>+[no]nsid</option></term>
-          <listitem>
-            <para>
-              Include an EDNS name server ID request when sending a query.
-            </para>
-          </listitem>
-        </varlistentry>
 
 
       </variablelist>

bin/dig/dig.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.51 2011/11/05 01:14:48 tbox Exp $ -->
+<!-- $Id: dig.html,v 1.13.18.20 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dig"></a><div class="titlepage"></div>
@@ -29,12 +29,12 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [<code class="option">-h</code>]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543525"></a><h2>DESCRIPTION</h2>
+<a name="id2525317"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -50,7 +50,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <code class="option">-h</code> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
       from the
       command line.
@@ -62,8 +62,8 @@
       <code class="filename">/etc/resolv.conf</code>.
     </p>
 <p>
-      When no command line arguments or options are given,
-      <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
+      When no command line arguments or options are given, will perform an
+      NS query for "." (the root).
     </p>
 <p>
       It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
@@ -71,16 +71,9 @@
       any options in it
       are applied before the command line arguments.
     </p>
-<p>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <code class="option">-t</code> and
-      <code class="option">-c</code> options to specify the type and class, 
-      use the <code class="option">-q</code> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543598"></a><h2>SIMPLE USAGE</h2>
+<a name="id2525372"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -126,7 +119,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543689"></a><h2>OPTIONS</h2>
+<a name="id2525531"></a><h2>OPTIONS</h2>
 <p>
       The <code class="option">-b</code> option sets the source IP address of the query
       to <em class="parameter"><code>address</code></em>.  This must be a valid
@@ -139,7 +132,7 @@
       The default query class (IN for internet) is overridden by the
       <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </p>
 <p>
       The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
@@ -147,14 +140,10 @@
       in batch mode by reading a list of lookup requests to process from the
       file <em class="parameter"><code>filename</code></em>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <span><strong class="command">dig</strong></span> using the command-line interface.
     </p>
-<p>
-      The <code class="option">-m</code> option enables memory usage debugging.
-      
-    </p>
 <p>
       If a non-standard port number is to be queried, the
       <code class="option">-p</code> option is used.  <em class="parameter"><code>port#</code></em> is
@@ -174,7 +163,7 @@
       The <code class="option">-t</code> option sets the query type to
       <em class="parameter"><code>type</code></em>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <code class="option">-x</code> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -185,11 +174,11 @@
     </p>
 <p>
       The <code class="option">-q</code> option sets the query name to 
-      <em class="parameter"><code>name</code></em>.  This useful do distinguish the
+      <em class="parameter"><code>name</code></em>.  This useful do distingish the
       <em class="parameter"><code>name</code></em> from other arguments.
     </p>
 <p>
-      Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -230,7 +219,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544038"></a><h2>QUERY OPTIONS</h2>
+<a name="id2525734"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -253,7 +242,7 @@
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd><p>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </p></dd>
@@ -308,16 +297,13 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
 <dd><p>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.  This
-	      bit is set by default.
-	    </p></dd>
+              Set [do not set] the AD (authentic data) bit in the query.  The
+              AD bit
+              currently has a standard meaning only in responses, not in
+              queries,
+              but the ability to set the bit in the query is provided for
+              completeness.
+            </p></dd>
 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
 <dd><p>
               Set [do not set] the CD (checking disabled) bit in the query.
@@ -335,13 +321,15 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
 <dd><p>
-	      Toggle the setting of the RD (recursion desired) bit
-	      in the query.  This bit is set by default, which means
-	      <span><strong class="command">dig</strong></span> normally sends recursive
-	      queries.  Recursion is automatically disabled when
-	      the <em class="parameter"><code>+nssearch</code></em> or
-	      <em class="parameter"><code>+trace</code></em> query options are used.
-	    </p></dd>
+              Toggle the setting of the RD (recursion desired) bit in the
+              query.
+              This bit is set by default, which means <span><strong class="command">dig</strong></span>
+              normally sends recursive queries.  Recursion is automatically
+              disabled
+              when the <em class="parameter"><code>+nssearch</code></em> or
+              <em class="parameter"><code>+trace</code></em> query options are
+              used.
+            </p></dd>
 <dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
 <dd><p>
               When this option is set, <span><strong class="command">dig</strong></span>
@@ -353,24 +341,21 @@
               zone.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
-<dd>
-<p>
-	      Toggle tracing of the delegation path from the root
-	      name servers for the name being looked up.  Tracing
-	      is disabled by default.  When tracing is enabled,
-	      <span><strong class="command">dig</strong></span> makes iterative queries to
-	      resolve the name being looked up.  It will follow
-	      referrals from the root servers, showing the answer
-	      from each server that was used to resolve the lookup.
-	    </p>
-<p>
-	      <span><strong class="command">+dnssec</strong></span> is also set when +trace is
-	      set to better emulate the default queries from a nameserver.
-	    </p>
-</dd>
+<dd><p>
+              Toggle tracing of the delegation path from the root name servers
+              for
+              the name being looked up.  Tracing is disabled by default.  When
+              tracing is enabled, <span><strong class="command">dig</strong></span> makes
+              iterative queries to
+              resolve the name being looked up.  It will follow referrals from
+              the
+              root servers, showing the answer from each server that was used
+              to
+              resolve the lookup.
+            </p></dd>
 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
 <dd><p>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <span><strong class="command">dig</strong></span> and the query
               options that have
@@ -394,32 +379,15 @@
 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
 <dd><p>
               Toggle the display of comment lines in the output.  The default
-              is to print comments.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
-<dd><p>
-              Toggle the display of per-record comments in the output (for
-              example, human-readable key information about DNSKEY records).
-              The default is not to print record comments unless multiline
-              mode is active.
-            </p></dd>
-<dt><span class="term"><code class="option">+split=W</code></span></dt>
-<dd><p>
-              Split long hex- or base64-formatted fields in resource
-              records into chunks of <em class="parameter"><code>W</code></em> characters
-              (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
-              multiple of 4).
-              <em class="parameter"><code>+nosplit</code></em> or
-              <em class="parameter"><code>+split=0</code></em> causes fields not to be
-              split at all.  The default is 56 characters, or 44 characters
-              when multiline mode is active.
+              is to
+              print comments.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]stats</code></span></dt>
 <dd><p>
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -458,8 +426,8 @@
 <dd><p>
 
               Sets the timeout for a query to
-              <em class="parameter"><code>T</code></em> seconds.  The default
-	      timeout is 5 seconds.
+              <em class="parameter"><code>T</code></em> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <em class="parameter"><code>T</code></em> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -507,10 +475,9 @@
 <dt><span class="term"><code class="option">+edns=#</code></span></dt>
 <dd><p>
 	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause
-	       a EDNS query to be sent.  <code class="option">+noedns</code>
-	       clears the remembered EDNS version.  EDNS is set to
-	       0 by default.
+	       are 0 to 255.  Setting the EDNS version will cause a
+	       EDNS query to be sent.  <code class="option">+noedns</code> clears the
+	       remembered EDNS version.
 	    </p></dd>
 <dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
 <dd><p>
@@ -519,19 +486,13 @@
               each record on a single line, to facilitate machine parsing
               of the <span><strong class="command">dig</strong></span> output.
             </p></dd>
-<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
-<dd><p>
-	      Print only one (starting) SOA record when performing
-	      an AXFR. The default is to print both the starting and
-	      ending SOA records.
-	    </p></dd>
 <dt><span class="term"><code class="option">+[no]fail</code></span></dt>
 <dd><p>
               Do not try the next server if you receive a SERVFAIL.  The
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
 <dd><p>
@@ -557,7 +518,7 @@
 	      on its own line.
             </p>
 <p>
-	      If not specified, <span><strong class="command">dig</strong></span> will look for
+	      If not specified <span><strong class="command">dig</strong></span> will look for
 	      <code class="filename">/etc/trusted-key.key</code> then
 	      <code class="filename">trusted-key.key</code> in the current directory.
 	    </p>
@@ -567,21 +528,17 @@
 </dd>
 <dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
 <dd><p>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
-<dd><p>
-              Include an EDNS name server ID request when sending a query.
-            </p></dd>
 </dl></div>
 <p>
 
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545301"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2526992"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -627,7 +584,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545363"></a><h2>IDN SUPPORT</h2>
+<a name="id2527053"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -641,14 +598,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545385"></a><h2>FILES</h2>
+<a name="id2527076"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545402"></a><h2>SEE ALSO</h2>
+<a name="id2527093"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -656,7 +613,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545440"></a><h2>BUGS</h2>
+<a name="id2527130"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>

bin/dig/host.1

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,17 +13,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.31 2009/07/11 01:12:45 tbox Exp $
+.\" $Id: host.1,v 1.14.18.10 2005/10/13 02:52:59 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: host
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -130,9 +127,9 @@ makes. This should mean that the name server receiving the query will not attemp
 \fB\-r\fR
 option enables
 \fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
 .PP
-By default,
+By default
 \fBhost\fR
 uses UDP when making queries. The
 \fB\-T\fR
@@ -152,9 +149,9 @@ The
 \fB\-t\fR
 option is used to select the query type.
 \fItype\fR
-can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
 \fBhost\fR
-automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the
+automatically selects an appropriate query type. By default it looks for A records, but if the
 \fB\-C\fR
 option was given, queries will be made for SOA records, and if
 \fIname\fR
@@ -183,9 +180,8 @@ will effectively wait forever for a reply. The time to wait for a response will
 The
 \fB\-s\fR
 option tells
-\fBhost\fR
-\fInot\fR
-to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
+\fBhost\fR\fInot\fR
+to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behaviour.
 .PP
 The
 \fB\-m\fR
@@ -212,8 +208,3 @@ runs.
 .PP
 \fBdig\fR(1),
 \fBnamed\fR(8).
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/dig/host.c

@@ -1,34 +1,35 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.29.2.8 2000/10/20 21:54:11 gson Exp $ */
+/* $Id: host.c,v 1.94.18.14 2006/05/23 04:40:42 marka Exp $ */
+
+/*! \file */
 
 #include <config.h>
-#include <stdlib.h>
 #include <limits.h>
 
-extern int h_errno;
-
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
+#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 #include <isc/task.h>
+#include <isc/stdlib.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -38,24 +39,16 @@ extern int h_errno;
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
 #include <dns/rdatatype.h>
+#include <dns/rdatastruct.h>
 
 #include <dig/dig.h>
 
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern ISC_LIST(dig_server_t) server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
-extern isc_boolean_t debugging;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern int ndots;
-extern int tries;
-extern isc_boolean_t usesearch;
-extern int lookup_counter;
-extern char *progname;
-extern isc_task_t *global_task;
-
-isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
+static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
+static isc_boolean_t default_lookups = ISC_TRUE;
+static int seen_error = -1;
+static isc_boolean_t list_addresses = ISC_TRUE;
+static dns_rdatatype_t list_type = dns_rdatatype_a;
+static isc_boolean_t printed_server = ISC_FALSE;
 
 static const char *opcodetext[] = {
 	"QUERY",
@@ -81,7 +74,7 @@ static const char *rcodetext[] = {
 	"FORMERR",
 	"SERVFAIL",
 	"NXDOMAIN",
-	"NOTIMPL",
+	"NOTIMP",
 	"REFUSED",
 	"YXDOMAIN",
 	"YXRRSET",
@@ -96,131 +89,52 @@ static const char *rcodetext[] = {
 	"BADVERS"
 };
 
-static const char *rtypetext[] = {
-	"zero",				/* 0 */
-	"has address",			/* 1 */
-	"name server",			/* 2 */
-	"MD",				/* 3 */
-	"MF",				/* 4 */
-	"is an alias for",		/* 5 */
-	"SOA",				/* 6 */
-	"MB",				/* 7 */
-	"MG",				/* 8 */
-	"MR",				/* 9 */
-	"NULL",				/* 10 */
-	"has well known services",	/* 11 */
-	"domain name pointer",		/* 12 */
-	"host information",		/* 13 */
-	"MINFO",			/* 14 */
-	"mail is handled by",	       	/* 15 */
-	"text",				/* 16 */
-	"RP",				/* 17 */
-	"AFSDB",			/* 18 */
-	"x25 address",			/* 19 */
-	"isdn address",			/* 20 */
-	"RT",				/* 21 */
-	"NSAP",				/* 22 */
-	"NSAP_PTR",			/* 23 */
-	"has signature",		/* 24 */
-	"has key",			/* 25 */
-	"PX",				/* 26 */
-	"GPOS",				/* 27 */
-	"has AAAA address",		/* 28 */
-	"LOC",				/* 29 */
-	"has next record",		/* 30 */
-	"EID",				/* 31 */
-	"NIMLOC",			/* 32 */
-	"SRV",				/* 33 */
-	"ATMA",				/* 34 */
-	"NAPTR",			/* 35 */
-	"KX",				/* 36 */
-	"CERT",				/* 37 */
-	"has v6 address",		/* 38 */
-	"DNAME",			/* 39 */
-	"has optional information",	/* 41 */
-	"has 42 record",       		/* 42 */
-	"has 43 record",       		/* 43 */
-	"has 44 record",       		/* 44 */
-	"has 45 record",       		/* 45 */
-	"has 46 record",       		/* 46 */
-	"has 47 record",       		/* 47 */
-	"has 48 record",       		/* 48 */
-	"has 49 record",       		/* 49 */
-	"has 50 record",       		/* 50 */
-	"has 51 record",       		/* 51 */
-	"has 52 record",       		/* 52 */
-	"has 53 record",       		/* 53 */
-	"has 54 record",       		/* 54 */
-	"has 55 record",       		/* 55 */
-	"has 56 record",       		/* 56 */
-	"has 57 record",       		/* 57 */
-	"has 58 record",       		/* 58 */
-	"has 59 record",       		/* 59 */
-	"has 60 record",       		/* 60 */
-	"has 61 record",       		/* 61 */
-	"has 62 record",       		/* 62 */
-	"has 63 record",       		/* 63 */
-	"has 64 record",       		/* 64 */
-	"has 65 record",       		/* 65 */
-	"has 66 record",       		/* 66 */
-	"has 67 record",       		/* 67 */
-	"has 68 record",       		/* 68 */
-	"has 69 record",       		/* 69 */
-	"has 70 record",       		/* 70 */
-	"has 71 record",       		/* 71 */
-	"has 72 record",       		/* 72 */
-	"has 73 record",       		/* 73 */
-	"has 74 record",       		/* 74 */
-	"has 75 record",       		/* 75 */
-	"has 76 record",       		/* 76 */
-	"has 77 record",       		/* 77 */
-	"has 78 record",       		/* 78 */
-	"has 79 record",       		/* 79 */
-	"has 80 record",       		/* 80 */
-	"has 81 record",       		/* 81 */
-	"has 82 record",       		/* 82 */
-	"has 83 record",       		/* 83 */
-	"has 84 record",       		/* 84 */
-	"has 85 record",       		/* 85 */
-	"has 86 record",       		/* 86 */
-	"has 87 record",       		/* 87 */
-	"has 88 record",       		/* 88 */
-	"has 89 record",       		/* 89 */
-	"has 90 record",       		/* 90 */
-	"has 91 record",       		/* 91 */
-	"has 92 record",       		/* 92 */
-	"has 93 record",       		/* 93 */
-	"has 94 record",       		/* 94 */
-	"has 95 record",       		/* 95 */
-	"has 96 record",       		/* 96 */
-	"has 97 record",       		/* 97 */
-	"has 98 record",       		/* 98 */
-	"has 99 record",       		/* 99 */
-	"UINFO",			/* 100 */
-	"UID",				/* 101 */
-	"GID",				/* 102 */
-	"UNSPEC"};			/* 103 */
+struct rtype {
+	unsigned int type;
+	const char *text;
+};
 
+struct rtype rtypes[] = {
+	{ 1, 	"has address" },
+	{ 2, 	"name server" },
+	{ 5, 	"is an alias for" },
+	{ 11,	"has well known services" },
+	{ 12,	"domain name pointer" },
+	{ 13,	"host information" },
+	{ 15,	"mail is handled by" },
+	{ 16,	"descriptive text" },
+	{ 19,	"x25 address" },
+	{ 20,	"ISDN address" },
+	{ 24,	"has signature" },
+	{ 25,	"has key" },
+	{ 28,	"has IPv6 address" },
+	{ 29,	"location" },
+	{ 0, NULL }
+};
 
 static void
 show_usage(void) {
 	fputs(
-"Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time]\n"
-"            [-R number] hostname [server]\n"
-"       -a is equivalent to -v -t *\n"
+"Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n"
+"            [-R number] [-m flag] hostname [server]\n"
+"       -a is equivalent to -v -t ANY\n"
 "       -c specifies query class for non-IN data\n"
-"       -C compares SOA records on authorative nameservers\n"
+"       -C compares SOA records on authoritative nameservers\n"
 "       -d is equivalent to -v\n"
 "       -l lists all hosts in a domain, using AXFR\n"
-"       -n Use the nibble form of IPv6 reverse lookup\n"
+"       -i IP6.INT reverse lookups\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
 "       -r disables recursive processing\n"
 "       -R specifies number of retries for UDP packets\n"
+"       -s a SERVFAIL response should stop query\n"
 "       -t specifies the query type\n"
 "       -T enables TCP/IP mode\n"
 "       -v enables verbose output\n"
 "       -w specifies to wait forever for a reply\n"
-"       -W specifies how long to wait for a reply\n", stderr);
+"       -W specifies how long to wait for a reply\n"
+"       -4 use IPv4 query transport only\n"
+"       -6 use IPv6 query transport only\n"
+"       -m set memory debugging flag (trace|record|usage)\n", stderr);
 	exit(1);
 }
 
@@ -230,57 +144,74 @@ dighost_shutdown(void) {
 }
 
 void
-received(int bytes, int frmsize, char *frm, dig_query_t *query) {
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 	isc_time_t now;
-	isc_result_t result;
 	int diff;
 
 	if (!short_form) {
-		result = isc_time_now(&now);
-		check_result(result, "isc_time_now");
-		diff = isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %.*s in %d ms\n",
-		       bytes, frmsize, frm, diff/1000);
+		char fromtext[ISC_SOCKADDR_FORMATSIZE];
+		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
+		TIME_NOW(&now);
+		diff = (int) isc_time_microdiff(&now, &query->time_sent);
+		printf("Received %u bytes from %s in %d ms\n",
+		       bytes, fromtext, diff/1000);
 	}
 }
 
 void
-trying(int frmsize, char *frm, dig_lookup_t *lookup) {
+trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
 	if (!short_form)
-		printf ("Trying \"%.*s\"\n", frmsize, frm);
+		printf("Trying \"%s\"\n", frm);
 }
 
 static void
 say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	    dig_query_t *query)
 {
-	isc_buffer_t *b = NULL, *b2 = NULL;
-	isc_region_t r, r2;
+	isc_buffer_t *b = NULL;
+	char namestr[DNS_NAME_FORMATSIZE];
+	isc_region_t r;
 	isc_result_t result;
+	unsigned int bufsize = BUFSIZ;
 
-	result = isc_buffer_allocate(mctx, &b, BUFSIZE);
+	dns_name_format(name, namestr, sizeof(namestr));
+ retry:
+	result = isc_buffer_allocate(mctx, &b, bufsize);
 	check_result(result, "isc_buffer_allocate");
-	result = isc_buffer_allocate(mctx, &b2, BUFSIZE);
-	check_result(result, "isc_buffer_allocate");
-	result = dns_name_totext(name, ISC_FALSE, b);
-	check_result(result, "dns_name_totext");
-	isc_buffer_usedregion(b, &r);
-	result = dns_rdata_totext(rdata, NULL, b2);
-	check_result(result, "dns_rdata_totext");
-	isc_buffer_usedregion(b2, &r2);
-	printf ( "%.*s %s %.*s", (int)r.length, (char *)r.base,
-		 msg, (int)r2.length, (char *)r2.base);
-	if (query->lookup->identify) {
-		printf (" on server %s", query->servname);
+	result = dns_rdata_totext(rdata, NULL, b);
+	if (result == ISC_R_NOSPACE) {
+		isc_buffer_free(&b);
+		bufsize *= 2;
+		goto retry;
 	}
-	printf ("\n");
+	check_result(result, "dns_rdata_totext");
+	isc_buffer_usedregion(b, &r);
+	if (query->lookup->identify_previous_line) {
+		printf("Nameserver %s:\n\t",
+			query->servname);
+	}
+	printf("%s %s %.*s", namestr,
+	       msg, (int)r.length, (char *)r.base);
+	if (query->lookup->identify) {
+		printf(" on server %s", query->servname);
+	}
+	printf("\n");
 	isc_buffer_free(&b);
-	isc_buffer_free(&b2);
 }
-
-
+#ifdef DIG_SIGCHASE
+/* Just for compatibility : not use in host program */
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+	      isc_buffer_t *target)
+{
+  UNUSED(owner_name);
+  UNUSED(rdataset);
+  UNUSED(target);
+  return(ISC_FALSE);
+}
+#endif
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
 	     const char *section_name, isc_boolean_t headers,
@@ -288,7 +219,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 {
 	dns_name_t *name, *print_name;
 	dns_rdataset_t *rdataset;
-	dns_rdata_t rdata;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
 	isc_buffer_t target;
 	isc_result_t result, loopresult;
 	isc_region_t r;
@@ -296,7 +227,6 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	char t[4096];
 	isc_boolean_t first;
 	isc_boolean_t no_rdata;
-	const char *rtt;
 
 	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = ISC_TRUE;
@@ -325,6 +255,16 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		for (rdataset = ISC_LIST_HEAD(name->list);
 		     rdataset != NULL;
 		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
+			if (query->lookup->rdtype == dns_rdatatype_axfr &&
+			    !((!list_addresses &&
+			       (list_type == dns_rdatatype_any ||
+			        rdataset->type == list_type)) ||
+			      (list_addresses &&
+			       (rdataset->type == dns_rdatatype_a ||
+			        rdataset->type == dns_rdatatype_aaaa ||
+				rdataset->type == dns_rdatatype_ns ||
+				rdataset->type == dns_rdatatype_ptr))))
+				continue;
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
 							     print_name,
@@ -344,17 +284,30 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
+					struct rtype *t;
+					const char *rtt;
+					char typebuf[DNS_RDATATYPE_FORMATSIZE];
+					char typebuf2[DNS_RDATATYPE_FORMATSIZE
+						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
-					if (rdata.type <= 103)
-						rtt=rtypetext[rdata.type];
-					else if (rdata.type == 249)
-						rtt = "key";
-					else if (rdata.type == 250)
-						rtt = "signature";
-					else
-						rtt = "unknown";
+
+					for (t = rtypes; t->text != NULL; t++) {
+						if (t->type == rdata.type) {
+							rtt = t->text;
+							goto found;
+						}
+					}
+
+					dns_rdatatype_format(rdata.type,
+							     typebuf,
+							     sizeof(typebuf));
+					snprintf(typebuf2, sizeof(typebuf2),
+						 "has %s record", typebuf);
+					rtt = typebuf2;
+				found:
 					say_message(print_name, rtt,
 						    &rdata, query);
+					dns_rdata_reset(&rdata);
 					loopresult =
 						dns_rdataset_next(rdataset);
 				}
@@ -404,44 +357,104 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
 	return (ISC_R_SUCCESS);
 }
 
+static void
+chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
+	isc_result_t result;
+	dns_rdataset_t *rdataset;
+	dns_rdata_cname_t cname;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
+
+ 	while (i-- > 0) {
+		rdataset = NULL;
+		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+					      dns_rdatatype_cname, 0, NULL,
+					      &rdataset);
+		if (result != ISC_R_SUCCESS)
+			return;
+		result = dns_rdataset_first(rdataset);
+		check_result(result, "dns_rdataset_first");
+		dns_rdata_reset(&rdata);
+		dns_rdataset_current(rdataset, &rdata);
+		result = dns_rdata_tostruct(&rdata, &cname, NULL);
+		check_result(result, "dns_rdata_tostruct");
+		dns_name_copy(&cname.cname, qname, NULL);
+		dns_rdata_freestruct(&cname);
+	}
+}
+
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	isc_boolean_t did_flag = ISC_FALSE;
 	dns_rdataset_t *opt, *tsig = NULL;
 	dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
-	isc_buffer_t *b = NULL;
-	isc_region_t r;
+	int force_error;
 
 	UNUSED(headers);
 
-	if (listed_server) {
+	/*
+	 * We get called multiple times.
+	 * Preserve any existing error status.
+	 */
+	force_error = (seen_error == 1) ? 1 : 0;
+	seen_error = 1;
+	if (listed_server && !printed_server) {
+		char sockstr[ISC_SOCKADDR_FORMATSIZE];
+
 		printf("Using domain server:\n");
-		printf("Name: %s\n", query->servname);
-		result = isc_buffer_allocate(mctx, &b, MXNAME);
-		check_result(result, "isc_buffer_allocate");
-		result = isc_sockaddr_totext(&query->sockaddr, b);
-		check_result(result, "isc_sockaddr_totext");
-		printf("Address: %.*s\n",
-		       (int)isc_buffer_usedlength(b),
-		       (char*)isc_buffer_base(b));
-		isc_buffer_free(&b);
+		printf("Name: %s\n", query->userarg);
+		isc_sockaddr_format(&query->sockaddr, sockstr,
+				    sizeof(sockstr));
+		printf("Address: %s\n", sockstr);
 		printf("Aliases: \n\n");
+		printed_server = ISC_TRUE;
 	}
 
 	if (msg->rcode != 0) {
-		result = isc_buffer_allocate(mctx, &b, MXNAME);
-		check_result(result, "isc_buffer_allocate");
-		result = dns_name_totext(query->lookup->name, ISC_FALSE,
-					 b);
-		check_result(result, "dns_name_totext");
-		isc_buffer_usedregion(b, &r);
-		printf("Host %.*s not found: %d(%s)\n",
-		       (int)r.length, (char *)r.base,
+		char namestr[DNS_NAME_FORMATSIZE];
+		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
+		printf("Host %s not found: %d(%s)\n", namestr,
 		       msg->rcode, rcodetext[msg->rcode]);
-		isc_buffer_free(&b);
 		return (ISC_R_SUCCESS);
 	}
+
+	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+		char namestr[DNS_NAME_FORMATSIZE];
+		dig_lookup_t *lookup;
+		dns_fixedname_t fixed;
+		dns_name_t *name;
+
+		/* Add AAAA and MX lookups. */
+		dns_fixedname_init(&fixed);
+		name = dns_fixedname_name(&fixed);
+		dns_name_copy(query->lookup->name, name, NULL);
+		chase_cnamechain(msg, name);
+		dns_name_format(name, namestr, sizeof(namestr));
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
+		if (lookup != NULL) {
+			strncpy(lookup->textname, namestr,
+				sizeof(lookup->textname));
+			lookup->textname[sizeof(lookup->textname)-1] = 0;
+			lookup->rdtype = dns_rdatatype_aaaa;
+                        lookup->rdtypeset = ISC_TRUE;
+			lookup->origin = NULL;
+			lookup->retries = tries;
+			ISC_LIST_APPEND(lookup_list, lookup, link);
+		}
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
+		if (lookup != NULL) {
+			strncpy(lookup->textname, namestr,
+				sizeof(lookup->textname));
+			lookup->textname[sizeof(lookup->textname)-1] = 0;
+			lookup->rdtype = dns_rdatatype_mx;
+                        lookup->rdtypeset = ISC_TRUE;
+			lookup->origin = NULL;
+			lookup->retries = tries;
+			ISC_LIST_APPEND(lookup_list, lookup, link);
+		}
+	}
+
 	if (!short_form) {
 		printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
 		       opcodetext[msg->opcode], rcodetext[msg->rcode],
@@ -534,31 +547,91 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (!short_form)
 		printf("\n");
 
+	if (short_form && !default_lookups &&
+	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
+		char namestr[DNS_NAME_FORMATSIZE];
+		char typestr[DNS_RDATATYPE_FORMATSIZE];
+		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
+		dns_rdatatype_format(query->lookup->rdtype, typestr,
+				     sizeof(typestr));
+		printf("%s has no %s record\n", namestr, typestr);
+	}
+	seen_error = force_error;
 	return (result);
 }
 
+static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:";
+
+static void
+pre_parse_args(int argc, char **argv) {
+	int c;
+
+	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
+		switch (c) {
+		case 'm':
+			if (strcasecmp("trace", isc_commandline_argument) == 0)
+				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
+			else if (!strcasecmp("record",
+					     isc_commandline_argument) == 0)
+				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
+			else if (strcasecmp("usage",
+					    isc_commandline_argument) == 0)
+				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
+			break;
+
+		case '4': break;
+		case '6': break;
+		case 'a': break;
+		case 'c': break;
+		case 'd': break;
+		case 'i': break;
+		case 'l': break;
+		case 'n': break;
+		case 'r': break;
+		case 's': break;
+		case 't': break;
+		case 'v': break;
+		case 'w': break;
+		case 'C': break;
+		case 'D': break;
+		case 'N': break;
+		case 'R': break;
+		case 'T': break;
+		case 'W': break;
+		default:
+			show_usage();
+		}
+	}
+	isc_commandline_reset = ISC_TRUE;
+	isc_commandline_index = 1;
+}
+
 static void
 parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	char hostname[MXNAME];
-	dig_server_t *srv;
 	dig_lookup_t *lookup;
-	int i, c, n, adrs[4];
+	int c;
 	char store[MXNAME];
 	isc_textregion_t tr;
-	isc_result_t result;
+	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
+	isc_uint32_t serial = 0;
 
 	UNUSED(is_batchfile);
 
 	lookup = make_empty_lookup();
 
-	while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dn"))
-	       != EOF) {
+	lookup->servfail_stops = ISC_FALSE;
+	lookup->comments = ISC_FALSE;
+
+	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'l':
 			lookup->tcp_mode = ISC_TRUE;
 			lookup->rdtype = dns_rdatatype_axfr;
+			lookup->rdtypeset = ISC_TRUE;
+			fatalexit = 3;
 			break;
 		case 'v':
 		case 'd':
@@ -568,16 +641,41 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			lookup->recurse = ISC_FALSE;
 			break;
 		case 't':
-			tr.base = isc_commandline_argument;
-			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdatatype_fromtext(&rdtype,
+			if (strncasecmp(isc_commandline_argument,
+					"ixfr=", 5) == 0) {
+				rdtype = dns_rdatatype_ixfr;
+				/* XXXMPA add error checking */
+				serial = strtoul(isc_commandline_argument + 5,
+						 NULL, 10);
+				result = ISC_R_SUCCESS;
+			} else {
+				tr.base = isc_commandline_argument;
+				tr.length = strlen(isc_commandline_argument);
+				result = dns_rdatatype_fromtext(&rdtype,
 						   (isc_textregion_t *)&tr);
+			}
 
-			if (result != ISC_R_SUCCESS)
-				fprintf (stderr,"Warning: invalid type: %s\n",
-					 isc_commandline_argument);
-			else
+			if (result != ISC_R_SUCCESS) {
+				fatalexit = 2;
+				fatal("invalid type: %s\n",
+				      isc_commandline_argument);
+			}
+			if (!lookup->rdtypeset ||
+			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
+			lookup->rdtypeset = ISC_TRUE;
+			if (rdtype == dns_rdatatype_axfr) {
+				/* -l -t any -v */
+				list_type = dns_rdatatype_any;
+				short_form = ISC_FALSE;
+				lookup->tcp_mode = ISC_TRUE;
+			} else if (rdtype == dns_rdatatype_ixfr) {
+				lookup->ixfr_serial = serial;
+				list_type = rdtype;
+			} else
+				list_type = rdtype;
+			list_addresses = ISC_FALSE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
@@ -585,18 +683,34 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			result = dns_rdataclass_fromtext(&rdclass,
 						   (isc_textregion_t *)&tr);
 
-			if (result != ISC_R_SUCCESS)
-				fprintf (stderr,"Warning: invalid class: %s\n",
-					 isc_commandline_argument);
-			else
+			if (result != ISC_R_SUCCESS) {
+				fatalexit = 2;
+				fatal("invalid class: %s\n",
+				      isc_commandline_argument);
+			} else {
 				lookup->rdclass = rdclass;
+				lookup->rdclassset = ISC_TRUE;
+			}
+			default_lookups = ISC_FALSE;
 			break;
 		case 'a':
-			lookup->rdtype = dns_rdatatype_any;
+			if (!lookup->rdtypeset ||
+			    lookup->rdtype != dns_rdatatype_axfr)
+				lookup->rdtype = dns_rdatatype_any;
+			list_type = dns_rdatatype_any;
+			list_addresses = ISC_FALSE;
+			lookup->rdtypeset = ISC_TRUE;
 			short_form = ISC_FALSE;
+			default_lookups = ISC_FALSE;
+			break;
+		case 'i':
+			lookup->ip6_int = ISC_TRUE;
 			break;
 		case 'n':
-			lookup->nibble = ISC_TRUE;
+			/* deprecated */
+			break;
+		case 'm':
+			/* Handled by pre_parse_args(). */
 			break;
 		case 'w':
 			/*
@@ -611,19 +725,23 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				timeout = 1;
 			break;
 		case 'R':
-			tries = atoi(isc_commandline_argument);
-			if (tries < 1)
-				tries = 1;
+			tries = atoi(isc_commandline_argument) + 1;
+			if (tries < 2)
+				tries = 2;
 			break;
 		case 'T':
 			lookup->tcp_mode = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
-			lookup->rdtype = dns_rdatatype_soa;
+			lookup->rdtype = dns_rdatatype_ns;
+			lookup->rdtypeset = ISC_TRUE;
 			lookup->rdclass = dns_rdataclass_in;
+			lookup->rdclassset = ISC_TRUE;
 			lookup->ns_search_only = ISC_TRUE;
 			lookup->trace_root = ISC_TRUE;
+			lookup->identify_previous_line = ISC_TRUE;
+			default_lookups = ISC_FALSE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",
@@ -633,59 +751,49 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 		case 'D':
 			debugging = ISC_TRUE;
 			break;
+		case '4':
+			if (have_ipv4) {
+				isc_net_disableipv6();
+				have_ipv6 = ISC_FALSE;
+			} else
+				fatal("can't find IPv4 networking");
+			break;
+		case '6':
+			if (have_ipv6) {
+				isc_net_disableipv4();
+				have_ipv4 = ISC_FALSE;
+			} else
+				fatal("can't find IPv6 networking");
+			break;
+		case 's':
+			lookup->servfail_stops = ISC_TRUE;
+			break;
 		}
 	}
-	if (isc_commandline_index >= argc) {
+
+	lookup->retries = tries;
+
+	if (isc_commandline_index >= argc)
 		show_usage();
-	}
+
 	strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 	hostname[sizeof(hostname)-1]=0;
 	if (argc > isc_commandline_index + 1) {
-		srv = make_server(argv[isc_commandline_index+1]);
-		debug("server is %s", srv->servername);
-		ISC_LIST_APPEND(server_list, srv, link);
+		set_nameserver(argv[isc_commandline_index+1]);
+		debug("server is %s", argv[isc_commandline_index+1]);
 		listed_server = ISC_TRUE;
-	}
+	} else
+		check_ra = ISC_TRUE;
 
 	lookup->pending = ISC_FALSE;
-	if (strspn(hostname, "0123456789.") == strlen(hostname)) {
-		lookup->textname[0] = 0;
-		n = sscanf(hostname, "%d.%d.%d.%d", &adrs[0], &adrs[1],
-				   &adrs[2], &adrs[3]);
-		if (n == 0) {
-			show_usage();
-		}
-		for (i = n - 1; i >= 0; i--) {
-			snprintf(store, MXNAME/8, "%d.",
-				 adrs[i]);
-			strncat(lookup->textname, store, MXNAME);
-		}
-		strncat(lookup->textname, "in-addr.arpa.", MXNAME);
-		lookup->rdtype = dns_rdatatype_ptr;
-	} else if (strspn(hostname, "0123456789abcdef.:") == strlen(hostname))
-	{
-		isc_netaddr_t addr;
-		dns_fixedname_t fname;
-		isc_buffer_t b;
-
-		addr.family = AF_INET6;
-		n = inet_pton(AF_INET6, hostname, &addr.type.in6);
-		if (n <= 0)
-			goto notv6;
-		dns_fixedname_init(&fname);
-		result = dns_byaddr_createptrname(&addr, lookup->nibble,
-						  dns_fixedname_name(&fname));
-		if (result != ISC_R_SUCCESS)
-			show_usage();
-		isc_buffer_init(&b, lookup->textname, sizeof lookup->textname);
-		result = dns_name_totext(dns_fixedname_name(&fname),
-					 ISC_FALSE, &b);
-		isc_buffer_putuint8(&b, 0);
-		if (result != ISC_R_SUCCESS)
-			show_usage();
+	if (get_reverse(store, sizeof(store), hostname,
+			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
+		strncpy(lookup->textname, store, sizeof(lookup->textname));
+		lookup->textname[sizeof(lookup->textname)-1] = 0;
 		lookup->rdtype = dns_rdatatype_ptr;
+		lookup->rdtypeset = ISC_TRUE;
+		default_lookups = ISC_FALSE;
 	} else {
- notv6:
 		strncpy(lookup->textname, hostname, sizeof(lookup->textname));
 		lookup->textname[sizeof(lookup->textname)-1]=0;
 	}
@@ -699,12 +807,17 @@ int
 main(int argc, char **argv) {
 	isc_result_t result;
 
+	tries = 2;
+
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
+	
+	fatalexit = 1;
 
 	debug("main()");
 	progname = argv[0];
+	pre_parse_args(argc, argv);
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
 	setup_libs();
@@ -716,6 +829,5 @@ main(int argc, char **argv) {
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();
-	return (0);
+	return ((seen_error == 0) ? 0 : 1);
 }
-

bin/dig/host.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ -->
+<!-- $Id: host.docbook,v 1.5.18.7 2005/09/09 06:22:06 marka Exp $ -->
 <refentry id="man.host">
 
   <refentryinfo>
@@ -40,9 +40,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -175,13 +172,13 @@
       attempt to resolve <parameter>name</parameter>.  The
       <option>-r</option> option enables <command>host</command>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </para>
 
     <para>
-      By default, <command>host</command> uses UDP when making
+      By default <command>host</command> uses UDP when making
       queries.  The
       <option>-T</option> option makes it use a TCP connection when querying
       the name server.  TCP will be automatically selected for queries that
@@ -196,12 +193,12 @@
 
     <para>
       The <option>-t</option> option is used to select the query type.
-      <parameter>type</parameter> can be any recognized query
+      <parameter>type</parameter> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <command>host</command> automatically selects an appropriate
       query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
+      type.  By default it looks for A records, but if the
       <option>-C</option> option was given, queries will be made for SOA
       records, and if <parameter>name</parameter> is a
       dotted-decimal IPv4
@@ -229,7 +226,7 @@
       The <option>-s</option> option tells <command>host</command> 
       <emphasis>not</emphasis> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </para>
 
     <para>

bin/dig/host.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: host.html,v 1.30 2009/07/11 01:12:45 tbox Exp $ -->
+<!-- $Id: host.html,v 1.7.18.15 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.host"></a><div class="titlepage"></div>
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543434"></a><h2>DESCRIPTION</h2>
+<a name="id2525237"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -125,12 +125,12 @@
       attempt to resolve <em class="parameter"><code>name</code></em>.  The
       <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </p>
 <p>
-      By default, <span><strong class="command">host</strong></span> uses UDP when making
+      By default <span><strong class="command">host</strong></span> uses UDP when making
       queries.  The
       <code class="option">-T</code> option makes it use a TCP connection when querying
       the name server.  TCP will be automatically selected for queries that
@@ -143,12 +143,12 @@
     </p>
 <p>
       The <code class="option">-t</code> option is used to select the query type.
-      <em class="parameter"><code>type</code></em> can be any recognized query
+      <em class="parameter"><code>type</code></em> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <span><strong class="command">host</strong></span> automatically selects an appropriate
       query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
+      type.  By default it looks for A records, but if the
       <code class="option">-C</code> option was given, queries will be made for SOA
       records, and if <em class="parameter"><code>name</code></em> is a
       dotted-decimal IPv4
@@ -174,7 +174,7 @@
       The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span> 
       <span class="emphasis"><em>not</em></span> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </p>
 <p>
       The <code class="option">-m</code> can be used to set the memory usage debugging
@@ -184,7 +184,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543800"></a><h2>IDN SUPPORT</h2>
+<a name="id2525603"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -198,12 +198,12 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543822"></a><h2>FILES</h2>
+<a name="id2525625"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543834"></a><h2>SEE ALSO</h2>
+<a name="id2525637"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>

bin/dig/include/dig/dig.h

@@ -1,30 +1,35 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.25.2.5 2000/10/06 19:08:08 mws Exp $ */
+/* $Id: dig.h,v 1.82.18.16 2006/01/27 23:57:44 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
 
+/*! \file */
+
 #include <dns/rdatalist.h>
+
 #include <dst/dst.h>
+
 #include <isc/boolean.h>
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
+#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/list.h>
 #include <isc/mem.h>
@@ -32,62 +37,87 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#define MXSERV 6
-#define MXNAME (1024)
+#define MXSERV 20
+#define MXNAME (DNS_NAME_MAXTEXT+1)
 #define MXRD 32
+/*% Buffer Size */
 #define BUFSIZE 512
 #define COMMSIZE 0xffff
-#define RESOLVCONF "/etc/resolv.conf"
+#ifndef RESOLV_CONF
+/*% location of resolve.conf */
+#define RESOLV_CONF "/etc/resolv.conf"
+#endif
+/*% output buffer */
 #define OUTPUTBUF 32767
+/*% Max RR Limit */
+#define MAXRRLIMIT 0xffffffff
+#define MAXTIMEOUT 0xffff
+/*% Max number of tries */
+#define MAXTRIES 0xffffffff
+/*% Max number of dots */
+#define MAXNDOTS 0xffff
+/*% Max number of ports */
+#define MAXPORT 0xffff
+/*% Max serial number */
+#define MAXSERIAL 0xffffffff
 
-/*
- * Default timeout values
- */
+/*% Default TCP Timeout */
 #define TCP_TIMEOUT 10
+/*% Default UDP Timeout */
 #define UDP_TIMEOUT 5
 
 #define SERVER_TIMEOUT 1
 
 #define LOOKUP_LIMIT 64
-/*
+/*%
  * Lookup_limit is just a limiter, keeping too many lookups from being
  * created.  It's job is mainly to prevent the program from running away
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
-#define ROOTNS 1
 /*
- * Set the number of root servers to ask for information when running in
- * trace mode.
- * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
- * be 1.
+ * Defaults for the sigchase suboptions.  Consolidated here because
+ * these control the layout of dig_lookup_t (among other things).
  */
+#ifdef DIG_SIGCHASE
+#ifndef DIG_SIGCHASE_BU
+#define DIG_SIGCHASE_BU 1
+#endif
+#ifndef DIG_SIGCHASE_TD
+#define DIG_SIGCHASE_TD 1
+#endif
+#endif
 
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
+#ifdef DIG_SIGCHASE
+typedef struct dig_message dig_message_t;
+#endif
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
+/*% The dig_lookup structure */
 struct dig_lookup {
 	isc_boolean_t
-	        pending, /* Pending a successful answer */
+	        pending, /*%< Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
-		ns_search_only,
-		identify,
+		ns_search_only, /*%< dig +nssearch, host -C */
+		identify, /*%< Append an "on server <foo>" message */
+		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
+					   message, with newline and tab */
 		ignore,
 		recurse,
 		aaonly,
 		adflag,
 		cdflag,
-		trace,
-		trace_root,
-		defname,
+		trace, /*% dig +trace */
+		trace_root, /*% initial query for either +trace or +nssearch */
 		tcp_mode,
-		nibble,
+		ip6_int,
 		comments,
 		stats,
 		section_question,
@@ -95,11 +125,33 @@ struct dig_lookup {
 		section_authority,
 		section_additional,
 		servfail_stops,
-		new_search;
-	char textname[MXNAME]; /* Name we're going to be looking up */
+		new_search,
+		besteffort,
+		dnssec;
+#ifdef DIG_SIGCHASE
+isc_boolean_t	sigchase;
+#if DIG_SIGCHASE_TD
+ 	isc_boolean_t do_topdown,
+	        trace_root_sigchase,
+	        rdtype_sigchaseset,
+	        rdclass_sigchaseset;
+	/* Name we are going to validate RRset */
+  	char textnamesigchase[MXNAME];
+#endif
+#endif
+	
+	char textname[MXNAME]; /*% Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
+	dns_rdatatype_t qrdtype;
+#if DIG_SIGCHASE_TD
+        dns_rdatatype_t rdtype_sigchase;
+        dns_rdatatype_t qrdtype_sigchase;
+        dns_rdataclass_t rdclass_sigchase;
+#endif
 	dns_rdataclass_t rdclass;
+	isc_boolean_t rdtypeset;
+	isc_boolean_t rdclassset;
 	char namespace[BUFSIZE];
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
@@ -117,17 +169,20 @@ struct dig_lookup {
 	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
-	int retries;
+	isc_uint32_t retries;
 	int nsfound;
 	isc_uint16_t udpsize;
+	isc_int16_t edns;
 	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
 	isc_uint32_t msgcounter;
+	dns_fixedname_t fdomain;
 };
 
+/*% The dig_query structure */
 struct dig_query {
 	dig_lookup_t *lookup;
 	isc_boolean_t waiting_connect,
@@ -135,12 +190,14 @@ struct dig_query {
 		first_soa_rcvd,
 		second_rr_rcvd,
 		first_repeat_rcvd,
-		recv_made;
+		recv_made,
+		warn_id;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
+	isc_uint32_t msg_count;
 	isc_uint32_t rr_count;
-	isc_uint32_t name_count;
 	char *servname;
+	char *userarg;
 	isc_bufferlist_t sendlist,
 		recvlist,
 		lengthlist;
@@ -154,10 +211,12 @@ struct dig_query {
 	ISC_LINK(dig_query_t) link;
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
+	isc_uint64_t byte_count;
 };
 
 struct dig_server {
 	char servername[MXNAME];
+	char userarg[MXNAME];
 	ISC_LINK(dig_server_t) link;
 };
 
@@ -165,6 +224,54 @@ struct dig_searchlist {
 	char origin[MXNAME];
 	ISC_LINK(dig_searchlist_t) link;
 };
+#ifdef DIG_SIGCHASE
+struct dig_message {
+	        dns_message_t *msg;
+		ISC_LINK(dig_message_t) link;
+};
+#endif
+
+typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
+typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
+
+/*
+ * Externals from dighost.c
+ */
+
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
+extern dig_searchlistlist_t search_list;
+extern unsigned int extrabytes;
+
+extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
+        usesearch, showsearch, qr;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern dns_messageid_t id;
+extern int sendcount;
+extern int ndots;
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
+extern dns_name_t *hmacname;
+extern unsigned int digestbits;
+#ifdef DIG_SIGCHASE
+extern char trustedkey[MXNAME];
+#endif
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, memdebugging;
+
+extern char *progname;
+extern int tries;
+extern int fatalexit;
 
 /*
  * Routines in dighost.c.
@@ -172,11 +279,15 @@ struct dig_searchlist {
 void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
-void
-fatal(const char *format, ...);
+isc_result_t
+get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+	    isc_boolean_t strict);
 
 void
-debug(const char *format, ...);
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+void
+debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 void
 check_result(isc_result_t result, const char *msg);
@@ -212,7 +323,13 @@ dig_lookup_t *
 clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_server_t *
-make_server(const char *servname);
+make_server(const char *servname, const char *userarg);
+
+void
+flush_server_list(void);
+
+void
+set_nameserver(char *opt);
 
 void
 clone_server_list(dig_serverlist_t src,
@@ -224,17 +341,39 @@ cancel_all(void);
 void
 destroy_libs(void);
 
+void
+set_search_domain(char *domain);
+
+#ifdef DIG_SIGCHASE
+void
+clean_trustedkey(void);
+#endif
+
 /*
- * Routines needed in dig.c and host.c.
+ * Routines to be defined in dig.c, host.c, and nslookup.c.
  */
+#ifdef DIG_SIGCHASE
+isc_result_t
+printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
+	      isc_buffer_t *target);
+#endif
+
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
+/*%<
+ * Print the final result of the lookup.
+ */
 
 void
-received(int bytes, int frmsize, char *frm, dig_query_t *query);
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
+/*%<
+ * Print a message about where and when the response
+ * was received from, like the final comment in the
+ * output of "dig".
+ */
 
 void
-trying(int frmsize, char *frm, dig_lookup_t *lookup);
+trying(char *frm, dig_lookup_t *lookup);
 
 void
 dighost_shutdown(void);
@@ -242,6 +381,14 @@ dighost_shutdown(void);
 char *
 next_token(char **stringp, const char *delim);
 
+#ifdef DIG_SIGCHASE
+/* Chasing functions */
+dns_rdataset_t *
+chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
+void
+chase_sig(dns_message_t *msg);
+#endif
+
 ISC_LANG_ENDDECLS
 
 #endif

bin/dig/nslookup.1

@@ -1,6 +1,6 @@
-.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -12,17 +12,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.16 2010/02/23 01:14:31 tbox Exp $
+.\" $Id: nslookup.1,v 1.1.10.8 2006/01/06 01:48:03 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: nslookup
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -42,40 +39,27 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use
 .SH "ARGUMENTS"
 .PP
 Interactive mode is entered in the following cases:
-.TP 4
+.TP 3
 1.
 when no arguments are given (the default name server will be used)
-.TP 4
+.TP
 2.
 when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
-.sp
-.RE
 .PP
 Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
 Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp
-.RS 4
-.nf
-nslookup \-query=hinfo  \-timeout=10
-.fi
-.RE
-.sp
+.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi
 .SH "INTERACTIVE COMMANDS"
-.PP
-\fBhost\fR [server]
-.RS 4
+.TP
+host [server]
 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
 .sp
 To look up a host not in the current domain, append a period to the name.
-.RE
-.PP
+.TP
 \fBserver\fR \fIdomain\fR
-.RS 4
-.RE
-.PP
+.TP
 \fBlserver\fR \fIdomain\fR
-.RS 4
 Change the default server to
 \fIdomain\fR;
 \fBlserver\fR
@@ -83,165 +67,112 @@ uses the initial server to look up information about
 \fIdomain\fR, while
 \fBserver\fR
 uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.RE
-.PP
+.TP
 \fBroot\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fBfinger\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fBls\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fBview\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fBhelp\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fB?\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP
 \fBexit\fR
-.RS 4
 Exits the program.
-.RE
-.PP
+.TP
 \fBset\fR \fIkeyword\fR\fI[=value]\fR
-.RS 4
 This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 4
-.PP
+.RS
+.TP
 \fBall\fR
-.RS 4
 Prints the current values of the frequently used options to
 \fBset\fR. Information about the current default server and host is also printed.
-.RE
-.PP
+.TP
 \fBclass=\fR\fIvalue\fR
-.RS 4
 Change the query class to one of:
-.RS 4
-.PP
+.RS
+.TP
 \fBIN\fR
-.RS 4
 the Internet class
-.RE
-.PP
+.TP
 \fBCH\fR
-.RS 4
 the Chaos class
-.RE
-.PP
+.TP
 \fBHS\fR
-.RS 4
 the Hesiod class
-.RE
-.PP
+.TP
 \fBANY\fR
-.RS 4
 wildcard
 .RE
-.RE
-.IP "" 4
+.IP
 The class specifies the protocol group of the information.
 .sp
 (Default = IN; abbreviation = cl)
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
-.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nodebug; abbreviation =
 [no]deb)
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBd2\fR
-.RS 4
-Turn debugging mode on or off. This displays more about what nslookup is doing.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nod2)
-.RE
-.PP
+.TP
 \fBdomain=\fR\fIname\fR
-.RS 4
 Sets the search list to
 \fIname\fR.
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
-.RS 4
 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
 .sp
 (Default = search)
-.RE
-.PP
+.TP
 \fBport=\fR\fIvalue\fR
-.RS 4
 Change the default TCP/UDP name server port to
 \fIvalue\fR.
 .sp
 (Default = 53; abbreviation = po)
-.RE
-.PP
+.TP
 \fBquerytype=\fR\fIvalue\fR
-.RS 4
-.RE
-.PP
+.TP
 \fBtype=\fR\fIvalue\fR
-.RS 4
 Change the type of the information query.
 .sp
 (Default = A; abbreviations = q, ty)
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
-.RS 4
 Tell the name server to query other servers if it does not have the information.
 .sp
 (Default = recurse; abbreviation = [no]rec)
-.RE
-.PP
+.TP
 \fBretry=\fR\fInumber\fR
-.RS 4
 Set the number of retries to number.
-.RE
-.PP
+.TP
 \fBtimeout=\fR\fInumber\fR
-.RS 4
 Change the initial timeout interval for waiting for a reply to number seconds.
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBvc\fR
-.RS 4
 Always use a virtual circuit when sending requests to the server.
 .sp
 (Default = novc)
-.RE
-.PP
+.TP
 \fB \fR\fB\fI[no]\fR\fR\fBfail\fR
-.RS 4
 Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
 .sp
 (Default = nofail)
 .RE
-.RE
-.IP "" 4
-.RE
+.IP
 .SH "FILES"
 .PP
 \fI/etc/resolv.conf\fR
@@ -253,6 +184,3 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .SH "AUTHOR"
 .PP
 Andrew Cherenson
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dig/nslookup.docbook

@@ -1,10 +1,10 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.18 2010/02/22 23:49:11 tbox Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.4.2.7 2006/01/06 00:01:43 marka Exp $ -->
 <!--
  - Copyright (c) 1985, 1989
  -    The Regents of the University of California.  All rights reserved.
@@ -72,8 +72,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -130,11 +128,11 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      <!-- <informalexample> produces bad nroff. -->
+      <informalexample>
         <programlisting>
 nslookup -query=hinfo  -timeout=10
 </programlisting>
-      <!-- </informalexample> -->
+      </informalexample>
     </para>
 
   </refsect1>
@@ -143,7 +141,7 @@ nslookup -query=hinfo  -timeout=10
     <title>INTERACTIVE COMMANDS</title>
     <variablelist>
       <varlistentry>
-        <term><constant>host</constant> <optional>server</optional></term>
+        <term>host <optional>server</optional></term>
         <listitem>
           <para>
             Look up information for host using the current default server or
@@ -315,8 +313,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
@@ -329,8 +328,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>d2</constant></term>
                 <listitem>
                   <para>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nod2)

bin/dig/nslookup.html

@@ -1,7 +1,7 @@
 <!--
- - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -13,15 +13,15 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nslookup.html,v 1.23 2010/02/23 01:14:31 tbox Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.10.14 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476276"></a><div class="titlepage"></div>
+<a name="id2462969"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543358"></a><h2>DESCRIPTION</h2>
+<a name="id2525301"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543374"></a><h2>ARGUMENTS</h2>
+<a name="id2525317"></a><h2>ARGUMENTS</h2>
 <p>
       Interactive mode is entered in the following cases:
       </p>
@@ -68,19 +68,17 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      
-        </p>
-<pre class="programlisting">
+      </p>
+<div class="informalexample"><pre class="programlisting">
 nslookup -query=hinfo  -timeout=10
-</pre>
+</pre></div>
 <p>
-      
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543418"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2525358"></a><h2>INTERACTIVE COMMANDS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
 <dd>
 <p>
             Look up information for host using the current default server or
@@ -182,8 +180,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
 <p>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -193,8 +192,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
 <p>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nod2)
@@ -288,19 +288,19 @@ nslookup -query=hinfo  -timeout=10
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546284"></a><h2>FILES</h2>
+<a name="id2528222"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546296"></a><h2>SEE ALSO</h2>
+<a name="id2528234"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546330"></a><h2>Author</h2>
+<a name="id2528268"></a><h2>Author</h2>
 <p>
       Andrew Cherenson
     </p>

bin/dig/win32/dig.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,6 +90,10 @@ LINK32=link.exe
 
 SOURCE=..\dig.c
 # End Source File
+# Begin Source File
+
+SOURCE=..\dighost.c
+# End Source File
 # End Group
 # Begin Group "Header Files"
 

bin/dig/win32/dig.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "dig - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "dig - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,24 +52,22 @@ CLEAN :
 	-@erase "$(INTDIR)\dighost.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dig.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dig.obj" \
 	"$(INTDIR)\dighost.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -152,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -187,12 +109,11 @@ CLEAN :
 	-@erase "$(OUTDIR)\dig.pdb"
 	-@erase "..\..\..\Build\Debug\dig.exe"
 	-@erase "..\..\..\Build\Debug\dig.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
 BSC32_SBRS= \
@@ -205,13 +126,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dig.obj" \
 	"$(INTDIR)\dighost.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 
@@ -219,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -407,21 +326,3 @@ SOURCE=..\dighost.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/dighost.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=dighost - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dighost - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/dighost.lib"
-
-!ELSEIF  "$(CFG)" == "dighost - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/dighost.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dighost - Win32 Release"
-# Name "dighost - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\dighost.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/dig/win32/dighost.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/host.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,6 +88,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE=..\dighost.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\host.c
 # End Source File
 # End Group

bin/dig/win32/host.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "host - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "host - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,24 +52,22 @@ CLEAN :
 	-@erase "$(INTDIR)\host.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\host.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\host.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -152,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -187,12 +109,11 @@ CLEAN :
 	-@erase "$(OUTDIR)\host.pdb"
 	-@erase "..\..\..\Build\Debug\host.exe"
 	-@erase "..\..\..\Build\Debug\host.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
 BSC32_SBRS= \
@@ -205,13 +126,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\host.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 
@@ -219,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -407,21 +326,3 @@ SOURCE=..\host.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/nslookup.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
 
 !ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
 
 !ENDIF 
 

bin/dig/win32/nslookup.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "nslookup - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,24 +52,22 @@ CLEAN :
 	-@erase "$(INTDIR)\nslookup.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\nslookup.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\nslookup.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -152,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
 
@@ -187,12 +109,11 @@ CLEAN :
 	-@erase "$(OUTDIR)\nslookup.pdb"
 	-@erase "..\..\..\Build\Debug\nslookup.exe"
 	-@erase "..\..\..\Build\Debug\nslookup.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
 BSC32_SBRS= \
@@ -205,13 +126,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\nslookup.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 
@@ -219,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -407,21 +326,3 @@ SOURCE=..\nslookup.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/.cvsignore

@@ -3,3 +3,5 @@ dnssec-keygen
 dnssec-makekeyset
 dnssec-signkey
 dnssec-signzone
+*.lo
+.libs

bin/dnssec/Makefile.in

@@ -1,32 +1,34 @@
-# Copyright (C) 2000  Internet Software Consortium.
-# 
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2000-2002  Internet Software Consortium.
+#
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-# 
-# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
-# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
-# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-# SOFTWARE.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.7 2000/06/22 21:49:01 tale Exp $
+# $Id: Makefile.in,v 1.26.18.4 2005/05/02 00:26:11 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-@BIND9_INCLUDES@
+@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =
+CDEFINES =	-DVERSION=\"${VERSION}\" 
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
@@ -37,38 +39,45 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 # Alphabetically
-TARGETS =	dnssec-keygen \
-		dnssec-makekeyset \
-		dnssec-signkey \
-		dnssec-signzone
+TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-keygen.c dnssec-makekeyset.c \
-		dnssec-signkey.c dnssec-signzone.c \
-		dnssectool.c
+SRCS =		dnssec-keygen.c dnssec-signzone.c dnssectool.c
+
+MANPAGES =	dnssec-keygen.8 dnssec-signzone.8
+
+HTMLPAGES =	dnssec-keygen.html dnssec-signzone.html
+
+MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
+dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
-dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
+dnssec-signzone.@O@: dnssec-signzone.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+		-c ${srcdir}/dnssec-signzone.c
 
-dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
+dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
-dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
+doc man:: ${MANOBJS}
+
+docclean manclean maintainer-clean::
+	rm -f ${MANOBJS}
+
+installdirs:
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+
+install:: ${TARGETS} installdirs
+	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 
 clean distclean::
 	rm -f ${TARGETS}
 
-installdirs:
-	if [ ! -d ${DESTDIR}${sbindir} ]; then \
-		mkdir ${DESTDIR}${sbindir}; \
-	fi
-
-install:: ${TARGSTS} installdirs
-	${LIBTOOL} ${INSTALL_PROGRAM} ${TARGETS} ${DESTDIR}${sbindir}

bin/dnssec/dnssec-dsfromkey.8

@@ -1,157 +0,0 @@
-.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-dsfromkey.8,v 1.15 2011/10/26 01:14:51 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-dsfromkey
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: August 26, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "August 26, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-dsfromkey \- DNSSEC DS RR generation tool
-.SH "SYNOPSIS"
-.HP 17
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
-.HP 17
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
-.SH "OPTIONS"
-.PP
-\-1
-.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
-.RE
-.PP
-\-2
-.RS 4
-Use SHA\-256 as the digest algorithm.
-.RE
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Select the digest algorithm. The value of
-\fBalgorithm\fR
-must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
-.RE
-.PP
-\-T \fITTL\fR
-.RS 4
-Specifies the TTL of the DS records.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Look for key files (or, in keyset mode,
-\fIkeyset\-\fR
-files) in
-\fBdirectory\fR.
-.RE
-.PP
-\-f \fIfile\fR
-.RS 4
-Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
-\fBfile\fR. If the zone name is the same as
-\fBfile\fR, then it may be omitted.
-.sp
-If
-\fBfile\fR
-is set to
-"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
-\fBdig\fR
-command as input, as in:
-.sp
-\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
-.RE
-.PP
-\-A
-.RS 4
-Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.
-.RE
-.PP
-\-l \fIdomain\fR
-.RS 4
-Generate a DLV set instead of a DS set. The specified
-\fBdomain\fR
-is appended to the name for each record in the set. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431.
-.RE
-.PP
-\-s
-.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class (default is IN). Useful only in keyset or zone file mode.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.SH "EXAMPLE"
-.PP
-To build the SHA\-256 DS RR from the
-\fBKexample.com.+003+26160\fR
-keyfile name, the following command would be issued:
-.PP
-\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
-.PP
-The command would print something like:
-.PP
-\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
-.SH "FILES"
-.PP
-The keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
-or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
-as generated by
-dnssec\-keygen(8).
-.PP
-The keyset file name is built from the
-\fBdirectory\fR, the string
-\fIkeyset\-\fR
-and the
-\fBdnsname\fR.
-.SH "CAVEAT"
-.PP
-A keyfile error can give a "file not found" even if the file exists.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 3658,
-RFC 4431.
-RFC 4509.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,554 +0,0 @@
-/*
- * Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/callbacks.h>
-#include <dns/db.h>
-#include <dns/dbiterator.h>
-#include <dns/ds.h>
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/log.h>
-#include <dns/master.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
-#include <dns/rdatatype.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024   /* AIX, WIN32, and others don't define this. */
-#endif
-
-const char *program = "dnssec-dsfromkey";
-int verbose;
-
-static dns_rdataclass_t rdclass;
-static dns_fixedname_t	fixed;
-static dns_name_t	*name = NULL;
-static isc_mem_t	*mctx = NULL;
-static isc_uint32_t	ttl;
-
-static isc_result_t
-initname(char *setname) {
-	isc_result_t result;
-	isc_buffer_t buf;
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-
-	isc_buffer_init(&buf, setname, strlen(setname));
-	isc_buffer_add(&buf, strlen(setname));
-	result = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-	return (result);
-}
-
-static void
-db_load_from_stream(dns_db_t *db, FILE *fp) {
-	isc_result_t result;
-	dns_rdatacallbacks_t callbacks;
-
-	dns_rdatacallbacks_init(&callbacks);
-	result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private);
-	if (result != ISC_R_SUCCESS)
-		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
-
-	result = dns_master_loadstream(fp, name, name, rdclass, 0,
-				       &callbacks, mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't load from input: %s", isc_result_totext(result));
-
-	result = dns_db_endload(db, &callbacks.add_private);
-	if (result != ISC_R_SUCCESS)
-		fatal("dns_db_endload failed: %s", isc_result_totext(result));
-}
-
-static isc_result_t
-loadset(const char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t	 result;
-	dns_db_t	 *db = NULL;
-	dns_dbnode_t	 *node = NULL;
-	char setname[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(name, setname, sizeof(setname));
-
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
-			       rdclass, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't create database");
-
-	if (strcmp(filename, "-") == 0) {
-		db_load_from_stream(db, stdin);
-		filename = "input";
-	} else {
-		result = dns_db_load(db, filename);
-		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-			fatal("can't load %s: %s", filename,
-			      isc_result_totext(result));
-	}
-
-	result = dns_db_findnode(db, name, ISC_FALSE, &node);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't find %s node in %s", setname, filename);
-
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
-				     0, 0, rdataset, NULL);
-
-	if (result == ISC_R_NOTFOUND)
-		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	else if (result != ISC_R_SUCCESS)
-		fatal("dns_db_findrdataset");
-
-	if (node != NULL)
-		dns_db_detachnode(db, &node);
-	if (db != NULL)
-		dns_db_detach(&db);
-	return (result);
-}
-
-static isc_result_t
-loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
-	isc_result_t	 result;
-	char		 filename[PATH_MAX + 1];
-	isc_buffer_t	 buf;
-
-	dns_rdataset_init(rdataset);
-
-	isc_buffer_init(&buf, filename, sizeof(filename));
-	if (dirname != NULL) {
-		/* allow room for a trailing slash */
-		if (strlen(dirname) >= isc_buffer_availablelength(&buf))
-			return (ISC_R_NOSPACE);
-		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/')
-			isc_buffer_putstr(&buf, "/");
-	}
-
-	if (isc_buffer_availablelength(&buf) < 7)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putstr(&buf, "keyset-");
-
-	result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
-	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putuint8(&buf, 0);
-
-	return (loadset(filename, rdataset));
-}
-
-static void
-loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata)
-{
-	isc_result_t  result;
-	dst_key_t     *key = NULL;
-	isc_buffer_t  keyb;
-	isc_region_t  r;
-
-	dns_rdata_init(rdata);
-
-	isc_buffer_init(&keyb, key_buf, key_buf_size);
-
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (verbose > 2) {
-		char keystr[DST_KEY_FORMATSIZE];
-
-		dst_key_format(key, keystr, sizeof(keystr));
-		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
-
-	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't decode key");
-
-	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key),
-			     dns_rdatatype_dnskey, &r);
-
-	rdclass = dst_key_class(key);
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-	result = dns_name_copy(dst_key_name(key), name, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't copy name");
-
-	dst_key_free(&key);
-}
-
-static void
-logkey(dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	dst_key_t    *key = NULL;
-	isc_buffer_t buf;
-	char	     keystr[DST_KEY_FORMATSIZE];
-
-	isc_buffer_init(&buf, rdata->data, rdata->length);
-	isc_buffer_add(&buf, rdata->length);
-	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		return;
-
-	dst_key_format(key, keystr, sizeof(keystr));
-	fprintf(stderr, "%s: %s\n", program, keystr);
-
-	dst_key_free(&key);
-}
-
-static void
-emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
-     dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	unsigned char buf[DNS_DS_BUFFERSIZE];
-	char text_buf[DST_KEY_MAXTEXTSIZE];
-	char name_buf[DNS_NAME_MAXWIRE];
-	char class_buf[10];
-	isc_buffer_t textb, nameb, classb;
-	isc_region_t r;
-	dns_rdata_t ds;
-	dns_rdata_dnskey_t dnskey;
-
-	isc_buffer_init(&textb, text_buf, sizeof(text_buf));
-	isc_buffer_init(&nameb, name_buf, sizeof(name_buf));
-	isc_buffer_init(&classb, class_buf, sizeof(class_buf));
-
-	dns_rdata_init(&ds);
-
-	result = dns_rdata_tostruct(rdata, &dnskey, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't convert DNSKEY");
-
-	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall)
-		return;
-
-	result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't build record");
-
-	result = dns_name_totext(name, ISC_FALSE, &nameb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print name");
-
-	/* Add lookaside origin, if set */
-	if (lookaside != NULL) {
-		if (isc_buffer_availablelength(&nameb) < strlen(lookaside))
-			fatal("DLV origin '%s' is too long", lookaside);
-		isc_buffer_putstr(&nameb, lookaside);
-		if (lookaside[strlen(lookaside) - 1] != '.') {
-			if (isc_buffer_availablelength(&nameb) < 1)
-				fatal("DLV origin '%s' is too long", lookaside);
-			isc_buffer_putstr(&nameb, ".");
-		}
-	}
-
-	result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print rdata");
-
-	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print class");
-
-	isc_buffer_usedregion(&nameb, &r);
-	printf("%.*s ", (int)r.length, r.base);
-
-	if (ttl != 0U)
-		printf("%u ", ttl);
-
-	isc_buffer_usedregion(&classb, &r);
-	printf("%.*s", (int)r.length, r.base);
-
-	if (lookaside == NULL)
-		printf(" DS ");
-	else
-		printf(" DLV ");
-
-	isc_buffer_usedregion(&textb, &r);
-	printf("%.*s\n", (int)r.length, r.base);
-}
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s options [-K dir] keyfile\n\n", program);
-	fprintf(stderr, "    %s options [-K dir] [-c class] -s dnsname\n\n",
-		program);
-	fprintf(stderr, "    %s options -f zonefile (as zone name)\n\n", program);
-	fprintf(stderr, "    %s options -f zonefile zonename\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -K <directory>: directory in which to find "
-			"key file or keyset file\n");
-	fprintf(stderr, "    -a algorithm: digest algorithm "
-			"(SHA-1, SHA-256 or GOST)\n");
-	fprintf(stderr, "    -1: use SHA-1\n");
-	fprintf(stderr, "    -2: use SHA-256\n");
-	fprintf(stderr, "    -l: add lookaside zone and print DLV records\n");
-	fprintf(stderr, "    -s: read keyset from keyset-<dnsname> file\n");
-	fprintf(stderr, "    -c class: rdata class for DS set (default: IN)\n");
-	fprintf(stderr, "    -T TTL\n");
-	fprintf(stderr, "    -f file: read keyset from zone file\n");
-	fprintf(stderr, "    -A: when used with -f, "
-			"include all keys in DS set, not just KSKs\n");
-	fprintf(stderr, "Output: DS or DLV RRs\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *classname = NULL;
-	char		*filename = NULL, *dir = NULL, *namestr;
-	char		*lookaside = NULL;
-	char		*endp;
-	int		ch;
-	unsigned int	dtype = DNS_DSDIGEST_SHA1;
-	isc_boolean_t	both = ISC_TRUE;
-	isc_boolean_t	usekeyset = ISC_FALSE;
-	isc_boolean_t	showall = ISC_FALSE;
-	isc_result_t	result;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataset_t	rdataset;
-	dns_rdata_t	rdata;
-
-	dns_rdata_init(&rdata);
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
-		switch (ch) {
-		case '1':
-			dtype = DNS_DSDIGEST_SHA1;
-			both = ISC_FALSE;
-			break;
-		case '2':
-			dtype = DNS_DSDIGEST_SHA256;
-			both = ISC_FALSE;
-			break;
-		case 'A':
-			showall = ISC_TRUE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			both = ISC_FALSE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'd':
-			fprintf(stderr, "%s: the -d option is deprecated; "
-					"use -K\n", program);
-			/* fall through */
-		case 'K':
-			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U)
-				fatal("directory must be non-empty string");
-			break;
-		case 'f':
-			filename = isc_commandline_argument;
-			break;
-		case 'l':
-			lookaside = isc_commandline_argument;
-			if (strlen(lookaside) == 0U)
-				fatal("lookaside must be a non-empty string");
-			break;
-		case 's':
-			usekeyset = ISC_TRUE;
-			break;
-		case 'T':
-			ttl = atol(isc_commandline_argument);
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'F':
-			/* Reserved for FIPS mode */
-			/* FALLTHROUGH */
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (algname != NULL) {
-		if (strcasecmp(algname, "SHA1") == 0 ||
-		    strcasecmp(algname, "SHA-1") == 0)
-			dtype = DNS_DSDIGEST_SHA1;
-		else if (strcasecmp(algname, "SHA256") == 0 ||
-			 strcasecmp(algname, "SHA-256") == 0)
-			dtype = DNS_DSDIGEST_SHA256;
-#ifdef HAVE_OPENSSL_GOST
-		else if (strcasecmp(algname, "GOST") == 0)
-			dtype = DNS_DSDIGEST_GOST;
-#endif
-		else
-			fatal("unknown algorithm %s", algname);
-	}
-
-	rdclass = strtoclass(classname);
-
-	if (usekeyset && filename != NULL)
-		fatal("cannot use both -s and -f");
-
-	/* When not using -f, -A is implicit */
-	if (filename == NULL)
-		showall = ISC_TRUE;
-
-	if (argc < isc_commandline_index + 1 && filename == NULL)
-		fatal("the key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize hash");
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	setup_logging(verbose, mctx, &log);
-
-	dns_rdataset_init(&rdataset);
-
-	if (usekeyset || filename != NULL) {
-		if (argc < isc_commandline_index + 1 && filename != NULL) {
-			/* using zone name as the zone file name */
-			namestr = filename;
-		} else
-			namestr = argv[isc_commandline_index];
-
-		result = initname(namestr);
-		if (result != ISC_R_SUCCESS)
-			fatal("could not initialize name %s", namestr);
-
-		if (usekeyset)
-			result = loadkeyset(dir, &rdataset);
-		else
-			result = loadset(filename, &rdataset);
-
-		if (result != ISC_R_SUCCESS)
-			fatal("could not load DNSKEY set: %s\n",
-			      isc_result_totext(result));
-
-		for (result = dns_rdataset_first(&rdataset);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&rdataset)) {
-			dns_rdata_init(&rdata);
-			dns_rdataset_current(&rdataset, &rdata);
-
-			if (verbose > 2)
-				logkey(&rdata);
-
-			if (both) {
-				emit(DNS_DSDIGEST_SHA1, showall, lookaside,
-				     &rdata);
-				emit(DNS_DSDIGEST_SHA256, showall, lookaside,
-				     &rdata);
-			} else
-				emit(dtype, showall, lookaside, &rdata);
-		}
-	} else {
-		unsigned char key_buf[DST_KEY_MAXSIZE];
-
-		loadkey(argv[isc_commandline_index], key_buf,
-			DST_KEY_MAXSIZE, &rdata);
-
-		if (both) {
-			emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
-			emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata);
-		} else
-			emit(dtype, showall, lookaside, &rdata);
-	}
-
-	if (dns_rdataset_isassociated(&rdataset))
-		dns_rdataset_disassociate(&rdataset);
-	cleanup_logging(&log);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	fflush(stdout);
-	if (ferror(stdout)) {
-		fprintf(stderr, "write error\n");
-		return (1);
-	} else
-		return (0);
-}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -1,277 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
-<refentry id="man.dnssec-dsfromkey">
-  <refentryinfo>
-    <date>August 26, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-dsfromkey</application></refname>
-    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg choice="req">-s</arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg><option>-s</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
-      <arg><option>-A</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">dnsname</arg>
-   </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-dsfromkey</command>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-1</term>
-        <listitem>
-          <para>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-2</term>
-        <listitem>
-          <para>
-            Use SHA-256 as the digest algorithm.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Select the digest algorithm. The value of
-            <option>algorithm</option> must be one of SHA-1 (SHA1),
-            SHA-256 (SHA256) or GOST. These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-T <replaceable class="parameter">TTL</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the TTL of the DS records.
-          </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for key files (or, in keyset mode,
-            <filename>keyset-</filename> files) in
-            <option>directory</option>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">file</replaceable></term>
-        <listitem>
-          <para>
-            Zone file mode: in place of the keyfile name, the argument is
-            the DNS domain name of a zone master file, which can be read
-            from <option>file</option>.  If the zone name is the same as
-            <option>file</option>, then it may be omitted.
-          </para>
-          <para>
-            If <option>file</option> is set to <literal>"-"</literal>, then
-            the zone data is read from the standard input.  This makes it
-            possible to use the output of the <command>dig</command>
-            command as input, as in:
-          </para>
-          <para>
-            <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A</term>
-        <listitem>
-          <para>
-            Include ZSK's when generating DS records.  Without this option,
-            only keys which have the KSK flag set will be converted to DS
-            records and printed.  Useful only in zone file mode. 
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">domain</replaceable></term>
-        <listitem>
-          <para>
-            Generate a DLV set instead of a DS set.  The specified
-            <option>domain</option> is appended to the name for each
-            record in the set.
-            The DNSSEC Lookaside Validation (DLV) RR is described
-            in RFC 4431.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s</term>
-        <listitem>
-          <para>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the DNS class (default is IN).  Useful only
-            in keyset or zone file mode.
-          </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      To build the SHA-256 DS RR from the
-      <userinput>Kexample.com.+003+26160</userinput>
-      keyfile name, the following command would be issued:
-    </para>
-    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-      The command would print something like:
-    </para>
-    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para>
-      The keyfile can be designed by the key identification
-      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
-      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
-      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
-    </para>
-    <para>
-      The keyset file name is built from the <option>directory</option>,
-      the string <filename>keyset-</filename> and the
-      <option>dnsname</option>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>CAVEAT</title>
-    <para>
-      A keyfile error can give a "file not found" even if the file exists.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 3658</citetitle>,
-      <citetitle>RFC 4431</citetitle>.
-      <citetitle>RFC 4509</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-dsfromkey.html

@@ -1,168 +0,0 @@
-<!--
- - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-dsfromkey.html,v 1.15 2011/10/26 01:14:50 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543484"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543496"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-1</span></dt>
-<dd><p>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </p></dd>
-<dt><span class="term">-2</span></dt>
-<dd><p>
-            Use SHA-256 as the digest algorithm.
-          </p></dd>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Select the digest algorithm. The value of
-            <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
-            SHA-256 (SHA256) or GOST. These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
-<dd><p>
-            Specifies the TTL of the DS records.
-          </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for key files (or, in keyset mode,
-            <code class="filename">keyset-</code> files) in
-            <code class="option">directory</code>.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
-<dd>
-<p>
-            Zone file mode: in place of the keyfile name, the argument is
-            the DNS domain name of a zone master file, which can be read
-            from <code class="option">file</code>.  If the zone name is the same as
-            <code class="option">file</code>, then it may be omitted.
-          </p>
-<p>
-            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
-            the zone data is read from the standard input.  This makes it
-            possible to use the output of the <span><strong class="command">dig</strong></span>
-            command as input, as in:
-          </p>
-<p>
-            <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
-          </p>
-</dd>
-<dt><span class="term">-A</span></dt>
-<dd><p>
-            Include ZSK's when generating DS records.  Without this option,
-            only keys which have the KSK flag set will be converted to DS
-            records and printed.  Useful only in zone file mode. 
-          </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-            Generate a DLV set instead of a DS set.  The specified
-            <code class="option">domain</code> is appended to the name for each
-            record in the set.
-            The DNSSEC Lookaside Validation (DLV) RR is described
-            in RFC 4431.
-          </p></dd>
-<dt><span class="term">-s</span></dt>
-<dd><p>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specifies the DNS class (default is IN).  Useful only
-            in keyset or zone file mode.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543722"></a><h2>EXAMPLE</h2>
-<p>
-      To build the SHA-256 DS RR from the
-      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-      keyfile name, the following command would be issued:
-    </p>
-<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
-    </p>
-<p>
-      The command would print something like:
-    </p>
-<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543752"></a><h2>FILES</h2>
-<p>
-      The keyfile can be designed by the key identification
-      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
-      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
-      <span class="refentrytitle">dnssec-keygen</span>(8).
-    </p>
-<p>
-      The keyset file name is built from the <code class="option">directory</code>,
-      the string <code class="filename">keyset-</code> and the
-      <code class="option">dnsname</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543787"></a><h2>CAVEAT</h2>
-<p>
-      A keyfile error can give a "file not found" even if the file exists.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543797"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 3658</em>,
-      <em class="citetitle">RFC 4431</em>.
-      <em class="citetitle">RFC 4509</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543836"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,228 +0,0 @@
-.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.20 2011/03/18 01:14:33 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-keyfromlabel
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: February 8, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-keyfromlabel \- DNSSEC key generation tool
-.SH "SYNOPSIS"
-.HP 20
-\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-keyfromlabel\fR
-gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. This must match the name of the zone for which the key is being generated.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
-.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
-.sp
-Note 2: DH automatically sets the \-k flag.
-.RE
-.PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pkcs11".
-.RE
-.PP
-\-l \fIlabel\fR
-.RS 4
-Specifies the label of the key pair in the crypto hardware. The label may be preceded by an optional OpenSSL engine name, separated by a colon, as in "pkcs11:keylabel".
-.RE
-.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.RE
-.PP
-\-C
-.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
-\fBdnssec\-keyfromlabel\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
-\fB\-C\fR
-option suppresses them.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
-.RE
-.PP
-\-G
-.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-keyfromlabel\fR.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to be written.
-.RE
-.PP
-\-k
-.RS 4
-Generate KEY records rather than DNSKEY records.
-.RE
-.PP
-\-L \fIttl\fR
-.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
-0
-or
-none
-removes it.
-.RE
-.PP
-\-p \fIprotocol\fR
-.RS 4
-Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Indicates the use of the key.
-\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-y
-.RS 4
-Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked. (This is only safe to use if you are sure you won't be using RFC 5011 trust anchor maintenance with either of the keys involved.)
-.RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-I \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
-.SH "GENERATED KEY FILES"
-.PP
-When
-\fBdnssec\-keyfromlabel\fR
-completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key files it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
-.PP
-\fBdnssec\-keyfromlabel\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
-.PP
-The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
-.PP
-The
-\fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 4034.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,583 +0,0 @@
-/*
- * Copyright (C) 2007-2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <ctype.h>
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/region.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/dnssec.h>
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/secalg.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#define MAX_RSA 4096 /* should be long enough... */
-
-const char *program = "dnssec-keyfromlabel";
-int verbose;
-
-#define DEFAULT_ALGORITHM "RSASHA1"
-#define DEFAULT_NSEC3_ALGORITHM "NSEC3RSASHA1"
-
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
-			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512 | ECCGOST";
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -l label [options] name\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -l label: label of the key pair\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
-	fprintf(stderr, "       (default: RSASHA1, or "
-			       "NSEC3RSASHA1 if using -3)\n");
-	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
-	fprintf(stderr, "    -c class (default: IN)\n");
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E enginename (default: pkcs11)\n");
-#else
-	fprintf(stderr, "    -E enginename\n");
-#endif
-	fprintf(stderr, "    -f keyflag: KSK | REVOKE\n");
-	fprintf(stderr, "    -K directory: directory in which to place "
-			"key files\n");
-	fprintf(stderr, "    -k: generate a TYPE=KEY key\n");
-	fprintf(stderr, "    -L ttl: default key TTL\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
-	fprintf(stderr, "    -p protocol: default: 3 [dnssec]\n");
-	fprintf(stderr, "    -t type: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -y: permit keys that might collide\n");
-	fprintf(stderr, "    -v verbose level\n");
-	fprintf(stderr, "Date options:\n");
-	fprintf(stderr, "    -P date/[+-]offset: set key publication date\n");
-	fprintf(stderr, "    -A date/[+-]offset: set key activation date\n");
-	fprintf(stderr, "    -R date/[+-]offset: set key revocation date\n");
-	fprintf(stderr, "    -I date/[+-]offset: set key inactivation date\n");
-	fprintf(stderr, "    -D date/[+-]offset: set key deletion date\n");
-	fprintf(stderr, "    -G: generate key only; do not set -P or -A\n");
-	fprintf(stderr, "    -C: generate a backward-compatible key, omitting"
-			" all dates\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-			"K<name>+<alg>+<id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *freeit = NULL;
-	char		*nametype = NULL, *type = NULL;
-	const char	*directory = NULL;
-#ifdef USE_PKCS11
-	const char	*engine = "pkcs11";
-#else
-	const char	*engine = NULL;
-#endif
-	char		*classname = NULL;
-	char		*endp;
-	dst_key_t	*key = NULL;
-	dns_fixedname_t	fname;
-	dns_name_t	*name;
-	isc_uint16_t	flags = 0, kskflag = 0, revflag = 0;
-	dns_secalg_t	alg;
-	isc_boolean_t	oldstyle = ISC_FALSE;
-	isc_mem_t	*mctx = NULL;
-	int		ch;
-	int		protocol = -1, signatory = 0;
-	isc_result_t	ret;
-	isc_textregion_t r;
-	char		filename[255];
-	isc_buffer_t	buf;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char		*label = NULL;
-	dns_ttl_t	ttl = 0;
-	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
-	isc_stdtime_t	inactive = 0, delete = 0;
-	isc_stdtime_t	now;
-	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
-	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE, setttl = ISC_FALSE;
-	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
-	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
-	isc_boolean_t	unsetdel = ISC_FALSE;
-	isc_boolean_t	genonly = ISC_FALSE;
-	isc_boolean_t	use_nsec3 = ISC_FALSE;
-	isc_boolean_t   avoid_collisions = ISC_TRUE;
-	isc_boolean_t	exact;
-	unsigned char	c;
-
-	if (argc == 1)
-		usage();
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	isc_stdtime_get(&now);
-
-	while ((ch = isc_commandline_parse(argc, argv,
-			"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
-	{
-	    switch (ch) {
-		case '3':
-			use_nsec3 = ISC_TRUE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			break;
-		case 'C':
-			oldstyle = ISC_TRUE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'E':
-			engine = isc_commandline_argument;
-			break;
-		case 'f':
-			c = (unsigned char)(isc_commandline_argument[0]);
-			if (toupper(c) == 'K')
-				kskflag = DNS_KEYFLAG_KSK;
-			else if (toupper(c) == 'R')
-				revflag = DNS_KEYFLAG_REVOKE;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
-		case 'K':
-			directory = isc_commandline_argument;
-			ret = try_dir(directory);
-			if (ret != ISC_R_SUCCESS)
-				fatal("cannot open directory %s: %s",
-				      directory, isc_result_totext(ret));
-			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
-		case 'L':
-			if (strcmp(isc_commandline_argument, "none") == 0)
-				ttl = 0;
-			else
-				ttl = strtottl(isc_commandline_argument);
-			setttl = ISC_TRUE;
-			break;
-		case 'l':
-			label = isc_mem_strdup(mctx, isc_commandline_argument);
-			break;
-		case 'n':
-			nametype = isc_commandline_argument;
-			break;
-		case 'p':
-			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255)
-				fatal("-p must be followed by a number "
-				      "[0..255]");
-			break;
-		case 't':
-			type = isc_commandline_argument;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'y':
-			avoid_collisions = ISC_FALSE;
-			break;
-		case 'G':
-			genonly = ISC_TRUE;
-			break;
-		case 'P':
-			if (setpub || unsetpub)
-				fatal("-P specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setpub = ISC_TRUE;
-				publish = strtotime(isc_commandline_argument,
-						    now, now);
-			} else {
-				unsetpub = ISC_TRUE;
-			}
-			break;
-		case 'A':
-			if (setact || unsetact)
-				fatal("-A specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setact = ISC_TRUE;
-				activate = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetact = ISC_TRUE;
-			}
-			break;
-		case 'R':
-			if (setrev || unsetrev)
-				fatal("-R specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setrev = ISC_TRUE;
-				revoke = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetrev = ISC_TRUE;
-			}
-			break;
-		case 'I':
-			if (setinact || unsetinact)
-				fatal("-I specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setinact = ISC_TRUE;
-				inactive = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetinact = ISC_TRUE;
-			}
-			break;
-		case 'D':
-			if (setdel || unsetdel)
-				fatal("-D specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setdel = ISC_TRUE;
-				delete = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetdel = ISC_TRUE;
-			}
-			break;
-		case 'F':
-			/* Reserved for FIPS mode */
-			/* FALLTHROUGH */
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	ret = dst_lib_init2(mctx, ectx, engine,
-			    ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (ret != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
-		      isc_result_totext(ret));
-
-	setup_logging(verbose, mctx, &log);
-
-	if (label == NULL)
-		fatal("the key label was not specified");
-	if (argc < isc_commandline_index + 1)
-		fatal("the key name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (strchr(label, ':') == NULL &&
-	    engine != NULL && strlen(engine) != 0U) {
-		char *l;
-		int len;
-
-		len = strlen(label) + strlen(engine) + 2;
-		l = isc_mem_allocate(mctx, len);
-		if (l == NULL)
-			fatal("cannot allocate memory");
-		snprintf(l, len, "%s:%s", engine, label);
-		isc_mem_free(mctx, label);
-		label = l;
-	}
-
-	if (algname == NULL) {
-		if (use_nsec3)
-			algname = strdup(DEFAULT_NSEC3_ALGORITHM);
-		else
-			algname = strdup(DEFAULT_ALGORITHM);
-		if (algname == NULL)
-			fatal("strdup failed");
-		freeit = algname;
-		if (verbose > 0)
-			fprintf(stderr, "no algorithm specified; "
-				"defaulting to %s\n", algname);
-	}
-
-	if (strcasecmp(algname, "RSA") == 0) {
-		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
-				"If you still wish to use RSA (RSAMD5) please "
-				"specify \"-a RSAMD5\"\n");
-		return (1);
-	} else {
-		r.base = algname;
-		r.length = strlen(algname);
-		ret = dns_secalg_fromtext(&alg, &r);
-		if (ret != ISC_R_SUCCESS)
-			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
-	}
-
-	if (use_nsec3 &&
-	    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
-	    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
-	    alg != DST_ALG_ECCGOST) {
-		fatal("%s is incompatible with NSEC3; "
-		      "do not use the -3 option", algname);
-	}
-
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-		if (strcasecmp(type, "NOAUTH") == 0)
-			flags |= DNS_KEYTYPE_NOAUTH;
-		else if (strcasecmp(type, "NOCONF") == 0)
-			flags |= DNS_KEYTYPE_NOCONF;
-		else if (strcasecmp(type, "NOAUTHCONF") == 0) {
-			flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
-		}
-		else if (strcasecmp(type, "AUTHCONF") == 0)
-			/* nothing */;
-		else
-			fatal("invalid type %s", type);
-	}
-
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
-		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
-		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if (directory == NULL)
-		directory = ".";
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
-		flags |= kskflag;
-		flags |= revflag;
-	}
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
-
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
-	}
-
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    alg == DNS_KEYALG_DH)
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
-	dns_fixedname_init(&fname);
-	name = dns_fixedname_name(&fname);
-	isc_buffer_init(&buf, argv[isc_commandline_index],
-			strlen(argv[isc_commandline_index]));
-	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
-	ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
-		      isc_result_totext(ret));
-
-	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
-
-	/* associate the key */
-	ret = dst_key_fromlabel(name, alg, flags, protocol,
-				rdclass, engine, label, NULL, mctx, &key);
-	isc_entropy_stopcallbacksources(ectx);
-
-	if (ret != ISC_R_SUCCESS) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char algstr[DNS_SECALG_FORMATSIZE];
-		dns_name_format(name, namestr, sizeof(namestr));
-		dns_secalg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to get key %s/%s: %s\n",
-		      namestr, algstr, isc_result_totext(ret));
-		/* NOTREACHED */
-		exit(-1);
-	}
-
-	/*
-	 * Set key timing metadata (unless using -C)
-	 *
-	 * Publish and activation dates are set to "now" by default, but
-	 * can be overridden.  Creation date is always set to "now".
-	 */
-	if (!oldstyle) {
-		dst_key_settime(key, DST_TIME_CREATED, now);
-
-		if (genonly && (setpub || setact))
-			fatal("cannot use -G together with -P or -A options");
-
-		if (setpub)
-			dst_key_settime(key, DST_TIME_PUBLISH, publish);
-		else if (setact)
-			dst_key_settime(key, DST_TIME_PUBLISH, activate);
-		else if (!genonly && !unsetpub)
-			dst_key_settime(key, DST_TIME_PUBLISH, now);
-
-		if (setact)
-			dst_key_settime(key, DST_TIME_ACTIVATE, activate);
-		else if (!genonly && !unsetact)
-			dst_key_settime(key, DST_TIME_ACTIVATE, now);
-
-		if (setrev) {
-			if (kskflag == 0)
-				fprintf(stderr, "%s: warning: Key is "
-					"not flagged as a KSK, but -R "
-					"was used. Revoking a ZSK is "
-					"legal, but undefined.\n",
-					program);
-			dst_key_settime(key, DST_TIME_REVOKE, revoke);
-		}
-
-		if (setinact)
-			dst_key_settime(key, DST_TIME_INACTIVE, inactive);
-
-		if (setdel)
-			dst_key_settime(key, DST_TIME_DELETE, delete);
-	} else {
-		if (setpub || setact || setrev || setinact ||
-		    setdel || unsetpub || unsetact ||
-		    unsetrev || unsetinact || unsetdel || genonly)
-			fatal("cannot use -C together with "
-			      "-P, -A, -R, -I, -D, or -G options");
-		/*
-		 * Compatibility mode: Private-key-format
-		 * should be set to 1.2.
-		 */
-		dst_key_setprivateformat(key, 1, 2);
-	}
-
-	/* Set default key TTL */
-	if (setttl)
-		dst_key_setttl(key, ttl);
-
-	/*
-	 * Do not overwrite an existing key.  Warn LOUDLY if there
-	 * is a risk of ID collision due to this key or another key
-	 * being revoked.
-	 */
-	if (key_collision(key, name, directory, mctx, &exact)) {
-		isc_buffer_clear(&buf);
-		ret = dst_key_buildfilename(key, 0, directory, &buf);
-		if (ret != ISC_R_SUCCESS)
-			fatal("dst_key_buildfilename returned: %s\n",
-			      isc_result_totext(ret));
-		if (exact)
-			fatal("%s: %s already exists\n", program, filename);
-
-		if (avoid_collisions)
-			fatal("%s: %s could collide with another key upon "
-			      "revokation\n", program, filename);
-
-		fprintf(stderr, "%s: WARNING: Key %s could collide with "
-				"another key upon revokation.  If you plan "
-				"to revoke keys, destroy this key and "
-				"generate a different one.\n",
-				program, filename);
-	}
-
-	ret = dst_key_tofile(key, options, directory);
-	if (ret != ISC_R_SUCCESS) {
-		char keystr[DST_KEY_FORMATSIZE];
-		dst_key_format(key, keystr, sizeof(keystr));
-		fatal("failed to write key %s: %s\n", keystr,
-		      isc_result_totext(ret));
-	}
-
-	isc_buffer_clear(&buf);
-	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS)
-		fatal("dst_key_buildfilename returned: %s\n",
-		      isc_result_totext(ret));
-	printf("%s\n", filename);
-	dst_key_free(&key);
-
-	cleanup_logging(&log);
-	cleanup_entropy(&ectx);
-	dst_lib_destroy();
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_free(mctx, label);
-	isc_mem_destroy(&mctx);
-
-	if (freeit != NULL)
-		free(freeit);
-
-	return (0);
-}

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -1,444 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
-<refentry id="man.dnssec-keyfromlabel">
-  <refentryinfo>
-    <date>February 8, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keyfromlabel</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keyfromlabel</command>
-      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
-      <arg><option>-3</option></arg>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-G</option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-k</option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-y</option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-keyfromlabel</command>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  This must match the name of the zone for which the key is
-      being generated.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-	  <para>
-	    Selects the cryptographic algorithm.  The value of
-            <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
-	    These values are case insensitive.
-	  </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </para>
-          <para>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </para>
-          <para>
-            Note 2: DH automatically sets the -k flag.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3</term>
-        <listitem>
-          <para>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the name of the crypto hardware (OpenSSL engine).
-            When compiled with PKCS#11 support it defaults to "pkcs11".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">label</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the label of the key pair in the crypto hardware.
-            The label may be preceded by an optional OpenSSL engine name,
-            separated by a colon, as in "pkcs11:keylabel".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the owner type of the key.  The value of
-            <option>nametype</option> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-C</term>
-        <listitem>
-          <para>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <command>dnssec-keyfromlabel</command>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <option>-C</option> option suppresses them.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-G</term>
-        <listitem>
-          <para>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-keyfromlabel</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to be written.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k</term>
-        <listitem>
-          <para>
-            Generate KEY records rather than DNSKEY records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-L <replaceable class="parameter">ttl</replaceable></term>
-        <listitem>
-          <para>
-            Sets the default TTL to use for this key when it is converted
-            into a DNSKEY RR.  If the key is imported into a zone,
-            this is the TTL that will be used for it, unless there was
-            already a DNSKEY RRset in place, in which case the existing TTL
-            would take precedence.  Setting the default TTL to
-            <literal>0</literal> or <literal>none</literal> removes it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-        <listitem>
-          <para>
-            Sets the protocol value for the key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-        <listitem>
-          <para>
-            Indicates the use of the key.  <option>type</option> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-y</term>
-        <listitem>
-          <para>
-            Allows DNSSEC key files to be generated even if the key ID
-	    would collide with that of an existing key, in the event of
-	    either key being revoked.  (This is only safe to use if you
-            are sure you won't be using RFC 5011 trust anchor maintenance
-            with either of the keys involved.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEY FILES</title>
-    <para>
-      When <command>dnssec-keyfromlabel</command> completes
-      successfully,
-      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para><filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>aaa</filename> is the numeric representation
-          of the algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>iiiii</filename> is the key identifier (or
-          footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para><command>dnssec-keyfromlabel</command> 
-      creates two files, with names based
-      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-      contains the public key, and
-      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
-      private key.
-    </para>
-    <para>
-      The <filename>.key</filename> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </para>
-    <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,274 +0,0 @@
-<!--
- - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.19 2011/03/18 01:14:33 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543502"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  This must match the name of the zone for which the key is
-      being generated.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543521"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-<p>
-	    Selects the cryptographic algorithm.  The value of
-            <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
-	    These values are case insensitive.
-	  </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </p>
-<p>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </p>
-<p>
-            Note 2: DH automatically sets the -k flag.
-          </p>
-</dd>
-<dt><span class="term">-3</span></dt>
-<dd><p>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Specifies the name of the crypto hardware (OpenSSL engine).
-            When compiled with PKCS#11 support it defaults to "pkcs11".
-          </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
-<dd><p>
-            Specifies the label of the key pair in the crypto hardware.
-            The label may be preceded by an optional OpenSSL engine name,
-            separated by a colon, as in "pkcs11:keylabel".
-          </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-            Specifies the owner type of the key.  The value of
-            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-C</span></dt>
-<dd><p>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <code class="option">-C</code> option suppresses them.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </p></dd>
-<dt><span class="term">-G</span></dt>
-<dd><p>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-keyfromlabel</strong></span>.
-          </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to be written.
-          </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-            Generate KEY records rather than DNSKEY records.
-          </p></dd>
-<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
-            Sets the default TTL to use for this key when it is converted
-            into a DNSKEY RR.  If the key is imported into a zone,
-            this is the TTL that will be used for it, unless there was
-            already a DNSKEY RRset in place, in which case the existing TTL
-            would take precedence.  Setting the default TTL to
-            <code class="literal">0</code> or <code class="literal">none</code> removes it.
-          </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-            Sets the protocol value for the key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-            Indicates the use of the key.  <code class="option">type</code> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-y</span></dt>
-<dd><p>
-            Allows DNSSEC key files to be generated even if the key ID
-	    would collide with that of an existing key, in the event of
-	    either key being revoked.  (This is only safe to use if you
-            are sure you won't be using RFC 5011 trust anchor maintenance
-            with either of the keys involved.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543976"></a><h2>TIMING OPTIONS</h2>
-<p>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </p></dd>
-<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </p></dd>
-<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </p></dd>
-<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </p></dd>
-<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544074"></a><h2>GENERATED KEY FILES</h2>
-<p>
-      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
-      successfully,
-      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
-        </p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
-          of the algorithm.
-        </p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
-          footprint).
-        </p></li>
-</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 
-      creates two files, with names based
-      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
-      contains the public key, and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
-      private key.
-    </p>
-<p>
-      The <code class="filename">.key</code> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </p>
-<p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544147"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4034</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544180"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keygen.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,17 +13,14 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.56 2011/03/18 01:14:33 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.23.18.10 2005/10/13 02:53:00 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"     Title: dnssec\-keygen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
 .TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
@@ -33,137 +30,53 @@
 dnssec\-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP 14
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY (Transaction Key) as defined in RFC 2930.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
-.PP
+.TP
 \-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. For DNSSEC keys, the value of
+Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
 .sp
 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
 .sp
-Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the \-T KEY option.
-.RE
-.PP
+Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
+.TP
 \-b \fIkeysize\fR
-.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
-.sp
-The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
-\fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
-\fB\-a\fR, then there is no default key size, and the
-\fB\-b\fR
-must be used.
-.RE
-.PP
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.TP
 \-n \fInametype\fR
-.RS 4
 Specifies the owner type of the key. The value of
 \fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
-.RE
-.PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms are NSEC3\-capable.
-.RE
-.PP
-\-C
-.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
-\fBdnssec\-keygen\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
-\fB\-C\fR
-option suppresses them.
-.RE
-.PP
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
+.TP
 \-c \fIclass\fR
-.RS 4
 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.PP
+.TP
 \-e
-.RS 4
 If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.RE
-.PP
+.TP
 \-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
-.RE
-.PP
-\-G
-.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
-.RE
-.PP
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
+.TP
 \-g \fIgenerator\fR
-.RS 4
 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.RE
-.PP
+.TP
 \-h
-.RS 4
 Prints a short summary of the options and arguments to
 \fBdnssec\-keygen\fR.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to be written.
-.RE
-.PP
+.TP
 \-k
-.RS 4
-Deprecated in favor of \-T KEY.
-.RE
-.PP
-\-L \fIttl\fR
-.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
-0
-or
-none
-removes it.
-.RE
-.PP
+Generate KEY records rather than DNSKEY records.
+.TP
 \-p \fIprotocol\fR
-.RS 4
 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-q
-.RS 4
-Quiet mode: Suppresses unnecessary output, including progress indication. Without this option, when
-\fBdnssec\-keygen\fR
-is run interactively to generate an RSA or DSA key pair, it will print a string of symbols to
-\fIstderr\fR
-indicating the progress of the key generation. A '.' indicates that a random number has been found which passed an initial sieve test; '+' means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key.
-.RE
-.PP
+.TP
 \-r \fIrandomdev\fR
-.RS 4
 Specifies the source of randomness. If the operating system does not provide a
 \fI/dev/random\fR
 or equivalent device, the default source of randomness is keyboard input.
@@ -171,74 +84,17 @@ or equivalent device, the default source of randomness is keyboard input.
 specifies the name of a character device or file containing random data to be used instead of the default. The special value
 \fIkeyboard\fR
 indicates that keyboard input should be used.
-.RE
-.PP
-\-S \fIkey\fR
-.RS 4
-Create a new key which is an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the existing key. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
-.RE
-.PP
+.TP
 \-s \fIstrength\fR
-.RS 4
 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.RE
-.PP
-\-T \fIrrtype\fR
-.RS 4
-Specifies the resource record type to use for the key.
-\fBrrtype\fR
-must be either DNSKEY or KEY. The default is DNSKEY when using a DNSSEC algorithm, but it can be overridden to KEY for use with SIG(0).
-Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY.
-.RE
-.PP
+.TP
 \-t \fItype\fR
-.RS 4
 Indicates the use of the key.
 \fBtype\fR
 must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
+.TP
 \-v \fIlevel\fR
-.RS 4
 Sets the debugging level.
-.RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-I \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
-.PP
-\-i \fIinterval\fR
-.RS 4
-Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
-.sp
-If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
-.sp
-As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
-.RE
 .SH "GENERATED KEYS"
 .PP
 When
@@ -246,21 +102,21 @@ When
 completes successfully, it prints a string of the form
 \fIKnnnn.+aaa+iiiii\fR
 to the standard output. This is an identification string for the key it has generated.
-.TP 4
+.TP 3
 \(bu
 \fInnnn\fR
 is the key name.
-.TP 4
+.TP
 \(bu
 \fIaaa\fR
 is the numeric representation of the algorithm.
-.TP 4
+.TP
 \(bu
 \fIiiiii\fR
 is the key identifier (or footprint).
 .PP
 \fBdnssec\-keygen\fR
-creates two files, with names based on the printed string.
+creates two file, with names based on the printed string.
 \fIKnnnn.+aaa+iiiii.key\fR
 contains the public key, and
 \fIKnnnn.+aaa+iiiii.private\fR
@@ -272,13 +128,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
 .PP
 The
 \fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
 .PP
 Both
 \fI.key\fR
 and
 \fI.private\fR
-files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
 To generate a 768\-bit DSA key for the domain
@@ -295,19 +151,14 @@ In this example,
 creates the files
 \fIKexample.com.+003+26160.key\fR
 and
-\fIKexample.com.+003+26160.private\fR.
+\fIKexample.com.+003+26160.private\fR
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-signzone\fR(8),
 BIND 9 Administrator Reference Manual,
-RFC 2539,
+RFC 2535,
 RFC 2845,
-RFC 4034.
+RFC 2539.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br

bin/dnssec/dnssec-keygen.c

@@ -1,23 +1,24 @@
 /*
- * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000-2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
- * 
+ *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
- * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
- * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
- * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
- * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.36.2.2 2000/11/09 00:39:14 gson Exp $ */
+/* $Id: dnssec-keygen.c,v 1.66.18.7 2006/01/27 02:50:50 marka Exp $ */
+
+/*! \file */
 
 #include <config.h>
 
@@ -35,19 +36,23 @@
 #include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/name.h>
+#include <dns/rdataclass.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
 
 #include <dst/dst.h>
-#include <dst/result.h>
 
 #include "dnssectool.h"
 
-#define MAX_RSA 2000 /* XXXBEW dnssafe is broken */
+#define MAX_RSA 4096 /* should be long enough... */
 
 const char *program = "dnssec-keygen";
 int verbose;
 
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |"
+			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | "
+			  " HMAC-SHA384 | HMAC-SHA512";
+
 static isc_boolean_t
 dsa_size_ok(int size) {
 	return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
@@ -55,28 +60,45 @@ dsa_size_ok(int size) {
 
 static void
 usage(void) {
-	printf("Usage:\n");
-	printf("    %s -a alg -b bits -n type [options] name\n\n", program);
-	printf("Required options:\n");
-	printf("    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
-	printf("    -b key size, in bits:\n");
-	printf("        RSA:\t\t[512..%d]\n", MAX_RSA);
-	printf("        DH:\t\t[128..4096]\n");
-	printf("        DSA:\t\t[512..1024] and dividable by 64\n");
-	printf("        HMAC-MD5:\t[1..512]\n");
-	printf("    -n nametype: ZONE | HOST | ENTITY | USER\n");
-	printf("    name: owner of the key\n");
-	printf("Other options:\n");
-	printf("    -e use large exponent (RSA only)\n");
-	printf("    -g use specified generator (DH only)\n");
- 	printf("    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
- 	       "(default: AUTHCONF)\n");
- 	printf("    -p protocol value "
- 	       "(default: 2 [email] for USER, 3 [dnssec] otherwise)\n");
- 	printf("    -s strength value this key signs DNS records with "
- 	       "(default: 0)\n");
- 	printf("    -r randomdev (a file containing random data)\n");
-	printf("    -v verbose level\n");
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
+		program);
+	fprintf(stderr, "Version: %s\n", VERSION);
+	fprintf(stderr, "Required options:\n");
+	fprintf(stderr, "    -a algorithm: %s\n", algs);
+	fprintf(stderr, "    -b key size, in bits:\n");
+	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);
+	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+	fprintf(stderr, "        DH:\t\t[128..4096]\n");
+	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
+	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
+	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
+	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
+	fprintf(stderr, "        HMAC-SHA256:\t[1..256]\n");
+	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
+	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
+	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+	fprintf(stderr, "    name: owner of the key\n");
+	fprintf(stderr, "Other options:\n");
+	fprintf(stderr, "    -c <class> (default: IN)\n");
+	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");
+	fprintf(stderr, "    -e use large exponent (RSAMD5/RSASHA1 only)\n");
+	fprintf(stderr, "    -f keyflag: KSK\n");
+	fprintf(stderr, "    -g <generator> use specified generator "
+		"(DH only)\n");
+	fprintf(stderr, "    -t <type>: "
+		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+		"(default: AUTHCONF)\n");
+	fprintf(stderr, "    -p <protocol>: "
+	       "default: 3 [dnssec]\n");
+	fprintf(stderr, "    -s <strength> strength value this key signs DNS "
+		"records with (default: 0)\n");
+	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");
+	fprintf(stderr, "    -v <verbose level>\n");
+	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
+	fprintf(stderr, "Output:\n");
+	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
+		"K<name>+<alg>+<id>.private\n");
 
 	exit (-1);
 }
@@ -84,12 +106,12 @@ usage(void) {
 int
 main(int argc, char **argv) {
 	char		*algname = NULL, *nametype = NULL, *type = NULL;
-	char		*randomfile = NULL;
-	char		*prog, *endp;
+	char		*classname = NULL;
+	char		*endp;
 	dst_key_t	*key = NULL, *oldkey;
 	dns_fixedname_t	fname;
 	dns_name_t	*name;
-	isc_uint16_t	flags = 0;
+	isc_uint16_t	flags = 0, ksk = 0;
 	dns_secalg_t	alg;
 	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
@@ -101,55 +123,61 @@ main(int argc, char **argv) {
 	isc_buffer_t	buf;
 	isc_log_t	*log = NULL;
 	isc_entropy_t	*ectx = NULL;
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	if ((prog = strrchr(argv[0],'/')) == NULL)
-		prog = isc_mem_strdup(mctx, argv[0]);
-	else
-		prog = isc_mem_strdup(mctx, ++prog);
-	if (prog == NULL)
-		fatal("out of memory");
+	dns_rdataclass_t rdclass;
+	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+	int		dbits = 0;
 
 	if (argc == 1)
 		usage();
 
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
 	dns_result_register();
 
 	while ((ch = isc_commandline_parse(argc, argv,
-					   "a:b:eg:n:t:p:s:hr:v:")) != -1)
+					   "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
 	{
 	    switch (ch) {
 		case 'a':
-			algname = isc_mem_strdup(mctx,
-						  isc_commandline_argument);
-			if (algname == NULL)
-				fatal("out of memory");
+			algname = isc_commandline_argument;
 			break;
 		case 'b':
 			size = strtol(isc_commandline_argument, &endp, 10);
 			if (*endp != '\0' || size < 0)
 				fatal("-b requires a non-negative number");
 			break;
+		case 'c':
+			classname = isc_commandline_argument;
+			break;
+		case 'd':
+			dbits = strtol(isc_commandline_argument, &endp, 10);
+			if (*endp != '\0' || dbits < 0)
+				fatal("-d requires a non-negative number");
+			break;
 		case 'e':
 			rsa_exp = 1;
 			break;
+		case 'f':
+			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
+				ksk = DNS_KEYFLAG_KSK;
+			else
+				fatal("unknown flag '%s'",
+				      isc_commandline_argument);
+			break;
 		case 'g':
 			generator = strtol(isc_commandline_argument,
 					   &endp, 10);
 			if (*endp != '\0' || generator <= 0)
 				fatal("-g requires a positive number");
 			break;
+		case 'k':
+			options |= DST_TYPE_KEY;
+			break;
 		case 'n':
-			nametype = isc_mem_strdup(mctx,
-						  isc_commandline_argument);
-			if (nametype == NULL)
-				fatal("out of memory");
+			nametype = isc_commandline_argument;
 			break;
 		case 't':
-			type = isc_mem_strdup(mctx, isc_commandline_argument);
-			if (type == NULL)
-				fatal("out of memory");
+			type = isc_commandline_argument;
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
@@ -165,10 +193,7 @@ main(int argc, char **argv) {
 				      "[0..15]");
 			break;
 		case 'r':
-			randomfile = isc_mem_strdup(mctx,
-						    isc_commandline_argument);
-			if (randomfile == NULL)
-				fatal("out of memory");
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 		case 'v':
 			endp = NULL;
@@ -183,12 +208,11 @@ main(int argc, char **argv) {
 			fprintf(stderr, "%s: invalid argument -%c\n",
 				program, ch);
 			usage();
-		} 
+		}
 	}
 
-	setup_entropy(mctx, randomfile, &ectx);
-	if (randomfile != NULL)
-		isc_mem_free(mctx, randomfile);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	ret = dst_lib_init(mctx, ectx,
 			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (ret != ISC_R_SUCCESS)
@@ -203,21 +227,40 @@ main(int argc, char **argv) {
 
 	if (algname == NULL)
 		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "RSA") == 0)
-		alg = DNS_KEYALG_RSA;
-	else if (strcasecmp(algname, "HMAC-MD5") == 0)
+	if (strcasecmp(algname, "RSA") == 0) {
+		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
+				"If you still wish to use RSA (RSAMD5) please "
+				"specify \"-a RSAMD5\"\n");
+		return (1);
+	} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
+		options |= DST_TYPE_KEY;
 		alg = DST_ALG_HMACMD5;
-	else {
+	} else if (strcasecmp(algname, "HMAC-SHA1") == 0) {
+		options |= DST_TYPE_KEY;
+		alg = DST_ALG_HMACSHA1;
+	} else if (strcasecmp(algname, "HMAC-SHA224") == 0) {
+		options |= DST_TYPE_KEY;
+		alg = DST_ALG_HMACSHA224;
+	} else if (strcasecmp(algname, "HMAC-SHA256") == 0) {
+		options |= DST_TYPE_KEY;
+		alg = DST_ALG_HMACSHA256;
+	} else if (strcasecmp(algname, "HMAC-SHA384") == 0) {
+		options |= DST_TYPE_KEY;
+		alg = DST_ALG_HMACSHA384;
+	} else if (strcasecmp(algname, "HMAC-SHA512") == 0) {
+		options |= DST_TYPE_KEY;
+		alg = DST_ALG_HMACSHA512;
+	} else {
 		r.base = algname;
 		r.length = strlen(algname);
 		ret = dns_secalg_fromtext(&alg, &r);
 		if (ret != ISC_R_SUCCESS)
 			fatal("unknown algorithm %s", algname);
+		if (alg == DST_ALG_DH)
+			options |= DST_TYPE_KEY;
 	}
-	if (dst_algorithm_supported(alg) == ISC_FALSE)
-		fatal("unsupported algorithm %s", algname);
 
-	if (type != NULL) {
+	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
 		if (strcasecmp(type, "NOAUTH") == 0)
 			flags |= DNS_KEYTYPE_NOAUTH;
 		else if (strcasecmp(type, "NOCONF") == 0)
@@ -237,7 +280,8 @@ main(int argc, char **argv) {
 		fatal("key size not specified (-b option)");
 
 	switch (alg) {
-	case DNS_KEYALG_RSA:
+	case DNS_KEYALG_RSAMD5:
+	case DNS_KEYALG_RSASHA1:
 		if (size != 0 && (size < 512 || size > MAX_RSA))
 			fatal("RSA key size %d out of range", size);
 		break;
@@ -247,48 +291,114 @@ main(int argc, char **argv) {
 		break;
 	case DNS_KEYALG_DSA:
 		if (size != 0 && !dsa_size_ok(size))
-			fatal("Invalid DSS key size: %d", size);
+			fatal("invalid DSS key size: %d", size);
 		break;
 	case DST_ALG_HMACMD5:
 		if (size < 1 || size > 512)
 			fatal("HMAC-MD5 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 80 || dbits > 128))
+			fatal("HMAC-MD5 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-MD5 digest bits %d not divisible by 8",
+			      dbits);
+		break;
+	case DST_ALG_HMACSHA1:
+		if (size < 1 || size > 160)
+			fatal("HMAC-SHA1 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 80 || dbits > 160))
+			fatal("HMAC-SHA1 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-SHA1 digest bits %d not divisible by 8",
+			      dbits);
+		break;
+	case DST_ALG_HMACSHA224:
+		if (size < 1 || size > 224)
+			fatal("HMAC-SHA224 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 112 || dbits > 224))
+			fatal("HMAC-SHA224 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-SHA224 digest bits %d not divisible by 8",
+			      dbits);
+		break;
+	case DST_ALG_HMACSHA256:
+		if (size < 1 || size > 256)
+			fatal("HMAC-SHA256 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 128 || dbits > 256))
+			fatal("HMAC-SHA256 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-SHA256 digest bits %d not divisible by 8",
+			      dbits);
+		break;
+	case DST_ALG_HMACSHA384:
+		if (size < 1 || size > 384)
+			fatal("HMAC-384 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 192 || dbits > 384))
+			fatal("HMAC-SHA384 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-SHA384 digest bits %d not divisible by 8",
+			      dbits);
+		break;
+	case DST_ALG_HMACSHA512:
+		if (size < 1 || size > 512)
+			fatal("HMAC-SHA512 key size %d out of range", size);
+		if (dbits != 0 && (dbits < 256 || dbits > 512))
+			fatal("HMAC-SHA512 digest bits %d out of range", dbits);
+		if ((dbits % 8) != 0)
+			fatal("HMAC-SHA512 digest bits %d not divisible by 8",
+			      dbits);
 		break;
 	}
 
-	if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
-		fatal("specified RSA exponent without RSA");
+	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1) &&
+	    rsa_exp != 0)
+		fatal("specified RSA exponent for a non-RSA key");
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
-		fatal("specified DH generator without DH");
+		fatal("specified DH generator for a non-DH key");
 
 	if (nametype == NULL)
 		fatal("no nametype specified");
 	if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if (strcasecmp(nametype, "host") == 0 ||
-		 strcasecmp(nametype, "entity") == 0)
-		flags |= DNS_KEYOWNER_ENTITY;
-	else if (strcasecmp(nametype, "user") == 0)
-		flags |= DNS_KEYOWNER_USER;
-	else
-		fatal("invalid nametype %s", nametype);
-
-	flags |= signatory;
-
-	if (protocol == -1) {
-		if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
-			protocol = DNS_KEYPROTO_EMAIL;
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
+		if (strcasecmp(nametype, "host") == 0 ||
+			 strcasecmp(nametype, "entity") == 0)
+			flags |= DNS_KEYOWNER_ENTITY;
+		else if (strcasecmp(nametype, "user") == 0)
+			flags |= DNS_KEYOWNER_USER;
 		else
-			protocol = DNS_KEYPROTO_DNSSEC;
-	}
+			fatal("invalid KEY nametype %s", nametype);
+	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
+		fatal("invalid DNSKEY nametype %s", nametype);
+
+	rdclass = strtoclass(classname);
+
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
+		flags |= signatory;
+	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
+		flags |= ksk;
+
+	if (protocol == -1)
+		protocol = DNS_KEYPROTO_DNSSEC;
+	else if ((options & DST_TYPE_KEY) == 0 &&
+		 protocol != DNS_KEYPROTO_DNSSEC)
+		fatal("invalid DNSKEY protocol: %d", protocol);
 
 	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
 		if (size > 0)
-			fatal("Specified null key with non-zero size");
+			fatal("specified null key with non-zero size");
 		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("Specified null key with signing authority");
+			fatal("specified null key with signing authority");
 	}
 
+	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
+	    (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 ||
+	     alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||
+	     alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 ||
+	     alg == DST_ALG_HMACSHA512))
+		fatal("a key with algorithm '%s' cannot be a zone key",
+		      algname);
+
 	dns_fixedname_init(&fname);
 	name = dns_fixedname_name(&fname);
 	isc_buffer_init(&buf, argv[isc_commandline_index],
@@ -296,11 +406,12 @@ main(int argc, char **argv) {
 	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
 	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
 	if (ret != ISC_R_SUCCESS)
-		fatal("Invalid key name %s: %s", argv[isc_commandline_index],
+		fatal("invalid key name %s: %s", argv[isc_commandline_index],
 		      isc_result_totext(ret));
 
 	switch(alg) {
-	case DNS_KEYALG_RSA:
+	case DNS_KEYALG_RSAMD5:
+	case DNS_KEYALG_RSASHA1:
 		param = rsa_exp;
 		break;
 	case DNS_KEYALG_DH:
@@ -308,6 +419,11 @@ main(int argc, char **argv) {
 		break;
 	case DNS_KEYALG_DSA:
 	case DST_ALG_HMACMD5:
+	case DST_ALG_HMACSHA1:
+	case DST_ALG_HMACSHA224:
+	case DST_ALG_HMACSHA256:
+	case DST_ALG_HMACSHA384:
+	case DST_ALG_HMACSHA512:
 		param = 0;
 		break;
 	}
@@ -317,29 +433,34 @@ main(int argc, char **argv) {
 
 	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
 
-	do { 
-		conflict = ISC_FALSE; 
+	do {
+		conflict = ISC_FALSE;
 		oldkey = NULL;
 
 		/* generate the key */
 		ret = dst_key_generate(name, alg, size, param, flags, protocol,
-				       mctx, &key);
+				       rdclass, mctx, &key);
 		isc_entropy_stopcallbacksources(ectx);
 
 		if (ret != ISC_R_SUCCESS) {
+			char namestr[DNS_NAME_FORMATSIZE];
+			char algstr[ALG_FORMATSIZE];
+			dns_name_format(name, namestr, sizeof(namestr));
+			alg_format(alg, algstr, sizeof(algstr));
 			fatal("failed to generate key %s/%s: %s\n",
-			      nametostr(name), algtostr(alg),
-			      dst_result_totext(ret));
+			      namestr, algstr, isc_result_totext(ret));
 			exit(-1);
 		}
-		
+
+		dst_key_setbits(key, dbits);
+
 		/*
 		 * Try to read a key with the same name, alg and id from disk.
-		 * If there is one we must continue generating a new one 
+		 * If there is one we must continue generating a new one
 		 * unless we were asked to generate a null key, in which
 		 * case we return failure.
 		 */
-		ret = dst_key_fromfile(name, dst_key_id(key), alg, 
+		ret = dst_key_fromfile(name, dst_key_id(key), alg,
 				       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
 		/* do not overwrite an existing key  */
 		if (ret == ISC_R_SUCCESS) {
@@ -366,28 +487,26 @@ main(int argc, char **argv) {
 		fatal("cannot generate a null key when a key with id 0 "
 		      "already exists");
 
-	ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL);
-	if (ret != ISC_R_SUCCESS)
-		fatal("failed to write key %s/%s/%d: %s\n", nametostr(name),
-		      algtostr(alg), dst_key_id(key), isc_result_totext(ret));
+	ret = dst_key_tofile(key, options, NULL);
+	if (ret != ISC_R_SUCCESS) {
+		char keystr[KEY_FORMATSIZE];
+		key_format(key, keystr, sizeof(keystr));
+		fatal("failed to write key %s: %s\n", keystr,
+		      isc_result_totext(ret));
+	}
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
 	printf("%s\n", filename);
-	isc_mem_free(mctx, algname);
-	isc_mem_free(mctx, nametype);
-	isc_mem_free(mctx, prog);
-	if (type != NULL)
-		isc_mem_free(mctx, type);
 	dst_key_free(&key);
 
-	if (log != NULL)
-		isc_log_destroy(&log);
+	cleanup_logging(&log);
 	cleanup_entropy(&ectx);
 	dst_lib_destroy();
+	dns_name_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-        isc_mem_destroy(&mctx);
+	isc_mem_destroy(&mctx);
 
 	return (0);
 }

bin/dnssec/dnssec-keygen.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2011  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.7 2005/08/30 01:42:12 marka Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -39,11 +39,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -58,35 +53,20 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>dnssec-keygen</command>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg ><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-3</option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-C</option></arg>
+      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
+      <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
+      <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg><option>-e</option></arg>
       <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-G</option></arg>
       <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
       <arg><option>-h</option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg><option>-k</option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-q</option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-z</option></arg>
       <arg choice="req">name</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -95,14 +75,8 @@
     <title>DESCRIPTION</title>
     <para><command>dnssec-keygen</command>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
-      (Transaction Key) as defined in RFC 2930.
-    </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
+      TSIG (Transaction Signatures), as defined in RFC 2845.
     </para>
   </refsect1>
 
@@ -114,29 +88,18 @@
         <term>-a <replaceable class="parameter">algorithm</replaceable></term>
         <listitem>
           <para>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
-	    For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
+            Selects the cryptographic algorithm.  The value of
+            <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </para>
           <para>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </para>
           <para>
-            Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
-            automatically set the -T KEY option.
+            Note 2: HMAC-MD5 and DH automatically set the -k flag.
           </para>
         </listitem>
       </varlistentry>
@@ -146,21 +109,13 @@
         <listitem>
           <para>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
           </para>
-          <para>
-            The key size does not need to be specified if using a default
-            algorithm.  The default key size is 1024 bits for zone signing
-            keys (ZSK's) and 2048 bits for key signing keys (KSK's,
-            generated with <option>-f KSK</option>).  However, if an
-            algorithm is explicitly specified with the <option>-a</option>,
-            then there is no default key size, and the <option>-b</option>
-            must be used.
-          </para>
         </listitem>
       </varlistentry>
 
@@ -173,36 +128,8 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3</term>
-        <listitem>
-          <para>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
-	    are NSEC3-capable.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-C</term>
-        <listitem>
-          <para>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <command>dnssec-keygen</command>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <option>-C</option> option suppresses them.
+            These values are
+            case insensitive.
           </para>
         </listitem>
       </varlistentry>
@@ -217,18 +144,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Uses a crypto hardware (OpenSSL engine) for random number
-            and, when supported, key generation. When compiled with PKCS#11
-            support it defaults to pkcs11; the empty name resets it to
-            no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-e</term>
         <listitem>
@@ -243,17 +158,7 @@
         <listitem>
           <para>
             Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-G</term>
-        <listitem>
-          <para>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
+            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
           </para>
         </listitem>
       </varlistentry>
@@ -280,34 +185,11 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to be written.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-k</term>
         <listitem>
           <para>
-            Deprecated in favor of -T KEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-L <replaceable class="parameter">ttl</replaceable></term>
-        <listitem>
-          <para>
-            Sets the default TTL to use for this key when it is converted
-            into a DNSKEY RR.  If the key is imported into a zone,
-            this is the TTL that will be used for it, unless there was
-            already a DNSKEY RRset in place, in which case the existing TTL
-            would take precedence.  Setting the default TTL to
-            <literal>0</literal> or <literal>none</literal> removes it.
+            Generate KEY records rather than DNSKEY records.
           </para>
         </listitem>
       </varlistentry>
@@ -324,25 +206,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-q</term>
-        <listitem>
-          <para>
-            Quiet mode: Suppresses unnecessary output, including
-            progress indication.  Without this option, when
-            <command>dnssec-keygen</command> is run interactively
-            to generate an RSA or DSA key pair, it will print a string
-            of symbols to <filename>stderr</filename> indicating the
-            progress of the key generation.  A '.' indicates that a
-            random number has been found which passed an initial
-            sieve test; '+' means a number has passed a single
-            round of the Miller-Rabin primality test; a space
-            means that the number has passed all the tests and is
-            a satisfactory key.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
         <listitem>
@@ -360,21 +223,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-S <replaceable class="parameter">key</replaceable></term>
-        <listitem>
-          <para>
-            Create a new key which is an explicit successor to an
-            existing key.  The name, algorithm, size, and type of the
-            key will be set to match the existing key.  The activation
-            date of the new key will be set to the inactivation date of
-            the existing one.  The publication date will be set to the
-            activation date minus the prepublication interval, which
-            defaults to 30 days.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-s <replaceable class="parameter">strength</replaceable></term>
         <listitem>
@@ -386,22 +234,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-T <replaceable class="parameter">rrtype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the resource record type to use for the key.
-            <option>rrtype</option> must be either DNSKEY or KEY.  The
-            default is DNSKEY when using a DNSSEC algorithm, but it can be
-            overridden to KEY for use with SIG(0).
-          <para>
-          </para>
-            Using any TSIG algorithm (HMAC-* or DH) forces this option
-            to KEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t <replaceable class="parameter">type</replaceable></term>
         <listitem>
@@ -426,109 +258,6 @@
     </variablelist>
   </refsect1>
 
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">interval</replaceable></term>
-        <listitem>
-          <para>
-            Sets the prepublication interval for a key.  If set, then
-            the publication and activation dates must be separated by at least
-            this much time.  If the activation date is specified but the
-            publication date isn't, then the publication date will default
-            to this much time before the activation date; conversely, if
-            the publication date is specified but activation date isn't,
-            then activation will be set to this much time after publication.
-          </para>
-          <para>
-            If the key is being created as an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
-            otherwise it is zero.
-          </para>
-          <para>
-            As with date offsets, if the argument is followed by one of
-            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
-            interval is measured in years, months, weeks, days, hours,
-            or minutes, respectively.  Without a suffix, the interval is
-            measured in seconds.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-
   <refsect1>
     <title>GENERATED KEYS</title>
     <para>
@@ -556,7 +285,7 @@
       </listitem>
     </itemizedlist>
     <para><command>dnssec-keygen</command> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
       contains the public key, and
       <filename>Knnnn.+aaa+iiiii.private</filename> contains the
@@ -570,14 +299,14 @@
       statement).
     </para>
     <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
+      The <filename>.private</filename> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </para>
     <para>
       Both <filename>.key</filename> and <filename>.private</filename>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </para>
   </refsect1>
@@ -600,7 +329,7 @@
       In this example, <command>dnssec-keygen</command> creates
       the files <filename>Kexample.com.+003+26160.key</filename>
       and
-      <filename>Kexample.com.+003+26160.private</filename>.
+      <filename>Kexample.com.+003+26160.private</filename>
     </para>
   </refsect1>
 
@@ -610,9 +339,9 @@
         <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2539</citetitle>,
+      <citetitle>RFC 2535</citetitle>,
       <citetitle>RFC 2845</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
+      <citetitle>RFC 2539</citetitle>.
     </para>
   </refsect1>
 

bin/dnssec/dnssec-keygen.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.48 2011/03/18 01:14:33 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.9.18.15 2006/04/23 10:12:41 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dnssec-keygen"></a><div class="titlepage"></div>
@@ -29,73 +29,46 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543590"></a><h2>DESCRIPTION</h2>
+<a name="id2525283"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
-      (Transaction Key) as defined in RFC 2930.
-    </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
+      TSIG (Transaction Signatures), as defined in RFC 2845.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543608"></a><h2>OPTIONS</h2>
+<a name="id2525294"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
-	    For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
+            Selects the cryptographic algorithm.  The value of
+            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </p>
 <p>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </p>
 <p>
-            Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
-            automatically set the -T KEY option.
+            Note 2: HMAC-MD5 and DH automatically set the -k flag.
           </p>
 </dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd>
-<p>
+<dd><p>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
-          </p>
-<p>
-            The key size does not need to be specified if using a default
-            algorithm.  The default key size is 1024 bits for zone signing
-            keys (ZSK's) and 2048 bits for key signing keys (KSK's,
-            generated with <code class="option">-f KSK</code>).  However, if an
-            algorithm is explicitly specified with the <code class="option">-a</code>,
-            then there is no default key size, and the <code class="option">-b</code>
-            must be used.
-          </p>
-</dd>
+          </p></dd>
 <dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
 <dd><p>
             Specifies the owner type of the key.  The value of
@@ -103,39 +76,14 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </p></dd>
-<dt><span class="term">-3</span></dt>
-<dd><p>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
-	    are NSEC3-capable.
-          </p></dd>
-<dt><span class="term">-C</span></dt>
-<dd><p>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <span><strong class="command">dnssec-keygen</strong></span>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <code class="option">-C</code> option suppresses them.
+            These values are
+            case insensitive.
           </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
             Indicates that the DNS record containing the key should have
             the specified class.  If not specified, class IN is used.
           </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Uses a crypto hardware (OpenSSL engine) for random number
-            and, when supported, key generation. When compiled with PKCS#11
-            support it defaults to pkcs11; the empty name resets it to
-            no engine.
-          </p></dd>
 <dt><span class="term">-e</span></dt>
 <dd><p>
             If generating an RSAMD5/RSASHA1 key, use a large exponent.
@@ -143,12 +91,7 @@
 <dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
 <dd><p>
             Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </p></dd>
-<dt><span class="term">-G</span></dt>
-<dd><p>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
+            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
           </p></dd>
 <dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
 <dd><p>
@@ -162,22 +105,9 @@
             Prints a short summary of the options and arguments to
             <span><strong class="command">dnssec-keygen</strong></span>.
           </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to be written.
-          </p></dd>
 <dt><span class="term">-k</span></dt>
 <dd><p>
-            Deprecated in favor of -T KEY.
-          </p></dd>
-<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
-            Sets the default TTL to use for this key when it is converted
-            into a DNSKEY RR.  If the key is imported into a zone,
-            this is the TTL that will be used for it, unless there was
-            already a DNSKEY RRset in place, in which case the existing TTL
-            would take precedence.  Setting the default TTL to
-            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+            Generate KEY records rather than DNSKEY records.
           </p></dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
 <dd><p>
@@ -186,20 +116,6 @@
             Other possible values for this argument are listed in
             RFC 2535 and its successors.
           </p></dd>
-<dt><span class="term">-q</span></dt>
-<dd><p>
-            Quiet mode: Suppresses unnecessary output, including
-            progress indication.  Without this option, when
-            <span><strong class="command">dnssec-keygen</strong></span> is run interactively
-            to generate an RSA or DSA key pair, it will print a string
-            of symbols to <code class="filename">stderr</code> indicating the
-            progress of the key generation.  A '.' indicates that a
-            random number has been found which passed an initial
-            sieve test; '+' means a number has passed a single
-            round of the Miller-Rabin primality test; a space
-            means that the number has passed all the tests and is
-            a satisfactory key.
-          </p></dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
 <dd><p>
             Specifies the source of randomness.  If the operating
@@ -212,37 +128,12 @@
             <code class="filename">keyboard</code> indicates that keyboard
             input should be used.
           </p></dd>
-<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
-<dd><p>
-            Create a new key which is an explicit successor to an
-            existing key.  The name, algorithm, size, and type of the
-            key will be set to match the existing key.  The activation
-            date of the new key will be set to the inactivation date of
-            the existing one.  The publication date will be set to the
-            activation date minus the prepublication interval, which
-            defaults to 30 days.
-          </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
 <dd><p>
             Specifies the strength value of the key.  The strength is
             a number between 0 and 15, and currently has no defined
             purpose in DNSSEC.
           </p></dd>
-<dt><span class="term">-T <em class="replaceable"><code>rrtype</code></em></span></dt>
-<dd>
-<p>
-            Specifies the resource record type to use for the key.
-            <code class="option">rrtype</code> must be either DNSKEY or KEY.  The
-            default is DNSKEY when using a DNSSEC algorithm, but it can be
-            overridden to KEY for use with SIG(0).
-          </p>
-<p>
-          </p>
-<p>
-            Using any TSIG algorithm (HMAC-* or DH) forces this option
-            to KEY.
-          </p>
-</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd><p>
             Indicates the use of the key.  <code class="option">type</code> must be
@@ -257,78 +148,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544200"></a><h2>TIMING OPTIONS</h2>
-<p>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </p></dd>
-<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </p></dd>
-<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </p></dd>
-<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </p></dd>
-<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </p></dd>
-<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
-<dd>
-<p>
-            Sets the prepublication interval for a key.  If set, then
-            the publication and activation dates must be separated by at least
-            this much time.  If the activation date is specified but the
-            publication date isn't, then the publication date will default
-            to this much time before the activation date; conversely, if
-            the publication date is specified but activation date isn't,
-            then activation will be set to this much time after publication.
-          </p>
-<p>
-            If the key is being created as an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
-            otherwise it is zero.
-          </p>
-<p>
-            As with date offsets, if the argument is followed by one of
-            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
-            interval is measured in years, months, weeks, days, hours,
-            or minutes, respectively.  Without a suffix, the interval is
-            measured in seconds.
-          </p>
-</dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544390"></a><h2>GENERATED KEYS</h2>
+<a name="id2525766"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -348,7 +168,7 @@
         </p></li>
 </ul></div>
 <p><span><strong class="command">dnssec-keygen</strong></span> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
       contains the public key, and
       <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
@@ -362,19 +182,19 @@
       statement).
     </p>
 <p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
+      The <code class="filename">.private</code> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </p>
 <p>
       Both <code class="filename">.key</code> and <code class="filename">.private</code>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544540"></a><h2>EXAMPLE</h2>
+<a name="id2525848"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -391,20 +211,20 @@
       In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
       the files <code class="filename">Kexample.com.+003+26160.key</code>
       and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
+      <code class="filename">Kexample.com.+003+26160.private</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544584"></a><h2>SEE ALSO</h2>
+<a name="id2525892"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 2539</em>,
+      <em class="citetitle">RFC 2535</em>,
       <em class="citetitle">RFC 2845</em>,
-      <em class="citetitle">RFC 4034</em>.
+      <em class="citetitle">RFC 2539</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544615"></a><h2>AUTHOR</h2>
+<a name="id2525923"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-makekeyset.c

@@ -1,424 +0,0 @@
-/*
- * Portions Copyright (C) 2000  Internet Software Consortium.
- * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
- * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
- * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
- * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
- * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-makekeyset.c,v 1.28.2.2 2000/08/15 01:20:32 gson Exp $ */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/dnssec.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/rdata.h>
-#include <dns/rdatalist.h>
-#include <dns/rdataset.h>
-#include <dns/result.h>
-#include <dns/secalg.h>
-#include <dns/time.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#define BUFSIZE 2048
-
-const char *program = "dnssec-makekeyset";
-int verbose;
-
-typedef struct keynode keynode_t;
-struct keynode {
-	dst_key_t *key;
-	ISC_LINK(keynode_t) link;
-};
-typedef ISC_LIST(keynode_t) keylist_t;
-
-static isc_stdtime_t starttime = 0, endtime = 0, now;
-static int ttl = -1;
-
-static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
-
-static keylist_t keylist;
-
-static isc_stdtime_t
-strtotime(char *str, isc_int64_t now, isc_int64_t base) {
-	isc_int64_t val, offset;
-	isc_result_t result;
-	char *endp;
-
-	if (str[0] == '+') {
-		offset = strtol(str + 1, &endp, 0);
-		if (*endp != '\0')
-			fatal("time value %s is invalid", str);
-		val = base + offset;
-	} else if (strncmp(str, "now+", 4) == 0) {
-		offset = strtol(str + 4, &endp, 0);
-		if (*endp != '\0')
-			fatal("time value %s is invalid", str);
-		val = now + offset;
-	} else {
-		result = dns_time64_fromtext(str, &val);
-		if (result != ISC_R_SUCCESS)
-			fatal("time %s must be numeric", str);
-	}
-
-	return ((isc_stdtime_t) val);
-}
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "\t%s [options] keys\n", program);
-
-	fprintf(stderr, "\n");
-
-	fprintf(stderr, "Options: (default value in parenthesis) \n");
-	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
-	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
-	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
-	fprintf(stderr, "\t\tSIG end time  - "
-			     "absolute|from start|from now (now + 30 days)\n");
-	fprintf(stderr, "\t-t ttl\n");
-	fprintf(stderr, "\t-r randomdev:\n");
-	fprintf(stderr, "\t\ta file containing random data\n");
-	fprintf(stderr, "\t-v level:\n");
-	fprintf(stderr, "\t\tverbose level (0)\n");
-
-	fprintf(stderr, "\n");
-
-	fprintf(stderr, "keys:\n");
-	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
-	exit(0);
-}
-
-int
-main(int argc, char *argv[]) {
-	int i, ch;
-	char *startstr = NULL, *endstr = NULL;
-	char *randomfile = NULL;
-	dns_fixedname_t fdomain;
-	dns_name_t *domain = NULL;
-	char *output = NULL;
-	char *endp;
-	unsigned char *data;
-	dns_db_t *db;
-	dns_dbnode_t *node;
-	dns_dbversion_t *version;
-	dst_key_t *key = NULL;
-	dns_rdata_t *rdata;
-	dns_rdatalist_t rdatalist, sigrdatalist;
-	dns_rdataset_t rdataset, sigrdataset;
-	isc_result_t result;
-	isc_buffer_t b;
-	isc_region_t r;
-	isc_log_t *log = NULL;
-	keynode_t *keynode;
-	dns_name_t *savedname = NULL;
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("failed to create memory context: %s",
-		      isc_result_totext(result));
-
-	dns_result_register();
-
-	while ((ch = isc_commandline_parse(argc, argv, "s:e:t:r:v:h")) != -1)
-	{
-		switch (ch) {
-		case 's':
-			startstr = isc_mem_strdup(mctx,
-						  isc_commandline_argument);
-			if (startstr == NULL)
-				fatal("out of memory");
-			break;
-
-		case 'e':
-			endstr = isc_mem_strdup(mctx,
-						isc_commandline_argument);
-			if (endstr == NULL)
-				fatal("out of memory");
-			break;
-
-		case 't':
-			endp = NULL;
-			ttl = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("TTL must be numeric");
-			break;
-
-		case 'r':
-			randomfile = isc_mem_strdup(mctx,
-						    isc_commandline_argument);
-			if (randomfile == NULL)
-				fatal("out of memory");
-			break;
-
-		case 'v':
-			endp = NULL;
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("verbose level must be numeric");
-			break;
-
-		case 'h':
-		default:
-			usage();
-
-		}
-	}
-
-	argc -= isc_commandline_index;
-	argv += isc_commandline_index;
-
-	if (argc < 1)
-		usage();
-
-	setup_entropy(mctx, randomfile, &ectx);
-	if (randomfile != NULL)
-		isc_mem_free(mctx, randomfile);
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst");
-
-	isc_stdtime_get(&now);
-
-	if (startstr != NULL) {
-		starttime = strtotime(startstr, now, now);
-		isc_mem_free(mctx, startstr);
-	}
-	else
-		starttime = now;
-
-	if (endstr != NULL) {
-		endtime = strtotime(endstr, now, starttime);
-		isc_mem_free(mctx, endstr);
-	}
-	else
-		endtime = starttime + (30 * 24 * 60 * 60);
-
-	if (ttl == -1) {
-		ttl = 3600;
-		fprintf(stderr, "%s: TTL not specified, assuming 3600\n",
-			program);
-	}
-
-	setup_logging(verbose, mctx, &log);
-
-	dns_rdatalist_init(&rdatalist);
-	rdatalist.rdclass = dns_rdataclass_in;
-	rdatalist.type = dns_rdatatype_key;
-	rdatalist.covers = 0;
-	rdatalist.ttl = ttl;
-
-	ISC_LIST_INIT(keylist);
-
-	for (i = 0; i < argc; i++) {
-		char namestr[1025];
-		key = NULL;
-		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PUBLIC,
-					       mctx, &key);
-		if (result != ISC_R_SUCCESS)
-			fatal("error loading key from %s", argv[i]);
-
-		strncpy(namestr, nametostr(dst_key_name(key)),
-			sizeof(namestr) - 1);
-		namestr[sizeof(namestr) - 1] = 0;
-
-		if (savedname == NULL) {
-			savedname = isc_mem_get(mctx, sizeof(dns_name_t));
-			if (savedname == NULL)
-				fatal("out of memory");
-			dns_name_init(savedname, NULL);
-			result = dns_name_dup(dst_key_name(key), mctx,
-					      savedname);
-			if (result != ISC_R_SUCCESS)
-				fatal("out of memory");
-		} else {
-			if (!dns_name_equal(savedname, dst_key_name(key)) != 0)
-				fatal("all keys must have the same owner - %s "
-				      "and %s do not match",
-				      nametostr(savedname), namestr);
-		}
-		if (output == NULL) {
-			output = isc_mem_allocate(mctx,
-						  strlen(namestr) +
-						  strlen("keyset") + 1);
-			if (output == NULL)
-				fatal("out of memory");
-			strcpy(output, namestr);
-			strcat(output, "keyset");
-		}
-		if (domain == NULL) {
-			dns_fixedname_init(&fdomain);
-			domain = dns_fixedname_name(&fdomain);
-			isc_buffer_init(&b, namestr, strlen(namestr));
-			isc_buffer_add(&b, strlen(namestr));
-			result = dns_name_fromtext(domain, &b, dns_rootname,
-						   ISC_FALSE, NULL);
-			if (result != ISC_R_SUCCESS)
-				fatal("%s is not a valid name: %s",
-				      namestr, isc_result_totext(result));
-		}
-		if (dst_key_iszonekey(key)) {
-			dst_key_t *zonekey = NULL;
-			result = dst_key_fromnamedfile(argv[i],
-						       DST_TYPE_PRIVATE,
-						       mctx, &zonekey);
-			if (result != ISC_R_SUCCESS)
-				fatal("failed to read key %s: %s",
-				      argv[i], isc_result_totext(result));
-			keynode = isc_mem_get(mctx, sizeof (keynode_t));
-			if (keynode == NULL)
-				fatal("out of memory");
-			keynode->key = zonekey;
-			ISC_LINK_INIT(keynode, link);
-			ISC_LIST_APPEND(keylist, keynode, link);
-		}
-		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
-		if (rdata == NULL)
-			fatal("out of memory");
-		data = isc_mem_get(mctx, BUFSIZE);
-		if (data == NULL)
-			fatal("out of memory");
-		isc_buffer_init(&b, data, BUFSIZE);
-		result = dst_key_todns(key, &b);
-		if (result != ISC_R_SUCCESS)
-			fatal("failed to convert key %s to a DNS KEY: %s",
-			      argv[i], isc_result_totext(result));
-		isc_buffer_usedregion(&b, &r);
-		dns_rdata_fromregion(rdata, dns_rdataclass_in,
-				     dns_rdatatype_key, &r);
-		ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
-		dst_key_free(&key);
-	}
-
-	dns_rdataset_init(&rdataset);
-	result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
-	check_result(result, "dns_rdatalist_tordataset()");
-
-	dns_rdatalist_init(&sigrdatalist);
-	sigrdatalist.rdclass = dns_rdataclass_in;
-	sigrdatalist.type = dns_rdatatype_sig;
-	sigrdatalist.covers = dns_rdatatype_key;
-	sigrdatalist.ttl = ttl;
-
-	if (ISC_LIST_EMPTY(keylist))
-		fprintf(stderr,
-			"%s: no private zone key found; not self-signing\n",
-			program);
-	for (keynode = ISC_LIST_HEAD(keylist);
-	     keynode != NULL;
-	     keynode = ISC_LIST_NEXT(keynode, link))
-	{
-		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
-		if (rdata == NULL)
-			fatal("out of memory");
-		data = isc_mem_get(mctx, BUFSIZE);
-		if (data == NULL)
-			fatal("out of memory");
-		isc_buffer_init(&b, data, BUFSIZE);
-		result = dns_dnssec_sign(domain, &rdataset, keynode->key,
-					 &starttime, &endtime, mctx, &b,
-					 rdata);
-		isc_entropy_stopcallbacksources(ectx);
-		if (result != ISC_R_SUCCESS)
-			fatal("failed to sign keyset with key %s/%s/%d: %s",
-			      nametostr(dst_key_name(keynode->key)),
-			      algtostr(dst_key_alg(keynode->key)),
-			      dst_key_id(keynode->key),
-			      isc_result_totext(result));
-		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
-		dns_rdataset_init(&sigrdataset);
-		result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
-		check_result(result, "dns_rdatalist_tordataset()");
-	}
-
-	db = NULL;
-	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
-			       dns_rdataclass_in, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS)
-		fatal("failed to create a database for %s", nametostr(domain));
-
-	version = NULL;
-	dns_db_newversion(db, &version);
-
-	node = NULL;
-	result = dns_db_findnode(db, domain, ISC_TRUE, &node);
-	check_result(result, "dns_db_findnode()");
-
-	dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
-	if (!ISC_LIST_EMPTY(keylist))
-		dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
-				   NULL);
-
-	dns_db_detachnode(db, &node);
-	dns_db_closeversion(db, &version, ISC_TRUE);
-	result = dns_db_dump(db, version, output);
-	if (result != ISC_R_SUCCESS)
-		fatal("failed to write database for %s to %s",
-		      nametostr(domain), output);
-
-	dns_db_detach(&db);
-
-	dns_rdataset_disassociate(&rdataset);
-	while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
-		rdata = ISC_LIST_HEAD(rdatalist.rdata);
-		ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
-		isc_mem_put(mctx, rdata->data, BUFSIZE);
-		isc_mem_put(mctx, rdata, sizeof *rdata);
-	}
-	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
-		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
-		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
-		isc_mem_put(mctx, rdata->data, BUFSIZE);
-		isc_mem_put(mctx, rdata, sizeof *rdata);
-	}
-
-	while (!ISC_LIST_EMPTY(keylist)) {
-		keynode = ISC_LIST_HEAD(keylist);
-		ISC_LIST_UNLINK(keylist, keynode, link);
-		dst_key_free(&keynode->key);
-		isc_mem_put(mctx, keynode, sizeof(keynode_t));
-	}
-
-	if (savedname != NULL) {
-		dns_name_free(savedname, mctx);
-		isc_mem_put(mctx, savedname, sizeof(dns_name_t));
-	}
-
-	if (log != NULL)
-		isc_log_destroy(&log);
-	cleanup_entropy(&ectx);
-
-	isc_mem_free(mctx, output);
-	dst_lib_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-	return (0);
-}

bin/dnssec/dnssec-revoke.8

@@ -1,88 +0,0 @@
-.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-revoke.8,v 1.10 2011/10/21 01:14:50 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-revoke
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 1, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-REVOKE" "8" "June 1, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
-.SH "SYNOPSIS"
-.HP 14
-\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-revoke\fR
-reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key.
-.SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Emit usage message and exit.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to reside.
-.RE
-.PP
-\-r
-.RS 4
-After writing the new keyset files remove the original keyset files.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.PP
-\-f
-.RS 4
-Force overwrite: Causes
-\fBdnssec\-revoke\fR
-to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
-.RE
-.PP
-\-R
-.RS 4
-Print the key tag of the key with the REVOKE bit set but do not revoke the key.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 5011.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-revoke.c

@@ -1,277 +0,0 @@
-/*
- * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <libgen.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-revoke";
-int verbose;
-
-static isc_mem_t	*mctx = NULL;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E engine:    specify OpenSSL engine "
-					   "(default \"pkcs11\")\n");
-#else
-	fprintf(stderr, "    -E engine:    specify OpenSSL engine\n");
-#endif
-	fprintf(stderr, "    -f:	   force overwrite\n");
-	fprintf(stderr, "    -K directory: use directory for key files\n");
-	fprintf(stderr, "    -h:	   help\n");
-	fprintf(stderr, "    -r:	   remove old keyfiles after "
-					   "creating revoked version\n");
-	fprintf(stderr, "    -v level:	   set level of verbosity\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			     "K<name>+<alg>+<new id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t result;
-#ifdef USE_PKCS11
-	const char *engine = "pkcs11";
-#else
-	const char *engine = NULL;
-#endif
-	char *filename = NULL, *dir = NULL;
-	char newname[1024], oldname[1024];
-	char keystr[DST_KEY_FORMATSIZE];
-	char *endp;
-	int ch;
-	isc_entropy_t *ectx = NULL;
-	dst_key_t *key = NULL;
-	isc_uint32_t flags;
-	isc_buffer_t buf;
-	isc_boolean_t force = ISC_FALSE;
-	isc_boolean_t remove = ISC_FALSE;
-	isc_boolean_t id = ISC_FALSE;
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("Out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:")) != -1) {
-		switch (ch) {
-		    case 'E':
-			engine = isc_commandline_argument;
-			break;
-		    case 'f':
-			force = ISC_TRUE;
-			break;
-		    case 'K':
-			/*
-			 * We don't have to copy it here, but do it to
-			 * simplify cleanup later
-			 */
-			dir = isc_mem_strdup(mctx, isc_commandline_argument);
-			if (dir == NULL) {
-				fatal("Failed to allocate memory for "
-				      "directory");
-			}
-			break;
-		    case 'r':
-			remove = ISC_TRUE;
-			break;
-		    case 'R':
-			id = ISC_TRUE;
-			break;
-		    case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		    case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		    case 'h':
-			usage();
-
-		    default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL)
-		fatal("The key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("Extraneous arguments");
-
-	if (dir != NULL) {
-		filename = argv[isc_commandline_index];
-	} else {
-		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
-					    &dir, &filename);
-		if (result != ISC_R_SUCCESS)
-			fatal("cannot process filename %s: %s",
-			      argv[isc_commandline_index],
-			      isc_result_totext(result));
-		if (strcmp(dir, ".") == 0) {
-			isc_mem_free(mctx, dir);
-			dir = NULL;
-		}
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize hash");
-	result = dst_lib_init2(mctx, ectx, engine,
-			       ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	result = dst_key_fromnamedfile(filename, dir,
-				       DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("Invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (id) {
-		fprintf(stdout, "%u\n", dst_key_rid(key));
-		goto cleanup;
-	}
-	dst_key_format(key, keystr, sizeof(keystr));
-
-	if (verbose > 2)
-		fprintf(stderr, "%s: %s\n", program, keystr);
-
-	if (force)
-		set_keyversion(key);
-	else
-		check_keyversion(key, keystr);
-
-
-	flags = dst_key_flags(key);
-	if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
-		isc_stdtime_t now;
-
-		if ((flags & DNS_KEYFLAG_KSK) == 0)
-			fprintf(stderr, "%s: warning: Key is not flagged "
-					"as a KSK. Revoking a ZSK is "
-					"legal, but undefined.\n",
-					program);
-
-		isc_stdtime_get(&now);
-		dst_key_settime(key, DST_TIME_REVOKE, now);
-
-		dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE);
-
-		isc_buffer_init(&buf, newname, sizeof(newname));
-		dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
-
-		if (access(newname, F_OK) == 0 && !force) {
-			fatal("Key file %s already exists; "
-			      "use -f to force overwrite", newname);
-		}
-
-		result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-					dir);
-		if (result != ISC_R_SUCCESS) {
-			dst_key_format(key, keystr, sizeof(keystr));
-			fatal("Failed to write key %s: %s", keystr,
-			      isc_result_totext(result));
-		}
-
-		isc_buffer_clear(&buf);
-		dst_key_buildfilename(key, 0, dir, &buf);
-		printf("%s\n", newname);
-
-		/*
-		 * Remove old key file, if told to (and if
-		 * it isn't the same as the new file)
-		 */
-		if (remove && dst_key_alg(key) != DST_ALG_RSAMD5) {
-			isc_buffer_init(&buf, oldname, sizeof(oldname));
-			dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
-			dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
-			if (strcmp(oldname, newname) == 0)
-				goto cleanup;
-			if (access(oldname, F_OK) == 0)
-				unlink(oldname);
-			isc_buffer_clear(&buf);
-			dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
-			if (access(oldname, F_OK) == 0)
-				unlink(oldname);
-		}
-	} else {
-		dst_key_format(key, keystr, sizeof(keystr));
-		fatal("Key %s is already revoked", keystr);
-	}
-
-cleanup:
-	dst_key_free(&key);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	if (dir != NULL)
-		isc_mem_free(mctx, dir);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-revoke.docbook

@@ -1,161 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
-<refentry id="man.dnssec-revoke">
-  <refentryinfo>
-    <date>June 1, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-revoke</application></refname>
-    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <year>2011</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-revoke</command>
-      <arg><option>-hr</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg><option>-f</option></arg>
-      <arg><option>-R</option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-revoke</command>
-      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
-      in RFC 5011, and creates a new pair of key files containing the
-      now-revoked key.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-h</term>
-        <listitem>
-	  <para>
-	    Emit usage message and exit.
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to reside.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r</term>
-        <listitem>
-	  <para>
-	    After writing the new keyset files remove the original keyset
-	    files.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f</term>
-        <listitem>
-          <para>
-            Force overwrite: Causes <command>dnssec-revoke</command> to
-            write the new key pair even if a file already exists matching
-            the algorithm and key ID of the revoked key.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R</term>
-        <listitem>
-          <para>
-	    Print the key tag of the key with the REVOKE bit set but do
-	    not revoke the key.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 5011</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-revoke.html

@@ -1,92 +0,0 @@
-<!--
- - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-revoke.html,v 1.10 2011/10/21 01:14:50 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-revoke</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543381"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-revoke</strong></span>
-      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
-      in RFC 5011, and creates a new pair of key files containing the
-      now-revoked key.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543393"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Emit usage message and exit.
-	  </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to reside.
-          </p></dd>
-<dt><span class="term">-r</span></dt>
-<dd><p>
-	    After writing the new keyset files remove the original keyset
-	    files.
-	  </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </p></dd>
-<dt><span class="term">-f</span></dt>
-<dd><p>
-            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
-            write the new key pair even if a file already exists matching
-            the algorithm and key ID of the revoked key.
-          </p></dd>
-<dt><span class="term">-R</span></dt>
-<dd><p>
-	    Print the key tag of the key with the REVOKE bit set but do
-	    not revoke the key.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543511"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 5011</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543536"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-settime.8

@@ -1,175 +0,0 @@
-.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-settime.8,v 1.17 2011/11/05 01:14:48 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-settime
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: July 15, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-SETTIME" "8" "July 15, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-settime \- Set the key timing metadata for a DNSSEC key
-.SH "SYNOPSIS"
-.HP 15
-\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-settime\fR
-reads a DNSSEC private key file and sets the key timing metadata as specified by the
-\fB\-P\fR,
-\fB\-A\fR,
-\fB\-R\fR,
-\fB\-I\fR, and
-\fB\-D\fR
-options. The metadata can then be used by
-\fBdnssec\-signzone\fR
-or other signing software to determine when a key is to be published, whether it should be used for signing a zone, etc.
-.PP
-If none of these options is set on the command line, then
-\fBdnssec\-settime\fR
-simply prints the key timing metadata already stored in the key.
-.PP
-When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR
-and
-\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. The private file's permissions are always set to be inaccessible to anyone other than the owner (mode 0600).
-.SH "OPTIONS"
-.PP
-\-f
-.RS 4
-Force an update of an old\-format key with no metadata fields. Without this option,
-\fBdnssec\-settime\fR
-will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time. If no other values are specified, then the key's publication and activation dates will also be set to the present time.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to reside.
-.RE
-.PP
-\-L \fIttl\fR
-.RS 4
-Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
-0
-or
-none
-removes it.
-.RE
-.PP
-\-h
-.RS 4
-Emit usage message and exit.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none'.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it.
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it.
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-I \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
-.PP
-\-S \fIpredecessor key\fR
-.RS 4
-Select a key for which the key being modified will be an explicit successor. The name, algorithm, size, and type of the predecessor key must exactly match those of the key being modified. The activation date of the successor key will be set to the inactivation date of the predecessor. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
-.RE
-.PP
-\-i \fIinterval\fR
-.RS 4
-Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
-.sp
-If the key is being set to be an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
-.sp
-As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
-.RE
-.SH "PRINTING OPTIONS"
-.PP
-\fBdnssec\-settime\fR
-can also be used to print the timing metadata associated with a key.
-.PP
-\-u
-.RS 4
-Print times in UNIX epoch format.
-.RE
-.PP
-\-p \fIC/P/A/R/I/D/all\fR
-.RS 4
-Print a specific metadata value or set of metadata values. The
-\fB\-p\fR
-option may be followed by one or more of the following letters to indicate which value or values to print:
-\fBC\fR
-for the creation date,
-\fBP\fR
-for the publication date,
-\fBA\fR
-for the activation date,
-\fBR\fR
-for the revocation date,
-\fBI\fR
-for the inactivation date, or
-\fBD\fR
-for the deletion date. To print all of the metadata, use
-\fB\-p all\fR.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 5011.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-settime.c

@@ -1,600 +0,0 @@
-/*
- * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <libgen.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <time.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-settime";
-int verbose;
-
-static isc_mem_t	*mctx = NULL;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "General options:\n");
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E engine:          specify OpenSSL engine "
-						 "(default \"pkcs11\")\n");
-#else
-	fprintf(stderr, "    -E engine:          specify OpenSSL engine\n");
-#endif
-	fprintf(stderr, "    -f:                 force update of old-style "
-						 "keys\n");
-	fprintf(stderr, "    -K directory:       set key file location\n");
-	fprintf(stderr, "    -L ttl:             set default key TTL\n");
-	fprintf(stderr, "    -v level:           set level of verbosity\n");
-	fprintf(stderr, "    -h:                 help\n");
-	fprintf(stderr, "Timing options:\n");
-	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
-						     "publication date\n");
-	fprintf(stderr, "    -A date/[+-]offset/none: set/unset key "
-						     "activation date\n");
-	fprintf(stderr, "    -R date/[+-]offset/none: set/unset key "
-						     "revocation date\n");
-	fprintf(stderr, "    -I date/[+-]offset/none: set/unset key "
-						     "inactivation date\n");
-	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
-						     "deletion date\n");
-	fprintf(stderr, "Printing options:\n");
-	fprintf(stderr, "    -p C/P/A/R/I/D/all: print a particular time "
-						"value or values\n");
-	fprintf(stderr, "    -u:                 print times in unix epoch "
-						"format\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			     "K<name>+<alg>+<new id>.private\n");
-
-	exit (-1);
-}
-
-static void
-printtime(dst_key_t *key, int type, const char *tag, isc_boolean_t epoch,
-	  FILE *stream)
-{
-	isc_result_t result;
-	const char *output = NULL;
-	isc_stdtime_t when;
-
-	if (tag != NULL)
-		fprintf(stream, "%s: ", tag);
-
-	result = dst_key_gettime(key, type, &when);
-	if (result == ISC_R_NOTFOUND) {
-		fprintf(stream, "UNSET\n");
-	} else if (epoch) {
-		fprintf(stream, "%d\n", (int) when);
-	} else {
-		time_t time = when;
-		output = ctime(&time);
-		fprintf(stream, "%s", output);
-	}
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t	result;
-#ifdef USE_PKCS11
-	const char	*engine = "pkcs11";
-#else
-	const char	*engine = NULL;
-#endif
-	char		*filename = NULL, *directory = NULL;
-	char		newname[1024];
-	char		keystr[DST_KEY_FORMATSIZE];
-	char		*endp, *p;
-	int		ch;
-	isc_entropy_t	*ectx = NULL;
-	const char	*predecessor = NULL;
-	dst_key_t	*prevkey = NULL;
-	dst_key_t	*key = NULL;
-	isc_buffer_t	buf;
-	dns_name_t	*name = NULL;
-	dns_secalg_t 	alg = 0;
-	unsigned int 	size = 0;
-	isc_uint16_t	flags = 0;
-	int		prepub = -1;
-	dns_ttl_t	ttl = 0;
-	isc_stdtime_t	now;
-	isc_stdtime_t	pub = 0, act = 0, rev = 0, inact = 0, del = 0;
-	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
-	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE, setttl = ISC_FALSE;
-	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
-	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
-	isc_boolean_t	unsetdel = ISC_FALSE;
-	isc_boolean_t	printcreate = ISC_FALSE, printpub = ISC_FALSE;
-	isc_boolean_t	printact = ISC_FALSE,  printrev = ISC_FALSE;
-	isc_boolean_t	printinact = ISC_FALSE, printdel = ISC_FALSE;
-	isc_boolean_t	force = ISC_FALSE;
-	isc_boolean_t   epoch = ISC_FALSE;
-	isc_boolean_t   changed = ISC_FALSE;
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("Out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	isc_stdtime_get(&now);
-
-#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
-	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-		switch (ch) {
-		case 'E':
-			engine = isc_commandline_argument;
-			break;
-		case 'f':
-			force = ISC_TRUE;
-			break;
-		case 'p':
-			p = isc_commandline_argument;
-			if (!strcasecmp(p, "all")) {
-				printcreate = ISC_TRUE;
-				printpub = ISC_TRUE;
-				printact = ISC_TRUE;
-				printrev = ISC_TRUE;
-				printinact = ISC_TRUE;
-				printdel = ISC_TRUE;
-				break;
-			}
-
-			do {
-				switch (*p++) {
-				case 'C':
-					printcreate = ISC_TRUE;
-					break;
-				case 'P':
-					printpub = ISC_TRUE;
-					break;
-				case 'A':
-					printact = ISC_TRUE;
-					break;
-				case 'R':
-					printrev = ISC_TRUE;
-					break;
-				case 'I':
-					printinact = ISC_TRUE;
-					break;
-				case 'D':
-					printdel = ISC_TRUE;
-					break;
-				case ' ':
-					break;
-				default:
-					usage();
-					break;
-				}
-			} while (*p != '\0');
-			break;
-		case 'u':
-			epoch = ISC_TRUE;
-			break;
-		case 'K':
-			/*
-			 * We don't have to copy it here, but do it to
-			 * simplify cleanup later
-			 */
-			directory = isc_mem_strdup(mctx,
-						   isc_commandline_argument);
-			if (directory == NULL) {
-				fatal("Failed to allocate memory for "
-				      "directory");
-			}
-			break;
-		case 'L':
-			if (strcmp(isc_commandline_argument, "none") == 0)
-				ttl = 0;
-			else
-				ttl = strtottl(isc_commandline_argument);
-			setttl = ISC_TRUE;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'P':
-			if (setpub || unsetpub)
-				fatal("-P specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetpub = ISC_TRUE;
-			} else {
-				setpub = ISC_TRUE;
-				pub = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'A':
-			if (setact || unsetact)
-				fatal("-A specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetact = ISC_TRUE;
-			} else {
-				setact = ISC_TRUE;
-				act = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'R':
-			if (setrev || unsetrev)
-				fatal("-R specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetrev = ISC_TRUE;
-			} else {
-				setrev = ISC_TRUE;
-				rev = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'I':
-			if (setinact || unsetinact)
-				fatal("-I specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetinact = ISC_TRUE;
-			} else {
-				setinact = ISC_TRUE;
-				inact = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'D':
-			if (setdel || unsetdel)
-				fatal("-D specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetdel = ISC_TRUE;
-			} else {
-				setdel = ISC_TRUE;
-				del = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'S':
-			predecessor = isc_commandline_argument;
-			break;
-		case 'i':
-			prepub = strtottl(isc_commandline_argument);
-			break;
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL)
-		fatal("The key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("Extraneous arguments");
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize hash");
-	result = dst_lib_init2(mctx, ectx, engine,
-			       ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	if (predecessor != NULL) {
-		char keystr[DST_KEY_FORMATSIZE];
-		isc_stdtime_t when;
-		int major, minor;
-
-		if (prepub == -1)
-			prepub = (30 * 86400);
-
-		if (setpub || unsetpub)
-			fatal("-S and -P cannot be used together");
-		if (setact || unsetact)
-			fatal("-S and -A cannot be used together");
-
-		result = dst_key_fromnamedfile(predecessor, directory,
-					       DST_TYPE_PUBLIC |
-					       DST_TYPE_PRIVATE,
-					       mctx, &prevkey);
-		if (result != ISC_R_SUCCESS)
-			fatal("Invalid keyfile %s: %s",
-			      filename, isc_result_totext(result));
-		if (!dst_key_isprivate(prevkey))
-			fatal("%s is not a private key", filename);
-
-		name = dst_key_name(prevkey);
-		alg = dst_key_alg(prevkey);
-		size = dst_key_size(prevkey);
-		flags = dst_key_flags(prevkey);
-
-		dst_key_format(prevkey, keystr, sizeof(keystr));
-		dst_key_getprivateformat(prevkey, &major, &minor);
-		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
-			fatal("Predecessor has incompatible format "
-			      "version %d.%d\n\t", major, minor);
-
-		result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
-		if (result != ISC_R_SUCCESS)
-			fatal("Predecessor has no activation date. "
-			      "You must set one before\n\t"
-			      "generating a successor.");
-
-		result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
-		if (result != ISC_R_SUCCESS)
-			fatal("Predecessor has no inactivation date. "
-			      "You must set one before\n\t"
-			      "generating a successor.");
-
-		pub = act - prepub;
-		if (pub < now && prepub != 0)
-			fatal("Predecessor will become inactive before the\n\t"
-			      "prepublication period ends.  Either change "
-			      "its inactivation date,\n\t"
-			      "or use the -i option to set a shorter "
-			      "prepublication interval.");
-
-		result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
-		if (result != ISC_R_SUCCESS)
-			fprintf(stderr, "%s: WARNING: Predecessor has no "
-					"removal date;\n\t"
-					"it will remain in the zone "
-					"indefinitely after rollover.\n",
-					program);
-
-		changed = setpub = setact = ISC_TRUE;
-		dst_key_free(&prevkey);
-	} else {
-		if (prepub < 0)
-			prepub = 0;
-
-		if (prepub > 0) {
-			if (setpub && setact && (act - prepub) < pub)
-				fatal("Activation and publication dates "
-				      "are closer together than the\n\t"
-				      "prepublication interval.");
-
-			if (setpub && !setact) {
-				setact = ISC_TRUE;
-				act = pub + prepub;
-			} else if (setact && !setpub) {
-				setpub = ISC_TRUE;
-				pub = act - prepub;
-			}
-
-			if ((act - prepub) < now)
-				fatal("Time until activation is shorter "
-				      "than the\n\tprepublication interval.");
-		}
-	}
-
-	if (directory != NULL) {
-		filename = argv[isc_commandline_index];
-	} else {
-		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
-					    &directory, &filename);
-		if (result != ISC_R_SUCCESS)
-			fatal("cannot process filename %s: %s",
-			      argv[isc_commandline_index],
-			      isc_result_totext(result));
-	}
-
-	result = dst_key_fromnamedfile(filename, directory,
-				       DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("Invalid keyfile %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (!dst_key_isprivate(key))
-		fatal("%s is not a private key", filename);
-
-	dst_key_format(key, keystr, sizeof(keystr));
-
-	if (predecessor != NULL) {
-		if (!dns_name_equal(name, dst_key_name(key)))
-			fatal("Key name mismatch");
-		if (alg != dst_key_alg(key))
-			fatal("Key algorithm mismatch");
-		if (size != dst_key_size(key))
-			fatal("Key size mismatch");
-		if (flags != dst_key_flags(key))
-			fatal("Key flags mismatch");
-	}
-
-	if (force)
-		set_keyversion(key);
-	else
-		check_keyversion(key, keystr);
-
-	if (verbose > 2)
-		fprintf(stderr, "%s: %s\n", program, keystr);
-
-	/*
-	 * Set time values.
-	 */
-	if (setpub)
-		dst_key_settime(key, DST_TIME_PUBLISH, pub);
-	else if (unsetpub)
-		dst_key_unsettime(key, DST_TIME_PUBLISH);
-
-	if (setact)
-		dst_key_settime(key, DST_TIME_ACTIVATE, act);
-	else if (unsetact)
-		dst_key_unsettime(key, DST_TIME_ACTIVATE);
-
-	if (setrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
-			fprintf(stderr, "%s: warning: Key %s is already "
-					"revoked; changing the revocation date "
-					"will not affect this.\n",
-					program, keystr);
-		if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0)
-			fprintf(stderr, "%s: warning: Key %s is not flagged as "
-					"a KSK, but -R was used.  Revoking a "
-					"ZSK is legal, but undefined.\n",
-					program, keystr);
-		dst_key_settime(key, DST_TIME_REVOKE, rev);
-	} else if (unsetrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
-			fprintf(stderr, "%s: warning: Key %s is already "
-					"revoked; removing the revocation date "
-					"will not affect this.\n",
-					program, keystr);
-		dst_key_unsettime(key, DST_TIME_REVOKE);
-	}
-
-	if (setinact)
-		dst_key_settime(key, DST_TIME_INACTIVE, inact);
-	else if (unsetinact)
-		dst_key_unsettime(key, DST_TIME_INACTIVE);
-
-	if (setdel)
-		dst_key_settime(key, DST_TIME_DELETE, del);
-	else if (unsetdel)
-		dst_key_unsettime(key, DST_TIME_DELETE);
-
-	if (setttl)
-		dst_key_setttl(key, ttl);
-
-	/*
-	 * No metadata changes were made but we're forcing an upgrade
-	 * to the new format anyway: use "-P now -A now" as the default
-	 */
-	if (force && !changed) {
-		dst_key_settime(key, DST_TIME_PUBLISH, now);
-		dst_key_settime(key, DST_TIME_ACTIVATE, now);
-		changed = ISC_TRUE;
-	}
-
-	if (!changed && setttl)
-		changed = ISC_TRUE;
-
-	/*
-	 * Print out time values, if -p was used.
-	 */
-	if (printcreate)
-		printtime(key, DST_TIME_CREATED, "Created", epoch, stdout);
-
-	if (printpub)
-		printtime(key, DST_TIME_PUBLISH, "Publish", epoch, stdout);
-
-	if (printact)
-		printtime(key, DST_TIME_ACTIVATE, "Activate", epoch, stdout);
-
-	if (printrev)
-		printtime(key, DST_TIME_REVOKE, "Revoke", epoch, stdout);
-
-	if (printinact)
-		printtime(key, DST_TIME_INACTIVE, "Inactive", epoch, stdout);
-
-	if (printdel)
-		printtime(key, DST_TIME_DELETE, "Delete", epoch, stdout);
-
-	if (changed) {
-		isc_buffer_init(&buf, newname, sizeof(newname));
-		result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory,
-					       &buf);
-		if (result != ISC_R_SUCCESS) {
-			fatal("Failed to build public key filename: %s",
-			      isc_result_totext(result));
-		}
-
-		result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-					directory);
-		if (result != ISC_R_SUCCESS) {
-			dst_key_format(key, keystr, sizeof(keystr));
-			fatal("Failed to write key %s: %s", keystr,
-			      isc_result_totext(result));
-		}
-
-		printf("%s\n", newname);
-
-		isc_buffer_clear(&buf);
-		result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory,
-					       &buf);
-		if (result != ISC_R_SUCCESS) {
-			fatal("Failed to build private key filename: %s",
-			      isc_result_totext(result));
-		}
-		printf("%s\n", newname);
-	}
-
-	dst_key_free(&key);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_free(mctx, directory);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-settime.docbook

@@ -1,338 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
-<refentry id="man.dnssec-settime">
-  <refentryinfo>
-    <date>July 15, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-settime</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-settime</application></refname>
-    <refpurpose>Set the key timing metadata for a DNSSEC key</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-settime</command>
-      <arg><option>-f</option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-settime</command>
-      reads a DNSSEC private key file and sets the key timing metadata
-      as specified by the <option>-P</option>, <option>-A</option>,
-      <option>-R</option>, <option>-I</option>, and <option>-D</option>
-      options.  The metadata can then be used by
-      <command>dnssec-signzone</command> or other signing software to
-      determine when a key is to be published, whether it should be
-      used for signing a zone, etc.
-    </para>
-    <para>
-      If none of these options is set on the command line,
-      then <command>dnssec-settime</command> simply prints the key timing
-      metadata already stored in the key.
-    </para>
-    <para>
-      When key metadata fields are changed, both files of a key
-      pair (<filename>Knnnn.+aaa+iiiii.key</filename> and
-      <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated.
-      Metadata fields are stored in the private file.  A human-readable
-      description of the metadata is also placed in comments in the key
-      file.  The private file's permissions are always set to be
-      inaccessible to anyone other than the owner (mode 0600).
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-f</term>
-        <listitem>
-	  <para>
-	    Force an update of an old-format key with no metadata fields.
-            Without this option, <command>dnssec-settime</command> will
-            fail when attempting to update a legacy key.  With this option,
-            the key will be recreated in the new format, but with the
-            original key data retained.  The key's creation date will be
-            set to the present time.  If no other values are specified, 
-            then the key's publication and activation dates will also 
-            be set to the present time.
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to reside.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-L <replaceable class="parameter">ttl</replaceable></term>
-        <listitem>
-          <para>
-            Sets the default TTL to use for this key when it is converted
-            into a DNSKEY RR.  If the key is imported into a zone,
-            this is the TTL that will be used for it, unless there was
-            already a DNSKEY RRset in place, in which case the existing TTL
-            would take precedence.  Setting the default TTL to
-            <literal>0</literal> or <literal>none</literal> removes it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-        <listitem>
-	  <para>
-	    Emit usage message and exit.
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.  To unset a date, use 'none'.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-S <replaceable class="parameter">predecessor key</replaceable></term>
-        <listitem>
-          <para>
-            Select a key for which the key being modified will be an
-            explicit successor.  The name, algorithm, size, and type of the
-            predecessor key must exactly match those of the key being
-            modified.  The activation date of the successor key will be set
-            to the inactivation date of the predecessor.  The publication
-            date will be set to the activation date minus the prepublication
-            interval, which defaults to 30 days.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">interval</replaceable></term>
-        <listitem>
-          <para>
-            Sets the prepublication interval for a key.  If set, then
-            the publication and activation dates must be separated by at least
-            this much time.  If the activation date is specified but the
-            publication date isn't, then the publication date will default
-            to this much time before the activation date; conversely, if
-            the publication date is specified but activation date isn't,
-            then activation will be set to this much time after publication.
-          </para>
-          <para>
-            If the key is being set to be an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
-            otherwise it is zero.
-          </para>
-          <para>
-            As with date offsets, if the argument is followed by one of
-            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
-            interval is measured in years, months, weeks, days, hours,
-            or minutes, respectively.  Without a suffix, the interval is
-            measured in seconds.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>PRINTING OPTIONS</title>
-    <para>
-      <command>dnssec-settime</command> can also be used to print the
-      timing metadata associated with a key.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-	<term>-u</term>
-        <listitem>
-	  <para>
-	    Print times in UNIX epoch format.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">C/P/A/R/I/D/all</replaceable></term>
-        <listitem>
-	  <para>
-	    Print a specific metadata value or set of metadata values.
-            The <option>-p</option> option may be followed by one or more
-            of the following letters to indicate which value or values to print:
-            <option>C</option> for the creation date,
-            <option>P</option> for the publication date,
-            <option>A</option> for the activation date,
-            <option>R</option> for the revocation date,
-            <option>I</option> for the inactivation date, or
-            <option>D</option> for the deletion date.
-            To print all of the metadata, use <option>-p all</option>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 5011</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->