9.1.1-P3

is not used.

1480.   [bug]           Provide replay protection for rndc commands.

CHANGES

@@ -1,4 +1,51 @@
 
+	--- 9.1.1-P3 released ---
+
+2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
+
+	--- 9.1.1-P2 released ---
+
+1499.	[bug]		isc_random need to be seeded better if arc4random()
+			is not used.
+
+1480.	[bug]		Provide replay protection for rndc commands.
+
+	--- 9.1.1-P1 released ---
+
+1243.	[bug]		It was possible to trigger a REQUIRE() in
+			dns_message_findtype(). [RT #2659]
+
+	--- 9.1.1 released ---
+
+	--- 9.1.1rc7 released ---
+
+ 791.	[bug]		The control channel did not work over IPv6.
+
+ 790.	[bug]		Wildcards created using dynamic update or IXFR
+			could fail to match. [RT #1111]
+
+ 787.	[bug]		The DNSSEC tools failed to downcase domain
+			names when mapping them into file names.
+
+ 786.	[bug]		When DNSSEC signing/verifying data, owner names were
+			not properly downcased.
+
+	--- 9.1.1rc6 released ---
+
+ 785.	[bug]		A race condition in the resolver could cause
+			an assertion failure. [RT #673, #872, #1048]
+
+ 784.	[bug]		nsupdate and other programs would not quit properly
+			if some signals were blocked by the caller. [RT #1081]
+
+ 783.	[bug]		Following CNAMEs could cause an assertion failure
+			when either using an sdb database or under very
+			rare conditions.
+
+ 780.	[bug]		Error handling code dealing with out of memory or
+			other rare errors could lead to assertion failures
+			by calling functions on unitialized names. [RT #1065]
+
 	--- 9.1.1rc5 released ---
 
  778.	[bug]		When starting cache cleaning, cleaning_timer_action()

FAQ

@@ -134,3 +134,11 @@ is rejecting the TSIG.  Why?
 
 A: This may be a clock skew problem.  Check that the the clocks on
 the client and server are properly synchronized (e.g., using ntp).
+
+
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not
+being found.  Why?
+
+A: Using a parallel or distributed "make" to build BIND 9 is not
+supported, and doesn't work.  If you are using one of these, use
+normal make or gmake instead.

README

@@ -45,11 +45,10 @@ BIND 9
 
 
 
-BIND 9.1.1rc5
+BIND 9.1.1
 
-	BIND 9.1.1rc5 is a release candidate for BIND 9.1.1.
-	It contains fixes for a number of bugs in BIND 9.1.1rc4
-	but no new features.
+	BIND 9.1.1 is a maintenance release, containing fixes for
+	a number of bugs in BIND 9.1.0 but no new features.
 
 	Features introduced in 9.1.0 included:
 

bin/dig/nslookup.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.69.2.4 2001/03/14 01:25:38 bwelling Exp $ */
+/* $Id: nslookup.c,v 1.69.2.5 2001/03/16 22:14:00 bwelling Exp $ */
 
 #include <config.h>
 
@@ -132,7 +132,7 @@ static const char *rtypetext[] = {
 	"key = ",			/* 25 */
 	"px = ",			/* 26 */
 	"gpos = ",			/* 27 */
-	"has AAAA address",		/* 28 */
+	"has AAAA address ",		/* 28 */
 	"loc = ",			/* 29 */
 	"next = ",			/* 30 */
 	"rtype_31 = ",			/* 31 */

bin/dnssec/dnssec-makekeyset.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-makekeyset.c,v 1.45.4.1 2001/01/09 22:31:32 bwelling Exp $ */
+/* $Id: dnssec-makekeyset.c,v 1.45.4.2 2001/03/26 19:11:53 gson Exp $ */
 
 #include <config.h>
 
@@ -220,6 +220,7 @@ main(int argc, char *argv[]) {
 
 	for (i = 0; i < argc; i++) {
 		char namestr[DNS_NAME_FORMATSIZE];
+		dns_fixedname_t fname;
 		isc_buffer_t namebuf;
 
 		key = NULL;
@@ -231,7 +232,12 @@ main(int argc, char *argv[]) {
 			rdatalist.rdclass = dst_key_class(key);
 
 		isc_buffer_init(&namebuf, namestr, sizeof namestr);
-		result = dns_name_totext(dst_key_name(key), ISC_FALSE,
+		dns_fixedname_init(&fname);
+		dns_name_downcase(dst_key_name(key),
+				  dns_fixedname_name(&fname),
+				  NULL);
+		result = dns_name_totext(dns_fixedname_name(&fname),
+					 ISC_FALSE,
 					 &namebuf);
 		check_result(result, "dns_name_totext");
 		isc_buffer_putuint8(&namebuf, 0);

bin/dnssec/dnssec-signkey.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signkey.c,v 1.45.2.1 2001/01/09 22:31:33 bwelling Exp $ */
+/* $Id: dnssec-signkey.c,v 1.45.2.2 2001/03/26 19:11:55 gson Exp $ */
 
 #include <config.h>
 
@@ -262,7 +262,7 @@ main(int argc, char *argv[]) {
 	isc_buffer_init(&b, argv[0] + strlen("keyset-"),
 			strlen(argv[0]) - strlen("keyset-"));
 	isc_buffer_add(&b, strlen(argv[0]) - strlen("keyset-"));
-	result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL);
+	result = dns_name_fromtext(domain, &b, dns_rootname, ISC_TRUE, NULL);
 	if (result != ISC_R_SUCCESS)
 		fatal("'%s' does not contain a valid domain name", argv[0]);
 	isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);

bin/dnssec/dnssec-signzone.c

@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.126.2.2 2001/01/12 23:44:02 gson Exp $ */
+/* $Id: dnssec-signzone.c,v 1.126.2.3 2001/03/26 19:11:56 gson Exp $ */
 
 #include <config.h>
 
@@ -505,6 +505,7 @@ static void
 opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
        dns_db_t **dbp)
 {
+	dns_fixedname_t fname;
 	char filename[256];
 	isc_buffer_t b;
 	isc_result_t result;
@@ -516,7 +517,9 @@ opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
 			isc_buffer_putstr(&b, "/");
 	}
 	isc_buffer_putstr(&b, prefix);
-	result = dns_name_totext(name, ISC_FALSE, &b);
+	dns_fixedname_init(&fname);
+	(void)dns_name_downcase(name, dns_fixedname_name(&fname), NULL);
+	result = dns_name_totext(dns_fixedname_name(&fname), ISC_FALSE, &b);
 	check_result(result, "dns_name_totext()");
 	if (isc_buffer_availablelength(&b) == 0) {
 		char namestr[DNS_NAME_FORMATSIZE];

bin/named/query.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.163.2.3 2001/03/06 01:28:42 bwelling Exp $ */
+/* $Id: query.c,v 1.163.2.4 2001/03/20 18:50:39 gson Exp $ */
 
 #include <config.h>
 
@@ -2904,7 +2904,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event) {
 		if (result != ISC_R_SUCCESS)
 			goto cleanup;
 		dns_name_init(tname, NULL);
-		dns_name_clone(&cname.cname, tname);
+		result = dns_name_dup(&cname.cname, client->mctx, tname);
+		if (result != ISC_R_SUCCESS) {
+			dns_message_puttempname(client->message, &tname);
+			dns_rdata_freestruct(&cname);
+			goto cleanup;
+		}
 		dns_rdata_freestruct(&cname);
 		query_maybeputqname(client);
 		client->query.qname = tname;

bin/rndc/rndc.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.37.2.1 2001/01/09 22:32:56 bwelling Exp $ */
+/* $Id: rndc.c,v 1.37.2.2 2001/03/27 02:06:28 bwelling Exp $ */
 
 /*
  * Principal Author: DCL
@@ -40,6 +40,8 @@
 
 #include <dst/dst.h>
 
+#include <omapi/result.h>
+
 #include <named/omapi.h>
 
 static const char *progname;
@@ -323,6 +325,7 @@ main(int argc, char **argv) {
 	else
 		progname = *argv;
 
+	omapi_result_register();
 	dns_result_register();
 
 	while ((ch = isc_commandline_parse(argc, argv, "c:Mmp:s:Vy:"))

doc/arm/Bv9ARM-book.xml

@@ -2,7 +2,7 @@
 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
                "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
 
-<!-- File: $Id: Bv9ARM-book.xml,v 1.72.2.14 2001/03/07 18:51:32 gson Exp $ -->
+<!-- File: $Id: Bv9ARM-book.xml,v 1.72.2.15 2001/03/19 20:26:20 gson Exp $ -->
 
 <book>
 
@@ -3318,20 +3318,18 @@ is preferred least of all.</para>
 <note><simpara>The <command>topology</command> option
 is not yet implemented in <acronym>BIND</acronym> 9.</simpara></note>
       </sect3>
-      <sect3 id="the_sortlist_statement">
-        <title>The <command>sortlist</command> Statement</title>
-<para>Resource Records (RRs) are the data associated with the names
-in a  domain name space. The data is maintained in the form of sets
-of RRs. The order of RRs in a set is, by default, not significant.
-Therefore, to control the sorting of records in a set of resource
-records, or <varname>RRset</varname>, you must use the <command>sortlist</command> statement.</para>
-        <para>RRs are explained more fully in <xref
-                                                    linkend="types_of_resource_records_and_when_to_use_them"/>. Specifications for RRs
-are documented in RFC 1035.</para>
-<para>When returning multiple RRs the nameserver will normally return
-them in <varname>Round Robin</varname> order,
-that is, after each request the first RR is put at the end of the
-list. The client resolver code should rearrange the RRs as appropriate,
+
+<sect3 id="the_sortlist_statement">
+
+<title>The <command>sortlist</command> Statement</title>
+
+<para>The response to a DNS query may consist of multiple resource
+records (RRs) forming a resource records set (RRset).
+The name server will normally return the
+RRs within the RRset in an indeterminate order
+(but see the <command>rrset-order</command>
+statement in <xref linkend="rrset_ordering"/>).
+The client resolver code should rearrange the RRs as appropriate,
 that is, using any addresses on the local net in preference to other addresses.
 However, not all resolvers can do this or are correctly configured.
 When a client is using a local server the sorting can be performed
@@ -3401,13 +3399,12 @@ to other queries will not be sorted.</para>
 <sect3 id="rrset_ordering"><title id="rrset_ordering_title">RRset Ordering</title>
 <para>When multiple records are returned in an answer it may be
 useful to configure the order of the records placed into the response.
-For example, the records for a zone might be configured always to
-be returned in the order they are defined in the zone file. Or perhaps
-a random shuffle of the records as they are returned is wanted.
 The <command>rrset-order</command> statement permits configuration
-of the ordering made of the records in a multiple record response.
-The default, if no ordering is defined, is a cyclic ordering (round
-robin).</para>
+of the ordering of the records in a multiple record response.
+See also the <command>sortlist</command> statement,
+<xref linkend="the_sortlist_statement"/>.
+</para>
+
 <para>An <command>order_spec</command> is defined as follows:</para>
 <programlisting><optional> class <replaceable>class_name</replaceable> </optional><optional> type <replaceable>type_name</replaceable> </optional><optional> name <replaceable>"domain_name"</replaceable></optional>
       order <replaceable>ordering</replaceable>
@@ -3447,14 +3444,21 @@ order.</para></entry>
 have "<systemitem class="systemname">host.example.com</systemitem>" as a suffix, to always be returned
 in random order. All other records are returned in cyclic order.</para>
 <para>If multiple <command>rrset-order</command> statements appear,
-they are not combined-the last one applies.</para>
+they are not combined &mdash; the last one applies.</para>
 <para>If no <command>rrset-order</command> statement is specified,
 then a default one of:
 <programlisting>rrset-order { class ANY type ANY name "*" order cyclic ; };
 </programlisting>
 is used.</para>
-<note><simpara>The <command>rrset-order</command> statement
-is not yet implemented in <acronym>BIND</acronym> 9.</simpara></note>
+
+<note>
+<simpara>The <command>rrset-order</command> statement
+is not yet implemented in <acronym>BIND</acronym> 9.
+BIND 9 currently supports only a "random-cyclic" ordering,
+where the server randomly chooses a starting point within
+the RRset and returns the records in order starting at
+that point, wrapping around the end of the RRset if 
+necessary.</simpara></note>
 </sect3>
 <sect3 id="tuning"><title>Tuning</title>
 <informaltable colsep = "0" rowsep = "0"><tgroup cols = "2"

doc/arm/Bv9ARM.ch06.html

@@ -90,7 +90,7 @@ HREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
 ></DT
 ><DT
 >6.3. <A
-HREF="Bv9ARM.ch06.html#AEN3422"
+HREF="Bv9ARM.ch06.html#AEN3420"
 >Zone File</A
 ></DT
 ></DL
@@ -6288,31 +6288,19 @@ CLASS="command"
 > Statement</A
 ></H3
 ><P
->Resource Records (RRs) are the data associated with the names
-in a  domain name space. The data is maintained in the form of sets
-of RRs. The order of RRs in a set is, by default, not significant.
-Therefore, to control the sorting of records in a set of resource
-records, or <TT
-CLASS="varname"
->RRset</TT
->, you must use the <B
+>The response to a DNS query may consist of multiple resource
+records (RRs) forming a resource records set (RRset).
+The name server will normally return the
+RRs within the RRset in an indeterminate order
+(but see the <B
 CLASS="command"
->sortlist</B
-> statement.</P
-><P
->RRs are explained more fully in <A
-HREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
->Section 6.3.1</A
->. Specifications for RRs
-are documented in RFC 1035.</P
-><P
->When returning multiple RRs the nameserver will normally return
-them in <TT
-CLASS="varname"
->Round Robin</TT
-> order,
-that is, after each request the first RR is put at the end of the
-list. The client resolver code should rearrange the RRs as appropriate,
+>rrset-order</B
+>
+statement in <A
+HREF="Bv9ARM.ch06.html#rrset_ordering"
+>Section 6.2.14.11</A
+>).
+The client resolver code should rearrange the RRs as appropriate,
 that is, using any addresses on the local net in preference to other addresses.
 However, not all resolvers can do this or are correctly configured.
 When a client is using a local server the sorting can be performed
@@ -6427,16 +6415,20 @@ NAME="rrset_ordering"
 ><P
 >When multiple records are returned in an answer it may be
 useful to configure the order of the records placed into the response.
-For example, the records for a zone might be configured always to
-be returned in the order they are defined in the zone file. Or perhaps
-a random shuffle of the records as they are returned is wanted.
 The <B
 CLASS="command"
 >rrset-order</B
 > statement permits configuration
-of the ordering made of the records in a multiple record response.
-The default, if no ordering is defined, is a cyclic ordering (round
-robin).</P
+of the ordering of the records in a multiple record response.
+See also the <B
+CLASS="command"
+>sortlist</B
+> statement,
+<A
+HREF="Bv9ARM.ch06.html#the_sortlist_statement"
+>Section 6.2.14.10</A
+>.
+</P
 ><P
 >An <B
 CLASS="command"
@@ -6497,7 +6489,7 @@ CLASS="command"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN2699"
+NAME="AEN2697"
 ></A
 ><P
 ></P
@@ -6591,7 +6583,7 @@ in random order. All other records are returned in cyclic order.</P
 CLASS="command"
 >rrset-order</B
 > statements appear,
-they are not combined-the last one applies.</P
+they are not combined &#8212; the last one applies.</P
 ><P
 >If no <B
 CLASS="command"
@@ -6618,7 +6610,12 @@ CLASS="command"
 is not yet implemented in <SPAN
 CLASS="acronym"
 >BIND</SPAN
-> 9.</P
+> 9.
+BIND 9 currently supports only a "random-cyclic" ordering,
+where the server randomly chooses a starting point within
+the RRset and returns the records in order starting at
+that point, wrapping around the end of the RRset if 
+necessary.</P
 ></BLOCKQUOTE
 ></DIV
 ></DIV
@@ -6633,7 +6630,7 @@ NAME="tuning"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN2737"
+NAME="AEN2735"
 ></A
 ><P
 ></P
@@ -6855,7 +6852,7 @@ number is identical to the number in the beginning line.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN2795"
+NAME="AEN2793"
 ></A
 ><P
 ></P
@@ -7244,7 +7241,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN2898"
+NAME="AEN2896"
 >6.2.17. <B
 CLASS="command"
 >trusted-keys</B
@@ -7319,7 +7316,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN2914"
+NAME="AEN2912"
 >6.2.18. <B
 CLASS="command"
 >trusted-keys</B
@@ -7354,7 +7351,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN2922"
+NAME="AEN2920"
 >6.2.19. <B
 CLASS="command"
 >view</B
@@ -7417,7 +7414,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN2936"
+NAME="AEN2934"
 >6.2.20. <B
 CLASS="command"
 >view</B
@@ -8000,7 +7997,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3073"
+NAME="AEN3071"
 >6.2.22. <B
 CLASS="command"
 >zone</B
@@ -8011,13 +8008,13 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3076"
+NAME="AEN3074"
 >6.2.22.1. Zone Types</A
 ></H3
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3078"
+NAME="AEN3076"
 ></A
 ><P
 ></P
@@ -8255,7 +8252,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3133"
+NAME="AEN3131"
 >6.2.22.2. Class</A
 ></H3
 ><P
@@ -8311,13 +8308,13 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3148"
+NAME="AEN3146"
 >6.2.22.3. Zone Options</A
 ></H3
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3150"
+NAME="AEN3148"
 ></A
 ><P
 ></P
@@ -9180,7 +9177,7 @@ CLASS="varname"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3392"
+NAME="AEN3390"
 ></A
 ><P
 ></P
@@ -9287,7 +9284,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN3422"
+NAME="AEN3420"
 >6.3. Zone File</A
 ></H1
 ><DIV
@@ -9308,7 +9305,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3427"
+NAME="AEN3425"
 >6.3.1.1. Resource Records</A
 ></H3
 ><P
@@ -9331,7 +9328,7 @@ HREF="Bv9ARM.ch06.html#rrset_ordering"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3433"
+NAME="AEN3431"
 ></A
 ><P
 ></P
@@ -9442,7 +9439,7 @@ or historical (h) and no longer in general use):</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3465"
+NAME="AEN3463"
 ></A
 ><P
 ></P
@@ -9819,7 +9816,7 @@ are currently valid in the DNS:</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3577"
+NAME="AEN3575"
 ></A
 ><P
 ></P
@@ -9871,7 +9868,7 @@ data that describes the resource:</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3593"
+NAME="AEN3591"
 ></A
 ><P
 ></P
@@ -10048,7 +10045,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3641"
+NAME="AEN3639"
 >6.3.1.2. Textual expression of RRs</A
 ></H3
 ><P
@@ -10078,7 +10075,7 @@ knowledge of the typical representation for the data.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3648"
+NAME="AEN3646"
 ></A
 ><P
 ></P
@@ -10287,7 +10284,7 @@ domain names.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3714"
+NAME="AEN3712"
 ></A
 ><P
 ></P
@@ -10378,7 +10375,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3742"
+NAME="AEN3740"
 >6.3.2. Discussion of MX Records</A
 ></H2
 ><P
@@ -10411,7 +10408,7 @@ pointed to by the CNAME.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3748"
+NAME="AEN3746"
 ></A
 ><P
 ></P
@@ -10706,7 +10703,7 @@ used in a zone file.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3840"
+NAME="AEN3838"
 ></A
 ><P
 ></P
@@ -10789,7 +10786,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3863"
+NAME="AEN3861"
 >6.3.4. Inverse Mapping in IPv4</A
 ></H2
 ><P
@@ -10813,7 +10810,7 @@ CLASS="optional"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3868"
+NAME="AEN3866"
 ></A
 ><P
 ></P
@@ -10893,7 +10890,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3890"
+NAME="AEN3888"
 >6.3.5. Other Zone File Directives</A
 ></H2
 ><P
@@ -10918,7 +10915,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3897"
+NAME="AEN3895"
 >6.3.5.1. The <B
 CLASS="command"
 >$ORIGIN</B
@@ -10988,7 +10985,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3917"
+NAME="AEN3915"
 >6.3.5.2. The <B
 CLASS="command"
 >$INCLUDE</B
@@ -11070,7 +11067,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3937"
+NAME="AEN3935"
 >6.3.5.3. The <B
 CLASS="command"
 >$TTL</B
@@ -11110,7 +11107,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3948"
+NAME="AEN3946"
 >6.3.6. <SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -11189,7 +11186,7 @@ CLASS="literal"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3968"
+NAME="AEN3966"
 ></A
 ><P
 ></P

doc/arm/Bv9ARM.ch07.html

@@ -85,7 +85,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
 ></DT
 ><DT
 >7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4040"
+HREF="Bv9ARM.ch07.html#AEN4038"
 ><B
 CLASS="command"
 >chroot</B
@@ -187,7 +187,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4040"
+NAME="AEN4038"
 >7.2. <B
 CLASS="command"
 >chroot</B
@@ -266,7 +266,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4063"
+NAME="AEN4061"
 >7.2.1. The <B
 CLASS="command"
 >chroot</B
@@ -322,7 +322,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4078"
+NAME="AEN4076"
 >7.2.2. Using the <B
 CLASS="command"
 >setuid</B

doc/arm/Bv9ARM.ch08.html

@@ -77,17 +77,17 @@ CLASS="TOC"
 ></DT
 ><DT
 >8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4098"
+HREF="Bv9ARM.ch08.html#AEN4096"
 >Common Problems</A
 ></DT
 ><DT
 >8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4104"
+HREF="Bv9ARM.ch08.html#AEN4102"
 >Incrementing and Changing the Serial Number</A
 ></DT
 ><DT
 >8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4109"
+HREF="Bv9ARM.ch08.html#AEN4107"
 >Where Can I Get Help?</A
 ></DT
 ></DL
@@ -97,7 +97,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4098"
+NAME="AEN4096"
 >8.1. Common Problems</A
 ></H1
 ><DIV
@@ -105,7 +105,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4100"
+NAME="AEN4098"
 >8.1.1. It's not working; how can I figure out what's wrong?</A
 ></H2
 ><P
@@ -125,7 +125,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4104"
+NAME="AEN4102"
 >8.2. Incrementing and Changing the Serial Number</A
 ></H1
 ><P
@@ -154,7 +154,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4109"
+NAME="AEN4107"
 >8.3. Where Can I Get Help?</A
 ></H1
 ><P

doc/arm/Bv9ARM.ch09.html

@@ -71,7 +71,7 @@ CLASS="TOC"
 ></DT
 ><DT
 >A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4125"
+HREF="Bv9ARM.ch09.html#AEN4123"
 >Acknowledgements</A
 ></DT
 ><DT
@@ -84,7 +84,7 @@ CLASS="acronym"
 ></DT
 ><DT
 >A.3. <A
-HREF="Bv9ARM.ch09.html#AEN4166"
+HREF="Bv9ARM.ch09.html#AEN4164"
 >General <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -102,7 +102,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4125"
+NAME="AEN4123"
 >A.1. Acknowledgements</A
 ></H1
 ><DIV
@@ -110,7 +110,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4127"
+NAME="AEN4125"
 >A.1.1. A Brief History of the <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -245,7 +245,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4157"
+NAME="AEN4155"
 >A.2.1.1. HS = hesiod</A
 ></H3
 ><P
@@ -266,7 +266,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4162"
+NAME="AEN4160"
 >A.2.1.2. CH = chaos</A
 ></H3
 ><P
@@ -284,7 +284,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4166"
+NAME="AEN4164"
 >A.3. General <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -323,7 +323,7 @@ Unicast address scheme. For more information, see RFC 2374.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4177"
+NAME="AEN4175"
 ></A
 ><P
 ></P
@@ -542,7 +542,7 @@ VALIGN="MIDDLE"
 <DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4246"
+NAME="AEN4244"
 ></A
 ><P
 ></P
@@ -725,7 +725,7 @@ unicast address consists of:</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4301"
+NAME="AEN4299"
 ></A
 ><P
 ></P
@@ -883,19 +883,19 @@ TARGET="_top"
 >.</P
 ><H3
 ><A
-NAME="AEN4345"
+NAME="AEN4343"
 >Bibliography</A
 ></H3
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4346"
+NAME="AEN4344"
 >Standards</A
 ></H1
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4348"
+NAME="AEN4346"
 ></A
 ><P
 >[RFC974]&nbsp;<SPAN
@@ -912,7 +912,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4355"
+NAME="AEN4353"
 ></A
 ><P
 >[RFC1034]&nbsp;<SPAN
@@ -929,7 +929,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4362"
+NAME="AEN4360"
 ></A
 ><P
 >[RFC1035]&nbsp;<SPAN
@@ -953,7 +953,7 @@ NAME="proposed_standards"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4371"
+NAME="AEN4369"
 ></A
 ><P
 >[RFC2181]&nbsp;<SPAN
@@ -973,7 +973,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4379"
+NAME="AEN4377"
 ></A
 ><P
 >[RFC2308]&nbsp;<SPAN
@@ -993,7 +993,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4387"
+NAME="AEN4385"
 ></A
 ><P
 >[RFC1995]&nbsp;<SPAN
@@ -1013,7 +1013,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4395"
+NAME="AEN4393"
 ></A
 ><P
 >[RFC1996]&nbsp;<SPAN
@@ -1030,7 +1030,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4402"
+NAME="AEN4400"
 ></A
 ><P
 >[RFC2136]&nbsp;<SPAN
@@ -1056,7 +1056,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4419"
+NAME="AEN4417"
 ></A
 ><P
 >[RFC2845]&nbsp;<SPAN
@@ -1085,13 +1085,13 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4438"
+NAME="AEN4436"
 >Proposed Standards Still Under Development</A
 ></H1
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4443"
+NAME="AEN4441"
 ></A
 ><P
 >[RFC1886]&nbsp;<SPAN
@@ -1114,7 +1114,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4455"
+NAME="AEN4453"
 ></A
 ><P
 >[RFC2065]&nbsp;<SPAN
@@ -1134,7 +1134,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4467"
+NAME="AEN4465"
 ></A
 ><P
 >[RFC2137]&nbsp;<SPAN
@@ -1151,7 +1151,7 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4475"
+NAME="AEN4473"
 >Other Important RFCs About <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1160,7 +1160,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4478"
+NAME="AEN4476"
 ></A
 ><P
 >[RFC1535]&nbsp;<SPAN
@@ -1180,7 +1180,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4486"
+NAME="AEN4484"
 ></A
 ><P
 >[RFC1536]&nbsp;<SPAN
@@ -1212,7 +1212,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4507"
+NAME="AEN4505"
 ></A
 ><P
 >[RFC1982]&nbsp;<SPAN
@@ -1232,13 +1232,13 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4518"
+NAME="AEN4516"
 >Resource Record Types</A
 ></H1
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4520"
+NAME="AEN4518"
 ></A
 ><P
 >[RFC1183]&nbsp;<SPAN
@@ -1267,7 +1267,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4538"
+NAME="AEN4536"
 ></A
 ><P
 >[RFC1706]&nbsp;<SPAN
@@ -1290,7 +1290,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4550"
+NAME="AEN4548"
 ></A
 ><P
 >[RFC2168]&nbsp;<SPAN
@@ -1311,7 +1311,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4561"
+NAME="AEN4559"
 ></A
 ><P
 >[RFC1876]&nbsp;<SPAN
@@ -1338,7 +1338,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4578"
+NAME="AEN4576"
 ></A
 ><P
 >[RFC2052]&nbsp;<SPAN
@@ -1362,7 +1362,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4590"
+NAME="AEN4588"
 ></A
 ><P
 >[RFC2163]&nbsp;<SPAN
@@ -1383,7 +1383,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4598"
+NAME="AEN4596"
 ></A
 ><P
 >[RFC2230]&nbsp;<SPAN
@@ -1403,7 +1403,7 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4606"
+NAME="AEN4604"
 ><SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1412,7 +1412,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4609"
+NAME="AEN4607"
 ></A
 ><P
 >[RFC1101]&nbsp;<SPAN
@@ -1432,7 +1432,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4617"
+NAME="AEN4615"
 ></A
 ><P
 >[RFC1123]&nbsp;<SPAN
@@ -1449,7 +1449,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4624"
+NAME="AEN4622"
 ></A
 ><P
 >[RFC1591]&nbsp;<SPAN
@@ -1466,7 +1466,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4631"
+NAME="AEN4629"
 ></A
 ><P
 >[RFC2317]&nbsp;<SPAN
@@ -1489,7 +1489,7 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4645"
+NAME="AEN4643"
 ><SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1498,7 +1498,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4648"
+NAME="AEN4646"
 ></A
 ><P
 >[RFC1537]&nbsp;<SPAN
@@ -1518,7 +1518,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4656"
+NAME="AEN4654"
 ></A
 ><P
 >[RFC1912]&nbsp;<SPAN
@@ -1538,7 +1538,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4664"
+NAME="AEN4662"
 ></A
 ><P
 >[RFC1912]&nbsp;<SPAN
@@ -1558,7 +1558,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4672"
+NAME="AEN4670"
 ></A
 ><P
 >[RFC2010]&nbsp;<SPAN
@@ -1578,7 +1578,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4683"
+NAME="AEN4681"
 ></A
 ><P
 >[RFC2219]&nbsp;<SPAN
@@ -1601,7 +1601,7 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4695"
+NAME="AEN4693"
 >Other <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1610,7 +1610,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4701"
+NAME="AEN4699"
 ></A
 ><P
 >[RFC1464]&nbsp;<SPAN
@@ -1627,7 +1627,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4708"
+NAME="AEN4706"
 ></A
 ><P
 >[RFC1713]&nbsp;<SPAN
@@ -1647,7 +1647,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4716"
+NAME="AEN4714"
 ></A
 ><P
 >[RFC1794]&nbsp;<SPAN
@@ -1667,7 +1667,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4724"
+NAME="AEN4722"
 ></A
 ><P
 >[RFC2240]&nbsp;<SPAN
@@ -1684,7 +1684,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4731"
+NAME="AEN4729"
 ></A
 ><P
 >[RFC2345]&nbsp;<SPAN
@@ -1707,7 +1707,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4745"
+NAME="AEN4743"
 ></A
 ><P
 >[RFC2352]&nbsp;<SPAN
@@ -1724,13 +1724,13 @@ STYLE="margin-left=0.5in"
 ><H1
 CLASS="bibliodiv"
 ><A
-NAME="AEN4752"
+NAME="AEN4750"
 >Obsolete and Unimplemented Experimental RRs</A
 ></H1
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4754"
+NAME="AEN4752"
 ></A
 ><P
 >[RFC1712]&nbsp;<SPAN
@@ -1781,7 +1781,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4775"
+NAME="AEN4773"
 >A.4.3. Other Documents About <SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -1791,13 +1791,13 @@ CLASS="acronym"
 ></P
 ><H3
 ><A
-NAME="AEN4779"
+NAME="AEN4777"
 >Bibliography</A
 ></H3
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4780"
+NAME="AEN4778"
 ></A
 ><P
 ><SPAN

doc/arm/Bv9ARM.html

@@ -516,7 +516,7 @@ and Usage</A
 ></DT
 ><DT
 >6.2.17. <A
-HREF="Bv9ARM.ch06.html#AEN2898"
+HREF="Bv9ARM.ch06.html#AEN2896"
 ><B
 CLASS="command"
 >trusted-keys</B
@@ -524,7 +524,7 @@ CLASS="command"
 ></DT
 ><DT
 >6.2.18. <A
-HREF="Bv9ARM.ch06.html#AEN2914"
+HREF="Bv9ARM.ch06.html#AEN2912"
 ><B
 CLASS="command"
 >trusted-keys</B
@@ -533,7 +533,7 @@ and Usage</A
 ></DT
 ><DT
 >6.2.19. <A
-HREF="Bv9ARM.ch06.html#AEN2922"
+HREF="Bv9ARM.ch06.html#AEN2920"
 ><B
 CLASS="command"
 >view</B
@@ -541,7 +541,7 @@ CLASS="command"
 ></DT
 ><DT
 >6.2.20. <A
-HREF="Bv9ARM.ch06.html#AEN2936"
+HREF="Bv9ARM.ch06.html#AEN2934"
 ><B
 CLASS="command"
 >view</B
@@ -558,7 +558,7 @@ Statement Grammar</A
 ></DT
 ><DT
 >6.2.22. <A
-HREF="Bv9ARM.ch06.html#AEN3073"
+HREF="Bv9ARM.ch06.html#AEN3071"
 ><B
 CLASS="command"
 >zone</B
@@ -568,7 +568,7 @@ CLASS="command"
 ></DD
 ><DT
 >6.3. <A
-HREF="Bv9ARM.ch06.html#AEN3422"
+HREF="Bv9ARM.ch06.html#AEN3420"
 >Zone File</A
 ></DT
 ><DD
@@ -580,7 +580,7 @@ HREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
 ></DT
 ><DT
 >6.3.2. <A
-HREF="Bv9ARM.ch06.html#AEN3742"
+HREF="Bv9ARM.ch06.html#AEN3740"
 >Discussion of MX Records</A
 ></DT
 ><DT
@@ -590,17 +590,17 @@ HREF="Bv9ARM.ch06.html#Setting_TTLs"
 ></DT
 ><DT
 >6.3.4. <A
-HREF="Bv9ARM.ch06.html#AEN3863"
+HREF="Bv9ARM.ch06.html#AEN3861"
 >Inverse Mapping in IPv4</A
 ></DT
 ><DT
 >6.3.5. <A
-HREF="Bv9ARM.ch06.html#AEN3890"
+HREF="Bv9ARM.ch06.html#AEN3888"
 >Other Zone File Directives</A
 ></DT
 ><DT
 >6.3.6. <A
-HREF="Bv9ARM.ch06.html#AEN3948"
+HREF="Bv9ARM.ch06.html#AEN3946"
 ><SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -630,7 +630,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
 ></DT
 ><DT
 >7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4040"
+HREF="Bv9ARM.ch07.html#AEN4038"
 ><B
 CLASS="command"
 >chroot</B
@@ -644,7 +644,7 @@ UNIX servers)</A
 ><DL
 ><DT
 >7.2.1. <A
-HREF="Bv9ARM.ch07.html#AEN4063"
+HREF="Bv9ARM.ch07.html#AEN4061"
 >The <B
 CLASS="command"
 >chroot</B
@@ -652,7 +652,7 @@ CLASS="command"
 ></DT
 ><DT
 >7.2.2. <A
-HREF="Bv9ARM.ch07.html#AEN4078"
+HREF="Bv9ARM.ch07.html#AEN4076"
 >Using the <B
 CLASS="command"
 >setuid</B
@@ -676,26 +676,26 @@ HREF="Bv9ARM.ch08.html"
 ><DL
 ><DT
 >8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4098"
+HREF="Bv9ARM.ch08.html#AEN4096"
 >Common Problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >8.1.1. <A
-HREF="Bv9ARM.ch08.html#AEN4100"
+HREF="Bv9ARM.ch08.html#AEN4098"
 >It's not working; how can I figure out what's wrong?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4104"
+HREF="Bv9ARM.ch08.html#AEN4102"
 >Incrementing and Changing the Serial Number</A
 ></DT
 ><DT
 >8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4109"
+HREF="Bv9ARM.ch08.html#AEN4107"
 >Where Can I Get Help?</A
 ></DT
 ></DL
@@ -709,14 +709,14 @@ HREF="Bv9ARM.ch09.html"
 ><DL
 ><DT
 >A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4125"
+HREF="Bv9ARM.ch09.html#AEN4123"
 >Acknowledgements</A
 ></DT
 ><DD
 ><DL
 ><DT
 >A.1.1. <A
-HREF="Bv9ARM.ch09.html#AEN4127"
+HREF="Bv9ARM.ch09.html#AEN4125"
 >A Brief History of the <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -746,7 +746,7 @@ HREF="Bv9ARM.ch09.html#classes_of_resource_records"
 ></DD
 ><DT
 >A.3. <A
-HREF="Bv9ARM.ch09.html#AEN4166"
+HREF="Bv9ARM.ch09.html#AEN4164"
 >General <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -780,7 +780,7 @@ HREF="Bv9ARM.ch09.html#internet_drafts"
 ></DT
 ><DT
 >A.4.3. <A
-HREF="Bv9ARM.ch09.html#AEN4775"
+HREF="Bv9ARM.ch09.html#AEN4773"
 >Other Documents About <SPAN
 CLASS="acronym"
 >BIND</SPAN

doc/misc/migration

@@ -26,6 +26,12 @@ one of the following lines to the named.conf options { } block:
    auth-nxdomain no;	# conform to RFC1035
    auth-nxdomain yes;	# do what BIND 8 did by default
 
+The default of the "transfer-format" option has changed from
+"one-answer" to "many-answers".  If you have slave servers that do not
+understand the many-answers zone transfer format (e.g., BIND 4.9.5 or
+older) you need to explicitly specify "transfer-format one-answer;" in
+either the options block or a server statement.
+
 1.2. Handling of Configuration File Errors
 
 In BIND 9, named refuses to start if it detects an error in
@@ -209,4 +215,4 @@ directing queries for a given domain to a particular set of name
 servers.
 
 
-$Id: migration,v 1.17.2.5 2001/03/11 18:39:53 bwelling Exp $
+$Id: migration,v 1.17.2.6 2001/03/19 18:07:45 gson Exp $

doc/misc/options

@@ -1,7 +1,7 @@
 Copyright (C) 2000, 2001  Internet Software Consortium.
 See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 
-$Id: options,v 1.54.2.5 2001/03/07 23:50:34 gson Exp $
+$Id: options,v 1.54.2.6 2001/03/16 18:19:44 bwelling Exp $
 
 This is a summary of the implementation status of the various named.conf
 options in BIND 9.
@@ -85,7 +85,7 @@ options {
   [ max-cache-size size_spec; ]				    No*
   [ min-roots number; ]					    Obsolete
   [ serial-queries number; ]				    Obsolete
-  [ transfer-format ( one-answer | many-answers ); ]	    Yes
+  [ transfer-format ( one-answer | many-answers ); ]	    Yes%
   [ transfers-in  number; ]				    Yes
   [ transfers-out number; ]				    Yes
   [ transfers-per-ns number; ]				    Yes
@@ -141,7 +141,7 @@ server ip_addr {
   [ provide-ixfr yes_or_no; ]				    Yes*
   [ support-ixfr yes_or_no; ]				    Obsolete
   [ transfers number; ]					    Yes
-  [ transfer-format ( one-answer | many-answers ); ]	    Yes
+  [ transfer-format ( one-answer | many-answers ); ]	    Yes%
   [ keys { key_id [key_id ... ] }; ]			    Yes
 };
 
@@ -265,7 +265,7 @@ view "view_name" [ ( in | hs | hesiod | chaos ) ] {	    Yes*
   [ max-ncache-ttl number; ]				    Yes
   [ max-cache-size size_spec; ]				    No*
   [ min-roots number; ]					    Obsolete
-  [ transfer-format ( one-answer | many-answers ); ]	    Yes
+  [ transfer-format ( one-answer | many-answers ); ]	    Yes%
   [ transfer-source ...; ]				    Yes
   [ transfer-source-v6 ...; ]				    Yes*
   [ notify-source ...; ]				    Yes*

lib/dns/config/confparser.y.dirty

@@ -33,7 +33,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: confparser.y.dirty,v 1.44.2.7 2001/03/08 18:39:50 gson Exp $ */
+/* $Id: confparser.y.dirty,v 1.44.2.8.4.1 2003/09/01 05:19:20 marka Exp $ */
 
 #include <config.h>
 
@@ -1888,7 +1888,7 @@ ordering_name: /* nothing */
 			$$ = $2;
 		}
 	}
-
+	;
 
 rrset_ordering_element: ordering_class ordering_type ordering_name
 	L_ORDER L_STRING
@@ -1918,7 +1918,7 @@ rrset_ordering_element: ordering_class ordering_type ordering_name
 		isc_mem_free(memctx, $5);
 		isc_mem_free(memctx, $3);
 	}
-
+	;
 
 transfer_format: L_ONE_ANSWER
 	{
@@ -2158,7 +2158,8 @@ additional_data: L_INTERNAL
 	| L_MAXIMAL
 	{
 		$$ = dns_c_ad_maximal;
-	};
+	}
+	;
 
 yea_or_nay: L_YES
 	{
@@ -2188,6 +2189,7 @@ yea_or_nay: L_YES
 			$$ = isc_boolean_true;
 		}
 	}
+	;
 
 notify_setting: yea_or_nay
 	{
@@ -4958,6 +4960,7 @@ class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;
 
 wild_class_name: any_string
 	{
@@ -4981,6 +4984,7 @@ wild_class_name: any_string
 		isc_mem_free(memctx, $1);
 		$$ = cl;
 	}
+	;
 
 optional_class: /* Empty */
 	{
@@ -6749,7 +6753,7 @@ parser_error(isc_boolean_t lasttoken, const char *fmt, ...)
 	va_list args;
 
 	va_start(args, fmt);
-	parser_complain(ISC_TRUE, lasttoken, fmt, args);
+	parser_complain(ISC_FALSE, lasttoken, fmt, args);
 	va_end(args);
 
 	currcfg->errors++;
@@ -6762,7 +6766,7 @@ parser_warning(isc_boolean_t lasttoken, const char *fmt, ...)
 	va_list args;
 
 	va_start(args, fmt);
-	parser_complain(ISC_FALSE, lasttoken, fmt, args);
+	parser_complain(ISC_TRUE, lasttoken, fmt, args);
 	va_end(args);
 
 	currcfg->warnings++;

lib/dns/dnssec.c

@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: dnssec.c,v 1.56.2.2 2001/01/16 22:38:42 gson Exp $
+ * $Id: dnssec.c,v 1.56.2.3 2001/03/26 19:12:48 gson Exp $
  */
 
 
@@ -155,6 +155,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	unsigned char data[300];
 	isc_uint32_t flags;
 	unsigned int sigsize;
+	dns_fixedname_t fnewname;
 
 	REQUIRE(name != NULL);
 	REQUIRE(dns_name_depth(name) <= 255);
@@ -223,7 +224,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	if (ret != ISC_R_SUCCESS)
 		goto cleanup_context;
 
-	dns_name_toregion(name, &r);
+	dns_fixedname_init(&fnewname);
+	dns_name_downcase(name, dns_fixedname_name(&fnewname), NULL);
+	dns_name_toregion(dns_fixedname_name(&fnewname), &r);
 
 	/*
 	 * Create an envelope for each rdata: <name|type|class|ttl>.
@@ -363,15 +366,19 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
 	/*
 	 * If the name is an expanded wildcard, use the wildcard name.
 	 */
+	dns_fixedname_init(&fnewname);
 	labels = dns_name_depth(name) - 1;
 	if (labels - sig.labels > 0) {
-		dns_fixedname_init(&fnewname);
 		dns_name_splitatdepth(name, sig.labels + 1, NULL,
 				      dns_fixedname_name(&fnewname));
-		dns_name_toregion(dns_fixedname_name(&fnewname), &r);
+		dns_name_downcase(dns_fixedname_name(&fnewname),
+				  dns_fixedname_name(&fnewname),
+				  NULL);
 	}
 	else
-		dns_name_toregion(name, &r);
+		dns_name_downcase(name, dns_fixedname_name(&fnewname), NULL);
+
+	dns_name_toregion(dns_fixedname_name(&fnewname), &r);
 
 	/*
 	 * Create an envelope for each rdata: <name|type|class|ttl>.

lib/dns/include/dns/validator.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.h,v 1.17.2.1 2001/01/09 22:46:27 bwelling Exp $ */
+/* $Id: validator.h,v 1.17.2.1.4.1 2007/01/23 23:42:23 marka Exp $ */
 
 #ifndef DNS_VALIDATOR_H
 #define DNS_VALIDATOR_H 1
@@ -111,6 +111,11 @@ struct dns_validator {
 	ISC_LINK(dns_validator_t)	link;
 };
 
+/*%
+ * dns_validator_create() options.
+ */
+#define DNS_VALIDATOR_DEFER 2U
+
 ISC_LANG_BEGINDECLS
 
 isc_result_t
@@ -153,6 +158,15 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
  * part of a known insecure domain.
  */
 
+void
+dns_validator_send(dns_validator_t *validator);
+/*%<
+ * Send a deferred validation request
+ *
+ * Requires:
+ *	'validator' to points to a valid DNSSEC validator.
+ */
+
 void
 dns_validator_cancel(dns_validator_t *validator);
 /*

lib/dns/message.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.164.2.3 2001/02/23 18:27:59 gson Exp $ */
+/* $Id: message.c,v 1.164.2.4 2001/03/20 18:46:35 gson Exp $ */
 
 /***
  *** Imports
@@ -2106,6 +2106,7 @@ dns_message_gettempname(dns_message_t *msg, dns_name_t **item) {
 	*item = isc_mempool_get(msg->namepool);
 	if (*item == NULL)
 		return (ISC_R_NOMEMORY);
+	dns_name_init(*item, NULL);
 
 	return (ISC_R_SUCCESS);
 }

lib/dns/rbtdb.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rbtdb.c,v 1.139.4.5 2001/03/04 23:03:22 bwelling Exp $ */
+/* $Id: rbtdb.c,v 1.139.4.6 2001/03/27 00:12:30 bwelling Exp $ */
 
 /*
  * Principal Author: Bob Halley
@@ -958,6 +958,40 @@ closeversion(dns_db_t *db, dns_dbversion_t **versionp, isc_boolean_t commit) {
 	*versionp = NULL;
 }
 
+/*
+ * Add the necessary magic for the wildcard name 'name'
+ * to be found in 'rbtdb'.
+ *
+ * In order for wildcard matching to work correctly in
+ * zone_find(), we must ensure that a node for the wildcarding
+ * level exists in the database, and has its 'find_callback'
+ * and 'wild' bits set.
+ *
+ * E.g. if the wildcard name is "*.sub.example." then we
+ * must ensure that "sub.example." exists and is marked as
+ * a wildcard level.
+ */
+static isc_result_t
+add_wildcard_magic(dns_rbtdb_t *rbtdb, dns_name_t *name) {
+	isc_result_t result;
+	dns_name_t foundname;
+	dns_offsets_t offsets;
+	unsigned int n;
+	dns_rbtnode_t *node = NULL;
+
+	dns_name_init(&foundname, offsets);
+	n = dns_name_countlabels(name);
+	INSIST(n >= 2);
+	n--;
+	dns_name_getlabelsequence(name, 1, n, &foundname);
+	result = dns_rbt_addnode(rbtdb->tree, &foundname, &node);
+	if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS)
+		return (result);
+	node->find_callback = 1;
+	node->wild = 1;
+	return (ISC_R_SUCCESS);
+}
+
 static isc_result_t
 findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 	 dns_dbnode_t **nodep)
@@ -994,6 +1028,13 @@ findnode(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 			dns_rbt_namefromnode(node, &nodename);
 			node->locknum = dns_name_hash(&nodename, ISC_TRUE) %
 				rbtdb->node_lock_count;
+			if (dns_name_iswildcard(name)) {
+				result = add_wildcard_magic(rbtdb, name);
+				if (result != ISC_R_SUCCESS) {
+					RWUNLOCK(&rbtdb->tree_lock, locktype);
+					return (result);
+				}
+			}
 		} else if (result != ISC_R_EXISTS) {
 			RWUNLOCK(&rbtdb->tree_lock, locktype);
 			return (result);
@@ -3695,9 +3736,6 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
 	isc_result_t result;
 	isc_region_t region;
 	rdatasetheader_t *newheader;
-	dns_name_t foundname;
-	dns_offsets_t offsets;
-	unsigned int n;
 
 	/*
 	 * This routine does no node locking.  See comments in
@@ -3720,28 +3758,9 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
 		 */
 		if (rdataset->type == dns_rdatatype_ns)
 			return (DNS_R_INVALIDNS);
-
-		/*
-		 * In order for wildcard matching to work correctly in
-		 * zone_find(), we must ensure that a node for the wildcarding
-		 * level exists in the database, and has its 'find_callback'
-		 * and 'wild' bits set.
-		 *
-		 * E.g. if the wildcard name is "*.sub.example." then we
-		 * must ensure that "sub.example." exists and is marked as
-		 * a wildcard level.
-		 */
-		dns_name_init(&foundname, offsets);
-		n = dns_name_countlabels(name);
-		INSIST(n >= 2);
-		n--;
-		dns_name_getlabelsequence(name, 1, n, &foundname);
-		node = NULL;
-		result = dns_rbt_addnode(rbtdb->tree, &foundname, &node);
-		if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS)
+		result = add_wildcard_magic(rbtdb, name);
+		if (result != ISC_R_SUCCESS)
 			return (result);
-		node->find_callback = 1;
-		node->wild = 1;
 	}
 
 	node = NULL;
@@ -3749,6 +3768,7 @@ loading_addrdataset(void *arg, dns_name_t *name, dns_rdataset_t *rdataset) {
 	if (result != ISC_R_SUCCESS && result != ISC_R_EXISTS)
 		return (result);
 	if (result != ISC_R_EXISTS) {
+		dns_name_t foundname;
 		dns_name_init(&foundname, NULL);
 		dns_rbt_namefromnode(node, &foundname);
 		node->locknum = dns_name_hash(&foundname, ISC_TRUE) %

lib/dns/resolver.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.187.2.8 2001/02/28 21:20:31 bwelling Exp $ */
+/* $Id: resolver.c,v 1.187.2.9.4.2 2007/01/23 23:42:23 marka Exp $ */
 
 #include <config.h>
 
@@ -554,6 +554,7 @@ fctx_done(fetchctx_t *fctx, isc_result_t result) {
 	LOCK(&res->buckets[fctx->bucketnum].lock);
 
 	fctx->state = fetchstate_done;
+	fctx->attributes &= ~FCTX_ATTR_ADDRWAIT;
 	fctx_sendevents(fctx, result);
 
 	UNLOCK(&res->buckets[fctx->bucketnum].lock);
@@ -700,6 +701,8 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
+	INSIST(ISC_LIST_EMPTY(fctx->validators));
+
 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
 
 	query = isc_mem_get(res->mctx, sizeof *query);
@@ -2372,12 +2375,21 @@ maybe_destroy(fetchctx_t *fctx) {
 	unsigned int bucketnum;
 	isc_boolean_t bucket_empty = ISC_FALSE;
 	dns_resolver_t *res = fctx->res;
+	dns_validator_t *validator;
 
 	REQUIRE(SHUTTINGDOWN(fctx));
 
-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
+	if (fctx->pending != 0)
 		return;
 
+	for (validator = ISC_LIST_HEAD(fctx->validators);
+	     validator != NULL;
+	     validator = ISC_LIST_HEAD(fctx->validators)) {
+		ISC_LIST_UNLINK(fctx->validators, validator, link);
+		dns_validator_cancel(validator);
+		dns_validator_destroy(&validator);
+	}
+
 	bucketnum = fctx->bucketnum;
 	LOCK(&res->buckets[bucketnum].lock);
 	if (fctx->references == 0)
@@ -2548,7 +2560,9 @@ validated(isc_task_t *task, isc_event_t *event) {
 			goto noanswer_response;
 	}
 
-	if (sentresponse) {
+	if (!ISC_LIST_EMPTY(fctx->validators))
+		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+	else if (sentresponse) {
 		/*
 		 * If we only deferred the destroy because we wanted to cache
 		 * the data, destroy now.
@@ -2568,6 +2582,7 @@ validated(isc_task_t *task, isc_event_t *event) {
 		 * more rdatasets that still need to
 		 * be validated.
 		 */
+		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
 		goto cleanup_event;
 	}
 
@@ -2616,6 +2631,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 	unsigned int options;
 	isc_task_t *task;
 	dns_validator_t *validator;
+	unsigned int valoptions = 0;
 
 	/*
 	 * The appropriate bucket lock must be held.
@@ -2804,15 +2820,18 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 						rdataset,
 						sigrdataset,
 						fctx->rmessage,
-						0,
+						valoptions,
 						task,
 						validated,
 						fctx,
 						&validator);
-					if (result == ISC_R_SUCCESS)
+					if (result == ISC_R_SUCCESS) {
 						ISC_LIST_APPEND(
 							fctx->validators,
 							validator, link);
+						valoptions |=
+							 DNS_VALIDATOR_DEFER;
+					}
 				}
 			}
 		} else if (!EXTERNAL(rdataset)) {
@@ -2885,7 +2904,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 					      valrdataset,
 					      valsigrdataset,
 					      fctx->rmessage,
-					      0,
+					      valoptions,
 					      task,
 					      validated,
 					      fctx,
@@ -3211,6 +3230,7 @@ check_related(void *arg, dns_name_t *addname, dns_rdatatype_t type) {
 				/*
 				 * Do we have its SIG too?
 				 */
+				rdataset = NULL;
 				result = dns_message_findtype(name,
 						      dns_rdatatype_sig,
 						      type, &rdataset);

lib/dns/validator.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: validator.c,v 1.87.2.1 2001/01/09 22:44:26 bwelling Exp $ */
+/* $Id: validator.c,v 1.87.2.1.4.1 2007/01/23 23:42:23 marka Exp $ */
 
 #include <config.h>
 
@@ -1512,7 +1512,8 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 	ISC_LINK_INIT(val, link);
 	val->magic = VALIDATOR_MAGIC;
 
-	isc_task_send(task, (isc_event_t **)&event);
+	if ((options & DNS_VALIDATOR_DEFER) == 0)
+		isc_task_send(task, (isc_event_t **)&event);
 
 	*validatorp = val;
 
@@ -1529,6 +1530,21 @@ dns_validator_create(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
 	return (result);
 }
 
+void
+dns_validator_send(dns_validator_t *validator) {
+	isc_event_t *event;
+	REQUIRE(VALID_VALIDATOR(validator));
+
+	LOCK(&validator->lock);
+
+	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
+	event = (isc_event_t *)validator->event;
+	validator->options &= ~DNS_VALIDATOR_DEFER;
+	UNLOCK(&validator->lock);
+
+	isc_task_send(validator->task, &event);
+}
+
 void
 dns_validator_cancel(dns_validator_t *validator) {
 	REQUIRE(VALID_VALIDATOR(validator));
@@ -1548,6 +1564,13 @@ dns_validator_cancel(dns_validator_t *validator) {
 
 		if (validator->authvalidator != NULL)
 			dns_validator_cancel(validator->authvalidator);
+
+		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
+			isc_task_t *task = validator->event->ev_sender;
+			validator->options &= ~DNS_VALIDATOR_DEFER;
+			isc_event_free((isc_event_t **)&validator->event);
+			isc_task_detach(&task);
+		}
 	}
 	UNLOCK(&validator->lock);
 }

lib/isc/random.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: random.c,v 1.14.2.1 2001/01/09 22:49:14 bwelling Exp $ */
+/* $Id: random.c,v 1.14.2.1.4.1 2003/09/01 05:19:20 marka Exp $ */
 
 #include <config.h>
 
@@ -33,7 +33,14 @@ static isc_once_t once = ISC_ONCE_INIT;
 static void
 initialize_rand(void)
 {
-	srand(time(NULL));
+	unsigned int pid = getpid();
+
+	/*
+	 * The low bits of pid generally change faster.
+	 * Xor them with the high bits of time which change slowly.
+	 */
+	pid = ((pid << 16) & 0xffff0000) | ((pid >> 16) & 0xffff);
+	srand(time(NULL) ^ pid);
 }
 
 static void

lib/isc/unix/app.c

@@ -15,13 +15,14 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: app.c,v 1.36.2.3 2001/03/14 06:32:15 bwelling Exp $ */
+/* $Id: app.c,v 1.36.2.5 2001/03/27 01:37:06 bwelling Exp $ */
 
 #include <config.h>
 
 #include <sys/types.h>
 
 #include <stddef.h>
+#include <stdlib.h>
 #include <errno.h>
 #include <unistd.h>
 #include <signal.h>
@@ -116,10 +117,8 @@ handle_signal(int sig, void (*handler)(int)) {
 isc_result_t
 isc_app_start(void) {
 	isc_result_t result;
-#ifdef ISC_PLATFORM_USETHREADS
 	int presult;
 	sigset_t sset;
-#endif /* ISC_PLATFORM_USETHREADS */
 
 	/*
 	 * Start an ISC library application.
@@ -217,6 +216,30 @@ isc_app_start(void) {
 				 strerror(presult));
 		return (ISC_R_UNEXPECTED);
 	}
+#else /* ISC_PLATFORM_USETHREADS */
+	/*
+	 * Unblock SIGHUP, SIGINT, SIGTERM.
+	 *
+	 * If we're not using threads, we need to make sure that SIGHUP,
+	 * SIGINT and SIGTERM are not inherited as blocked from the parent
+	 * process.
+	 */
+	if (sigemptyset(&sset) != 0 ||
+	    sigaddset(&sset, SIGHUP) != 0 ||
+	    sigaddset(&sset, SIGINT) != 0 ||
+	    sigaddset(&sset, SIGTERM) != 0) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_app_start() sigsetops: %s",
+				 strerror(errno));
+		return (ISC_R_UNEXPECTED);
+	}
+	presult = sigprocmask(SIG_UNBLOCK, &sset, NULL);
+	if (presult != 0) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "isc_app_start() sigprocmask: %s",
+				 strerror(presult));
+		return (ISC_R_UNEXPECTED);
+	}
 #endif /* ISC_PLATFORM_USETHREADS */
 
 	ISC_LIST_INIT(on_run);

lib/omapi/api

@@ -1,3 +1,3 @@
-LIBINTERFACE = 3
+LIBINTERFACE = 4
 LIBREVISION = 0
 LIBAGE = 0

lib/omapi/connection.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: connection.c,v 1.36.4.2 2001/02/07 02:41:47 gson Exp $ */
+/* $Id: connection.c,v 1.36.4.3 2001/03/27 00:14:52 bwelling Exp $ */
 
 /* Principal Author: DCL */
 
@@ -47,7 +47,7 @@ get_address(const char *hostname, in_port_t port, isc_sockaddr_t *sockaddr) {
 	/*
 	 * Is this an IPv6 numeric address?
 	 */
-	if (isc_net_probeipv6 == ISC_R_SUCCESS &&
+	if (isc_net_probeipv6() == ISC_R_SUCCESS &&
 	    inet_pton(AF_INET6, hostname, &in6) == 1)
 		isc_sockaddr_fromin6(sockaddr, &in6, port);
 

lib/omapi/include/omapi/private.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: private.h,v 1.25.4.1 2001/01/09 22:53:15 bwelling Exp $ */
+/* $Id: private.h,v 1.25.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*****
  ***** Private master include file for the OMAPI library.
@@ -243,6 +243,7 @@ struct omapi_protocol {
 	isc_region_t			signature_in;
 	isc_buffer_t			*signature_out;
 	isc_result_t			verify_result;
+	isc_uint32_t			authid;
 	/*
 	 * A callback to find out whether a requested key is valid on
 	 * the connection, and the arg the caller wants to help it decide.
@@ -438,12 +439,12 @@ send_intro(omapi_object_t *object, unsigned int version);
 #define send_status omapi__send_status
 isc_result_t
 send_status(omapi_object_t *protcol, isc_result_t waitstatus,
-	    unsigned int response_id, const char *message);
+	    unsigned int response_id, unsigned int authid, const char *message);
 
 #define send_update omapi__send_update
 isc_result_t
 send_update(omapi_object_t *protocol, unsigned int response_id,
-	    omapi_object_t *object);
+	    unsigned int authid, omapi_object_t *object);
 
 ISC_LANG_ENDDECLS
 

lib/omapi/include/omapi/result.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.h,v 1.7.4.1 2001/01/09 22:53:16 bwelling Exp $ */
+/* $Id: result.h,v 1.7.4.1.4.1 2003/09/01 05:19:22 marka Exp $ */
 
 #ifndef OMAPI_RESULT_H
 #define OMAPI_RESULT_H 1
@@ -32,8 +32,9 @@ ISC_LANG_BEGINDECLS
 #define OMAPI_R_INVALIDARG		(ISC_RESULTCLASS_OMAPI + 3)
 #define OMAPI_R_VERSIONMISMATCH		(ISC_RESULTCLASS_OMAPI + 4)
 #define OMAPI_R_PROTOCOLERROR		(ISC_RESULTCLASS_OMAPI + 5)
+#define OMAPI_R_BADAUTHID		(ISC_RESULTCLASS_OMAPI + 6)
 
-#define OMAPI_R_NRESULTS		6	/* Number of results */
+#define OMAPI_R_NRESULTS		7	/* Number of results */
 
 const char *
 omapi_result_totext(isc_result_t);

lib/omapi/listener.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listener.c,v 1.31.4.1 2001/01/09 22:52:59 bwelling Exp $ */
+/* $Id: listener.c,v 1.31.4.2.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Subroutines that support the generic listener object.
@@ -219,6 +219,8 @@ listener_accept(isc_task_t *task, isc_event_t *event) {
 	 */
 	protocol->verify_key = listener->verify_key;
 	protocol->verify_key_arg = listener->callback_arg;
+	while (protocol->authid == 0)
+		isc_random_get(&protocol->authid);
 
 	/*
 	 * Tie the protocol object bidirectionally to the connection
@@ -321,7 +323,7 @@ omapi_listener_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
 	 * Create a socket on which to listen.
 	 */
 	listener->socket = NULL;
-	result = isc_socket_create(omapi_socketmgr, PF_INET,
+	result = isc_socket_create(omapi_socketmgr, isc_sockaddr_pf(addr),
 				   isc_sockettype_tcp, &listener->socket);
 
 	if (result == ISC_R_SUCCESS)

lib/omapi/message.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.28.4.1 2001/01/09 22:53:00 bwelling Exp $ */
+/* $Id: message.c,v 1.28.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Subroutines for dealing with message objects.
@@ -26,6 +26,7 @@
 #include <stddef.h>
 
 #include <isc/buffer.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -180,7 +181,7 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 
 	if (result == ISC_R_SUCCESS)
 		/* XXXTL Write the ID of the authentication key we're using. */
-		result = omapi_connection_putuint32(connection, 0);
+		result = omapi_connection_putuint32(connection, p->authid);
 
 	if (result == ISC_R_SUCCESS)
 		result = omapi_connection_putuint32(connection, authlen);
@@ -209,6 +210,8 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 		 * Set and write the transaction ID.
 		 */
 		m->id = p->next_xid++;
+		if (m->id == 0)
+			m->id = p->next_xid++;
 		result = omapi_connection_putuint32(connection, m->id);
 	}
 
@@ -385,6 +388,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			dst_context_destroy(&protocol->dstctx);
 		}
 
+		if (protocol->verify_result == ISC_R_SUCCESS &&
+		    protocol->authid != 0)
+			if (protocol->authid != message->authid)
+				result = OMAPI_R_BADAUTHID;
+
 		if (protocol->verify_result != ISC_R_SUCCESS) {
 			if (connection->is_client) {
 				INSIST(m != NULL);
@@ -422,6 +430,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 				return (send_status(po,
 						    protocol->verify_result,
 						    message->id,
+						    protocol->authid,
 						    "failed to verify "
 						    "signature"));
 		}
@@ -434,7 +443,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (m != NULL) {
 			return (send_status(po, OMAPI_R_INVALIDARG,
-					    message->id,
+					    message->id, protocol->authid,
 					    "OPEN can't be a response"));
 		}
 
@@ -456,7 +465,8 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		} else if (result == ISC_R_NOTFOUND)
 			type = NULL;
 		else
-			return (send_status(po, result, message->id,
+			return (send_status(po, result, message->id, 
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -470,6 +480,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			create = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -483,6 +494,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			update = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -496,6 +508,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			exclusive = 0;
 		else
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    isc_result_totext(result)));
 
 		/*
@@ -505,6 +518,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (type != omapi_type_protocol && protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */
 
@@ -516,6 +530,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (create != 0)
 				return (send_status(po, OMAPI_R_INVALIDARG,
 						   message->id,
+						    protocol->authid,
 						   "type required on create"));
 
 			goto refresh;
@@ -523,6 +538,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (message->object == NULL)
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					    "no lookup key specified"));
 
 		/*
@@ -551,12 +567,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "unsearchable object type"));
 
 		if (result != ISC_R_SUCCESS &&
 		    result != ISC_R_NOTFOUND &&
 		    result != OMAPI_R_NOKEYS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "object lookup failed"));
 
 		/*
@@ -565,6 +583,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		 */
 		if (result == ISC_R_NOTFOUND && create == 0) {
 			return (send_status(po, ISC_R_NOTFOUND, message->id,
+					    protocol->authid,
 					   "no object matches specification"));
 		}
 
@@ -576,6 +595,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result == ISC_R_SUCCESS && create != 0 && exclusive != 0) {
 			OBJECT_DEREF(&object);
 			return (send_status(po, ISC_R_EXISTS, message->id,
+					    protocol->authid,
 					   "specified object already exists"));
 		}
 
@@ -586,6 +606,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = object_methodcreate(type, &object);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						   "can't create new object"));
 		}
 
@@ -598,6 +619,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			if (result != ISC_R_SUCCESS) {
 				OBJECT_DEREF(&object);
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			}
 		}
@@ -614,6 +636,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 #ifdef notyet /* not for 9.0.0 */
 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized access"));
 #endif /* notyet */
 
@@ -621,10 +644,11 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));
 
 	send:
-		result = send_update(po, message->id, object);
+		result = send_update(po, message->id, protocol->authid, object);
 		OBJECT_DEREF(&object);
 		return (result);
 
@@ -632,6 +656,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_UPDATE is not a "
 					    "valid server operation"));
 
@@ -642,6 +667,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 			result = handle_lookup(&object, message->h);
 			if (result != ISC_R_SUCCESS)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "no matching handle"));
 		}
 
@@ -656,6 +682,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		if (result != ISC_R_SUCCESS) {
 			if (message->rid == 0)
 				return (send_status(po, result, message->id,
+						    protocol->authid,
 						    "can't update object"));
 			if (m != NULL)
 				object_signal((omapi_object_t *)m,
@@ -665,6 +692,7 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (message->rid == 0)
 			result = send_status(po, ISC_R_SUCCESS, message->id,
+					    protocol->authid,
 					     NULL);
 
 		if (m != NULL)
@@ -675,12 +703,14 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 	case OMAPI_OP_NOTIFY:
 		return (send_status(po, ISC_R_NOTIMPLEMENTED, message->id,
+				    protocol->authid,
 				    "notify not implemented yet"));
 
 	case OMAPI_OP_STATUS:
 		if (! connection->is_client)
 			return (send_status(po, OMAPI_R_INVALIDARG,
 					    message->id,
+					    protocol->authid,
 					    "OMAPI_OP_STATUS is not a "
 					    "valid server operation"));
 
@@ -720,22 +750,26 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 
 		if (protocol->key == NULL)
 			return (send_status(po, ISC_R_NOPERM, message->id,
+					    protocol->authid,
 					    "unauthorized delete"));
 
 		result = handle_lookup(&object, message->h);
 		if (result != ISC_R_SUCCESS)
 			return (send_status(po, result, message->id,
+					    protocol->authid,
 					    "no matching handle"));
 
 		result = object_methodexpunge(object->type, object);
 		if (result == ISC_R_NOTIMPLEMENTED)
 			return (send_status(po, ISC_R_NOTIMPLEMENTED,
 					    message->id,
+					    protocol->authid,
 					    "no remove method for object"));
 
 		OBJECT_DEREF(&object);
 
-		return (send_status(po, result, message->id, NULL));
+		return (send_status(po, result, message->id,
+				    protocol->authid, NULL));
 	}
 
 	return (ISC_R_NOTIMPLEMENTED);

lib/omapi/protocol.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: protocol.c,v 1.32.4.1 2001/01/09 22:53:03 bwelling Exp $ */
+/* $Id: protocol.c,v 1.32.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 
 /*
  * Functions supporting the object management protocol.
@@ -28,6 +28,7 @@
 
 #include <isc/buffer.h>
 #include <isc/mem.h>
+#include <isc/random.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -158,9 +159,8 @@ send_intro(omapi_object_t *h, unsigned int ver) {
 
 		/*
 		 * Make up an initial transaction ID for this connection.
-		 * XXXDCL better generator than random()?
 		 */
-		p->next_xid = random();
+		isc_random_get(&p->next_xid);
 
 		result = connection_send(connection);
 
@@ -212,7 +212,7 @@ omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
 
 isc_result_t
 send_status(omapi_object_t *po, isc_result_t waitstatus,
-	    unsigned int rid, const char *msg)
+	    unsigned int rid, unsigned int authid, const char *msg)
 {
 	isc_result_t result;
 	omapi_object_t *message = NULL;
@@ -230,6 +230,10 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "rid", (int)rid);
 
+	if (result == ISC_R_SUCCESS)
+		result = omapi_object_setinteger(message, "authid",
+						 (int)authid);
+
 	if (result == ISC_R_SUCCESS)
 		result = omapi_object_setinteger(message, "result",
 						 (int)waitstatus);
@@ -249,7 +253,9 @@ send_status(omapi_object_t *po, isc_result_t waitstatus,
 }
 
 isc_result_t
-send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
+send_update(omapi_object_t *po, unsigned int rid, unsigned int authid,
+	    omapi_object_t *object)
+{
 	isc_result_t result;
 	omapi_object_t *message = NULL;
 
@@ -267,6 +273,10 @@ send_update(omapi_object_t *po, unsigned int rid, omapi_object_t *object) {
 
 		result = omapi_object_setinteger(message, "rid", (int)rid);
 
+		if (result == ISC_R_SUCCESS)
+			result = omapi_object_setinteger(message, "authid",
+							 (int)authid);
+
 		if (result == ISC_R_SUCCESS)
 			result = object_gethandle(&handle, object);
 
@@ -378,6 +388,8 @@ dispatch_messages(omapi_protocol_t *protocol,
 		 */
 		/* XXXDCL authid is unused */
 		connection_getuint32(connection, &protocol->message->authid);
+		if (protocol->authid == 0)
+			protocol->authid = protocol->message->authid;
 		/* XXXTL bind the authenticator here! */
 		connection_getuint32(connection, &protocol->message->authlen);
 		connection_getuint32(connection, &protocol->message->op);

lib/omapi/result.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: result.c,v 1.10.4.1 2001/01/09 22:53:04 bwelling Exp $ */
+/* $Id: result.c,v 1.10.4.1.4.1 2003/09/01 05:19:21 marka Exp $ */
 #include <config.h>
 
 #include <isc/once.h>
@@ -31,6 +31,7 @@ static const char *text[OMAPI_R_NRESULTS] = {
 	"invalid argument",			/* 3 */
 	"protocol version mismatch",		/* 4 */
 	"protocol error",			/* 5 */
+	"bad authid",				/* 6 */
 };
 
 

version

@@ -1,4 +1,4 @@
-# $Id: version,v 1.18.4.9 2001/03/13 23:52:11 gson Exp $
+# $Id: version,v 1.18.4.13.4.3 2007/01/23 23:42:23 marka Exp $
 #
 # This file must follow /bin/sh rules.  It is imported directly via
 # configure.
@@ -6,5 +6,5 @@
 MAJORVER=9
 MINORVER=1
 PATCHVER=1
-RELEASETYPE=rc
-RELEASEVER=5
+RELEASETYPE=-P
+RELEASEVER=3