regenerated HTML

from resolv.conf by default. [RT #405, #630]

CHANGES

@@ -1,6 +1,113 @@
 
+	--- 9.1.0 released ---
+
+ 687.	[bug]		Only say we have IPv6, with sufficent functionality,
+			if it has actually been tested.  [RT #586]
+
+ 685.	[bug]		nslookup should use the search list/domain options
+			from resolv.conf by default. [RT #405, #630]
+
+ 684.	[bug]		Memory leak with view forwarders. [RT #656]
+
+ 683.	[bug]		File descriptor leak in isc_lex_openfile().
+
+ 682.	[bug]		nslookup displayed SOA records incorrectly. [RT #665]
+
+ 681.	[bug]		$GENERATE specifying output format was broken. [RT #653]
+
+ 680.	[bug]		dns_rdata_fromstruct() mishandled options bigger
+			than 255 octets.
+
+ 652.	[bug]		zone_saveunique() did not report the new name.
+			[RT #668]
+
+ 650.	[bug]		SIG(0) records were being generated and verified
+			incorrectly. [RT #606]
+
+	--- 9.1.0rc1 released ---
+
+ 679.	[bug]		$INCLUDE could leak memory and file descriptors on
+			reload. [RT #639]
+
+ 678.	[bug]		"tranfer-format one-answer;" could trigger an assertion
+			failure. [RT #646]
+
+ 677.	[bug]		dnssec-signzone would occasionally use the wrong ttl
+			for database operations and fail. [RT #643]
+
+ 676.	[bug]		Log messages about lame servers to category
+			'lame-servers' rather than 'resolver', so as not
+			to be gratuitously incompatible with BIND 8.
+
+ 675.	[bug]		TKEY queries could cause the server to leak
+			memory.
+
+ 672.	[bug]		The wrong time was in the "time signed" field when
+			replying with BADTIME error.
+
+ 670.	[bug]		The lwres replacements for getaddrinfo and
+			getipnodebyname didn't properly check for the
+			existence of the sockaddr sa_len field.
+
+ 667.	[bug]		On Linux, running named with the -u option and a
+			non-world-readable configuration file didn't work.
+			[RT #626]
+
+	--- 9.1.0b3 released ---
+
+ 666.	[bug]		If a request sent by dig is longer than 512 bytes,
+			use TCP.
+
+ 664.	[bug]		The t_tasks and t_timers module tests are now skipped
+			when building without threads, since they require
+			threads.
+
+ 661.	[bug]		Certain UDP IXFR requests caused an assertion failure
+			(mpctx->allocated == 0). [RT #355, #394, #623]
+
+ 659.	[performance]	Rewrite the name compression code to be much faster.
+
+ 658.	[cleanup]	Remove all vestiges of 16 bit global compression.
+
+ 657.	[bug]		When a listen-on statement in an lwres block does not
+			specifiy a port, use 921, not 53.  Also update the
+			listen-on documentation. [RT #616]
+
+ 654.	[bug]		Origin was being forgotten in TCP retries in dig.
+			[RT #574]
+
+ 653.	[bug]		+defname option in dig was reversed in sense.
+			[RT #549]
+
+ 649.	[bug]		It was possible to join to an already running fctx
+			after it had "cloned" its events, but before it sent
+			them.  In this case, the event of the newly joined
+			fetch would not contain the answer, and would
+			trigger the INSIST() in fctx_sendevents().  In
+			BIND 9.0, this bug did not trigger an INSIST(), but
+			caused the fetch to fail with a SERVFAIL result.
+			[RT #588, #597, #605, #607]
+
+ 647.	[bug]		Resolver queries sent after following multiple
+			referrals had excessively long retransmission
+			timeouts due to incorrectly counting the referrals
+			as "restarts".
+
+ 646.	[bug]		The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
+			didn't _cleanly_ fix the problem it was trying to fix.
+
+ 644.	[bug]		#622 needed more work. [RT #562]
+
+ 645.	[port]		BSD/OS 3.0 needs pthread_init(). [RT #603]
+
+ 642.	[bug]		Break the exit_check() race in the zone module.
+			[RT #598]
+
 	--- 9.1.0b2 released ---
 
+ 641.	[bug]		$GENERATE caused a uninitialized link to be used.
+			[RT #595]
+
  640.	[bug]		Memory leak in error path could cause
 			"mpctx->allocated == 0" failure. [RT #584]
 

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2000  Internet Software Consortium.
+Copyright (C) 1996-2001  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above

Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2000  Internet Software Consortium.
+# Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.36 2000/12/15 08:28:43 gson Exp $
+# $Id: Makefile.in,v 1.36.2.1 2001/01/09 22:31:05 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

README

@@ -45,14 +45,13 @@ BIND 9
 
 
 
-BIND 9.1.0b2
+BIND 9.1.0
 
-	BIND 9.1.0b2 is the second beta release of BIND 9.1.0.
-	It fixes a number of bugs in 9.1.0b1 and adds some new
-	features such as a multithreaded DNSSEC signer and
-	support for "rndc dumpdb" command.
+	BIND 9.1.0 is the first release of BIND 9.1.  Compared
+	to 9.0, BIND 9.1 has a number of new features as well
+	as numerous bug fixes and cleanups.
 
-	Other features added since 9.0.x include:
+	Features added since 9.0.x include:
 
 	  - Many BIND 8 features previously unimplemented in BIND 9,
 	    including domain-specific forwarding, the $GENERATE
@@ -84,8 +83,6 @@ BIND 9.1.0b2
 	Cryptographic operations are now based on the OpenSSL
 	library instead of DNSsafe.
 
-	Numerous bugs have been fixed.
-
 	BIND 9.1.0 is primarily a name server software distribution.
 	In addition to the name server, it also includes a new
 	lightweight stub resolver library and associated resolver

acconfig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.31 2000/12/23 02:45:41 tale Exp $ */
+/* $Id: acconfig.h,v 1.31.2.1 2001/01/09 22:31:06 bwelling Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because

bin/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2000  Internet Software Consortium.
+# Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.21 2000/12/19 01:42:15 bwelling Exp $
+# $Id: Makefile.in,v 1.21.2.1 2001/01/09 22:31:11 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.5 2000/12/22 17:25:56 gson Exp $
+# $Id: Makefile.in,v 1.5.2.1 2001/01/09 22:31:13 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/check-tool.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.2 2000/12/23 22:02:49 tale Exp $ */
+/* $Id: check-tool.c,v 1.2.2.1 2001/01/09 22:31:14 bwelling Exp $ */
 
 #include <config.h>
 

bin/check/check-tool.h

@@ -1,8 +1,21 @@
 /*
- * Copyright
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.1 2000/12/14 21:33:11 marka Exp $ */
+/* $Id: check-tool.h,v 1.1.2.1 2001/01/09 22:31:15 bwelling Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H

bin/check/named-checkconf.8

@@ -1,48 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: named-checkconf.8,v 1.2 2000/12/19 19:48:09 gson Exp $
-
-.Dd Jun 14, 2000
-.Dt NAMED-CHECKCONF 1
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named-checkconf
-.Nd Configuration file syntax checking tool.
-.Sh SYNOPSIS
-.Nm named-checkconf
-.Op filename
-.Sh DESCRIPTION
-.Pp
-.Nm named-checkconf
-is a tool to check the syntax, but not sematics, of the configuration file
-for named.
-.Pp
-The options to
-.Nm named-checkconf
-are as follows:
-.Bl -tag -width Ds
-.It Ar filename
-the name of the configuration file to be checked.
-If not specified it defaults /etc/named.conf.
-.Sh RETURN VALUES
-.Pp
-.Nm named-checkconf
-return a an exit status of 1 if errors were detected,
-0 otherwise.
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr RFC1035 .

bin/check/named-checkconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.2 2000/12/19 19:53:58 gson Exp $ */
+/* $Id: named-checkconf.c,v 1.2.2.1 2001/01/09 22:31:16 bwelling Exp $ */
 
 #include <config.h>
 

bin/check/named-checkzone.8

@@ -1,61 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: named-checkzone.8,v 1.2 2000/12/19 19:48:10 gson Exp $
-
-.Dd Jun 13, 2000
-.Dt NAMED-CHECKZONE 1
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named-checkzone
-.Nd Zone validity checking tool.
-.Sh SYNOPSIS
-.Nm named-checkzone
-.Op Fl dq
-.Op Fl c Ar class
-.Ar zone
-.Op filename
-.Sh DESCRIPTION
-.Pp
-.Nm named-checkzone
-is a tool for performing integrity checks on a zones contents.
-It uses the same integrity checks as
-.Nm named .
-.Pp
-The options to
-.Nm named-checkzone
-are as follows:
-.Bl -tag -width Ds
-.It Fl d
-enable debugging.
-.It Fl q
-quiet mode - exit code only.
-.It Fl c Ar class
-specify the class of the zone.
-If not specified "IN" is assumed.
-.It Ar zone
-the name of the zone being loaded.
-.It Op filename
-the name of the file containing the zone.
-If not specified it defaults to the zone name.
-.Sh RETURN VALUES
-.Pp
-.Nm named-checkzone
-return a an exit status of 1 if errors were detected,
-0 otherwise.
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr RFC1035 .

bin/check/named-checkzone.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.6 2000/12/21 22:11:03 gson Exp $ */
+/* $Id: named-checkzone.c,v 1.6.2.2 2001/01/11 18:30:28 gson Exp $ */
 
 #include <config.h>
 
@@ -61,7 +61,7 @@ static const char *dbtype[] = { "rbt" };
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: zone_test [-dq] [-c class] zone [filename]\n");
+		"usage: named-checkzone [-dq] [-c class] zone [filename]\n");
 	exit(1);
 }
 

bin/dig/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.17 2000/09/29 23:42:11 mws Exp $
+# $Id: Makefile.in,v 1.17.4.1 2001/01/09 22:31:19 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/dig.1

@@ -1,462 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: dig.1,v 1.6 2000/11/30 00:20:37 gson Exp $
-
-.Dd Jun 30, 2000
-.Dt DIG 1
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dig
-.Nd DNS lookup utility
-.Sh SYNOPSIS
-.Nm dig
-.Op @server
-.Op Fl b Ar address
-.Op Fl c Ar class
-.Op Fl f Ar filename
-.Op Fl k Ar filename
-.Op Fl p Ar port#
-.Op Fl t Ar type
-.Op Fl x Ar addr
-.Op Fl y Ar name:key
-.Op name
-.Op type
-.Op class
-.Op queryopt ...
-.Nm dig
-.Fl h
-.Nm dig
-.Op global-queryopt ...
-.Op query1
-.Op query2 ...
-.Sh DESCRIPTION
-.Pp
-.Nm dig 
-(domain information groper) is a flexible tool for interrogating DNS
-name servers.
-It performs DNS lookups and displays the answers that are returned from
-the name server(s) that were queried.
-Most DNS administrators use
-.Nm dig
-to troubleshoot DNS problems because of its flexibility, ease of use and
-clarity of output.
-Other lookup tools tend to have less functionality than
-.Nm dig .
-.Pp
-Although
-.Nm dig
-is normally used with command-line arguments, it also has a batch
-mode of operation for reading lookup requests from a file.
-A brief summary of its command-line arguments and options is printed
-when the
-.Fl h
-option is given.
-Unlike earlier versions, the BIND9 implementation of 
-.Nm dig
-allows multiple lookups to be issued from the command line.
-.Pp
-Unless it is told to query a specific name server,
-.Nm dig
-will try each of the servers listed in
-.Pa /etc/resolv.conf .
-.Pp
-When no command line arguments or options are given,
-will perform an NS query for "." (the root).
-.Sh SIMPLE USAGE
-.Pp
-A typical invocation of
-.Nm dig
-looks like:
-.Bd -ragged | -offset indent
-.Ic dig Ar @server name type
-.Ed
-.Pp
-where:
-.Bl -tag -width server
-.It Ar server
-is the name or IP address of the name server to query.
-An IPv4 address can be provided in dotted-decimal notation.
-When the supplied
-.Ar server
-argument is a hostname,
-.Nm dig
-resolves that name before querying that name server.
-If no
-.Ar server
-argument is provided,
-.Nm dig
-consults
-.Pa /etc/resolv.conf 
-and queries the name servers listed there.
-The reply from the name server that responds is displayed.
-.It Ar name
-is the name of the resource record that is to be looked up.
-.It Ar type
-indicates what type of query is required - ANY, A, MX, SIG, etc.
-.Ar type
-can be any valid query type.
-If no
-.Ar type
-argument is supplied,
-.Nm dig
-will perform a lookup for an A record.
-.El
-.Pp
-.Sh OPTIONS
-The 
-.Fl b
-option sets the source IP address of the query to
-.Ar address . 
-This must be a valid
-address on one of the host's network interfaces.
-.Pp
-The default query class (IN for internet) is overridden by the
-.Fl c
-option.
-.Ar class
-is any valid class, such as HS for Hesiod records or CH for
-CHAOSNET records.
-.Pp
-The
-.Fl f
-option makes
-.Nm dig 
-operate in batch mode by reading a list of lookup requests to process
-from the file
-.Ar filename .
-The file contains a number of queries, one per line.
-Each entry in the file should be organised in the same way they would be
-presented as queries to
-.Nm dig
-using the command-line interface.
-.Pp
-If a non-standard port number is to be queried, the
-.Fl p
-option is used.
-.Ar port#
-is the port number that
-.Nm dig
-will send its queries instead of the standard DNS port number 53.
-This option would be used to test a name server that has been configured
-to listen for queries on a non-standard port number.
-.Pp
-The
-.Fl t
-option sets the query type to
-.Ar type .
-It can be any valid query type which is supported in BIND9.
-The default query type "A", unless the
-.Fl x
-option is supplied to indicate a reverse lookup.
-A zone transfer can be requested by specifying a type of AXFR.
-When an incremental zone transfer (IXFR) is required,
-.Ar type
-is set to
-.Dv ixfr=N .
-The incremental zone transfer will contain the changes made to the zone
-since the serial number in the zone's SOA record was
-.Ar N .
-.Pp
-Reverse lookups - mapping addresses to names - are simplified
-by the
-.Fl x
-option.
-.Ar addr
-is an IPv4 address in dotted-decimal notation, or a colon-delimited
-IPv6 address.
-When this option is used, there is no need to provide the
-.Ar name ,
-.Ar class 
-and
-.Ar type
-arguments.
-.Nm dig
-automatically performs a lookup for a name like
-.Dv 11.12.13.10.in-addr.arpa
-and sets the query type and class to PTR and IN respectively.
-By default, IPv6 addresses are looked up using the
-IP6.ARPA domain and binary labels as defined in RFC2874.
-To use the older RFC1886 method using the IP6.INT domain and "nibble" labels,
-specify the
-.Fl n
-(nibble) option.
-.Pp
-To sign the DNS queries sent by
-.Nm dig
-and their responses using transaction signatures (TSIG),
-specify a TSIG key file using the
-.Fl k
-option.  You can also specify the TSIG key itself on the command
-line using the
-.Fl y
-option; 
-.Ar name
-is the name of the TSIG key and
-.Ar key
-is the actual key.  The key is a base-64 encoded string,
- typically generated by
-.Xr dnssec-keygen 8 .
-Caution should be taken when using the
-.Fl y
-option on multi-user systems as the key can be visible
-in the output from
-.Xr ps 1
-or in the shell's history file.
-When using TSIG authentication with
-.Nm dig ,
-the name server that is queried needs to know the key and algorithm
-that is being used.
-In BIND, this is done by providing appropriate
-.Dv key
-and
-.Dv server
-statements in 
-.Pa named.conf .
-.Sh QUERY OPTIONS
-.Nm dig
-provides a number of query options which affect the way in which 
-lookups are made and the results displayed.
-Some of these set or reset flag bits in the query header,
-some determine which sections of the answer get printed,
-and others determine the timeout and retry strategies.
-.Pp
-Each query option is identified by a keyword preceded by a
-plus sign: \*q+\*q.
-Some keywords set or reset an option.
-These may be preceded by the string \*qno\*q to negate the meaning of
-that keyword.
-Other keywords assign values to options like the timeout interval.
-They have the form
-.Dv +keyword=value .
-The query options are:
-.Bl -tag -width +[no]additional
-.It +[no]tcp
-Use [do not use] TCP when querying name servers.
-The default behaviour is to use UDP unless an AXFR or IXFR query is
-requested, in which case a TCP connection is used.
-.It +[no]vc
-Use [do not use] TCP when querying name servers.
-This alternate syntax to
-.Ar +[no]tcp
-is provided for backwards compatibility.
-The "vc" stands for "virtual circuit".
-.It +[no]ignore
-Ignore truncation in UDP responses instead of 
-retrying with TCP.  By default, TCP retries are
-performed.
-.It +domain=somename
-Set the default domain to
-.Ar somename ,
-as if specified in a
-.Dv domain
-directive in 
-.Pa /etc/resolv.conf .
-.It +[no]search
-Use [do not use] the search list in 
-.Pa resolv.conf 
-(if any).
-The search list is not used by default.
-.It +[no]defname
-Use [do not use] the default domain name, if any, in
-.Pa resolv.conf 
-The default is not to append that name to 
-.Ar name
-when making queries. 
-.It +[no]aaonly
-This option does nothing.
-It is provided for compatibilty with old versions of
-.Nm dig
-where it set an unimplemented resolver flag.
-.It +[no]adflag
-Set [do not set] the AD (authentic data) bit in the query.
-The AD bit currently has a standard meaning only in responses,
-not in queries, but the ability to set the bit in the query
-is provided for completeness.
-.It +[no]cdflag
-Set [do not set] the CD (checking disabled) bit in the query.
-This requests the server to not perform DNSSEC validation
-of responses.
-.It +[no]recursive
-Toggle the setting of the RD (recursion desired) bit in the query.
-This bit is set by default, which means 
-.Nm dig .
-normally sends recursive queries.
-Recursion is automatically disabled when the
-.Ar +nssearch
-or
-.Ar +trace
-query options are used.
-.It +[no]nssearch
-When this option is set,
-.Nm dig
-attempts to find the authoritative name servers for the zone containing
-the name being looked up and
-display the SOA record that each name server has for the zone.
-.It +[no]trace
-Toggle tracing of the delegation path from the root name servers for
-the name being looked up.
-Tracing is disabled by default.
-When tracing is enabled,
-.Nm dig
-makes iterative queries to resolve the name being looked up.
-It will follow referrals from the root servers, showing
-the answer from each server that was used to resolve the lookup.
-.It +[no]cmd
-toggles the printing of the initial comment in the output identifying
-the version of
-.Nm dig
-and the query options that have been applied.
-This comment is printed by default.
-.It +[no]short
-Provide a terse answer.
-The default is to print the answer in a verbose form.
-.It +[no]identify
-Show [or do not show] the IP address and port number that supplied the
-answer when the
-.Ar +short
-option is enabled.
-If short form answers are requested, the default is not to show
-the source address and port number of the server that provided the
-answer.
-.It +[no]comments
-Toggle the display of comment lines in the output.
-The default is to print comments.
-.It +[no]stats
-This query option toggles the printing of statistics: when the query was
-made, the size of the reply and so on.
-The default behaviour is to print the query statistics.
-.It +[no]qr
-Print [do not print] the query as it is sent.
-before sending the query.  By default, the query is not printed.
-.It +[no]question
-Print [do not print] the question section of a query when an answer is
-returned.
-The default is to print the question section as a comment.
-.It +[no]answer
-Display [do not display] the answer section of a reply.
-The default is to display it.
-.It +[no]authority
-Display [do not display] the authority section of a reply.
-The default is to display it.
-.It +[no]additional
-Display [do not display] the additional section of a reply.
-The default is to display it.
-.It +[no]all
-Set or clear all display flags
-.It +time=T
-Sets the timeout for a query to
-.Dv T
-seconds.
-The default time out is 5 seconds.
-An attempt to set
-.Dv T
-to less than 1 will result in a query timeout of 1 second being applied.
-.It +tries=A
-Sets the number of times to retry UDP queries to server to
-.Dv T
-instead of the default, 3.
-If 
-.Dv T
-is less than or equal to zero, the number of retries is silently rounded
-up to 1.
-.It +ndots=D
-Set the number of dots that have to appear in
-.Ar name
-to
-.Dv D
-for it to be considered absolute.  The default value is that
-defined using the ndots statement in
-.Pa /etc/resolv.conf ,
-or 1 if no ndots statement is present.  Names with fewer
-dots are interpreted as relative names and will be searched 
-for in the domains listed in the 
-.Dv search
-or
-.Dv domain
-directive in
-.Pa /etc/resolv.conf .
-.It +bufsize=B
-Set the UDP message buffer size advertised using EDNS0 to
-.Dv B
-bytes.
-The maximum and minimum sizes of this buffer are 65535 and 0
-respectively.
-Values outside this range are rounded up or down appropriately.
-.El
-.Sh MULTIPLE QUERIES
-.Pp
-The BIND 9
-implementation of
-.Nm dig 
-supports specifying multiple queries on the command line
-(in addition to supporting the
-.Fl f
-batch file option).
-Each of those queries can be supplied with its own set of flags,
-options and query options.
-.Pp
-In this case,
-.Ar query1 ,
-.Ar query2 
-and so on represent an individual query in the command-line syntax described
-above.
-Each consists of any of the standard options and flags, the name to be looked
-up, an optional query type and class and any query options that should
-be applied to that query.
-.Pp
-A global set of query options, which should be applied to all queries, can
-also be supplied.
-These global query options must precede the first tuple of name, class, type,
-options, flags, and query options supplied on the command line.
-Any global query options can be overridden by a
-query-specific set of query options.
-For example:
-.Bd -literal
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-.Ed
-.Pp
-shows how
-.Nm dig
-could be used from the command line to make three lookups: an ANY query
-for
-.Dv www.isc.org ,
-a reverse lookup of 127.0.0.1
-and
-a query for the NS records of
-.Dv isc.org .
-A global query option of
-.Ar +qr
-is applied, so that
-.Nm dig
-shows the initial query it made for each lookup.
-The final query has a local query option of
-.Ar +noqr
-which means that
-.Nm dig
-will not print the initial query when it looks up the
-NS records for
-.Dv isc.org .
-.Sh FILES
-.Pa /etc/resolv.conf
-.Sh SEE ALSO
-.Xr host 1 ,
-.Xr resolver 5 ,
-.Xr named 8 ,
-.Xr dnssec-keygen 8 ,
-.Xr RFC1035 .
-.Sh BUGS 
-There are probably too many query options. 

bin/dig/dig.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.131 2000/12/11 19:15:44 bwelling Exp $ */
+/* $Id: dig.c,v 1.131.2.1 2001/01/09 22:31:20 bwelling Exp $ */
 
 #include <config.h>
 #include <stdlib.h>

bin/dig/dighost.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.174 2000/12/11 19:15:45 bwelling Exp $ */
+/* $Id: dighost.c,v 1.174.2.4 2001/01/12 20:39:06 bwelling Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -440,6 +440,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 	looknew->section_authority = lookold->section_authority;
 	looknew->section_additional = lookold->section_additional;
 	looknew->retries = lookold->retries;
+	looknew->origin = lookold->origin;
 #ifdef DNS_OPT_NEWCODES_LIVE
 	strncpy(looknew->viewname, lookold-> viewname, MXNAME);
 	strncpy(looknew->zonename, lookold-> zonename, MXNAME);
@@ -1283,7 +1284,8 @@ setup_lookup(dig_lookup_t *lookup) {
 	 * is TRUE or we got a domain line in the resolv.conf file.
 	 */
 	/* XXX New search here? */
-	if ((count_dots(lookup->textname) >= ndots) || lookup->defname)
+	if ((count_dots(lookup->textname) >= ndots) ||
+	    (!lookup->defname && !usesearch))
 		lookup->origin = NULL; /* Force abs lookup */
 	else if (lookup->origin == NULL && lookup->new_search &&
 		 (usesearch || have_domain)) {
@@ -1521,6 +1523,12 @@ setup_lookup(dig_lookup_t *lookup) {
 	check_result(result, "dns_message_renderend");
 	debug("done rendering");
 
+	/*
+	 * Force TCP mode if the request is larger than 512 bytes.
+	 */
+	if (isc_buffer_usedlength(&lookup->sendbuf) > 512)
+		lookup->tcp_mode = ISC_TRUE;
+
 	lookup->pending = ISC_FALSE;
 
 	for (serv = ISC_LIST_HEAD(lookup->my_server_list);

bin/dig/host.1

@@ -1,214 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: host.1,v 1.6 2000/11/18 02:57:26 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt HOST 1
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm host
-.Nd DNS lookup utility
-.Sh SYNOPSIS
-.Nm host
-.Op Fl aCdlnrTwv
-.Op Fl c Ar class
-.Op Fl N Ar ndots
-.Op Fl R Ar number
-.Op Fl t Ar type
-.Op Fl W Ar wait
-.Ar name
-.Op Ar server
-.Sh DESCRIPTION
-.Nm host
-is a simple utility for performing DNS lookups.
-It is normally used to convert names to IP addresses and vice versa.
-When no arguments or options are given,
-.Nm host
-prints a short summary of its command line arguments and options.
-.Pp
-.Ar name
-is the domain name that is to be looked up.
-It can also be a dotted-decimal IPv4 address
-or a colon-delimited IPv6 address,
-in which case
-.Nm host
-will by default perform a reverse lookup for that address.
-.Ar server
-is an optional argument which is either the name or IP address of the
-name server that
-.Nm host
-should query instead of the server or servers listed in
-.Pa /etc/resolv.conf .
-.Pp
-The
-.Fl a
-(all) option is equivalent to setting the
-.Fl v
-option and asking
-.Nm host
-to make a query of type ANY.
-.Pp
-When the
-.Fl C
-option is used,
-.Nm host
-will attempt to display the SOA records for zone
-.Ar name
-from all the listed authoritative name servers for that zone.
-The list of name servers is defined by the NS records that are found for
-the zone.
-.Pp
-The
-.Fl c
-option instructs to make a DNS query of class
-.Ar class .
-This can be used to lookup Hesiod or Chaosnet class resource records.
-The default class is IN: Internet.
-.Pp
-Verbose output is generated by
-.Nm host
-when the
-.Fl d
-or
-.Fl v
-option is used.
-The two options are equivalent.
-They have been provided for backwards compatibility.
-In previous versions, the
-.Fl d
-option switched on debugging traces and
-.Fl v
-enabled verbose output.
-.Pp
-List mode is selected by the
-.Fl l
-option.
-This makes
-.Nm host
-perform a zone transfer for zone
-.Ar name .
-The argument is provided for compatibility with older implemementations.
-This option is equivalent to making a query of type AXFR.
-.Pp
-The
-.Fl n
-option specifies that reverse lookups of IPv6 addresses should
-use the IP6.INT domain and "nibble" labels as defined in RFC1886.
-The default is to use IP6.ARPA and binary labels as defined in RFC2874.
-.Pp
-The
-.Fl N
-option sets the number of dots that have to be in
-.Ar name
-for it to be considered absolute.  The default value is that
-defined using the ndots statement in
-.Pa /etc/resolv.conf ,
-or 1 if no ndots statement is present.  Names with fewer
-dots are interpreted as relative names and will be searched 
-for in the domains listed in the 
-.Dv search
-or
-.Dv domain
-directive in
-.Pa /etc/resolv.conf .
-.Pp
-The number of UDP retries for a lookup can be changed with the
-.Fl R
-option.
-.Ar number
-indicates how many times
-.Nm host
-will repeat a query that does not get answered.
-The default number of retries is 1.
-If
-.Ar number
-is negative or zero, the number of retries will default to 1.
-.Pp
-Non-recursive queries can be made via the
-.Fl r
-option.
-Setting this option clears the
-.Dv RD
-- recursion desired - bit in the query which
-.Nm host
-makes.
-This should mean that the name server receiving the query will not attempt
-to resolve
-.Ar name .
-The
-.Fl r
-option enables
-.Nm host
-to mimic the behaviour of a name server by making non-recursive queries
-and expecting to receive answers to those queries that are usually
-referrals to other name servers.
-.Pp
-By default
-.Nm host
-uses UDP when making queries.
-The
-.Fl T
-option makes it use a TCP connection when querying the name server.
-TCP will be automatically selected for queries that require it, 
-such as zone transfer (AXFR) requests.
-.Pp
-The
-.Fl t
-option is used to select the query type.
-.Ar type
-can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc.
-When no query type is specified,
-.Nm host
-automatically selects an appropriate query type.
-By default it looks for A records, but if the
-.Fl C
-option was given, queries will be made for SOA records,
-and if
-.Ar name
-is a dotted-decimal IPv4 address or colon-delimited IPv6 address,
-.Nm host
-will query for PTR records.
-.Pp
-The time to wait for a reply can be controlled through the
-.Fl W
-and
-.Fl w
-options.
-The
-.Fl W
-option makes
-.Nm host
-wait for
-.Ar wait
-seconds.
-If
-.Ar wait
-is less than one,
-the wait interval is set to one second.
-When the
-.Fl w
-option is used,
-.Nm host
-will effectively wait forever for a reply.
-The time to wait for a response will be set to the number of seconds
-given by the hardware's maximum value for an integer quantity.
-.Sh FILES
-.Pa /etc/resolv.conf
-.Sh SEE ALSO
-.Xr dig 1 ,
-.Xr resolver 5
-.Xr named 8 .

bin/dig/host.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.60 2000/12/08 17:06:49 mws Exp $ */
+/* $Id: host.c,v 1.60.4.1 2001/01/09 22:31:24 bwelling Exp $ */
 
 #include <config.h>
 #include <stdlib.h>

bin/dig/include/dig/dig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.60 2000/12/08 17:06:52 mws Exp $ */
+/* $Id: dig.h,v 1.60.4.1 2001/01/09 22:31:26 bwelling Exp $ */
 
 #ifndef DIG_H
 #define DIG_H

bin/dig/nslookup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.69 2000/12/11 19:15:46 bwelling Exp $ */
+/* $Id: nslookup.c,v 1.69.2.3 2001/01/17 19:37:37 gson Exp $ */
 
 #include <config.h>
 
@@ -267,9 +267,6 @@ printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 					printf("\tmail addr = %s\n",
 					       ptr);
 					ptr = next_token(&input, " \t\r\n");
-					if (ptr == NULL)
-						break;
-					ptr = next_token(&input, " \t\r\n");
 					if (ptr == NULL)
 						break;
 					printf("\tserial = %s\n",
@@ -431,9 +428,6 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 					printf("\tmail addr = %s\n",
 					       ptr);
 					ptr = next_token(&input, " \t\r\n");
-					if (ptr == NULL)
-						break;
-					ptr = next_token(&input, " \t\r\n");
 					if (ptr == NULL)
 						break;
 					printf("\tserial = %s\n",
@@ -862,6 +856,7 @@ static void
 parse_args(int argc, char **argv) {
 	isc_boolean_t have_lookup = ISC_FALSE;
 
+	usesearch = ISC_TRUE;
 	for (argc--, argv++; argc > 0; argc--, argv++) {
 		debug("main parsing %s", argv[0]);
 		if (argv[0][0] == '-') {

bin/dnssec/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.13 2000/12/12 20:21:33 bwelling Exp $
+# $Id: Makefile.in,v 1.13.2.1 2001/01/09 22:31:28 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dnssec/dnssec-keygen.8

@@ -1,309 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: dnssec-keygen.8,v 1.11 2000/11/18 02:57:34 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt DNSSEC-KEYGEN 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-keygen
-.Nd key generation tool for DNSSEC
-.Sh SYNOPSIS
-.Nm dnssec-keygen
-.Fl a Ar algorithm
-.Fl b Ar keysize
-.Op Fl c Ar class
-.Op Fl e
-.Op Fl g Ar generator
-.Op Fl h
-.Fl n Ar nametype
-.Op Fl p Ar protocol-value
-.Op Fl r Ar randomdev
-.Op Fl s Ar strength-value
-.Op Fl t Ar type
-.Op Fl v Ar level
-.Ar name
-.Sh DESCRIPTION
-.Nm dnssec-keygen
-generates keys for DNSSEC, Secure DNS, as defined in RFC2535.
-It also generates keys for use in Transaction Signatures, TSIG, which
-is defined in RFC2845.
-.Pp
-A short summary of the options and arguments to
-.Nm dnssec-keygen
-is printed by the
-.Fl h
-(help) option.
-.Pp
-The
-.Fl a ,
-.Fl b ,
-and
-.Fl n
-options and their arguments must be supplied when generating keys.
-The domain name that the key has to be generated for is given by
-.Ar name .
-.Pp
-The choice of encryption algorithm is selected by the
-.Fl a
-option to
-.Nm dnssec-keygen .
-.Ar algorithm
-must be one of
-.Dv RSAMD5 ,
-.Dv DH ,
-.Dv DSA
-or
-.Dv HMAC-MD5
-to indicate that an RSA, Diffie-Hellman, Digital Signature
-Algorithm or HMAC-MD5 key is required.
-An argument of
-.Dv RSA
-can also be given, which is equivalent to
-.Dv RSAMD5 .
-The argument identifying the encryption algorithm is case-insensitive.
-DNSSEC specifies DSA as a mandatory algorithm and RSA as a recommended one.
-Implementations of TSIG must support HMAC-MD5.
-.Pp
-The number of bits in the key is determined by the
-.Ar keysize
-argument following the
-.Fl b
-option.
-The choice of key size depends on the algorithm that is used.
-RSA keys must be between 512 and 2048 bits.
-Diffie-Hellman keys must be between 128 and 4096 bits.
-For DSA, the key size must be between 512 and 1024 bits and a multiple
-of 64.
-The length of an HMAC-MD5 key can be between 1 and 512 bits.
-.Pp
-The
-.Fl n
-option specifies how the generated key will be used.
-.Ar nametype
-can be either
-.Dv ZONE ,
-.Dv HOST ,
-.Dv ENTITY ,
-or
-.Dv USER
-to indicate that the key will be used for signing a zone, host,
-entity or user respectively.
-In this context
-.Dv HOST
-and
-.Dv ENTITY
-are identical.
-.Ar nametype
-is case-insensitive.
-.Pp
-The
-.Fl c
-option specifies that the when creating a KEY record, the specified class
-should be used instead of IN.
-.Pp
-The
-.Fl e
-option can only be used when generating RSA keys.
-It tells
-.Nm dnssec-keygen
-to use a large exponent.
-When creating Diffie-Hellman keys, the
-.Fl g
-option selects the Diffie-Hellman generator
-.Ar generator
-that is to be used.
-The only supported values value of
-.Ar generator
-are 2 and 5.
-If no Diffie-Hellman generator is supplied, a known prime
-from RFC2539 will be used if possible; otherwise 2 will be used as the
-generator.
-.Pp
-The
-.Fl p
-option sets the protocol value for the generated key to
-.Ar protocol-value .
-The default is 2 (email) for keys of type
-.Dv USER
-and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in RFC2535 and its
-successors.
-.Pp
-.Nm dnssec-keygen
-uses random numbers to seed the process
-of generating keys.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-keygen
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making
-.Nm dnssec-keygen
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The key's strength value can be set with the
-.Fl s
-option.
-The generated key will sign DNS resource records
-with a strength value of
-.Ar strength-value .
-It should be a number between 0 and 15.
-The default strength is zero.
-The key strength field currently has no defined purpose in DNSSEC.
-.Pp
-The
-.Fl t
-option indicates if the key is to be used for authentication or
-confidentiality.
-.Ar type
-can be one of
-.Dv AUTHCONF ,
-.Dv NOAUTHCONF ,
-.Dv NOAUTH
-or
-.Dv NOCONF .
-The default is
-.Dv AUTHCONF .
-If type is
-.Dv AUTHCONF
-the key can be used for authentication and confidentialty.
-Setting
-.Ar type
-to
-.Dv NOAUTHCONF
-indicates that the key cannot be used for authentication or confidentialty.
-A value of
-.Dv NOAUTH
-means the key can be used for confidentiality but not for
-authentication.
-Similarly,
-.Dv NOCONF
-defines that the key cannot be used for confidentiality though it can
-be used for authentication.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-keygen
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-keygen
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh GENERATED KEYS
-When
-.Nm dnssec-keygen
-completes it prints a string of the form
-.Ar Knnnn.+aaa+iiiii
-on the standard output.
-This is an identification string for the key it has generated.
-These strings can be supplied as arguments to
-.Xr dnssec-makekeyset 8 .
-.Pp
-The
-.Ar nnnn.
-part is the dot-terminated domain name given by
-.Ar name .
-The DNSSEC algorithm identifier is indicated by
-.Ar aaa -
-001 for RSA, 002 for Diffie-Hellman, 003 for DSA or 157 for HMAC-MD5.
-.Ar iiiii
-is a five-digit number identifying the key.
-.Pp
-.Nm dnssec-keygen
-creates two files.
-The file names are adapted from the key identification string above.
-They have names of the form:
-.Ar Knnnn.+aaa+iiiii.key
-and
-.Ar Knnnn.+aaa+iiiii.private .
-These contain the public and private parts of the key respectively.
-The files generated by
-.Nm dnssec-keygen
-obey this naming convention to
-make it easy for the signing tool
-.Xr dnssec-signzone 8
-to identify which file(s) have to be read to find the necessary
-key(s) for generating or validating signatures.
-.Pp
-The
-.Ar .key
-file contains a KEY resource record that can be inserted into a zone file
-with a
-.Dv $INCLUDE
-statement.
-The private part of the key is in the
-.Ar .private
-file.
-It contains details of the encryption algorithm that was used and any
-relevant parameters: prime number, exponent, modulus, subprime, etc.
-For obvious security reasons, this file does not have general read
-permission.
-The private part of the key is used by
-.Xr dnssec-signzone 8
-to generate signatures and the public part is used to verify the
-signatures.
-Both
-.Ar .key
-and
-.Ar .private
-key files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
-.Sh EXAMPLE
-To generate a 768-bit DSA key for the domain
-.Dv example.com ,
-the following command would be issued:
-.Pp
-.Dl # dnssec-keygen -a DSA -b 768 -n ZONE example.com
-.Dl Kexample.com.+003+26160
-.Pp
-.Nm dnssec-keygen
-has printed the key identification string
-.Dv Kexample.com.+003+26160 ,
-indicating a DSA key with identifier 26160.
-It will also have created the files
-.Pa Kexample.com.+003+26160.key
-and
-.Pa Kexample.com.+003+26160.private
-containing respectively the public and private keys for the generated
-DSA key.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr RFC2845,
-.Xr RFC2539,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 ,
-.Xr dnssec-signzone 8 .
-.Sh BUGS
-The naming convention for the public and private key files is a little
-clumsy.
-It won't work for domain names that are longer than 236 characters
-because of the
-.Ar .+aaa+iiiii.private
-suffix results in filenames that are too long for most
-.Ux
-systems.

bin/dnssec/dnssec-keygen.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.45 2000/12/11 19:15:48 bwelling Exp $ */
+/* $Id: dnssec-keygen.c,v 1.45.2.1 2001/01/09 22:31:29 bwelling Exp $ */
 
 #include <config.h>
 

bin/dnssec/dnssec-makekeyset.8

@@ -1,210 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: dnssec-makekeyset.8,v 1.9 2000/11/18 02:57:35 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt DNSSEC-MAKEKEYSET 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-makekeyset
-.Nd produce a set of DNSSEC keys
-.Sh SYNOPSIS
-.Nm dnssec-makekeyset
-.Op Fl h
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl t Ar TTL
-.Op Fl r Ar randomdev
-.Op Fl p
-.Op Fl v Ar level
-.Ar keyfile ....
-.Sh DESCRIPTION
-.Nm dnssec-makekeyset
-generates a key set from one or more keys created by
-.Xr dnssec-keygen 8 .
-It creates a file containing KEY and SIG records for some zone which
-can then be signed by the zone's parent if the parent zone is
-DNSSEC-aware.
-.Ar keyfile
-should be a key identification string as reported by
-.Xr dnssec-keygen 8 :
-i.e.
-.Ar Knnnn.+aaa+iiiii
-where
-.Ar nnnn
-is the name of the key,
-.Ar aaa
-is the encryption algorithm and
-.Ar iiiii
-is the key identifier.
-Multiple
-.Ar keyfile
-arguments can be supplied when there are several keys to be combined
-by
-.Nm dnssec-makekeyset
-into a key set.
-.Pp
-For any SIG records that are in the key set, the start time when the
-SIG records become valid is specified with the
-.Fl s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Fl s
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Fl e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is written as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-makekeyset
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-An alternate source of random data can be specified with the
-.Fl r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Fl r
-option is used,
-.Nm dnssec-makekeyset
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-makekeyset
-to use pseudo-random data when self-signing the keyset.  This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when the entropy source is limited.
-.Pp
-The
-.Fl t
-option is followed by a time-to-live argument
-.Ar TTL
-which indicates the TTL value that will be assigned to the assembled KEY
-and SIG records in the output file.
-.Ar TTL
-is expressed in seconds.
-If no
-.Fl t
-option is provided,
-.Nm dnssec-makekeyset
-prints a warning and uses a default TTL of 3600 seconds.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-makekeyset
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-makekeyset
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-The
-.Fl h
-option makes
-.Nm dnssec-makekeyset
-to print a short summary of its options and arguments.
-.Pp
-If
-.Nm dnssec-makekeyset
-is successful, it creates a file name of the form
-.Ar keyset-nnnn. .
-This file contains the KEY and SIG records for domain
-.Dv nnnn ,
-the domain name part from the key file identifier produced when
-.Nm dnssec-keygen
-created the domain's public and private keys.
-The
-.Ar keyset
-file can then be transferred to the DNS administrator of the parent
-zone for them to sign the contents with
-.Xr dnssec-signkey 8 .
-.Sh EXAMPLE
-The following command generates a key set for the DSA key for
-.Dv example.com
-that was shown in the
-.Xr dnssec-keygen 8
-man page.
-The backslash is for typographic reasons and would not be provided on
-the command line when running
-.Nm dnssec-makekeyset .
-.nf
-.Dl # dnssec-makekeyset -t 86400 -s 20000701120000 \e\p
-.Dl -e +2592000 Kexample.com.+003+26160
-.fi
-.Pp
-.Nm dnssec-makekeyset
-will create a file called
-.Pa keyset-example.com.
-containing a SIG and KEY record for
-.Dv example.com.
-These records will have a TTL of 86400 seconds (1 day).
-The SIG record becomes valid at noon UTC on July 1st 2000 and expires
-30 days (2592000 seconds) later.
-.Pp
-The DNS administrator for
-.Dv example.com
-could then send
-.Pa keyset-example.com.
-to the DNS administrator for
-.Dv .com
-so that they could sign the resource records in the file.
-This assumes that the
-.Dv .com
-zone is DNSSEC-aware and the administrators of the two zones have some
-mechanism for authenticating each other and exchanging the keys and
-signatures securely.
-.Sh FILES
-.Pa /dev/random .
-.Sh SEE ALSO
-.Xr RFC2535 ,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-signkey 8 .

bin/dnssec/dnssec-makekeyset.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-makekeyset.c,v 1.45 2000/12/07 20:15:43 marka Exp $ */
+/* $Id: dnssec-makekeyset.c,v 1.45.4.1 2001/01/09 22:31:32 bwelling Exp $ */
 
 #include <config.h>
 

bin/dnssec/dnssec-signkey.8

@@ -1,209 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: dnssec-signkey.8,v 1.11 2000/11/18 02:57:37 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNKEY 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signkey
-.Nd DNSSEC keyset signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signkey
-.Op Fl h
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl c Ar class
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar keyset
-.Ar keyfile ...
-.Sh DESCRIPTION
-.Nm dnssec-signkey
-is used to sign a key set for a child zone.
-Typically this would be provided by a
-.Ar keyset
-file generated by
-.Xr dnssec-makekeyset 8 .
-This provides a mechanism for a DNSSEC-aware zone to sign the keys of
-any DNSSEC-aware child zones.
-The child zone's key set gets signed with the zone keys for its parent
-zone.
-.Ar keyset
-will be the pathname of the child zone's
-.Ar keyset
-file.
-Each
-.Ar keyfile
-argument will be a key identification string as reported by
-.Xr dnssec-keygen 8
-for the parent zone.
-This allows the child's keys to be signed by more than one
-parent zone key.
-.Pp
-The
-.Fl h
-option makes
-.Nm dnssec-signkey
-print a short summary of its command line options
-and arguments.
-.Pp
-By default, the validity period of the generated SIG records is copied
-from that of the signatures in the input key set.  This may be overriden
-with the
-.Fl s
-and
-.Fl e
-options, both of which must be present if either is.
-The start of the validity period is specified with the
-.Fl s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Fl s
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Fl e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is written as now+N,
-the SIG records will expire in N seconds after the current time.
-.Pp
-The
-.Fl c
-option specifies that the KEY records in the input and output key sets should
-have the specified class instead of IN.
-.Pp
-.Nm dnssec-signkey
-may need random numbers in the process of generating keys.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-signkey
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making
-.Nm dnssec-signkey
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys.  This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign or if the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require as much protection against cryptanalysis, such as when the key
-will be discarded long before it could be compromised.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-signkey
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signkey
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-When
-.Nm dnssec-signkey
-completes successfully, it generates a file called
-.Ar signedkey-nnnn.
-containing the signed keys for child zone
-.Ar nnnn .
-The keys from the
-.Ar keyset
-file will have been signed by the parent zone's key or keys which were
-supplied as
-.Ar keyfile
-arguments.
-This file should be sent to the DNS administrator of the child zone.
-They arrange for its contents to be incorporated into the zone file
-when it next gets signed with
-.Xr dnssec-signzone 8 .
-A copy of the generated
-.Ar signedkey
-file should be kept by the parent zone's DNS administrator, since
-it will be needed when signing the parent zone.
-.Sh EXAMPLE
-The DNS administrator for a DNSSEC-aware
-.Dv .com
-zone would use the following command to make
-.Nm dnssec-signkey
-sign the
-.Ar keyset
-file for
-.Dv example.com
-created in the example shown in the man page for
-.Xr dnssec-makekeyset 8 :
-.Pp
-.Dl # dnssec-signkey keyset-example.com. Kcom.+003+51944
-.Pp
-where
-.Dv Kcom.+003+51944
-was a key file identifier that was produced when
-.Xr dnssec-keygen 8
-generated a key for the
-.Dv .com
-zone.
-.Pp
-.Nm dnssec-signkey
-will produce a file called
-.Dv signedkey-example.com.
-which has the keys for
-.Dv example.com
-signed by the
-.Dv com
-zone's zone key.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signzone 8 .

bin/dnssec/dnssec-signkey.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signkey.c,v 1.45 2000/12/11 19:15:49 bwelling Exp $ */
+/* $Id: dnssec-signkey.c,v 1.45.2.1 2001/01/09 22:31:33 bwelling Exp $ */
 
 #include <config.h>
 

bin/dnssec/dnssec-signzone.8

@@ -1,285 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: dnssec-signzone.8,v 1.16 2000/12/07 02:20:07 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNZONE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signzone
-.Nd DNSSEC zone signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signzone
-.Op Fl a
-.Op Fl c Ar class
-.Op Fl d Ar directory
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl i Ar interval
-.Op Fl o Ar origin
-.Op Fl f Ar output-file
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl t
-.Op Fl v Ar level
-.Op Fl n Ar nthreads
-.Ar zonefile
-.Op keyfile ....
-.Sh DESCRIPTION
-.Pp
-.Nm dnssec-signzone
-is used to sign a zone.
-Any
-.Ar signedkey
-files for the zone to be signed should be present in the current
-directory, along with the keys that will be used to sign the zone.
-If no
-.Ar keyfile
-arguments are supplied, the default behaviour is to use all of the zone's
-keys that are present in the current directory.
-Providing specific
-.Ar keyfile
-arguments constrains
-.Nm dnssec-signzone
-to only use those keys for signing the zone.
-Each
-.Ar keyfile
-argument would be an identification string for a key created with
-.Xr dnssec-keygen 8 .
-If the zone to be signed has any secure subzones, the
-.Ar signedkey
-files for those subzones need to be available in the
-current working directory used by
-.Nm dnssec-signzone .
-.Pp
-.Ar zonefile
-is the name of the unsigned zone file.
-Unless the file name is the same as the name of the zone, the
-.Fl o
-option should be given.
-.Ar origin
-will be the fully qualified domain origin for the zone.
-.Pp
-.Nm dnssec-signzone
-will generate NXT and SIG records for the zone and produce a signed
-version of the zone.
-If there is a
-.Ar signedkey
-file from the zone's parent, the parent's signatures will be
-incorporated into the generated signed zone file.
-The security status of delegations from the the signed zone
-- i.e. whether the child zones are DNSSEC-aware or not - is
-set according to the presence or absence of a
-.Ar signedkey
-file for the child in case.
-.Pp
-By default,
-.Nm dnssec-signzone
-generates a file called
-.Ar zonefile.signed
-containing the signed zone file.
-The output file name can be overridden usign the
-.Fl f
-option.
-.\" Don't hyphenate YYYYMMDDHHMMSS
-.nh YYYYMMDDHHMMSS
-.Pp
-.Nm dnssec-signzone
-does not verify the signatures by default.
-The
-.Fl a
-option makes it verify the signatures it generated.
-.Pp
-The date and time when the generated
-SIG records become valid can be specified with the
-.Fl s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Fl s
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Fl e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is supplied as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-signzone
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-When a previously signed zone is passed as input to
-.Nm dnssec-signzone ,
-records may be resigned.  Whether or not to resign records is configurable
-by using the
-.Fl i
-option, which specifies the cycle interval as an offset from the current time
-(in seconds).  If a SIG record expires after the cycle interval, it is
-retained.  Otherwise, it is considered to be expiring soon, and
-.Nm dnssec-signzone
-will remove it and generate a new SIG record to replace it.
-.Pp
-The default cycle interval is one quarter of the difference between the
-specified signature end and start dates.  So if the
-.Fl e
-and
-.Fl s
-options are not specified,
-.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current date
-by default, with a cycle interval of 7.5 days.  Therefore, if any SIG records
-are due to expire in less than 7.5 days, they would be replaced
-with new ones.
-.Pp
-.Nm dnssec-signzone
-may need random numbers in the process of signing the zone.
-If the system does not have a
-.Pa /dev/random
-device that can be used for generating random numbers,
-.Nm dnssec-signzone
-will prompt for keyboard input and use the time intervals between
-keystrokes to provide randomness.
-The
-.Fl r
-option overrides this behaviour, making
-.Nm dnssec-signzone
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The
-.Fl p
-option instructs
-.Nm dnssec-signzone
-to use pseudo-random data when signing the keys.  This is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when signing large zones or when the
-entropy source is limited.
-.Pp
-The
-.Fl t
-option causes
-.Nm dnssec-signzone
-to print various statistics after signing the zone.
-.Pp
-The
-.Fl c
-option specifies that the KEY records in the input and output key sets should
-have the specified class instead of IN.
-.Pp
-The
-.Fl d
-option specifies that
-.Nm dnssec-signzone
-should look in a directory other than the current directory for signedkey
-files.
-.Pp
-An option of
-.Fl h
-makes
-.Nm dnssec-signzone
-print a short summary of its command line options
-and arguments.
-.Pp
-The
-.Fl v
-option can be used to make
-.Nm dnssec-signzone
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signzone
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-The
-.Fl n
-option can be used to change the threading behavior.  By default,
-.Nm dnssec-signzone
-attempts to determine the number of CPUs present, and create one thread
-per CPU.  The
-.Fl n
-option causes a different number of threads to be created.
-.Sh EXAMPLE
-The example below shows how
-.Nm dnssec-signzone
-could be used to sign the
-.Dv example.com
-zone with the key that was generated in the example given in the
-man page for
-.Xr dnssec-keygen 8 .
-The zone file for this zone is
-.Dv example.com ,
-which is the same as the origin, so there is no need to use the
-.Fl o
-option to set the origin.
-The zone's keys were either appended to the zone file or
-incorporated using a
-.Dv $INCLUDE
-statement.
-If there was a
-.Ar signedkey
-file from the parent zone - i.e.
-.Dv signedkey-example.com.
-- it should be present in the current directory.
-This allows the parent zone's signature to be included in the signed
-version of the
-.Dv example.com
-zone.
-.Pp
-.Dl # dnssec-signzone example.com Kexample.com.+003+26160
-.Pp
-.Nm dnssec-signzone
-will create a file called
-.Dv example.com.signed ,
-the signed version of the
-.Dv example.com
-zone.
-This file can then be referenced in a
-.Dv zone{}
-statement in
-.Pa /etc/named.conf
-so that it can be loaded by the name server.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-signkey 8 .

bin/dnssec/dnssec-signzone.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Portions Copyright (C) 1999-2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -17,7 +17,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.126 2000/12/15 19:26:54 gson Exp $ */
+/* $Id: dnssec-signzone.c,v 1.126.2.2 2001/01/12 23:44:02 gson Exp $ */
 
 #include <config.h>
 
@@ -409,8 +409,8 @@ signset(dns_diff_t *diff, dns_dbnode_t *node, dns_name_t *name,
 		} else {
 			tuple = NULL;
 			result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
-						      name, 0, &sigrdata,
-						      &tuple);
+						      name, sigset.ttl,
+						      &sigrdata, &tuple);
 			check_result(result, "dns_difftuple_create");
 			dns_diff_append(diff, &tuple);
 			INCSTAT(ndropped);
@@ -724,7 +724,9 @@ nxt_setbit(dns_rdataset_t *rdataset, dns_rdatatype_t type) {
 }
 
 static void
-createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name) {
+createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
+	      dns_ttl_t ttl)
+{
 	unsigned char keydata[4];
 	dns_rdata_t keyrdata = DNS_RDATA_INIT;
 	dns_rdata_key_t key;
@@ -754,7 +756,7 @@ createnullkey(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name) {
 
 	dns_diff_init(mctx, &diff);
 
-	result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, zonettl,
+	result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, ttl,
 				      &keyrdata, &tuple);
 	check_result(result, "dns_difftuple_create");
 
@@ -824,9 +826,11 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 	 */
 	if (isdelegation) {
 		dns_rdataset_t keyset;
+		dns_ttl_t nullkeyttl;
 
 		childkey = haschildkey(name);
 		neednullkey = ISC_TRUE;
+		nullkeyttl = zonettl;
 
 		dns_rdataset_init(&keyset);
 		result = dns_db_findrdataset(gdb, node, gversion,
@@ -835,12 +839,19 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 		if (result == ISC_R_SUCCESS && childkey) {
 			char namestr[DNS_NAME_FORMATSIZE];
 			dns_name_format(name, namestr, sizeof namestr);
-			fatal("%s has both a signedkey file and KEY "
-			      "records in the zone.  Aborting.", namestr);
+			if (hasnullkey(&keyset)) {
+				fatal("%s has both a signedkey file and "
+				      "null keys in the zone.  Aborting.",
+				      namestr);
+			}
+			vbprintf(2, "child key for %s found\n", namestr);
+			neednullkey = ISC_FALSE;
+			dns_rdataset_disassociate(&keyset);
 		}
 		else if (result == ISC_R_SUCCESS) {
 			if (hasnullkey(&keyset))
 				neednullkey = ISC_FALSE;
+			nullkeyttl = keyset.ttl;
 			dns_rdataset_disassociate(&keyset);
 		} else if (childkey) {
 			char namestr[DNS_NAME_FORMATSIZE];
@@ -850,7 +861,7 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 		}
 
 		if (neednullkey)
-			createnullkey(gdb, gversion, name);
+			createnullkey(gdb, gversion, name, nullkeyttl);
 	}
 
 	/*
@@ -913,7 +924,8 @@ signname(dns_dbnode_t *node, dns_name_t *name) {
 	if (result != ISC_R_SUCCESS) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(name, namestr, sizeof namestr);
-		fatal("failed to add SIGs at node %s", namestr);
+		fatal("failed to add SIGs at node '%s': %s",
+		      namestr, isc_result_totext(result));
 	}
 	dns_diff_clear(&diff);
 }

bin/dnssec/dnssectool.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.26 2000/12/27 00:11:23 bwelling Exp $ */
+/* $Id: dnssectool.c,v 1.26.2.1 2001/01/09 22:31:35 bwelling Exp $ */
 
 #include <config.h>
 

bin/dnssec/dnssectool.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.12 2000/09/26 22:11:25 bwelling Exp $ */
+/* $Id: dnssectool.h,v 1.12.4.1 2001/01/09 22:31:36 bwelling Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1

bin/lwresd/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.13 2000/08/17 02:11:39 bwelling Exp $
+# $Id: Makefile.in,v 1.13.4.1 2001/01/09 22:31:38 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/lwresd/client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.30 2000/08/01 01:11:30 tale Exp $ */
+/* $Id: client.c,v 1.30.4.1 2001/01/09 22:31:39 bwelling Exp $ */
 
 #include <config.h>
 

bin/lwresd/client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.18 2000/08/01 01:11:31 tale Exp $ */
+/* $Id: client.h,v 1.18.4.1 2001/01/09 22:31:40 bwelling Exp $ */
 
 #ifndef LWD_CLIENT_H
 #define LWD_CLIENT_H 1

bin/lwresd/err_pkt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: err_pkt.c,v 1.7 2000/08/01 01:11:32 tale Exp $ */
+/* $Id: err_pkt.c,v 1.7.4.1 2001/01/09 22:31:41 bwelling Exp $ */
 
 #include <config.h>
 

bin/lwresd/main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.45 2000/08/01 01:11:33 tale Exp $ */
+/* $Id: main.c,v 1.45.4.1 2001/01/09 22:31:42 bwelling Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.

bin/lwresd/process_gabn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: process_gabn.c,v 1.31 2000/08/01 01:11:34 tale Exp $ */
+/* $Id: process_gabn.c,v 1.31.4.1 2001/01/09 22:31:44 bwelling Exp $ */
 
 #include <config.h>
 

bin/lwresd/process_gnba.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: process_gnba.c,v 1.26 2000/08/01 01:11:35 tale Exp $ */
+/* $Id: process_gnba.c,v 1.26.4.1 2001/01/09 22:31:46 bwelling Exp $ */
 
 #include <config.h>
 

bin/lwresd/process_noop.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: process_noop.c,v 1.9 2000/08/01 01:11:36 tale Exp $ */
+/* $Id: process_noop.c,v 1.9.4.1 2001/01/09 22:31:47 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2000  Internet Software Consortium.
+# Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.63 2000/12/06 01:04:09 bwelling Exp $
+# $Id: Makefile.in,v 1.63.4.1 2001/01/09 22:31:48 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/named/aclconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.24 2000/11/27 19:42:20 gson Exp $ */
+/* $Id: aclconf.c,v 1.24.4.1 2001/01/09 22:31:49 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.136 2000/12/19 19:21:39 gson Exp $ */
+/* $Id: client.c,v 1.136.2.2 2001/01/16 23:25:16 bwelling Exp $ */
 
 #include <config.h>
 
@@ -256,8 +256,6 @@ client_free(ns_client_t *client) {
 		isc_buffer_free(&client->opt_view);
 #endif /* DNS_OPT_NEWCODES */
 	dns_message_destroy(&client->message);
-	if (client->task != NULL)
-		isc_task_detach(&client->task);
 	if (client->manager != NULL) {
 		manager = client->manager;
 		LOCK(&manager->lock);
@@ -270,6 +268,14 @@ client_free(ns_client_t *client) {
 		UNLOCK(&manager->lock);
 	}
 
+	/*
+	 * Detaching the task must be done after unlinking from
+	 * the manager's lists because the manager accesses
+	 * client->task.
+	 */
+	if (client->task != NULL)
+		isc_task_detach(&client->task);
+
 	CTRACE("free");
 	client->magic = 0;
 	isc_mem_put(client->mctx, client, sizeof *client);

bin/named/include/named/aclconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.h,v 1.10 2000/11/27 19:42:27 gson Exp $ */
+/* $Id: aclconf.h,v 1.10.4.1 2001/01/09 22:32:22 bwelling Exp $ */
 
 #ifndef NS_ACLCONF_H
 #define NS_ACLCONF_H 1

bin/named/include/named/client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.48 2000/12/02 04:29:24 gson Exp $ */
+/* $Id: client.h,v 1.48.4.1 2001/01/09 22:32:23 bwelling Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1

bin/named/include/named/globals.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.51 2000/12/12 23:05:57 bwelling Exp $ */
+/* $Id: globals.h,v 1.51.2.1 2001/01/09 22:32:25 bwelling Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1

bin/named/include/named/interfacemgr.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.h,v 1.21 2000/09/26 18:26:20 gson Exp $ */
+/* $Id: interfacemgr.h,v 1.21.4.1 2001/01/09 22:32:26 bwelling Exp $ */
 
 #ifndef NAMED_INTERFACEMGR_H
 #define NAMED_INTERFACEMGR_H 1

bin/named/include/named/listenlist.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.h,v 1.9 2000/08/01 01:12:06 tale Exp $ */
+/* $Id: listenlist.h,v 1.9.4.1 2001/01/09 22:32:27 bwelling Exp $ */
 
 #ifndef NAMED_LISTENLIST_H
 #define NAMED_LISTENLIST_H 1

bin/named/include/named/log.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.h,v 1.16 2000/11/23 01:32:46 gson Exp $ */
+/* $Id: log.h,v 1.16.4.1 2001/01/09 22:32:28 bwelling Exp $ */
 
 #ifndef NAMED_LOG_H
 #define NAMED_LOG_H 1

bin/named/include/named/logconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.8 2000/08/01 01:12:08 tale Exp $ */
+/* $Id: logconf.h,v 1.8.4.1 2001/01/09 22:32:29 bwelling Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1

bin/named/include/named/lwaddr.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.h,v 1.1 2000/11/15 23:56:23 bwelling Exp $ */
+/* $Id: lwaddr.h,v 1.1.4.1 2001/01/09 22:32:30 bwelling Exp $ */
 
 #include <lwres/lwres.h>
 

bin/named/include/named/lwdclient.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.10 2000/11/02 01:53:25 bwelling Exp $ */
+/* $Id: lwdclient.h,v 1.10.4.1 2001/01/09 22:32:31 bwelling Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1

bin/named/include/named/lwresd.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.9 2000/10/31 22:39:29 bwelling Exp $ */
+/* $Id: lwresd.h,v 1.9.4.1 2001/01/09 22:32:33 bwelling Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1

bin/named/include/named/lwsearch.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.h,v 1.2 2000/10/28 00:09:46 bwelling Exp $ */
+/* $Id: lwsearch.h,v 1.2.4.1 2001/01/09 22:32:34 bwelling Exp $ */
 
 #ifndef NAMED_LWSEARCH_H
 #define NAMED_LWSEARCH_H 1

bin/named/include/named/main.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.h,v 1.6 2000/08/01 01:12:11 tale Exp $ */
+/* $Id: main.h,v 1.6.4.1 2001/01/09 22:32:35 bwelling Exp $ */
 
 #ifndef NAMED_MAIN_H
 #define NAMED_MAIN_H 1

bin/named/include/named/notify.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: notify.h,v 1.8 2000/08/01 01:12:12 tale Exp $ */
+/* $Id: notify.h,v 1.8.4.1 2001/01/09 22:32:36 bwelling Exp $ */
 
 #ifndef NAMED_NOTIFY_H
 #define NAMED_NOTIFY_H 1

bin/named/include/named/omapi.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: omapi.h,v 1.17 2000/12/12 23:03:16 bwelling Exp $ */
+/* $Id: omapi.h,v 1.17.2.1 2001/01/09 22:32:37 bwelling Exp $ */
 
 #ifndef NAMED_OMAPI_H
 #define NAMED_OMAPI_H 1

bin/named/include/named/query.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.h,v 1.23 2000/11/13 21:33:58 bwelling Exp $ */
+/* $Id: query.h,v 1.23.4.1 2001/01/09 22:32:38 bwelling Exp $ */
 
 #ifndef NAMED_QUERY_H
 #define NAMED_QUERY_H 1

bin/named/include/named/server.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.48 2000/12/12 21:33:11 bwelling Exp $ */
+/* $Id: server.h,v 1.48.2.1 2001/01/09 22:32:39 bwelling Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1

bin/named/include/named/sortlist.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sortlist.h,v 1.3 2000/11/15 18:12:38 gson Exp $ */
+/* $Id: sortlist.h,v 1.3.4.1 2001/01/09 22:32:40 bwelling Exp $ */
 
 #ifndef NAMED_SORTLIST_H
 #define NAMED_SORTLIST_H 1

bin/named/include/named/tkeyconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tkeyconf.h,v 1.7 2000/11/27 19:42:29 gson Exp $ */
+/* $Id: tkeyconf.h,v 1.7.4.1 2001/01/09 22:32:41 bwelling Exp $ */
 
 #ifndef NS_TKEYCONF_H
 #define NS_TKEYCONF_H 1

bin/named/include/named/tsigconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tsigconf.h,v 1.7 2000/11/27 19:42:30 gson Exp $ */
+/* $Id: tsigconf.h,v 1.7.4.1 2001/01/09 22:32:43 bwelling Exp $ */
 
 #ifndef NS_TSIGCONF_H
 #define NS_TSIGCONF_H 1

bin/named/include/named/types.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.17 2000/10/31 22:39:30 bwelling Exp $ */
+/* $Id: types.h,v 1.17.4.1 2001/01/09 22:32:44 bwelling Exp $ */
 
 #ifndef NAMED_TYPES_H
 #define NAMED_TYPES_H 1

bin/named/include/named/update.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.h,v 1.7 2000/09/13 01:30:34 marka Exp $ */
+/* $Id: update.h,v 1.7.4.1 2001/01/09 22:32:45 bwelling Exp $ */
 
 #ifndef NAMED_UPDATE_H
 #define NAMED_UPDATE_H 1

bin/named/include/named/xfrout.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.h,v 1.6 2000/08/01 01:12:19 tale Exp $ */
+/* $Id: xfrout.h,v 1.6.4.1 2001/01/09 22:32:46 bwelling Exp $ */
 
 #ifndef NAMED_XFROUT_H
 #define NAMED_XFROUT_H 1

bin/named/include/named/zoneconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.h,v 1.14 2000/11/27 19:42:31 gson Exp $ */
+/* $Id: zoneconf.h,v 1.14.4.1 2001/01/09 22:32:47 bwelling Exp $ */
 
 #ifndef NS_ZONECONF_H
 #define NS_ZONECONF_H 1

bin/named/interfacemgr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.54 2000/12/15 01:07:52 gson Exp $ */
+/* $Id: interfacemgr.c,v 1.54.2.1 2001/01/09 22:31:52 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/listenlist.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.c,v 1.8 2000/08/01 01:11:41 tale Exp $ */
+/* $Id: listenlist.c,v 1.8.4.1 2001/01/09 22:31:53 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/log.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.c,v 1.27 2000/12/11 19:19:08 bwelling Exp $ */
+/* $Id: log.c,v 1.27.2.1 2001/01/09 22:31:54 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/logconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.26 2000/11/29 13:30:43 marka Exp $ */
+/* $Id: logconf.c,v 1.26.4.1 2001/01/09 22:31:55 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwaddr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.c,v 1.2 2000/12/11 19:19:09 bwelling Exp $ */
+/* $Id: lwaddr.c,v 1.2.2.1 2001/01/09 22:31:56 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdclient.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.c,v 1.11 2000/11/02 01:53:23 bwelling Exp $ */
+/* $Id: lwdclient.c,v 1.11.4.1 2001/01/09 22:31:57 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwderror.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwderror.c,v 1.6 2000/11/15 23:29:29 tale Exp $ */
+/* $Id: lwderror.c,v 1.6.4.1 2001/01/09 22:31:58 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdgabn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.10 2000/11/15 23:56:20 bwelling Exp $ */
+/* $Id: lwdgabn.c,v 1.10.4.1 2001/01/09 22:32:00 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdgnba.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgnba.c,v 1.8 2000/10/17 18:34:52 bwelling Exp $ */
+/* $Id: lwdgnba.c,v 1.8.4.1 2001/01/09 22:32:01 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdgrbn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgrbn.c,v 1.6 2000/12/22 21:17:59 gson Exp $ */
+/* $Id: lwdgrbn.c,v 1.6.2.1 2001/01/09 22:32:02 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwdnoop.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdnoop.c,v 1.5 2000/10/12 20:45:18 bwelling Exp $ */
+/* $Id: lwdnoop.c,v 1.5.4.1 2001/01/09 22:32:03 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/lwresd.8

@@ -1,168 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: lwresd.8,v 1.9 2000/11/18 02:57:27 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt LWRESD 8
-.Os BIND9 9
-.ds vT BIND 9 Programmer's Manual
-.Sh NAME
-.Nm lwresd
-.Nd lightweight resolver daemon
-.Sh SYNOPSIS
-.Nm lwresd
-.Op Fl C Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl i Ar pid-file
-.Op Fl n Ar #cpus
-.Op Fl P Ar listen-port#
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Op Fl v
-.Sh DESCRIPTION
-.Nm lwresd
-is the daemon providing name lookup services to clients that use
-the BIND 9 lightweight resolver library.
-It is essentially a stripped-down, caching-only name server that
-answers queries using the BIND 9 lightweight resolver protocol
-rather than the DNS protocol.
-.Pp
-.Nm lwresd
-listens for resolver queries on a UDP port on the IPv4 loopback
-interface, 127.0.0.1.
-This means that
-.Nm lwresd
-can only be used by processes running on the local machine.
-By default UDP port number 921 is used for lightweight resolver
-requests and responses.
-.Pp
-Incoming lightweight resolver requests are decoded by
-.Nm lwresd
-which then resolves them using the DNS protocol.
-When the DNS lookup completes,
-.Nm lwresd
-encodes the answers from the name servers in the lightweight
-resolver format and returns them to the client that made the original
-request.
-.Pp
-If
-.Pa /etc/resolv.conf
-contains any
-.Sy nameserver
-entries,
-.Nm lwresd
-sends recursive DNS queries to those servers.  This
-is similar to the use of forwarders in a chaching name
-server.  If no
-.Sy nameserver
-entries are  present, or if forwarding fails,
-.Nm lwresd
-resolves the queries autonomously starting at the
-root name servers, using a compiled-in list of root
-servers hints.
-.Pp
-The options to
-.Nm lwresd
-are as follows:
-.Bl -tag -width Ds
-.It Fl C
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm lwresd
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm lwresd
-in the foreground.
-.It Fl g
-run
-.Nm lwresd
-in the foreground and force all logging to
-.Dv stderr .
-.It Fl i
-write the daemon's process id to
-.Ar pid-file
-instead of the default pathname.
-.It Fl n
-create
-.Ar #cpus
-worker threads to take advantage of multiple CPUs.
-If no option is given,
-.Nm lwresd
-will try to determine the number of CPUs present and create
-one thread per CPU.  If
-.Nm lwresd
-is unable to determine the number of CPUs, a single worker thread
-is created.
-.It Fl P
-listen for lightweight resolver queries on the loopback interface
-using UDP port
-.Ar port#
-instead of the default port number, 921.
-.It Fl p
-send DNS lookups to port number
-.Ar listen-port#
-when querying name servers.
-This provides a way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard port number.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is only of interest to BIND 9 developers and may be
-removed or changed in a future release.
-.It Fl t
-tells
-.Nm lwresd
-to chroot() to
-.Ar directory
-immediately after reading its configuration file.
-.It Fl u
-run
-.Nm lwresd
-as
-.Ar user-id ,
-which is a user name or numeric id that must be present in the
-password file.
-The lightweight resolver daemon will change its user-id after it has
-carried out any privileged operations, such as writing the process-id
-file or binding a socket to a privileged port (typically any port
-less than 1024).
-.It Fl v
-report the version number and exit.
-.El
-.Sh FILES
-.Bl -tag -width  /var/run/lwresd.pid -compact
-.It Pa /etc/resolv.conf
-default configuration file
-.It Pa /var/run/lwresd.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr lwres 3 .
-.Sh NOTES
-.Nm lwresd
-is a daemon for lightweight resolvers, not a lightweight daemon
-for resolvers.

bin/named/lwresd.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.27 2000/12/13 00:15:02 tale Exp $ */
+/* $Id: lwresd.c,v 1.27.2.1 2001/01/09 22:32:05 bwelling Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.

bin/named/lwsearch.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.c,v 1.6 2000/12/23 22:02:47 tale Exp $ */
+/* $Id: lwsearch.c,v 1.6.2.1 2001/01/09 22:32:06 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.97 2000/12/12 23:05:54 bwelling Exp $ */
+/* $Id: main.c,v 1.97.2.1 2001/01/09 22:32:07 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/named.8

@@ -1,172 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: named.8,v 1.11 2000/11/18 02:57:29 bwelling Exp $
-
-.Dd Jun 30, 2000
-.Dt NAMED 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named
-.Nd Internet domain name server
-.Sh SYNOPSIS
-.Nm named
-.Op Fl c Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl n Ar #cpus
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Op Fl v
-.Op Fl x Ar cache-file
-.Sh DESCRIPTION
-.Nm named
-is a Domain Name System (DNS) server, part of the BIND 9 distribution
-from ISC.  For more information on the DNS, see RFCs 1033, 1034, and 1035.
-.Pp
-When invoked without arguments,
-.Nm named
-will read the default configuration file
-.Pa /etc/named.conf ,
-read any initial data, and listen for queries.
-.Pp
-The options to
-.Nm named
-are as follows:
-.Bl -tag -width Ds
-.It Fl c
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/named.conf .
-To ensure that reloading the configuration file continues to 
-work after the server has changed its working directory 
-due to to a possible 
-.Dv directory
-option in the configuration file, 
-.Ar config-file
-should be an absolute pathname.
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm named
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm named
-in the foreground.
-.It Fl g
-run
-.Nm named
-in the foreground and force all logging to
-.Dv stderr .
-.It Fl n
-create
-.Ar #cpus
-worker threads to take advantage of multiple CPUs.
-If no option is given,
-.Nm named
-will try to determine the number of CPUs present and create
-one thread per CPU.  If
-.Nm named
-is unable to determine the number of CPUs, a single worker thread
-is created.
-.It Fl p
-listen for queries on  port
-.Ar port#
-instead of the default port number, 53.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is mainly of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm named
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-This should be used in conjunction with the
-.Fl u
-option, as chrooting a process running as root doesn't 
-enhance security on most systems - the way chroot() is defined
-allows a process with root privileges to escape the chroot jail.
-.It Fl u
-run
-.Nm named
-as UID
-.Ar user-id .
-.Nm named
-will change its UID after it has
-carried out any privileged operations, such as
-creating sockets that listen on privileged ports.
-.Pp
-On Linux, 
-.Nm named
-uses the kernel's capability mechanism to drop
-all root privileges except the ability to bind() to a privileged
-port.  Unfortunately, this means that the "-u" option only works 
-when 
-.Nm named
-is run on 2.3.99-pre3 or later kernel, since previous
-kernels did not allow privileges to be retained after setuid().
-.It Fl v
-report the version number and exit.
-.It Fl x
-load data from
-.Ar cache-file .
-into the cache of the default view.
-This option must not be used.
-It is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.El
-.Sh SIGNALS
-In routine operation, signals should not be used to \*qcontrol\*q the
-name server.
-.Nm rndc
-should be used instead.
-Sending the name server a
-.Dv SIGHUP
-signal forces a reload of the server.
-A
-.Dv SIGINT
-or
-.Dv SIGTERM
-signal can be used to gracefully shut down the server.
-Sending any other signals to the name server
-will have an undefined outcome.
-.\".Sh CONFIGURATION FILE FORMAT
-.\".Nm named 's
-.\"configuration file is too complex to describe in detail here.
-.\"A complete description is provided in the BIND9 Administrator
-.\"Reference Manual.
-.Sh FILES
-.Bl -tag -width  /var/run/named.pid -compact
-.It Pa /etc/named.conf
-default configuration file
-.It Pa /var/run/named.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr RFC1033 ,
-.Xr RFC1034 ,
-.Xr RFC1035 ,
-.Xr rndc 8 ,
-.Xr lwresd 8 ,
-BIND9 Administrator Reference Manual, June 2000.

bin/named/notify.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: notify.c,v 1.22 2000/12/11 19:19:11 bwelling Exp $ */
+/* $Id: notify.c,v 1.22.2.1 2001/01/09 22:32:08 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/omapi.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: omapi.c,v 1.29 2000/12/15 19:32:55 gson Exp $ */
+/* $Id: omapi.c,v 1.29.2.1 2001/01/09 22:32:09 bwelling Exp $ */
 
 /*
  * Principal Author: DCL

bin/named/omapiconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: omapiconf.c,v 1.14 2000/11/27 19:42:21 gson Exp $ */
+/* $Id: omapiconf.c,v 1.14.4.1 2001/01/09 22:32:10 bwelling Exp $ */
 
 /*
  * Principal Author: DCL

bin/named/query.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.c,v 1.163 2000/12/27 23:01:25 marka Exp $ */
+/* $Id: query.c,v 1.163.2.2 2001/01/09 22:32:12 bwelling Exp $ */
 
 #include <config.h>
 
@@ -3415,11 +3415,8 @@ ns_query_start(ns_client_t *client) {
 	message->flags |= DNS_MESSAGEFLAG_AA;
 
 	/*
-	 * Set AD.  We need only clear it if we add "pending" data to
-	 * a response.
-	 *
-	 * XXX  Note: the way AD is set will be changing in the near
-	 *      future.
+	 * Set AD.  We must clear it if we add non-validated data to a
+	 * response.
 	 */
 	if (WANTDNSSEC(client))
 		message->flags |= DNS_MESSAGEFLAG_AD;

bin/named/server.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.276 2000/12/15 21:11:38 gson Exp $ */
+/* $Id: server.c,v 1.276.2.1 2001/01/09 22:32:13 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/sortlist.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sortlist.c,v 1.3 2000/11/15 20:35:13 tale Exp $ */
+/* $Id: sortlist.c,v 1.3.4.1 2001/01/09 22:32:14 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/tkeyconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tkeyconf.c,v 1.16 2000/11/27 19:42:23 gson Exp $ */
+/* $Id: tkeyconf.c,v 1.16.4.1 2001/01/09 22:32:16 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/tsigconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tsigconf.c,v 1.14 2000/11/27 19:42:24 gson Exp $ */
+/* $Id: tsigconf.c,v 1.14.4.1 2001/01/09 22:32:17 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/unix/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 1999, 2000  Internet Software Consortium.
+# Copyright (C) 1999-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.5 2000/08/01 01:12:20 tale Exp $
+# $Id: Makefile.in,v 1.5.4.1 2001/01/09 22:32:49 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/named/unix/include/named/os.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.h,v 1.13 2000/11/08 18:58:02 mws Exp $ */
+/* $Id: os.h,v 1.13.4.1 2001/01/09 22:32:51 bwelling Exp $ */
 
 #ifndef NS_OS_H
 #define NS_OS_H 1

bin/named/unix/os.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: os.c,v 1.36 2000/12/14 18:29:57 marka Exp $ */
+/* $Id: os.c,v 1.36.2.2 2001/01/09 22:32:50 bwelling Exp $ */
 
 #include <config.h>
 #include <stdarg.h>
@@ -183,6 +183,12 @@ linux_initialprivs(void) {
 	 */
 	caps |= (1 << CAP_SETGID);
 
+	/*
+	 * Without this, we run into problems reading a configuration file
+	 * owned by a non-root user and non-world-readable on startup.
+	 */
+	caps |= (1 << CAP_DAC_READ_SEARCH);
+
 	/*
 	 * XXX  We might want to add CAP_SYS_RESOURCE, though it's not
 	 *      clear it would work right given the way linuxthreads work.

bin/named/update.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.c,v 1.79 2000/12/28 01:29:09 marka Exp $ */
+/* $Id: update.c,v 1.79.2.1 2001/01/09 22:32:18 bwelling Exp $ */
 
 #include <config.h>
 

bin/named/xfrout.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.c,v 1.87 2000/12/22 18:32:06 gson Exp $ */
+/* $Id: xfrout.c,v 1.87.2.5 2001/01/12 20:33:17 bwelling Exp $ */
 
 #include <config.h>
 
@@ -436,7 +436,6 @@ static rrstream_methods_t ixfr_rrstream_methods = {
 
 typedef struct axfr_rrstream {
 	rrstream_t		common;
-	int 			state;
 	db_rr_iterator_t	it;
 	isc_boolean_t		it_valid;
 } axfr_rrstream_t;
@@ -1238,7 +1237,8 @@ failure:
  */
 static void
 sendstream(xfrout_ctx_t *xfr) {
-	dns_message_t *msg = NULL;
+	dns_message_t *tcpmsg = NULL;
+	dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
 	isc_result_t result;
 	isc_region_t used;
 	isc_region_t region;
@@ -1254,67 +1254,78 @@ sendstream(xfrout_ctx_t *xfr) {
 	isc_buffer_clear(&xfr->txlenbuf);
 	isc_buffer_clear(&xfr->txbuf);
 
-	/*
-	 * Build a response dns_message_t, temporarily storing the raw,
-	 * uncompressed owner names and RR data contiguously in xfr->buf.
-	 * We know that if the uncompressed data fits in xfr->buf,
-	 * the compressed data will surely fit in a TCP message.
-	 */
+	if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) {
+		/*
+		 * In the UDP case, we put the response data directly into
+		 * the client message.
+		 */
+		msg = xfr->client->message;
+		CHECK(dns_message_reply(msg, ISC_TRUE));
+	} else {
+		/*
+		 * TCP. Build a response dns_message_t, temporarily storing
+		 * the raw, uncompressed owner names and RR data contiguously
+		 * in xfr->buf.  We know that if the uncompressed data fits
+		 * in xfr->buf, the compressed data will surely fit in a TCP
+		 * message.
+		 */
 
-	msg = NULL;
-	CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &msg));
+		CHECK(dns_message_create(xfr->mctx,
+					 DNS_MESSAGE_INTENTRENDER, &tcpmsg));
+		msg = tcpmsg;
 
-	msg->id = xfr->id;
-	msg->rcode = dns_rcode_noerror;
-	msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
-	if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
-		msg->flags |= DNS_MESSAGEFLAG_RA;
-	dns_message_settsigkey(msg, xfr->tsigkey);
-	CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
-	if (xfr->lasttsig != NULL)
-		isc_buffer_free(&xfr->lasttsig);
-
-	/*
-	 * Include a question section in the first message only.
-	 * BIND 8.2.1 will not recognize an IXFR if it does not have a
-	 * question section.
-	 */
-	if (xfr->nmsg == 0) {
-		dns_name_t *qname = NULL;
-		isc_region_t r;
+		msg->id = xfr->id;
+		msg->rcode = dns_rcode_noerror;
+		msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
+		if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
+			msg->flags |= DNS_MESSAGEFLAG_RA;
+		dns_message_settsigkey(msg, xfr->tsigkey);
+		CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
+		if (xfr->lasttsig != NULL)
+			isc_buffer_free(&xfr->lasttsig);
 
 		/*
-		 * Reserve space for the 12-byte message header
-		 * and 4 bytes of question.
+		 * Include a question section in the first message only.
+		 * BIND 8.2.1 will not recognize an IXFR if it does not
+		 * have a question section.
 		 */
-		isc_buffer_add(&xfr->buf, 12 + 4);
+		if (xfr->nmsg == 0) {
+			dns_name_t *qname = NULL;
+			isc_region_t r;
 
-		qrdataset = NULL;
-		result = dns_message_gettemprdataset(msg, &qrdataset);
-		if (result != ISC_R_SUCCESS)
-			goto failure;
-		dns_rdataset_init(qrdataset);
-		dns_rdataset_makequestion(qrdataset,
-					  xfr->client->message->rdclass,
-					  xfr->qtype);
+			/*
+			 * Reserve space for the 12-byte message header
+			 * and 4 bytes of question.
+			 */
+			isc_buffer_add(&xfr->buf, 12 + 4);
 
-		result = dns_message_gettempname(msg, &qname);
-		if (result != ISC_R_SUCCESS)
-			goto failure;
-		dns_name_init(qname, NULL);
-		isc_buffer_availableregion(&xfr->buf, &r);
-		INSIST(r.length >= xfr->qname->length);
-		r.length = xfr->qname->length;
-		isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
-				  xfr->qname->length);
-		dns_name_fromregion(qname, &r);
-		ISC_LIST_INIT(qname->list);
-		ISC_LIST_APPEND(qname->list, qrdataset, link);
+			qrdataset = NULL;
+			result = dns_message_gettemprdataset(msg, &qrdataset);
+			if (result != ISC_R_SUCCESS)
+				goto failure;
+			dns_rdataset_init(qrdataset);
+			dns_rdataset_makequestion(qrdataset,
+					xfr->client->message->rdclass,
+					xfr->qtype);
 
-		dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
+			result = dns_message_gettempname(msg, &qname);
+			if (result != ISC_R_SUCCESS)
+				goto failure;
+			dns_name_init(qname, NULL);
+			isc_buffer_availableregion(&xfr->buf, &r);
+			INSIST(r.length >= xfr->qname->length);
+			r.length = xfr->qname->length;
+			isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
+					  xfr->qname->length);
+			dns_name_fromregion(qname, &r);
+			ISC_LIST_INIT(qname->list);
+			ISC_LIST_APPEND(qname->list, qrdataset, link);
+
+			dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
+		}
+		else
+			msg->tcp_continuation = 1;
 	}
-	else
-		msg->tcp_continuation = 1;
 
 	/*
 	 * Try to fit in as many RRs as possible, unless "one-answer"
@@ -1439,12 +1450,7 @@ sendstream(xfrout_ctx_t *xfr) {
 				      xfr));
 		xfr->sends++;
 	} else {
-		xfrout_log(xfr, ISC_LOG_DEBUG(8),
-			   "sending IXFR UDP response");
-		/* XXX kludge */
-		dns_message_destroy(&xfr->client->message);
-		xfr->client->message = msg;
-		msg = NULL;
+		xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
 		ns_client_send(xfr->client);
 		xfr->stream->methods->pause(xfr->stream);
 		xfrout_ctx_destroy(&xfr);
@@ -1457,27 +1463,24 @@ sendstream(xfrout_ctx_t *xfr) {
 	xfr->nmsg++;
 
  failure:
-	/*
-	 * XXXRTH  need to cleanup qname and qrdataset...
-	 */
-	if (msg != NULL) {
-		if (msgname != NULL) {
-			if (msgrds != NULL) {
-				if (dns_rdataset_isassociated(msgrds))
-					dns_rdataset_disassociate(msgrds);
-				dns_message_puttemprdataset(msg, &msgrds);
-			}
-			if (msgrdl != NULL) {
-				ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
-				dns_message_puttemprdatalist(msg, &msgrdl);
-			}
-			if (msgrdata != NULL)
-				dns_message_puttemprdata(msg, &msgrdata);
-			dns_message_puttempname(msg, &msgname);
+	if (msgname != NULL) {
+		if (msgrds != NULL) {
+			if (dns_rdataset_isassociated(msgrds))
+				dns_rdataset_disassociate(msgrds);
+			dns_message_puttemprdataset(msg, &msgrds);
 		}
-		dns_message_destroy(&msg);
+		if (msgrdl != NULL) {
+			ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
+			dns_message_puttemprdatalist(msg, &msgrdl);
+		}
+		if (msgrdata != NULL)
+			dns_message_puttemprdata(msg, &msgrdata);
+		dns_message_puttempname(msg, &msgname);
 	}
 
+	if (tcpmsg != NULL)
+		dns_message_destroy(&tcpmsg);
+
 	/*
 	 * Make sure to release any locks held by database
 	 * iterators before returning from the event handler.

bin/named/zoneconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.c,v 1.78 2000/12/13 00:15:03 tale Exp $ */
+/* $Id: zoneconf.c,v 1.78.2.1 2001/01/09 22:32:21 bwelling Exp $ */
 
 #include <config.h>
 

bin/nsupdate/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.8 2000/09/20 19:05:55 gson Exp $
+# $Id: Makefile.in,v 1.8.4.1 2001/01/09 22:32:52 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/nsupdate/nsupdate.8

@@ -1,355 +0,0 @@
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-.\" $Id: nsupdate.8,v 1.11 2000/11/30 00:20:38 gson Exp $
-
-.Dd Jun 30, 2000
-.Dt NSUPDATE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm nsupdate
-.Nd Dynamic DNS update utility
-.Sh SYNOPSIS
-.Nm nsupdate
-.Op Fl d
-.Oo
-.Fl y Ar keyname:secret |
-.Fl k Ar keyfile
-.Oc
-.Op Fl v
-.Op filename
-.Sh DESCRIPTION
-.Nm nsupdate
-is used to submit Dynamic DNS Update requests as defined in RFC2136
-to a name server.
-This allows resource records to be added or removed from a zone
-without manually editing the zone file.
-A single update request can contain requests to add or remove more than one
-resource record.
-.Pp
-Zones that are under dynamic control via
-.Nm nsupdate
-or a DHCP server should not be edited by hand.
-Manual edits could
-conflict with dynamic updates and cause data to be lost.
-.Pp
-The resource records that are dynamically added or removed with
-.Nm nsupdate
-have to be in the same zone.
-Requests are sent to the zone's master server.
-This is identified by the MNAME field of the zone's SOA record.
-.Pp
-The
-.Fl d
-option makes
-.Nm nsupdate
-operate in debug mode.
-This provides tracing information about the update requests that are
-made and the replies received from the name server.
-.Pp
-Transaction signatures can be used to authenticate the Dynamic DNS
-updates.
-These use the TSIG resource record type described in RFC2845.
-The signatures rely on a shared secret that should only be known to
-.Nm nsupdate
-and the name server.
-Currently, the only supported encryption algorithm for TSIG is
-HMAC-MD5, which is defined in RFC 2104.
-Once other algorithms are defined for TSIG, applications will need to
-ensure they select the appropriate algorithm as well as the key when
-authenticating each other.
-For instance suitable
-.Dv key
-and
-.Dv server
-statements would be added to
-.Pa /etc/named.conf
-so that the name server can associate the appropriate secret key
-and algorithm with the IP address of the
-client application that will be using TSIG authentication.
-.Nm nsupdate
-does not read
-.Pa /etc/named.conf .
-.Pp
-.Nm nsupdate
-uses the
-.Fl y
-or
-.Fl k
-option to provide the shared secret needed to generate a TSIG record
-for authenticating Dynamic DNS update requests.
-These options are mutually exclusive.
-With the
-.Fl k
-option,
-.Nm nsupdate
-reads the shared secret from the file
-.Ar keyfile ,
-whose name is of the form 
-.Pa K{name}.+157.+{random}.private .
-For historical
-reasons, the file 
-.Pa K{name}.+157.+{random}.key
-must also be present.  When the
-.Fl y
-option is used, a signature is generated from
-.Ar keyname:secret.
-.Ar keyname
-is the name of the key,
-and
-.Ar secret
-is the base64 encoded shared secret.
-Use of the
-.Fl y
-option is discouraged because the shared secret is supplied as a command
-line argument in clear text.
-This may be visible in the output from
-.Xr ps 1
-or in a history file maintained by the user's shell.
-.Pp
-By default
-.Nm nsupdate
-uses UDP to send update requests to the name server.
-The
-.Fl v
-option makes
-.Nm nsupdate
-use a TCP connection.
-This may be preferable when a batch of update requests is made.
-.Sh INPUT FORMAT
-.Nm nsupdate
-reads input from
-.Ar filename
-or standard input.
-Each command is supplied on exactly one line of input.
-Some commands are for administrative purposes.
-The others are either update instructions or prerequisite checks on the
-contents of the zone.
-These checks set conditions that some name or set of
-resource records (RRset) either exists or is absent from the zone.
-These conditions must be met if the entire update request is to succeed.
-Updates will be rejected if the tests for the prerequisite conditions fail.
-.Pp
-Every update request consists of zero or more prerequisites
-and zero or more updates.
-This allows a suitably authenticated update request to proceed if some
-specified resource records are present or missing from the zone.
-A blank input line causes the accumulated commands to be sent as one Dynamic
-DNS update request to the name server.
-.Pp
-The command formats and their meaning are as follows:
-.Bl -ohang indent
-.It Xo
-.Ic server Va servername Op port
-.Xc
-.sp 1
-Sends all dynamic update requests to the name server
-.Va servername .
-When no server statement is provided,
-.Nm nsupdate
-will send updates to the master server of the correct zone.
-The MNAME field of that zone's SOA record will identify the master
-server for that zone.
-.Va port
-is the port number on
-.Va servername
-where the dynamic update requests get sent.
-If no port number is specified, the default DNS port number of 53 is
-used.
-.It Xo
-.Ic local Va address Op port
-.Xc
-.sp 1
-Sends all dynamic update requests using the local
-.Va address .
-When no local statement is provided,
-.Nm nsupdate
-will send updates using an address and port choosen by the system.
-.Va port
-can additionally be used to make requests come from a specific port.
-If no port number is specified, the system will assign one.
-.It Xo
-.Ic zone Va zonename
-.Xc
-.sp 1
-Specifies that all updates are to be made to the zone
-.Va zonename .
-If no
-.Va zone
-statement is provided,
-.Nm nsupdate
-will attempt determine the correct zone to update based on the rest of the input.
-.It Xo
-.Ic prereq nxdomain Va domain-name
-.Xc
-.sp 1
-Requires that no resource record of any type exists with name
-.Va domain-name .
-.It Xo
-.Ic prereq yxdomain Va domain-name
-.Xc
-.sp 1
-Requires that
-.Va domain-name
-exists (has as at least one resource record, of any type).
-.It Xo
-.Ic prereq nxrrset Va domain-name Op class
-.Va type
-.Xc
-.sp 1
-Requires that no resource record exists of the specified
-.Va type ,
-.Va class
-and
-.Va domain-name .
-If
-.Va class
-is omitted, IN (internet) is assumed.
-.It Xo
-.Ic prereq yxrrset
-.Va domain-name Op class
-.Va type
-.Xc
-.sp 1
-This requires that a resource record of the specified
-.Va type ,
-.Va class
-and
-.Va domain-name
-must exist.
-If
-.Va class
-is omitted, IN (internet) is assumed.
-.It Xo
-.Ic prereq yxrrset
-.Va domain-name Op class
-.Va type data...
-.Xc
-.sp 1
-The
-.Va data
-from each set of prerequisites of this form
-sharing a common
-.Va type ,
-.Va class ,
-and 
-.Va domain-name
-are combined to form a set of RRs.  This set of RRs must
-exactly match the set of RRs existing in the zone at the
-given 
-.Va type ,
-.Va class ,
-and 
-.Va domain-name .
-The
-.Va data
-are written in the standard text representation of the resource record's
-RDATA.
-.It Xo
-.Ic update delete
-.Va domain-name Op class
-.Va Op type Op data...
-.Xc
-.sp 1
-Deletes any resource records named
-.Va domain-name .
-If
-.Va type
-and
-.Va data
-is provided, only matching resource records will be removed.
-The internet class is assumed if
-.Va class
-is not supplied.
-.It Xo
-.Ic update add
-.Va domain-name ttl Op class
-.Va type data..
-.Xc
-.sp 1
-Adds a new resource record with the specified
-.Va ttl ,
-.Va class
-and
-.Va data .
-.El
-.Sh EXAMPLES
-The examples below show how
-.Nm nsupdate
-could be used to insert and delete resource records from the
-.Dv example.com
-zone.
-Notice that the input in each example contains a trailing blank line so that
-a group of commands are sent as one dynamic update request to the
-master name server for
-.Dv example.com .
-.Bd -literal -offset indent
-# nsupdate
-> update delete oldhost.example.com A
-> update add newhost.example.com 86400 A 172.16.1.1
->
-.Ed
-.Pp
-Any A records for
-.Dv oldhost.example.com
-are deleted.
-and an A record for
-.Dv newhost.example.com
-it IP address 172.16.1.1 is added.
-The newly-added record has a 1 day TTL (86400 seconds)
-.Bd -literal -offset indent
-# nsupdate
-> prereq nxdomain nickname.example.com
-> update add nickname.example.com CNAME somehost.example.com
->
-.Ed
-.Pp
-The prerequisite condition gets the name server to check that there
-are no resource records of any type for
-.Dv nickname.example.com .
-If there are, the update request fails.
-If this name does not exist, a CNAME for it is added.
-This ensures that when the CNAME is added, it cannot conflict with the
-long-standing rule in RFC1034 that a name must not exist as any other
-record type if it exists as a CNAME.
-(The rule has been updated for DNSSEC in RFC2535 to allow CNAMEs to have
-SIG, KEY and NXT records.)
-.Pp
-.Sh FILES
-.Bl -tag -width K{name}.+157.+{random}.private -compact
-.It Pa /etc/resolv.conf
-used to identify default name server
-.It Pa K{name}.+157.+{random}.key
-base-64 encoding of HMAC-MD5 key created by
-.Xr dnssec-keygen 8 .
-.It Pa K{name}.+157.+{random}.private
-base-64 encoding of HMAC-MD5 key created by
-.Xr dnssec-keygen 8 .
-.El
-.Sh SEE ALSO
-.Xr RFC2136 ,
-.Xr RFC2137 ,
-.Xr RFC2104 ,
-.Xr RFC2845 ,
-.Xr RFC1034 ,
-.Xr RFC2535 ,
-.Xr named 8 ,
-.Xr dnssec-keygen 8 .
-.Sh BUGS
-The TSIG key is redundantly stored in two separate files.
-This is a consequence of nsupdate using the DST library
-for its cryptographic operations, and may change in future
-releases.

bin/nsupdate/nsupdate.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nsupdate.c,v 1.75 2000/12/11 23:09:40 marka Exp $ */
+/* $Id: nsupdate.c,v 1.75.2.1 2001/01/09 22:32:54 bwelling Exp $ */
 
 #include <config.h>
 

bin/rndc/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2000  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.14 2000/09/20 19:05:56 gson Exp $
+# $Id: Makefile.in,v 1.14.4.1 2001/01/09 22:32:55 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@