Reserve space for NULL

Silence a compiler warning on openbsd and fix windows build

See merge request isc-projects/bind9!603

.gitattributes

@@ -1,2 +1,3 @@
+*.sln.in eol=crlf
 *.vcxproj.in eol=crlf
 *.vcxproj.filters.in eol=crlf

.gitignore

@@ -7,6 +7,8 @@ libtool
 /isc-config.sh
 /configure.lineno
 autom4te.cache/
+*.rej
+*.orig
 *.o
 *.lo
 *.so
@@ -18,13 +20,13 @@ autom4te.cache/
 *-symtbl.c
 timestamp
 ans.run
-lwresd.run
 named.run
 named.memstats
 gen.dSYM/
-.libs/
+.ccache/
 .deps/
 .dirstamp
+.libs/
 unit/atf-src/atf-c++/atf-c++.pc
 unit/atf-src/atf-c/atf-c.pc
 unit/atf-src/atf-c/defs.h

.gitlab-ci.yml

@@ -0,0 +1,370 @@
+variables:
+  DEBIAN_FRONTEND: noninteractive
+  LC_ALL: C
+  DOCKER_DRIVER: overlay2
+  CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
+  CCACHE_DIR: "/ccache"
+  CMDPREFIX: "bash -c"
+
+stages:
+  - precheck
+  - build
+  - test
+
+.centos-centos6-amd64: &centos_centos6_amd64_image
+  image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.centos-centos7-amd64: &centos_centos7_amd64_image
+  image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.debian-jessie-amd64: &debian_jessie_amd64_image
+  image: "$CI_REGISTRY_IMAGE:debian-jessie-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.debian-jessie-i386: &debian_jessie_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-jessie-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.debian-stretch-amd64: &debian_stretch_amd64_image
+  image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.debian-stretch-i386:: &debian_stretch_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-stretch-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.debian-buster-amd64: &debian_buster_amd64_image
+  image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.debian-buster-i386:: &debian_buster_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-buster-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.debian-sid-amd64: &debian_sid_amd64_image
+  image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.debian-sid-i386: &debian_sid_i386_image
+  image: "$CI_REGISTRY_IMAGE:debian-sid-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.ubuntu-trusty-amd64: &ubuntu_trusty_amd64_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.ubuntu-trusty-i386: &ubuntu_trusty_i386_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64"
+  tags:
+    - linux
+    - docker
+    - amd64
+
+.ubuntu-xenial-i386: &ubuntu_xenial_i386_image
+  image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-i386"
+  tags:
+    - linux
+    - docker
+    - i386
+
+.build: &build_job
+  stage: build
+  before_script:
+    - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
+#    - ./autogen.sh
+  script:
+    - $CMDPREFIX "./configure --enable-developer --with-libtool --disable-static --with-atf=/usr $EXTRA_CONFIGURE"
+    - $CMDPREFIX "make -j${PARALLEL_JOBS_BUILD:-1} -k all V=1"
+  artifacts:
+    expire_in: '1 hour'
+    untracked: true
+
+.system_test: &system_test_job
+  stage: test
+  before_script:
+    - rm -rf .ccache
+    - bash -x bin/tests/system/ifconfig.sh up
+    - export SOFTHSM_CONF="/tmp/softhsm.conf"
+    - echo "0:/tmp/softhsm.db" > $SOFTHSM_CONF
+    - if command -v softhsm2-util >/dev/null; then softhsm2-util --init-token --free --pin 0000 --so-pin 0000 --label "softhsm"; fi
+  script:
+    - $CMDPREFIX bash -x "cd bin/tests && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1"
+    - $CMDPREFIX bash -x "test -s bin/tests/system/systests.output"
+  artifacts:
+    untracked: true
+    expire_in: '1 week'
+    when: on_failure
+
+.unit_test: &unit_test_job
+  stage: test
+  before_script:
+    - export KYUA_RESULT="$CI_PROJECT_DIR/kyua.results"
+    - export SOFTHSM_CONF="/tmp/softhsm.conf"
+    - echo "0:/tmp/softhsm.db" > $SOFTHSM_CONF
+    - if command -v softhsm2-util >/dev/null; then softhsm2-util --init-token --free --pin 0000 --so-pin 0000 --label "softhsm"; fi
+  script:
+    - $CMDPREFIX "make unit"
+  after_script:
+    - kyua report-html --force --results-file kyua.results --results-filter "" --output kyua_html
+  artifacts:
+    paths:
+    - atf.out
+    - kyua.log
+    - kyua.results
+    - kyua_html/
+    expire_in: '1 week'
+    when: on_failure
+
+precheck:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  stage: precheck
+  script:
+    - sh util/checklibs.sh > checklibs.out
+    - perl util/check-changes CHANGES
+    - perl -w util/merge_copyrights
+    - diff -urNap util/copyrights util/newcopyrights
+    - rm util/newcopyrights
+    - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
+    - xmllint --noout --nonet --html `git ls-files '*.html'`
+  artifacts:
+    paths:
+    - util/newcopyrights
+    - checklibs.out
+    expire_in: '1 week'
+    when: on_failure
+
+#build:debian:jessie:amd64:
+#  <<: *debian_jessie_amd64_image
+#  <<: *build_job
+#
+#build:debian:jessie:i386:
+#  <<: *debian_jessie_i386_image
+#  <<: *build_job
+#
+#build:debian:stretch:amd64:
+#  <<: *debian_stretch_amd64_image
+#  <<: *build_job
+#
+#build:debian:buster:i386:
+#  <<: *debian_buster_i386_image
+#  <<: *build_job
+#
+#build:ubuntu:trusty:amd64:
+#  <<: *ubuntu_trusty_amd64_image
+#  <<: *build_job
+#
+#build:ubuntu:xenial:i386:
+#  <<: *ubuntu_xenial_i386_image
+#  <<: *build_job
+
+build:centos:centos6:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
+    CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos6_amd64_image
+  <<: *build_job
+
+build:centos:centos7:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2"
+    CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos7_amd64_image
+  <<: *build_job
+
+build:clang:debian:sid:amd64:
+  variables:
+    CC: clang-6.0
+    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2"
+  <<: *debian_sid_amd64_image
+  <<: *build_job
+
+build:debian:jessie:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+  <<: *debian_jessie_amd64_image
+  <<: *build_job
+
+build:debian:stretch:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+  <<: *debian_stretch_amd64_image
+  <<: *build_job
+
+build:debian:sid:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2"
+  <<: *debian_sid_amd64_image
+  <<: *build_job
+
+build:clang:debian:sid:i386:
+  variables:
+    CC: clang-6.0
+    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2"
+  <<: *debian_sid_i386_image
+  <<: *build_job
+
+build:debian:sid:i386:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+    EXTRA_CONFIGURE: "--with-libidn2"
+  <<: *debian_sid_i386_image
+  <<: *build_job
+
+unittest:centos:centos6:amd64:
+  variables:
+      CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos6_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:centos:centos6:amd64
+
+unittest:centos:centos7:amd64:
+  variables:
+      CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos7_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:centos:centos7:amd64
+
+unittest:debian:jessie:amd64:
+  <<: *debian_jessie_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:debian:jessie:amd64
+
+unittest:debian:stretch:amd64:
+  <<: *debian_stretch_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:debian:stretch:amd64
+
+unittest:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:debian:sid:amd64
+
+unittest:clang:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - build:clang:debian:sid:amd64
+
+unittest:debian:sid:i386:
+  <<: *debian_sid_i386_image
+  <<: *unit_test_job
+  dependencies:
+    - build:debian:sid:i386
+
+systemtest:centos:centos6:amd64:
+  variables:
+      CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos6_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - build:centos:centos6:amd64
+
+systemtest:centos:centos7:amd64:
+  variables:
+      CMDPREFIX: "scl enable devtoolset-7"
+  <<: *centos_centos7_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - build:centos:centos7:amd64
+
+systemtest:debian:jessie:amd64:
+  <<: *debian_jessie_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - build:debian:jessie:amd64
+
+systemtest:debian:stretch:amd64:
+  <<: *debian_stretch_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - build:debian:stretch:amd64
+
+systemtest:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - build:debian:sid:amd64
+
+systemtest:debian:sid:i386:
+  <<: *debian_sid_i386_image
+  <<: *system_test_job
+  dependencies:
+    - build:debian:sid:i386
+
+pkcs11:build:debian:sid:amd64:
+  variables:
+    CC: gcc
+    CFLAGS: "-Wall -Wextra -O2 -g"
+    EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
+  <<: *debian_sid_amd64_image
+  <<: *build_job
+
+pkcs11:unittest:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *unit_test_job
+  dependencies:
+    - pkcs11:build:debian:sid:amd64
+
+pkcs11:systemtest:debian:sid:amd64:
+  <<: *debian_sid_amd64_image
+  <<: *system_test_job
+  dependencies:
+    - pkcs11:build:debian:sid:amd64

.gitlab/issue_templates/Bug.md

@@ -0,0 +1,42 @@
+<!--
+If the bug you are reporting is potentially security-related - for example,
+if it involves an assertion failure or other crash in `named` that can be
+triggered repeatedly - then please do *NOT* report it here, but send an
+email to [security-officer@isc.org](security-officer@isc.org).
+-->
+
+### Summary
+
+(Summarize the bug encountered concisely.)
+
+### Steps to reproduce
+
+(How one can reproduce the issue - this is very important.)
+
+### What is the current *bug* behavior?
+
+(What actually happens.)
+
+### What is the expected *correct* behavior?
+
+(What you should see instead.)
+
+### Relevant configuration files
+
+(Paste any relevant configuration files - please use code blocks (```)
+to format console output. If submitting the contents of your
+configuration file in a non-confidential Issue, it is advisable to
+obscure key secrets: this can be done automatically by using
+`named-checkconf -px`.)
+
+### Relevant logs and/or screenshots
+
+(Paste any relevant logs - please use code blocks (```) to format console
+output, logs, and code, as it's very hard to read otherwise.)
+
+### Possible fixes
+
+(If you can, link to the line of code that might be responsible for the
+problem.)
+
+/label ~bug

.gitlab/issue_templates/Feature_Request.md

@@ -0,0 +1,11 @@
+### Description
+
+(Describe the problem, use cases, benefits, and/or goals.)
+
+### Request
+
+(Describe the solution you'd like to see.)
+
+### Links / references
+
+/label ~"feature request"

CONTRIBUTING

@@ -0,0 +1,186 @@
+BIND Source Access and Contributor Guidelines
+
+Feb 22, 2018
+
+Contents
+
+ 1. Access to source code
+ 2. Reporting bugs
+ 3. Contributing code
+
+Introduction
+
+Thank you for using BIND!
+
+BIND is open source software that implements the Domain Name System (DNS)
+protocols for the Internet. It is a reference implementation of those
+protocols, but it is also production-grade software, suitable for use in
+high-volume and high-reliability applications. It is by far the most
+widely used DNS software, providing a robust and stable platform on top of
+which organizations can build distributed computing systems with the
+knowledge that those systems are fully compliant with published DNS
+standards.
+
+BIND is and will always remain free and openly available. It can be used
+and modified in any way by anyone.
+
+BIND is maintained by the Internet Systems Consortium, a public-benefit
+501(c)(3) nonprofit, using a "managed open source" approach: anyone can
+see the source, but only ISC employees have commit access. Until recently,
+the source could only be seen once ISC had published a release: read
+access to the source repository was restricted just as commit access was.
+That's now changing, with the opening of a public git mirror to the BIND
+source tree (see below).
+
+Access to source code
+
+Public BIND releases are always available from the ISC FTP site.
+
+A public-access GIT repository is also available at https://gitlab.isc.org
+. This repository is a mirror, updated several times per day, of the
+source repository maintained by ISC. It contains all the public release
+branches; upcoming releases can be viewed in their current state at any
+time. It does not contain development branches or unreviewed work in
+progress. Commits which address security vulnerablilities are withheld
+until after public disclosure.
+
+You can browse the source online via https://gitlab.isc.org/isc-projects/
+bind9
+
+To clone the repository, use:
+
+      $ git clone https://gitlab.isc.org/isc-projects/bind9.git
+
+Release branch names are of the form v9_X, where X represents the second
+number in the BIND 9 version number. So, to check out the BIND 9.12
+branch, use:
+
+      $ git checkout v9_12
+
+Whenever a branch is ready for publication, a tag will be placed of the
+form v9_X_Y. The 9.12.0 release, for instance, is tagged as v9_12_0.
+
+The branch in which the next major release is being developed is called
+master.
+
+Reporting bugs
+
+Reports of flaws in the BIND package, including software bugs, errors in
+the documentation, missing files in the tarball, suggested changes or
+requests for new features, etc, can be filed using https://gitlab.isc.org/
+isc-projects/bind9/issues.
+
+Due to a large ticket backlog, we are sometimes slow to respond,
+especially if a bug is cosmetic or if a feature request is vague or low in
+priority, but we will try at least to acknowledge legitimate bug reports
+within a week.
+
+ISC's ticketing system is publicly readable; however, you must have an
+account to file a new issue. You can either register locally or use
+credentials from an existing account at GitHub, GitLab, Google, Twitter,
+or Facebook.
+
+Reporting possible security issues
+
+If you think you may be seeing a potential security vulnerability in BIND
+(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
+report it immediately by emailing to security-officer@isc.org. Plain-text
+e-mail is not a secure choice for communications concerning undisclosed
+security issues so please encrypt your communications to us if possible,
+using the ISC Security Officer public key.
+
+Do not discuss undisclosed security vulnerabilites on any public mailing
+list. ISC has a long history of handling reported vulnerabilities promptly
+and effectively and we respect and acknowledge responsible reporters.
+
+ISC's Security Vulnerability Disclosure Policy is documented at https://
+kb.isc.org/article/AA-00861/0.
+
+If you have a crash, you may want to consult ?What to do if your BIND or
+DHCP server has crashed.?
+
+Contributing code
+
+BIND is licensed under the Mozilla Public License 2.0. Earier versions
+(BIND 9.10 and earlier) were licensed under the ISC License
+
+ISC does not require an explicit copyright assignment for patch
+contributions. However, by submitting a patch to ISC, you implicitly
+certify that you are the author of the code, that you intend to reliquish
+exclusive copyright, and that you grant permission to publish your work
+under the open source license used for the BIND version(s) to which your
+patch will be applied.
+
+BIND code
+
+Patches for BIND may be submitted directly via merge requests in ISC's
+Gitlab source repository for BIND.
+
+Patches can also be submitted as diffs against a specific version of BIND
+-- preferably the current top of the master branch. Diffs may be generated
+using either git format-patch or git diff.
+
+Those wanting to write code for BIND may be interested in the developer
+information page, which includes information about BIND design and coding
+practices, including discussion of internal APIs and overall system
+architecture. (This is a work in progress, and still quite preliminary.)
+
+Every patch submitted will be reviewed by ISC engineers following our code
+review process before it is merged.
+
+It may take considerable time to review patch submissions, especially if
+they don't meet ISC style and quality guidelines. If a patch is a good
+idea, we can and will do additional work to bring it up to par, but if
+we're busy with other work, it may take us a long time to get to it.
+
+To ensure your patch is acted on as promptly as possible, please:
+
+  * Try to adhere to the BIND 9 coding style.
+  * Run make check to ensure your change hasn't caused any functional
+    regressions.
+  * Document your work, both in the patch itself and in the accompanying
+    email.
+  * In patches that make non-trivial functional changes, include system
+    tests if possible; when introducing or substantially altering a
+    library API, include unit tests. See Testing for more information.
+
+Changes to configure
+
+If you need to make changes to configure, you should not edit it directly;
+instead, edit configure.in, then run autoconf. Similarly, instead of
+editing config.h.in directly, edit configure.in and run autoheader.
+
+When submitting a patch as a diff, it's fine to omit the configure diffs
+to save space. Just send the configure.in diffs and we'll generate the new
+configure during the review process.
+
+Documentation
+
+All functional changes should be documented. There are three types of
+documentation in the BIND source tree:
+
+  * Man pages are kept alongside the source code for the commands they
+    document, in files ending in .docbook; for example, the named man page
+    is bin/named/named.docbook.
+  * The BIND 9 Administrator Reference Manual is mostly in doc/arm/
+    Bv9ARM-book.xml, plus a few other XML files that are included in it.
+  * API documentation is in the header file describing the API, in
+    Doxygen-formatted comments.
+
+It is not necessary to edit any documentation files other than these; all
+PDF, HTML, and nroff-format man page files will be updated automatically
+from the docbook and XML files after merging.
+
+Patches to improve existing documentation are also very welcome!
+
+Tests
+
+BIND is a large and complex project. We rely heavily on continuous
+automated testing and cannot merge new code without adequate test
+coverage. Please see the 'Testing' section of doc/dev/dev.md for more
+information.
+
+Thanks
+
+Thank you for your interest in contributing to the ongoing development of
+BIND.

CONTRIBUTING.md

@@ -0,0 +1,201 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+## BIND Source Access and Contributor Guidelines
+*Feb 22, 2018*
+
+### Contents
+
+1. [Access to source code](#access)
+1. [Reporting bugs](#bugs)
+1. [Contributing code](#contrib)
+
+### Introduction
+
+Thank you for using BIND!
+
+BIND is open source software that implements the Domain Name System (DNS)
+protocols for the Internet. It is a reference implementation of those
+protocols, but it is also production-grade software, suitable for use in
+high-volume and high-reliability applications.  It is by far the most
+widely used DNS software, providing a robust and stable platform on top of
+which organizations can build distributed computing systems with the
+knowledge that those systems are fully compliant with published DNS
+standards.
+
+BIND is and will always remain free and openly available.  It can be
+used and modified in any way by anyone.
+
+BIND is maintained by the [Internet Systems Consortium](https://www.isc.org),
+a public-benefit 501(c)(3) nonprofit, using a "managed open source" approach:
+anyone can see the source, but only ISC employees have commit access.
+Until recently, the source could only be seen once ISC had published
+a release: read access to the source repository was restricted just
+as commit access was.  That's now changing, with the opening of a
+public git mirror to the BIND source tree (see below).
+
+### <a name="access"></a>Access to source code
+
+Public BIND releases are always available from the
+[ISC FTP site](ftp://ftp.isc.org/isc/bind9).
+
+A public-access GIT repository is also available at
+[https://gitlab.isc.org](https://gitlab.isc.org).
+This repository is a mirror, updated several times per day, of the
+source repository maintained by ISC.  It contains all the public release
+branches; upcoming releases can be viewed in their current state at any
+time.  It does *not* contain development branches or unreviewed work in
+progress.  Commits which address security vulnerablilities are withheld
+until after public disclosure.
+
+You can browse the source online via
+[https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9)
+
+To clone the repository, use:
+
+>       $ git clone https://gitlab.isc.org/isc-projects/bind9.git
+
+Release branch names are of the form `v9_X`, where X represents the second
+number in the BIND 9 version number.  So, to check out the BIND 9.12
+branch, use:
+
+>       $ git checkout v9_12
+
+Whenever a branch is ready for publication, a tag will be placed of the
+form `v9_X_Y`.  The 9.12.0 release, for instance, is tagged as `v9_12_0`.
+
+The branch in which the next major release is being developed is called
+`master`.
+
+### <a name="bugs"></a>Reporting bugs
+
+Reports of flaws in the BIND package, including software bugs, errors
+in the documentation, missing files in the tarball, suggested changes
+or requests for new features, etc, can be filed using
+[https://gitlab.isc.org/isc-projects/bind9/issues](https://gitlab.isc.org/isc-projects/bind9/issues).
+
+Due to a large ticket backlog, we are sometimes slow to respond,
+especially if a bug is cosmetic or if a feature request is vague or
+low in priority, but we will try at least to acknowledge legitimate
+bug reports within a week.
+
+ISC's ticketing system is publicly readable; however, you must have
+an account to file a new issue. You can either register locally or
+use credentials from an existing account at GitHub, GitLab, Google,
+Twitter, or Facebook.
+
+### Reporting possible security issues
+If you think you may be seeing a potential security vulnerability in BIND
+(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
+report it immediately by emailing to security-officer@isc.org. Plain-text
+e-mail is not a secure choice for communications concerning undisclosed
+security issues so please encrypt your communications to us if possible,
+using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
+
+Do not discuss undisclosed security vulnerabilites on any public mailing list.
+ISC has a long history of handling reported vulnerabilities promptly and
+effectively and we respect and acknowledge responsible reporters.
+
+ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/article/AA-00861/0](https://kb.isc.org/article/AA-00861/0).
+
+If you have a crash, you may want to consult
+[‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
+
+### <a name="bugs"></a>Contributing code
+
+BIND is licensed under the
+[Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).
+Earier versions (BIND 9.10 and earlier) were licensed under the [ISC License](http://www.isc.org/downloads/software-support-policy/isc-license/)
+
+ISC does not require an explicit copyright assignment for patch
+contributions.  However, by submitting a patch to ISC, you implicitly
+certify that you are the author of the code, that you intend to reliquish
+exclusive copyright, and that you grant permission to publish your work
+under the open source license used for the BIND version(s) to which your
+patch will be applied.
+
+#### <a name="bind"></a>BIND code
+
+Patches for BIND may be submitted directly via merge requests in
+[ISC's Gitlab](https://gitlab.isc.org/isc-projects/bind9/) source
+repository for BIND.
+
+Patches can also be submitted as diffs against a specific version of
+BIND -- preferably the current top of the `master` branch.  Diffs may
+be generated using either `git format-patch` or `git diff`.
+
+Those wanting to write code for BIND may be interested in the
+[developer information](doc/dev/dev.md) page, which includes information
+about BIND design and coding practices, including discussion of internal
+APIs and overall system architecture.  (This is a work in progress, and
+still quite preliminary.)
+
+Every patch submitted will be reviewed by ISC engineers following our
+[code review process](doc/dev/dev.md#reviews) before it is merged.
+
+It may take considerable time to review patch submissions, especially if
+they don't meet ISC style and quality guidelines.  If a patch is a good
+idea, we can and will do additional work to bring it up to par, but if
+we're busy with other work, it may take us a long time to get to it.
+
+To ensure your patch is acted on as promptly as possible, please:
+
+* Try to adhere to the [BIND 9 coding style](doc/dev/style.md).
+* Run `make` `check` to ensure your change hasn't caused any
+  functional regressions.
+* Document your work, both in the patch itself and in the
+  accompanying email.
+* In patches that make non-trivial functional changes, include system
+  tests if possible; when introducing or substantially altering a
+  library API, include unit tests. See [Testing](doc/dev/dev.md#testing)
+  for more information.
+
+##### Changes to `configure`
+
+If you need to make changes to `configure`, you should not edit it
+directly; instead, edit `configure.in`, then run `autoconf`.  Similarly,
+instead of editing `config.h.in` directly, edit `configure.in` and run
+`autoheader`.
+
+When submitting a patch as a diff, it's fine to omit the `configure`
+diffs to save space.  Just send the `configure.in` diffs and we'll
+generate the new `configure` during the review process.
+
+##### Documentation
+
+All functional changes should be documented. There are three types
+of documentation in the BIND source tree:
+
+* Man pages are kept alongside the source code for the commands
+  they document, in files ending in `.docbook`; for example, the
+  `named` man page is `bin/named/named.docbook`.
+* The *BIND 9 Administrator Reference Manual* is mostly in
+  `doc/arm/Bv9ARM-book.xml`, plus a few other XML files that are included
+  in it.
+* API documentation is in the header file describing the API, in
+  Doxygen-formatted comments.
+
+It is not necessary to edit any documentation files other than these;
+all PDF, HTML, and `nroff`-format man page files will be updated
+automatically from the `docbook` and `XML` files after merging.
+
+Patches to improve existing documentation are also very welcome!
+
+##### Tests
+
+BIND is a large and complex project. We rely heavily on continuous
+automated testing and cannot merge new code without adequate test coverage.
+Please see [the 'Testing' section of doc/dev/dev.md](doc/dev/dev.md#testing)
+for more information.
+
+#### Thanks
+
+Thank you for your interest in contributing to the ongoing development
+of BIND.

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 1996-2016  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 1996-2018  Internet Systems Consortium, Inc. ("ISC")
 
 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this

FAQ

@@ -1,892 +0,0 @@
-Copyright ? 2004-2010, 2013, 2014 Internet Systems Consortium, Inc.
-("ISC")
-
-Copyright ? 2000-2003 Internet Software Consortium.
-
------------------------------------------------------------------------
-
-1. Compilation and Installation Questions
-
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not
-   being found. Why?
-
-A: Using a parallel or distributed "make" to build BIND 9 is not
-   supported, and doesn't work. If you are using one of these, use normal
-   make or gmake instead.
-
-Q: Isn't "make install" supposed to generate a default named.conf?
-
-A: Short Answer: No.
-
-   Long Answer: There really isn't a default configuration which fits any
-   site perfectly. There are lots of decisions that need to be made and
-   there is no consensus on what the defaults should be. For example
-   FreeBSD uses /etc/namedb as the location where the configuration files
-   for named are stored. Others use /var/named.
-
-   What addresses to listen on? For a laptop on the move a lot you may
-   only want to listen on the loop back interfaces.
-
-   To whom do you offer recursive service? Is there a firewall to
-   consider? If so, is it stateless or stateful? Are you directly on the
-   Internet? Are you on a private network? Are you on a NAT'd network? The
-   answers to all these questions change how you configure even a caching
-   name server.
-
-2. Configuration and Setup Questions
-
-Q: Why does named log the warning message "no TTL specified - using SOA
-   MINTTL instead"?
-
-A: Your zone file is illegal according to RFC1035. It must either have a
-   line like:
-
-   $TTL 86400
-
-   at the beginning, or the first record in it must have a TTL field, like
-   the "84600" in this example:
-
-   example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
-
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master
-   file bar: ran out of space"?
-
-A: This is often caused by TXT records with missing close quotes. Check
-   that all TXT records containing quoted strings have both open and close
-   quotes.
-
-Q: How do I restrict people from looking up the server version?
-
-A: Put a "version" option containing something other than the real version
-   in the "options" section of named.conf. Note doing this will not
-   prevent attacks and may impede people trying to diagnose problems with
-   your server. Also it is possible to "fingerprint" nameservers to
-   determine their version.
-
-Q: How do I restrict only remote users from looking up the server version?
-
-A: The following view statement will intercept lookups as the internal
-   view that holds the version information will be matched last. The
-   caveats of the previous answer still apply, of course.
-
-   view "chaos" chaos {
-           match-clients { <those to be refused>; };
-           allow-query { none; };
-           zone "." {
-                   type hint;
-                   file "/dev/null";  // or any empty file
-           };
-   };
-
-Q: What do "no source of entropy found" or "could not open entropy source
-   foo" mean?
-
-A: The server requires a source of entropy to perform certain operations,
-   mostly DNSSEC related. These messages indicate that you have no source
-   of entropy. On systems with /dev/random or an equivalent, it is used by
-   default. A source of entropy can also be defined using the
-   random-device option in named.conf.
-
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone
-   transfers. I'm sure I have the keys set up correctly, but the server is
-   rejecting the TSIG. Why?
-
-A: This may be a clock skew problem. Check that the the clocks on the
-   client and server are properly synchronized (e.g., using ntp).
-
-Q: I see a log message like the following. Why?
-
-   couldn't open pid file '/var/run/named.pid': Permission denied
-
-A: You are most likely running named as a non-root user, and that user
-   does not have permission to write in /var/run. The common ways of
-   fixing this are to create a /var/run/named directory owned by the named
-   user and set pid-file to "/var/run/named/named.pid", or set pid-file to
-   "named.pid", which will put the file in the directory specified by the
-   directory option (which, in this case, must be writable by the user
-   named is running as).
-
-Q: I can query the nameserver from the nameserver but not from other
-   machines. Why?
-
-A: This is usually the result of the firewall configuration stopping the
-   queries and / or the replies.
-
-Q: How can I make a server a slave for both an internal and an external
-   view at the same time? When I tried, both views on the slave were
-   transferred from the same view on the master.
-
-A: You will need to give the master and slave multiple IP addresses and
-   use those to make sure you reach the correct view on the other machine.
-
-   Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
-       internal:
-           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-                   notify-source 10.0.1.1;
-                   transfer-source 10.0.1.1;
-                   query-source address 10.0.1.1;
-       external:
-           match-clients { any; };
-           recursion no;   // don't offer recursion to the world
-           notify-source 10.0.1.2;
-           transfer-source 10.0.1.2;
-           query-source address 10.0.1.2;
-
-   Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
-       internal:
-           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-           notify-source 10.0.1.3;
-           transfer-source 10.0.1.3;
-           query-source address 10.0.1.3;
-      external:
-           match-clients { any; };
-           recursion no;   // don't offer recursion to the world
-           notify-source 10.0.1.4;
-           transfer-source 10.0.1.4;
-           query-source address 10.0.1.4;
-
-   You put the external address on the alias so that all the other dns
-   clients on these boxes see the internal view by default.
-
-A: BIND 9.3 and later: Use TSIG to select the appropriate view.
-
-   Master 10.0.1.1:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-           view "internal" {
-                   match-clients { !key external; // reject message ment for the
-                                                  // external view.
-                                   10.0.1/24; };  // accept from these addresses.
-                   ...
-           };
-           view "external" {
-                   match-clients { key external; any; };
-                   server 10.0.1.2 { keys external; };  // tag messages from the
-                                                        // external view to the
-                                                        // other servers for the
-                                                        // view.
-                   recursion no;
-                   ...
-           };
-
-   Slave 10.0.1.2:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-           view "internal" {
-                   match-clients { !key external; 10.0.1/24; };
-                   ...
-           };
-           view "external" {
-                   match-clients { key external; any; };
-                   server 10.0.1.1 { keys external; };
-                   recursion no;
-                   ...
-           };
-
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME
-   and other data" when transferring a zone. What does this mean?
-
-A: These indicate a malformed master zone. You can identify the exact
-   records involved by transferring the zone using dig then running
-   named-checkzone on it.
-
-   dig axfr example.com @master-server > tmp
-   named-checkzone example.com tmp
-
-   A CNAME record cannot exist with the same name as another record except
-   for the DNSSEC records which prove its existence (NSEC).
-
-   RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other
-   data should be present; this ensures that the data for a canonical name
-   and its aliases cannot be different. This rule also insures that a
-   cached CNAME can be used without checking with an authoritative server
-   for other RR types."
-
-Q: I get error messages like "named.conf:99: unexpected end of input"
-   where 99 is the last line of named.conf.
-
-A: There are unbalanced quotes in named.conf.
-
-A: Some text editors (notepad and wordpad) fail to put a line title
-   indication (e.g. CR/LF) on the last line of a text file. This can be
-   fixed by "adding" a blank line to the end of the file. Named expects to
-   see EOF immediately after EOL and treats text files where this is not
-   met as truncated.
-
-Q: How do I share a dynamic zone between multiple views?
-
-A: You choose one view to be master and the second a slave and transfer
-   the zone between views.
-
-   Master 10.0.1.1:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-
-           key "mykey" {
-                   algorithm hmac-sha256;
-                   secret "yyyyyyyyyyyyyyyyyyyyyyyy";
-           };
-
-           view "internal" {
-                   match-clients { !key external; 10.0.1/24; };
-                   server 10.0.1.1 {
-                           /* Deliver notify messages to external view. */
-                           keys { external; };
-                   };
-                   zone "example.com" {
-                           type master;
-                           file "internal/example.db";
-                           allow-update { key mykey; };
-                           also-notify { 10.0.1.1; };
-                   };
-           };
-
-           view "external" {
-                   match-clients { key external; any; };
-                   zone "example.com" {
-                           type slave;
-                           file "external/example.db";
-                           masters { 10.0.1.1; };
-                           transfer-source 10.0.1.1;
-                           // allow-update-forwarding { any; };
-                           // allow-notify { ... };
-                   };
-           };
-
-Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading
-   master file primaries/wireless.ietf56.ietf.org: no owner".
-
-A: This error is produced when a line in the master file contains leading
-   white space (tab/space) but there is no current record owner name to
-   inherit the name from. Usually this is the result of putting white
-   space before a comment, forgetting the "@" for the SOA record, or
-   indenting the master file.
-
-Q: Why are my logs in GMT (UTC).
-
-A: You are running chrooted (-t) and have not supplied local timezone
-   information in the chroot area.
-
-   FreeBSD: /etc/localtime
-   Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
-   OSF: /etc/zoneinfo/localtime
-
-   See also tzset(3) and zic(8).
-
-Q: I get "rndc: connect failed: connection refused" when I try to run
-   rndc.
-
-A: This is usually a configuration error.
-
-   First ensure that named is running and no errors are being reported at
-   startup (/var/log/messages or equivalent). Running "named -g <usual
-   arguments>" from a title can help at this point.
-
-   Secondly ensure that named is configured to use rndc either by
-   "rndc-confgen -a", rndc-confgen or manually. The Administrators
-   Reference manual has details on how to do this.
-
-   Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /
-   etc/rndc.conf for the default server. Update /etc/rndc.conf if
-   necessary so that the default server listed in /etc/rndc.conf matches
-   the addresses used in named.conf. "localhost" has two address
-   (127.0.0.1 and ::1).
-
-   If you use "rndc-confgen -a" and named is running with -t or -u ensure
-   that /etc/rndc.conf has the correct ownership and that a copy is in the
-   chroot area. You can do this by re-running "rndc-confgen -a" with
-   appropriate -t and -u arguments.
-
-Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
-   receiving responses: permission denied" error messages.
-
-A: These indicate a filesystem permission error preventing named creating
-   / renaming the temporary file. These will usually also have other
-   associated error messages like
-
-   "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
-
-   Named needs write permission on the directory containing the file.
-   Named writes the new cache file to a temporary file then renames it to
-   the name specified in named.conf to ensure that the contents are always
-   complete. This is to prevent named loading a partial zone in the event
-   of power failure or similar interrupting the write of the master file.
-
-   Note file names are relative to the directory specified in options and
-   any chroot directory ([<chroot dir>/][<options dir>]).
-
-   If named is invoked as "named -t /chroot/DNS" with the following
-   named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the
-   user named is running as.
-
-   options {
-           directory "/var/named";
-   };
-
-   zone "example.net" {
-           type slave;
-           file "sl/example.net";
-           masters { 192.168.4.12; };
-   };
-
-Q: I want to forward all DNS queries from my caching nameserver to another
-   server. But there are some domains which have to be served locally, via
-   rbldnsd.
-
-   How do I achieve this ?
-
-A: options {
-           forward only;
-           forwarders { <ip.of.primary.nameserver>; };
-   };
-
-   zone "sbl-xbl.spamhaus.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-   zone "list.dsbl.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-
-Q: Can you help me understand how BIND 9 uses memory to store DNS zones?
-
-   Some times it seems to take several times the amount of memory it needs
-   to store the zone.
-
-A: When reloading a zone named my have multiple copies of the zone in
-   memory at one time. The zone it is serving and the one it is loading.
-   If reloads are ultra fast it can have more still.
-
-   e.g. Ones that are transferring out, the one that it is serving and the
-   one that is loading.
-
-   BIND 8 destroyed the zone before loading and also killed off outgoing
-   transfers of the zone.
-
-   The new strategy allows slaves to get copies of the new zone regardless
-   of how often the master is loaded compared to the transfer time. The
-   slave might skip some intermediate versions but the transfers will
-   complete and it will keep reasonably in sync with the master.
-
-   The new strategy also allows the master to recover from syntax and
-   other errors in the master file as it still has an in-core copy of the
-   old contents.
-
-Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
-   External lookups are slow.
-
-A: You can use server clauses to stop named making external lookups over
-   IPv6.
-
-   server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
-   server ::/0 { bogus yes; };
-
-3. Operations Questions
-
-Q: How to change the nameservers for a zone?
-
-A: Step 1: Ensure all nameservers, new and old, are serving the same zone
-   content.
-
-   Step 2: Work out the maximum TTL of the NS RRset in the parent and
-   child zones. This is the time it will take caches to be clear of a
-   particular version of the NS RRset. If you are just removing
-   nameservers you can skip to Step 6.
-
-   Step 3: Add new nameservers to the NS RRset for the zone and wait until
-   all the servers for the zone are answering with this new NS RRset.
-
-   Step 4: Inform the parent zone of the new NS RRset then wait for all
-   the parent servers to be answering with the new NS RRset.
-
-   Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
-   how long. If you are just adding nameservers you are done.
-
-   Step 6: Remove any old nameservers from the zones NS RRset and wait for
-   all the servers for the zone to be serving the new NS RRset.
-
-   Step 7: Inform the parent zone of the new NS RRset then wait for all
-   the parent servers to be answering with the new NS RRset.
-
-   Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
-   how long.
-
-   Step 9: Turn off the old nameservers or remove the zone entry from the
-   configuration of the old nameservers.
-
-   Step 10: Increment the serial number and wait for the change to be
-   visible in all nameservers for the zone. This ensures that zone
-   transfers are still working after the old servers are decommissioned.
-
-   Note: the above procedure is designed to be transparent to dns clients.
-   Decommissioning the old servers too early will result in some clients
-   not being able to look up answers in the zone.
-
-   Note: while it is possible to run the addition and removal stages
-   together it is not recommended.
-
-4. General Questions
-
-Q: I keep getting log messages like the following. Why?
-
-   Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
-   update failed: 'RRset exists (value dependent)' prerequisite not
-   satisfied (NXRRSET)
-
-A: DNS updates allow the update request to test to see if certain
-   conditions are met prior to proceeding with the update. The message
-   above is saying that conditions were not met and the update is not
-   proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
-
-Q: I keep getting log messages like the following. Why?
-
-   Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
-
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic
-   Update protocol. Windows 2000 machines have a habit of sending dynamic
-   update requests to DNS servers without being specifically configured to
-   do so. If the update requests are coming from a Windows 2000 machine,
-   see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
-   for information about how to turn them off.
-
-Q: When I do a "dig . ns", many of the A records for the root servers are
-   missing. Why?
-
-A: This is normal and harmless. It is a somewhat confusing side effect of
-   the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
-   makes to avoid promoting glue into answers.
-
-   When BIND 9 first starts up and primes its cache, it receives the root
-   server addresses as additional data in an authoritative response from a
-   root server, and these records are eligible for inclusion as additional
-   data in responses. Subsequently it receives a subset of the root server
-   addresses as additional data in a non-authoritative (referral) response
-   from a root server. This causes the addresses to now be considered
-   non-authoritative (glue) data, which is not eligible for inclusion in
-   responses.
-
-   The server does have a complete set of root server addresses cached at
-   all times, it just may not include all of them as additional data,
-   depending on whether they were last received as answers or as glue. You
-   can always look up the addresses with explicit queries like "dig
-   a.root-servers.net A".
-
-Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
-
-A: A zone can be updated either by editing zone files and reloading the
-   server or by dynamic update, but not both. If you have enabled dynamic
-   update for a zone using the "allow-update" option, you are not supposed
-   to edit the zone file by hand, and the server will not attempt to
-   reload it.
-
-Q: Why is named listening on UDP port other than 53?
-
-A: Named uses a system selected port to make queries of other nameservers.
-   This behaviour can be overridden by using query-source to lock down the
-   port and/or address. See also notify-source and transfer-source.
-
-Q: I get warning messages like "zone example.com/IN: refresh: failure
-   trying master 1.2.3.4#53: timed out".
-
-A: Check that you can make UDP queries from the slave to the master
-
-   dig +norec example.com soa @1.2.3.4
-
-   You could be generating queries faster than the slave can cope with.
-   Lower the serial query rate.
-
-   serial-query-rate 5; // default 20
-
-Q: I don't get RRSIG's returned when I use "dig +dnssec".
-
-A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
-
-Q: Can a NS record refer to a CNAME.
-
-A: No. The rules for glue (copies of the *address* records in the parent
-   zones) and additional section processing do not allow it to work.
-
-   You would have to add both the CNAME and address records (A/AAAA) as
-   glue to the parent zone and have CNAMEs be followed when doing
-   additional section processing to make it work. No nameserver
-   implementation supports either of these requirements.
-
-Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA"
-   mean?
-
-A: If the IN-ADDR.ARPA name covered refers to a internal address space you
-   are using then you have failed to follow RFC 1918 usage rules and are
-   leaking queries to the Internet. You should establish your own zones
-   for these addresses to prevent you querying the Internet's name servers
-   for these addresses. Please see <http://as112.net/> for details of the
-   problems you are causing and the counter measures that have had to be
-   deployed.
-
-   If you are not using these private addresses then a client has queried
-   for them. You can just ignore the messages, get the offending client to
-   stop sending you these messages as they are most probably leaking them
-   or setup your own zones empty zones to serve answers to these queries.
-
-   zone "10.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   zone "16.172.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   ...
-
-   zone "31.172.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   zone "168.192.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   empty:
-   @ 10800 IN SOA <name-of-server>. <contact-email>. (
-                  1 3600 1200 604800 10800 )
-   @ 10800 IN NS <name-of-server>.
-
-   Note
-
-   Future versions of named are likely to do this automatically.
-
-Q: Will named be affected by the 2007 changes to daylight savings rules in
-   the US.
-
-A: No, so long as the machines internal clock (as reported by "date -u")
-   remains at UTC. The only visible change if you fail to upgrade your OS,
-   if you are in a affected area, will be that log messages will be a hour
-   out during the period where the old rules do not match the new rules.
-
-   For most OS's this change just means that you need to update the
-   conversion rules from UTC to local time. Normally this involves
-   updating a file in /etc (which sets the default timezone for the
-   machine) and possibly a directory which has all the conversion rules
-   for the world (e.g. /usr/share/zoneinfo). When updating the OS do not
-   forget to update any chroot areas as well. See your OS's documentation
-   for more details.
-
-   The local timezone conversion rules can also be done on a individual
-   basis by setting the TZ environment variable appropriately. See your
-   OS's documentation for more details.
-
-Q: Is there a bugzilla (or other tool) database that mere mortals can have
-   (read-only) access to for bind?
-
-A: No. The BIND 9 bug database is kept closed for a number of reasons.
-   These include, but are not limited to, that the database contains
-   proprietory information from people reporting bugs. The database has in
-   the past and may in future contain unfixed bugs which are capable of
-   bringing down most of the Internet's DNS infrastructure.
-
-   The release pages for each version contain up to date lists of bugs
-   that have been fixed post release. That is as close as we can get to
-   providing a bug database.
-
-Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
-
-A: NSEC3 records are strictly meta data and can only be returned in the
-   authority section. This is done so that signing the zone using NSEC3
-   records does not bring names into existence that do not exist in the
-   unsigned version of the zone.
-
-5. Operating-System Specific Questions
-
-5.1. HPUX
-
-Q: I get the following error trying to configure BIND:
-
-   checking if unistd.h or sys/types.h defines fd_set... no
-   configure: error: need either working unistd.h or sys/select.h
-
-A: You have attempted to configure BIND with the bundled C compiler. This
-   compiler does not meet the minimum compiler requirements to for
-   building BIND. You need to install a ANSI C compiler and / or teach
-   configure how to find the ANSI C compiler. The later can be done by
-   adjusting the PATH environment variable and / or specifying the
-   compiler via CC.
-
-   ./configure CC=<compiler> ...
-
-5.2. Linux
-
-Q: Why do I get the following errors:
-
-   general: errno2result.c:109: unexpected error:
-   general: unable to convert errno to isc_result: 14: Bad address
-   client: UDP client handler shutting down due to fatal receive error: unexpected error
-
-A: This is the result of a Linux kernel bug.
-
-   See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
-   2>
-
-Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
-
-A: This is due to a kernel bug where the fact that a socket is marked
-   non-blocking is ignored. It is reported that setting xfrm_larval_drop
-   to 1 helps but this may have negative side effects. See: <https://
-   bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
-   2007/12/4/260>.
-
-   xfrm_larval_drop can be set to 1 by the following procedure:
-
-   echo "1" > proc/sys/net/core/xfrm_larval_drop
-
-Q: Why do I see 5 (or more) copies of named on Linux?
-
-A: Linux threads each show up as a process under ps. The approximate
-   number of threads running is n+4, where n is the number of CPUs. Note
-   that the amount of memory used is not cumulative; if each process is
-   using 10M of memory, only a total of 10M is used.
-
-   Newer versions of Linux's ps command hide the individual threads and
-   require -L to display them.
-
-Q: Why does BIND 9 log "permission denied" errors accessing its
-   configuration files or zones on my Linux system even though it is
-   running as root?
-
-A: On Linux, BIND 9 drops most of its root privileges on startup. This
-   including the privilege to open files owned by other users. Therefore,
-   if the server is running as root, the configuration files and zone
-   files should also be owned by root.
-
-Q: I get the error message "named: capset failed: Operation not permitted"
-   when starting named.
-
-A: The capability module, part of "Linux Security Modules/LSM", has not
-   been loaded into the kernel. See insmod(8), modprobe(8).
-
-   The relevant modules can be loaded by running:
-
-   modprobe commoncap
-   modprobe capability
-
-Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
-
-   Why can't named update slave zone database files?
-
-   Why can't named create DDNS journal files or update the master zones
-   from journals?
-
-   Why can't named create custom log files?
-
-A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
-
-   Red Hat have adopted the National Security Agency's SELinux security
-   policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
-   security , which are more secure than running named in a chroot and
-   make use of the bind-chroot environment unnecessary .
-
-   By default, named is not allowed by the SELinux policy to write, create
-   or delete any files EXCEPT in these directories:
-
-   $ROOTDIR/var/named/slaves
-   $ROOTDIR/var/named/data
-   $ROOTDIR/var/tmp
-
-
-   where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is
-   installed.
-
-   The SELinux policy particularly does NOT allow named to modify the
-   $ROOTDIR/var/named directory, the default location for master zone
-   database files.
-
-   SELinux policy overrules file access permissions - so even if all the
-   files under /var/named have ownership named:named and mode rw-rw-r--,
-   named will still not be able to write or create files except in the
-   directories above, with SELinux in Enforcing mode.
-
-   So, to allow named to update slave or DDNS zone files, it is best to
-   locate them in $ROOTDIR/var/named/slaves, with named.conf zone
-   statements such as:
-
-   zone "slave.zone." IN {
-           type slave;
-           file "slaves/slave.zone.db";
-           ...
-   };
-   zone "ddns.zone." IN  {
-           type master;
-           allow-updates {...};
-           file "slaves/ddns.zone.db";
-   };
-
-
-   To allow named to create its cache dump and statistics files, for
-   example, you could use named.conf options statements such as:
-
-   options {
-           ...
-           dump-file "/var/named/data/cache_dump.db";
-           statistics-file "/var/named/data/named_stats.txt";
-           ...
-   };
-
-
-   You can also tell SELinux to allow named to update any zone database
-   files, by setting the SELinux tunable boolean parameter
-   'named_write_master_zones=1', using the system-config-securitylevel
-   GUI, using the 'setsebool' command, or in /etc/selinux/targeted/
-   booleans.
-
-   You can disable SELinux protection for named entirely by setting the
-   'named_disable_trans=1' SELinux tunable boolean parameter.
-
-   The SELinux named policy defines these SELinux contexts for named:
-
-   named_zone_t : for zone database files       - $ROOTDIR/var/named/*
-   named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
-   named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
-
-
-   If you want to retain use of the SELinux policy for named, and put
-   named files in different locations, you can do so by changing the
-   context of the custom file locations .
-
-   To create a custom configuration file location, e.g. '/root/
-   named.conf', to use with the 'named -c' option, do:
-
-   # chcon system_u:object_r:named_conf_t /root/named.conf
-
-
-   To create a custom modifiable named data location, e.g. '/var/log/
-   named' for a log file, do:
-
-   # chcon system_u:object_r:named_cache_t /var/log/named
-
-
-   To create a custom zone file location, e.g. /root/zones/, do:
-
-   # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
-
-
-   See these man-pages for more information : selinux(8), named_selinux
-   (8), chcon(1), setsebool(8)
-
-Q: I'm running BIND on Ubuntu -
-
-   Why can't named update slave zone database files?
-
-   Why can't named create DDNS journal files or update the master zones
-   from journals?
-
-   Why can't named create custom log files?
-
-A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
-   addition to normal file system permissions to protect the system.
-
-   Adjust the paths to use those specified in /etc/apparmor.d/
-   usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
-   to write at the location specified in named.conf.
-
-Q: Listening on individual IPv6 interfaces does not work.
-
-A: This is usually due to "/proc/net/if_inet6" not being available in the
-   chroot file system. Mount another instance of "proc" in the chroot file
-   system.
-
-   This can be be made permanent by adding a second instance to /etc/
-   fstab.
-
-   proc /proc           proc defaults 0 0
-   proc /var/named/proc proc defaults 0 0
-
-5.3. Windows
-
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
-   Why?
-
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS
-   messages larger than 16K are not handled properly. This can be worked
-   around by setting the option "transfer-format one-answer;". Also check
-   whether your zone contains domain names with embedded spaces or other
-   special characters, like "John\032Doe\213s\032Computer", since such
-   names have been known to cause Windows 2000 slaves to incorrectly
-   reject the zone.
-
-Q: I get "Error 1067" when starting named under Windows.
-
-A: This is the service manager saying that named exited. You need to
-   examine the Application log in the EventViewer to find out why.
-
-   Common causes are that you failed to create "named.conf" (usually "C:\
-   windows\dns\etc\named.conf") or failed to specify the directory in
-   named.conf.
-
-   options {
-           Directory "C:\windows\dns\etc";
-   };
-
-5.4. FreeBSD
-
-Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
-   use certain interrupts as a source of random events. You can make this
-   permanent by setting rand_irqs in /etc/rc.conf.
-
-   rand_irqs="3 14 15"
-
-   See also <http://people.freebsd.org/~dougb/randomness.html>.
-
-5.5. Solaris
-
-Q: How do I integrate BIND 9 and Solaris SMF
-
-A: Sun has a blog entry describing how to do this.
-
-   <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
-
-5.6. Apple Mac OS X
-
-Q: How do I run BIND 9 on Apple Mac OS X?
-
-A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
-
-   % sudo rndc-confgen  > /etc/rndc.conf
-
-   Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
-
-   key "rndc-key" {
-           algorithm hmac-sha256;
-           secret "uvceheVuqf17ZwIcTydddw==";
-   };
-
-   Then start the relevant service:
-
-   % sudo service org.isc.named start
-
-   This is persistent upon a reboot, so you will have to do it only once.
-
-A: Alternatively you can just generate /etc/rndc.key by running:
-
-   % sudo rndc-confgen -a
-
-   Then start the relevant service:
-
-   % sudo service org.isc.named start
-
-   Named will look for /etc/rndc.key when it starts if it doesn't have a
-   controls section or the existing controls are missing keys sub-clauses.
-   This is persistent upon a reboot, so you will have to do it only once.
-

HISTORY.md

@@ -0,0 +1,542 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+### Functional enhancements from prior major releases of BIND 9
+
+#### BIND 9.11
+
+BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
+releases.  New features include:
+
+- Added support for Catalog Zones, a new method for provisioning servers: a
+  list of zones to be served is stored in a DNS zone, along with their
+  configuration parameters. Changes to the catalog zone are propagated to
+  slaves via normal AXFR/IXFR, whereupon the zones that are listed in it
+  are automatically added, deleted or reconfigured.
+- Added support for "dnstap", a fast and flexible method of capturing and
+  logging DNS traffic.
+- Added support for "dyndb", a new API for loading zone data from an
+  external database, developed by Red Hat for the FreeIPA project.
+- "fetchlimit" quotas are now compiled in by default.  These are for the
+  use of recursive resolvers that are are under high query load for domains
+  whose authoritative servers are nonresponsive or are experiencing a
+  denial of service attack:
+    - "fetches-per-server" limits the number of simultaneous queries that
+      can be sent to any single authoritative server.  The configured value
+      is a starting point; it is automatically adjusted downward if the
+      server is partially or completely non-responsive. The algorithm used
+      to adjust the quota can be configured via the "fetch-quota-params"
+      option.
+    - "fetches-per-zone" limits the number of simultaneous queries that can
+      be sent for names within a single domain.  (Note: Unlike
+      "fetches-per-server", this value is not self-tuning.)
+    - New stats counters have been added to count queries spilled due to
+      these quotas.
+- Added a new "dnssec-keymgr" key mainenance utility, which can generate or
+  update keys as needed to ensure that a zone's keys match a defined DNSSEC
+  policy.
+- The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE" and
+  is no longer optional. EDNS COOKIE is a mechanism enabling clients to
+  detect off-path spoofed responses, and servers to detect spoofed-source
+  queries.  Clients that identify themselves using COOKIE options are not
+  subject to response rate limiting (RRL) and can receive larger UDP
+  responses.
+- SERVFAIL responses can now be cached for a limited time (defaulting to 1
+  second, with an upper limit of 30).  This can reduce the frequency of
+  retries when a query is persistently failing.
+- Added an "nsip-wait-recurse" switch to RPZ. This causes NSIP rules to be
+  skipped if a name server IP address isn't in the cache yet; the address
+  will be looked up and the rule will be applied on future queries.
+- Added a Python RNDC module. This allows multiple commands to sent over a
+  persistent RNDC channel, which saves time.
+- The "controls" block in named.conf can now grant read-only "rndc" access
+  to specified clients or keys. Read-only clients could, for example, check
+  "rndc status" but could not reconfigure or shut down the server.
+- "rndc" commands can now return arbitrarily large amounts of text to the
+  caller.
+- The zone serial number of a dynamically updatable zone can now be set via
+  "rndc signing -serial <number> <zonename>".  This allows inline-signing
+  zones to be set to a specific serial number.
+- The new "rndc nta" command can be used to set a Negative Trust Anchor
+  (NTA), disabling DNSSEC validation for a specific domain; this can be
+  used when responses from a domain are known to be failing validation due
+  to administrative error rather than because of a spoofing attack.
+  Negative trust anchors are strictly temporary; by default they expire
+  after one hour, but can be configured to last up to one week.
+- "rndc delzone" can now be used on zones that were not originally created
+  by "rndc addzone".
+- "rndc modzone" reconfigures a single zone, without requiring the entire
+  server to be reconfigured.
+- "rndc showzone" displays the current configuration of a zone.
+- "rndc managed-keys" can be used to check the status of RFC 5001 managed
+  trust anchors, or to force trust anchors to be refreshed.
+- "max-cache-size" can now be set to a percentage of available memory. The
+  default is 90%.
+- Update forwarding performance has been improved by allowing a single TCP
+  connection to be shared by multiple updates.
+- The EDNS Client Subnet (ECS) option is now supported for authoritative
+  servers; if a query contains an ECS option then ACLs containing "geoip"
+  or "ecs" elements can match against the the address encoded in the
+  option.  This can be used to select a view for a query, so that different
+  answers can be provided depending on the client network.
+- The EDNS EXPIRE option has been implemented on the client side, allowing
+  a slave server to set the expiration timer correctly when transferring
+  zone data from another slave server.
+- The key generation and manipulation tools (dnssec-keygen, dnssec-settime,
+  dnssec-importkey, dnssec-keyfromlabel) now take "-Psync" and "-Dsync"
+  options to set the publication and deletion times of CDS and CDNSKEY
+  parent-synchronization records.  Both named and dnssec-signzone can now
+  publish and remove these records at the scheduled times.
+- A new "minimal-any" option reduces the size of UDP responses for query
+  type ANY by returning a single arbitrarily selected RRset instead of all
+  RRsets.
+- A new "masterfile-style" zone option controls the formatting of text zone
+  files:  When set to "full", a zone file is dumped in
+  single-line-per-record format.
+- "serial-update-method" can now be set to "date". On update, the serial
+  number will be set to the current date in YYYYMMDDNN format.
+- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
+- "named -L <filename>" causes named to send log messages to the specified
+  file by default instead of to the system log.
+- "dig +ttlunits" prints TTL values with time-unit suffixes: w, d, h, m, s
+  for weeks, days, hours, minutes, and seconds.
+- "dig +unknownformat" prints dig output in RFC 3597 "unknown record"
+  presentation format.
+- "dig +ednsopt" allows dig to set arbitrary EDNS options on requests.
+- "dig +ednsflags" allows dig to set yet-to-be-defined EDNS flags on
+  requests.
+- "mdig" is an alternate version of dig which sends multiple pipelined TCP
+  queries to a server.  Instead of waiting for a response after sending a
+  query, it sends all queries immediately and displays responses in the
+  order received.
+- "serial-query-rate" no longer controls NOTIFY messages.  These are
+  separately controlled by "notify-rate" and "startup-notify-rate".
+- "nsupdate" now performs "check-names" processing by default on records to
+  be added.  This can be disabled with "check-names no".
+- The statistics channel now supports DEFLATE compression, reducing the
+  size of the data sent over the network when querying statistics.
+- New counters have been added to the statistics channel to track the sizes
+  of incoming queries and outgoing responses in histogram buckets, as
+  specified in RSSAC002.
+- A new NXDOMAIN redirect method (option "nxdomain-redirect") has been
+  added, allowing redirection to a specified DNS namespace instead of a
+  single redirect zone.
+- When starting up, named now ensures that no other named process is
+  already running.
+- Files created by named to store information, including "mkeys" and "nzf"
+  files, are now named after their corresponding views unless the view name
+  contains characters incompatible with use as a filename. Old style
+  filenames (based on the hash of the view name) will still work.
+
+#### BIND 9.10.0
+
+BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
+releases.  New features include:
+
+ - DNS Response-rate limiting (DNS RRL), which blunts the
+   impact of reflection and amplification attacks, is always
+   compiled in and no longer requires a compile-time option
+   to enable it.
+ - An experimental "Source Identity Token" (SIT) EDNS option
+   is now available.  Similar to DNS Cookies as invented by
+   Donald Eastlake 3rd, these are designed to enable clients
+   to detect off-path spoofed responses, and to enable servers
+   to detect spoofed-source queries.  Servers can be configured
+   to send smaller responses to clients that have not identified
+   themselves using a SIT option, reducing the effectiveness of
+   amplification attacks.  RRL processing has also been updated;
+   clients proven to be legitimate via SIT are not subject to
+   rate limiting.  Use "configure --enable-sit" to enable this
+   feature in BIND.
+ - A new zone file format, "map", stores zone data in a
+   format that can be mapped directly into memory, allowing
+   significantly faster zone loading.
+ - "delv" (domain entity lookup and validation) is a new tool
+   with dig-like semantics for looking up DNS data and performing
+   internal DNSSEC validation.  This allows easy validation in
+   environments where the resolver may not be trustworthy, and
+   assists with troubleshooting of DNSSEC problems. (NOTE:
+   In previous development releases of BIND 9.10, this utility
+   was called "delve". The spelling has been changed to avoid
+   confusion with the "delve" utility included with the Xapian
+   search engine.)
+ - Improved EDNS(0) processing for better resolver performance
+   and reliability over slow or lossy connections.
+ - A new "configure --with-tuning=large" option tunes certain
+   compiled-in constants and default settings to values better
+   suited to large servers with abundant memory.  This can
+   improve performance on such servers, but will consume more
+   memory and may degrade performance on smaller systems.
+ - Substantial improvement in response-policy zone (RPZ)
+   performance.  Up to 32 response-policy zones can be
+   configured with minimal performance loss.
+ - To improve recursive resolver performance, cache records
+   which are still being requested by clients can now be
+   automatically refreshed from the authoritative server
+   before they expire, reducing or eliminating the time
+   window in which no answer is available in the cache.
+ - New "rpz-client-ip" triggers and drop policies allowing
+   response policies based on the IP address of the client.
+ - ACLs can now be specified based on geographic location
+   using the MaxMind GeoIP databases.  Use "configure
+   --with-geoip" to enable.
+ - Zone data can now be shared between views, allowing
+   multiple views to serve the same zones authoritatively
+   without storing multiple copies in memory.
+ - New XML schema (version 3) for the statistics channel
+   includes many new statistics and uses a flattened XML tree
+   for faster parsing. The older schema is now deprecated.
+ - A new stylesheet, based on the Google Charts API, displays
+   XML statistics in charts and graphs on javascript-enabled
+   browsers.
+ - The statistics channel can now provide data in JSON
+   format as well as XML.
+ - New stats counters track TCP and UDP queries received
+   per zone, and EDNS options received in total.
+ - The internal and export versions of the BIND libraries
+   (libisc, libdns, etc) have been unified so that external
+   library clients can use the same libraries as BIND itself.
+ - A new compile-time option, "configure --enable-native-pkcs11",
+   allows BIND 9 cryptography functions to use the PKCS#11 API
+   natively, so that BIND can drive a cryptographic hardware
+   service module (HSM) directly instead of using a modified
+   OpenSSL as an intermediary. (Note: This feature requires an
+   HSM to have a full implementation of the PKCS#11 API; many
+   current HSMs only have partial implementations. The new
+   "pkcs11-tokens" command can be used to check API completeness.
+   Native PKCS#11 is known to work with the Thales nShield HSM
+   and with SoftHSM version 2 from the Open DNSSEC project.)
+ - The new "max-zone-ttl" option enforces maximum TTLs for
+   zones. This can simplify the process of rolling DNSSEC keys
+   by guaranteeing that cached signatures will have expired
+   within the specified amount of time.
+ - "dig +subnet" sends an EDNS CLIENT-SUBNET option when
+   querying.
+ - "dig +expire" sends an EDNS EXPIRE option when querying.
+   When this option is sent with an SOA query to a server
+   that supports it, it will report the expiry time of
+   a slave zone.
+ - New "dnssec-coverage" tool to check DNSSEC key coverage
+   for a zone and report if a lapse in signing coverage has
+   been inadvertently scheduled.
+ - Signing algorithm flexibility and other improvements
+   for the "rndc" control channel.
+ - "named-checkzone" and "named-compilezone" can now read
+   journal files, allowing them to process dynamic zones.
+ - Multiple DLZ databases can now be configured.  Individual
+   zones can be configured to be served from a specific DLZ
+   database.  DLZ databases now serve zones of type "master"
+   and "redirect".
+ - "rndc zonestatus" reports information about a specified zone.
+ - "named" now listens on IPv6 as well as IPv4 interfaces
+   by default.
+ - "named" now preserves the capitalization of names
+   when responding to queries: for instance, a query for
+   "example.com" may be answered with "example.COM" if the
+   name was configured that way in the zone file.  Some
+   clients have a bug causing them to depend on the older
+   behavior, in which the case of the answer always matched
+   the case of the query, rather than the case of the name
+   configured in the DNS.  Such clients can now be specified
+   in the new "no-case-compress" ACL; this will restore the
+   older behavior of "named" for those clients only.
+ - new "dnssec-importkey" command allows the use of offline
+   DNSSEC keys with automatic DNSKEY management.
+ - New "named-rrchecker" tool to verify the syntactic
+   correctness of individual resource records.
+ - When re-signing a zone, the new "dnssec-signzone -Q" option
+   drops signatures from keys that are still published but are
+   no longer active.
+ - "named-checkconf -px" will print the contents of configuration
+   files with the shared secrets obscured, making it easier to
+   share configuration (e.g. when submitting a bug report)
+   without revealing private information.
+ - "rndc scan" causes named to re-scan network interfaces for
+   changes in local addresses.
+ - On operating systems with support for routing sockets,
+   network interfaces are re-scanned automatically whenever
+   they change.
+ - "tsig-keygen" is now available as an alternate command
+   name to use for "ddns-confgen".
+
+#### BIND 9.9.0
+
+BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
+releases.  New features include:
+
+- Inline signing, allowing automatic DNSSEC signing of
+  master zones without modification of the zonefile, or
+  "bump in the wire" signing in slaves.
+- NXDOMAIN redirection.
+- New 'rndc flushtree' command clears all data under a given
+  name from the DNS cache.
+- New 'rndc sync' command dumps pending changes in a dynamic
+  zone to disk without a freeze/thaw cycle.
+- New 'rndc signing' command displays or clears signing status
+  records in 'auto-dnssec' zones.
+- NSEC3 parameters for 'auto-dnssec' zones can now be set prior
+  to signing, eliminating the need to initially sign with NSEC.
+- Startup time improvements on large authoritative servers.
+- Slave zones are now saved in raw format by default.
+- Several improvements to response policy zones (RPZ).
+- Improved hardware scalability by using multiple threads
+  to listen for queries and using finer-grained client locking
+- The 'also-notify' option now takes the same syntax as
+  'masters', so it can used named masterlists and TSIG keys.
+- 'dnssec-signzone -D' writes an output file containing only DNSSEC
+  data, which can be included by the primary zone file.
+- 'dnssec-signzone -R' forces removal of signatures that are
+  not expired but were created by a key which no longer exists.
+- 'dnssec-signzone -X' allows a separate expiration date to
+  be specified for DNSKEY signatures from other signatures.
+- New '-L' option to dnssec-keygen, dnssec-settime, and
+  dnssec-keyfromlabel sets the default TTL for the key.
+- dnssec-dsfromkey now supports reading from standard input,
+  to make it easier to convert DNSKEY to DS.
+- RFC 1918 reverse zones have been added to the empty-zones
+  table per RFC 6303.
+- Dynamic updates can now optionally set the zone's SOA serial
+  number to the current UNIX time.
+- DLZ modules can now retrieve the source IP address of
+  the querying client.
+- 'request-ixfr' option can now be set at the per-zone level.
+- 'dig +rrcomments' turns on comments about DNSKEY records,
+  indicating their key ID, algorithm and function
+- Simplified nsupdate syntax and added readline support
+
+#### BIND 9.8.0
+
+BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
+releases.  New features include:
+
+- Built-in trust anchor for the root zone, which can be
+  switched on via "dnssec-validation auto;"
+- Support for DNS64.
+- Support for response policy zones (RPZ).
+- Support for writable DLZ zones.
+- Improved ease of configuration of GSS/TSIG for
+  interoperability with Active Directory
+- Support for GOST signing algorithm for DNSSEC.
+- Removed RTT Banding from server selection algorithm.
+- New "static-stub" zone type.
+- Allow configuration of resolver timeouts via
+  "resolver-query-timeout" option.
+- The DLZ "dlopen" driver is now built by default.
+- Added a new include file with function typedefs
+  for the DLZ "dlopen" driver.
+- Made "--with-gssapi" default.
+- More verbose error reporting from DLZ LDAP.
+
+#### BIND 9.7.0
+
+BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
+releases.  Most are intended to simplify DNSSEC configuration.
+New features include:
+
+- Fully automatic signing of zones by "named".
+- Simplified configuration of DNSSEC Lookaside Validation (DLV).
+- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
+  command line tool or the "local" update-policy option.  (As a side
+  effect, this also makes it easier to configure automatic zone
+  re-signing.)
+- New named option "attach-cache" that allows multiple views to
+  share a single cache.
+- DNS rebinding attack prevention.
+- New default values for dnssec-keygen parameters.
+- Support for RFC 5011 automated trust anchor maintenance
+- Smart signing: simplified tools for zone signing and key
+  maintenance.
+- The "statistics-channels" option is now available on Windows.
+- A new DNSSEC-aware libdns API for use by non-BIND9 applications
+- On some platforms, named and other binaries can now print out
+  a stack backtrace on assertion failure, to aid in debugging.
+- A "tools only" installation mode on Windows, which only installs
+  dig, host, nslookup and nsupdate.
+- Improved PKCS#11 support, including Keyper support and explicit
+  OpenSSL engine selection.
+
+#### BIND 9.6.0
+
+- Full NSEC3 support
+- Automatic zone re-signing
+- New update-policy methods tcp-self and 6to4-self
+- The BIND 8 resolver library, libbind, has been removed from the BIND 9
+  distribution and is now available as a separate download.
+- Change the default pid file location from /var/run to
+  /var/run/{named,lwresd} for improved chroot/setuid support.
+
+#### BIND 9.5.0
+
+- GSS-TSIG support (RFC 3645).
+- DHCID support.
+- Experimental http server and statistics support for named via xml.
+- More detailed statistics counters including those supported in BIND 8.
+- Faster ACL processing.
+- Use Doxygen to generate internal documentation.
+- Efficient LRU cache-cleaning mechanism.
+- NSID support.
+
+BIND 9.4.0
+
+- Implemented "additional section caching (or acache)", an internal cache
+  framework for additional section content to improve response performance.
+  Several configuration options were provided to control the behavior.
+- New notify type 'master-only'.  Enable notify for master zones only.
+- Accept 'notify-source' style syntax for query-source.
+- rndc now allows addresses to be set in the server clauses.
+- New option "allow-query-cache".  This lets "allow-query" be used to
+  specify the default zone access level rather than having to have every
+  zone override the global value.  "allow-query-cache" can be set at both
+  the options and view levels.  If "allow-query-cache" is not set then
+  "allow-recursion" is used if set, otherwise "allow-query" is used if set
+  unless "recursion no;" is set in which case "none;" is used, otherwise
+  the default (localhost; localnets;) is used.
+- rndc: the source address can now be specified.
+- ixfr-from-differences now takes master and slave in addition to yes and
+  no at the options and view levels.
+- Allow the journal's name to be changed via named.conf.
+- 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
+  specified zone.
+- 'dig +trace' now randomly selects the next servers to try.  Report if
+  there is a bad delegation.
+- Improve check-names error messages.
+- Make public the function to read a key file, dst_key_read_public().
+- dig now returns the byte count for axfr/ixfr.
+- allow-update is now settable at the options / view level.
+- named-checkconf now checks the logging configuration.
+- host now can turn on memory debugging flags with '-m'.
+- Don't send notify messages to self.
+- Perform sanity checks on NS records which refer to 'in zone' names.
+- New zone option "notify-delay".  Specify a minimum delay between sets of
+  NOTIFY messages.
+- Extend adjusting TTL warning messages.
+- Named and named-checkzone can now both check for non-terminal wildcard
+  records.
+- "rndc freeze/thaw" now freezes/thaws all zones.
+- named-checkconf now check acls to verify that they only refer to existing
+  acls.
+- The server syntax has been extended to support a range of servers.
+- Report differences between hints and real NS rrset and associated address
+  records.
+- Preserve the case of domain names in rdata during zone transfers.
+- Restructured the data locking framework using architecture dependent
+  atomic operations (when available), improving response performance on
+  multi-processor machines significantly.  x86, x86_64, alpha, powerpc, and
+  mips are currently supported.
+- UNIX domain controls are now supported.
+- Add support for additional zone file formats for improving loading
+  performance.  The masterfile-format option in named.conf can be used to
+  specify a non-default format.  A separate command named-compilezone was
+  provided to generate zone files in the new format.  Additionally, the -I
+  and -O options for dnssec-signzone specify the input and output formats.
+- dnssec-signzone can now randomize signature end times (dnssec-signzone -j
+  jitter).
+- Add support for CH A record.
+- Add additional zone data constancy checks.  named-checkzone has extended
+  checking of NS, MX and SRV record and the hosts they reference.  named
+  has extended post zone load checks.  New zone options: check-mx and
+  integrity-check.
+- edns-udp-size can now be overridden on a per server basis.
+- dig can now specify the EDNS version when making a query.
+- Added framework for handling multiple EDNS versions.
+- Additional memory debugging support to track size and mctx arguments.
+- Detect duplicates of UDP queries we are recursing on and drop them.  New
+  stats category "duplicates".
+- "USE INTERNAL MALLOC" is now runtime selectable.
+- The lame cache is now done on a <qname,qclass,qtype> basis as some
+  servers only appear to be lame for certain query types.
+- Limit the number of recursive clients that can be waiting for a single
+  query (<qname,qtype,qclass>) to resolve.  New options clients-per-query
+  and max-clients-per-query.
+- dig: report the number of extra bytes still left in the packet after
+  processing all the records.
+- Support for IPSECKEY rdata type.
+- Raise the UDP recieve buffer size to 32k if it is less than 32k.
+- x86 and x86_64 now have seperate atomic locking implementations.
+- named-checkconf now validates update-policy entries.
+- Attempt to make the amount of work performed in a iteration self tuning.
+  The covers nodes clean from the cache per iteration, nodes written to
+  disk when rewriting a master file and nodes destroyed per iteration when
+  destroying a zone or a cache.
+- ISC string copy API.
+- Automatic empty zone creation for D.F.IP6.ARPA and friends.  Note: RFC
+  1918 zones are not yet covered by this but are likely to be in a future
+  release.
+- New options: empty-server, empty-contact, empty-zones-enable and
+  disable-empty-zone.
+- dig now has a '-q queryname' and '+showsearch' options.
+- host/nslookup now continue (default)/fail on SERVFAIL.
+- dig now warns if 'RA' is not set in the answer when 'RD' was set in the
+  query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
+  unless a server is explicitly set.
+- Integrate contibuted DLZ code into named.
+- Integrate contibuted IDN code from JPNIC.
+- libbind: corresponds to that from BIND 8.4.7.
+
+#### BIND 9.3.0
+
+- DNSSEC is now DS based (RFC 3658).
+- DNSSEC lookaside validation.
+- check-names is now implemented.
+- rrset-order is more complete.
+- IPv4/IPv6 transition support, dual-stack-servers.
+- IXFR deltas can now be generated when loading master files,
+  ixfr-from-differences.
+- It is now possible to specify the size of a journal, max-journal-size.
+- It is now possible to define a named set of master servers to be used in
+  masters clause, masters.
+- The advertised EDNS UDP size can now be set, edns-udp-size.
+- allow-v6-synthesis has been obsoleted.
+- Zones containing MD and MF will now be rejected.
+- dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
+  NOTIMPL.  This will have impact on scripts that are looking for NOTIMPL.
+- libbind: corresponds to that from BIND 8.4.5.
+
+#### BIND 9.2.0
+
+- The size of the cache can now be limited using the "max-cache-size"
+  option.
+- The server can now automatically convert RFC1886-style recursive lookup
+  requests into RFC2874-style lookups, when enabled using the new option
+  "allow-v6-synthesis".  This allows stub resolvers that support AAAA
+  records but not A6 record chains or binary labels to perform lookups in
+  domains that make use of these IPv6 DNS features.
+- Performance has been improved.
+- The man pages now use the more portable "man" macros rather than the
+  "mandoc" macros, and are installed by "make install".
+- The named.conf parser has been completely rewritten.  It now supports
+  "include" directives in more places such as inside "view" statements, and
+  it no longer has any reserved words.
+- The "rndc status" command is now implemented.
+- rndc can now be configured automatically.
+- A BIND 8 compatible stub resolver library is now included in lib/bind.
+- OpenSSL has been removed from the distribution.  This means that to use
+  DNSSEC, OpenSSL must be installed and the --with-openssl option must be
+  supplied to configure.  This does not apply to the use of TSIG, which
+  does not require OpenSSL.
+- The source distribution now builds on Windows.  See
+  win32utils/readme1.txt and win32utils/win32-build.txt for details.
+- This distribution also includes a new lightweight stub resolver library
+  and associated resolver daemon that fully support forward and reverse
+  lookups of both IPv4 and IPv6 addresses.  This library is considered
+  experimental and is not a complete replacement for the BIND 8 resolver
+  library.  Applications that use the BIND 8 `res_*` functions to perform
+  DNS lookups or dynamic updates still need to be linked against the BIND 8
+  libraries.  For DNS lookups, they can also use the new "getrrsetbyname()"
+  API.
+- BIND 9.2 is capable of acting as an authoritative server for DNSSEC
+  secured zones.  This functionality is believed to be stable and complete
+  except for lacking support for verifications involving wildcard records
+  in secure zones.
+- When acting as a caching server, BIND 9.2 can be configured to perform
+  DNSSEC secure resolution on behalf of its clients.  This part of the
+  DNSSEC implementation is still considered experimental.  For detailed
+  information about the state of the DNSSEC implementation, see the file
+  doc/misc/dnssec.

Kyuafile

@@ -0,0 +1,4 @@
+syntax(2)
+test_suite('bind9')
+
+include('lib/Kyuafile')

Makefile.in

@@ -1,14 +1,16 @@
-# Copyright (C) 1998-2002, 2004-2009, 2011-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# $Id: Makefile.in,v 1.62 2011/09/06 04:06:37 marka Exp $
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
+top_builddir =  @top_builddir@
 
 VERSION=@BIND9_VERSION@
 
@@ -20,7 +22,8 @@ MANPAGES =	isc-config.sh.1
 
 HTMLPAGES =	isc-config.sh.html
 
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+MANOBJS =	README HISTORY OPTIONS CONTRIBUTING PLATFORMS \
+		${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
@@ -60,12 +63,19 @@ install:: isc-config.sh installdirs
 	@LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
 	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
 
+uninstall::
+	rm -f ${DESTDIR}${sysconfdir}/bind.keys
+	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
+	rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1
+	rm -f ${DESTDIR}${bindir}/bind9-config
+	rm -f ${DESTDIR}${bindir}/isc-config.sh
+
 tags:
 	rm -f TAGS
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
 
 test check:
-	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
+	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>/dev/null || echo fail`"; then \
 	echo I: NOTE: The tests were not run because they require that; \
 	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
 	echo I:	as alias addresses on the loopback interface.  Please run; \
@@ -81,16 +91,36 @@ force-test: test-force
 test-force:
 	status=0; \
 	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
-	(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
+	(test -f ${top_builddir}/unit/unittest.sh && \
+		$(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \
 	exit $$status
 
-FAQ: FAQ.xml
-	${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
-	LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
-	mv $@.tmp $@
+README: README.md
+	${PANDOC} --email-obfuscation=none -s -t html README.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+HISTORY: HISTORY.md
+	${PANDOC} --email-obfuscation=none -s -t html HISTORY.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+OPTIONS: OPTIONS.md
+	${PANDOC} --email-obfuscation=none -s -t html OPTIONS.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+CONTRIBUTING: CONTRIBUTING.md
+	${PANDOC} --email-obfuscation=none -s -t html CONTRIBUTING.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
+
+PLATFORMS: PLATFORMS.md
+	${PANDOC} --email-obfuscation=none -s -t html PLATFORMS.md | \
+		${W3M} -dump -cols 75 -O ascii -T text/html | \
+		sed -e '$${/^$$/d;}' > $@
 
 unit::
-	sh ${top_srcdir}/unit/unittest.sh
+	sh ${top_builddir}/unit/unittest.sh
 
 clean::
-	rm -f FAQ.tmp

OPTIONS

@@ -0,0 +1,26 @@
+Setting the STD_CDEFINES environment variable before running configure can
+be used to enable certain compile-time options that are not explicitly
+defined in configure.
+
+Some of these settings are:
+
+Setting                   Description
+                          Overwrite memory with tag values when allocating
+-DISC_MEM_DEFAULTFILL=1   or freeing it; this impairs performance but
+                          makes debugging of memory problems easier.
+                          Don't track memory allocations by file and line
+-DISC_MEM_TRACKLINES=0    number; this improves performance but makes
+                          debugging more difficult.
+-DISC_FACILITY=LOG_LOCAL0 Change the default syslog facility for named
+-DNS_CLIENT_DROPPORT=0    Disable dropping queries from particular
+                          well-known ports:
+-DCHECK_SIBLING=0         Don't check sibling glue in named-checkzone
+-DCHECK_LOCAL=0           Don't check out-of-zone addresses in
+                          named-checkzone
+-DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
+                          rather than ${localstatedir}/run/named/
+                          Disable the use of inline functions to implement
+-DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
+                          may be useful when debugging
+-DISC_HEAP_CHECK          Test heap consistency after every heap
+                          operation; used when debugging

OPTIONS.md

@@ -0,0 +1,27 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+Setting the `STD_CDEFINES` environment variable before running `configure`
+can be used to enable certain compile-time options that are not explicitly
+defined in `configure`.
+
+Some of these settings are:
+
+|Setting                            |Description |
+|-----------------------------------|----------------------------------------|
+|`-DISC_MEM_DEFAULTFILL=1`|Overwrite memory with tag values when allocating or freeing it; this impairs performance but makes debugging of memory problems easier.|
+|`-DISC_MEM_TRACKLINES=0`|Don't track memory allocations by file and line number; this improves performance but makes debugging more difficult.|
+|<nobr>`-DISC_FACILITY=LOG_LOCAL0`</nobr>|Change the default syslog facility for `named`|
+|`-DNS_CLIENT_DROPPORT=0`|Disable dropping queries from particular well-known ports:|
+|`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
+|`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
+|`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
+|`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
+|`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|

PLATFORMS

@@ -0,0 +1,56 @@
+Supported platforms
+
+In general, this version of BIND will build and run on any POSIX-compliant
+system with a C99-compliant C compiler, BSD-style sockets, and the OpenSSL
+cryptography library. To build with multiprocessing support, a
+C11-compliant C compiler will be needed for standard atomics.
+
+ISC regularly tests BIND on many operating systems and architectures, but
+lacks the resources to test all of them. Consequently, ISC is only able to
+offer support on a "best effort" basis for some.
+
+Regularly tested platforms
+
+As of May 2018, BIND 9.13 is tested on the following systems:
+
+  * Debian 8, 9
+  * Ubuntu 16.04, 18.04
+  * Fedora 27, 28
+  * Red Hat/CentOS 6, 7
+  * FreeBSD 10.x, 11.x
+  * OpenBSD 6.3
+
+The amd64, i386, armhf and arm64 CPU architectures are all fully
+supported.
+
+Best effort
+
+The following are platforms on which BIND is known to build and run, but
+on which it is not routinely tested. ISC makes every effort to fix bugs on
+these platforms, but may be unable to do so quickly due to lack of
+hardware, less familiarity on the part of engineering staff, and other
+constraints.
+
+  * Windows 10 / x64
+  * Windows Server 2012 R2, 2016 / x64
+  * macOS 10.12+
+  * Solaris 10
+  * FreeBSD 12+
+  * OpenBSD 6.2
+  * NetBSD
+  * Older or less popular Linux distributions still supported by their
+    vendors, such as:
+      + Ubuntu 14.04, 18.10+
+      + Gentoo
+      + ArchLinux
+      + Alpine Linux
+  * OpenWRT/LEDE 17.0
+  * Other CPU architectures (mips, mipsel, sparc, ...)
+
+Unsupported platforms
+
+These are platforms on which BIND is known not to build or run:
+
+  * Platforms without at least OpenSSL 1.0.2
+  * Windows 10 / x86
+  * Windows Server 2012

PLATFORMS.md

@@ -0,0 +1,64 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+## Supported platforms
+
+In general, this version of BIND will build and run on any POSIX-compliant
+system with a C99-compliant C compiler, BSD-style sockets, and the OpenSSL
+cryptography library. To build with multiprocessing support, a
+C11-compliant C compiler will be needed for standard atomics.
+
+ISC regularly tests BIND on many operating systems and architectures, but
+lacks the resources to test all of them. Consequently, ISC is only able to
+offer support on a "best effort" basis for some.
+
+### Regularly tested platforms
+
+As of May 2018, BIND 9.13 is tested on the following systems:
+
+* Debian 8, 9
+* Ubuntu 16.04, 18.04
+* Fedora 27, 28
+* Red Hat/CentOS 6, 7
+* FreeBSD 10.x, 11.x
+* OpenBSD 6.3
+
+The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
+
+### Best effort
+
+The following are platforms on which BIND is known to build and run,
+but on which it is not routinely tested. ISC makes every effort to fix bugs
+on these platforms, but may be unable to do so quickly due to lack of
+hardware, less familiarity on the part of engineering staff, and other
+constraints.
+
+* Windows 10 / x64
+* Windows Server 2012 R2, 2016 / x64
+* macOS 10.12+
+* Solaris 10
+* FreeBSD 12+
+* OpenBSD 6.2
+* NetBSD
+* Older or less popular Linux distributions still supported by their vendors, such as:
+    * Ubuntu 14.04, 18.10+
+    * Gentoo
+    * ArchLinux
+    * Alpine Linux
+* OpenWRT/LEDE 17.0
+* Other CPU architectures (mips, mipsel, sparc, ...)
+
+## Unsupported platforms
+
+These are platforms on which BIND is known *not* to build or run:
+
+* Platforms without at least OpenSSL 1.0.2
+* Windows 10 / x86
+* Windows Server 2012

README

@@ -1,511 +1,361 @@
 BIND 9
 
-	BIND version 9 is a major rewrite of nearly all aspects of the
-	underlying BIND architecture.  Some of the important features of
-	BIND 9 are:
+Contents
 
-		- DNS Security
-			DNSSEC (signed zones)
-			TSIG (signed DNS requests)
+ 1. Introduction
+ 2. Reporting bugs and getting help
+ 3. Contributing to BIND
+ 4. BIND 9.13 features
+ 5. Building BIND
+ 6. macOS
+ 7. Compile-time options
+ 8. Automated testing
+ 9. Documentation
+10. Change log
+11. Acknowledgments
 
-		- IP version 6
-			Answers DNS queries on IPv6 sockets
-			IPv6 resource records (AAAA)
-			Experimental IPv6 Resolver Library
+Introduction
 
-		- DNS Protocol Enhancements
-			IXFR, DDNS, Notify, EDNS0
-			Improved standards conformance
+BIND (Berkeley Internet Name Domain) is a complete, highly portable
+implementation of the DNS (Domain Name System) protocol.
 
-		- Views
-			One server process can provide multiple "views" of
-			the DNS namespace, e.g. an "inside" view to certain
-			clients, and an "outside" view to others.
+The BIND name server, named, is able to serve as an authoritative name
+server, recursive resolver, DNS forwarder, or all three simultaneously. It
+implements views for split-horizon DNS, automatic DNSSEC zone signing and
+key management, catalog zones to facilitate provisioning of zone data
+throughout a name server constellation, response policy zones (RPZ) to
+protect clients from malicious data, response rate limiting (RRL) and
+recursive query limits to reduce distributed denial of service attacks,
+and many other advanced DNS features. BIND also includes a suite of
+administrative tools, including the dig and delv DNS lookup tools,
+nsupdate for dynamic DNS zone updates, rndc for remote name server
+administration, and more.
 
-		- Multiprocessor Support
+BIND 9 began as a complete re-write of the BIND architecture that was used
+in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
+501(c)(3) public benefit corporation dedicated to providing software and
+services in support of the Internet infrastructure, developed BIND 9 and
+is responsible for its ongoing maintenance and improvement. BIND is open
+source software licenced under the terms of the Mozilla Public License,
+version 2.0.
 
-		- Improved Portability Architecture
+For a summary of features introduced in past major releases of BIND, see
+the file HISTORY.
 
+For a detailed list of changes made throughout the history of BIND 9, see
+the file CHANGES. See below for details on the CHANGES file format.
 
-	BIND version 9 development has been underwritten by the following
-	organizations:
+For up-to-date release notes and errata, see http://www.isc.org/software/
+bind9/releasenotes
 
-		Sun Microsystems, Inc.
-		Hewlett Packard
-		Compaq Computer Corporation
-		IBM
-		Process Software Corporation
-		Silicon Graphics, Inc.
-		Network Associates, Inc.
-		U.S. Defense Information Systems Agency
-		USENIX Association
-		Stichting NLnet - NLnet Foundation
-		Nominum, Inc.
+For information about supported platforms, see PLATFORMS.
 
-	For a summary of functional enhancements in previous
-	releases, see the HISTORY file.
+Reporting bugs and getting help
 
-	For a detailed list of user-visible changes from
-	previous releases, see the CHANGES file.
+To report non-security-sensitive bugs or request new features, you may
+open an Issue in the BIND 9 project on the ISC GitLab server at https://
+gitlab.isc.org/isc-projects/bind9.
 
-	For up-to-date release notes and errata, see
-	http://www.isc.org/software/bind9/releasenotes
+Please note that, unless you explicitly mark the newly created Issue as
+"confidential", it will be publicly readable. Please do not include any
+information in bug reports that you consider to be confidential unless the
+issue has been marked as such. In particular, if submitting the contents
+of your configuration file in a non-confidential Issue, it is advisable to
+obscure key secrets: this can be done automatically by using
+named-checkconf -px.
 
-BIND 9.11.0
+If the bug you are reporting is a potential security issue, such as an
+assertion failure or other crash in named, please do NOT use GitLab to
+report it. Instead, please send mail to security-officer@isc.org.
 
-	BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
-	releases.  New features include:
+Professional support and training for BIND are available from ISC at
+https://www.isc.org/support.
 
-	- Added support for Catalog Zones, a new method for provisioning
-	  servers: a list of zones to be served is stored in a DNS zone,
-	  along with their configuration parameters. Changes to the
-	  catalog zone are propagated to slaves via normal AXFR/IXFR,
-	  whereupon the zones that are listed in it are automatically
-	  added, deleted or reconfigured.
-	- Added support for "dnstap", a fast and flexible method of
-	  capturing and logging DNS traffic.
-	- Added support for "dyndb", a new API for loading zone data
-	  from an external database, developed by Red Hat for the FreeIPA
-	  project.
-	- New "fetchlimit" quotas are now available for the use of
-	  recursive resolvers that are are under high query load for
-	  domains whose authoritative servers are nonresponsive or are
-	  experiencing a denial of service attack:
-	  + "fetches-per-server" limits the number of simultaneous queries
-	    that can be sent to any single authoritative server.  The
-	    configured value is a starting point; it is automatically
-	    adjusted downward if the server is partially or completely
-	    non-responsive. The algorithm used to adjust the quota can be
-	    configured via the "fetch-quota-params" option.
-	  + "fetches-per-zone" limits the number of simultaneous queries
-	    that can be sent for names within a single domain.  (Note:
-	    Unlike "fetches-per-server", this value is not self-tuning.)
-	  + New stats counters have been added to count
-	    queries spilled due to these quotas.
-	- Added a new "dnssec-keymgr" key mainenance utility, which can
-	  generate or update keys as needed to ensure that a zone's
-	  keys match a defined DNSSEC policy.
-	- The experimental "SIT" feature in BIND 9.10 has been renamed
-	  "COOKIE" and is no longer optional. EDNS COOKIE is a mechanism
-	  enabling clients to detect off-path spoofed responses, and
-	  servers to detect spoofed-source queries.  Clients that identify
-	  themselves using COOKIE options are not subject to response rate
-	  limiting (RRL) and can receive larger UDP responses.
-	- SERVFAIL responses can now be cached for a limited time
-	  (defaulting to 1 second, with an upper limit of 30).
-	  This can reduce the frequency of retries when a query is
-	  persistently failing.
-	- Added an "nsip-wait-recurse" switch to RPZ. This causes NSIP
-	  rules to be skipped if a name server IP address isn't in the
-	  cache yet; the address will be looked up and the rule will be
-	  applied on future queries.
-	- Added a Python RNDC module. This allows multiple commands to
-	  sent over a persistent RNDC channel, which saves time.
-	- The "controls" block in named.conf can now grant read-only
-	  "rndc" access to specified clients or keys. Read-only clients
-	  could, for example, check "rndc status" but could not
-	  reconfigure or shut down the server.
-	- "rndc" commands can now return arbitrarily large amounts of
-	  text to the caller.
-	- The zone serial number of a dynamically updatable zone
-	  can now be set via "rndc signing -serial <number> <zonename>".
-	  This allows inline-signing zones to be set to a specific
-	  serial number.
-	- The new "rndc nta" command can be used to set a Negative
-	  Trust Anchor (NTA), disabling DNSSEC validation for a
-	  specific domain; this can be used when responses from a
-	  domain are known to be failing validation due to administrative
-	  error rather than because of a spoofing attack.  Negative
-	  trust anchors are strictly temporary; by default they expire
-	  after one hour, but can be configured to last up to one week.
-	- "rndc delzone" can now be used on zones that were not originally
-	  created by "rndc addzone".
-	- "rndc modzone" reconfigures a single zone, without requiring
-	  the entire server to be reconfigured.
-	- "rndc showzone" displays the current configuration of a zone.
-	- "rndc managed-keys" can be used to check the status of RFC 5001
-	  managed trust anchors, or to force trust anchors to be refreshed.
-	- "max-cache-size" can now be set to a percentage of available
-	  memory. The default is 90%.
-	- Update forwarding performance has been improved by allowing
-	  a single TCP connection to be shared by multiple updates.
-	- The EDNS Client Subnet (ECS) option is now supported for
-	  authoritative servers; if a query contains an ECS option
-	  then ACLs containing "geoip" or "ecs" elements can match
-	  against the the address encoded in the option.  This can be
-	  used to select a view for a query, so that different answers
-	  can be provided depending on the client network.
-	- The EDNS EXPIRE option has been implemented on the client
-	  side, allowing a slave server to set the expiration timer
-	  correctly when transferring zone data from another slave
-	  server.
-	- The key generation and manipulation tools (dnssec-keygen,
-	  dnssec-settime, dnssec-importkey, dnssec-keyfromlabel) now
-	  take "-Psync" and "-Dsync" options to set the publication
-	  and deletion times of CDS and CDNSKEY parent-synchronization
-	  records.  Both named and dnssec-signzone can now publish and
-	  remove these records at the scheduled times.
-	- A new "minimal-any" option reduces the size of UDP responses
-	  for query type ANY by returning a single arbitrarily selected
-	  RRset instead of all RRsets.
-	- A new "masterfile-style" zone option controls the formatting
-	  of text zone files:  When set to "full", a zone file is dumped
-	  in single-line-per-record format.
-	- "serial-update-method" can now be set to "date". On update,
-	  the serial number will be set to the current date in YYYYMMDDNN
-	  format.
-	- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
-	- "named -L <filename>" causes named to send log messages to
-	   the specified file by default instead of to the system log.
-	- "dig +ttlunits" prints TTL values with time-unit suffixes:
-	  w, d, h, m, s for weeks, days, hours, minutes, and seconds.
-	- "dig +unknownformat" prints dig output in RFC 3597 "unknown
-	  record" presentation format.
-	- "dig +ednsopt" allows dig to set arbitrary EDNS options on
-	  requests.
-	- "dig +ednsflags" allows dig to set yet-to-be-defined EDNS
-	  flags on requests.
-	- "mdig" is an alternate version of dig which sends multiple
-	  pipelined TCP queries to a server.  Instead of waiting for a
-	  response after sending a query, it sends all queries
-	  immediately and displays responses in the order received.
-	- "serial-query-rate" no longer controls NOTIFY messages.
-	  These are separately controlled by "notify-rate" and
-	  "startup-notify-rate".
-	- "nsupdate" now performs "check-names" processing by default
-	  on records to be added.  This can be disabled with
-	  "check-names no".
-	- The statistics channel now supports DEFLATE compression,
-	  reducing the size of the data sent over the network when
-	  querying statistics.
-	- New counters have been added to the statistics channel
-	  to track the sizes of incoming queries and outgoing responses in
-	  histogram buckets, as specified in RSSAC002.
-	- A new NXDOMAIN redirect method (option "nxdomain-redirect")
-	  has been added, allowing redirection to a specified DNS
-	  namespace instead of a single redirect zone.
-	- When starting up, named now ensures that no other named
-	  process is already running.
-	- Files created by named to store information, including "mkeys"
-	  and "nzf" files, are now named after their corresponding views
-	  unless the view name contains characters incompatible with use
-	  as a filename. Old style filenames (based on the hash of the
-	  view name) will still work.
+To join the BIND Users mailing list, or view the archives, visit https://
+lists.isc.org/mailman/listinfo/bind-users.
 
-	This release addresses the security flaws described in
-	CVE-2014-3214, CVE-2014-3859, CVE-2014-8500, CVE-2014-8680,
-	CVE-2015-1349, CVE-2015-5477, CVE-2015-5722, CVE-2015-5986,
-	CVE-2015-8000, CVE-2015-8704, CVE-2015-8705, CVE-2016-1285,
-	CVE-2016-1286 and CVE-2016-2088.
+If you're planning on making changes to the BIND 9 source code, you may
+also want to join the BIND Workers mailing list, at https://lists.isc.org/
+mailman/listinfo/bind-workers.
 
-Building
+Contributing to BIND
 
-	BIND 9 currently requires a UNIX system with an ANSI C compiler,
-	basic POSIX support, and a 64 bit integer type.
+ISC maintains a public git repository for BIND; details can be found at
+http://www.isc.org/git/.
 
-	We've had successful builds and tests on the following systems:
+Information for BIND contributors can be found in the following files: -
+General information: CONTRIBUTING.md - BIND 9 code style: doc/dev/style.md
+- BIND architecture and developer guide: doc/dev/dev.md
 
-		COMPAQ Tru64 UNIX 5.1B
-		Fedora Core 6
-		FreeBSD 4.10, 5.2.1, 6.2
-		HP-UX 11.11
-		Mac OS X 10.5
-		NetBSD 3.x, 4.0-beta, 5.0-beta
-		OpenBSD 3.3 and up
-		Solaris 8, 9, 9 (x86), 10
-		Ubuntu 7.04, 7.10
-		Windows XP/2003/2008
+Patches for BIND may be submitted as Merge Requests in the ISC GitLab
+server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
 
-	NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
-	Windows, including Windows NT and Windows 2000, are no longer
-	supported.
+By default, external contributors don't have ability to fork BIND in the
+GitLab server, but if you wish to contribute code to BIND, you may request
+permission to do so. Thereafter, you can create git branches and directly
+submit requests that they be reviewed and merged.
 
-	We have recent reports from the user community that a supported
-	version of BIND will build and run on the following systems:
+If you prefer, you may also submit code by opening a GitLab Issue and
+including your patch as an attachment, preferably generated by git
+format-patch.
 
-		AIX 4.3, 5L
-		CentOS 4, 4.5, 5
-		Darwin 9.0.0d1/ARM
-		Debian 4, 5, 6
-		Fedora Core 5, 7, 8
-		FreeBSD 6, 7, 8
-		HP-UX 11.23 PA
-		MacOS X 10.5, 10.6, 10.7
-		Red Hat Enterprise Linux 4, 5, 6
-		SCO OpenServer 5.0.6
-		Slackware 9, 10
-		SuSE 9, 10
+BIND 9.13 features
 
-	To build, just
+BIND 9.13 is the newest development branch of BIND 9. It includes a number
+of changes from BIND 9.12 and earlier releases. New features include:
 
-		./configure
-		make
+  * The default value of "dnssec-validation" is now "auto".
+  * Support for IDNA2008 when linking with libidn2.
+  * "Root key sentinel" support, enabling validating resolvers to indicate
+    via a special query which trust anchors are configured for the root
+    zone.
+  * Secondary zones can now be configured as "mirror" zones; their
+    contents are transferred in as with traditional slave zones, but are
+    subject to DNSSEC validation and are not treated as authoritative data
+    when answering. This makes it easier to configure a local copy of the
+    root zone as described in RFC 7706.
 
-	Do not use a parallel "make".
+In addition, cryptographic support has been modernized. BIND now uses the
+best available pseudo-random number generator for the platform on which
+it's built. Very old versions of OpenSSL are no longer supported.
+Cryptography is now mandatory; building BIND without DNSSEC is now longer
+supported.
 
-	Several environment variables that can be set before running
-	configure will affect compilation:
+Building BIND
 
-	    CC
-		The C compiler to use.  configure tries to figure
-		out the right one for supported systems.
+Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
+basic POSIX support, and a 64-bit integer type. Successful builds have
+been observed on many versions of Linux and UNIX, including RedHat,
+Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
+X, Solaris, HP-UX, AIX, SCO OpenServer, and OpenWRT.
 
-	    CFLAGS
-		C compiler flags.  Defaults to include -g and/or -O2
-		as supported by the compiler.  Please include '-g'
-		if you need to set CFLAGS.
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires the
+libcap library to set process privileges, though this requirement can be
+overridden by disabling capability support at compile time. See
+Compile-time options below for details on other libraries that may be
+required to support optional features.
 
-	    STD_CINCLUDES
-		System header file directories.  Can be used to specify
-		where add-on thread or IPv6 support is, for example.
-		Defaults to empty string.
+BIND is also available for Windows 2008 and higher. See win32utils/
+readme1st.txt for details on building for Windows systems.
 
-	    STD_CDEFINES
-		Any additional preprocessor symbols you want defined.
-		Defaults to empty string.
+To build on a UNIX or Linux system, use:
 
-		Possible settings:
-		Change the default syslog facility of named/lwresd.
-		  -DISC_FACILITY=LOG_LOCAL0
-		Enable DNSSEC signature chasing support in dig.
-		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-				    -DDIG_SIGCHASE_BU=1)
-		Disable dropping queries from particular well known ports.
-		  -DNS_CLIENT_DROPPORT=0
-		Sibling glue checking in named-checkzone is enabled by default.
-		To disable the default check set.  -DCHECK_SIBLING=0
-		named-checkzone checks out-of-zone addresses by default.
-		To disable this default set.  -DCHECK_LOCAL=0
-		To create the default pid files in ${localstatedir}/run rather
-		than ${localstatedir}/run/{named,lwresd}/ set.
-		  -DNS_RUN_PID_DIR=0
-		Enable workaround for Solaris kernel bug about /dev/poll
-		  -DISC_SOCKET_USE_POLLWATCH=1
-		  The watch timeout is also configurable, e.g.,
-		  -DISC_SOCKET_POLLWATCH_TIMEOUT=20
+    $ ./configure
+    $ make
 
-	    LDFLAGS
-		Linker flags. Defaults to empty string.
+If you're planning on making changes to the BIND 9 source, you should run
+make depend. If you're using Emacs, you might find make tags helpful.
 
-	The following need to be set when cross compiling.
+Several environment variables that can be set before running configure
+will affect compilation:
 
-	    BUILD_CC
-		The native C compiler.
-	    BUILD_CFLAGS (optional)
-	    BUILD_CPPFLAGS (optional)
-		Possible Settings:
-		-DNEED_OPTARG=1         (optarg is not declared in <unistd.h>)
-	    BUILD_LDFLAGS (optional)
-	    BUILD_LIBS (optional)
+Variable       Description
+CC             The C compiler to use. configure tries to figure out the
+               right one for supported systems.
+               C compiler flags. Defaults to include -g and/or -O2 as
+CFLAGS         supported by the compiler. Please include '-g' if you need
+               to set CFLAGS.
+               System header file directories. Can be used to specify
+STD_CINCLUDES  where add-on thread or IPv6 support is, for example.
+               Defaults to empty string.
+               Any additional preprocessor symbols you want defined.
+STD_CDEFINES   Defaults to empty string. For a list of possible settings,
+               see the file OPTIONS.
+LDFLAGS        Linker flags. Defaults to empty string.
+BUILD_CC       Needed when cross-compiling: the native C compiler to use
+               when building for the target system.
+BUILD_CFLAGS   Optional, used for cross-compiling
+BUILD_CPPFLAGS
+BUILD_LDFLAGS
+BUILD_LIBS
 
-	On most platforms, BIND 9 is built with multithreading
-	support, allowing it to take advantage of multiple CPUs.
-	You can configure this by specifying "--enable-threads" or
-	"--disable-threads" on the configure command line.  The default
-	is to enable threads, except on some older operating systems
-	on which threads are known to have had problems in the past.
-	(Note: Prior to BIND 9.10, the default was to disable threads on
-	Linux systems; this has been reversed.  On Linux systems, the
-	threaded build is known to change BIND's behavior with respect
-	to file permissions; it may be necessary to specify a user with
-	the -u option when running named.)
+macOS
 
-	To build shared libraries, specify "--with-libtool" on the
-	configure command line.
+Building on macOS assumes that the "Command Tools for Xcode" is installed.
+This can be downloaded from https://developer.apple.com/download/more/ or
+if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and
+other tools so that they can be easily found.
 
-	Certain compiled-in constants and default settings can be
-	increased to values better suited to large servers with abundant
-	memory resources (e.g, 64-bit servers with 12G or more of memory)
-	by specifying "--with-tuning=large" on the configure command
-	line. This can improve performance on big servers, but will
-	consume more memory and may degrade performance on smaller
-	systems.
+Compile-time options
 
-	For the server to support DNSSEC, you need to build it
-	with crypto support.  You must have OpenSSL 0.9.5a
-	or newer installed and specify "--with-openssl" on the
-	configure command line.  If OpenSSL is installed under
-	a nonstandard prefix, you can tell configure where to
-	look for it using "--with-openssl=/prefix".
+To see a full list of configuration options, run configure --help.
 
-	To support the HTTP statistics channel, the server must
-	be linked with at least one of the following: libxml2
-	(http://xmlsoft.org) or json-c (https://github.com/json-c).
-	If these are installed at a nonstandard prefix, use
-	"--with-libxml2=/prefix" or "--with-libjson=/prefix".
+On most platforms, BIND 9 is built with multithreading support, allowing
+it to take advantage of multiple CPUs. You can configure this by
+specifying --enable-threads or --disable-threads on the configure command
+line. The default is to enable threads, except on some older operating
+systems on which threads are known to have had problems in the past.
+(Note: Prior to BIND 9.10, the default was to disable threads on Linux
+systems; this has now been reversed. On Linux systems, the threaded build
+is known to change BIND's behavior with respect to file permissions; it
+may be necessary to specify a user with the -u option when running named.)
 
-	To support compression on the HTTP statistics channel, the
-	server must be linked against libzlib (--with-zlib=/prefix).
+To build shared libraries, specify --with-libtool on the configure command
+line.
 
-	Python requires 'argparse' and 'ply' to be available.
-	'argparse' is a standard module as of Python 2.7 and Python 3.2.
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying --with-tuning=
+large on the configure command line. This can improve performance on big
+servers, but will consume more memory and may degrade performance on
+smaller systems.
 
-	On some platforms it is necessary to explicitly request large
-	file support to handle files bigger than 2GB.  This can be
-	done by "--enable-largefile" on the configure command line.
+For the server to support DNSSEC, you need to build it with crypto
+support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
+installed. If the OpenSSL library is installed in a nonstandard location,
+specify the prefix using --with-openssl=<PREFIX> on the configure command
+line. To use a PKCS#11 hardware service module for cryptographic
+operations, specify the path to the PKCS#11 provider library using
+--with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
 
-	Support for the "fixed" rrset-order option can be enabled
-	or disabled by specifying "--enable-fixed-rrset" or
-	"--disable-fixed-rrset" on the configure command line.
-	The default is "disabled", to reduce memory footprint.
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2 http://xmlsoft.org or json-c https://
+github.com/json-c. If these are installed at a nonstandard location,
+specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
 
-	If your operating system has integrated support for IPv6, it
-	will be used automatically.  If you have installed KAME IPv6
-	separately, use "--with-kame[=PATH]" to specify its location.
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib. If this is installed in a nonstandard location,
+specify the prefix using --with-zlib=/prefix.
 
-	"make install" will install "named" and the various BIND 9 libraries.
-	By default, installation is into /usr/local, but this can be changed
-	with the "--prefix" option when running "configure".
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in
+a nonstandard location, specify the prefix using with-lmdb=/prefix.
 
-	You may specify the option "--sysconfdir" to set the directory
-	where configuration files like "named.conf" go by default,
-	and "--localstatedir" to set the default parent directory
-	of "run/named.pid".   For backwards compatibility with BIND 8,
-	--sysconfdir defaults to "/etc" and --localstatedir defaults to
-	"/var" if no --prefix option is given.  If there is a --prefix
-	option, sysconfdir defaults to "$prefix/etc" and localstatedir
-	defaults to "$prefix/var".
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+--with-geoip. If the library is installed in a nonstandard location,
+specify the prefix using --with-geoip=/prefix.
 
-	To see additional configure options, run "configure --help".
-	Note that the help message does not reflect the BIND 8
-	compatibility defaults for sysconfdir and localstatedir.
+For DNSTAP packet logging, you must have installed libfstrm https://
+github.com/farsightsec/fstrm and libprotobuf-c https://
+developers.google.com/protocol-buffers, and BIND must be configured with
+--enable-dnstap.
 
-	If you're planning on making changes to the BIND 9 source, you
-	should also "make depend".  If you're using Emacs, you might find
-	"make tags" helpful.
+On Linux, process capabilities are managed in user space using the libcap
+library, which can be installed on most Linux systems via the libcap-dev
+or libcap-devel module. Process capability support can also be disabled by
+configuring with --disable-linux-caps.
 
-	If you need to re-run configure please run "make distclean" first.
-	This will ensure that all the option changes take.
+Portions of BIND that are written in Python, including dnssec-keymgr,
+dnssec-coverage, dnssec-checkds, and some of the system tests, require the
+'argparse' and 'ply' modules to be available. 'argparse' is a standard
+module as of Python 2.7 and Python 3.2. 'ply' is available from https://
+pypi.python.org/pypi/ply.
 
-	Building with gcc is not supported, unless gcc is the vendor's usual
-	compiler (e.g. the various BSD systems, Linux).
+On some platforms it is necessary to explicitly request large file support
+to handle files bigger than 2GB. This can be done by using
+--enable-largefile on the configure command line.
 
-	Known compiler issues:
-	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
-	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
-	* gcc-3.3.5 powerpc generates incorrect code at -02.
-	* Irix, MipsPRO 7.4.1m is known to cause problems.
+Support for the "fixed" rrset-order option can be enabled or disabled by
+specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
+command line. By default, fixed rrset-order is disabled to reduce memory
+footprint.
 
-	A limited test suite can be run with "make test".  Many of
-	the tests require you to configure a set of virtual IP addresses
-	on your system, and some require Perl; see bin/tests/system/README
-	for details.
+If your operating system has integrated support for IPv6, it will be used
+automatically. If you have installed KAME IPv6 separately, use --with-kame
+[=PATH] to specify its location.
 
-	SunOS 4 requires "printf" to be installed to make the shared
-	libraries.  sh-utils-1.16 provides a "printf" which compiles
-	on SunOS 4.
+make install will install named and the various BIND 9 libraries. By
+default, installation is into /usr/local, but this can be changed with the
+--prefix option when running configure.
 
-Known limitations
+You may specify the option --sysconfdir to set the directory where
+configuration files like named.conf go by default, and --localstatedir to
+set the default parent directory of run/named.pid. For backwards
+compatibility with BIND 8, --sysconfdir defaults to /etc and
+--localstatedir defaults to /var if no --prefix option is given. If there
+is a --prefix option, sysconfdir defaults to $prefix/etc and localstatedir
+defaults to $prefix/var.
 
-	Linux requires kernel build 2.6.39 or later to get the
-	performance benefits from using multiple sockets.
+Automated testing
+
+A system test suite can be run with make test. The system tests require
+you to configure a set of virtual IP addresses on your system (this allows
+multiple servers to run locally and communicate with one another). These
+IP addresses can be configured by running the command bin/tests/system/
+ifconfig.sh up as root.
+
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
+and will be skipped if these are not available. Some tests require Python
+and the 'dnspython' module and will be skipped if these are not available.
+See bin/tests/system/README for further details.
+
+Unit tests are implemented using Automated Testing Framework (ATF). To run
+them, use configure --with-atf, then run make test or make unit.
 
 Documentation
 
-	The BIND 9 Administrator Reference Manual is included with the
-	source distribution in DocBook XML and HTML format, in the
-	doc/arm directory.
+The BIND 9 Administrator Reference Manual is included with the source
+distribution, in DocBook XML, HTML and PDF format, in the doc/arm
+directory.
 
-	Some of the programs in the BIND 9 distribution have man pages
-	in their directories.  In particular, the command line
-	options of "named" are documented in /bin/named/named.8.
-	There is now also a set of man pages for the lwres library.
+Some of the programs in the BIND 9 distribution have man pages in their
+directories. In particular, the command line options of named are
+documented in bin/named/named.8.
 
-	If you are upgrading from BIND 8, please read the migration
-	notes in doc/misc/migration.  If you are upgrading from
-	BIND 4, read doc/misc/migration-4to9.
+Frequently (and not-so-frequently) asked questions and their answers can
+be found in the ISC Knowledge Base at https://kb.isc.org.
 
-	Frequently asked questions and their answers can be found in
-	FAQ.
+Additional information on various subjects can be found in other README
+files throughout the source tree.
 
-	Additional information on various subjects can be found
-	in the other README files.
+Change log
 
+A detailed list of all changes that have been made throughout the
+development BIND 9 is included in the file CHANGES, with the most recent
+changes listed first. Change notes include tags indicating the category of
+the change that was made; these categories are:
 
-Change Log
-
-	A detailed list of all changes to BIND 9 is included in the
-	file CHANGES, with the most recent changes listed first.
-	Change notes include tags indicating the category of the
-	change that was made; these categories are:
-
-	   [func]         New feature
-
-	   [bug]          General bug fix
-
-	   [security]     Fix for a significant security flaw
-
-	   [experimental] Used for new features when the syntax
-			  or other aspects of the design are still
-			  in flux and may change
-
-	   [port]         Portability enhancement
-
-	   [maint]        Updates to built-in data such as root
-			  server addresses and keys
-
-	   [tuning]       Changes to built-in configuration defaults
-			  and constants to improve performance
-
-	   [performance]  Other changes to improve server performance
-
-	   [protocol]     Updates to the DNS protocol such as new
-			  RR types
-
-	   [test]         Changes to the automatic tests, not
-			  affecting server functionality
-
-	   [cleanup]      Minor corrections and refactoring
-
-	   [doc]          Documentation
-
-	   [contrib]	  Changes to the contributed tools and
-			  libraries in the 'contrib' subdirectory
-
-	   [placeholder]  Used in the master development branch to
-			  reserve change numbers for use in other
-			  branches, e.g. when fixing a bug that only
-			  exists in older releases
-
-	In general, [func] and [experimental] tags will only appear
-	in new-feature releases (i.e., those with version numbers
-	ending in zero).  Some new functionality may be backported to
-	older releases on a case-by-case basis.  All other change
-	types may be applied to all currently-supported releases.
-
-
-Bug Reports and Mailing Lists
-
-	Bug reports should be sent to:
-
-		bind9-bugs@isc.org
-
-	Feature requests can be sent to:
-
-		bind-suggest@isc.org
-
-	To join or view the archives of the BIND Users mailing list,
-	visit:
-
-		https://lists.isc.org/mailman/listinfo/bind-users
-
-	If you're planning on making changes to the BIND 9 source
-	code, you may also want to join the BIND Workers mailing
-	list:
-
-		https://lists.isc.org/mailman/listinfo/bind-workers
-
-	Information on read-only Git access, coding style and developer
-	guidelines can be found at:
-
-		http://www.isc.org/git/
+Category       Description
+[func]         New feature
+[bug]          General bug fix
+[security]     Fix for a significant security flaw
+[experimental] Used for new features when the syntax or other aspects of
+               the design are still in flux and may change
+[port]         Portability enhancement
+[maint]        Updates to built-in data such as root server addresses and
+               keys
+[tuning]       Changes to built-in configuration defaults and constants to
+               improve performance
+[performance]  Other changes to improve server performance
+[protocol]     Updates to the DNS protocol such as new RR types
+[test]         Changes to the automatic tests, not affecting server
+               functionality
+[cleanup]      Minor corrections and refactoring
+[doc]          Documentation
+[contrib]      Changes to the contributed tools and libraries in the
+               'contrib' subdirectory
+               Used in the master development branch to reserve change
+[placeholder]  numbers for use in other branches, e.g. when fixing a bug
+               that only exists in older releases
 
+In general, [func] and [experimental] tags will only appear in new-feature
+releases (i.e., those with version numbers ending in zero). Some new
+functionality may be backported to older releases on a case-by-case basis.
+All other change types may be applied to all currently-supported releases.
 
 Acknowledgments
 
-	- This product includes software developed by the OpenSSL Project
-	  for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/).
-	- This product includes cryptographic software written by Eric
-	  Young (eay@cryptsoft.com).
-	- This product includes software written by Tim Hudson
-	  (tjh@cryptsoft.com).
+  * The original development of BIND 9 was underwritten by the following
+    organizations:
+
+    Sun Microsystems, Inc.
+    Hewlett Packard
+    Compaq Computer Corporation
+    IBM
+    Process Software Corporation
+    Silicon Graphics, Inc.
+    Network Associates, Inc.
+    U.S. Defense Information Systems Agency
+    USENIX Association
+    Stichting NLnet - NLnet Foundation
+    Nominum, Inc.
+
+  * This product includes software developed by the OpenSSL Project for
+    use in the OpenSSL Toolkit. http://www.OpenSSL.org/
+  * This product includes cryptographic software written by Eric Young
+    (eay@cryptsoft.com)
+  * This product includes software written by Tim Hudson
+    (tjh@cryptsoft.com)

README.md

@@ -0,0 +1,372 @@
+<!--
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ -
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
+-->
+# BIND 9
+
+### Contents
+
+1. [Introduction](#intro)
+1. [Reporting bugs and getting help](#help)
+1. [Contributing to BIND](#contrib)
+1. [BIND 9.13 features](#features)
+1. [Building BIND](#build)
+1. [macOS](#macos)
+1. [Compile-time options](#opts)
+1. [Automated testing](#testing)
+1. [Documentation](#doc)
+1. [Change log](#changes)
+1. [Acknowledgments](#ack)
+
+### <a name="intro"/> Introduction
+
+BIND (Berkeley Internet Name Domain) is a complete, highly portable
+implementation of the DNS (Domain Name System) protocol.
+
+The BIND name server, `named`, is able to serve as an authoritative name
+server, recursive resolver, DNS forwarder, or all three simultaneously.  It
+implements views for split-horizon DNS, automatic DNSSEC zone signing and
+key management, catalog zones to facilitate provisioning of zone data
+throughout a name server constellation, response policy zones (RPZ) to
+protect clients from malicious data, response rate limiting (RRL) and
+recursive query limits to reduce distributed denial of service attacks,
+and many other advanced DNS features.  BIND also includes a suite of
+administrative tools, including the `dig` and `delv` DNS lookup tools,
+`nsupdate` for dynamic DNS zone updates, `rndc` for remote name server
+administration, and more.
+
+BIND 9 began as a complete re-write of the BIND architecture that was
+used in versions 4 and 8.  Internet Systems Consortium
+([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
+corporation dedicated to providing software and services in support of the
+Internet infrastructure, developed BIND 9 and is responsible for its
+ongoing maintenance and improvement.  BIND is open source software
+licenced under the terms of the Mozilla Public License, version 2.0.
+
+For a summary of features introduced in past major releases of BIND,
+see the file [HISTORY](HISTORY.md).
+
+For a detailed list of changes made throughout the history of BIND 9, see
+the file [CHANGES](CHANGES). See [below](#changes) for details on the
+CHANGES file format.
+
+For up-to-date release notes and errata, see
+[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
+
+For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
+
+### <a name="help"/> Reporting bugs and getting help
+
+To report non-security-sensitive bugs or request new features, you may
+open an Issue in the BIND 9 project on the
+[ISC GitLab server](https://gitlab.isc.org) at
+[https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9).
+
+Please note that, unless you explicitly mark the newly created Issue as
+"confidential", it will be publicly readable.  Please do not include any
+information in bug reports that you consider to be confidential unless
+the issue has been marked as such.  In particular, if submitting the
+contents of your configuration file in a non-confidential Issue, it is
+advisable to obscure key secrets: this can be done automatically by
+using `named-checkconf -px`.
+
+If the bug you are reporting is a potential security issue, such as an
+assertion failure or other crash in `named`, please do *NOT* use GitLab to
+report it. Instead, please send mail to
+[security-officer@isc.org](mailto:security-officer@isc.org).
+
+Professional support and training for BIND are available from
+ISC at [https://www.isc.org/support](https://www.isc.org/support).
+
+To join the __BIND Users__ mailing list, or view the archives, visit
+[https://lists.isc.org/mailman/listinfo/bind-users](https://lists.isc.org/mailman/listinfo/bind-users).
+
+If you're planning on making changes to the BIND 9 source code, you
+may also want to join the __BIND Workers__ mailing list, at
+[https://lists.isc.org/mailman/listinfo/bind-workers](https://lists.isc.org/mailman/listinfo/bind-workers).
+
+### <a name="contrib"/> Contributing to BIND
+
+ISC maintains a public git repository for BIND; details can be found
+at [http://www.isc.org/git/](http://www.isc.org/git/).
+
+Information for BIND contributors can be found in the following files:
+- General information: [CONTRIBUTING.md](CONTRIBUTING)
+- BIND 9 code style: [doc/dev/style.md](doc/dev/style.md)
+- BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
+
+Patches for BIND may be submitted as
+[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
+in the [ISC GitLab server](https://gitlab.isc.org) at
+at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
+
+By default, external contributors don't have ability to fork BIND in the
+GitLab server, but if you wish to contribute code to BIND, you may request
+permission to do so. Thereafter, you can create git branches and directly
+submit requests that they be reviewed and merged.
+
+If you prefer, you may also submit code by opening a
+[GitLab Issue](https://gitlab.isc.org/isc-projects/bind9/issues) and
+including your patch as an attachment, preferably generated by
+`git format-patch`.
+
+### <a name="features"/> BIND 9.13 features
+
+BIND 9.13 is the newest development branch of BIND 9. It includes a
+number of changes from BIND 9.12 and earlier releases.  New features
+include:
+
+* The default value of "dnssec-validation" is now "auto".
+* Support for IDNA2008 when linking with `libidn2`.
+* "Root key sentinel" support, enabling validating resolvers to indicate
+  via a special query which trust anchors are configured for the root zone.
+* Secondary zones can now be configured as "mirror" zones; their contents
+  are transferred in as with traditional slave zones, but are subject to
+  DNSSEC validation and are not treated as authoritative data when
+  answering. This makes it easier to configure a local copy of the root
+  zone as described in RFC 7706.
+
+In addition, cryptographic support has been modernized. BIND now uses the
+best available pseudo-random number generator for the platform on which
+it's built. Very old versions of OpenSSL are no longer supported.
+Cryptography is now mandatory; building BIND without DNSSEC is now
+longer supported.
+
+### <a name="build"/> Building BIND
+
+Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
+basic POSIX support, and a 64-bit integer type. Successful builds have been
+observed on many versions of Linux and UNIX, including RedHat, Fedora,
+Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
+Solaris, HP-UX, AIX, SCO OpenServer, and OpenWRT.
+
+BIND requires a cryptography provider library such as OpenSSL or a
+hardware service module supporting PKCS#11. On Linux, BIND requires
+the `libcap` library to set process privileges, though this requirement
+can be overridden by disabling capability support at compile time.
+See [Compile-time options](#opts) below for details on other libraries
+that may be required to support optional features.
+
+BIND is also available for Windows 2008 and higher.  See
+`win32utils/readme1st.txt` for details on building for Windows
+systems.
+
+To build on a UNIX or Linux system, use:
+
+		$ ./configure
+		$ make
+
+If you're planning on making changes to the BIND 9 source, you should run
+`make depend`.  If you're using Emacs, you might find `make tags` helpful.
+
+Several environment variables that can be set before running `configure` will
+affect compilation:
+
+|Variable|Description |
+|--------------------|-----------------------------------------------|
+|`CC`|The C compiler to use.  `configure` tries to figure out the right one for supported systems.|
+|`CFLAGS`|C compiler flags.  Defaults to include -g and/or -O2 as supported by the compiler.  Please include '-g' if you need to set `CFLAGS`. |
+|`STD_CINCLUDES`|System header file directories.  Can be used to specify where add-on thread or IPv6 support is, for example.  Defaults to empty string.|
+|`STD_CDEFINES`|Any additional preprocessor symbols you want defined.  Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
+|`LDFLAGS`|Linker flags. Defaults to empty string.|
+|`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
+|`BUILD_CFLAGS`|Optional, used for cross-compiling|
+|`BUILD_CPPFLAGS`||
+|`BUILD_LDFLAGS`||
+|`BUILD_LIBS`||
+
+#### <a name="macos"> macOS
+
+Building on macOS assumes that the "Command Tools for Xcode" is installed.
+This can be downloaded from https://developer.apple.com/download/more/
+or if you have Xcode already installed you can run "xcode-select --install".
+This will add /usr/include to the system and install the compiler and other
+tools so that they can be easily found.
+
+
+#### <a name="opts"/> Compile-time options
+
+To see a full list of configuration options, run `configure --help`.
+
+On most platforms, BIND 9 is built with multithreading support, allowing it
+to take advantage of multiple CPUs.  You can configure this by specifying
+`--enable-threads` or `--disable-threads` on the `configure` command line.
+The default is to enable threads, except on some older operating systems on
+which threads are known to have had problems in the past.  (Note: Prior to
+BIND 9.10, the default was to disable threads on Linux systems; this has
+now been reversed.  On Linux systems, the threaded build is known to change
+BIND's behavior with respect to file permissions; it may be necessary to
+specify a user with the -u option when running `named`.)
+
+To build shared libraries, specify `--with-libtool` on the `configure`
+command line.
+
+Certain compiled-in constants and default settings can be increased to
+values better suited to large servers with abundant memory resources (e.g,
+64-bit servers with 12G or more of memory) by specifying
+`--with-tuning=large` on the `configure` command line. This can improve
+performance on big servers, but will consume more memory and may degrade
+performance on smaller systems.
+
+For the server to support DNSSEC, you need to build it with crypto support.
+To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
+OpenSSL library is installed in a nonstandard location, specify the prefix
+using `--with-openssl=<PREFIX>` on the configure command line. To use a
+PKCS#11 hardware service module for cryptographic operations, specify the
+path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
+configure BIND with `--enable-native-pkcs11`.
+
+To support the HTTP statistics channel, the server must be linked with at
+least one of the following: libxml2
+[http://xmlsoft.org](http://xmlsoft.org) or json-c
+[https://github.com/json-c](https://github.com/json-c).  If these are
+installed at a nonstandard location, specify the prefix using
+`--with-libxml2=/prefix` or `--with-libjson=/prefix`.
+
+To support compression on the HTTP statistics channel, the server must be
+linked against libzlib.  If this is installed in a nonstandard location,
+specify the prefix using `--with-zlib=/prefix`.
+
+To support storing configuration data for runtime-added zones in an LMDB
+database, the server must be linked with liblmdb. If this is installed in a
+nonstandard location, specify the prefix using `with-lmdb=/prefix`.
+
+To support GeoIP location-based ACLs, the server must be linked with
+libGeoIP. This is not turned on by default; BIND must be configured with
+`--with-geoip`. If the library is installed in a nonstandard location,
+specify the prefix using `--with-geoip=/prefix`.
+
+For DNSTAP packet logging, you must have installed libfstrm
+[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
+and libprotobuf-c
+[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
+and BIND must be configured with `--enable-dnstap`.
+
+On Linux, process capabilities are managed in user space using
+the `libcap` library, which can be installed on most Linux systems via
+the `libcap-dev` or `libcap-devel` module. Process capability support can
+also be disabled by configuring with `--disable-linux-caps`.
+
+Portions of BIND that are written in Python, including
+`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
+system tests, require the 'argparse' and 'ply' modules to be available.
+'argparse' is a standard module as of Python 2.7 and Python 3.2.
+'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
+
+On some platforms it is necessary to explicitly request large file support
+to handle files bigger than 2GB.  This can be done by using
+`--enable-largefile` on the `configure` command line.
+
+Support for the "fixed" rrset-order option can be enabled or disabled by
+specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the
+configure command line.  By default, fixed rrset-order is disabled to
+reduce memory footprint.
+
+If your operating system has integrated support for IPv6, it will be used
+automatically.  If you have installed KAME IPv6 separately, use
+`--with-kame[=PATH]` to specify its location.
+
+`make install` will install `named` and the various BIND 9 libraries.  By
+default, installation is into /usr/local, but this can be changed with the
+`--prefix` option when running `configure`.
+
+You may specify the option `--sysconfdir` to set the directory where
+configuration files like `named.conf` go by default, and `--localstatedir`
+to set the default parent directory of `run/named.pid`.   For backwards
+compatibility with BIND 8, `--sysconfdir` defaults to `/etc` and
+`--localstatedir` defaults to `/var` if no `--prefix` option is given.  If
+there is a `--prefix` option, sysconfdir defaults to `$prefix/etc` and
+localstatedir defaults to `$prefix/var`.
+
+### <a name="testing"/> Automated testing
+
+A system test suite can be run with `make test`.  The system tests require
+you to configure a set of virtual IP addresses on your system (this allows
+multiple servers to run locally and communicate with one another).  These
+IP addresses can be configured by running the command
+`bin/tests/system/ifconfig.sh up` as root.
+
+Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
+and will be skipped if these are not available. Some tests require Python
+and the 'dnspython' module and will be skipped if these are not available.
+See bin/tests/system/README for further details.
+
+Unit tests are implemented using Automated Testing Framework (ATF).
+To run them, use `configure --with-atf`, then run `make test` or
+`make unit`.
+
+### <a name="doc"/> Documentation
+
+The *BIND 9 Administrator Reference Manual* is included with the source
+distribution, in DocBook XML, HTML and PDF format, in the `doc/arm`
+directory.
+
+Some of the programs in the BIND 9 distribution have man pages in their
+directories.  In particular, the command line options of `named` are
+documented in `bin/named/named.8`.
+
+Frequently (and not-so-frequently) asked questions and their answers
+can be found in the ISC Knowledge Base at
+[https://kb.isc.org](https://kb.isc.org).
+
+Additional information on various subjects can be found in other
+`README` files throughout the source tree.
+
+### <a name="changes"/> Change log
+
+A detailed list of all changes that have been made throughout the
+development BIND 9 is included in the file CHANGES, with the most recent
+changes listed first.  Change notes include tags indicating the category of
+the change that was made; these categories are:
+
+|Category	|Description	        			|
+|--------------	|-----------------------------------------------|
+| [func] | New feature |
+| [bug] | General bug fix |
+| [security] | Fix for a significant security flaw |
+| [experimental] | Used for new features when the syntax or other aspects of the design are still in flux and may change |
+| [port] | Portability enhancement |
+| [maint] | Updates to built-in data such as root server addresses and keys |
+| [tuning] | Changes to built-in configuration defaults and constants to improve performance |
+| [performance] | Other changes to improve server performance |
+| [protocol] | Updates to the DNS protocol such as new RR types |
+| [test] | Changes to the automatic tests, not affecting server functionality |
+| [cleanup] | Minor corrections and refactoring |
+| [doc] | Documentation |
+| [contrib] | Changes to the contributed tools and libraries in the 'contrib' subdirectory |
+| [placeholder] | Used in the master development branch to reserve change numbers for use in other branches, e.g. when fixing a bug that only exists in older releases |
+
+In general, [func] and [experimental] tags will only appear in new-feature
+releases (i.e., those with version numbers ending in zero).  Some new
+functionality may be backported to older releases on a case-by-case basis.
+All other change types may be applied to all currently-supported releases.
+
+### <a name="ack"/> Acknowledgments
+
+* The original development of BIND 9 was underwritten by the
+  following organizations:
+
+		Sun Microsystems, Inc.
+		Hewlett Packard
+		Compaq Computer Corporation
+		IBM
+		Process Software Corporation
+		Silicon Graphics, Inc.
+		Network Associates, Inc.
+		U.S. Defense Information Systems Agency
+		USENIX Association
+		Stichting NLnet - NLnet Foundation
+		Nominum, Inc.
+
+* This product includes software developed by the OpenSSL Project for use
+  in the OpenSSL Toolkit.
+  [http://www.OpenSSL.org/](http://www.OpenSSL.org/)
+* This product includes cryptographic software written by Eric Young
+  (eay@cryptsoft.com)
+* This product includes software written by Tim Hudson (tjh@cryptsoft.com)

acconfig.h

@@ -1,13 +1,14 @@
 /*
- * Copyright (C) 1999-2005, 2007, 2008, 2012, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: acconfig.h,v 1.53 2008/12/01 23:47:44 tbox Exp $ */
-
 /*! \file */
 
 /***
@@ -61,12 +62,6 @@
 /** define if gai_strerror() exists */
 #undef HAVE_GAISTRERROR
 
-/** define if arc4random() exists */
-#undef HAVE_ARC4RANDOM
-
-/** define if arc4random_addrandom() exists */
-#undef HAVE_ARC4RANDOM_ADDRANDOM
-
 /**
  * define if pthread_setconcurrency() should be called to tell the
  * OS how many threads we might want to run.
@@ -126,12 +121,6 @@ int sigwait(const unsigned int *set, int *sig);
 /** define if you have strerror in the C library. */
 #undef HAVE_STRERROR
 
-/* Define if OpenSSL includes DSA support */
-#undef HAVE_OPENSSL_DSA
-
-/* Define if you have getpassphrase in the C library. */
-#undef HAVE_GETPASSPHRASE
-
 /* Define to the length type used by the socket API (socklen_t, size_t, int). */
 #undef ISC_SOCKADDR_LEN_T
 

aclocal.m4

@@ -1,17 +1,296 @@
-sinclude(libtool.m4/libtool.m4)dnl
-sinclude(libtool.m4/ltoptions.m4)dnl
-sinclude(libtool.m4/ltsugar.m4)dnl
-sinclude(libtool.m4/ltversion.m4)dnl
-sinclude(libtool.m4/lt~obsolete.m4)dnl
+# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
 
-m4_divert_text(HELP_CANON, [[
-  NOTE: If PREFIX is not set, then the default values for --sysconfdir
-  and --localstatedir are /etc and /var, respectively.]])
-m4_divert_text(HELP_END, [[
-Professional support for BIND is provided by Internet Systems Consortium,
-Inc.  Information about paid support and training options is available at
-https://www.isc.org/support.
+# Copyright (C) 1996-2018 Free Software Foundation, Inc.
 
-Help can also often be found on the BIND Users mailing list
-(https://lists.isc.org/mailman/listinfo/bind-users) or in the #bind
-channel of the Freenode IRC service.]])
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
+# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+	_pkg_min_version=m4_default([$1], [0.9.0])
+	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+		AC_MSG_RESULT([yes])
+	else
+		AC_MSG_RESULT([no])
+		PKG_CONFIG=""
+	fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+  m4_default([$2], [:])
+m4_ifvaln([$3], [else
+  $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+    pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+    PKG_CHECK_EXISTS([$3],
+                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+		      test "x$?" != "x0" && pkg_failed=yes ],
+		     [pkg_failed=yes])
+ else
+    pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+        _pkg_short_errors_supported=yes
+else
+        _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+        AC_MSG_RESULT([no])
+        _PKG_SHORT_ERRORS_SUPPORTED
+        if test $_pkg_short_errors_supported = yes; then
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+        else
+	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+        fi
+	# Put the nasty error message in config.log where it belongs
+	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+	m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+        ])
+elif test $pkg_failed = untried; then
+        AC_MSG_RESULT([no])
+	m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old.  Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+        ])
+else
+	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+        AC_MSG_RESULT([yes])
+	$3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl   [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+    [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+    [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
+
+m4_include([m4/ax_check_openssl.m4])
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])

autogen.sh

@@ -1,10 +1,13 @@
 #!/bin/sh
 #
-# Copyright (C) 2015, 2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 # Run this script after modifying configure.in to generate configure
-autoreconf -i
+autoreconf -f -i

bin/Makefile.in

@@ -1,17 +1,18 @@
-# Copyright (C) 1998-2001, 2004, 2007, 2009, 2012-2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig delv dnssec tools tests nsupdate \
-		check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+SUBDIRS =	named rndc dig delv dnssec tools nsupdate check confgen \
+		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/Makefile.in

@@ -1,10 +1,11 @@
-# Copyright (C) 2000-2007, 2009, 2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -14,22 +15,24 @@ VERSION=@BIND9_VERSION@
 
 @BIND9_MAKE_INCLUDES@
 
-CINCLUDES =	${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${ISC_INCLUDES}
+CINCLUDES =	${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
+		${ISC_INCLUDES} @OPENSSL_INCLUDES@
 
 CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
+NSLIBS =	../../lib/ns/libns.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
+NSDEPENDLIBS =	../../lib/ns/libns.@A@
 
 LIBS =		${ISCLIBS} @LIBS@
 NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
@@ -61,14 +64,15 @@ named-checkzone.@O@: named-checkzone.c
 		-c ${srcdir}/named-checkzone.c
 
 named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
-		${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
+		${NSDEPENDLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
 	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
-	export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
+	export LIBS0="${NSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
 	${FINALBUILDCMD}
 
-named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+		${NSDEPENDLIBS} ${DNSDEPLIBS}
 	export BASEOBJS="named-checkzone.@O@ check-tool.@O@"; \
-	export LIBS0="${ISCCFGLIBS} ${DNSLIBS}"; \
+	export LIBS0="${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
 	${FINALBUILDCMD}
 
 doc man:: ${MANOBJS}
@@ -87,5 +91,12 @@ install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
 	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
 
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
+	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
+	rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@
+
 clean distclean::
 	rm -f ${TARGETS} r1.htm

bin/check/check-tool.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2000-2002, 2004-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
@@ -48,6 +50,8 @@
 
 #include <isccfg/log.h>
 
+#include <ns/log.h>
+
 #ifndef CHECK_SIBLING
 #define CHECK_SIBLING 1
 #endif
@@ -94,31 +98,24 @@ isc_boolean_t docheckmx = ISC_FALSE;
 isc_boolean_t dochecksrv = ISC_FALSE;
 isc_boolean_t docheckns = ISC_FALSE;
 #endif
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
-			    DNS_ZONEOPT_CHECKMX |
-			    DNS_ZONEOPT_MANYERRORS |
-			    DNS_ZONEOPT_CHECKNAMES |
-			    DNS_ZONEOPT_CHECKINTEGRITY |
+dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
+			     DNS_ZONEOPT_CHECKMX |
+			     DNS_ZONEOPT_MANYERRORS |
+			     DNS_ZONEOPT_CHECKNAMES |
+			     DNS_ZONEOPT_CHECKINTEGRITY |
 #if CHECK_SIBLING
-			    DNS_ZONEOPT_CHECKSIBLING |
+			     DNS_ZONEOPT_CHECKSIBLING |
 #endif
-			    DNS_ZONEOPT_CHECKWILDCARD |
-			    DNS_ZONEOPT_WARNMXCNAME |
-			    DNS_ZONEOPT_WARNSRVCNAME;
-unsigned int zone_options2 = 0;
+			     DNS_ZONEOPT_CHECKWILDCARD |
+			     DNS_ZONEOPT_WARNMXCNAME |
+			     DNS_ZONEOPT_WARNSRVCNAME;
 
 /*
  * This needs to match the list in bin/named/log.c.
  */
 static isc_logcategory_t categories[] = {
 	{ "",		     0 },
-	{ "client",	     0 },
-	{ "network",	     0 },
-	{ "update",	     0 },
-	{ "queries",	     0 },
 	{ "unmatched", 	     0 },
-	{ "update-security", 0 },
-	{ "query-errors",    0 },
 	{ NULL,		     0 }
 };
 
@@ -175,7 +172,7 @@ logged(char *key, int value) {
 }
 
 static isc_boolean_t
-checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
+checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
 {
 #ifdef USE_GETADDRINFO
@@ -209,8 +206,9 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -379,7 +377,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 }
 
 static isc_boolean_t
-checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
@@ -398,8 +396,9 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -464,7 +463,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 }
 
 static isc_boolean_t
-checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
+checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
 	struct addrinfo hints, *ai, *cur;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
@@ -483,8 +482,9 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	/*
 	 * Turn off search.
 	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
+	if (dns_name_countlabels(name) > 1U) {
+		strlcat(namebuf, ".", sizeof(namebuf));
+	}
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
 
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
@@ -559,6 +559,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	dns_log_init(log);
 	dns_log_setcontext(log);
 	cfg_log_init(log);
+	ns_log_init(log);
 
 	destination.file.stream = errout;
 	destination.file.name = NULL;
@@ -587,8 +588,7 @@ check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
 	dns_rdataset_t rdataset;
 	dns_fixedname_t fname;
 	dns_name_t *name;
-	dns_fixedname_init(&fname);
-	name = dns_fixedname_name(&fname);
+	name = dns_fixedname_initname(&fname);
 	dns_rdataset_init(&rdataset);
 
 	CHECK(dns_zone_getdb(zone, &db));
@@ -683,12 +683,12 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
 	isc_buffer_add(&buffer, strlen(zonename));
-	dns_fixedname_init(&fixorigin);
-	origin = dns_fixedname_name(&fixorigin);
+	origin = dns_fixedname_initname(&fixorigin);
 	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
-	CHECK(dns_zone_setfile2(zone, filename, fileformat));
+	CHECK(dns_zone_setfile(zone, filename, fileformat,
+			       &dns_master_style_default));
 	if (journal != NULL)
 		CHECK(dns_zone_setjournal(zone, journal));
 
@@ -698,7 +698,6 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 	dns_zone_setclass(zone, rdclass);
 	dns_zone_setoption(zone, zone_options, ISC_TRUE);
-	dns_zone_setoption2(zone, zone_options2, ISC_TRUE);
 	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
 
 	dns_zone_setmaxttl(zone, maxttl);
@@ -761,8 +760,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 		}
 	}
 
-	result = dns_zone_dumptostream3(zone, output, fileformat, style,
-					rawversion);
+	result = dns_zone_dumptostream(zone, output, fileformat, style,
+				       rawversion);
 	if (output != stdout)
 		(void)isc_stdio_close(output);
 

bin/check/check-tool.h

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2000-2002, 2004, 2005, 2007, 2010, 2011, 2013, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -19,6 +21,7 @@
 
 #include <dns/masterdump.h>
 #include <dns/types.h>
+#include <dns/zone.h>
 
 ISC_LANG_BEGINDECLS
 
@@ -46,8 +49,7 @@ extern isc_boolean_t nomerge;
 extern isc_boolean_t docheckmx;
 extern isc_boolean_t docheckns;
 extern isc_boolean_t dochecksrv;
-extern unsigned int zone_options;
-extern unsigned int zone_options2;
+extern dns_zoneopt_t zone_options;
 
 ISC_LANG_ENDDECLS
 

bin/check/named-checkconf.8

@@ -1,17 +1,8 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -48,7 +39,7 @@
 named-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP \w'\fBnamed\-checkconf\fR\ 'u
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-x\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
@@ -78,6 +69,25 @@ can be run on these files explicitly, however\&.
 Print the usage summary and exit\&.
 .RE
 .PP
+\-j
+.RS 4
+When loading a zonefile read the journal if it exists\&.
+.RE
+.PP
+\-l
+.RS 4
+List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
+.RE
+.PP
+\-p
+.RS 4
+Print out the
+named\&.conf
+and included files in canonical form if no errors were detected\&. See also the
+\fB\-x\fR
+option\&.
+.RE
+.PP
 \-t \fIdirectory\fR
 .RS 4
 Chroot to
@@ -93,13 +103,6 @@ Print the version of the
 program and exit\&.
 .RE
 .PP
-\-p
-.RS 4
-Print out the
-named\&.conf
-and included files in canonical form if no errors were detected\&.
-.RE
-.PP
 \-x
 .RS 4
 When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks (\*(Aq?\*(Aq)\&. This allows the contents of
@@ -114,11 +117,6 @@ Perform a test load of all master zones found in
 named\&.conf\&.
 .RE
 .PP
-\-j
-.RS 4
-When loading a zonefile read the journal if it exists\&.
-.RE
-.PP
 filename
 .RS 4
 The name of the configuration file to be checked\&. If not specified, it defaults to
@@ -138,7 +136,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000-2002 Internet Software Consortium.
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkconf.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 1999-2002, 2004-2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
@@ -18,7 +20,6 @@
 
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -59,7 +60,7 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-p [-x]] [-v] [-z] [-t directory] "
+	fprintf(stderr, "usage: %s [-hjlvz] [-p [-x]] [-t directory] "
 		"[named.conf]\n", program);
 	exit(1);
 }
@@ -126,8 +127,13 @@ get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
 		     element = cfg_list_next(element)) {
 			value = cfg_listelt_value(element);
 			type = cfg_tuple_get(value, "type");
-			if (strcasecmp(cfg_obj_asstring(type), "master") != 0)
+			if ((strcasecmp(cfg_obj_asstring(type),
+					"primary") != 0) &&
+			    (strcasecmp(cfg_obj_asstring(type),
+					"master") != 0))
+			{
 				continue;
+			}
 			*obj = cfg_tuple_get(value, "mode");
 			return (ISC_TRUE);
 		}
@@ -162,7 +168,7 @@ configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
 static isc_result_t
 configure_zone(const char *vclass, const char *view,
 	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
-	       const cfg_obj_t *config, isc_mem_t *mctx)
+	       const cfg_obj_t *config, isc_mem_t *mctx, isc_boolean_t list)
 {
 	int i = 0;
 	isc_result_t result;
@@ -204,6 +210,10 @@ configure_zone(const char *vclass, const char *view,
 	maps[i] = NULL;
 
 	cfg_map_get(zoptions, "in-view", &inviewobj);
+	if (inviewobj != NULL && list) {
+		const char *inview = cfg_obj_asstring(inviewobj);
+		printf("%s %s %s in-view %s\n", zname, zclass, view, inview);
+	}
 	if (inviewobj != NULL)
 		return (ISC_R_SUCCESS);
 
@@ -211,6 +221,12 @@ configure_zone(const char *vclass, const char *view,
 	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
 
+	if (list) {
+		const char *ztype = cfg_obj_asstring(typeobj);
+		printf("%s %s %s %s\n", zname, zclass, view, ztype);
+		return (ISC_R_SUCCESS);
+	}
+
 	/*
 	 * Skip checks when using an alternate data source.
 	 */
@@ -233,11 +249,14 @@ configure_zone(const char *vclass, const char *view,
 	 * Skip loading checks for any type other than
 	 * master and redirect
 	 */
-	if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
+	if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0) {
 		return (configure_hint(zfile, zclass, mctx));
-	else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) &&
-		  (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0))
+	} else if ((strcasecmp(cfg_obj_asstring(typeobj), "primary") != 0) &&
+		   (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) &&
+		   (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0))
+	{
 		return (ISC_R_SUCCESS);
+	}
 
 	/*
 	 * Is the redirect zone configured as a slave?
@@ -387,7 +406,7 @@ configure_zone(const char *vclass, const char *view,
 	obj = NULL;
 	if (get_maps(maps, "max-zone-ttl", &obj)) {
 		maxttl = cfg_obj_asuint32(obj);
-		zone_options2 |= DNS_ZONEOPT2_CHECKTTL;
+		zone_options |= DNS_ZONEOPT_CHECKTTL;
 	}
 
 	result = load_zone(mctx, zname, zfile, masterformat,
@@ -401,7 +420,7 @@ configure_zone(const char *vclass, const char *view,
 /*% configure a view */
 static isc_result_t
 configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx)
+	       const cfg_obj_t *vconfig, isc_mem_t *mctx, isc_boolean_t list)
 {
 	const cfg_listelt_t *element;
 	const cfg_obj_t *voptions;
@@ -425,7 +444,7 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
 	{
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
 		tresult = configure_zone(vclass, view, zconfig, vconfig,
-					 config, mctx);
+					 config, mctx, list);
 		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
 	}
@@ -449,7 +468,9 @@ config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 
 /*% load zones from the configuration */
 static isc_result_t
-load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
+load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
+		      isc_boolean_t list_zones)
+{
 	const cfg_listelt_t *element;
 	const cfg_obj_t *views;
 	const cfg_obj_t *vconfig;
@@ -480,13 +501,15 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
 
 		dns_rdataclass_format(viewclass, buf, sizeof(buf));
 		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
-		tresult = configure_view(buf, vname, config, vconfig, mctx);
+		tresult = configure_view(buf, vname, config, vconfig, mctx,
+					 list_zones);
 		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
 	}
 
 	if (views == NULL) {
-		tresult = configure_view("IN", "_default", config, NULL, mctx);
+		tresult = configure_view("IN", "_default", config, NULL, mctx,
+					 list_zones);
 		if (tresult != ISC_R_SUCCESS)
 			result = tresult;
 	}
@@ -514,8 +537,8 @@ main(int argc, char **argv) {
 	isc_mem_t *mctx = NULL;
 	isc_result_t result;
 	int exit_status = 0;
-	isc_entropy_t *ectx = NULL;
 	isc_boolean_t load_zones = ISC_FALSE;
+	isc_boolean_t list_zones = ISC_FALSE;
 	isc_boolean_t print = ISC_FALSE;
 	unsigned int flags = 0;
 
@@ -524,7 +547,7 @@ main(int argc, char **argv) {
 	/*
 	 * Process memory debugging argument first.
 	 */
-#define CMDLINE_FLAGS "dhjm:t:pvxz"
+#define CMDLINE_FLAGS "dhjlm:t:pvxz"
 	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 		switch (c) {
 		case 'm':
@@ -557,6 +580,10 @@ main(int argc, char **argv) {
 			nomerge = ISC_FALSE;
 			break;
 
+		case 'l':
+			list_zones = ISC_TRUE;
+			break;
+
 		case 'm':
 			break;
 
@@ -607,6 +634,10 @@ main(int argc, char **argv) {
 		fprintf(stderr, "%s: -x cannot be used without -p\n", program);
 		exit(1);
 	}
+	if (print && list_zones) {
+		fprintf(stderr, "%s: -l cannot be used with -p\n", program);
+		exit(1);
+	}
 
 	if (isc_commandline_index + 1 < argc)
 		usage();
@@ -621,10 +652,6 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
-
 	dns_result_register();
 
 	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
@@ -639,8 +666,8 @@ main(int argc, char **argv) {
 	if (result != ISC_R_SUCCESS)
 		exit_status = 1;
 
-	if (result == ISC_R_SUCCESS && load_zones) {
-		result = load_zones_fromconfig(config, mctx);
+	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
+		result = load_zones_fromconfig(config, mctx, list_zones);
 		if (result != ISC_R_SUCCESS)
 			exit_status = 1;
 	}
@@ -655,9 +682,6 @@ main(int argc, char **argv) {
 
 	isc_log_destroy(&logc);
 
-	isc_hash_destroy();
-	isc_entropy_detach(&ectx);
-
 	isc_mem_destroy(&mctx);
 
 #ifdef _WIN32

bin/check/named-checkconf.docbook

@@ -1,15 +1,18 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
   <info>
     <date>2014-01-10</date>
   </info>
@@ -26,6 +29,9 @@
 
   <docinfo>
     <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -33,14 +39,9 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
   </docinfo>
 
   <refnamediv>
@@ -51,14 +52,12 @@
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>named-checkconf</command>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-j</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-hjlvz</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-p</option>
+	<arg choice="opt" rep="norepeat"><option>-x</option>
+      </arg></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="req" rep="norepeat">filename</arg>
-      <arg choice="opt" rep="norepeat"><option>-p</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-x</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-z</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -85,7 +84,6 @@
 
   <refsection><info><title>OPTIONS</title></info>
 
-
     <variablelist>
       <varlistentry>
         <term>-h</term>
@@ -96,6 +94,37 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-j</term>
+        <listitem>
+          <para>
+            When loading a zonefile read the journal if it exists.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-l</term>
+        <listitem>
+          <para>
+            List all the configured zones. Each line of output
+            contains the zone name, class (e.g. IN), view, and type
+            (e.g. master or slave).
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p</term>
+        <listitem>
+          <para>
+	    Print out the <filename>named.conf</filename> and included files
+	    in canonical form if no errors were detected.
+            See also the <option>-x</option> option.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
@@ -117,16 +146,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-	    Print out the <filename>named.conf</filename> and included files
-	    in canonical form if no errors were detected.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-x</term>
         <listitem>
@@ -152,15 +171,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-j</term>
-        <listitem>
-          <para>
-            When loading a zonefile read the journal if it exists.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>filename</term>
         <listitem>

bin/check/named-checkconf.html

@@ -1,20 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
@@ -22,24 +14,45 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.named-checkconf"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
+<p>
+    <span class="application">named-checkconf</span>
+     &#8212; named configuration file syntax checking tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-checkconf</code> 
+       [<code class="option">-hjlvz</code>]
+       [<code class="option">-p</code>
+	 [<code class="option">-x</code>
+      ]]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       {filename}
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>named-checkconf</strong></span>
+
+    <p><span class="command"><strong>named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a
       <span class="command"><strong>named</strong></span> configuration file.  The file is parsed
       and checked for syntax errors, along with all files included by it.
       If no file is specified, <code class="filename">/etc/named.conf</code> is read
       by default.
     </p>
-<p>
+    <p>
       Note: files that <span class="command"><strong>named</strong></span> reads in separate
       parser contexts, such as <code class="filename">rndc.key</code> and
       <code class="filename">bind.keys</code>, are not automatically read
@@ -49,32 +62,58 @@
       successful.  <span class="command"><strong>named-checkconf</strong></span> can be run
       on these files explicitly, however.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the usage summary and exit.
-          </p></dd>
+          </p>
+        </dd>
+<dt><span class="term">-j</span></dt>
+<dd>
+          <p>
+            When loading a zonefile read the journal if it exists.
+          </p>
+        </dd>
+<dt><span class="term">-l</span></dt>
+<dd>
+          <p>
+            List all the configured zones. Each line of output
+            contains the zone name, class (e.g. IN), view, and type
+            (e.g. master or slave).
+          </p>
+        </dd>
+<dt><span class="term">-p</span></dt>
+<dd>
+          <p>
+	    Print out the <code class="filename">named.conf</code> and included files
+	    in canonical form if no errors were detected.
+            See also the <code class="option">-x</code> option.
+          </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Chroot to <code class="filename">directory</code> so that include
             directives in the configuration file are processed as if
             run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the version of the <span class="command"><strong>named-checkconf</strong></span>
             program and exit.
-          </p></dd>
-<dt><span class="term">-p</span></dt>
-<dd><p>
-	    Print out the <code class="filename">named.conf</code> and included files
-	    in canonical form if no errors were detected.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-x</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    When printing the configuration files in canonical
             form, obscure shared secrets by replacing them with
             strings of question marks ('?'). This allows the
@@ -82,36 +121,46 @@
             files to be shared &#8212; for example, when submitting
             bug reports &#8212; without compromising private data.
             This option cannot be used without <code class="option">-p</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-z</span></dt>
-<dd><p>
+<dd>
+          <p>
 	    Perform a test load of all master zones found in
 	    <code class="filename">named.conf</code>.
-          </p></dd>
-<dt><span class="term">-j</span></dt>
-<dd><p>
-            When loading a zonefile read the journal if it exists.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">filename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The name of the configuration file to be checked.  If not
             specified, it defaults to <code class="filename">/etc/named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>RETURN VALUES</h2>
-<p><span class="command"><strong>named-checkconf</strong></span>
+
+    <p><span class="command"><strong>named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named-checkzone</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
 </div></body>
 </html>

bin/check/named-checkzone.8

@@ -1,17 +1,8 @@
-.\" Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -334,7 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000-2002 Internet Software Consortium.
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/check/named-checkzone.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 1999-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: named-checkzone.c,v 1.65.32.2 2012/02/07 02:45:21 each Exp $ */
 
 /*! \file */
 
@@ -17,7 +19,6 @@
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
@@ -44,7 +45,6 @@
 
 static int quiet = 0;
 static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
 dns_zone_t *zone = NULL;
 dns_zonetype_t zonetype = dns_zone_master;
 static int dumpzone = 0;
@@ -257,7 +257,7 @@ main(int argc, char **argv) {
 			break;
 
 		case 'l':
-			zone_options2 |= DNS_ZONEOPT2_CHECKTTL;
+			zone_options |= DNS_ZONEOPT_CHECKTTL;
 			endp = NULL;
 			maxttl = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0') {
@@ -519,9 +519,6 @@ main(int argc, char **argv) {
 	if (!quiet)
 		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
 			      == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
@@ -553,8 +550,6 @@ main(int argc, char **argv) {
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);
-	isc_hash_destroy();
-	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
 #ifdef _WIN32
 	DestroySockets();

bin/check/named-checkzone.docbook

@@ -1,13 +1,16 @@
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
   <info>
     <date>2014-02-19</date>
   </info>
@@ -24,6 +27,9 @@
 
   <docinfo>
     <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
@@ -36,14 +42,9 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
   </docinfo>
 
   <refnamediv>

bin/check/named-checkzone.html

@@ -1,20 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
@@ -22,24 +14,94 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.named-checkzone"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> &#8212; zone file validity checking or converting tool</p>
+<p>
+    <span class="application">named-checkzone</span>, 
+    <span class="application">named-compilezone</span>
+     &#8212; zone file validity checking or converting tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-checkzone</code> 
+       [<code class="option">-d</code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-j</code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-v</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
+       [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
+       [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-D</code>]
+       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
+       {zonename}
+       {filename}
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">named-compilezone</code> 
+       [<code class="option">-d</code>]
+       [<code class="option">-j</code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-v</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
+       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
+       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
+       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
+       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
+       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
+       [<code class="option">-D</code>]
+       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
+       {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>}
+       {zonename}
+       {filename}
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>named-checkzone</strong></span>
+
+    <p><span class="command"><strong>named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span class="command"><strong>named</strong></span> does when loading a
       zone.  This makes <span class="command"><strong>named-checkzone</strong></span> useful for
       checking zone files before configuring them into a name server.
     </p>
-<p>
+    <p>
         <span class="command"><strong>named-compilezone</strong></span> is similar to
 	<span class="command"><strong>named-checkzone</strong></span>, but it always dumps the
         zone contents to a specified file in a specified format.
@@ -50,45 +112,62 @@
         least be as strict as those specified in the
 	<span class="command"><strong>named</strong></span> configuration file.
      </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-d</span></dt>
-<dd><p>
+<dd>
+          <p>
             Enable debugging.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the usage summary and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-q</span></dt>
-<dd><p>
+<dd>
+          <p>
             Quiet mode - exit code only.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+          <p>
             Print the version of the <span class="command"><strong>named-checkzone</strong></span>
             program and exit.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-j</span></dt>
-<dd><p>
+<dd>
+          <p>
             When loading a zone file, read the journal if it exists.
             The journal file name is assumed to be the zone file name
 	    appended with the string <code class="filename">.jnl</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-J <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             When loading the zone file read the journal from the given
             file, if it exists. (Implies -j.)
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify the class of the zone.  If not specified, "IN" is assumed.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	      Perform post-load zone integrity checks.  Possible modes are
 	      <span class="command"><strong>"full"</strong></span> (default),
 	      <span class="command"><strong>"full-sibling"</strong></span>,
@@ -96,19 +175,19 @@
 	      <span class="command"><strong>"local-sibling"</strong></span> and
 	      <span class="command"><strong>"none"</strong></span>.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that MX records
 	      refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
 	      checks MX records which refer to in-zone hostnames.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that SRV records
 	      refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
 	      checks SRV records which refer to in-zone hostnames.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full"</strong></span> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
 	      hostnames).  It also checks that glue address records
@@ -117,31 +196,33 @@
 	      refer to in-zone hostnames or that some required glue exists,
 	      that is when the nameserver is in a child zone.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"full-sibling"</strong></span> and
 	      <span class="command"><strong>"local-sibling"</strong></span> disable sibling glue
 	      checks but are otherwise the same as <span class="command"><strong>"full"</strong></span>
 	      and <span class="command"><strong>"local"</strong></span> respectively.
 	  </p>
-<p>
+	  <p>
 	      Mode <span class="command"><strong>"none"</strong></span> disables the checks.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specify the format of the zone file.
 	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
 	    <span class="command"><strong>"raw"</strong></span>, and <span class="command"><strong>"map"</strong></span>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Specify the format of the output file specified.
 	    For <span class="command"><strong>named-checkzone</strong></span>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
 	  </p>
-<p>
+	  <p>
 	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
 	    which is the standard textual representation of the zone,
 	    and <span class="command"><strong>"map"</strong></span>, <span class="command"><strong>"raw"</strong></span>,
@@ -152,9 +233,10 @@
             any version of <span class="command"><strong>named</strong></span>; if N is 1, the file
             can be read by release 9.9.0 or higher; the default is 1.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Perform <span class="command"><strong>"check-names"</strong></span> checks with the
 	    specified failure mode.
             Possible modes are <span class="command"><strong>"fail"</strong></span>
@@ -162,38 +244,48 @@
             <span class="command"><strong>"warn"</strong></span>
 	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-l <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Sets a maximum permissible TTL for the input file.
             Any record with a TTL higher than this value will cause
             the zone to be rejected.  This is similar to using the
             <span class="command"><strong>max-zone-ttl</strong></span> option in
             <code class="filename">named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             When compiling a zone to "raw" or "map" format, set the
             "source serial" value in the header to the specified serial
             number.  (This is expected to be used primarily for testing
             purposes.)
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether MX records should be checked to see if they
             are addresses.  Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if a MX record refers to a CNAME.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether NS records should be checked to see if they
             are addresses.
 	    Possible modes are <span class="command"><strong>"fail"</strong></span>
@@ -201,24 +293,30 @@
             <span class="command"><strong>"warn"</strong></span>
 	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Write zone output to <code class="filename">filename</code>.
 	    If <code class="filename">filename</code> is <code class="filename">-</code> then
 	    write to standard out.
 	    This is mandatory for <span class="command"><strong>named-compilezone</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             Check for records that are treated as different by DNSSEC but
 	    are semantically equal in plain DNS.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specify the style of the dumped zone file.
 	    Possible styles are <span class="command"><strong>"full"</strong></span> (default)
 	    and <span class="command"><strong>"relative"</strong></span>.
@@ -231,74 +329,101 @@
 	    contents.
 	    It also does not have any meaning if the output format
 	    is not text.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if a SRV record refers to a CNAME.
             Possible modes are <span class="command"><strong>"fail"</strong></span>,
             <span class="command"><strong>"warn"</strong></span> (default) and
             <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check if Sender Policy Framework (SPF) records exist
 	    and issues a warning if an SPF-formatted TXT record is
 	    not also present.  Possible modes are <span class="command"><strong>"warn"</strong></span>
 	    (default), <span class="command"><strong>"ignore"</strong></span>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             chdir to <code class="filename">directory</code> so that
             relative
             filenames in master file $INCLUDE directives work.  This
             is similar to the directory clause in
             <code class="filename">named.conf</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-D</span></dt>
-<dd><p>
+<dd>
+          <p>
             Dump zone file in canonical format.
 	    This is always enabled for <span class="command"><strong>named-compilezone</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specify whether to check for non-terminal wildcards.
             Non-terminal wildcards are almost always the result of a
             failure to understand the wildcard matching algorithm (RFC 1034).
             Possible modes are <span class="command"><strong>"warn"</strong></span> (default)
             and
             <span class="command"><strong>"ignore"</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">zonename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The domain name of the zone being checked.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">filename</span></dt>
-<dd><p>
+<dd>
+          <p>
             The name of the zone file.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>RETURN VALUES</h2>
-<p><span class="command"><strong>named-checkzone</strong></span>
+
+    <p><span class="command"><strong>named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named-checkconf</span>(8)
+      </span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/check/win32/checkconf.dsp.in

@@ -1,107 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checkconf" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=checkconf - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checkconf.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checkconf.mak" CFG="checkconf - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checkconf - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "checkconf - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR @COPTY@ /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/named-checkconf.exe"
-
-!ELSEIF  "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checkconf - @PLATFORM@ Release"
-# Name "checkconf - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\named-checkconf.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE="..\check-tool.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/check/win32/checkconf.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checkconf"=".\checkconf.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/checkconf.mak.in

@@ -1,404 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on checkconf.dsp
-!IF "$(CFG)" == ""
-CFG=checkconf - @PLATFORM@ Debug
-!MESSAGE No configuration specified. Defaulting to checkconf - @PLATFORM@ Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "checkconf - @PLATFORM@ Release" && "$(CFG)" != "checkconf - @PLATFORM@ Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checkconf.mak" CFG="checkconf - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checkconf - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "checkconf - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-# Begin Custom Macros
-OutDir=.\Release
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\checkconf.bsc"
-
-!ELSE 
-
-ALL : "libdns - @PLATFORM@ Release" "libisccfg - @PLATFORM@ Release" "libisc - @PLATFORM@ Release" "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\checkconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - @PLATFORM@ ReleaseCLEAN" "libisccfg - @PLATFORM@ ReleaseCLEAN" "libdns - @PLATFORM@ ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkconf.obj"
-	-@erase "$(INTDIR)\named-checkconf.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(OUTDIR)\checkconf.bsc"
-	-@erase "..\..\..\Build\Release\named-checkconf.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\checkconf.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\checkconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\checkconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib  ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkconf.pdb" @MACHINE@ /out:"../../../Build/Release/named-checkconf.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib"
-
-"..\..\..\Build\Release\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\checkconf.bsc"
-
-!ELSE 
-
-ALL : "libdns - @PLATFORM@ Debug" "libisccfg - @PLATFORM@ Debug" "libisc - @PLATFORM@ Debug" "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\checkconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - @PLATFORM@ DebugCLEAN" "libisccfg - @PLATFORM@ DebugCLEAN" "libdns - @PLATFORM@ DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkconf.obj"
-	-@erase "$(INTDIR)\named-checkconf.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\named-checkconf.pdb"
-	-@erase "$(OUTDIR)\checkconf.bsc"
-	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
-	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\checkconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\checkconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib  ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkconf.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib"
-
-"..\..\..\Build\Debug\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("checkconf.dep")
-!INCLUDE "checkconf.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "checkconf.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "checkconf - @PLATFORM@ Release" || "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-SOURCE="..\check-tool.c"
-
-"$(INTDIR)\check-tool.obj"	"$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-SOURCE="..\named-checkconf.c"
-
-"$(INTDIR)\named-checkconf.obj"	"$(INTDIR)\named-checkconf.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-
-"libisc - @PLATFORM@ Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - @PLATFORM@ ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-
-"libisc - @PLATFORM@ Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - @PLATFORM@ DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-
-"libisccfg - @PLATFORM@ Release" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisccfg - @PLATFORM@ ReleaseCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-
-"libisccfg - @PLATFORM@ Debug" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisccfg - @PLATFORM@ DebugCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - @PLATFORM@ Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "checkconf - @PLATFORM@ Release"
-
-"libdns - @PLATFORM@ Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - @PLATFORM@ ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "checkconf - @PLATFORM@ Debug"
-
-"libdns - @PLATFORM@ Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - @PLATFORM@ DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/check/win32/checkconf.vcxproj.in

@@ -63,13 +63,14 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@@ -89,6 +90,7 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -96,8 +98,8 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
   </ItemDefinitionGroup>
@@ -110,4 +112,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

bin/check/win32/checktool.dsp.in

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Static-Link Library" 0x0104
-
-CFG=checktool - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checktool - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Static-Link Library")
-!MESSAGE "checktool - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checktool - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" @COPTY@ /FD /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/checktool.lib"
-
-!ELSEIF  "$(CFG)" == "checktool - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR @COPTY@ /FD /GZ /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/checktool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checktool - @PLATFORM@ Release"
-# Name "checktool - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\check-tool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/check/win32/checktool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/checktool.vcxproj.in

@@ -65,7 +65,8 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Lib>
       <OutputFile>.\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
@@ -87,7 +88,8 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Lib>
       <OutputFile>.\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
@@ -96,4 +98,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

bin/check/win32/checkzone.dsp.in

@@ -1,108 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checkzone" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=checkzone - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checkzone.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checkzone.mak" CFG="checkzone - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checkzone - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "checkzone - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" @COPTY@ /FD /c
-# SUBTRACT CPP /Fr
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/named-checkzone.exe"
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checkzone - @PLATFORM@ Release"
-# Name "checkzone - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\named-checkzone.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE="..\check-tool.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/check/win32/checkzone.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checkzone"=".\checkzone.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/checkzone.mak.in

@@ -1,404 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on checkzone.dsp
-!IF "$(CFG)" == ""
-CFG=checkzone - @PLATFORM@ Debug
-!MESSAGE No configuration specified. Defaulting to checkzone - @PLATFORM@ Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "checkzone - @PLATFORM@ Release" && "$(CFG)" != "checkzone - @PLATFORM@ Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checkzone.mak" CFG="checkzone - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checkzone - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "checkzone - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\named-checkzone.exe"
-
-!ELSE 
-
-ALL : "libisc - @PLATFORM@ Release" "libdns - @PLATFORM@ Release" "..\..\..\Build\Release\named-checkzone.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - @PLATFORM@ ReleaseCLEAN" "libisc - @PLATFORM@ ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\named-checkzone.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\named-checkzone.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\checkzone.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\checkzone.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" @MACHINE@ /out:"../../../Build/Release/named-checkzone.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib"
-
-"..\..\..\Build\Release\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\checkzone.bsc"
-
-!ELSE 
-
-ALL : "libisc - @PLATFORM@ Debug" "libdns - @PLATFORM@ Debug" "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\checkzone.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - @PLATFORM@ DebugCLEAN" "libisc - @PLATFORM@ DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkzone.obj"
-	-@erase "$(INTDIR)\named-checkzone.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\named-checkzone.pdb"
-	-@erase "$(OUTDIR)\checkzone.bsc"
-	-@erase "..\..\..\Build\Debug\named-checkzone.exe"
-	-@erase "..\..\..\Build\Debug\named-checkzone.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\checkzone.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkzone.sbr"
-
-"$(OUTDIR)\checkzone.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib"
-
-"..\..\..\Build\Debug\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("checkzone.dep")
-!INCLUDE "checkzone.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "checkzone.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "checkzone - @PLATFORM@ Release" || "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-SOURCE="..\check-tool.c"
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-
-"$(INTDIR)\check-tool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\check-tool.obj"	"$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE="..\named-checkzone.c"
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-
-"$(INTDIR)\named-checkzone.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\named-checkzone.obj"	"$(INTDIR)\named-checkzone.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-"libdns - @PLATFORM@ Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - @PLATFORM@ ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-"libdns - @PLATFORM@ Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - @PLATFORM@ DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - @PLATFORM@ Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "checkzone - @PLATFORM@ Release"
-
-"libisc - @PLATFORM@ Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - @PLATFORM@ ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "checkzone - @PLATFORM@ Debug"
-
-"libisc - @PLATFORM@ Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - @PLATFORM@ DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - @PLATFORM@ Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/check/win32/checkzone.vcxproj.in

@@ -63,13 +63,14 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
     <PostBuildEvent>
       <Command>cd ..\..\..\Build\$(Configuration)
@@ -95,6 +96,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -102,8 +104,8 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
     </Link>
     <PostBuildEvent>
@@ -121,4 +123,4 @@ copy /Y named-checkzone.exe named-compilezone.exe
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

bin/confgen/Makefile.in

@@ -1,15 +1,20 @@
-# Copyright (C) 2009, 2012, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
+# Attempt to disable parallel processing.
+.NOTPARALLEL:
+.NO_PARALLEL:
+
 VERSION=@BIND9_VERSION@
 
 @BIND9_MAKE_INCLUDES@
@@ -22,8 +27,8 @@ CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
@@ -66,11 +71,11 @@ rndc-confgen.@O@: rndc-confgen.c
 ddns-confgen.@O@: ddns-confgen.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
 
-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
 	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
 	${FINALBUILDCMD}
 
-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
+ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
 	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
 	${FINALBUILDCMD}
 
@@ -96,5 +101,13 @@ install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
 	(cd ${DESTDIR}${sbindir}; rm -f tsig-keygen@EXEEXT@; ${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@)
 	(cd ${DESTDIR}${mandir}/man8; rm -f tsig-keygen.8; ${LINK_PROGRAM} ddns-confgen.8 tsig-keygen.8)
 
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
+	rm -f ${DESTDIR}${sbindir}/tsig-keygen@EXEEXT@
+	rm -f ${DESTDIR}${mandir}/man8/ddns-confgen.8
+	rm -f ${DESTDIR}${mandir}/man8/rndc-confgen.8
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/ddns-confgen@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/rndc-confgen@EXEEXT@
+
 clean distclean maintainer-clean::
 	rm -f ${TARGETS}

bin/confgen/ddns-confgen.8

@@ -1,16 +1,8 @@
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -47,7 +39,7 @@
 ddns-confgen \- ddns key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBtsig\-keygen\fR\ 'u
-\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [name]
+\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [name]
 .HP \w'\fBddns\-confgen\fR\ 'u
 \fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-q\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR]
 .SH "DESCRIPTION"
@@ -117,17 +109,6 @@ only\&.) Quiet mode: Print only the key, with no explanatory text or usage examp
 \fBtsig\-keygen\fR\&.
 .RE
 .PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
 \-s \fIname\fR
 .RS 4
 (\fBddns\-confgen\fR
@@ -163,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/ddns-confgen.c

@@ -1,9 +1,12 @@
 /*
- * Copyright (C) 2009, 2011, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
 /*! \file */
@@ -23,7 +26,6 @@
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/keyboard.h>
 #include <isc/mem.h>
@@ -34,7 +36,7 @@
 #include <isc/time.h>
 #include <isc/util.h>
 
-#ifdef PKCS11CRYPTO
+#if USE_PKCS11
 #include <pk11/result.h>
 #endif
 
@@ -64,10 +66,9 @@ usage(int status) {
 	if (progmode == progmode_confgen) {
 		fprintf(stderr, "\
 Usage:\n\
- %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
+ %s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
   -a alg:        algorithm (default hmac-sha256)\n\
   -k keyname:    name of the key as it will be used in named.conf\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
   -s name:       domain name to be updated using the created key\n\
   -z zone:       name of the zone as it will be used in named.conf\n\
   -q:            quiet mode: print the key, with no explanatory text\n",
@@ -75,9 +76,8 @@ Usage:\n\
 	} else {
 		fprintf(stderr, "\
 Usage:\n\
- %s [-a alg] [-r randomfile] [keyname]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n",
+ %s [-a alg] [keyname]\n\
+  -a alg:        algorithm (default hmac-sha256)\n\n",
 			 progname);
 	}
 
@@ -92,7 +92,6 @@ main(int argc, char **argv) {
 	isc_buffer_t key_txtbuffer;
 	char key_txtsecret[256];
 	isc_mem_t *mctx = NULL;
-	const char *randomfile = NULL;
 	const char *keyname = NULL;
 	const char *zone = NULL;
 	const char *self_domain = NULL;
@@ -103,7 +102,7 @@ main(int argc, char **argv) {
 	int len = 0;
 	int ch;
 
-#ifdef PKCS11CRYPTO
+#if USE_PKCS11
 	pk11_result_register();
 #endif
 	dns_result_register();
@@ -165,7 +164,7 @@ main(int argc, char **argv) {
 				usage(1);
 			break;
 		case 'r':
-			randomfile = isc_commandline_argument;
+			fatal("The -r option has been deprecated.");
 			break;
 		case 's':
 			if (progmode == progmode_confgen)
@@ -232,7 +231,7 @@ main(int argc, char **argv) {
 
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
-	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
+	generate_key(mctx, alg, keysize, &key_txtbuffer);
 
 
 	if (!quiet)

bin/confgen/ddns-confgen.docbook

@@ -1,13 +1,16 @@
 <!--
- - Copyright (C) 2009, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
   <info>
     <date>2014-03-06</date>
   </info>
@@ -33,6 +36,7 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -42,7 +46,6 @@
       <command>tsig-keygen</command>
       <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat">name</arg>
     </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
@@ -153,23 +156,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <filename>/dev/random</filename> or equivalent device, the
-            default source of randomness is keyboard input.
-            <filename>randomdev</filename> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard input
-            should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-s <replaceable class="parameter">name</replaceable></term>
 	<listitem>

bin/confgen/ddns-confgen.html

@@ -1,19 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>ddns-confgen</title>
@@ -21,31 +14,62 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.ddns-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">ddns-confgen</span> &#8212; ddns key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">tsig-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [name]</p></div>
-<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ]</p></div>
-</div>
-<div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
 <p>
+    <span class="application">ddns-confgen</span>
+     &#8212; ddns key generation tool
+  </p>
+</div>
+
+  
+
+  <div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+    <div class="cmdsynopsis"><p>
+      <code class="command">tsig-keygen</code> 
+       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-h</code>]
+       [name]
+    </p></div>
+    <div class="cmdsynopsis"><p>
+      <code class="command">ddns-confgen</code> 
+       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
+       [<code class="option">-q</code>]
+       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
+       [
+         -s <em class="replaceable"><code>name</code></em> 
+         |   -z <em class="replaceable"><code>zone</code></em> 
+      ]
+    </p></div>
+  </div>
+
+  <div class="refsection">
+<a name="id-1.7"></a><h2>DESCRIPTION</h2>
+
+    <p>
       <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
       are invocation methods for a utility that generates keys for use
       in TSIG signing.  The resulting keys can be used, for example,
       to secure dynamic DNS updates to a zone or for the
       <span class="command"><strong>rndc</strong></span> command channel.
     </p>
-<p>
+
+    <p>
       When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
       can be specified on the command line which will be used as
       the name of the generated key.  If no name is specified,
       the default is <code class="constant">tsig-key</code>.
     </p>
-<p>
+
+    <p>
       When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
       key is accompanied by configuration text and instructions
       that can be used with <span class="command"><strong>nsupdate</strong></span> and
@@ -55,7 +79,8 @@
       <span class="command"><strong>rndc-confgen</strong></span> command for setting
       up command channel security.)
     </p>
-<p>
+
+    <p>
       Note that <span class="command"><strong>named</strong></span> itself can configure a
       local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
       it does this when a zone is configured with
@@ -65,24 +90,32 @@
       if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
       system.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
             hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
             Options are case-insensitive, and the "hmac-" prefix
             may be omitted.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Prints a short summary of options and arguments.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specifies the key name of the DDNS authentication key.
 	    The default is <code class="constant">ddns-key</code> when neither
 	    the <code class="option">-s</code> nor <code class="option">-z</code> option is
@@ -92,27 +125,19 @@
 	    <code class="constant">ddns-key.example.com.</code>
 	    The key name must have the format of a valid domain name,
 	    consisting of letters, digits, hyphens and periods.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-q</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode:  Print
             only the key, with no explanatory text or usage examples;
             This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
-	  </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <code class="filename">/dev/random</code> or equivalent device, the
-            default source of randomness is keyboard input.
-            <code class="filename">randomdev</code> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard input
-            should be used.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             (<span class="command"><strong>ddns-confgen</strong></span> only.)
 	    Generate configuration example to allow dynamic updates
             of a single hostname.  The example <span class="command"><strong>named.conf</strong></span>
@@ -123,9 +148,11 @@
 	    Note that the "self" nametype cannot be used, since
 	    the name to be updated may differ from the key name.
 	    This option cannot be used with the <code class="option">-z</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
             (<span class="command"><strong>ddns-confgen</strong></span> only.)
 	    Generate configuration example to allow dynamic updates
             of a zone:  The example <span class="command"><strong>named.conf</strong></span> text
@@ -135,16 +162,26 @@
             all subdomain names within that
             <em class="replaceable"><code>zone</code></em>.
 	    This option cannot be used with the <code class="option">-s</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+	<span class="refentrytitle">nsupdate</span>(1)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named.conf</span>(5)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/confgen/include/confgen/os.h

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: os.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/keygen.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2012-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
 
 /*! \file */
 
@@ -17,7 +19,6 @@
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/keyboard.h>
 #include <isc/mem.h>
@@ -25,6 +26,8 @@
 #include <isc/result.h>
 #include <isc/string.h>
 
+#include <pk11/site.h>
+
 #include <dns/keyvalues.h>
 #include <dns/name.h>
 
@@ -105,17 +108,12 @@ alg_bits(dns_secalg_t alg) {
 }
 
 /*%
- * Generate a key of size 'keysize' using entropy source 'randomfile',
- * and place it in 'key_txtbuffer'
+ * Generate a key of size 'keysize' and place it in 'key_txtbuffer'
  */
 void
-generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-	     int keysize, isc_buffer_t *key_txtbuffer) {
+generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+	     isc_buffer_t *key_txtbuffer) {
 	isc_result_t result = ISC_R_SUCCESS;
-	isc_entropysource_t *entropy_source = NULL;
-	int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-	int entropy_flags = 0;
-	isc_entropy_t *ectx = NULL;
 	isc_buffer_t key_rawbuffer;
 	isc_region_t key_rawregion;
 	char key_rawsecret[64];
@@ -140,26 +138,12 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
 		fatal("unsupported algorithm %d\n", alg);
 	}
 
-
-	DO("create entropy context", isc_entropy_create(mctx, &ectx));
-
-	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
-		randomfile = NULL;
-		open_keyboard = ISC_ENTROPY_KEYBOARDYES;
-	}
-	DO("start entropy source", isc_entropy_usebestsource(ectx,
-							     &entropy_source,
-							     randomfile,
-							     open_keyboard));
-
-	entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
-
-	DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
+	DO("initialize dst library", dst_lib_init(mctx, NULL));
 
 	DO("generate key", dst_key_generate(dns_rootname, alg,
-					    keysize, 0, 0,
-					    DNS_KEYPROTO_ANY,
-					    dns_rdataclass_in, mctx, &key));
+					    keysize, 0, 0, DNS_KEYPROTO_ANY,
+					    dns_rdataclass_in, mctx, &key,
+					    NULL));
 
 	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
 
@@ -170,17 +154,9 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
 	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
 						     key_txtbuffer));
 
-	/*
-	 * Shut down the entropy source now so the "stop typing" message
-	 * does not muck with the output.
-	 */
-	if (entropy_source != NULL)
-		isc_entropy_destroysource(&entropy_source);
-
 	if (key != NULL)
 		dst_key_free(&key);
 
-	isc_entropy_detach(&ectx);
 	dst_lib_destroy();
 }
 

bin/confgen/keygen.h

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 #ifndef RNDC_KEYGEN_H
 #define RNDC_KEYGEN_H 1
@@ -17,8 +19,8 @@
 
 ISC_LANG_BEGINDECLS
 
-void generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-		  int keysize, isc_buffer_t *key_txtbuffer);
+void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
+		  isc_buffer_t *key_txtbuffer);
 
 void write_key_file(const char *keyfile, const char *user,
 		    const char *keyname, isc_buffer_t *secret,

bin/confgen/rndc-confgen.8

@@ -1,17 +1,8 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2001, 2003 Internet Software Consortium.
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -48,7 +39,7 @@
 rndc-confgen \- rndc key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBrndc\-confgen\fR\ 'u
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
 .SH "DESCRIPTION"
 .PP
 \fBrndc\-confgen\fR
@@ -120,7 +111,7 @@ as directed\&.
 .PP
 \-A \fIalgorithm\fR
 .RS 4
-Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-md5\&.
+Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-sha256\&.
 .RE
 .PP
 \-b \fIkeysize\fR
@@ -156,17 +147,6 @@ listens for connections from
 \fBrndc\fR\&. The default is 953\&.
 .RE
 .PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
 \-s \fIaddress\fR
 .RS 4
 Specifies the IP address where
@@ -226,7 +206,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2001, 2003 Internet Software Consortium.
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/confgen/rndc-confgen.c

@@ -1,13 +1,14 @@
 /*
- * Copyright (C) 2001, 2003-2005, 2007-2009, 2011, 2013, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
-
 /*! \file */
 
 /**
@@ -28,7 +29,6 @@
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/commandline.h>
-#include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/keyboard.h>
 #include <isc/mem.h>
@@ -39,6 +39,8 @@
 #include <isc/time.h>
 #include <isc/util.h>
 
+#include <pk11/site.h>
+
 #include <dns/keyvalues.h>
 #include <dns/name.h>
 
@@ -67,15 +69,14 @@ usage(int status) {
 
 	fprintf(stderr, "\
 Usage:\n\
- %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \
+ %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
 [-s addr] [-t chrootdir] [-u user]\n\
   -a:		 generate just the key clause and write it to keyfile (%s)\n\
-  -A alg:	 algorithm (default hmac-md5)\n\
+  -A alg:	 algorithm (default hmac-sha256)\n\
   -b bits:	 from 1 through 512, default 256; total length of the secret\n\
   -c keyfile:	 specify an alternate key file (requires -a)\n\
   -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
   -p port:	 the port named will listen on and rndc will connect to\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
   -s addr:	 the address to which rndc should connect\n\
   -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
   -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
@@ -92,7 +93,6 @@ main(int argc, char **argv) {
 	isc_mem_t *mctx = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
 	const char *keyname = NULL;
-	const char *randomfile = NULL;
 	const char *serveraddr = NULL;
 	dns_secalg_t alg;
 	const char *algname;
@@ -115,7 +115,7 @@ main(int argc, char **argv) {
 	progname = program;
 
 	keyname = DEFAULT_KEYNAME;
-	alg = DST_ALG_HMACMD5;
+	alg = DST_ALG_HMACSHA256;
 	serveraddr = DEFAULT_SERVER;
 	port = DEFAULT_PORT;
 
@@ -162,7 +162,7 @@ main(int argc, char **argv) {
 				      isc_commandline_argument);
 			break;
 		case 'r':
-			randomfile = isc_commandline_argument;
+			fatal("The -r option has been deprecated.");
 			break;
 		case 's':
 			serveraddr = isc_commandline_argument;
@@ -201,6 +201,12 @@ main(int argc, char **argv) {
 	if (argc > 0)
 		usage(1);
 
+	if (alg == DST_ALG_HMACMD5) {
+		fprintf(stderr,
+			"warning: use of hmac-md5 for RNDC keys "
+			"is deprecated; hmac-sha256 is now recommended.\n");
+	}
+
 	if (keysize < 0)
 		keysize = alg_bits(alg);
 	algname = alg_totext(alg);
@@ -208,7 +214,7 @@ main(int argc, char **argv) {
 	DO("create memory context", isc_mem_create(0, 0, &mctx));
 	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
 
-	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
+	generate_key(mctx, alg, keysize, &key_txtbuffer);
 
 	if (keyonly) {
 		write_key_file(keyfile, chrootdir == NULL ? user : NULL,

bin/confgen/rndc-confgen.docbook

@@ -1,13 +1,16 @@
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
   <info>
     <date>2013-03-14</date>
   </info>
@@ -29,6 +32,8 @@
 
   <docinfo>
     <copyright>
+      <year>2001</year>
+      <year>2003</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -37,13 +42,10 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2017</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
-    <copyright>
-      <year>2001</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
   </docinfo>
 
   <refsynopsisdiv>
@@ -56,7 +58,6 @@
       <arg choice="opt" rep="norepeat"><option>-h</option></arg>
       <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
@@ -131,7 +132,7 @@
           <para>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-md5.
+            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
           </para>
         </listitem>
       </varlistentry>
@@ -189,24 +190,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomfile</replaceable></term>
-        <listitem>
-          <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating
-            system does not provide a <filename>/dev/random</filename>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <filename>randomdev</filename>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard
-            input should be used.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-s <replaceable class="parameter">address</replaceable></term>
         <listitem>

bin/confgen/rndc-confgen.html

@@ -1,20 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003 Internet Software Consortium.
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>rndc-confgen</title>
@@ -22,17 +14,42 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.rndc-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">rndc-confgen</span> &#8212; rndc key generation tool</p>
+<p>
+    <span class="application">rndc-confgen</span>
+     &#8212; rndc key generation tool
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">rndc-confgen</code> 
+       [<code class="option">-a</code>]
+       [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>]
+       [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
+       [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>]
+       [<code class="option">-h</code>]
+       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
+       [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
+       [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
+       [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>rndc-confgen</strong></span>
+
+    <p><span class="command"><strong>rndc-confgen</strong></span>
       generates configuration files
       for <span class="command"><strong>rndc</strong></span>.  It can be used as a
       convenient alternative to writing the
@@ -45,13 +62,17 @@
       avoid the need for a <code class="filename">rndc.conf</code> file
       and a <span class="command"><strong>controls</strong></span> statement altogether.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a</span></dt>
 <dd>
-<p>
+          <p>
             Do automatic <span class="command"><strong>rndc</strong></span> configuration.
             This creates a file <code class="filename">rndc.key</code>
             in <code class="filename">/etc</code> (or whatever
@@ -66,7 +87,7 @@
             <span class="command"><strong>named</strong></span> on the local host
             with no further configuration.
           </p>
-<p>
+          <p>
             Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
             BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
             drop-in
@@ -74,7 +95,7 @@
             with no changes to the existing BIND 8
             <code class="filename">named.conf</code> file.
           </p>
-<p>
+          <p>
             If a more elaborate configuration than that
             generated by <span class="command"><strong>rndc-confgen -a</strong></span>
             is required, for example if rndc is to be used remotely,
@@ -85,71 +106,75 @@
             <code class="filename">named.conf</code>
             as directed.
           </p>
-</dd>
+        </dd>
 <dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the algorithm to use for the TSIG key.  Available
             choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-md5.
-          </p></dd>
+            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
+          </p>
+        </dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the size of the authentication key in bits.
             Must be between 1 and 512 bits; the default is the
             hash size.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to specify
             an alternate location for <code class="filename">rndc.key</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+          <p>
             Prints a short summary of the options and arguments to
             <span class="command"><strong>rndc-confgen</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the key name of the rndc authentication key.
             This must be a valid domain name.
             The default is <code class="constant">rndc-key</code>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the command channel port where <span class="command"><strong>named</strong></span>
             listens for connections from <span class="command"><strong>rndc</strong></span>.
             The default is 953.
-          </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Specifies the IP address where <span class="command"><strong>named</strong></span>
             listens for command channel connections from
             <span class="command"><strong>rndc</strong></span>.  The default is the loopback
             address 127.0.0.1.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to specify
             a directory where <span class="command"><strong>named</strong></span> will run
             chrooted.  An additional copy of the <code class="filename">rndc.key</code>
             will be written relative to this directory so that
             it will be found by the chrooted <span class="command"><strong>named</strong></span>.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Used with the <span class="command"><strong>-a</strong></span> option to set the
             owner
             of the <code class="filename">rndc.key</code> file generated.
@@ -157,33 +182,45 @@
             <span class="command"><strong>-t</strong></span> is also specified only the file
             in
             the chroot area has its owner changed.
-          </p></dd>
+          </p>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>EXAMPLES</h2>
-<p>
+
+    <p>
       To allow <span class="command"><strong>rndc</strong></span> to be used with
       no manual configuration, run
     </p>
-<p><strong class="userinput"><code>rndc-confgen -a</code></strong>
+    <p><strong class="userinput"><code>rndc-confgen -a</code></strong>
     </p>
-<p>
+    <p>
       To print a sample <code class="filename">rndc.conf</code> file and
       corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
       statements to be manually inserted into <code class="filename">named.conf</code>,
       run
     </p>
-<p><strong class="userinput"><code>rndc-confgen</code></strong>
+    <p><strong class="userinput"><code>rndc-confgen</code></strong>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">rndc</span>(8)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">rndc.conf</span>(5)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/confgen/unix/Makefile.in

@@ -1,10 +1,11 @@
-# Copyright (C) 2009, 2012, 2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/confgen/unix/os.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/util.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2015, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: util.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 /*! \file */
 

bin/confgen/util.h

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
 
 #ifndef RNDC_UTIL_H
 #define RNDC_UTIL_H 1

bin/confgen/win32/confgentool.dsp.in

@@ -1,135 +0,0 @@
-# Microsoft Developer Studio Project File - Name="confgentool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Static-Link Library" 0x0104
-
-CFG=confgentool - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak" CFG="confgentool - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "confgentool - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Static-Link Library")
-!MESSAGE "confgentool - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "confgentool - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" @COPTY@ /FD /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Release/confgentool.lib"
-
-!ELSEIF  "$(CFG)" == "confgentool - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR @COPTY@ /FD /GZ /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug /out:"Debug/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Debug/confgentool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "confgentool - @PLATFORM@ Release"
-# Name "confgentool - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\keygen.h
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\keygen.c
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\os.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/confgen/win32/confgentool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "confgentool"=".\confgentool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/confgentool.vcxproj.in

@@ -61,6 +61,7 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -84,6 +85,7 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -106,4 +108,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

bin/confgen/win32/ddnsconfgen.dsp.in

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="ddnsconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=ddnsconfgen - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "ddnsconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/ddns-confgen.exe"
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "ddnsconfgen - @PLATFORM@ Release"
-# Name "ddnsconfgen - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\ddns-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/confgen/win32/ddnsconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "ddnsconfgen"=".\ddnsconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/ddnsconfgen.mak.in

@@ -1,337 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on ddnsconfgen.dsp
-!IF "$(CFG)" == ""
-CFG=ddnsconfgen - @PLATFORM@ Debug
-!MESSAGE No configuration specified. Defaulting to ddnsconfgen - @PLATFORM@ Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "ddnsconfgen - @PLATFORM@ Release" && "$(CFG)" != "ddnsconfgen - @PLATFORM@ Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "ddnsconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\ddns-confgen.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\ddns-confgen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\ddnsconfgen.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\ddns-confgen.pdb" @MACHINE@ /out:"../../../Build/Release/ddns-confgen.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\ddns-confgen.exe" "$(OUTDIR)\ddnsconfgen.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\os.sbr"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\ddns-confgen.sbr"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\keygen.sbr"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\util.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\ddnsconfgen.bsc"
-	-@erase "$(OUTDIR)\ddns-confgen.pdb"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.exe"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\os.sbr" \
-	"$(INTDIR)\ddns-confgen.sbr" \
-	"$(INTDIR)\keygen.sbr" \
-	"$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\ddnsconfgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\ddns-confgen.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("ddnsconfgen.dep")
-!INCLUDE "ddnsconfgen.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "ddnsconfgen.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release" || "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-SOURCE=.\os.c
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-SOURCE="..\ddns-confgen.c"
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\ddns-confgen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\ddns-confgen.obj"	"$(INTDIR)\ddns-confgen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\keygen.c
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\keygen.obj"	"$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\util.c
-
-!IF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -63,6 +63,7 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -95,6 +96,7 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>

bin/confgen/win32/os.c

@@ -1,12 +1,14 @@
 /*
- * Copyright (C) 2009, 2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
-/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
 
 #include <config.h>
 

bin/confgen/win32/rndcconfgen.dsp.in

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="rndcconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=rndcconfgen - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "rndcconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "rndcconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/rndc-confgen.exe"
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "rndcconfgen - @PLATFORM@ Release"
-# Name "rndcconfgen - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\rndc-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/confgen/win32/rndcconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "rndconfgen"=".\rndconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/rndcconfgen.mak.in

@@ -1,336 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on confgen.dsp
-!IF "$(CFG)" == ""
-CFG=rndcconfgen - @PLATFORM@ Debug
-!MESSAGE No configuration specified. Defaulting to rndcconfgen - @PLATFORM@ Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "rndcconfgen - @PLATFORM@ Release" && "$(CFG)" != "rndcconfgen - @PLATFORM@ Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "rndcconfgen.mak" CFG="rndcconfgen - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "rndcconfgen - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "rndcconfgen - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\rndc-confgen.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\rndc-confgen.obj"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\rndc-confgen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\confgen.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\rndc-confgen.pdb" @MACHINE@ /out:"../../../Build/Release/rndc-confgen.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\rndc-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\rndc-confgen.exe" "$(OUTDIR)\confgen.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\os.sbr"
-	-@erase "$(INTDIR)\rndc-confgen.obj"
-	-@erase "$(INTDIR)\rndc-confgen.sbr"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\keygen.sbr"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\util.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\confgen.bsc"
-	-@erase "$(OUTDIR)\rndc-confgen.pdb"
-	-@erase "..\..\..\Build\Debug\rndc-confgen.exe"
-	-@erase "..\..\..\Build\Debug\rndc-confgen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../../../" @LIBXML2_INC@ /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\confgen.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\os.sbr" \
-	"$(INTDIR)\rndc-confgen.sbr" \
-	"$(INTDIR)\keygen.sbr" \
-	"$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\confgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\rndc-confgen.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/rndc-confgen.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\rndc-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\rndc-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("confgen.dep")
-!INCLUDE "confgen.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "confgen.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "rndcconfgen - @PLATFORM@ Release" || "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-SOURCE=.\os.c
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-SOURCE="..\rndc-confgen.c"
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\rndc-confgen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\rndc-confgen.obj"	"$(INTDIR)\rndc-confgen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\keygen.c
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\keygen.obj"	"$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\util.c
-
-!IF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "rndcconfgen - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -63,6 +63,7 @@
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -89,6 +90,7 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -107,4 +109,4 @@
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
-</Project>
+</Project>

bin/delv/Makefile.in

@@ -1,8 +1,11 @@
-# Copyright (C) 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -13,15 +16,16 @@ VERSION=@BIND9_VERSION@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
-		${IRS_INCLUDES} ${ISCCFG_INCLUDES}
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @OPENSSL_INCLUDES@
 
-CDEFINES =	-DVERSION=\"${VERSION}\" -DSYSCONFDIR=\"${sysconfdir}\"
+CDEFINES =	-DVERSION=\"${VERSION}\" \
+		-DSYSCONFDIR=\"${sysconfdir}\"
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
 IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -64,6 +68,10 @@ install:: delv@EXEEXT@ installdirs
 		delv@EXEEXT@ ${DESTDIR}${bindir}
 	${INSTALL_DATA} ${srcdir}/delv.1 ${DESTDIR}${mandir}/man1
 
+uninstall::
+	rm -f ${DESTDIR}${mandir}/man1/delv.1
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/delv@EXEEXT@
+
 doc man:: ${MANOBJS}
 
 docclean manclean maintainer-clean::

bin/delv/delv.1

@@ -1,16 +1,8 @@
-.\" Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -47,7 +39,7 @@
 delv \- DNS lookup and validation utility
 .SH "SYNOPSIS"
 .HP \w'\fBdelv\fR\ 'u
-\fBdelv\fR [@server] [\fB\-4\fR] [\fB\-6\fR] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...]
+\fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...]
 .HP \w'\fBdelv\fR\ 'u
 \fBdelv\fR [\fB\-h\fR]
 .HP \w'\fBdelv\fR\ 'u
@@ -57,13 +49,13 @@ delv \- DNS lookup and validation utility
 .SH "DESCRIPTION"
 .PP
 \fBdelv\fR
-(Domain Entity Lookup & Validation) is a tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as
+is a tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as
 \fBnamed\fR\&.
 .PP
 \fBdelv\fR
 will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&.
 .PP
-By default, responses are validated using built\-in DNSSEC trust anchors for the root zone ("\&.") and for the ISC DNSSEC lookaside validation zone ("dlv\&.isc\&.org")\&. Records returned by
+By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by
 \fBdelv\fR
 are either fully validated or were not signed\&. If validation fails, an explanation of the failure is included in the output; the validation process can be traced in detail\&. Because
 \fBdelv\fR
@@ -143,13 +135,13 @@ will perform a lookup for an A record\&.
 Specifies a file from which to read DNSSEC trust anchors\&. The default is
 /etc/bind\&.keys, which is included with
 BIND
-9 and contains trust anchors for the root zone ("\&.") and for the ISC DNSSEC lookaside validation zone ("dlv\&.isc\&.org")\&.
+9 and contains one or more trust anchors for the root zone ("\&.")\&.
 .sp
-Keys that do not match the root or DLV trust\-anchor names are ignored; these key names can be overridden using the
-\fB+dlv=NAME\fR
-or
+Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the
 \fB+root=NAME\fR
-options\&.
+options\&. DNSSEC Lookaside Validation can also be turned on by using the
+\fB+dlv=NAME\fR
+to specify the name of a zone containing DLV records\&.
 .sp
 Note: When reading the trust anchor file,
 \fBdelv\fR
@@ -412,9 +404,9 @@ must be used to specify a file containing the key\&.
 .PP
 \fB+[no]dlv[=DLV]\fR
 .RS 4
-Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The default is to perform lookaside validation using a trust anchor of "dlv\&.isc\&.org", for which there is a built\-in key\&. If specifying a different name, then
+Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The
 \fB\-a\fR
-must be used to specify a file containing the DLV key\&.
+option must also be used to specify a file containing the DLV key\&.
 .RE
 .PP
 \fB+[no]tcp\fR
@@ -445,5 +437,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/delv/delv.c

@@ -1,9 +1,12 @@
 /*
- * Copyright (C) 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
 #include <config.h>
@@ -518,17 +521,17 @@ setup_style(dns_master_style_t **stylep) {
 	}
 
 	if (multiline || (nottl && noclass))
-		result = dns_master_stylecreate2(&style, styleflags,
-						 24, 24, 24, 32, 80, 8,
-						 splitwidth, mctx);
+		result = dns_master_stylecreate(&style, styleflags,
+						24, 24, 24, 32, 80, 8,
+						splitwidth, mctx);
 	else if (nottl || noclass)
-		result = dns_master_stylecreate2(&style, styleflags,
-						 24, 24, 32, 40, 80, 8,
-						 splitwidth, mctx);
+		result = dns_master_stylecreate(&style, styleflags,
+						24, 24, 32, 40, 80, 8,
+						splitwidth, mctx);
 	else
-		result = dns_master_stylecreate2(&style, styleflags,
-						 24, 32, 40, 48, 80, 8,
-						 splitwidth, mctx);
+		result = dns_master_stylecreate(&style, styleflags,
+						24, 32, 40, 48, 80, 8,
+						splitwidth, mctx);
 
 	if (result == ISC_R_SUCCESS)
 		*stylep = style;
@@ -547,8 +550,7 @@ convert_name(dns_fixedname_t *fn, dns_name_t **name, const char *text) {
 
 	isc_buffer_constinit(&b, text, len);
 	isc_buffer_add(&b, len);
-	dns_fixedname_init(fn);
-	n = dns_fixedname_name(fn);
+	n = dns_fixedname_initname(fn);
 
 	result = dns_name_fromtext(n, &b, dns_rootname, 0, NULL);
 	if (result != ISC_R_SUCCESS) {
@@ -574,7 +576,7 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
 	dns_fixedname_t fkeyname;
 	dns_name_t *keyname;
 	isc_result_t result;
-	isc_boolean_t match_root, match_dlv;
+	isc_boolean_t match_root = ISC_FALSE, match_dlv = ISC_FALSE;
 
 	keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
 	CHECK(convert_name(&fkeyname, &keyname, keynamestr));
@@ -582,8 +584,10 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
 	if (!root_validation && !dlv_validation)
 		return (ISC_R_SUCCESS);
 
-	match_root = dns_name_equal(keyname, anchor_name);
-	match_dlv = dns_name_equal(keyname, dlv_name);
+	if (anchor_name)
+		match_root = dns_name_equal(keyname, anchor_name);
+	if (dlv_name)
+		match_dlv = dns_name_equal(keyname, dlv_name);
 
 	if (!match_root && !match_dlv)
 		return (ISC_R_SUCCESS);
@@ -713,14 +717,10 @@ setup_dnsseckeys(dns_client_t *client) {
 			fatal("out of memory");
 	}
 
-	if (dlv_anchor == NULL) {
-		dlv_anchor = isc_mem_strdup(mctx, "dlv.isc.org");
-		if (dlv_anchor == NULL)
-			fatal("out of memory");
-	}
-
-	CHECK(convert_name(&afn, &anchor_name, trust_anchor));
-	CHECK(convert_name(&dfn, &dlv_name, dlv_anchor));
+	if (trust_anchor != NULL)
+		CHECK(convert_name(&afn, &anchor_name, trust_anchor));
+	if (dlv_anchor != NULL)
+		CHECK(convert_name(&dfn, &dlv_name, dlv_anchor));
 
 	CHECK(cfg_parser_create(mctx, dns_lctx, &parser));
 
@@ -773,7 +773,7 @@ setup_dnsseckeys(dns_client_t *client) {
 static isc_result_t
 addserver(dns_client_t *client) {
 	struct addrinfo hints, *res, *cur;
-	int gai_error;
+	int gaierror;
 	struct in_addr in4;
 	struct in6_addr in6;
 	isc_sockaddr_t *sa;
@@ -788,14 +788,20 @@ addserver(dns_client_t *client) {
 
 	ISC_LIST_INIT(servers);
 
-	if (use_ipv4 && inet_pton(AF_INET, server, &in4) == 1) {
+	if (inet_pton(AF_INET, server, &in4) == 1) {
+		if (!use_ipv4) {
+			fatal("Use of IPv4 disabled by -6");
+		}
 		sa = isc_mem_get(mctx, sizeof(*sa));
 		if (sa == NULL)
 			return (ISC_R_NOMEMORY);
 		ISC_LINK_INIT(sa, link);
 		isc_sockaddr_fromin(sa, &in4, destport);
 		ISC_LIST_APPEND(servers, sa, link);
-	} else if (use_ipv6 && inet_pton(AF_INET6, server, &in6) == 1) {
+	} else if (inet_pton(AF_INET6, server, &in6) == 1) {
+		if (!use_ipv6) {
+			fatal("Use of IPv6 disabled by -4");
+		}
 		sa = isc_mem_get(mctx, sizeof(*sa));
 		if (sa == NULL)
 			return (ISC_R_NOMEMORY);
@@ -812,11 +818,11 @@ addserver(dns_client_t *client) {
 			hints.ai_family = AF_UNSPEC;
 		hints.ai_socktype = SOCK_DGRAM;
 		hints.ai_protocol = IPPROTO_UDP;
-		gai_error = getaddrinfo(server, port, &hints, &res);
-		if (gai_error != 0) {
+		gaierror = getaddrinfo(server, port, &hints, &res);
+		if (gaierror != 0) {
 			delv_log(ISC_LOG_ERROR,
 				  "getaddrinfo failed: %s",
-				  gai_strerror(gai_error));
+				  gai_strerror(gaierror));
 			return (ISC_R_FAILURE);
 		}
 
@@ -937,18 +943,6 @@ cleanup:
 	return (result);
 }
 
-static char *
-next_token(char **stringp, const char *delim) {
-	char *res;
-
-	do {
-		res = strsep(stringp, delim);
-		if (res == NULL)
-			break;
-	} while (*res == '\0');
-	return (res);
-}
-
 static isc_result_t
 parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc) {
@@ -968,24 +962,23 @@ parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 static void
 plus_option(char *option) {
 	isc_result_t result;
-	char option_store[256];
-	char *cmd, *value, *ptr;
+	char *cmd, *value, *last = NULL;
 	isc_boolean_t state = ISC_TRUE;
 
-	strncpy(option_store, option, sizeof(option_store));
-	option_store[sizeof(option_store)-1]=0;
-	ptr = option_store;
-	cmd = next_token(&ptr,"=");
+	INSIST(option != NULL);
+
+	cmd = strtok_r(option, "=", &last);
 	if (cmd == NULL) {
-		printf(";; Invalid option %s\n", option_store);
+		printf(";; Invalid option %s\n", option);
 		return;
 	}
-	value = ptr;
 	if (strncasecmp(cmd, "no", 2)==0) {
 		cmd += 2;
 		state = ISC_FALSE;
 	}
 
+	value = strtok_r(NULL, "\0", &last);
+
 #define FULLCHECK(A) \
 	do { \
 		size_t _l = strlen(cmd); \
@@ -1368,6 +1361,7 @@ dash_option(char *option, char *next, isc_boolean_t *open_type_class) {
  */
 static void
 preparse_args(int argc, char **argv) {
+	isc_boolean_t ipv4only = ISC_FALSE, ipv6only = ISC_FALSE;
 	char *option;
 
 	for (argc--, argv++; argc > 0; argc--, argv++) {
@@ -1375,10 +1369,23 @@ preparse_args(int argc, char **argv) {
 			continue;
 		option = &argv[0][1];
 		while (strpbrk(option, single_dash_opts) == &option[0]) {
-			if (option[0] == 'm') {
+			switch (option[0]) {
+			case 'm':
 				isc_mem_debugging = ISC_MEM_DEBUGTRACE |
 					ISC_MEM_DEBUGRECORD;
-				return;
+				break;
+			case '4':
+				if (ipv6only) {
+					fatal("only one of -4 and -6 allowed");
+				}
+				ipv4only = ISC_TRUE;
+				break;
+			case '6':
+				if (ipv4only) {
+					fatal("only one of -4 and -6 allowed");
+				}
+				ipv6only = ISC_TRUE;
+				break;
 			}
 			option = &option[1];
 		}
@@ -1518,9 +1525,8 @@ get_reverse(char *reverse, size_t len, char *value, isc_boolean_t strict) {
 		dns_name_t *name;
 		unsigned int options = 0;
 
-		dns_fixedname_init(&fname);
-		name = dns_fixedname_name(&fname);
-		result = dns_byaddr_createptrname2(&addr, options, name);
+		name = dns_fixedname_initname(&fname);
+		result = dns_byaddr_createptrname(&addr, options, name);
 		if (result != ISC_R_SUCCESS)
 			return (result);
 		dns_name_format(name, reverse, (unsigned int)len);
@@ -1566,8 +1572,8 @@ main(int argc, char *argv[]) {
 	struct sigaction sa;
 #endif
 
-	preparse_args(argc, argv);
 	progname = argv[0];
+	preparse_args(argc, argv);
 
 	argc--;
 	argv++;
@@ -1604,8 +1610,8 @@ main(int argc, char *argv[]) {
 
 	/* Create client */
 	clopt = DNS_CLIENTCREATEOPT_USECACHE;
-	result = dns_client_createx2(mctx, actx, taskmgr, socketmgr, timermgr,
-				     clopt, &client, srcaddr4, srcaddr6);
+	result = dns_client_createx(mctx, actx, taskmgr, socketmgr, timermgr,
+				    clopt, &client, srcaddr4, srcaddr6);
 	if (result != ISC_R_SUCCESS) {
 		delv_log(ISC_LOG_ERROR, "dns_client_create: %s",
 			  isc_result_totext(result));

bin/delv/delv.docbook

@@ -1,15 +1,18 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
   <info>
     <date>2014-04-23</date>
   </info>
@@ -34,6 +37,8 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2017</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -42,8 +47,10 @@
     <cmdsynopsis sepchar=" ">
       <command>delv</command>
       <arg choice="opt" rep="norepeat">@server</arg>
-      <arg choice="opt" rep="norepeat"><option>-4</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      <group choice="opt" rep="norepeat">
+	<arg choice="opt" rep="norepeat"><option>-4</option></arg>
+	<arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      </group>
       <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">anchor-file</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
@@ -80,7 +87,7 @@
   <refsection><info><title>DESCRIPTION</title></info>
 
     <para><command>delv</command>
-      (Domain Entity Lookup &amp; Validation) is a tool for sending
+      is a tool for sending
       DNS queries and validating the results, using the same internal
       resolver and validator logic as <command>named</command>.
     </para>
@@ -96,8 +103,7 @@
     </para>
     <para>
       By default, responses are validated using built-in DNSSEC trust
-      anchors for the root zone (".") and for the ISC DNSSEC lookaside
-      validation zone ("dlv.isc.org").  Records returned by
+      anchor for the root zone (".").  Records returned by
       <command>delv</command> are either fully validated or
       were not signed.  If validation fails, an explanation of
       the failure is included in the output; the validation process
@@ -199,14 +205,15 @@
 	    Specifies a file from which to read DNSSEC trust anchors.
 	    The default is <filename>/etc/bind.keys</filename>, which
 	    is included with <acronym>BIND</acronym> 9 and contains
-	    trust anchors for the root zone (".") and for the ISC
-	    DNSSEC lookaside validation zone ("dlv.isc.org").
+	    one or more trust anchors for the root zone (".").
 	  </para>
 	  <para>
-	    Keys that do not match the root or DLV trust-anchor
-	    names are ignored; these key names can be overridden
-	    using the <option>+dlv=NAME</option> or
-	    <option>+root=NAME</option> options.
+	    Keys that do not match the root zone name are ignored.
+            An alternate key name can be specified using the
+	    <option>+root=NAME</option> options. DNSSEC Lookaside
+            Validation can also be turned on by using the
+	    <option>+dlv=NAME</option> to specify the name of a
+            zone containing DLV records.
 	  </para>
 	  <para>
 	    Note: When reading the trust anchor file,
@@ -636,11 +643,8 @@
 	    <para>
 	      Indicates whether to perform DNSSEC lookaside validation,
 	      and if so, specifies the name of the DLV trust anchor.
-	      The default is to perform lookaside validation using
-	      a trust anchor of "dlv.isc.org", for which there is a
-	      built-in key.  If specifying a different name, then
-	      <option>-a</option> must be used to specify a file
-	      containing the DLV key.
+	      The <option>-a</option> option must also be used to specify
+              a file containing the DLV key.
 	    </para>
 	  </listitem>
 	</varlistentry>

bin/delv/delv.html

@@ -1,19 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>delv</title>
@@ -21,25 +14,72 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.delv"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>delv &#8212; DNS lookup and validation utility</p>
+<p>
+    delv
+     &#8212; DNS lookup and validation utility
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [@server] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>level</code></em></code>] [<code class="option">-i</code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [<code class="option">-h</code>]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [<code class="option">-v</code>]</p></div>
-<div class="cmdsynopsis"><p><code class="command">delv</code>  [queryopt...] [query...]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [@server]
+       [
+	[<code class="option">-4</code>]
+	 |  [<code class="option">-6</code>]
+      ]
+       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
+       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
+       [<code class="option">-i</code>]
+       [<code class="option">-m</code>]
+       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
+       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
+       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
+       [name]
+       [type]
+       [class]
+       [queryopt...]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [<code class="option">-h</code>]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [<code class="option">-v</code>]
+    </p></div>
+
+    <div class="cmdsynopsis"><p>
+      <code class="command">delv</code> 
+       [queryopt...]
+       [query...]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>delv</strong></span>
-      (Domain Entity Lookup &amp; Validation) is a tool for sending
+
+    <p><span class="command"><strong>delv</strong></span>
+      is a tool for sending
       DNS queries and validating the results, using the same internal
       resolver and validator logic as <span class="command"><strong>named</strong></span>.
     </p>
-<p>
+    <p>
       <span class="command"><strong>delv</strong></span> will send to a specified name server all
       queries needed to fetch and validate the requested data; this
       includes the original requested query, subsequent queries to follow
@@ -49,10 +89,9 @@
       behavior of a name server configured for DNSSEC validating and
       forwarding.
     </p>
-<p>
+    <p>
       By default, responses are validated using built-in DNSSEC trust
-      anchors for the root zone (".") and for the ISC DNSSEC lookaside
-      validation zone ("dlv.isc.org").  Records returned by
+      anchor for the root zone (".").  Records returned by
       <span class="command"><strong>delv</strong></span> are either fully validated or
       were not signed.  If validation fails, an explanation of
       the failure is included in the output; the validation process
@@ -61,7 +100,7 @@
       be used to check the validity of DNS responses in environments
       where local name servers may not be trustworthy.
     </p>
-<p>
+    <p>
       Unless it is told to query a specific name server,
       <span class="command"><strong>delv</strong></span> will try each of the servers listed in
       <code class="filename">/etc/resolv.conf</code>. If no usable server
@@ -69,15 +108,18 @@
       queries to the localhost addresses (127.0.0.1 for IPv4, ::1
       for IPv6).
     </p>
-<p>
+    <p>
       When no command line arguments or options are given,
       <span class="command"><strong>delv</strong></span> will perform an NS query for "."
       (the root zone).
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
-<p>
+
+
+    <p>
       A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
       </p>
 <pre class="programlisting"> delv @server name type </pre>
@@ -88,7 +130,7 @@
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">server</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      is the name or IP address of the name server to query.  This
 	      can be an IPv4 address in dotted-decimal notation or an IPv6
 	      address in colon-delimited notation.  When the supplied
@@ -98,7 +140,7 @@
 	      initial lookup is <span class="emphasis"><em>not</em></span> validated
 	      by DNSSEC).
 	    </p>
-<p>
+	    <p>
 	      If no <em class="parameter"><code>server</code></em> argument is
 	      provided, <span class="command"><strong>delv</strong></span> consults
 	      <code class="filename">/etc/resolv.conf</code>; if an
@@ -111,13 +153,16 @@
 	      the localhost addresses (127.0.0.1 for IPv4,
 	      ::1 for IPv6).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="constant">name</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      is the domain name to be looked up.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="constant">type</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      indicates what type of query is required &#8212;
 	      ANY, A, MX, etc.
 	      <em class="parameter"><code>type</code></em> can be any valid query
@@ -125,30 +170,35 @@
 	      <em class="parameter"><code>type</code></em> argument is supplied,
 	      <span class="command"><strong>delv</strong></span> will perform a lookup for an
 	      A record.
-	    </p></dd>
+	    </p>
+	  </dd>
 </dl></div>
 <p>
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Specifies a file from which to read DNSSEC trust anchors.
 	    The default is <code class="filename">/etc/bind.keys</code>, which
 	    is included with <acronym class="acronym">BIND</acronym> 9 and contains
-	    trust anchors for the root zone (".") and for the ISC
-	    DNSSEC lookaside validation zone ("dlv.isc.org").
+	    one or more trust anchors for the root zone (".").
 	  </p>
-<p>
-	    Keys that do not match the root or DLV trust-anchor
-	    names are ignored; these key names can be overridden
-	    using the <code class="option">+dlv=NAME</code> or
-	    <code class="option">+root=NAME</code> options.
+	  <p>
+	    Keys that do not match the root zone name are ignored.
+            An alternate key name can be specified using the
+	    <code class="option">+root=NAME</code> options. DNSSEC Lookaside
+            Validation can also be turned on by using the
+	    <code class="option">+dlv=NAME</code> to specify the name of a
+            zone containing DLV records.
 	  </p>
-<p>
+	  <p>
 	    Note: When reading the trust anchor file,
 	    <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
 	    statements and <code class="option">trusted-keys</code> statements
@@ -162,23 +212,28 @@
 	    <code class="filename">/etc/bind.keys</code> to use DNSSEC
 	    validation in <span class="command"><strong>delv</strong></span>.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the source IP address of the query to
 	    <em class="parameter"><code>address</code></em>.  This must be a valid address
 	    on one of the host's network interfaces or "0.0.0.0" or "::".
 	    An optional source port may be specified by appending
 	    "#&lt;port&gt;"
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the query class for the requested data. Currently,
 	    only class "IN" is supported in <span class="command"><strong>delv</strong></span>
 	    and any other value is ignored.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Set the systemwide debug level to <code class="option">level</code>.
 	    The allowed range is from 0 to 99.
 	    The default is 0 (no debugging).
@@ -187,13 +242,17 @@
 	    See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
 	    and <code class="option">+vtrace</code> options below for additional
 	    debugging details.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-h</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-i</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Insecure mode. This disables internal DNSSEC validation.
 	    (Note, however, this does not set the CD bit on upstream
 	    queries. If the server being queried is performing DNSSEC
@@ -201,30 +260,37 @@
 	    can cause <span class="command"><strong>delv</strong></span> to time out. When it
 	    is necessary to examine invalid data to debug a DNSSEC
 	    problem, use <span class="command"><strong>dig +cd</strong></span>.)
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-m</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Enables memory usage debugging.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Specifies a destination port to use for queries instead of
 	    the standard DNS port number 53.  This option would be used
 	    with a name server that has been configured to listen
 	    for queries on a non-standard port number.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Sets the query name to <em class="parameter"><code>name</code></em>.
 	    While the query name can be specified without using the
 	    <code class="option">-q</code>, it is sometimes necessary to disambiguate
 	    names from types or classes (for example, when looking up the
 	    name "ns", which could be misinterpreted as the type NS,
 	    or "ch", which could be misinterpreted as class CH).
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Sets the query type to <em class="parameter"><code>type</code></em>, which
 	    can be any valid query type supported in BIND 9 except
 	    for zone transfer types AXFR and IXFR. As with
@@ -232,18 +298,21 @@
 	    query name type or class when they are ambiguous.
 	    it is sometimes necessary to disambiguate names from types.
 	  </p>
-<p>
+	  <p>
 	    The default query type is "A", unless the <code class="option">-x</code>
 	    option is supplied to indicate a reverse lookup, in which case
 	    it is "PTR".
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print the <span class="command"><strong>delv</strong></span> version and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Performs a reverse lookup, mapping an addresses to
 	    a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
 	    dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -253,24 +322,33 @@
 	    lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
 	    and sets the query type to PTR.  IPv6 addresses are looked up
 	    using nibble format under the IP6.ARPA domain.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-4</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-6</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
-	  </p></dd>
+	  </p>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
-<p><span class="command"><strong>delv</strong></span>
+
+
+    <p><span class="command"><strong>delv</strong></span>
       provides a number of query options which affect the way results are
       displayed, and in some cases the way lookups are performed.
     </p>
-<p>
+
+    <p>
       Each query option is identified by a keyword preceded by a plus sign
       (<code class="literal">+</code>).  Some keywords set or reset an
       option.  These may be preceded by the string
@@ -282,7 +360,8 @@
       </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to set the CD (checking disabled) bit in
 	      queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
 	      when troubleshooting DNSSEC problems from behind a validating
@@ -291,20 +370,25 @@
 	      the CD flag on queries will cause the resolver to return
 	      invalid responses, which <span class="command"><strong>delv</strong></span> can then
 	      validate internally and report the errors in detail.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]class</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the CLASS when printing
 	      a record. The default is to display the CLASS.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the TTL when printing
 	      a record. The default is to display the TTL.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle resolver fetch logging. This reports the
 	      name and type of each query sent by <span class="command"><strong>delv</strong></span>
 	      in the process of carrying out the resolution and validation
@@ -312,62 +396,69 @@
 	      all subsequent queries to follow CNAMEs and to establish a
 	      chain of trust for DNSSEC validation.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 1 in
 	      the "resolver" logging category. Setting the systemwide
 	      debug level to 1 using the <code class="option">-d</code> option will
 	      product the same output (but will affect other logging
 	      categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle message logging. This produces a detailed dump of
 	      the responses received by <span class="command"><strong>delv</strong></span> in the
 	      process of carrying out the resolution and validation process.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 10
 	      for the "packets" module of the "resolver" logging
 	      category. Setting the systemwide debug level to 10 using
 	      the <code class="option">-d</code> option will produce the same output
 	      (but will affect other logging categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
 <dd>
-<p>
+	    <p>
 	      Toggle validation logging. This shows the internal
 	      process of the validator as it determines whether an
 	      answer is validly signed, unsigned, or invalid.
 	    </p>
-<p>
+	    <p>
 	      This is equivalent to setting the debug level to 3
 	      for the "validator" module of the "dnssec" logging
 	      category. Setting the systemwide debug level to 3 using
 	      the <code class="option">-d</code> option will produce the same output
 	      (but will affect other logging categories as well).
 	    </p>
-</dd>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]short</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Provide a terse answer.  The default is to print the answer in a
 	      verbose form.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of comment lines in the output.  The default
 	      is to print comments.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of per-record comments in the output (for
 	      example, human-readable key information about DNSKEY records).
 	      The default is to print per-record comments.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Toggle the display of cryptographic fields in DNSSEC records.
 	      The contents of these field are unnecessary to debug most DNSSEC
 	      validation failures and removing them makes it easier to see
@@ -375,14 +466,18 @@
 	      When omitted they are replaced by the string "[omitted]" or
 	      in the DNSKEY case the key id is displayed as the replacement,
 	      e.g. "[ key id = value ]".
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]trust</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to display the trust level when printing
 	      a record. The default is to display the trust level.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Split long hex- or base64-formatted fields in resource
 	      records into chunks of <em class="parameter"><code>W</code></em> characters
 	      (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
@@ -391,24 +486,30 @@
 	      <em class="parameter"><code>+split=0</code></em> causes fields not to be
 	      split at all.  The default is 56 characters, or 44 characters
 	      when multiline mode is active.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]all</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Set or clear the display options
 	      <code class="option">+[no]comments</code>,
 	      <code class="option">+[no]rrcomments</code>, and
 	      <code class="option">+[no]trust</code> as a group.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Print long records (such as RRSIG, DNSKEY, and SOA records)
 	      in a verbose multi-line format with human-readable comments.
 	      The default is to print each record on a single line, to
 	      facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
 	      output.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to display RRSIG records in the
 	      <span class="command"><strong>delv</strong></span> output.  The default is to
 	      do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
@@ -418,9 +519,11 @@
 	      will always occur unless suppressed by the use of
 	      <code class="option">-i</code> or <code class="option">+noroot</code> and
 	      <code class="option">+nodlv</code>.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to perform conventional (non-lookaside)
 	      DNSSEC validation, and if so, specifies the
 	      name of a trust anchor.  The default is to validate using
@@ -428,49 +531,62 @@
 	      a built-in key.  If specifying a different trust anchor,
 	      then <code class="option">-a</code> must be used to specify a file
 	      containing the key.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Indicates whether to perform DNSSEC lookaside validation,
 	      and if so, specifies the name of the DLV trust anchor.
-	      The default is to perform lookaside validation using
-	      a trust anchor of "dlv.isc.org", for which there is a
-	      built-in key.  If specifying a different name, then
-	      <code class="option">-a</code> must be used to specify a file
-	      containing the DLV key.
-	    </p></dd>
+	      The <code class="option">-a</code> option must also be used to specify
+              a file containing the DLV key.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Controls whether to use TCP when sending queries.
 	      The default is to use UDP unless a truncated
 	      response has been received.
-	    </p></dd>
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
-<dd><p>
+<dd>
+	    <p>
 	      Print all RDATA in unknown RR type presentation format
 	      (RFC 3597). The default is to print RDATA for known types
 	      in the type's presentation format.
-	    </p></dd>
+	    </p>
+	  </dd>
 </dl></div>
 <p>
 
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>FILES</h2>
-<p><code class="filename">/etc/bind.keys</code></p>
-<p><code class="filename">/etc/resolv.conf</code></p>
-</div>
-<div class="refsection">
+
+    <p><code class="filename">/etc/bind.keys</code></p>
+    <p><code class="filename">/etc/resolv.conf</code></p>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.12"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+
+    <p><span class="citerefentry">
+	<span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+	<span class="refentrytitle">named</span>(8)
+      </span>,
       <em class="citetitle">RFC4034</em>,
       <em class="citetitle">RFC4035</em>,
       <em class="citetitle">RFC4431</em>,
       <em class="citetitle">RFC5074</em>,
       <em class="citetitle">RFC5155</em>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/delv/win32/delv.dsp.in

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="delv" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=delv - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "delv.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "delv.mak" CFG="delv - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "delv - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "delv - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "delv - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/irs/win32/Release/libirs.lib /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/delv.exe"
-
-!ELSEIF  "$(CFG)" == "delv - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/irs/win32/Debug/libirs.lib /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/delv.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "delv - @PLATFORM@ Release"
-# Name "delv - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\delv.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/delv/win32/delv.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "delv"=".\delv.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/delv/win32/delv.mak.in

@@ -1,299 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on delv.dsp
-!IF "$(CFG)" == ""
-CFG=delv - @PLATFORM@ Debug
-!MESSAGE No configuration specified. Defaulting to delv - @PLATFORM@ Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "delv - @PLATFORM@ Release" && "$(CFG)" != "delv - @PLATFORM@ Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "delv.mak" CFG="delv - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "delv - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "delv - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "delv - @PLATFORM@ Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "delv - @PLATFORM@ Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\delv.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\delv.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\delv.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\delv.pch" @COPTY@ /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\delv.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/irs/win32/Release/libirs.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\delv.pdb" @MACHINE@ /out:"../../../Build/Release/delv.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\delv.obj"
-
-"..\..\..\Build\Release\delv.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "delv - @PLATFORM@ Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\delv.exe" "$(OUTDIR)\delv.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\delv.obj"
-	-@erase "$(INTDIR)\delv.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\delv.pdb"
-	-@erase "$(OUTDIR)\delv.bsc"
-	-@erase "..\..\..\Build\Debug\delv.exe"
-	-@erase "..\..\..\Build\Debug\delv.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/irs/win32/include" /I "../../../lib/irs/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\delv.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\delv.sbr"
-
-"$(OUTDIR)\delv.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/irs/win32/Debug/libirs.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\delv.pdb" /debug @MACHINE@ /out:"../../../Build/Debug/delv.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\delv.obj"
-
-"..\..\..\Build\Debug\delv.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("delv.dep")
-!INCLUDE "delv.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "delv.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "delv - @PLATFORM@ Release" || "$(CFG)" == "delv - @PLATFORM@ Debug"
-SOURCE="..\delv.c"
-
-!IF  "$(CFG)" == "delv - @PLATFORM@ Release"
-
-
-"$(INTDIR)\delv.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "delv - @PLATFORM@ Debug"
-
-
-"$(INTDIR)\delv.obj"	"$(INTDIR)\delv.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/delv/win32/delv.vcxproj.in

@@ -60,7 +60,8 @@
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
       <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -86,7 +87,8 @@
       <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
       <ObjectFileName>.\$(Configuration)\</ObjectFileName>
       <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <CompileAs>CompileAsC</CompileAs>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>

bin/dig/Makefile.in

@@ -1,8 +1,11 @@
-# Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2012-2016  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -14,33 +17,34 @@ VERSION=@BIND9_VERSION@
 
 READLINE_LIB = @READLINE_LIB@
 
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
+		${BIND9_INCLUDES} ${ISC_INCLUDES} \
+		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @CRYPTO@
+CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-LWRESLIBS =	../../lib/lwres/liblwres.@A@
+ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
+ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
+IRSLIBS =	../../lib/irs/libirs.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
+IRSDEPLIBS =	../../lib/irs/libirs.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} \
-		${ISCCFGDEPLIBS} ${LWRESDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
+		${ISCDEPLIBS} ${ISCCFGDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCLIBS} @IDNLIBS@ @LIBS@
+LIBS =		${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
 
-NOSYMLIBS =	${LWRESLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
+NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
+		${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
 
 SUBDIRS =
 
@@ -60,19 +64,21 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
+LDFLAGS =	@LDFLAGS@ @LIBIDN2_LDFLAGS@
+
 dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
 	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
-	export LIBS0="${DNSLIBS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
 	${FINALBUILDCMD}
 
 host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
 	export BASEOBJS="host.@O@ dighost.@O@ ${UOBJS}"; \
-	export LIBS0="${DNSLIBS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
 	${FINALBUILDCMD}
 
 nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
 	export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
-	export LIBS0="${DNSLIBS}"; \
+	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
 	${FINALBUILDCMD}
 
 doc man:: ${MANOBJS}
@@ -97,3 +103,11 @@ install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
 	for m in ${MANPAGES}; do \
 		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
 		done
+
+uninstall::
+	for m in ${MANPAGES}; do \
+		rm -f ${DESTDIR}${mandir}/man1/$$m ; \
+	done
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@
+	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/dig@EXEEXT@

bin/dig/dig.1

@@ -1,17 +1,8 @@
-.\" Copyright (C) 2004-2011, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -48,7 +39,7 @@
 dig \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP \w'\fBdig\fR\ 'u
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [name] [type] [class] [queryopt...]
 .HP \w'\fBdig\fR\ 'u
 \fBdig\fR [\fB\-h\fR]
 .HP \w'\fBdig\fR\ 'u
@@ -56,7 +47,7 @@ dig \- DNS lookup utility
 .SH "DESCRIPTION"
 .PP
 \fBdig\fR
-(domain information groper) is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use
+is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use
 \fBdig\fR
 to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than
 \fBdig\fR\&.
@@ -185,7 +176,7 @@ using the command\-line interface\&.
 .PP
 \-i
 .RS 4
-Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
+Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
 .RE
 .PP
 \-k \fIkeyfile\fR
@@ -219,13 +210,20 @@ from other arguments\&.
 .PP
 \-t \fItype\fR
 .RS 4
-The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
 \fItype\fR
 to
 ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
 \fIN\fR\&.
+.sp
+All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
+.RE
+.PP
+\-u
+.RS 4
+Print query times in microseconds instead of milliseconds\&.
 .RE
 .PP
 \-v
@@ -270,7 +268,9 @@ hmac\-sha384, or
 hmac\-sha512\&. If
 \fIhmac\fR
 is not specified, the default is
-hmac\-md5\&.
+hmac\-md5
+or if MD5 was disabled
+hmac\-sha256\&.
 .sp
 NOTE: You should use the
 \fB\-k\fR
@@ -435,6 +435,11 @@ Specify EDNS option with code point
 and optionally payload of
 \fBvalue\fR
 as a hexadecimal string\&.
+\fBcode\fR
+can be either an EDNS option name (for example,
+NSID
+or
+ECS), or an arbitrary numeric value\&.
 \fB+noednsopt\fR
 clears the EDNS options to be sent\&.
 .RE
@@ -461,11 +466,26 @@ Show [or do not show] the IP address and port number that supplied the answer wh
 option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
 .RE
 .PP
+\fB+[no]idnin\fR
+.RS 4
+Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to process IDN input\&.
+.RE
+.PP
+\fB+[no]idnout\fR
+.RS 4
+Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
+.RE
+.PP
 \fB+[no]ignore\fR
 .RS 4
 Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
 .RE
 .PP
+\fB+[no]keepalive\fR
+.RS 4
+Send [or do not send] an EDNS Keepalive option\&.
+.RE
+.PP
 \fB+[no]keepopen\fR
 .RS 4
 Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup\&. The default is
@@ -512,7 +532,7 @@ Include an EDNS name server ID request when sending a query\&.
 .RS 4
 When this option is set,
 \fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. Addresses of servers that that did not respond are also printed\&.
 .RE
 .PP
 \fB+[no]onesoa\fR
@@ -525,6 +545,15 @@ Print only one (starting) SOA record when performing an AXFR\&. The default is t
 Set [restore] the DNS message opcode to the specified value\&. The default value is QUERY (0)\&.
 .RE
 .PP
+\fB+padding=value\fR
+.RS 4
+Pad the size of the query packet using the EDNS Padding option to blocks of
+\fIvalue\fR
+bytes\&. For example,
+\fB+padding=32\fR
+would cause a 48\-byte query to be padded to 64 bytes\&. The default block size is 0, which disables padding\&. The maximum is 512\&. Values are ordinarily expected to be powers of two, such as 128; however, this is not mandatory\&. Responses to padded queries may also be padded, but only if the query uses TCP or DNS COOKIE\&.
+.RE
+.PP
 \fB+[no]qr\fR
 .RS 4
 Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
@@ -535,6 +564,11 @@ Print [do not print] the query as it is sent\&. By default, the query is not pri
 Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
 .RE
 .PP
+\fB+[no]raflag\fR
+.RS 4
+Set [do not set] the RA (Recursion Available) bit in the query\&. The default is +noraflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
 \fB+[no]rdflag\fR
 .RS 4
 A synonym for
@@ -590,7 +624,9 @@ Perform [do not perform] a search showing intermediate results\&.
 .PP
 \fB+[no]sigchase\fR
 .RS 4
-Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
+This feature is now obsolete and has been removed; use
+\fBdelv\fR
+instead\&.
 .RE
 .PP
 \fB+split=W\fR
@@ -617,14 +653,21 @@ Send (don\*(Aqt send) an EDNS Client Subnet option with the specified IP address
 .sp
 \fBdig +subnet=0\&.0\&.0\&.0/0\fR, or simply
 \fBdig +subnet=0\fR
-for short, sends an EDNS client\-subnet option with an empty address and a source prefix\-length of zero, which signals a resolver that the client\*(Aqs address information must
+for short, sends an EDNS CLIENT\-SUBNET option with an empty address and a source prefix\-length of zero, which signals a resolver that the client\*(Aqs address information must
 \fInot\fR
 be used when resolving this query\&.
 .RE
 .PP
+\fB+[no]tcflag\fR
+.RS 4
+Set [do not set] the TC (TrunCation) bit in the query\&. The default is +notcflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
 \fB+[no]tcp\fR
 .RS 4
-Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless an
+Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
+any
+or
 ixfr=N
 query is requested, in which case the default is TCP\&. AXFR queries always use TCP\&.
 .RE
@@ -640,7 +683,10 @@ to less than 1 will result in a query timeout of 1 second being applied\&.
 .PP
 \fB+[no]topdown\fR
 .RS 4
-When chasing DNSSEC signature chains perform a top\-down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
+This feature is related to
+\fBdig +sigchase\fR, which is obsolete and has been removed\&. Use
+\fBdelv\fR
+instead\&.
 .RE
 .PP
 \fB+[no]trace\fR
@@ -666,18 +712,10 @@ is less than or equal to zero, the number of tries is silently rounded up to 1\&
 .PP
 \fB+trusted\-key=####\fR
 .RS 4
-Specifies a file containing trusted keys to be used with
-\fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&.
-.sp
-If not specified,
-\fBdig\fR
-will look for
-/etc/trusted\-key\&.key
-then
-trusted\-key\&.key
-in the current directory\&.
-.sp
-Requires dig be compiled with \-DDIG_SIGCHASE\&.
+Formerly specified trusted keys for use with
+\fBdig +sigchase\fR\&. This feature is now obsolete and has been removed; use
+\fBdelv\fR
+instead\&.
 .RE
 .PP
 \fB+[no]ttlid\fR
@@ -718,9 +756,11 @@ In this case, each
 \fIquery\fR
 argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
 .PP
-A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the
+A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except
 \fB+[no]cmd\fR
-option) can be overridden by a query\-specific set of query options\&. For example:
+and
+\fB+[no]short\fR
+options) can be overridden by a query\-specific set of query options\&. For example:
 .sp
 .if n \{\
 .RS 4
@@ -752,11 +792,10 @@ If
 \fBdig\fR
 has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
 \fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBdig\fR
-runs\&.
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
+\fI+noidnin\fR
+and
+\fI+noidnout\fR\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -764,10 +803,11 @@ runs\&.
 ${HOME}/\&.digrc
 .SH "SEE ALSO"
 .PP
+\fBdelv\fR(1),
 \fBhost\fR(1),
 \fBnamed\fR(8),
 \fBdnssec-keygen\fR(8),
-RFC1035\&.
+RFC 1035\&.
 .SH "BUGS"
 .PP
 There are probably too many query options\&.
@@ -776,7 +816,5 @@ There are probably too many query options\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2011, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000-2003 Internet Software Consortium.
+Copyright \(co 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/dig.docbook

@@ -1,15 +1,18 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2000-2011, 2013-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dig">
   <info>
     <date>2014-02-19</date>
   </info>
@@ -31,6 +34,10 @@
 
   <docinfo>
     <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <year>2003</year>
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
@@ -43,15 +50,10 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2017</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
   </docinfo>
 
   <refsynopsisdiv>
@@ -69,8 +71,10 @@
       <arg choice="opt" rep="norepeat"><option>-v</option></arg>
       <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-4</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      <group choice="opt" rep="norepeat">
+	<arg choice="opt" rep="norepeat"><option>-4</option></arg>
+	<arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      </group>
       <arg choice="opt" rep="norepeat">name</arg>
       <arg choice="opt" rep="norepeat">type</arg>
       <arg choice="opt" rep="norepeat">class</arg>
@@ -91,8 +95,7 @@
 
   <refsection><info><title>DESCRIPTION</title></info>
 
-    <para><command>dig</command>
-      (domain information groper) is a flexible tool
+    <para><command>dig</command> is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
       displays the answers that are returned from the name server(s) that
       were queried.  Most DNS administrators use <command>dig</command> to
@@ -272,9 +275,9 @@
 	<term>-i</term>
 	<listitem>
 	  <para>
-	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+	    Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
 	    domain, which is no longer in use. Obsolete bit string
-	    label queries (RFC2874) are not attempted.
+	    label queries (RFC 2874) are not attempted.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -335,11 +338,12 @@
 	<term>-t <replaceable class="parameter">type</replaceable></term>
 	<listitem>
 	  <para>
-	    The resource record type to query. It can be any valid query type
-	    which is
-	    supported in BIND 9.  The default query type is "A", unless the
-	    <option>-x</option> option is supplied to indicate a reverse lookup.
-	    A zone transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query
+	    type.  If it is a resource record type supported in BIND 9, it
+	    can be given by the type mnemonic (such as "NS" or "AAAA").
+	    The default query type is "A", unless the <option>-x</option>
+	    option is supplied to indicate a reverse lookup.  A zone
+	    transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <parameter>type</parameter> to <literal>ixfr=N</literal>.
 	    The incremental zone transfer will contain the changes
@@ -347,6 +351,21 @@
 	    record was
 	    <parameter>N</parameter>.
 	  </para>
+	  <para>
+	    All resource record types can be expressed as "TYPEnn", where
+	    "nn" is the number of the type. If the resource record type is
+	    not supported in BIND 9, the result will be displayed as
+	    described in RFC 3597.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term>-u</term>
+	<listitem>
+	  <para>
+	    Print query times in microseconds instead of milliseconds.
+	  </para>
 	</listitem>
       </varlistentry>
 
@@ -393,7 +412,8 @@
 	    <literal>hmac-sha1</literal>, <literal>hmac-sha224</literal>,
 	    <literal>hmac-sha256</literal>, <literal>hmac-sha384</literal>, or
 	    <literal>hmac-sha512</literal>.  If <parameter>hmac</parameter>
-	    is not specified, the default is <literal>hmac-md5</literal>.
+	    is not specified, the default is <literal>hmac-md5</literal>
+	    or if MD5 was disabled <literal>hmac-sha256</literal>.
 	  </para>
 	  <para>
 	    NOTE: You should use the <option>-k</option> option and
@@ -709,7 +729,10 @@
 	    <para>
 	      Specify EDNS option with code point <option>code</option>
 	      and optionally payload of <option>value</option> as a
-	      hexadecimal string.  <option>+noednsopt</option>
+	      hexadecimal string.  <option>code</option> can be
+	      either an EDNS option name (for example,
+	      <literal>NSID</literal> or <literal>ECS</literal>),
+	      or an arbitrary numeric value.  <option>+noednsopt</option>
 	      clears the EDNS options to be sent.
 	    </para>
 	  </listitem>
@@ -760,6 +783,28 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]idnin</option></term>
+	  <listitem>
+	    <para>
+	      Process [do not process] IDN domain names on input.
+	      This requires IDN SUPPORT to have been enabled at
+	      compile time.  The default is to process IDN input.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term><option>+[no]idnout</option></term>
+	  <listitem>
+	    <para>
+	      Convert [do not convert] puny code on output.
+	      This requires IDN SUPPORT to have been enabled at
+	      compile time.  The default is to convert output.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]ignore</option></term>
 	  <listitem>
@@ -770,6 +815,15 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]keepalive</option></term>
+	  <listitem>
+	    <para>
+	      Send [or do not send] an EDNS Keepalive option.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]keepopen</option></term>
 	  <listitem>
@@ -841,7 +895,8 @@
 	      attempts to find the authoritative name servers for
 	      the zone containing the name being looked up and
 	      display the SOA record that each name server has for
-	      the zone.
+	      the zone. Addresses of servers that that did not
+	      respond are also printed.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -867,6 +922,23 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+padding=value</option></term>
+	  <listitem>
+	    <para>
+	      Pad the size of the query packet using the EDNS Padding option
+	      to blocks of <parameter>value</parameter> bytes. For example,
+	      <option>+padding=32</option> would cause a 48-byte query to
+	      be padded to 64 bytes.  The default block size is 0, which
+	      disables padding. The maximum is 512. Values are
+	      ordinarily expected to be powers of two, such as 128;
+	      however, this is not mandatory.  Responses to
+	      padded queries may also be padded, but only if the query
+	      uses TCP or DNS COOKIE.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]qr</option></term>
 	  <listitem>
@@ -888,6 +960,17 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]raflag</option></term>
+	  <listitem>
+	    <para>
+	      Set [do not set] the RA (Recursion Available) bit in
+	      the query. The default is +noraflag. This bit should
+	      be ignored by the server for QUERY.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]rdflag</option></term>
 	  <listitem>
@@ -978,8 +1061,8 @@
 	  <term><option>+[no]sigchase</option></term>
 	  <listitem>
 	    <para>
-	      Chase DNSSEC signature chains.  Requires dig be
-	      compiled with -DDIG_SIGCHASE.
+	      This feature is now obsolete and has been removed;
+	      use <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1020,13 +1103,24 @@
 	      specified IP address or network prefix.
 	    </para>
 	    <para>
-              <command>dig +subnet=0.0.0.0/0</command>, or simply
-              <command>dig +subnet=0</command> for short, sends an EDNS
-              client-subnet option with an empty address and a source
-              prefix-length of zero, which signals a resolver that
-              the client's address information must
-              <emphasis>not</emphasis> be used when resolving
-              this query.
+	      <command>dig +subnet=0.0.0.0/0</command>, or simply
+	      <command>dig +subnet=0</command> for short, sends an EDNS
+	      CLIENT-SUBNET option with an empty address and a source
+	      prefix-length of zero, which signals a resolver that
+	      the client's address information must
+	      <emphasis>not</emphasis> be used when resolving
+	      this query.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
+	<varlistentry>
+	  <term><option>+[no]tcflag</option></term>
+	  <listitem>
+	    <para>
+	      Set [do not set] the TC (TrunCation) bit in the query.
+	      The default is +notcflag.  This bit should be ignored
+	      by the server for QUERY.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1036,10 +1130,10 @@
 	  <listitem>
 	    <para>
 	      Use [do not use] TCP when querying name servers. The
-	      default behavior is to use UDP unless an
-	      <literal>ixfr=N</literal> query is requested, in which
-	      case the default is TCP.  AXFR queries always use
-	      TCP.
+	      default behavior is to use UDP unless a type
+	      <literal>any</literal> or <literal>ixfr=N</literal>
+	      query is requested, in which case the default is TCP.
+	      AXFR queries always use TCP.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1063,8 +1157,9 @@
 	  <term><option>+[no]topdown</option></term>
 	  <listitem>
 	    <para>
-	      When chasing DNSSEC signature chains perform a top-down
-	      validation.  Requires dig be compiled with -DDIG_SIGCHASE.
+	      This feature is related to <command>dig +sigchase</command>,
+	      which is obsolete and has been removed. Use
+	      <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1108,16 +1203,10 @@
 	  <term><option>+trusted-key=####</option></term>
 	  <listitem>
 	    <para>
-	      Specifies a file containing trusted keys to be used
-	      with <option>+sigchase</option>.  Each DNSKEY record
-	      must be on its own line.
-	    </para> <para>
-	      If not specified, <command>dig</command> will look
-	      for <filename>/etc/trusted-key.key</filename> then
-	      <filename>trusted-key.key</filename> in the current
-	      directory.
-	    </para> <para>
-	      Requires dig be compiled with -DDIG_SIGCHASE.
+	      Formerly specified trusted keys for use with
+	      <command>dig +sigchase</command>.  This feature is now
+	      obsolete and has been removed; use
+	      <command>delv</command> instead.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -1207,8 +1296,9 @@
       can also be supplied.  These global query options must precede the
       first tuple of name, class, type, options, flags, and query options
       supplied on the command line.  Any global query options (except
-      the <option>+[no]cmd</option> option) can be
-      overridden by a query-specific set of query options.  For example:
+      <option>+[no]cmd</option> and <option>+[no]short</option> options)
+      can be overridden by a query-specific set of query options.
+      For example:
       <programlisting>
 dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 </programlisting>
@@ -1238,10 +1328,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <command>dig</command> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when
-      <command>dig</command> runs.
+      If you'd like to turn off the IDN support for some reason, use
+      parameters <parameter>+noidnin</parameter> and
+      <parameter>+noidnout</parameter>.
     </para>
   </refsection>
 
@@ -1256,6 +1345,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
   <refsection><info><title>SEE ALSO</title></info>
 
     <para><citerefentry>
+	<refentrytitle>delv</refentrytitle><manvolnum>1</manvolnum>
+      </citerefentry>,
+      <citerefentry>
 	<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
       </citerefentry>,
       <citerefentry>
@@ -1264,7 +1356,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <citerefentry>
 	<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citetitle>RFC1035</citetitle>.
+      <citetitle>RFC 1035</citetitle>.
     </para>
   </refsection>
 

bin/dig/host.1

@@ -1,17 +1,8 @@
-.\" Copyright (C) 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -48,7 +39,7 @@
 host \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP \w'\fBhost\fR\ 'u
-\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
+\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
 .SH "DESCRIPTION"
 .PP
 \fBhost\fR
@@ -91,6 +82,15 @@ option is normally equivalent to
 list zone option\&.
 .RE
 .PP
+\-A
+.RS 4
+"Almost all"\&. The
+\fB\-A\fR
+option is equivalent to
+\fB\-a\fR
+except RRSIG, NSEC, and NSEC3 records are omitted from the output\&.
+.RE
+.PP
 \-c \fIclass\fR
 .RS 4
 Query class: This can be used to lookup HS (Hesiod) or CH (Chaosnet) class resource records\&. The default class is IN (Internet)\&.
@@ -190,13 +190,14 @@ If a query type of IXFR is chosen the starting serial number can be specified by
 \fB\-t \fR\fBIXFR=12345678\fR)\&.
 .RE
 .PP
-\-T
+\-T, \-U
 .RS 4
-TCP: By default,
+TCP/UDP: By default,
 \fBhost\fR
 uses UDP when making queries\&. The
 \fB\-T\fR
-option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&.
+option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&. Type ANY queries default to TCP but can be forced to UDP initially using
+\fB\-U\fR\&.
 .RE
 .PP
 \-m \fIflag\fR
@@ -273,7 +274,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000-2002 Internet Software Consortium.
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/host.c

@@ -1,9 +1,12 @@
 /*
- * Copyright (C) 2000-2007, 2009-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
 /*! \file */
@@ -16,13 +19,6 @@
 #include <locale.h>
 #endif
 
-#ifdef WITH_IDN
-#include <idn/result.h>
-#include <idn/log.h>
-#include <idn/resconf.h>
-#include <idn/api.h>
-#endif
-
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
@@ -48,6 +44,7 @@ static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
 static isc_boolean_t default_lookups = ISC_TRUE;
 static int seen_error = -1;
 static isc_boolean_t list_addresses = ISC_TRUE;
+static isc_boolean_t list_almost_all = ISC_FALSE;
 static dns_rdatatype_t list_type = dns_rdatatype_a;
 static isc_boolean_t printed_server = ISC_FALSE;
 static isc_boolean_t ipv4only = ISC_FALSE, ipv6only = ISC_FALSE;
@@ -137,14 +134,16 @@ show_usage(void) ISC_PLATFORM_NORETURN_POST;
 static void
 show_usage(void) {
 	fputs(
-"Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n"
+"Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]\n"
 "            [-R number] [-m flag] hostname [server]\n"
 "       -a is equivalent to -v -t ANY\n"
+"       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
 "       -c specifies query class for non-IN data\n"
 "       -C compares SOA records on authoritative nameservers\n"
 "       -d is equivalent to -v\n"
-"       -l lists all hosts in a domain, using AXFR\n"
 "       -i IP6.INT reverse lookups\n"
+"       -l lists all hosts in a domain, using AXFR\n"
+"       -m set memory debugging flag (trace|record|usage)\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
 "       -r disables recursive processing\n"
 "       -R specifies number of retries for UDP packets\n"
@@ -152,22 +151,21 @@ show_usage(void) {
 "       -t specifies the query type\n"
 "       -T enables TCP/IP mode\n"
 "       -v enables verbose output\n"
+"       -V print version number and exit\n"
 "       -w specifies to wait forever for a reply\n"
 "       -W specifies how long to wait for a reply\n"
 "       -4 use IPv4 query transport only\n"
-"       -6 use IPv6 query transport only\n"
-"       -m set memory debugging flag (trace|record|usage)\n"
-"       -V print version number and exit\n", stderr);
+"       -6 use IPv6 query transport only\n", stderr);
 	exit(1);
 }
 
-void
-dighost_shutdown(void) {
-	isc_app_shutdown();
+static void
+host_shutdown(void) {
+	(void) isc_app_shutdown();
 }
 
-void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+static void
+received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 	isc_time_t now;
 	int diff;
 
@@ -181,7 +179,7 @@ received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 	}
 }
 
-void
+static void
 trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
@@ -223,18 +221,7 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	printf("\n");
 	isc_buffer_free(&b);
 }
-#ifdef DIG_SIGCHASE
-/* Just for compatibility : not use in host program */
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target)
-{
-  UNUSED(owner_name);
-  UNUSED(rdataset);
-  UNUSED(target);
-  return(ISC_FALSE);
-}
-#endif
+
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
 	     const char *section_name, isc_boolean_t headers,
@@ -288,6 +275,11 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 				rdataset->type == dns_rdatatype_ns ||
 				rdataset->type == dns_rdatatype_ptr))))
 				continue;
+			if (list_almost_all &&
+			       (rdataset->type == dns_rdatatype_rrsig ||
+				rdataset->type == dns_rdatatype_nsec ||
+				rdataset->type == dns_rdatatype_nsec3))
+				continue;
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
 							     print_name,
@@ -356,8 +348,9 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 }
 
 static isc_result_t
-printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
-	   const char *set_name, isc_boolean_t headers)
+printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
+	   const dns_name_t *owner, const char *set_name,
+	   isc_boolean_t headers)
 {
 	isc_buffer_t target;
 	isc_result_t result;
@@ -406,11 +399,11 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 	}
 }
 
-isc_result_t
+static isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	isc_boolean_t did_flag = ISC_FALSE;
 	dns_rdataset_t *opt, *tsig = NULL;
-	dns_name_t *tsigname;
+	const dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
 	int force_error;
 
@@ -459,16 +452,14 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		dns_name_t *name;
 
 		/* Add AAAA and MX lookups. */
-		dns_fixedname_init(&fixed);
-		name = dns_fixedname_name(&fixed);
+		name = dns_fixedname_initname(&fixed);
 		dns_name_copy(query->lookup->name, name, NULL);
 		chase_cnamechain(msg, name);
 		dns_name_format(name, namestr, sizeof(namestr));
 		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
+			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
 			lookup->rdtype = dns_rdatatype_aaaa;
 			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
@@ -477,9 +468,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		}
 		lookup = clone_lookup(query->lookup, ISC_FALSE);
 		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
+			strlcpy(lookup->textname, namestr,
 				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
 			lookup->rdtype = dns_rdatatype_mx;
 			lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
@@ -594,7 +584,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	return (result);
 }
 
-static const char * optstring = "46ac:dilnm:rst:vVwCDN:R:TW:";
+static const char * optstring = "46aAc:dilnm:rst:vVwCDN:R:TUW:";
 
 /*% version */
 static void
@@ -631,6 +621,7 @@ pre_parse_args(int argc, char **argv) {
 			ipv6only = ISC_TRUE;
 			break;
 		case 'a': break;
+		case 'A': break;
 		case 'c': break;
 		case 'd': break;
 		case 'i': break;
@@ -722,9 +713,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
 			lookup->rdtypeset = ISC_TRUE;
-#ifdef WITH_IDN
-			idnoptions = 0;
-#endif
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
@@ -734,13 +722,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				lookup->ixfr_serial = serial;
 				lookup->tcp_mode = ISC_TRUE;
 				list_type = rdtype;
-#ifdef WITH_IDN
-			} else if (rdtype == dns_rdatatype_a ||
-				   rdtype == dns_rdatatype_aaaa ||
-				   rdtype == dns_rdatatype_mx) {
-				idnoptions = IDN_ASCCHECK;
-				list_type = rdtype;
-#endif
+			} else if (rdtype == dns_rdatatype_any) {
+				if (!lookup->tcp_mode_set)
+					lookup->tcp_mode = ISC_TRUE;
 			} else
 				list_type = rdtype;
 			list_addresses = ISC_FALSE;
@@ -762,13 +746,13 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			}
 			default_lookups = ISC_FALSE;
 			break;
+		case 'A':
+			list_almost_all = ISC_TRUE;
+			/* FALL THROUGH */
 		case 'a':
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = dns_rdatatype_any;
-#ifdef WITH_IDN
-			idnoptions = 0;
-#endif
 			list_type = dns_rdatatype_any;
 			list_addresses = ISC_FALSE;
 			lookup->rdtypeset = ISC_TRUE;
@@ -803,6 +787,11 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			break;
 		case 'T':
 			lookup->tcp_mode = ISC_TRUE;
+			lookup->tcp_mode_set = ISC_TRUE;
+			break;
+		case 'U':
+			lookup->tcp_mode = ISC_FALSE;
+			lookup->tcp_mode_set = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
@@ -852,14 +841,12 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	lookup->pending = ISC_FALSE;
 	if (get_reverse(store, sizeof(store), hostname,
 			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
-		strncpy(lookup->textname, store, sizeof(lookup->textname));
-		lookup->textname[sizeof(lookup->textname)-1] = 0;
+		strlcpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = ISC_TRUE;
 		default_lookups = ISC_FALSE;
 	} else {
-		strncpy(lookup->textname, hostname, sizeof(lookup->textname));
-		lookup->textname[sizeof(lookup->textname)-1]=0;
+		strlcpy(lookup->textname, hostname, sizeof(lookup->textname));
 		usesearch = ISC_TRUE;
 	}
 	lookup->new_search = ISC_TRUE;
@@ -877,9 +864,12 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(search_list);
 
 	fatalexit = 1;
-#ifdef WITH_IDN
-	idnoptions = IDN_ASCCHECK;
-#endif
+
+	/* setup dighost callbacks */
+	dighost_printmessage = printmessage;
+	dighost_received = received;
+	dighost_trying = trying;
+	dighost_shutdown = host_shutdown;
 
 	debug("main()");
 	progname = argv[0];

bin/dig/host.docbook

@@ -1,15 +1,18 @@
 <!DOCTYPE book [
 <!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
   <info>
     <date>2009-01-20</date>
   </info>
@@ -31,6 +34,9 @@
 
   <docinfo>
     <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
@@ -39,28 +45,26 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2017</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
   </docinfo>
 
   <refsynopsisdiv>
     <cmdsynopsis sepchar=" ">
       <command>host</command>
-      <arg choice="opt" rep="norepeat"><option>-aCdlnrsTwv</option></arg>
+      <arg choice="opt" rep="norepeat"><option>-aACdlnrsTUwv</option></arg>
       <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
       <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-4</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      <group choice="opt" rep="norepeat">
+	<arg choice="opt" rep="norepeat"><option>-4</option></arg>
+	<arg choice="opt" rep="norepeat"><option>-6</option></arg>
+      </group>
       <arg choice="opt" rep="norepeat"><option>-v</option></arg>
       <arg choice="opt" rep="norepeat"><option>-V</option></arg>
       <arg choice="req" rep="norepeat">name</arg>
@@ -130,6 +134,17 @@
 	</listitem>
       </varlistentry>
 
+      <varlistentry>
+	<term>-A</term>
+	<listitem>
+	  <para>
+	    "Almost all". The <option>-A</option> option is equivalent
+	    to <option>-a</option> except RRSIG, NSEC, and NSEC3
+	    records are omitted from the output.
+	  </para>
+	</listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-c <replaceable class="parameter">class</replaceable></term>
 	<listitem>
@@ -282,14 +297,16 @@
 
       <varlistentry>
 	<term>-T</term>
+	<term>-U</term>
 	<listitem>
 	  <para>
-	    TCP:
+	    TCP/UDP:
 	    By default, <command>host</command> uses UDP when making
 	    queries. The <option>-T</option> option makes it use a TCP
 	    connection when querying the name server. TCP will be
 	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.
+	    as zone transfer (AXFR) requests.  Type ANY queries default
+	    to TCP but can be forced to UDP initially using <option>-U</option>.
 	  </para>
 	</listitem>
       </varlistentry>

bin/dig/host.html

@@ -1,20 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004, 2005, 2007-2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
@@ -22,24 +14,56 @@
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
 <a name="man.host"></a><div class="titlepage"></div>
-<div class="refnamediv">
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>host &#8212; DNS lookup utility</p>
+<p>
+    host
+     &#8212; DNS lookup utility
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">host</code> 
+       [<code class="option">-aACdlnrsTUwv</code>]
+       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
+       [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>]
+       [<code class="option">-R <em class="replaceable"><code>number</code></em></code>]
+       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
+       [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>]
+       [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>]
+       [
+	[<code class="option">-4</code>]
+	 |  [<code class="option">-6</code>]
+      ]
+       [<code class="option">-v</code>]
+       [<code class="option">-V</code>]
+       {name}
+       [server]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>host</strong></span>
+
+
+    <p><span class="command"><strong>host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
       When no arguments or options are given,
       <span class="command"><strong>host</strong></span>
       prints a short summary of its command line arguments and options.
     </p>
-<p><em class="parameter"><code>name</code></em> is the domain name that is to be
+
+    <p><em class="parameter"><code>name</code></em> is the domain name that is to be
       looked
       up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
       IPv6 address, in which case <span class="command"><strong>host</strong></span> will by
@@ -51,68 +75,94 @@
       should query instead of the server or servers listed in
       <code class="filename">/etc/resolv.conf</code>.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-4</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Use IPv4 only for query transport.
 	    See also the <code class="option">-6</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-6</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Use IPv6 only for query transport.
 	    See also the <code class="option">-4</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-a</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    "All". The <code class="option">-a</code> option is normally equivalent
 	    to <code class="option">-v -t <code class="literal">ANY</code></code>.
 	    It also affects the behaviour of the <code class="option">-l</code>
 	    list zone option.
-	  </p></dd>
+	  </p>
+	</dd>
+<dt><span class="term">-A</span></dt>
+<dd>
+	  <p>
+	    "Almost all". The <code class="option">-A</code> option is equivalent
+	    to <code class="option">-a</code> except RRSIG, NSEC, and NSEC3
+	    records are omitted from the output.
+	  </p>
+	</dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Query class: This can be used to lookup HS (Hesiod) or CH
 	    (Chaosnet) class resource records. The default class is IN
 	    (Internet).
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-C</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Check consistency: <span class="command"><strong>host</strong></span> will query the
 	    SOA records for zone <em class="parameter"><code>name</code></em> from all
 	    the listed authoritative name servers for that zone. The
 	    list of name servers is defined by the NS records that are
 	    found for the zone.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-d</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print debugging traces.
 	    Equivalent to the <code class="option">-v</code> verbose option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-i</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Obsolete.
 	    Use the IP6.INT domain for reverse lookups of IPv6
 	    addresses as defined in RFC1886 and deprecated in RFC4159.
 	    The default is to use IP6.ARPA as specified in RFC3596.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-l</span></dt>
 <dd>
-<p>
+	  <p>
 	    List zone:
 	    The <span class="command"><strong>host</strong></span> command performs a zone transfer of
 	    zone <em class="parameter"><code>name</code></em> and prints out the NS,
 	    PTR and address records (A/AAAA).
 	  </p>
-<p>
+	  <p>
 	    Together, the <code class="option">-l -a</code>
 	    options print all records in the zone.
 	  </p>
-</dd>
+	</dd>
 <dt><span class="term">-N <em class="replaceable"><code>ndots</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    The number of dots that have to be
 	    in <em class="parameter"><code>name</code></em> for it to be considered
 	    absolute. The default value is that defined using the
@@ -122,9 +172,11 @@
 	    searched for in the domains listed in
 	    the <span class="type">search</span> or <span class="type">domain</span> directive
 	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-r</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Non-recursive query:
 	    Setting this option clears the RD (recursion desired) bit
 	    in the query. This should mean that the name server
@@ -135,30 +187,35 @@
 	    name server by making non-recursive queries and expecting
 	    to receive answers to those queries that can be
 	    referrals to other name servers.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-R <em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Number of retries for UDP queries:
 	    If <em class="parameter"><code>number</code></em> is negative or zero, the
 	    number of retries will default to 1. The default value is
 	    1, or the value of the <em class="parameter"><code>attempts</code></em>
 	    option in <code class="filename">/etc/resolv.conf</code>, if set.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-s</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Do <span class="emphasis"><em>not</em></span> send the query to the next
 	    nameserver if any server responds with a SERVFAIL
 	    response, which is the reverse of normal stub resolver
 	    behavior.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Query type:
 	    The <em class="parameter"><code>type</code></em> argument can be any
 	    recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
 	  </p>
-<p>
+	  <p>
 	    When no query type is specified, <span class="command"><strong>host</strong></span>
 	    automatically selects an appropriate query type. By default, it
 	    looks for A, AAAA, and MX records.
@@ -169,70 +226,86 @@
 	    address, <span class="command"><strong>host</strong></span> will query for PTR
 	    records.
 	  </p>
-<p>
+	  <p>
 	    If a query type of IXFR is chosen the starting serial
 	    number can be specified by appending an equal followed by
 	    the starting serial number
 	    (like <code class="option">-t <code class="literal">IXFR=12345678</code></code>).
 	  </p>
-</dd>
-<dt><span class="term">-T</span></dt>
-<dd><p>
-	    TCP:
+	</dd>
+<dt>
+<span class="term">-T, </span><span class="term">-U</span>
+</dt>
+<dd>
+	  <p>
+	    TCP/UDP:
 	    By default, <span class="command"><strong>host</strong></span> uses UDP when making
 	    queries. The <code class="option">-T</code> option makes it use a TCP
 	    connection when querying the name server. TCP will be
 	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.
-	  </p></dd>
+	    as zone transfer (AXFR) requests.  Type ANY queries default
+	    to TCP but can be forced to UDP initially using <code class="option">-U</code>.
+	  </p>
+	</dd>
 <dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Memory usage debugging: the flag can
 	    be <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em>,
 	    or <em class="parameter"><code>trace</code></em>. You can specify
 	    the <code class="option">-m</code> option more than once to set
 	    multiple flags.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-v</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Verbose output.
 	    Equivalent to the <code class="option">-d</code> debug option.
 	    Verbose output can also be enabled by setting
 	    the <em class="parameter"><code>debug</code></em> option
 	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-V</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Print the version number and exit.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-w</span></dt>
-<dd><p>
+<dd>
+	  <p>
 	    Wait forever: The query timeout is set to the maximum possible.
 	    See also the <code class="option">-W</code> option.
-	  </p></dd>
+	  </p>
+	</dd>
 <dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
 <dd>
-<p>
+	  <p>
 	    Timeout: Wait for up to <em class="parameter"><code>wait</code></em>
 	    seconds for a reply. If <em class="parameter"><code>wait</code></em> is
 	    less than one, the wait interval is set to one second.
 	  </p>
-<p>
+	  <p>
 	    By default, <span class="command"><strong>host</strong></span> will wait for 5
 	    seconds for UDP responses and 10 seconds for TCP
 	    connections. These defaults can be overridden by
 	    the <em class="parameter"><code>timeout</code></em> option
 	    in <code class="filename">/etc/resolv.conf</code>.
 	  </p>
-<p>
+	  <p>
 	    See also the <code class="option">-w</code> option.
 	  </p>
-</dd>
+	</dd>
 </dl></div>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>IDN SUPPORT</h2>
-<p>
+
+    <p>
       If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
       <span class="command"><strong>host</strong></span> appropriately converts character encoding of
@@ -243,17 +316,26 @@
       The IDN support is disabled if the variable is set when
       <span class="command"><strong>host</strong></span> runs.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
+
+    <p><code class="filename">/etc/resolv.conf</code>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>.
     </p>
-</div>
+  </div>
+
 </div></body>
 </html>

bin/dig/include/dig/dig.h

@@ -1,9 +1,12 @@
 /*
- * Copyright (C) 2000-2009, 2011-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
 #ifndef DIG_H
@@ -26,6 +29,10 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
+#ifdef __APPLE__
+#include <TargetConditionals.h>
+#endif
+
 #define MXSERV 20
 #define MXNAME (DNS_NAME_MAXTEXT+1)
 #define MXRD 32
@@ -64,27 +71,11 @@
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
-/*
- * Defaults for the sigchase suboptions.  Consolidated here because
- * these control the layout of dig_lookup_t (among other things).
- */
-#ifdef DIG_SIGCHASE
-#ifndef DIG_SIGCHASE_BU
-#define DIG_SIGCHASE_BU 1
-#endif
-#ifndef DIG_SIGCHASE_TD
-#define DIG_SIGCHASE_TD 1
-#endif
-#endif
-
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
-#ifdef DIG_SIGCHASE
-typedef struct dig_message dig_message_t;
-#endif
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
@@ -103,6 +94,8 @@ struct dig_lookup {
 		aaonly,
 		adflag,
 		cdflag,
+		raflag,
+		tcflag,
 		zflag,
 		trace, /*% dig +trace */
 		trace_root, /*% initial query for either +trace or +nssearch */
@@ -126,42 +119,35 @@ struct dig_lookup {
 		seenbadcookie,
 		badcookie,
 		nsid,   /*% Name Server ID (RFC 5001) */
+		tcp_keepalive,
 		header_only,
 		ednsneg,
 		mapped,
-		print_unknown_format;
-#ifdef DIG_SIGCHASE
-isc_boolean_t	sigchase;
-#if DIG_SIGCHASE_TD
-	isc_boolean_t do_topdown,
-		trace_root_sigchase,
-		rdtype_sigchaseset,
-		rdclass_sigchaseset;
-	/* Name we are going to validate RRset */
-	char textnamesigchase[MXNAME];
-#endif
-#endif
-
+		print_unknown_format,
+		multiline,
+		nottl,
+		noclass,
+		onesoa,
+		use_usec,
+		nocrypto,
+		ttlunits,
+		idnin,
+		idnout,
+		qr;
 	char textname[MXNAME]; /*% Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
-#if DIG_SIGCHASE_TD
-	dns_rdatatype_t rdtype_sigchase;
-	dns_rdatatype_t qrdtype_sigchase;
-	dns_rdataclass_t rdclass_sigchase;
-#endif
 	dns_rdataclass_t rdclass;
 	isc_boolean_t rdtypeset;
 	isc_boolean_t rdclassset;
-	char namespace[BUFSIZE];
-	char onamespace[BUFSIZE];
+	char name_space[BUFSIZE];
+	char oname_space[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
 	isc_buffer_t renderbuf;
 	char *sendspace;
 	dns_name_t *name;
-	isc_timer_t *timer;
 	isc_interval_t interval;
 	dns_message_t *sendmsg;
 	dns_name_t *oname;
@@ -176,6 +162,7 @@ isc_boolean_t	sigchase;
 	int nsfound;
 	isc_uint16_t udpsize;
 	isc_int16_t edns;
+	isc_int16_t padding;
 	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
@@ -190,6 +177,8 @@ isc_boolean_t	sigchase;
 	isc_dscp_t dscp;
 	unsigned int ednsflags;
 	dns_opcode_t opcode;
+	int rrcomments;
+	unsigned int eoferr;
 };
 
 /*% The dig_query structure */
@@ -203,7 +192,8 @@ struct dig_query {
 		second_rr_rcvd,
 		first_repeat_rcvd,
 		recv_made,
-		warn_id;
+		warn_id,
+		timedout;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
 	isc_uint32_t msg_count;
@@ -228,6 +218,7 @@ struct dig_query {
 	isc_time_t time_recv;
 	isc_uint64_t byte_count;
 	isc_buffer_t sendbuf;
+	isc_timer_t *timer;
 };
 
 struct dig_server {
@@ -240,12 +231,6 @@ struct dig_searchlist {
 	char origin[MXNAME];
 	ISC_LINK(dig_searchlist_t) link;
 };
-#ifdef DIG_SIGCHASE
-struct dig_message {
-		dns_message_t *msg;
-		ISC_LINK(dig_message_t) link;
-};
-#endif
 
 typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
 typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
@@ -260,7 +245,7 @@ extern dig_searchlistlist_t search_list;
 extern unsigned int extrabytes;
 
 extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
-	usesearch, showsearch, qr;
+	usesearch, showsearch;
 extern in_port_t port;
 extern unsigned int timeout;
 extern isc_mem_t *mctx;
@@ -272,12 +257,9 @@ extern isc_sockaddr_t bind_address;
 extern char keynametext[MXNAME];
 extern char keyfile[MXNAME];
 extern char keysecret[MXNAME];
-extern dns_name_t *hmacname;
+extern const dns_name_t *hmacname;
 extern unsigned int digestbits;
-#ifdef DIG_SIGCHASE
-extern char trustedkey[MXNAME];
-#endif
-extern dns_tsigkey_t *key;
+extern dns_tsigkey_t *tsigkey;
 extern isc_boolean_t validated;
 extern isc_taskmgr_t *taskmgr;
 extern isc_task_t *global_task;
@@ -289,9 +271,6 @@ extern char *progname;
 extern int tries;
 extern int fatalexit;
 extern isc_boolean_t verbose;
-#ifdef WITH_IDN
-extern int idnoptions;
-#endif
 
 /*
  * Routines in dighost.c.
@@ -310,6 +289,13 @@ ISC_PLATFORM_NORETURN_PRE void
 fatal(const char *format, ...)
 ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
+void
+warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+
+ISC_PLATFORM_NORETURN_PRE void
+digexit(void)
+ISC_PLATFORM_NORETURN_POST;
+
 void
 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
@@ -385,56 +371,73 @@ destroy_libs(void);
 void
 set_search_domain(char *domain);
 
-#ifdef DIG_SIGCHASE
-void
-clean_trustedkey(void);
-#endif
-
 /*
- * Routines to be defined in dig.c, host.c, and nslookup.c.
+ * Routines to be defined in dig.c, host.c, and nslookup.c. and
+ * then assigned to the appropriate function pointer
  */
-#ifdef DIG_SIGCHASE
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target);
-#endif
-
-isc_result_t
-printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
+extern isc_result_t
+(*dighost_printmessage)(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
 /*%<
  * Print the final result of the lookup.
  */
 
-void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
+extern void
+(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query);
 /*%<
  * Print a message about where and when the response
  * was received from, like the final comment in the
  * output of "dig".
  */
 
-void
-trying(char *frm, dig_lookup_t *lookup);
+extern void
+(*dighost_trying)(char *frm, dig_lookup_t *lookup);
 
-void
-dighost_shutdown(void);
+extern void
+(*dighost_shutdown)(void);
 
-char *
-next_token(char **stringp, const char *delim);
-
-#ifdef DIG_SIGCHASE
-/* Chasing functions */
-dns_rdataset_t *
-chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
-void
-chase_sig(dns_message_t *msg);
-#endif
+extern void
+(*dighost_pre_exit_hook)(void);
 
 void save_opt(dig_lookup_t *lookup, char *code, char *value);
 
 void setup_file_key(void);
 void setup_text_key(void);
 
+/*
+ * Routines exported from dig.c for use by dig for iOS
+ */
+
+/*%<
+ * Call once only to set up libraries, parse global
+ * parameters and initial command line query parameters
+ */
+void
+dig_setup(int argc, char **argv);
+
+/*%<
+ * Call to supply new parameters for the next lookup
+ */
+void
+dig_query_setup(isc_boolean_t, isc_boolean_t, int argc, char **argv);
+
+/*%<
+ * set the main application event cycle running
+ */
+void
+dig_startup(void);
+
+/*%<
+ * Initiates the next lookup cycle
+ */
+void
+dig_query_start(void);
+
+/*%<
+ * Cleans up the application
+ */
+void
+dig_shutdown(void);
+
 ISC_LANG_ENDDECLS
 
 #endif

bin/dig/nslookup.1

@@ -1,16 +1,8 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
+.\" This Source Code Form is subject to the terms of the Mozilla Public
+.\" License, v. 2.0. If a copy of the MPL was not distributed with this
+.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
 .\"
 .hy 0
 .ad l
@@ -197,7 +189,7 @@ The class specifies the protocol group of the information\&.
 (Default = IN; abbreviation = cl)
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
+\fB\fI[no]\fR\fR\fBdebug\fR
 .RS 4
 Turn on or off the display of the full response packet and any intermediate response packets when searching\&.
 .sp
@@ -205,7 +197,7 @@ Turn on or off the display of the full response packet and any intermediate resp
 [no]deb)
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
+\fB\fI[no]\fR\fR\fBd2\fR
 .RS 4
 Turn debugging mode on or off\&. This displays more about what nslookup is doing\&.
 .sp
@@ -218,7 +210,7 @@ Sets the search list to
 \fIname\fR\&.
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
+\fB\fI[no]\fR\fR\fBsearch\fR
 .RS 4
 If the lookup request contains at least one period but doesn\*(Aqt end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&.
 .sp
@@ -244,7 +236,7 @@ Change the type of the information query\&.
 (Default = A; abbreviations = q, ty)
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
+\fB\fI[no]\fR\fR\fBrecurse\fR
 .RS 4
 Tell the name server to query other servers if it does not have the information\&.
 .sp
@@ -266,14 +258,14 @@ Set the number of retries to number\&.
 Change the initial timeout interval for waiting for a reply to number seconds\&.
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBvc\fR
+\fB\fI[no]\fR\fR\fBvc\fR
 .RS 4
 Always use a virtual circuit when sending requests to the server\&.
 .sp
 (Default = novc)
 .RE
 .PP
-\fB \fR\fB\fI[no]\fR\fR\fBfail\fR
+\fB\fI[no]\fR\fR\fBfail\fR
 .RS 4
 Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response\&.
 .sp
@@ -298,5 +290,5 @@ returns with an exit status of 1 if any query failed, and 0 otherwise\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -1,9 +1,12 @@
 /*
- * Copyright (C) 2000-2016  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  *
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
  */
 
 #include <config.h>
@@ -18,7 +21,6 @@
 #include <isc/parseint.h>
 #include <isc/print.h>
 #include <isc/string.h>
-#include <isc/timer.h>
 #include <isc/util.h>
 #include <isc/task.h>
 #include <isc/netaddr.h>
@@ -36,17 +38,29 @@
 #include <dig/dig.h>
 
 #if defined(HAVE_READLINE)
+#if defined(HAVE_EDIT_READLINE_READLINE_H)
+#include <edit/readline/readline.h>
+#if defined(HAVE_EDIT_READLINE_HISTORY_H)
+#include <edit/readline/history.h>
+#endif
+#elif defined(HAVE_EDITLINE_READLINE_H)
+#include <editline/readline.h>
+#elif defined(HAVE_READLINE_READLINE_H)
 #include <readline/readline.h>
+#if defined (HAVE_READLINE_HISTORY_H)
 #include <readline/history.h>
 #endif
+#endif
+#endif
 
 static isc_boolean_t short_form = ISC_TRUE,
-	tcpmode = ISC_FALSE,
+	tcpmode = ISC_FALSE, tcpmode_set = ISC_FALSE,
 	identify = ISC_FALSE, stats = ISC_TRUE,
 	comments = ISC_TRUE, section_question = ISC_TRUE,
 	section_answer = ISC_TRUE, section_authority = ISC_TRUE,
 	section_additional = ISC_TRUE, recurse = ISC_TRUE,
-	aaonly = ISC_FALSE, nofail = ISC_TRUE;
+	aaonly = ISC_FALSE, nofail = ISC_TRUE,
+	default_lookups = ISC_TRUE, a_noanswer = ISC_FALSE;
 
 static isc_boolean_t interactive;
 
@@ -145,8 +159,8 @@ rcode_totext(dns_rcode_t rcode)
 	return totext.deconsttext;
 }
 
-void
-dighost_shutdown(void) {
+static void
+query_finished(void) {
 	isc_event_t *event = global_event;
 
 	flush_lookup_list();
@@ -182,9 +196,9 @@ printsoa(dns_rdata_t *rdata) {
 }
 
 static void
-printa(dns_rdata_t *rdata) {
+printaddr(dns_rdata_t *rdata) {
 	isc_result_t result;
-	char text[sizeof("255.255.255.255")];
+	char text[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
 	isc_buffer_t b;
 
 	isc_buffer_init(&b, text, sizeof(text));
@@ -193,18 +207,7 @@ printa(dns_rdata_t *rdata) {
 	printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b),
 	       (char *)isc_buffer_base(&b));
 }
-#ifdef DIG_SIGCHASE
-/* Just for compatibility : not use in host program */
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target)
-{
-	UNUSED(owner_name);
-	UNUSED(rdataset);
-	UNUSED(target);
-	return(ISC_FALSE);
-}
-#endif
+
 static void
 printrdata(dns_rdata_t *rdata) {
 	isc_result_t result;
@@ -264,12 +267,13 @@ printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 				dns_rdataset_current(rdataset, &rdata);
 				switch (rdata.type) {
 				case dns_rdatatype_a:
+				case dns_rdatatype_aaaa:
 					if (section != DNS_SECTION_ANSWER)
 						goto def_short_section;
 					dns_name_format(name, namebuf,
 							sizeof(namebuf));
 					printf("Name:\t%s\n", namebuf);
-					printa(&rdata);
+					printaddr(&rdata);
 					break;
 				case dns_rdatatype_soa:
 					dns_name_format(name, namebuf,
@@ -385,22 +389,46 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 	return (ISC_R_SUCCESS);
 }
 
-void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
+static void
+received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query)
 {
 	UNUSED(bytes);
 	UNUSED(from);
 	UNUSED(query);
 }
 
-void
+static void
 trying(char *frm, dig_lookup_t *lookup) {
 	UNUSED(frm);
 	UNUSED(lookup);
-
 }
 
-isc_result_t
+static void
+chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
+	isc_result_t result;
+	dns_rdataset_t *rdataset;
+	dns_rdata_cname_t cname;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
+
+	while (i-- > 0) {
+		rdataset = NULL;
+		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
+				dns_rdatatype_cname, 0, NULL, &rdataset);
+		if (result != ISC_R_SUCCESS)
+			return;
+		result = dns_rdataset_first(rdataset);
+		check_result(result, "dns_rdataset_first");
+		dns_rdata_reset(&rdata);
+		dns_rdataset_current(rdataset, &rdata);
+		result = dns_rdata_tostruct(&rdata, &cname, NULL);
+		check_result(result, "dns_rdata_tostruct");
+		dns_name_copy(&cname.cname, qname, NULL);
+		dns_rdata_freestruct(&cname);
+	}
+}
+
+static isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	char servtext[ISC_SOCKADDR_FORMATSIZE];
 
@@ -409,11 +437,13 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 
 	debug("printmessage()");
 
-	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
-	printf("Server:\t\t%s\n", query->userarg);
-	printf("Address:\t%s\n", servtext);
+	if(!default_lookups || query->lookup->rdtype == dns_rdatatype_a) {
+		isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
+		printf("Server:\t\t%s\n", query->userarg);
+		printf("Address:\t%s\n", servtext);
 
-	puts("");
+		puts("");
+	}
 
 	if (!short_form) {
 		puts("------------");
@@ -438,16 +468,48 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		return (ISC_R_SUCCESS);
 	}
 
-	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0)
+	if ( default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
+		char namestr[DNS_NAME_FORMATSIZE];
+		dig_lookup_t *lookup;
+		dns_fixedname_t fixed;
+		dns_name_t *name;
+
+		/* Add AAAA lookup. */
+		name = dns_fixedname_initname(&fixed);
+		dns_name_copy(query->lookup->name, name, NULL);
+		chase_cnamechain(msg, name);
+		dns_name_format(name, namestr, sizeof(namestr));
+		lookup = clone_lookup(query->lookup, ISC_FALSE);
+		if (lookup != NULL) {
+			strlcpy(lookup->textname, namestr,
+				sizeof(lookup->textname));
+			lookup->rdtype = dns_rdatatype_aaaa;
+			lookup->rdtypeset = ISC_TRUE;
+			lookup->origin = NULL;
+			lookup->retries = tries;
+			ISC_LIST_APPEND(lookup_list, lookup, link);
+		}
+	}
+
+	if ((msg->flags & DNS_MESSAGEFLAG_AA) == 0 &&
+	    ( !default_lookups || query->lookup->rdtype == dns_rdatatype_a) )
 		puts("Non-authoritative answer:");
 	if (!ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER]))
 		printsection(query, msg, headers, DNS_SECTION_ANSWER);
-	else
-		printf("*** Can't find %s: No answer\n",
-		       query->lookup->textname);
+	else {
+		if (default_lookups && query->lookup->rdtype == dns_rdatatype_a)
+			a_noanswer = ISC_TRUE;
+
+		else if (!default_lookups ||
+			 (query->lookup->rdtype == dns_rdatatype_aaaa &&
+			 a_noanswer ) )
+			printf("*** Can't find %s: No answer\n",
+				query->lookup->textname);
+	}
 
 	if (((msg->flags & DNS_MESSAGEFLAG_AA) == 0) &&
-	    (query->lookup->rdtype != dns_rdatatype_a)) {
+	    (query->lookup->rdtype != dns_rdatatype_a) &&
+	    (query->lookup->rdtype != dns_rdatatype_aaaa) ) {
 		puts("\nAuthoritative answers can be found from:");
 		printsection(query, msg, headers,
 			     DNS_SECTION_AUTHORITY);
@@ -489,7 +551,7 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	printf("  %s\t\t%s\n",
 	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
+	printf("  timeout = %u\t\tretry = %d\tport = %u\tndots = %d\n",
 	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
@@ -576,7 +638,12 @@ version(void) {
 
 static void
 setoption(char *opt) {
-	if (strncasecmp(opt, "all", 3) == 0) {
+	size_t l = strlen(opt);
+
+#define CHECKOPT(A, N) \
+	((l >= N) && (l < sizeof(A)) && (strncasecmp(opt, A, l) == 0))
+
+	if (CHECKOPT("all", 3)) {
 		show_settings(ISC_TRUE, ISC_FALSE);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
 		if (testclass(&opt[6]))
@@ -585,23 +652,35 @@ setoption(char *opt) {
 		if (testclass(&opt[3]))
 			strlcpy(defclass, &opt[3], sizeof(defclass));
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
-		if (testtype(&opt[5]))
+		if (testtype(&opt[5])) {
 			strlcpy(deftype, &opt[5], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
-		if (testtype(&opt[3]))
+		if (testtype(&opt[3])) {
 			strlcpy(deftype, &opt[3], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
-		if (testtype(&opt[10]))
+		if (testtype(&opt[10])) {
 			strlcpy(deftype, &opt[10], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
-		if (testtype(&opt[6]))
+		if (testtype(&opt[6])) {
 			strlcpy(deftype, &opt[6], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "qu=", 3) == 0) {
-		if (testtype(&opt[3]))
+		if (testtype(&opt[3])) {
 			strlcpy(deftype, &opt[3], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "q=", 2) == 0) {
-		if (testtype(&opt[2]))
+		if (testtype(&opt[2])) {
 			strlcpy(deftype, &opt[2], sizeof(deftype));
+			default_lookups = ISC_FALSE;
+		}
 	} else if (strncasecmp(opt, "domain=", 7) == 0) {
 		strlcpy(domainopt, &opt[7], sizeof(domainopt));
 		set_search_domain(domainopt);
@@ -618,41 +697,43 @@ setoption(char *opt) {
 		set_timeout(&opt[8]);
 	} else if (strncasecmp(opt, "t=", 2) == 0) {
 		set_timeout(&opt[2]);
-	} else if (strncasecmp(opt, "rec", 3) == 0) {
+	} else if (CHECKOPT("recurse", 3)) {
 		recurse = ISC_TRUE;
-	} else if (strncasecmp(opt, "norec", 5) == 0) {
+	} else if (CHECKOPT("norecurse", 5)) {
 		recurse = ISC_FALSE;
 	} else if (strncasecmp(opt, "retry=", 6) == 0) {
 		set_tries(&opt[6]);
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
 		set_tries(&opt[4]);
-	} else if (strncasecmp(opt, "def", 3) == 0) {
+	} else if (CHECKOPT("defname", 3)) {
 		usesearch = ISC_TRUE;
-	} else if (strncasecmp(opt, "nodef", 5) == 0) {
+	} else if (CHECKOPT("nodefname", 5)) {
 		usesearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "vc", 3) == 0) {
+	} else if (CHECKOPT("vc", 2)) {
 		tcpmode = ISC_TRUE;
-	} else if (strncasecmp(opt, "novc", 5) == 0) {
+		tcpmode_set = ISC_TRUE;
+	} else if (CHECKOPT("novc", 4)) {
 		tcpmode = ISC_FALSE;
-	} else if (strncasecmp(opt, "deb", 3) == 0) {
+		tcpmode_set = ISC_TRUE;
+	} else if (CHECKOPT("debug", 3)) {
 		short_form = ISC_FALSE;
 		showsearch = ISC_TRUE;
-	} else if (strncasecmp(opt, "nodeb", 5) == 0) {
+	} else if (CHECKOPT("nodebug", 5)) {
 		short_form = ISC_TRUE;
 		showsearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "d2", 2) == 0) {
+	} else if (CHECKOPT("d2", 2)) {
 		debugging = ISC_TRUE;
-	} else if (strncasecmp(opt, "nod2", 4) == 0) {
+	} else if (CHECKOPT("nod2", 4)) {
 		debugging = ISC_FALSE;
-	} else if (strncasecmp(opt, "search", 3) == 0) {
+	} else if (CHECKOPT("search", 3)) {
 		usesearch = ISC_TRUE;
-	} else if (strncasecmp(opt, "nosearch", 5) == 0) {
+	} else if (CHECKOPT("nosearch", 5)) {
 		usesearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "sil", 3) == 0) {
+	} else if (CHECKOPT("sil", 3)) {
 		/* deprecation_msg = ISC_FALSE; */
-	} else if (strncasecmp(opt, "fail", 3) == 0) {
+	} else if (CHECKOPT("fail", 3)) {
 		nofail=ISC_FALSE;
-	} else if (strncasecmp(opt, "nofail", 3) == 0) {
+	} else if (CHECKOPT("nofail", 5)) {
 		nofail=ISC_TRUE;
 	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
 		set_ndots(&opt[6]);
@@ -671,6 +752,9 @@ addlookup(char *opt) {
 	char store[MXNAME];
 
 	debug("addlookup()");
+
+	a_noanswer = ISC_FALSE;
+
 	tr.base = deftype;
 	tr.length = strlen(deftype);
 	result = dns_rdatatype_fromtext(&rdtype, &tr);
@@ -707,7 +791,10 @@ addlookup(char *opt) {
 	lookup->retries = tries;
 	lookup->udpsize = 0;
 	lookup->comments = comments;
-	lookup->tcp_mode = tcpmode;
+	if (lookup->rdtype == dns_rdatatype_any && !tcpmode_set)
+		lookup->tcp_mode = ISC_TRUE;
+	else
+		lookup->tcp_mode = tcpmode;
 	lookup->stats = stats;
 	lookup->section_question = section_question;
 	lookup->section_answer = section_answer;
@@ -726,12 +813,12 @@ addlookup(char *opt) {
 
 static void
 do_next_command(char *input) {
-	char *ptr, *arg;
+	char *ptr, *arg, *last;
 
-	ptr = next_token(&input, " \t\r\n");
-	if (ptr == NULL)
+	if ((ptr = strtok_r(input, " \t\r\n", &last)) == NULL) {
 		return;
-	arg = next_token(&input, " \t\r\n");
+	}
+	arg = strtok_r(NULL, " \t\r\n", &last);
 	if ((strcasecmp(ptr, "set") == 0) &&
 	    (arg != NULL))
 		setoption(arg);
@@ -857,8 +944,6 @@ flush_lookup_list(void) {
 		}
 		if (l->sendmsg != NULL)
 			dns_message_destroy(&l->sendmsg);
-		if (l->timer != NULL)
-			isc_timer_detach(&l->timer);
 		lp = l;
 		l = ISC_LIST_NEXT(l, link);
 		ISC_LIST_DEQUEUE(lookup_list, lp, link);
@@ -893,6 +978,12 @@ main(int argc, char **argv) {
 
 	check_ra = ISC_TRUE;
 
+	/* setup dighost callbacks */
+	dighost_printmessage = printmessage;
+	dighost_received = received;
+	dighost_trying = trying;
+	dighost_shutdown = query_finished;
+
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
 

bin/dig/nslookup.docbook

@@ -1,9 +1,12 @@
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2016  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
  -
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ -
+ - See the COPYRIGHT file distributed with this work for additional
+ - information regarding copyright ownership.
 -->
 
 <!--
@@ -35,7 +38,7 @@
  - SUCH DAMAGE.
 -->
 <!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns="http://docbook.org/ns/docbook" version="5.0">
+<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.nslookup">
   <info>
     <date>2014-01-24</date>
   </info>
@@ -66,6 +69,8 @@
       <year>2014</year>
       <year>2015</year>
       <year>2016</year>
+      <year>2017</year>
+      <year>2018</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -308,8 +313,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>debug</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
 		    Turn on or off the display of the full response packet and
@@ -322,8 +326,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>d2</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
                 <listitem>
                   <para>
                     Turn debugging mode on or off.  This displays more about
@@ -345,8 +348,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>search</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>search</constant></term>
                 <listitem>
                   <para>
                     If the lookup request contains at least one period but
@@ -392,8 +394,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>recurse</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>recurse</constant></term>
                 <listitem>
                   <para>
                     Tell the name server to query other servers if it does not
@@ -437,8 +438,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>vc</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>vc</constant></term>
                 <listitem>
                   <para>
                     Always use a virtual circuit when sending requests to the
@@ -451,8 +451,7 @@ nslookup -query=hinfo  -timeout=10
               </varlistentry>
 
               <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>fail</constant></term>
+                <term><constant><replaceable><optional>no</optional></replaceable>fail</constant></term>
                 <listitem>
                   <para>
 		    Try the next nameserver if a nameserver responds with

bin/dig/nslookup.html

@@ -1,37 +1,48 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
+ - This Source Code Form is subject to the terms of the Mozilla Public
+ - License, v. 2.0. If a copy of the MPL was not distributed with this
+ - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
-<html>
+<html lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="id-1"></a><div class="titlepage"></div>
-<div class="refnamediv">
+<a name="man.nslookup"></a><div class="titlepage"></div>
+  
+  
+
+  
+
+  <div class="refnamediv">
 <h2>Name</h2>
-<p>nslookup &#8212; query Internet name servers interactively</p>
+<p>
+    nslookup
+     &#8212; query Internet name servers interactively
+  </p>
 </div>
-<div class="refsynopsisdiv">
+
+  
+
+  <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
-</div>
-<div class="refsection">
+    <div class="cmdsynopsis"><p>
+      <code class="command">nslookup</code> 
+       [<code class="option">-option</code>]
+       [name | -]
+       [server]
+    </p></div>
+  </div>
+
+  <div class="refsection">
 <a name="id-1.7"></a><h2>DESCRIPTION</h2>
-<p><span class="command"><strong>Nslookup</strong></span>
+
+    <p><span class="command"><strong>Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span class="command"><strong>Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
       the user to query name servers for information about various hosts and
@@ -40,29 +51,37 @@
       used to print just the name and requested information for a host or
       domain.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.8"></a><h2>ARGUMENTS</h2>
-<p>
+
+    <p>
       Interactive mode is entered in the following cases:
       </p>
 <div class="orderedlist"><ol class="orderedlist" type="a">
-<li class="listitem"><p>
+<li class="listitem">
+          <p>
             when no arguments are given (the default name server will be used)
-          </p></li>
-<li class="listitem"><p>
+          </p>
+        </li>
+<li class="listitem">
+          <p>
             when the first argument is a hyphen (-) and the second argument is
             the host name or Internet address of a name server.
-          </p></li>
+          </p>
+        </li>
 </ol></div>
 <p>
     </p>
-<p>
+
+    <p>
       Non-interactive mode is used when the name or Internet address of the
       host to be looked up is given as the first argument. The optional second
       argument specifies the host name or address of a name server.
     </p>
-<p>
+
+    <p>
       Options can also be specified on the command line if they precede the
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
@@ -75,246 +94,293 @@ nslookup -query=hinfo  -timeout=10
 <p>
       
     </p>
-<p>
+    <p>
       The <code class="option">-version</code> option causes
       <span class="command"><strong>nslookup</strong></span> to print the version
       number and immediately exits.
     </p>
-</div>
-<div class="refsection">
+
+  </div>
+
+  <div class="refsection">
 <a name="id-1.9"></a><h2>INTERACTIVE COMMANDS</h2>
-<div class="variablelist"><dl class="variablelist">
+
+    <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
 <dd>
-<p>
+          <p>
             Look up information for host using the current default server or
             using server, if specified.  If host is an Internet address and
             the query type is A or PTR, the name of the host is returned.
             If host is a name and does not have a trailing period, the
             search list is used to qualify the name.
           </p>
-<p>
+
+          <p>
             To look up a host not in the current domain, append a period to
             the name.
           </p>
-</dd>
+        </dd>
 <dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p></p></dd>
+<dd>
+          <p></p>
+        </dd>
 <dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
+<dd>
+          <p>
             Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
             server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
             the current default server.  If an authoritative answer can't be
             found, the names of servers that might have the answer are
             returned.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">root</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">finger</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">ls</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">view</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">help</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">?</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             not implemented
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">exit</code></span></dt>
-<dd><p>
+<dd>
+          <p>
             Exits the program.
-          </p></dd>
+          </p>
+        </dd>
 <dt><span class="term"><code class="constant">set</code>
           <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
 <dd>
-<p>
+          <p>
             This command is used to change state information that affects
             the lookups.  Valid keywords are:
             </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">all</code></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Prints the current values of the frequently used
                     options to <span class="command"><strong>set</strong></span>.
                     Information about the  current default
                     server and host is also printed.
-                  </p></dd>
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the query class to one of:
                     </p>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">IN</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Internet class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">CH</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Chaos class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">HS</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             the Hesiod class
-                          </p></dd>
+                          </p>
+                        </dd>
 <dt><span class="term"><code class="constant">ANY</code></span></dt>
-<dd><p>
+<dd>
+                          <p>
                             wildcard
-                          </p></dd>
+                          </p>
+                        </dd>
 </dl></div>
 <p>
                     The class specifies the protocol group of the information.
 
                   </p>
-<p>
+		  <p>
                     (Default = IN; abbreviation = cl)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
-<p>
+                  <p>
 		    Turn on or off the display of the full response packet and
 		    any intermediate response packets when searching.
                   </p>
-<p>
+		  <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Turn debugging mode on or off.  This displays more about
 	            what nslookup is doing.
                   </p>
-<p>
+		  <p>
                     (Default = nod2)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
-                    Sets the search list to <em class="replaceable"><code>name</code></em>.
-                  </p></dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
 <dd>
-<p>
+                  <p>
+                    Sets the search list to <em class="replaceable"><code>name</code></em>.
+                  </p>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+                  <p>
                     If the lookup request contains at least one period but
                     doesn't end with a trailing period, append the domain
                     names in the domain search list to the request until an
                     answer is received.
                   </p>
-<p>
+		  <p>
                     (Default = search)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
                   </p>
-<p>
+		  <p>
                     (Default = 53; abbreviation = po)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd><p></p></dd>
+<dd>
+                  <p></p>
+                </dd>
 <dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
-<p>
+                  <p>
                     Change the type of the information query.
                   </p>
-<p>
+		  <p>
                     (Default = A; abbreviations = q, ty)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Tell the name server to query other servers if it does not
                     have the
                     information.
                   </p>
-<p>
+		  <p>
                     (Default = recurse; abbreviation = [no]rec)
                   </p>
-</dd>
+                </dd>
 <dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+                  <p>
 		    Set the number of dots (label separators) in a domain
 		    that will disable searching.  Absolute names always
 		    stop searching.
-                  </p></dd>
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Set the number of retries to number.
-                  </p></dd>
+                  </p>
+                </dd>
 <dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
+<dd>
+                  <p>
                     Change the initial timeout interval for waiting for a
                     reply to number seconds.
-                  </p></dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+                  </p>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
 <dd>
-<p>
+                  <p>
                     Always use a virtual circuit when sending requests to the
                     server.
                   </p>
-<p>
+		  <p>
                     (Default = novc)
                   </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
+                </dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
 <dd>
-<p>
+                  <p>
 		    Try the next nameserver if a nameserver responds with
 		    SERVFAIL or a referral (nofail) or terminate query
 		    (fail) on such a response.
 		  </p>
-<p>
+		  <p>
                     (Default = nofail)
                   </p>
-</dd>
+	        </dd>
 </dl></div>
 <p>
           </p>
-</dd>
+        </dd>
 </dl></div>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.10"></a><h2>RETURN VALUES</h2>
-<p>
+    <p>
       <span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
       if any query failed, and 0 otherwise.
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.11"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
+
+    <p><code class="filename">/etc/resolv.conf</code>
     </p>
-</div>
-<div class="refsection">
+  </div>
+
+  <div class="refsection">
 <a name="id-1.12"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+
+    <p><span class="citerefentry">
+        <span class="refentrytitle">dig</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">host</span>(1)
+      </span>,
+      <span class="citerefentry">
+        <span class="refentrytitle">named</span>(8)
+      </span>.
     </p>
-</div>
+  </div>
 </div></body>
 </html>

bin/dig/win32/dig.dsp.in

@@ -1,107 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dig" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "@PLATFORM@ (x86) Console Application" 0x0103
-
-CFG=dig - @PLATFORM@ Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dig.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dig.mak" CFG="dig - @PLATFORM@ Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dig - @PLATFORM@ Release" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE "dig - @PLATFORM@ Debug" (based on "@PLATFORM@ (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dig - @PLATFORM@ Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 @COPTX@ @COPTI@ /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD CPP /nologo /MD /W3 @COPTX@ @COPTI@ /O2 /I "./" /I "../include" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ @IDN_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console @MACHINE@
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib @IDN_LIB@ /nologo /subsystem:console @MACHINE@ /out:"../../../Build/Release/dig.exe"
-
-!ELSEIF  "$(CFG)" == "dig - @PLATFORM@ Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" @COPTY@ /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm @COPTX@ @COPTI@ /ZI /Od /I "./" /I "../include" /I "../../../" @LIBXML2_INC@ @OPENSSL_INC@ @IDN_INC@ /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /u @COPTY@
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug @MACHINE@ /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib @IDN_LIB@ /nologo /subsystem:console /debug @MACHINE@ /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dig - @PLATFORM@ Release"
-# Name "dig - @PLATFORM@ Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=..\dig.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\include\dig\dig.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project