9.4-ESV-R2

from unsigned zones. [RT #21131]

COPYRIGHT

@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.16 2010/01/04 23:48:51 tbox Exp $
+$Id: COPYRIGHT,v 1.9.18.7 2010/01/07 23:46:07 tbox Exp $
 
 Portions Copyright (C) 1996-2001  Nominum, Inc.
 

FAQ

@@ -1,6 +1,6 @@
 Frequently Asked Questions about BIND 9
 
-Copyright © 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright © 2004-2009 Internet Systems Consortium, Inc. ("ISC")
 
 Copyright © 2000-2003 Internet Software Consortium.
 
@@ -244,7 +244,7 @@ A: You choose one view to be master and the second a slave and transfer
                            type master;
                            file "internal/example.db";
                            allow-update { key mykey; };
-                           also-notify { 10.0.1.1; };
+                           notify-also { 10.0.1.1; };
                    };
            };
 
@@ -254,7 +254,7 @@ A: You choose one view to be master and the second a slave and transfer
                            type slave;
                            file "external/example.db";
                            masters { 10.0.1.1; };
-                           transfer-source 10.0.1.1;
+                           transfer-source { 10.0.1.1; };
                            // allow-update-forwarding { any; };
                            // allow-notify { ... };
                    };
@@ -784,22 +784,6 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
    See these man-pages for more information : selinux(8), named_selinux
    (8), chcon(1), setsebool(8)
 
-Q: I'm running BIND on Ubuntu -
-
-   Why can't named update slave zone database files?
-
-   Why can't named create DDNS journal files or update the master zones
-   from journals?
-
-   Why can't named create custom log files?
-
-A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
-   addition to normal file system permissions to protect the system.
-
-   Adjust the paths to use those specified in /etc/apparmor.d/
-   usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
-   to write at the location specified in named.conf.
-
 Q: Listening on individual IPv6 interfaces does not work.
 
 A: This is usually due to "/proc/net/if_inet6" not being available in the

FAQ.xml

@@ -1,7 +1,7 @@
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
 <!--
- - Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: FAQ.xml,v 1.54 2010/01/19 23:48:55 tbox Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.4.29 2009/10/06 01:33:54 tbox Exp $ -->
 
 <article class="faq">
   <title>Frequently Asked Questions about BIND 9</title>
@@ -29,7 +29,6 @@
       <year>2007</year>
       <year>2008</year>
       <year>2009</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -449,7 +448,7 @@ Master 10.0.1.1:
 			type master;
 			file "internal/example.db";
 			allow-update { key mykey; };
-			also-notify { 10.0.1.1; };
+			notify-also { 10.0.1.1; };
 		};
 	};
 
@@ -459,7 +458,7 @@ Master 10.0.1.1:
 			type slave;
 			file "external/example.db";
 			masters { 10.0.1.1; };
-			transfer-source 10.0.1.1;
+			transfer-source { 10.0.1.1; };
 			// allow-update-forwarding { any; };
 			// allow-notify { ... };
 		};
@@ -1383,36 +1382,6 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
       </answer>
     </qandaentry>
 
-    <qandaentry>
-      <question>
-	<para>
-	   I'm running BIND on Ubuntu -
-	</para>
-	<para>
-	  Why can't named update slave zone database files?
-	</para>
-	<para>
-	  Why can't named create DDNS journal files or update
-	  the master zones from journals?
-	</para>
-	<para>
-	  Why can't named create custom log files?
-	</para>
-      </question>
-      <answer>
-	<para>
-	  Ubuntu uses AppArmor <ulink url="http://en.wikipedia.org/wiki/AppArmor">
-          &lt;http://en.wikipedia.org/wiki/AppArmor&gt;</ulink> in
-	  addition to normal file system permissions to protect the system.
-	</para>
-	<para>
-	  Adjust the paths to use those specified in /etc/apparmor.d/usr.sbin.named
-	  or adjust /etc/apparmor.d/usr.sbin.named to allow named to write at the
-	  location specified in named.conf.
-	</para>
-      </answer>
-    </qandaentry>
-
     <qandaentry>
       <question>
 	<para>

HISTORY

@@ -1,313 +0,0 @@
-Summary of functional enhancements from prior major releases of BIND 9:
-
-BIND 9.6.0
-
-        Full NSEC3 support
-
-        Automatic zone re-signing
-
-	New update-policy methods tcp-self and 6to4-self
-
-        The BIND 8 resolver library, libbind, has been removed from the
-        BIND 9 distribution and is now available as a separate download.
-
-	Change the default pid file location from /var/run to
-	/var/run/{named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
-	GSS-TSIG support (RFC 3645).
-
-	DHCID support.
-
-	Experimental http server and statistics support for named via xml.
-
-	More detailed statistics counters including those supported in BIND 8.
-
-	Faster ACL processing.
-
-	Use Doxygen to generate internal documentation.
-
-        Efficient LRU cache-cleaning mechanism.
-
-        NSID support.
-
-BIND 9.4.0
-
-	Implemented "additional section caching (or acache)", an
-	internal cache framework for additional section content to
-	improve response performance.  Several configuration options
-	were provided to control the behavior.
-
-	New notify type 'master-only'.  Enable notify for master
-	zones only.
-
-	Accept 'notify-source' style syntax for query-source.
-
-	rndc now allows addresses to be set in the server clauses.
-
-	New option "allow-query-cache".  This lets "allow-query"
-	be used to specify the default zone access level rather
-	than having to have every zone override the global value.
-	"allow-query-cache" can be set at both the options and view
-	levels.  If "allow-query-cache" is not set then "allow-recursion"
-	is used if set, otherwise "allow-query" is used if set
-	unless "recursion no;" is set in which case "none;" is used,
-	otherwise the default (localhost; localnets;) is used.
-
-	rndc: the source address can now be specified.
-
-	ixfr-from-differences now takes master and slave in addition
-	to yes and no at the options and view levels.
-
-	Allow the journal's name to be changed via named.conf.
-
-	'rndc notify zone [class [view]]' resend the NOTIFY messages
-	for the specified zone.
-
-	'dig +trace' now randomly selects the next servers to try.
-	Report if there is a bad delegation.
-
-	Improve check-names error messages.
-
-	Make public the function to read a key file, dst_key_read_public().
-
-	dig now returns the byte count for axfr/ixfr.
-			
-	allow-update is now settable at the options / view level.
-
-	named-checkconf now checks the logging configuration.
-
-	host now can turn on memory debugging flags with '-m'.
-
-	Don't send notify messages to self.
-
-	Perform sanity checks on NS records which refer to 'in zone' names.
-
-	New zone option "notify-delay".  Specify a minimum delay
-	between sets of NOTIFY messages.
-
-	Extend adjusting TTL warning messages.
-
-	Named and named-checkzone can now both check for non-terminal
-	wildcard records.
-
-	"rndc freeze/thaw" now freezes/thaws all zones.
-
-	named-checkconf now check acls to verify that they only
-	refer to existing acls.
-
-	The server syntax has been extended to support a range of
-	servers.
-
-	Report differences between hints and real NS rrset and
-	associated address records.
-
-	Preserve the case of domain names in rdata during zone
-	transfers.
-
-	Restructured the data locking framework using architecture
-	dependent atomic operations (when available), improving
-	response performance on multi-processor machines significantly.
-	x86, x86_64, alpha, powerpc, and mips are currently supported.
-
-	UNIX domain controls are now supported.
-
-	Add support for additional zone file formats for improving
-	loading performance.  The masterfile-format option in
-	named.conf can be used to specify a non-default format.  A
-	separate command named-compilezone was provided to generate
-	zone files in the new format.  Additionally, the -I and -O
-	options for dnssec-signzone specify the input and output
-	formats.
-
-	dnssec-signzone can now randomize signature end times
-	(dnssec-signzone -j jitter).
-
-	Add support for CH A record.
-
-	Add additional zone data constancy checks.  named-checkzone
-	has extended checking of NS, MX and SRV record and the hosts
-	they reference.  named has extended post zone load checks.
-	New zone options: check-mx and integrity-check.
-
-
-	edns-udp-size can now be overridden on a per server basis.
-
-	dig can now specify the EDNS version when making a query.
-
-	Added framework for handling multiple EDNS versions.
-
-	Additional memory debugging support to track size and mctx
-	arguments.
-
-	Detect duplicates of UDP queries we are recursing on and
-	drop them.  New stats category "duplicates".
-
-	"USE INTERNAL MALLOC" is now runtime selectable.
-
-	The lame cache is now done on a <qname,qclass,qtype> basis
-	as some servers only appear to be lame for certain query
-	types.
-
-	Limit the number of recursive clients that can be waiting
-	for a single query (<qname,qtype,qclass>) to resolve.  New
-	options clients-per-query and max-clients-per-query.
-
-	dig: report the number of extra bytes still left in the
-	packet after processing all the records.
-
-	Support for IPSECKEY rdata type.
-
-	Raise the UDP recieve buffer size to 32k if it is less than 32k.
-
-	x86 and x86_64 now have seperate atomic locking implementations.
-
-	named-checkconf now validates update-policy entries.
-
-	Attempt to make the amount of work performed in a iteration
-	self tuning.  The covers nodes clean from the cache per
-	iteration, nodes written to disk when rewriting a master
-	file and nodes destroyed per iteration when destroying a
-	zone or a cache.
-
-	ISC string copy API.
-
-	Automatic empty zone creation for D.F.IP6.ARPA and friends.
-	Note: RFC 1918 zones are not yet covered by this but are
-	likely to be in a future release.
-
-	New options: empty-server, empty-contact, empty-zones-enable
-	and disable-empty-zone.
-
-	dig now has a '-q queryname' and '+showsearch' options.
-
-	host/nslookup now continue (default)/fail on SERVFAIL.
-
-	dig now warns if 'RA' is not set in the answer when 'RD'
-	was set in the query.  host/nslookup skip servers that fail
-	to set 'RA' when 'RD' is set unless a server is explicitly
-	set.
-
-	Integrate contibuted DLZ code into named.
-
-	Integrate contibuted IDN code from JPNIC.
-
-	libbind: corresponds to that from BIND 8.4.7.
-
-BIND 9.3.0
-
-	DNSSEC is now DS based (RFC 3658).
-	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
-
-	DNSSEC lookaside validation.
-
-	check-names is now implemented.
-	rrset-order in more complete.
-
-	IPv4/IPv6 transition support, dual-stack-servers.
-
-	IXFR deltas can now be generated when loading master files,
-	ixfr-from-differences.
-
-	It is now possible to specify the size of a journal, max-journal-size.
-
-	It is now possible to define a named set of master servers to be
-	used in masters clause, masters.
-
-	The advertised EDNS UDP size can now be set, edns-udp-size.
-
-	allow-v6-synthesis has been obsoleted.
-
-	NOTE:
-	* Zones containing MD and MF will now be rejected.
-	* dig, nslookup name. now report "Not Implemented" as
-	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
-	  that are looking for NOTIMPL.
-
-	libbind: corresponds to that from BIND 8.4.5.
-
-BIND 9.2.0
-
-	The size of the cache can now be limited using the
-        "max-cache-size" option.
-
-	The server can now automatically convert RFC1886-style recursive
-	lookup requests into RFC2874-style lookups, when enabled using the
-	new option "allow-v6-synthesis".  This allows stub resolvers that
-	support AAAA records but not A6 record chains or binary labels to
-	perform lookups in domains that make use of these IPv6 DNS
-	features.
-
-	Performance has been improved.
-
-	The man pages now use the more portable "man" macros rather than
-	the "mandoc" macros, and are installed by "make install".
-
-	The named.conf parser has been completely rewritten.  It now
-	supports "include" directives in more places such as inside "view"
-	statements, and it no longer has any reserved words.
-
-	The "rndc status" command is now implemented.
-
-	rndc can now be configured automatically.
-
-	A BIND 8 compatible stub resolver library is now included in
-	lib/bind.
-
-	OpenSSL has been removed from the distribution.  This means that to
-	use DNSSEC, OpenSSL must be installed and the --with-openssl option
-	must be supplied to configure.  This does not apply to the use of
-	TSIG, which does not require OpenSSL.
-
-	The source distribution now builds on Windows.  See
-	win32utils/readme1.txt and win32utils/win32-build.txt for details.
-
-	This distribution also includes a new lightweight stub
-	resolver library and associated resolver daemon that fully
-	support forward and reverse lookups of both IPv4 and IPv6
-	addresses.  This library is considered experimental and
-	is not a complete replacement for the BIND 8 resolver library.
-	Applications that use the BIND 8 res_* functions to perform
-	DNS lookups or dynamic updates still need to be linked against
-	the BIND 8 libraries.  For DNS lookups, they can also use the
-	new "getrrsetbyname()" API.
-
-	BIND 9.2 is capable of acting as an authoritative server
-	for DNSSEC secured zones.  This functionality is believed to
-	be stable and complete except for lacking support for
-	verifications involving wildcard records in secure zones.
-
-	When acting as a caching server, BIND 9.2 can be configured
-	to perform DNSSEC secure resolution on behalf of its clients.
-	This part of the DNSSEC implementation is still considered
-	experimental.  For detailed information about the state of the
-	DNSSEC implementation, see the file doc/misc/dnssec.
-
-	There are a few known bugs:
-
-	    On some systems, IPv6 and IPv4 sockets interact in
-	    unexpected ways.  For details, see doc/misc/ipv6.
-	    To reduce the impact of these problems, the server
-	    no longer listens for requests on IPv6 addresses
-	    by default.  If you need to accept DNS queries over
-	    IPv6, you must specify "listen-on-v6 { any; };"
-	    in the named.conf options statement.
-
-	    FreeBSD prior to 4.2 (and 4.2 if running as non-root)
-	    and OpenBSD prior to 2.8 log messages like
-	    "fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
-	    This is due to a bug in "/dev/random" and impacts the
-	    server's DNSSEC support.
-
-	    OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
-	    OS X 10.2 (Darwin 6.0) reports errors like
-	    "fcntl(3, F_SETFL, 4): Operation not supported by device".
-	    This is due to a bug in "/dev/random" and impacts the
-	    server's DNSSEC support.
-
-	    --with-libtool does not work on AIX.
-
-	A bug in some versions of the Microsoft DNS server can cause zone
-        transfers from a BIND 9 server to a W2K server to fail.  For details,
-	see the "Zone Transfers" section in doc/misc/migration.

Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.58 2009/11/26 20:52:44 marka Exp $
+# $Id: Makefile.in,v 1.43.18.8 2009/02/20 23:46:01 tbox Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,17 +21,24 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-SUBDIRS =	make lib bin doc @LIBEXPORT@
+SUBDIRS =	make lib bin doc @LIBBIND@
 TARGETS =
 
 MANPAGES =	isc-config.sh.1
-
+ 
 HTMLPAGES =	isc-config.sh.html
-
+ 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
+distclean::
+	@if [ "X@LIBBIND@" = "X" ] ; then \
+		i=lib/bind; \
+		echo "making $@ in `pwd`/$$i"; \
+		(cd $$i; ${MAKE} ${MAKEDEFS} $@) || exit 1; \
+	fi
+
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
 	rm -f libtool isc-config.sh configure.lineno
@@ -54,8 +61,7 @@ installdirs:
 
 install:: isc-config.sh installdirs
 	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
-	${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
-	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
+	${INSTALL_DATA} ${srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
 
 tags:
 	rm -f TAGS

README

@@ -27,8 +27,8 @@ BIND 9
 		- Improved Portability Architecture
 
 
-	BIND version 9 development has been underwritten by the following
-	organizations:
+	BIND version 9 development has been under written by the following
+	organisations:
 
 		Sun Microsystems, Inc.
 		Hewlett Packard
@@ -42,77 +42,389 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 		Nominum, Inc.
 
-	For a summary of functional enhancements in previous
-	releases, see the HISTORY file.
+BIND 9.4-ESV (Extended Support Version)
+
+	BIND 9.4-ESV is the Extended Support Version of BIND 9.4
+	and incorporates the final maintenance release fixing bugs
+	in BIND 9.4.3.
+
+	BIND 9.4-ESV will be supported until December 31, 2010, at
+	which time you will need to upgrade to the current release
+	of BIND.
+
+BIND 9.4.3
+
+	BIND 9.4.3 is a maintenance release, fixing bugs in 9.4.2.
+
+BIND 9.4.2
+
+	BIND 9.4.2 is a maintenance release, containing fixes for
+	a number of bugs in 9.4.1.
+
+	Warning: If you installed BIND 9.4.2rc1 then any applications
+	linked against this release candidate will need to be rebuilt.
+
+BIND 9.4.1
+
+	BIND 9.4.1 is a security release, containing a fix for
+	a security bugs in 9.4.0.
+
+BIND 9.4.0
+
+	BIND 9.4.0 has a number of new features over 9.3,
+	including:
+
+	Implemented "additional section caching" (or "acache"), an
+	internal cache framework for additional section content to
+	improve response performance.  Several configuration options
+	were provided to control the behaviour.
+
+	New notify type 'master-only'.  Enable notify for master
+	zones only.
+
+	Accept 'notify-source' style syntax for query-source.
+
+	rndc now allows addresses to be set in the server clauses.
+
+	New option "allow-query-cache".  This lets "allow-query"
+	be used to specify the default zone access level rather
+	than having to have every zone override the global value.
+	"allow-query-cache" can be set at both the options and view
+	levels.  If "allow-query-cache" is not set then "allow-recursion"
+	is used if set, otherwise "allow-query" is used if set
+	unless "recursion no;" is set in which case "none;" is used,
+	otherwise the default (localhost; localnets;) is used.
+
+	rndc: the source address can now be specified.
+
+	ixfr-from-differences now takes master and slave in addition
+	to yes and no at the options and view levels.
+
+	Allow the journal's name to be changed via named.conf.
+
+	'rndc notify zone [class [view]]' resend the NOTIFY messages
+	for the specified zone.
+
+	'dig +trace' now randomly selects the next servers to try.
+	Report if there is a bad delegation.
+
+	Improve check-names error messages.
+
+	Make public the function to read a key file, dst_key_read_public().
+
+	dig now returns the byte count for axfr/ixfr.
+			
+	allow-update is now settable at the options / view level.
+
+	named-checkconf now checks the logging configuration.
+
+	host now can turn on memory debugging flags with '-m'.
+
+	Don't send notify messages to self.
+
+	Perform sanity checks on NS records which refer to 'in zone' names.
+
+	New zone option "notify-delay".  Specify a minimum delay
+	between sets of NOTIFY messages.
+
+	Extend adjusting TTL warning messages.
+
+	Named and named-checkzone can now both check for non-terminal
+	wildcard records.
+
+	"rndc freeze/thaw" now freezes/thaws all zones.
+
+	named-checkconf now check acls to verify that they only
+	refer to existing acls.
+
+	The server syntax has been extended to support a range of
+	servers.
+
+	Report differences between hints and real NS rrset and
+	associated address records.
+
+	Preserve the case of domain names in rdata during zone
+	transfers.
+
+	Restructured the data locking framework using architecture
+	dependent atomic operations (when available), improving
+	response performance on multi-processor machines significantly.
+	x86, x86_64, alpha, powerpc, and mips are currently supported.
+
+	UNIX domain controls are now supported.
+
+	Add support for additional zone file formats for improving
+	loading performance.  The masterfile-format option in
+	named.conf can be used to specify a non-default format.  A
+	separate command named-compilezone was provided to generate
+	zone files in the new format.  Additionally, the -I and -O
+	options for dnssec-signzone specify the input and output
+	formats.
+
+	dnssec-signzone can now randomise signature end times
+	(dnssec-signzone -j jitter).
+
+	Add support for CH A record.
+
+	Add additional zone data consistency checks.  named-checkzone
+	has extended checking of NS, MX and SRV record and the hosts
+	they reference.  named has extended post zone load checks.
+	New zone options: check-mx and integrity-check.
+
+	edns-udp-size can now be overridden on a per server basis.
+
+	dig can now specify the EDNS version when making a query.
+
+	Added framework for handling multiple EDNS versions.
+
+	Additional memory debugging support to track size and mctx
+	arguments.
+
+	Detect duplicates of UDP queries we are recursing on and
+	drop them.  New stats category "duplicates".
+
+	Memory management. "USE INTERNAL MALLOC" is now runtime selectable.
+
+	The lame cache is now done on a <qname,qclass,qtype> basis
+	as some servers only appear to be lame for certain query
+	types.
+
+	Limit the number of recursive clients that can be waiting
+	for a single query (<qname,qtype,qclass>) to resolve.  New
+	options clients-per-query and max-clients-per-query.
+
+	dig: report the number of extra bytes still left in the
+	packet after processing all the records.
+
+	Support for IPSECKEY rdata type.
+
+	Raise the UDP receive buffer size to 32k if it is less than 32k.
+
+	x86 and x86_64 now have separate atomic locking implementations.
+
+	named-checkconf now validates update-policy entries.
+
+	Attempt to make the amount of work performed in a iteration
+	self tuning.  The covers nodes clean from the cache per
+	iteration, nodes written to disk when rewriting a master
+	file and nodes destroyed per iteration when destroying a
+	zone or a cache.
+
+	ISC string copy API.
+
+	Automatic empty zone creation for D.F.IP6.ARPA and friends.
+	Note: RFC 1918 zones are not yet covered by this but are
+	likely to be in a future release.
+
+	New options: empty-server, empty-contact, empty-zones-enable
+	and disable-empty-zone.
+
+	dig now has a '-q queryname' and '+showsearch' options.
+
+	host/nslookup now continue (default)/fail on SERVFAIL.
+
+	dig now warns if 'RA' is not set in the answer when 'RD'
+	was set in the query.  host/nslookup skip servers that fail
+	to set 'RA' when 'RD' is set unless a server is explicitly
+	set.
+
+	Integrate contributed DLZ code into named.
+
+	Integrate contributed IDN code from JPNIC.
+
+	Validate pending NS RRsets, in the authority section, prior
+	to returning them if it can be done without requiring DNSKEYs
+	to be fetched.
+
+	It is now possible to configure named to accept expired
+	RRSIGs.  Default "dnssec-accept-expired no;".  Setting
+	"dnssec-accept-expired yes;" leaves named vulnerable to
+	replay attacks.
+
+	Additional memory leakage checks.
+
+	The maximum EDNS UDP response named will send can now be
+	set in named.conf (max-udp-size).  This is independent of
+	the advertised receive buffer (edns-udp-size).
+
+	Named now falls back to advertising EDNS with a 512 byte
+	receive buffer if the initial EDNS queries fail.
+
+	Control the zeroing of the negative response TTL to a soa
+	query.  Defaults "zero-no-soa-ttl yes;" and
+	"zero-no-soa-ttl-cache no;".
+			
+	Separate out MX and SRV to CNAME checks.
+
+	dig/nslookup/host: warn about missing "QR".
+
+	TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
+	HMACSHA512 support.
+
+	dnssec-signzone: output the SOA record as the first record
+	in the signed zone.
+
+	Two new update policies.  "selfsub" and "selfwild".
+
+	dig, nslookup and host now advertise a 4096 byte EDNS UDP
+	buffer size by default.
+
+	Report when a zone is removed.
+
+	DS/DLV SHA256 digest algorithm support.
+
+	Implement "rrset-order fixed".
+
+	Check the KSK flag when updating a secure dynamic zone.
+	New zone option "update-check-ksk yes;".
+
+	It is now possible to explicitly enable DNSSEC validation.
+	default dnssec-validation no; to be changed to yes in 9.5.0.
+
+	It is now possible to enable/disable DNSSEC validation
+	from rndc.  This is useful for the mobile hosts where the
+	current connection point breaks DNSSEC (firewall/proxy).
+
+		rndc validation newstate [view]
+
+	dnssec-signzone can now update the SOA record of the signed
+	zone, either as an increment or as the system time().
+
+	Statistics about acache now recorded and sent to log.
+
+	libbind: corresponds to that from BIND 8.4.7.
+
+BIND 9.3.0
+
+	BIND 9.3.0 has a number of new features over 9.2,
+	including:
+
+	DNSSEC is now DS based (RFC 3658).
+	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
+
+	DNSSEC lookaside validation.
+
+	check-names is now implemented.
+	rrset-order in more complete.
+
+	IPv4/IPv6 transition support, dual-stack-servers.
+
+	IXFR deltas can now be generated when loading master files,
+	ixfr-from-differences.
+
+	It is now possible to specify the size of a journal, max-journal-size.
+
+	It is now possible to define a named set of master servers to be
+	used in masters clause, masters.
+
+	The advertised EDNS UDP size can now be set, edns-udp-size.
+
+	allow-v6-synthesis has been obsoleted.
+
+	NOTE:
+	* Zones containing MD and MF will now be rejected.
+	* dig, nslookup name. now report "Not Implemented" as
+	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
+	  that are looking for NOTIMPL.
+
+	libbind: corresponds to that from BIND 8.4.5.
+
+BIND 9.2.0
+
+	BIND 9.2.0 has a number of new features over 9.1,
+	including:
+
+	  - The size of the cache can now be limited using the
+            "max-cache-size" option.
+
+	  - The server can now automatically convert RFC1886-style
+	    recursive lookup requests into RFC2874-style lookups, 
+	    when enabled using the new option "allow-v6-synthesis".
+            This allows stub resolvers that support AAAA records
+            but not A6 record chains or binary labels to perform
+            lookups in domains that make use of these IPv6 DNS
+            features.
+
+	  - Performance has been improved.
+
+	  - The man pages now use the more portable "man" macros
+	    rather than the "mandoc" macros, and are installed
+            by "make install".
+
+          - The named.conf parser has been completely rewritten.
+            It now supports "include" directives in more
+            places such as inside "view" statements, and it no
+            longer has any reserved words.
+
+          - The "rndc status" command is now implemented.
+
+	  - rndc can now be configured automatically.
+
+	  - A BIND 8 compatible stub resolver library is now
+	    included in lib/bind.
+
+	  - OpenSSL has been removed from the distribution.  This
+	    means that to use DNSSEC, OpenSSL must be installed and
+	    the --with-openssl option must be supplied to configure.
+	    This does not apply to the use of TSIG, which does not
+	    require OpenSSL.
+
+	  - The source distribution now builds on Windows.
+	    See win32utils/readme1.txt and win32utils/win32-build.txt
+	    for details.
+
+	This distribution also includes a new lightweight stub
+	resolver library and associated resolver daemon that fully
+	support forward and reverse lookups of both IPv4 and IPv6
+	addresses.  This library is considered experimental and
+	is not a complete replacement for the BIND 8 resolver library.
+	Applications that use the BIND 8 res_* functions to perform
+	DNS lookups or dynamic updates still need to be linked against
+	the BIND 8 libraries.  For DNS lookups, they can also use the
+	new "getrrsetbyname()" API.
+
+	BIND 9.2 is capable of acting as an authoritative server
+	for DNSSEC secured zones.  This functionality is believed to
+	be stable and complete except for lacking support for
+	verifications involving wildcard records in secure zones.
+
+	When acting as a caching server, BIND 9.2 can be configured
+	to perform DNSSEC secure resolution on behalf of its clients.
+	This part of the DNSSEC implementation is still considered
+	experimental.  For detailed information about the state of the
+	DNSSEC implementation, see the file doc/misc/dnssec.
+
+	There are a few known bugs:
+
+		On some systems, IPv6 and IPv4 sockets interact in
+		unexpected ways.  For details, see doc/misc/ipv6.
+		To reduce the impact of these problems, the server
+		no longer listens for requests on IPv6 addresses
+		by default.  If you need to accept DNS queries over
+		IPv6, you must specify "listen-on-v6 { any; };"
+		in the named.conf options statement.
+
+		FreeBSD prior to 4.2 (and 4.2 if running as non-root)
+		and OpenBSD prior to 2.8 log messages like
+		"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
+		This is due to a bug in "/dev/random" and impacts the
+		server's DNSSEC support.
+
+		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
+		OS X 10.2 (Darwin 6.0) reports errors like
+		"fcntl(3, F_SETFL, 4): Operation not supported by device".
+		This is due to a bug in "/dev/random" and impacts the
+		server's DNSSEC support.
+
+		--with-libtool does not work on AIX.
+
+	A bug in some versions of the Microsoft DNS server can cause zone
+        transfers from a BIND 9 server to a W2K server to fail.  For details,
+	see the "Zone Transfers" section in doc/misc/migration.
 
 	For a detailed list of user-visible changes from
 	previous releases, see the CHANGES file.
 
-BIND 9.7.0
-
-	BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
-	releases.  Most are intended to simplify DNSSEC configuration.
-
-	New features include:
-
-	- Fully automatic signing of zones by "named".
-	- Simplified configuration of DNSSEC Lookaside Validation (DLV).
-	- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
-	  command line tool or the "local" update-policy option.  (As a side
-	  effect, this also makes it easier to configure automatic zone
-	  re-signing.)
-	- New named option "attach-cache" that allows multiple views to
-	  share a single cache.
-	- DNS rebinding attack prevention.
-	- New default values for dnssec-keygen parameters.
-	- Support for RFC 5011 automated trust anchor maintenance
-	- Smart signing: simplified tools for zone signing and key
-	  maintenance.
-	- The "statistics-channels" option is now available on Windows.
-	- A new DNSSEC-aware libdns API for use by non-BIND9 applications
-	- On some platforms, named and other binaries can now print out
-	  a stack backtrace on assertion failure, to aid in debugging.
-	- A "tools only" installation mode on Windows, which only installs
-	  dig, host, nslookup and nsupdate.
-	- Improved PKCS#11 support, including Keyper support and explicit
-	  OpenSSL engine selection.
-
-	Known issues in this release:
-
-	- In rare cases, DNSSEC validation can leak memory.  When this 
-	  happens, it will cause an assertion failure when named exits,
-	  but is otherwise harmless.  A fix exists, but was too late for
-	  this release; it will be included in BIND 9.7.1.
-
-	Compatibility notes:
-
-	- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
-	  ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
-	  you should ensure that all changes that are in progress have
-	  completed prior to upgrading to BIND 9.7.  BIND 9.7 implements
-	  those features in a way which is not backwards compatible.
-
-	- Prior releases had a bug which caused HMAC-SHA* keys with long
-	  secrets to be used incorrectly.  Fixing this bug means that older
-	  versions of BIND 9 may fail to interoperate with this version
-	  when using TSIG keys.  If this occurs, the new "isc-hmac-fixup"
-	  tool will convert a key with a long secret into a form that works
-	  correctly with all versions of BIND 9.  See the "isc-hmac-fixup"
-	  man page for additional details.
-
-	- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
-	  It is possible for the new key ID to collide with that of a
-	  different key.  Newly generated keys will not have this problem,
-	  as "dnssec-keygen" looks for potential collisions before
-	  generating keys, but exercise caution if using key revokation
-	  with keys that were generated by older versions of BIND 9.  See
-	  the Administrator's Reference Manual, section 4.10 ("Dynamic
-	  Trust Anchor Management") for more details.
-
-	- A bug was fixed in which a key's scheduled inactivity date was
-	  stored incorectly.  Users who participated in the 9.7.0 BETA test
-	  and had DNSSEC keys with scheduled inactivity dates will need to
-	  reset those keys' dates using "dnssec-settime -I".
 
 Building
 
@@ -122,35 +434,31 @@ Building
 	We've had successful builds and tests on the following systems:
 
 		COMPAQ Tru64 UNIX 5.1B
-		Fedora Core 6
 		FreeBSD 4.10, 5.2.1, 6.2
 		HP-UX 11.11
-		Mac OS X 10.5
-		NetBSD 3.x, 4.0-beta, 5.0-beta
-		OpenBSD 3.3 and up
-		Solaris 8, 9, 9 (x86), 10
-		Ubuntu 7.04, 7.10
+		NetBSD 1.5
+		Slackware Linux 8.1
+		Solaris 8, 9, 9 (x86)
 		Windows XP/2003/2008
 
         NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
         Windows, including Windows NT and Windows 2000, are no longer
         supported.
 
-	We have recent reports from the user community that a supported
-	version of BIND will build and run on the following systems:
+	Additionally, we have unverified reports of success building
+	previous versions of BIND 9 from users of the following systems:
 
-		AIX 4.3, 5L
-		CentOS 4, 4.5, 5
-		Darwin 9.0.0d1/ARM
-		Debian 4
-		Fedora Core 5, 7
-		FreeBSD 6.1
-		HP-UX 11.23 PA
-		MacOS X 10.4, 10.5
-		Red Hat Enterprise Linux 4, 5
-		SCO OpenServer 5.0.6
-		Slackware 9, 10
-		SuSE 9, 10
+		AIX 5L
+		SuSE Linux 7.0
+		Slackware Linux 7.x, 8.0
+	        Red Hat Linux 7.1
+		Debian GNU/Linux 2.2 and 3.0
+		Mandrake 8.1
+		OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8
+		UnixWare 7.1.1
+		HP-UX 10.20
+		BSD/OS 4.2
+		Mac OS X 10.1, 10.3.8
 
 	To build, just
 
@@ -187,13 +495,12 @@ Building
 				    -DDIG_SIGCHASE_BU=1)
 		Disable dropping queries from particular well known ports.
 		  -DNS_CLIENT_DROPPORT=0
-	        Sibling glue checking in named-checkzone is enabled by default.
+		Disable support for "rrset-order fixed".
+		  -DDNS_RDATASET_FIXED=0
+		Sibling glue checking in named-checkzone is enabled by default.
 		To disable the default check set.  -DCHECK_SIBLING=0
 		named-checkzone checks out-of-zone addresses by default.
 		To disable this default set.  -DCHECK_LOCAL=0
-		To create the default pid files in ${localstatedir}/run rather
-		than ${localstatedir}/run/{named,lwresd}/ set.
-		  -DNS_RUN_PID_DIR=0
 		Enable workaround for Solaris kernel bug about /dev/poll
 		  -DISC_SOCKET_USE_POLLWATCH=1
 		  The watch timeout is also configurable, e.g.,
@@ -223,6 +530,9 @@ Building
 	a nonstandard prefix, you can tell configure where to
 	look for it using "--with-openssl=/prefix".
 
+	To build libbind (the BIND 8 resolver library), specify
+	"--enable-libbind" on the configure command line.
+
 	On some platforms it is necessary to explictly request large
 	file support to handle files bigger than 2GB.  This can be
 	done by "--enable-largefile" on the configure command line.
@@ -234,11 +544,6 @@ Building
 	on the configure command line.  The default is operating
 	system dependent.
 
-        Support for the "fixed" rrset-order option can be enabled
-        or disabled by specifying "--enable-fixed-rrset" or
-        "--disable-fixed-rrset" on the configure command line.
-        The default is "disabled", to reduce memory footprint.
-
 	If your operating system has integrated support for IPv6, it
 	will be used automatically.  If you have installed KAME IPv6
 	separately, use "--with-kame[=PATH]" to specify its location.
@@ -303,9 +608,6 @@ Documentation
 	Frequently asked questions and their answers can be found in
 	FAQ.
 
-        Additional information on various subjects can be found
-        in the other README files.
-
 
 Bug Reports and Mailing Lists
 
@@ -322,9 +624,8 @@ Bug Reports and Mailing Lists
 		http://www.isc.org/ops/lists/
 
 	If you're planning on making changes to the BIND 9 source
-	code, you might want to join the BIND Workers mailing list.
-	Send mail to
-
-		bind-workers-request@isc.org
-
+	code, you might want to join the BIND Forum as a Worker.
+	This gives you access to the bind-workers@isc.org mailing
+	list and pre-release access to the code.
 
+		http://www.isc.org/sw/guild/bf/

README.idnkit

@@ -1,22 +1,37 @@
 
-                          BIND 9 IDN support
+			BIND-9 IDN patch
 
 	       Japan Network Information Center (JPNIC)
 
 
+* What is this patch for?
+
+This patch adds internationalized domain name (IDN) support to BIND-9.
+You'll get internationalized version of dig/host/nslookup commands.
+
+    + internationalized dig/host/nslookup
+	dig/host/nslookup accepts non-ASCII domain names in the local
+	codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
+	the locale information.  The domain names are normalized and
+	converted to the encoding on the DNS protocol, and sent to DNS
+	servers.  The replies are converted back to the local codeset
+	and displayed.
+
+
 * Compilation & installation
 
 0. Prerequisite
 
-You have to build and install idnkit before building bind9.
+You have to build and install idnkit before building this patched version
+of bind-9.
 
 1. Running configure script
 
 Run `configure' in the top directory.  See `README' for the
 configuration options.
 
-The following four options to `configure' are relevant to IDN.  You
-should at least specify `--with-idn' option to enable IDN support.
+This patch adds the following 4 options to `configure'.  You should
+at least specify `--with-idn' option to enable IDN support.
 
     --with-idn[=IDN_PREFIX]
 	To enable IDN support, you have to specify `--with-idn' option.
@@ -58,7 +73,8 @@ should at least specify `--with-idn' option to enable IDN support.
 	is the argument(s) to `cc' or `ld' to link the library, for
 	example, `--with-iconv="-L/usr/local/lib -liconv"'.
 	You don't need to specify the header file directory for "iconv.h"
-	to the compiler, as it isn't included directly by bind9.
+	to the compiler, as it isn't included directly by bind-9 with
+	this patch.
 
     --with-idnlib=IDN_LIBSPEC
 	With this option, you can explicitly specify the argument(s)
@@ -87,10 +103,10 @@ for compiling and installing.
 
 * Contact information
 
-Please see http://www.nic.ad.jp/en/idn/ for the latest news
-about idnkit.
+Please see http//www.nic.ad.jp/en/idn/ for the latest news
+about idnkit and this patch.
 
 Bug reports and comments on this kit should be sent to
 mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
 
-; $Id: README.idnkit,v 1.1 2009/12/04 20:14:28 each Exp $
+; $Id: README.idnkit,v 1.2.2.3 2009/01/19 00:36:25 marka Exp $

acconfig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.53 2008/12/01 23:47:44 tbox Exp $ */
+/* $Id: acconfig.h,v 1.44.18.7 2008/12/01 23:45:56 tbox Exp $ */
 
 /*! \file */
 

bin/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2001  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,14 +13,13 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $
+# $Id: Makefile.in,v 1.23 2004/03/05 04:57:10 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests tools nsupdate \
-		check confgen @PKCS11_TOOLS@
+SUBDIRS =	named rndc dig dnssec tests nsupdate check
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.36 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.24.18.6 2006/06/09 00:54:08 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -32,7 +32,6 @@ CWARNINGS =
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
@@ -40,8 +39,7 @@ ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
-LIBS =		${ISCLIBS} @LIBS@
-NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
+LIBS =		@LIBS@
 
 SUBDIRS =
 
@@ -71,14 +69,14 @@ named-checkzone.@O@: named-checkzone.c
 
 named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
 		${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
-	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
-	export LIBS0="${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
+	${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	export BASEOBJS="named-checkzone.@O@ check-tool.@O@"; \
-	export LIBS0="${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	named-checkzone.@O@ check-tool.@O@ ${ISCCFGLIBS} ${DNSLIBS} \
+	${ISCLIBS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.39 2009/09/01 00:22:24 jinmei Exp $ */
+/* $Id: check-tool.c,v 1.10.18.23 2009/09/24 21:38:50 jinmei Exp $ */
 
 /*! \file */
 
@@ -24,17 +24,16 @@
 #include <stdio.h>
 
 #include "check-tool.h"
+#include <isc/util.h>
+
 #include <isc/buffer.h>
 #include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/netdb.h>
 #include <isc/net.h>
+#include <isc/netdb.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
 #include <isc/string.h>
-#include <isc/symtab.h>
 #include <isc/types.h>
-#include <isc/util.h>
 
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -70,15 +69,6 @@
 			goto cleanup; \
 	} while (0)
 
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
-
 static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
@@ -119,58 +109,6 @@ static isc_logcategory_t categories[] = {
 	{ NULL,		     0 }
 };
 
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-}
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   ISC_FALSE, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static isc_boolean_t
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (ISC_FALSE);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
 static isc_boolean_t
 checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
@@ -219,39 +157,29 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 		       cur->ai_next != NULL)
 			cur = cur->ai_next;
 		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
+		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf,
-				     cur->ai_canonname);
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
-			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0 */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 	if (a == NULL || aaaa == NULL)
@@ -274,13 +202,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
 		}
@@ -304,13 +231,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET6, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = ISC_FALSE; */
 		}
@@ -322,48 +248,42 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		isc_boolean_t missing_glue = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = ISC_FALSE;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = ISC_TRUE;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = ISC_FALSE; */
-				missing_glue = ISC_TRUE;
-			}
+	for (cur = ai; cur != NULL; cur = cur->ai_next) {
+		switch (cur->ai_family) {
+		case AF_INET:
+			rdataset = a;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			type = "A";
+			break;
+		case AF_INET6:
+			rdataset = aaaa;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			type = "AAAA";
+			break;
+		default:
+			 continue;
+		}
+		match = ISC_FALSE;
+		if (dns_rdataset_isassociated(rdataset))
+			result = dns_rdataset_first(rdataset);
+		else
+			result = ISC_R_FAILURE;
+		while (result == ISC_R_SUCCESS && !match) {
+			dns_rdataset_current(rdataset, &rdata);
+			if (memcmp(ptr, rdata.data, rdata.length) == 0)
+				match = ISC_TRUE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(rdataset);
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "missing GLUE %s record (%s)",
+				     ownerbuf, namebuf, type,
+				     inet_ntop(cur->ai_family, ptr,
+					       addrbuf, sizeof(addrbuf)));
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -413,15 +333,10 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME '%s' "
-						     "(illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
+				dns_zone_log(zone, ISC_LOG_WARNING,
+					     "%s/MX '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -433,23 +348,16 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
+		dns_zone_log(zone, ISC_LOG_WARNING,
 			     "getaddrinfo(%s) failed: %s",
 			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
 		return (ISC_TRUE);
 	}
 #else
@@ -498,14 +406,10 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME '%s' (illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
+				dns_zone_log(zone, level,
+					     "%s/SRV '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -517,23 +421,16 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 #else
@@ -542,7 +439,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 }
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
+setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
@@ -554,7 +451,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	dns_log_setcontext(log);
 	cfg_log_init(log);
 
-	destination.file.stream = errout;
+	destination.file.stream = stdout;
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
@@ -597,7 +494,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 	isc_buffer_add(&buffer, strlen(zonename));
 	dns_fixedname_init(&fixorigin);
 	origin = dns_fixedname_name(&fixorigin);
-	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
+	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
+				ISC_FALSE, NULL));
 	CHECK(dns_zone_setorigin(zone, origin));
 	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
 	CHECK(dns_zone_setfile2(zone, filename, fileformat));
@@ -637,14 +535,14 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	FILE *output = stdout;
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0)
+		if (filename != NULL)
 			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
 				zonename, filename);
 		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
 	}
 
-	if (filename != NULL && strcmp(filename, "-") != 0) {
+	if (filename != NULL) {
 		result = isc_stdio_open(filename, "w+", &output);
 
 		if (result != ISC_R_SUCCESS) {
@@ -656,7 +554,7 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 
 	result = dns_zone_dumptostream2(zone, output, fileformat, style);
 
-	if (output != stdout)
+	if (filename != NULL)
 		(void)isc_stdio_close(output);
 
 	return (result);

bin/check/check-tool.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */
+/* $Id: check-tool.h,v 1.7.18.4 2005/06/20 01:19:25 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -23,7 +23,6 @@
 /*! \file */
 
 #include <isc/lang.h>
-#include <isc/stdio.h>
 #include <isc/types.h>
 
 #include <dns/masterdump.h>
@@ -32,7 +31,7 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
+setup_logging(isc_mem_t *mctx, isc_log_t **logp);
 
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.33 2009/12/29 01:14:03 tbox Exp $
+.\" $Id: named-checkconf.8,v 1.16.18.14 2009/07/11 01:31:43 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,36 +33,13 @@
 named\-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-p\fR] [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
-checks the syntax, but not the semantics, of a
-\fBnamed\fR
-configuration file. The file is parsed and checked for syntax errors, along with all files included by it. If no file is specified,
-\fI/etc/named.conf\fR
-is read by default.
-.PP
-Note: files that
-\fBnamed\fR
-reads in separate parser contexts, such as
-\fIrndc.key\fR
-and
-\fIbind.keys\fR, are not automatically read by
-\fBnamed\-checkconf\fR. Configuration errors in these files may cause
-\fBnamed\fR
-to fail to run, even if
-\fBnamed\-checkconf\fR
-was successful.
-\fBnamed\-checkconf\fR
-can be run on these files explicitly, however.
+checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
 .PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
 \-t \fIdirectory\fR
 .RS 4
 Chroot to
@@ -77,13 +54,6 @@ Print the version of the
 program and exit.
 .RE
 .PP
-\-p
-.RS 4
-Print out the
-\fInamed.conf\fR
-and included files in canonical form if no errors were detected.
-.RE
-.PP
 \-z
 .RS 4
 Perform a test load of all master zones found in
@@ -113,7 +83,7 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2002 Internet Software Consortium.
 .br

bin/check/named-checkconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.53 2010/03/09 23:51:06 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.28.18.18 2009/02/16 23:46:03 tbox Exp $ */
 
 /*! \file */
 
@@ -47,8 +47,6 @@
 
 #include "check-tool.h"
 
-static const char *program = "named-checkconf";
-
 isc_log_t *logc = NULL;
 
 #define CHECK(r)\
@@ -59,13 +57,10 @@ isc_log_t *logc = NULL;
 	} while (0)
 
 /*% usage */
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-p] [-v] [-z] [-t directory] "
-		"[named.conf]\n", program);
+	fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] "
+		"[named.conf]\n");
 	exit(1);
 }
 
@@ -205,24 +200,6 @@ configure_zone(const char *vclass, const char *view,
 		return (ISC_R_FAILURE);
 	zfile = cfg_obj_asstring(fileobj);
 
-	obj = NULL;
-	if (get_maps(maps, "check-dup-records", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options |= DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-		zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-	}
-
 	obj = NULL;
 	if (get_maps(maps, "check-mx", &obj)) {
 		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
@@ -408,15 +385,6 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
 	return (result);
 }
 
-static void
-output(void *closure, const char *text, int textlen) {
-	UNUSED(closure);
-	if (fwrite(text, 1, textlen, stdout) != (size_t)textlen) {
-		perror("fwrite");
-		exit(1);
-	}
-}
-
 /*% The main processing routine */
 int
 main(int argc, char **argv) {
@@ -429,11 +397,8 @@ main(int argc, char **argv) {
 	int exit_status = 0;
 	isc_entropy_t *ectx = NULL;
 	isc_boolean_t load_zones = ISC_FALSE;
-	isc_boolean_t print = ISC_FALSE;
 
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv, "dhjt:pvz")) != EOF) {
+	while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -452,10 +417,6 @@ main(int argc, char **argv) {
 			}
 			break;
 
-		case 'p':
-			print = ISC_TRUE;
-			break;
-
 		case 'v':
 			printf(VERSION "\n");
 			exit(0);
@@ -467,22 +428,11 @@ main(int argc, char **argv) {
 			dochecksrv = ISC_FALSE;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
+			usage();
 		}
 	}
 
-	if (isc_commandline_index + 1 < argc)
-		usage();
 	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
 	if (conffile == NULL || conffile[0] == '\0')
@@ -490,7 +440,7 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS);
 
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
@@ -516,8 +466,6 @@ main(int argc, char **argv) {
 			exit_status = 1;
 	}
 
-	if (print && exit_status == 0)
-		cfg_print(config, output, NULL);
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);

bin/check/named-checkconf.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.22 2009/12/28 23:21:16 each Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.8.18.10 2007/08/28 07:19:55 tbox Exp $ -->
 <refentry id="man.named-checkconf">
   <refentryinfo>
     <date>June 14, 2000</date>
@@ -35,7 +35,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2007</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -54,12 +53,10 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>named-checkconf</command>
-      <arg><option>-h</option></arg>
       <arg><option>-v</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="req">filename</arg>
-      <arg><option>-p</option></arg>
       <arg><option>-z</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -67,21 +64,8 @@
   <refsect1>
     <title>DESCRIPTION</title>
     <para><command>named-checkconf</command>
-      checks the syntax, but not the semantics, of a
-      <command>named</command> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <filename>/etc/named.conf</filename> is read
-      by default.
-    </para>
-    <para>
-      Note: files that <command>named</command> reads in separate
-      parser contexts, such as <filename>rndc.key</filename> and
-      <filename>bind.keys</filename>, are not automatically read
-      by <command>named-checkconf</command>.  Configuration
-      errors in these files may cause <command>named</command> to
-      fail to run, even if <command>named-checkconf</command> was
-      successful.  <command>named-checkconf</command> can be run
-      on these files explicitly, however.
+      checks the syntax, but not the semantics, of a named
+      configuration file.
     </para>
   </refsect1>
 
@@ -89,20 +73,12 @@
     <title>OPTIONS</title>
 
     <variablelist>
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that include
+            Chroot to <filename>directory</filename> so that
+            include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
           </para>
@@ -119,16 +95,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-	    Print out the <filename>named.conf</filename> and included files
-	    in canonical form if no errors were detected.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-z</term>
         <listitem>

bin/check/named-checkconf.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkconf.html,v 1.33 2009/12/29 01:14:03 tbox Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.9.18.21 2009/07/11 01:31:43 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,38 +29,22 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>DESCRIPTION</h2>
+<a name="id2543383"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
-      checks the syntax, but not the semantics, of a
-      <span><strong class="command">named</strong></span> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <code class="filename">/etc/named.conf</code> is read
-      by default.
-    </p>
-<p>
-      Note: files that <span><strong class="command">named</strong></span> reads in separate
-      parser contexts, such as <code class="filename">rndc.key</code> and
-      <code class="filename">bind.keys</code>, are not automatically read
-      by <span><strong class="command">named-checkconf</strong></span>.  Configuration
-      errors in these files may cause <span><strong class="command">named</strong></span> to
-      fail to run, even if <span><strong class="command">named-checkconf</strong></span> was
-      successful.  <span><strong class="command">named-checkconf</strong></span> can be run
-      on these files explicitly, however.
+      checks the syntax, but not the semantics, of a named
+      configuration file.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543444"></a><h2>OPTIONS</h2>
+<a name="id2543395"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that include
+            Chroot to <code class="filename">directory</code> so that
+            include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
           </p></dd>
@@ -69,11 +53,6 @@
             Print the version of the <span><strong class="command">named-checkconf</strong></span>
             program and exit.
           </p></dd>
-<dt><span class="term">-p</span></dt>
-<dd><p>
-	    Print out the <code class="filename">named.conf</code> and included files
-	    in canonical form if no errors were detected.
-          </p></dd>
 <dt><span class="term">-z</span></dt>
 <dd><p>
 	    Perform a test load of all master zones found in
@@ -91,21 +70,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543568"></a><h2>RETURN VALUES</h2>
+<a name="id2543489"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543579"></a><h2>SEE ALSO</h2>
+<a name="id2543500"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543609"></a><h2>AUTHOR</h2>
+<a name="id2543530"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.47 2010/01/17 01:14:02 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.18.18.25 2009/07/11 01:31:43 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,9 +33,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
@@ -58,11 +58,6 @@ configuration file.
 Enable debugging.
 .RE
 .PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
 \-q
 .RS 4
 Quiet mode \- exit code only.
@@ -193,23 +188,10 @@ Specify whether NS records should be checked to see if they are addresses. Possi
 \-o \fIfilename\fR
 .RS 4
 Write zone output to
-\fIfilename\fR. If
-\fIfilename\fR
-is
-\fI\-\fR
-then write to standard out. This is mandatory for
+\fIfilename\fR. This is mandatory for
 \fBnamed\-compilezone\fR.
 .RE
 .PP
-\-r \fImode\fR
-.RS 4
-Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
 \-s \fIstyle\fR
 .RS 4
 Specify the style of the dumped zone file. Possible styles are
@@ -281,7 +263,7 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2002 Internet Software Consortium.
 .br

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.59 2009/12/04 22:06:37 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.29.18.24 2009/05/29 02:19:20 marka Exp $ */
 
 /*! \file */
 
@@ -70,23 +70,17 @@ static enum { progmode_check, progmode_compile } progmode;
 		} \
 	} while (0)
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] "
+		"usage: %s [-djqvD] [-c class] [-o output] "
 		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-r (ignore|warn|fail)] "
 		"[-i (full|full-sibling|local|local-sibling|none)] "
 		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
 		"[-W (ignore|warn)] "
-		"%s zonename filename\n",
-		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "-o filename");
+		"zonename filename\n", prog_name);
 	exit(1);
 }
 
@@ -112,7 +106,6 @@ main(int argc, char **argv) {
 	const char *outputformatstr = NULL;
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
-	FILE *errout = stdout;
 
 	outputstyle = &dns_master_style_full;
 
@@ -144,19 +137,15 @@ main(int argc, char **argv) {
 	if (progmode == progmode_compile) {
 		zone_options |= (DNS_ZONEOPT_CHECKNS |
 				 DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKDUPRR |
 				 DNS_ZONEOPT_CHECKNAMES |
 				 DNS_ZONEOPT_CHECKNAMESFAIL |
 				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
+	}
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
-	isc_commandline_errprint = ISC_FALSE;
-
 	while ((c = isc_commandline_parse(argc, argv,
-				       "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+					  "c:df:i:jk:m:n:qs:t:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -268,27 +257,16 @@ main(int argc, char **argv) {
 			}
 			break;
 
-		case 'o':
-			output_filename = isc_commandline_argument;
-			break;
-
 		case 'q':
 			quiet++;
 			break;
 
-		case 'r':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-				zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR |
-						DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKDUPRR |
-						  DNS_ZONEOPT_CHECKDUPRRFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -r: %s\n",
-					isc_commandline_argument);
+		case 't':
+			result = isc_dir_chroot(isc_commandline_argument);
+			if (result != ISC_R_SUCCESS) {
+				fprintf(stderr, "isc_dir_chroot: %s: %s\n",
+					isc_commandline_argument,
+					isc_result_totext(result));
 				exit(1);
 			}
 			break;
@@ -306,14 +284,8 @@ main(int argc, char **argv) {
 			}
 			break;
 
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s: %s\n",
-					isc_commandline_argument,
-					isc_result_totext(result));
-				exit(1);
-			}
+		case 'o':
+			output_filename = isc_commandline_argument;
 			break;
 
 		case 'v':
@@ -369,17 +341,17 @@ main(int argc, char **argv) {
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					prog_name, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				prog_name, isc_commandline_option);
-			exit(1);
+			usage();
+		}
+	}
+
+	if (progmode == progmode_compile) {
+		dumpzone = 1;	/* always dump */
+		if (output_filename == NULL) {
+			fprintf(stderr,
+				"output file required, but not specified\n");
+			usage();
 		}
 	}
 
@@ -416,36 +388,12 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (progmode == progmode_compile) {
-		dumpzone = 1;	/* always dump */
-		if (output_filename == NULL) {
-			fprintf(stderr,
-				"output file required, but not specified\n");
-			usage();
-		}
-	}
-
-	if (output_filename != NULL)
-		dumpzone = 1;
-
-	/*
-	 * If we are outputing to stdout then send the informational
-	 * output to stderr.
-	 */
-	if (dumpzone &&
-	    (output_filename == NULL ||
-	     strcmp(output_filename, "-") == 0 ||
-	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
-		errout = stderr;
-
-	if (isc_commandline_index + 2 != argc)
+	if (isc_commandline_index + 2 > argc)
 		usage();
 
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 	if (!quiet)
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
-			      == ISC_R_SUCCESS);
+		RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
 		      == ISC_R_SUCCESS);
@@ -459,17 +407,17 @@ main(int argc, char **argv) {
 
 	if (result == ISC_R_SUCCESS && dumpzone) {
 		if (!quiet && progmode == progmode_compile) {
-			fprintf(errout, "dump zone to %s...", output_filename);
-			fflush(errout);
+			fprintf(stdout, "dump zone to %s...", output_filename);
+			fflush(stdout);
 		}
 		result = dump_zone(origin, zone, output_filename,
 				   outputformat, outputstyle);
 		if (!quiet && progmode == progmode_compile)
-			fprintf(errout, "done\n");
+			fprintf(stdout, "done\n");
 	}
 
 	if (!quiet && result == ISC_R_SUCCESS)
-		fprintf(errout, "OK\n");
+		fprintf(stdout, "OK\n");
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);

bin/check/named-checkzone.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.11.18.23 2009/01/22 23:45:59 tbox Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -37,7 +37,6 @@
       <year>2006</year>
       <year>2007</year>
       <year>2009</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -58,7 +57,6 @@
     <cmdsynopsis>
       <command>named-checkzone</command>
       <arg><option>-d</option></arg>
-      <arg><option>-h</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-q</option></arg>
       <arg><option>-v</option></arg>
@@ -71,7 +69,6 @@
       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -95,13 +92,12 @@
       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg choice="req">zonename</arg>
       <arg choice="req">filename</arg>
     </cmdsynopsis>
@@ -141,15 +137,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-q</term>
         <listitem>
@@ -315,26 +302,11 @@
         <listitem>
           <para>
             Write zone output to <filename>filename</filename>.
-	    If <filename>filename</filename> is <filename>-</filename> then
-	    write to standard out.
 	    This is mandatory for <command>named-compilezone</command>.
           </para>
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-	<term>-r <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.  
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
 	<term>-s <replaceable class="parameter">style</replaceable></term>
 	<listitem>

bin/check/named-checkzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.47 2010/01/17 01:14:02 tbox Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.11.18.32 2009/07/11 01:31:43 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,11 +29,11 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543694"></a><h2>DESCRIPTION</h2>
+<a name="id2543668"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,16 +53,12 @@
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543730"></a><h2>OPTIONS</h2>
+<a name="id2543703"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
             Enable debugging.
           </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-q</span></dt>
 <dd><p>
             Quiet mode - exit code only.
@@ -173,18 +169,8 @@
 <dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
 <dd><p>
             Write zone output to <code class="filename">filename</code>.
-	    If <code class="filename">filename</code> is <code class="filename">-</code> then
-	    write to standard out.
 	    This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
           </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.  
-            Possible modes are <span><strong class="command">"fail"</strong></span>,
-            <span><strong class="command">"warn"</strong></span> (default) and
-            <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
 <dd><p>
 	    Specify the style of the dumped zone file.
@@ -247,14 +233,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544377"></a><h2>RETURN VALUES</h2>
+<a name="id2544302"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544389"></a><h2>SEE ALSO</h2>
+<a name="id2544314"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
@@ -262,7 +248,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544422"></a><h2>AUTHOR</h2>
+<a name="id2544347"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/win32/checktool.dsp

@@ -43,7 +43,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
@@ -70,7 +70,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32

bin/check/win32/namedcheckconf.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/check/win32/namedcheckconf.mak

@@ -138,7 +138,7 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
 BSC32_SBRS= \
@@ -203,7 +203,7 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
 BSC32_SBRS= \

bin/check/win32/namedcheckzone.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
 # SUBTRACT CPP /Fr
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
@@ -67,7 +67,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/check/win32/namedcheckzone.mak

@@ -130,7 +130,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -221,7 +221,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/confgen/.cvsignore

@@ -1,3 +0,0 @@
-Makefile
-ddns-confgen
-rndc-confgen

bin/confgen/Makefile.in

@@ -1,101 +0,0 @@
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: Makefile.in,v 1.8 2009/12/05 23:31:40 each Exp $
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
-	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
-
-CDEFINES =
-CWARNINGS =
-
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-
-RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
-RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
-
-LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
-
-NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
-
-CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
-
-SRCS=		rndc-confgen.c ddns-confgen.c
-
-SUBDIRS =	unix
-
-TARGETS =	rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@
-
-MANPAGES =	rndc-confgen.8 ddns-confgen.8
-
-HTMLPAGES =	rndc-confgen.html ddns-confgen.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-UOBJS =		unix/os.@O@
-
-@BIND9_MAKE_RULES@
-
-rndc-confgen.@O@: rndc-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
-		-c ${srcdir}/rndc-confgen.c
-
-ddns-confgen.@O@: ddns-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
-
-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} 
-	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ddns-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/ddns-confgen.8 ${DESTDIR}${mandir}/man8
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS}

bin/confgen/ddns-confgen.8

@@ -1,143 +0,0 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: ddns-confgen.8,v 1.10 2009/09/19 01:14:52 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: ddns\-confgen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jan 29, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DDNS\-CONFGEN" "8" "Jan 29, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-ddns\-confgen \- ddns key generation tool
-.SH "SYNOPSIS"
-.HP 13
-\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR] [\fB\-q\fR] [name]
-.SH "DESCRIPTION"
-.PP
-\fBddns\-confgen\fR
-generates a key for use by
-\fBnsupdate\fR
-and
-\fBnamed\fR. It simplifies configuration of dynamic zones by generating a key and providing the
-\fBnsupdate\fR
-and
-\fBnamed.conf\fR
-syntax that will be needed to use it, including an example
-\fBupdate\-policy\fR
-statement.
-.PP
-If a domain name is specified on the command line, it will be used in the name of the generated key and in the sample
-\fBnamed.conf\fR
-syntax. For example,
-\fBddns\-confgen example.com\fR
-would generate a key called "ddns\-key.example.com", and sample
-\fBnamed.conf\fR
-command that could be used in the zone definition for "example.com".
-.PP
-Note that
-\fBnamed\fR
-itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fR.
-\fBddns\-confgen\fR
-is only needed when a more elaborate configuration is required: for instance, if
-\fBnsupdate\fR
-is to be used from a remote system.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Specifies the algorithm to use for the TSIG key. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512. The default is hmac\-sha256.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBddns\-confgen\fR.
-.RE
-.PP
-\-k \fIkeyname\fR
-.RS 4
-Specifies the key name of the DDNS authentication key. The default is
-\fBddns\-key\fR
-when neither the
-\fB\-s\fR
-nor
-\fB\-z\fR
-option is specified; otherwise, the default is
-\fBddns\-key\fR
-as a separate label followed by the argument of the option, e.g.,
-\fBddns\-key.example.com.\fR
-The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods.
-.RE
-.PP
-\-q
-.RS 4
-Quiet mode: Print only the key, with no explanatory text or usage examples.
-.RE
-.PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
-.RE
-.PP
-\-s \fIname\fR
-.RS 4
-Single host mode: The example
-\fBnamed.conf\fR
-text shows how to set an update policy for the specified
-\fIname\fR
-using the "name" nametype. The default key name is ddns\-key.\fIname\fR. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key name. This option cannot be used with the
-\fB\-z\fR
-option.
-.RE
-.PP
-\-z \fIzone\fR
-.RS 4
-zone mode: The example
-\fBnamed.conf\fR
-text shows how to set an update policy for the specified
-\fIzone\fR
-using the "zonesub" nametype, allowing updates to all subdomain names within that
-\fIzone\fR. This option cannot be used with the
-\fB\-s\fR
-option.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBnsupdate\fR(1),
-\fBnamed.conf\fR(5),
-\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/confgen/ddns-confgen.c

@@ -1,257 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: ddns-confgen.c,v 1.9 2009/09/29 15:06:05 fdupont Exp $ */
-
-/*! \file */
-
-/**
- * ddns-confgen generates configuration files for dynamic DNS. It can
- * be used as a convenient alternative to writing the ddns.key file
- * and the corresponding key and update-policy statements in named.conf.
- */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/assertions.h>
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-#define DEFAULT_KEYNAME		"ddns-key"
-
-static char program[256];
-const char *progname;
-
-isc_boolean_t verbose = ISC_FALSE;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(int status) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(int status) {
-
-	fprintf(stderr, "\
-Usage:\n\
- %s [-a alg] [-k keyname] [-r randomfile] [-q] [-s name | -z zone]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\
-  -k keyname:    name of the key as it will be used in named.conf\n\
-  -r randomfile: source of random data (use \"keyboard\" for key timing)\n\
-  -s name:       domain name to be updated using the created key\n\
-  -z zone:       name of the zone as it will be used in named.conf\n\
-  -q:            quiet mode: print the key, with no explanatory text\n",
-		 progname);
-
-	exit (status);
-}
-
-int
-main(int argc, char **argv) {
-	isc_boolean_t show_final_mem = ISC_FALSE;
-	isc_boolean_t quiet = ISC_FALSE;
-	isc_buffer_t key_txtbuffer;
-	char key_txtsecret[256];
-	isc_mem_t *mctx = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-	const char *randomfile = NULL;
-	const char *keyname = NULL;
-	const char *zone = NULL;
-	const char *self_domain = NULL;
-	char *keybuf = NULL;
-	dns_secalg_t alg = DST_ALG_HMACSHA256;
-	const char *algname = alg_totext(alg);
-	int keysize = 256;
-	int len = 0;
-	int ch;
-
-	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS)
-		memcpy(program, "ddns-confgen", 13);
-	progname = program;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "a:hk:Mmr:qs:Vy:z:")) != -1) {
-		switch (ch) {
-		case 'a':
-			algname = isc_commandline_argument;
-			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN)
-				fatal("Unsupported algorithm '%s'", algname);
-			keysize = alg_bits(alg);
-			break;
-		case 'h':
-			usage(0);
-		case 'k':
-		case 'y':
-			keyname = isc_commandline_argument;
-			break;
-		case 'M':
-			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
-			break;
-		case 'm':
-			show_final_mem = ISC_TRUE;
-			break;
-		case 'q':
-			quiet = ISC_TRUE;
-			break;
-		case 'r':
-			randomfile = isc_commandline_argument;
-			break;
-		case 's':
-			self_domain = isc_commandline_argument;
-			break;
-		case 'V':
-			verbose = ISC_TRUE;
-			break;
-		case 'z':
-			zone = isc_commandline_argument;
-			break;
-		case '?':
-			if (isc_commandline_option != '?') {
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-				usage(1);
-			} else
-				usage(0);
-			break;
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	argc -= isc_commandline_index;
-	argv += isc_commandline_index;
-
-	if (self_domain != NULL && zone != NULL)
-		usage(1);	/* -s and -z cannot coexist */
-
-	if (argc > 0)
-		usage(1);
-
-	DO("create memory context", isc_mem_create(0, 0, &mctx));
-
-	if (keyname == NULL) {
-		const char *suffix = NULL;
-
-		keyname = DEFAULT_KEYNAME;
-		if (self_domain != NULL)
-			suffix = self_domain;
-		else if (zone != NULL)
-			suffix = zone;
-		if (suffix != NULL) {
-			len = strlen(keyname) + strlen(suffix) + 2;
-			keybuf = isc_mem_get(mctx, len);
-			if (keybuf == NULL)
-				fatal("failed to allocate memory for keyname");
-			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *) keybuf;
-		}
-	}
-
-	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
-
-	generate_key(mctx, randomfile, alg, keysize, &key_txtbuffer);
-
-
-	if (!quiet)
-		printf("\
-# To activate this key, place the following in named.conf, and\n\
-# in a separate keyfile on the system or systems from which nsupdate\n\
-# will be run:\n");
-
-	printf("\
-key \"%s\" {\n\
-	algorithm %s;\n\
-	secret \"%.*s\";\n\
-};\n",
-	       keyname, algname,
-	       (int)isc_buffer_usedlength(&key_txtbuffer),
-	       (char *)isc_buffer_base(&key_txtbuffer));
-
-	if (!quiet) {
-		if (self_domain != NULL) {
-			printf("\n\
-# Then, in the \"zone\" statement for the zone containing the\n\
-# name \"%s\", place an \"update-policy\" statement\n\
-# like this one, adjusted as needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s name %s ANY;\n\
-};\n",
-			       self_domain, keyname, self_domain);
-		} else if (zone != NULL) {
-			printf("\n\
-# Then, in the \"zone\" definition statement for \"%s\",\n\
-# place an \"update-policy\" statement like this one, adjusted as \n\
-# needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s zonesub ANY;\n\
-};\n",
-			       zone, keyname);
-		} else {
-			printf("\n\
-# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
-# update, place an \"update-policy\" statement granting update permission\n\
-# to this key.  For example, the following statement grants this key\n\
-# permission to update any name within the zone:\n\
-update-policy {\n\
-	grant %s zonesub ANY;\n\
-};\n",
-			       keyname);
-		}
-
-		printf("\n\
-# After the keyfile has been placed, the following command will\n\
-# execute nsupdate using this key:\n\
-nsupdate -k <keyfile>\n");
-
-	}
-
-	if (keybuf != NULL)
-		isc_mem_put(mctx, keybuf, len);
-
-	if (show_final_mem)
-		isc_mem_stats(mctx, stderr);
-
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/confgen/ddns-confgen.docbook

@@ -1,218 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-	       "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: ddns-confgen.docbook,v 1.6 2009/09/18 22:08:55 fdupont Exp $ -->
-<refentry id="man.ddns-confgen">
-  <refentryinfo>
-    <date>Jan 29, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>ddns-confgen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>ddns-confgen</application></refname>
-    <refpurpose>ddns key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>ddns-confgen</command>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
-      <group>
-        <arg choice="plain">-s <replaceable class="parameter">name</replaceable></arg>
-        <arg choice="plain">-z <replaceable class="parameter">zone</replaceable></arg>
-      </group>
-      <arg><option>-q</option></arg>
-      <arg choice="opt">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>ddns-confgen</command>
-      generates a key for use by <command>nsupdate</command>
-      and <command>named</command>.  It simplifies configuration
-      of dynamic zones by generating a key and providing the
-      <command>nsupdate</command> and <command>named.conf</command>
-      syntax that will be needed to use it, including an example
-      <command>update-policy</command> statement.
-    </para>
-
-    <para>
-      If a domain name is specified on the command line, it will
-      be used in the name of the generated key and in the sample
-      <command>named.conf</command> syntax.  For example,
-      <command>ddns-confgen example.com</command> would
-      generate a key called "ddns-key.example.com", and sample
-      <command>named.conf</command> command that could be used
-      in the zone definition for "example.com".
-    </para>
-
-    <para>
-      Note that <command>named</command> itself can configure a
-      local DDNS key for use with <command>nsupdate -l</command>.
-      <command>ddns-confgen</command> is only needed when a 
-      more elaborate configuration is required: for instance, if
-      <command>nsupdate</command> is to be used from a remote system.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Prints a short summary of the options and arguments to
-	    <command>ddns-confgen</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-k <replaceable class="parameter">keyname</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <constant>ddns-key</constant> when neither
-	    the <option>-s</option> nor <option>-z</option> option is
-	    specified; otherwise, the default
-	    is <constant>ddns-key</constant> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <constant>ddns-key.example.com.</constant>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q</term>
-	<listitem>
-	  <para>
-	    Quiet mode:  Print only the key, with no explanatory text or
-            usage examples.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r <replaceable class="parameter">randomfile</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <filename>/dev/random</filename> or equivalent device, the
-            default source of randomness is keyboard input.
-            <filename>randomdev</filename> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard input
-            should be used.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s <replaceable class="parameter">name</replaceable></term>
-	<listitem>
-	  <para>
-	    Single host mode: The example <command>named.conf</command> text
-	    shows how to set an update policy for the specified
-	    <replaceable class="parameter">name</replaceable>
-	    using the "name" nametype.
-	    The default key name is
-	    ddns-key.<replaceable class="parameter">name</replaceable>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <option>-z</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-z <replaceable class="parameter">zone</replaceable></term>
-	<listitem>
-	  <para>
-	    zone mode:  The example <command>named.conf</command> text
-            shows how to set an update policy for the specified
-	    <replaceable class="parameter">zone</replaceable>
-	    using the "zonesub" nametype, allowing updates to all subdomain
-	    names within
-	    that <replaceable class="parameter">zone</replaceable>.
-	    This option cannot be used with the <option>-s</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-	<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/confgen/ddns-confgen.html

@@ -1,141 +0,0 @@
-<!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: ddns-confgen.html,v 1.10 2009/09/19 01:14:52 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.ddns-confgen"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">ddns-confgen</span> &#8212; ddns key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ] [<code class="option">-q</code>] [name]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">ddns-confgen</strong></span>
-      generates a key for use by <span><strong class="command">nsupdate</strong></span>
-      and <span><strong class="command">named</strong></span>.  It simplifies configuration
-      of dynamic zones by generating a key and providing the
-      <span><strong class="command">nsupdate</strong></span> and <span><strong class="command">named.conf</strong></span>
-      syntax that will be needed to use it, including an example
-      <span><strong class="command">update-policy</strong></span> statement.
-    </p>
-<p>
-      If a domain name is specified on the command line, it will
-      be used in the name of the generated key and in the sample
-      <span><strong class="command">named.conf</strong></span> syntax.  For example,
-      <span><strong class="command">ddns-confgen example.com</strong></span> would
-      generate a key called "ddns-key.example.com", and sample
-      <span><strong class="command">named.conf</strong></span> command that could be used
-      in the zone definition for "example.com".
-    </p>
-<p>
-      Note that <span><strong class="command">named</strong></span> itself can configure a
-      local DDNS key for use with <span><strong class="command">nsupdate -l</strong></span>.
-      <span><strong class="command">ddns-confgen</strong></span> is only needed when a 
-      more elaborate configuration is required: for instance, if
-      <span><strong class="command">nsupdate</strong></span> is to be used from a remote system.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543454"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-	  </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Prints a short summary of the options and arguments to
-	    <span><strong class="command">ddns-confgen</strong></span>.
-	  </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd><p>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <code class="constant">ddns-key</code> when neither
-	    the <code class="option">-s</code> nor <code class="option">-z</code> option is
-	    specified; otherwise, the default
-	    is <code class="constant">ddns-key</code> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <code class="constant">ddns-key.example.com.</code>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </p></dd>
-<dt><span class="term">-q</span></dt>
-<dd><p>
-	    Quiet mode:  Print only the key, with no explanatory text or
-            usage examples.
-	  </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd><p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <code class="filename">/dev/random</code> or equivalent device, the
-            default source of randomness is keyboard input.
-            <code class="filename">randomdev</code> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard input
-            should be used.
-	  </p></dd>
-<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
-	    Single host mode: The example <span><strong class="command">named.conf</strong></span> text
-	    shows how to set an update policy for the specified
-	    <em class="replaceable"><code>name</code></em>
-	    using the "name" nametype.
-	    The default key name is
-	    ddns-key.<em class="replaceable"><code>name</code></em>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <code class="option">-z</code> option.
-	  </p></dd>
-<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
-<dd><p>
-	    zone mode:  The example <span><strong class="command">named.conf</strong></span> text
-            shows how to set an update policy for the specified
-	    <em class="replaceable"><code>zone</code></em>
-	    using the "zonesub" nametype, allowing updates to all subdomain
-	    names within
-	    that <em class="replaceable"><code>zone</code></em>.
-	    This option cannot be used with the <code class="option">-s</code> option.
-	  </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543642"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543681"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/confgen/keygen.c

@@ -1,218 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/keyboard.h>
-#include <isc/mem.h>
-#include <isc/result.h>
-#include <isc/string.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-/*%
- * Convert algorithm type to string.
- */
-const char *
-alg_totext(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return "hmac-md5";
-	    case DST_ALG_HMACSHA1:
-		return "hmac-sha1";
-	    case DST_ALG_HMACSHA224:
-		return "hmac-sha224";
-	    case DST_ALG_HMACSHA256:
-		return "hmac-sha256";
-	    case DST_ALG_HMACSHA384:
-		return "hmac-sha384";
-	    case DST_ALG_HMACSHA512:
-		return "hmac-sha512";
-	    default:
-		return "(unknown)";
-	}
-}
-
-/*%
- * Convert string to algorithm type.
- */
-dns_secalg_t
-alg_fromtext(const char *name) {
-	if (strcmp(name, "hmac-md5") == 0)
-		return DST_ALG_HMACMD5;
-	if (strcmp(name, "hmac-sha1") == 0)
-		return DST_ALG_HMACSHA1;
-	if (strcmp(name, "hmac-sha224") == 0)
-		return DST_ALG_HMACSHA224;
-	if (strcmp(name, "hmac-sha256") == 0)
-		return DST_ALG_HMACSHA256;
-	if (strcmp(name, "hmac-sha384") == 0)
-		return DST_ALG_HMACSHA384;
-	if (strcmp(name, "hmac-sha512") == 0)
-		return DST_ALG_HMACSHA512;
-	return DST_ALG_UNKNOWN;
-}
-
-/*%
- * Return default keysize for a given algorithm type.
- */
-int
-alg_bits(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return 128;
-	    case DST_ALG_HMACSHA1:
-		return 160;
-	    case DST_ALG_HMACSHA224:
-		return 224;
-	    case DST_ALG_HMACSHA256:
-		return 256;
-	    case DST_ALG_HMACSHA384:
-		return 384;
-	    case DST_ALG_HMACSHA512:
-		return 512;
-	    default:
-		return 0;
-	}
-}
-
-/*%
- * Generate a key of size 'keysize' using entropy source 'randomfile',
- * and place it in 'key_txtbuffer'
- */
-void
-generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-	     int keysize, isc_buffer_t *key_txtbuffer) {
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_entropysource_t *entropy_source = NULL;
-	int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-	int entropy_flags = 0;
-	isc_entropy_t *ectx = NULL;
-	isc_buffer_t key_rawbuffer;
-	isc_region_t key_rawregion;
-	char key_rawsecret[64];
-	dst_key_t *key = NULL;
-
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		if (keysize < 1 || keysize > 512)
-			fatal("keysize %d out of range (must be 1-512)\n",
-			      keysize);
-		break;
-	    case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 256)
-			fatal("keysize %d out of range (must be 1-256)\n",
-			      keysize);
-		break;
-	    default:
-		fatal("unsupported algorithm %d\n", alg);
-	}
-
-
-	DO("create entropy context", isc_entropy_create(mctx, &ectx));
-
-	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
-		randomfile = NULL;
-		open_keyboard = ISC_ENTROPY_KEYBOARDYES;
-	}
-	DO("start entropy source", isc_entropy_usebestsource(ectx,
-							     &entropy_source,
-							     randomfile,
-							     open_keyboard));
-
-	entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY;
-
-	DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags));
-
-	DO("generate key", dst_key_generate(dns_rootname, alg,
-					    keysize, 0, 0,
-					    DNS_KEYPROTO_ANY,
-					    dns_rdataclass_in, mctx, &key));
-
-	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
-
-	DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
-
-	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
-
-	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
-						     key_txtbuffer));
-
-	/*
-	 * Shut down the entropy source now so the "stop typing" message
-	 * does not muck with the output.
-	 */
-	if (entropy_source != NULL)
-		isc_entropy_destroysource(&entropy_source);
-
-	if (key != NULL)
-		dst_key_free(&key);
-
-	isc_entropy_detach(&ectx);
-	dst_lib_destroy();
-}
-
-/*%
- * Write a key file to 'keyfile'.  If 'user' is non-NULL,
- * make that user the owner of the file.  The key will have
- * the name 'keyname' and the secret in the buffer 'secret'.
- */
-void
-write_key_file(const char *keyfile, const char *user,
-	       const char *keyname, isc_buffer_t *secret,
-	       dns_secalg_t alg) {
-	isc_result_t result;
-	const char *algname = alg_totext(alg);
-	FILE *fd = NULL;
-
-	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
-
-	if (user != NULL) {
-		if (set_user(fd, user) == -1)
-			fatal("unable to set file owner\n");
-	}
-
-	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
-		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname,
-		(int)isc_buffer_usedlength(secret),
-		(char *)isc_buffer_base(secret));
-	fflush(fd);
-	if (ferror(fd))
-		fatal("write to %s failed\n", keyfile);
-	if (fclose(fd))
-		fatal("fclose(%s) failed\n", keyfile);
-	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
-}
-

bin/confgen/keygen.h

@@ -1,41 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: keygen.h,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-#ifndef RNDC_KEYGEN_H
-#define RNDC_KEYGEN_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-
-ISC_LANG_BEGINDECLS
-
-void generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
-		  int keysize, isc_buffer_t *key_txtbuffer);
-
-void write_key_file(const char *keyfile, const char *user,
-		    const char *keyname, isc_buffer_t *secret,
-		    dns_secalg_t alg);
-
-const char *alg_totext(dns_secalg_t alg);
-dns_secalg_t alg_fromtext(const char *name);
-int alg_bits(dns_secalg_t alg);
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_KEYGEN_H */

bin/confgen/util.h

@@ -1,52 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: util.h,v 1.4 2009/09/29 15:06:05 fdupont Exp $ */
-
-#ifndef RNDC_UTIL_H
-#define RNDC_UTIL_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-#include <isc/platform.h>
-
-#include <isc/formatcheck.h>
-
-#define NS_CONTROL_PORT		953
-
-#undef DO
-#define DO(name, function) \
-	do { \
-		result = function; \
-		if (result != ISC_R_SUCCESS) \
-			fatal("%s: %s", name, isc_result_totext(result)); \
-		else \
-			notify("%s", name); \
-	} while (0)
-
-ISC_LANG_BEGINDECLS
-
-void
-notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_UTIL_H */

bin/confgen/win32/confgentool.dsp

@@ -1,135 +0,0 @@
-# Microsoft Developer Studio Project File - Name="confgentool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=confgentool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "confgentool.mak" CFG="confgentool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "confgentool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "confgentool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "confgentool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Release/confgentool.lib"
-
-!ELSEIF  "$(CFG)" == "confgentool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdconfgentool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug /out:"Debug/confgentool.lib"
-LIB32=lib.exe
-# ADD BASE LIB32
-# ADD LIB32 /out:"Debug/confgentool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "confgentool - Win32 Release"
-# Name "confgentool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\keygen.h
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\keygen.c
-# End Source File
-# Begin Source File
-
-SOURCE=..\util.c
-# End Source File
-# Begin Source File
-
-SOURCE=.\os.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/confgen/win32/confgentool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "confgentool"=".\confgentool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/ddnsconfgen.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="ddnsconfgen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/confgentool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe"
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/confgentool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "ddnsconfgen - Win32 Release"
-# Name "ddnsconfgen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\ddns-confgen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/confgen/win32/ddnsconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "ddnsconfgen"=".\ddnsconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/confgen/win32/ddnsconfgen.mak

@@ -1,337 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on ddnsconfgen.dsp
-!IF "$(CFG)" == ""
-CFG=ddnsconfgen - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to ddnsconfgen - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "ddnsconfgen - Win32 Release" && "$(CFG)" != "ddnsconfgen - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "ddnsconfgen.mak" CFG="ddnsconfgen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "ddnsconfgen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "ddnsconfgen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\ddns-confgen.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\ddns-confgen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "NDEBUG" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\ddnsconfgen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/isccc/win32/Release/libisccc.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\ddns-confgen.pdb" /machine:I386 /out:"../../../Build/Release/ddns-confgen.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Release\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\ddns-confgen.exe" "$(OUTDIR)\ddnsconfgen.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\os.obj"
-	-@erase "$(INTDIR)\os.sbr"
-	-@erase "$(INTDIR)\ddns-confgen.obj"
-	-@erase "$(INTDIR)\ddns-confgen.sbr"
-	-@erase "$(INTDIR)\keygen.obj"
-	-@erase "$(INTDIR)\keygen.sbr"
-	-@erase "$(INTDIR)\util.obj"
-	-@erase "$(INTDIR)\util.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\ddnsconfgen.bsc"
-	-@erase "$(OUTDIR)\ddns-confgen.pdb"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.exe"
-	-@erase "..\..\..\Build\Debug\ddns-confgen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/win32/include" /I "../../../lib/dns/include" /I "../../../lib/isccc/include" /I "../../../lib/isccfg/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\ddnsconfgen.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\os.sbr" \
-	"$(INTDIR)\ddns-confgen.sbr" \
-	"$(INTDIR)\keygen.sbr" \
-	"$(INTDIR)\util.sbr"
-
-"$(OUTDIR)\ddnsconfgen.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/isccc/win32/Debug/libisccc.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\ddns-confgen.pdb" /debug /machine:I386 /out:"../../../Build/Debug/ddns-confgen.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\os.obj" \
-	"$(INTDIR)\ddns-confgen.obj" \
-	"$(INTDIR)\keygen.obj" \
-	"$(INTDIR)\util.obj"
-
-"..\..\..\Build\Debug\ddns-confgen.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("ddnsconfgen.dep")
-!INCLUDE "ddnsconfgen.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "ddnsconfgen.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "ddnsconfgen - Win32 Release" || "$(CFG)" == "ddnsconfgen - Win32 Debug"
-SOURCE=.\os.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\os.obj" : $(SOURCE) "$(INTDIR)"
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\os.obj"	"$(INTDIR)\os.sbr" : $(SOURCE) "$(INTDIR)"
-
-
-!ENDIF 
-
-SOURCE="..\ddns-confgen.c"
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\ddns-confgen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\ddns-confgen.obj"	"$(INTDIR)\ddns-confgen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\keygen.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\keygen.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\keygen.obj"	"$(INTDIR)\keygen.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\util.c
-
-!IF  "$(CFG)" == "ddnsconfgen - Win32 Release"
-
-
-"$(INTDIR)\util.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "ddnsconfgen - Win32 Debug"
-
-
-"$(INTDIR)\util.obj"	"$(INTDIR)\util.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/confgen/win32/os.c

@@ -1,34 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: os.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
-
-#include <config.h>
-
-#include <confgen/os.h>
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <stdio.h>
-#include <io.h>
-#include <sys/stat.h>
-
-int
-set_user(FILE *fd, const char *user) {
-	return (0);
-}

bin/confgen/win32/rndcconfgen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "rndconfgen"=".\rndconfgen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.47 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.33.18.6 2005/09/09 14:11:04 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -24,7 +24,7 @@ top_srcdir =	@top_srcdir@
 @BIND9_MAKE_INCLUDES@
 
 CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
+		${ISC_INCLUDES} ${LWRES_INCLUDES}
 
 CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
@@ -33,7 +33,6 @@ ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 BIND9LIBS =	../../lib/bind9/libbind9.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
@@ -45,11 +44,8 @@ LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
 		${LWRESDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCLIBS} @IDNLIBS@ @LIBS@
-
-NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
+LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
+		${ISCCFGLIBS} @IDNLIBS@ @LIBS@
 
 SUBDIRS =
 
@@ -70,16 +66,16 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 @BIND9_MAKE_RULES@
 
 dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="host.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="nslookup.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.54 2010/03/05 01:14:15 tbox Exp $
+.\" $Id: dig.1,v 1.23.18.27 2009/07/11 01:31:43 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -455,11 +455,6 @@ Print records like the SOA records in a verbose multi\-line format with human\-r
 output.
 .RE
 .PP
-\fB+[no]onesoa\fR
-.RS 4
-Print only one (starting) SOA record when performing an AXFR. The default is to print both the starting and ending SOA records.
-.RE
-.PP
 \fB+[no]fail\fR
 .RS 4
 Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
@@ -500,11 +495,6 @@ Requires dig be compiled with \-DDIG_SIGCHASE.
 .RS 4
 When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
 .RE
-.PP
-\fB+[no]nsid\fR
-.RS 4
-Include an EDNS name server ID request when sending a query.
-.RE
 .SH "MULTIPLE QUERIES"
 .PP
 The BIND 9 implementation of
@@ -567,7 +557,7 @@ RFC1035.
 .PP
 There are probably too many query options.
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dig/dig.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.235 2010/03/04 23:50:34 tbox Exp $ */
+/* $Id: dig.c,v 1.186.18.37 2009/05/06 10:21:00 fdupont Exp $ */
 
 /*! \file */
 
@@ -68,8 +68,7 @@ static char domainopt[DNS_NAME_MAXTEXT];
 
 static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
 	ip6_int = ISC_FALSE, plusquest = ISC_FALSE, pluscomm = ISC_FALSE,
-	multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE,
-	onesoa = ISC_FALSE;
+	multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
 
 /*% opcode text */
 static const char * const opcodetext[] = {
@@ -139,9 +138,6 @@ print_usage(FILE *fp) {
 "            [ host [@local-server] {local-d-opt} [...]]\n", fp);
 }
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
 	print_usage(stderr);
@@ -217,7 +213,6 @@ help(void) {
 "                 +[no]identify       (ID responders in short answers)\n"
 "                 +[no]trace          (Trace delegation down from root)\n"
 "                 +[no]dnssec         (Request DNSSEC records)\n"
-"                 +[no]nsid           (Request Name Server ID)\n"
 #ifdef DIG_SIGCHASE
 "                 +[no]sigchase       (Chase DNSSEC signatures)\n"
 "                 +trusted-key=####   (Trusted Key when chasing DNSSEC sigs)\n"
@@ -226,7 +221,6 @@ help(void) {
 #endif
 #endif
 "                 +[no]multiline      (Print records in an expanded format)\n"
-"                 +[no]onesoa         (AXFR prints only one soa record)\n"
 "        global d-opts and servers (before host name) affect all queries.\n"
 "        local d-opts and servers (after host name) affect only that lookup.\n"
 "        -h                           (print help and exit)\n"
@@ -473,9 +467,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		flags |= DNS_MESSAGETEXTFLAG_NOHEADERS;
 		flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
 	}
-	if (onesoa && query->lookup->rdtype == dns_rdatatype_axfr)
-		flags |= (query->msg_count == 0) ? DNS_MESSAGETEXTFLAG_ONESOA :
-						   DNS_MESSAGETEXTFLAG_OMITSOA;
 	if (!query->lookup->comments)
 		flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
 
@@ -668,9 +659,9 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 		}
 		if (first) {
 			snprintf(append, sizeof(append),
-				 ";; global options:%s%s\n",
-				 short_form ? " +short" : "",
-				 printcmd ? " +cmd" : "");
+				 ";; global options: %s %s\n",
+			       short_form ? "short_form" : "",
+			       printcmd ? "printcmd" : "");
 			first = ISC_FALSE;
 			remaining = sizeof(lookup->cmdline) -
 				    strlen(lookup->cmdline) - 1;
@@ -679,6 +670,19 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 	}
 }
 
+static isc_uint32_t
+parse_uint(char *arg, const char *desc, isc_uint32_t max) {
+	isc_result_t result;
+	isc_uint32_t tmp;
+
+	result = isc_parse_uint32(&tmp, arg, 10);
+	if (result == ISC_R_SUCCESS && tmp > max)
+		result = ISC_R_RANGE;
+	if (result != ISC_R_SUCCESS)
+		fatal("%s '%s': %s", desc, arg, isc_result_totext(result));
+	return (tmp);
+}
+
 /*%
  * We're not using isc_commandline_parse() here since the command line
  * syntax of dig is quite a bit different from that which can be described
@@ -690,10 +694,8 @@ static void
 plus_option(char *option, isc_boolean_t is_batchfile,
 	    dig_lookup_t *lookup)
 {
-	isc_result_t result;
 	char option_store[256];
 	char *cmd, *value, *ptr;
-	isc_uint32_t num;
 	isc_boolean_t state = ISC_TRUE;
 #ifdef DIG_SIGCHASE
 	size_t n;
@@ -741,7 +743,6 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				lookup->section_additional = state;
 				break;
 			case 'f': /* adflag */
-			case '\0': /* +ad is a synonym for +adflag */
 				FULLCHECK("adflag");
 				lookup->adflag = state;
 				break;
@@ -783,11 +784,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				goto need_value;
 			if (!state)
 				goto invalid_option;
-			result = parse_uint(&num, value, COMMSIZE,
-					    "buffer size");
-			if (result != ISC_R_SUCCESS)
-				fatal("Couldn't parse buffer size");
-			lookup->udpsize = num;
+			lookup->udpsize = (isc_uint16_t) parse_uint(value,
+						    "buffer size", COMMSIZE);
 			break;
 		default:
 			goto invalid_option;
@@ -796,15 +794,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 	case 'c':
 		switch (cmd[1]) {
 		case 'd':/* cdflag */
-			switch (cmd[2]) {
-			case 'f': /* cdflag */
-			case '\0': /* +cd is a synonym for +cdflag */
-				FULLCHECK("cdflag");
-				lookup->cdflag = state;
-				break;
-			default:
-				goto invalid_option;
-			}
+			FULLCHECK("cdflag");
+			lookup->cdflag = state;
 			break;
 		case 'l': /* cl */
 			FULLCHECK("cl");
@@ -859,10 +850,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 		}
 		if (value == NULL)
 			goto need_value;
-		result = parse_uint(&num, value, 255, "edns");
-		if (result != ISC_R_SUCCESS)
-			fatal("Couldn't parse edns");
-		lookup->edns = num;
+		lookup->edns = (isc_int16_t) parse_uint(value, "edns", 255);
 		break;
 	case 'f': /* fail */
 		FULLCHECK("fail");
@@ -892,48 +880,29 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				goto need_value;
 			if (!state)
 				goto invalid_option;
-			result = parse_uint(&num, value, MAXNDOTS, "ndots");
-			if (result != ISC_R_SUCCESS)
-				fatal("Couldn't parse ndots");
-			ndots = num;
+			ndots = parse_uint(value, "ndots", MAXNDOTS);
 			break;
-		case 's':
-			switch (cmd[2]) {
-			case 'i': /* nsid */
-				FULLCHECK("nsid");
-				if (state && lookup->edns == -1)
-					lookup->edns = 0;
-				lookup->nsid = state;
-				break;
-			case 's': /* nssearch */
-				FULLCHECK("nssearch");
-				lookup->ns_search_only = state;
-				if (state) {
-					lookup->trace_root = ISC_TRUE;
-					lookup->recurse = ISC_TRUE;
-					lookup->identify = ISC_TRUE;
-					lookup->stats = ISC_FALSE;
-					lookup->comments = ISC_FALSE;
-					lookup->section_additional = ISC_FALSE;
-					lookup->section_authority = ISC_FALSE;
-					lookup->section_question = ISC_FALSE;
-					lookup->rdtype = dns_rdatatype_ns;
-					lookup->rdtypeset = ISC_TRUE;
-					short_form = ISC_TRUE;
-				}
-				break;
-			default:
-				goto invalid_option;
+		case 's': /* nssearch */
+			FULLCHECK("nssearch");
+			lookup->ns_search_only = state;
+			if (state) {
+				lookup->trace_root = ISC_TRUE;
+				lookup->recurse = ISC_TRUE;
+				lookup->identify = ISC_TRUE;
+				lookup->stats = ISC_FALSE;
+				lookup->comments = ISC_FALSE;
+				lookup->section_additional = ISC_FALSE;
+				lookup->section_authority = ISC_FALSE;
+				lookup->section_question = ISC_FALSE;
+				lookup->rdtype = dns_rdatatype_ns;
+				lookup->rdtypeset = ISC_TRUE;
+				short_form = ISC_TRUE;
 			}
 			break;
 		default:
 			goto invalid_option;
 		}
 		break;
-	case 'o':
-		FULLCHECK("onesoa");
-		onesoa = state;
-		break;
 	case 'q':
 		switch (cmd[1]) {
 		case 'r': /* qr */
@@ -964,10 +933,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 					goto need_value;
 				if (!state)
 					goto invalid_option;
-				result = parse_uint(&lookup->retries, value,
-						    MAXTRIES - 1, "retries");
-				if (result != ISC_R_SUCCESS)
-					fatal("Couldn't parse retries");
+				lookup->retries = parse_uint(value, "retries",
+						       MAXTRIES - 1);
 				lookup->retries++;
 				break;
 			default:
@@ -1043,10 +1010,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				goto need_value;
 			if (!state)
 				goto invalid_option;
-			result = parse_uint(&timeout, value, MAXTIMEOUT,
-					    "timeout");
-			if (result != ISC_R_SUCCESS)
-				fatal("Couldn't parse timeout");
+			timeout = parse_uint(value, "timeout", MAXTIMEOUT);
 			if (timeout == 0)
 				timeout = 1;
 			break;
@@ -1079,10 +1043,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 					goto need_value;
 				if (!state)
 					goto invalid_option;
-				result = parse_uint(&lookup->retries, value,
-						    MAXTRIES, "tries");
-				if (result != ISC_R_SUCCESS)
-					fatal("Couldn't parse tries");
+				lookup->retries = parse_uint(value, "tries",
+							     MAXTRIES);
 				if (lookup->retries == 0)
 					lookup->retries = 1;
 				break;
@@ -1148,7 +1110,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 	struct in6_addr in6;
 	in_port_t srcport;
 	char *hash, *cmd;
-	isc_uint32_t num;
 
 	while (strpbrk(option, single_dash_opts) == &option[0]) {
 		/*
@@ -1164,7 +1125,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 				have_ipv6 = ISC_FALSE;
 			} else {
 				fatal("can't find IPv4 networking");
-				/* NOTREACHED */
 				return (ISC_FALSE);
 			}
 			break;
@@ -1174,7 +1134,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 				have_ipv4 = ISC_FALSE;
 			} else {
 				fatal("can't find IPv6 networking");
-				/* NOTREACHED */
 				return (ISC_FALSE);
 			}
 			break;
@@ -1225,11 +1184,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 	case 'b':
 		hash = strchr(value, '#');
 		if (hash != NULL) {
-			result = parse_uint(&num, hash + 1, MAXPORT,
-					    "port number");
-			if (result != ISC_R_SUCCESS)
-				fatal("Couldn't parse port number");
-			srcport = num;
+			srcport = (in_port_t)
+				parse_uint(hash + 1,
+					   "port number", MAXPORT);
 			*hash = '\0';
 		} else
 			srcport = 0;
@@ -1273,10 +1230,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		keyfile[sizeof(keyfile)-1]=0;
 		return (value_from_next);
 	case 'p':
-		result = parse_uint(&num, value, MAXPORT, "port number");
-		if (result != ISC_R_SUCCESS)
-			fatal("Couldn't parse port number");
-		port = num;
+		port = (in_port_t) parse_uint(value, "port number", MAXPORT);
 		return (value_from_next);
 	case 'q':
 		if (!config_only) {
@@ -1319,17 +1273,13 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 						"extra type option\n");
 			}
 			if (rdtype == dns_rdatatype_ixfr) {
-				isc_uint32_t serial;
 				(*lookup)->rdtype = dns_rdatatype_ixfr;
 				(*lookup)->rdtypeset = ISC_TRUE;
-				result = parse_uint(&serial, &value[5],
-					   MAXSERIAL, "serial number");
-				if (result != ISC_R_SUCCESS)
-					fatal("Couldn't parse serial number");
-				(*lookup)->ixfr_serial = serial;
+				(*lookup)->ixfr_serial =
+					parse_uint(&value[5], "serial number",
+						MAXSERIAL);
 				(*lookup)->section_question = plusquest;
 				(*lookup)->comments = pluscomm;
-				(*lookup)->tcp_mode = ISC_TRUE;
 			} else {
 				(*lookup)->rdtype = rdtype;
 				(*lookup)->rdtypeset = ISC_TRUE;
@@ -1354,7 +1304,65 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 			usage();
 		ptr3 = next_token(&value,":"); /* secret or NULL */
 		if (ptr3 != NULL) {
-			parse_hmac(ptr);
+			if (strcasecmp(ptr, "hmac-md5") == 0) {
+				hmacname = DNS_TSIG_HMACMD5_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-md5-", 9) == 0) {
+				hmacname = DNS_TSIG_HMACMD5_NAME;
+				digestbits = parse_uint(&ptr[9],
+							"digest-bits [0..128]",
+							128);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else if (strcasecmp(ptr, "hmac-sha1") == 0) {
+				hmacname = DNS_TSIG_HMACSHA1_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-sha1-", 10) == 0) {
+				hmacname = DNS_TSIG_HMACSHA1_NAME;
+				digestbits = parse_uint(&ptr[10],
+							"digest-bits [0..160]",
+							160);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else if (strcasecmp(ptr, "hmac-sha224") == 0) {
+				hmacname = DNS_TSIG_HMACSHA224_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-sha224-", 12) == 0) {
+				hmacname = DNS_TSIG_HMACSHA224_NAME;
+				digestbits = parse_uint(&ptr[12],
+							"digest-bits [0..224]",
+							224);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else if (strcasecmp(ptr, "hmac-sha256") == 0) {
+				hmacname = DNS_TSIG_HMACSHA256_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-sha256-", 12) == 0) {
+				hmacname = DNS_TSIG_HMACSHA256_NAME;
+				digestbits = parse_uint(&ptr[12],
+							"digest-bits [0..256]",
+							256);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else if (strcasecmp(ptr, "hmac-sha384") == 0) {
+				hmacname = DNS_TSIG_HMACSHA384_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-sha384-", 12) == 0) {
+				hmacname = DNS_TSIG_HMACSHA384_NAME;
+				digestbits = parse_uint(&ptr[12],
+							"digest-bits [0..384]",
+							384);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else if (strcasecmp(ptr, "hmac-sha512") == 0) {
+				hmacname = DNS_TSIG_HMACSHA512_NAME;
+				digestbits = 0;
+			} else if (strncasecmp(ptr, "hmac-sha512-", 12) == 0) {
+				hmacname = DNS_TSIG_HMACSHA512_NAME;
+				digestbits = parse_uint(&ptr[12],
+							"digest-bits [0..512]",
+							512);
+				digestbits = (digestbits + 7) & ~0x7U;
+			} else {
+				fprintf(stderr, ";; Warning, ignoring "
+					"invalid TSIG algorithm %s\n", ptr);
+				return (value_from_next);
+			}
 			ptr = ptr2;
 			ptr2 = ptr3;
 		} else  {
@@ -1398,7 +1406,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		fprintf(stderr, "Invalid option: -%s\n", option);
 		usage();
 	}
-	/* NOTREACHED */
 	return (ISC_FALSE);
 }
 
@@ -1603,22 +1610,16 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 							"extra type option\n");
 					}
 					if (rdtype == dns_rdatatype_ixfr) {
-						isc_uint32_t serial;
 						lookup->rdtype =
 							dns_rdatatype_ixfr;
 						lookup->rdtypeset = ISC_TRUE;
-						result = parse_uint(&serial,
-								    &rv[0][5],
-								    MAXSERIAL,
-							      "serial number");
-						if (result != ISC_R_SUCCESS)
-							fatal("Couldn't parse "
-							      "serial number");
-						lookup->ixfr_serial = serial;
+						lookup->ixfr_serial =
+							parse_uint(&rv[0][5],
+								"serial number",
+								MAXSERIAL);
 						lookup->section_question =
 							plusquest;
 						lookup->comments = pluscomm;
-						lookup->tcp_mode = ISC_TRUE;
 					} else {
 						lookup->rdtype = rdtype;
 						lookup->rdtypeset = ISC_TRUE;

bin/dig/dig.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
+<!-- $Id: dig.docbook,v 1.17.18.27 2009/02/02 04:45:22 marka Exp $ -->
 <refentry id="man.dig">
 
   <refentryinfo>
@@ -44,7 +44,6 @@
       <year>2007</year>
       <year>2008</year>
       <year>2009</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -767,17 +766,6 @@
           </listitem>
         </varlistentry>
 
-	<varlistentry>
-	  <term><option>+[no]onesoa</option></term>
-	  <listitem>
-	    <para>
-	      Print only one (starting) SOA record when performing
-	      an AXFR. The default is to print both the starting and
-	      ending SOA records.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
         <varlistentry>
           <term><option>+[no]fail</option></term>
           <listitem>
@@ -852,14 +840,6 @@
           </listitem>
         </varlistentry>
 
-        <varlistentry>
-          <term><option>+[no]nsid</option></term>
-          <listitem>
-            <para>
-              Include an EDNS name server ID request when sending a query.
-            </para>
-          </listitem>
-        </varlistentry>
 
 
       </variablelist>

bin/dig/dig.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.49 2010/03/05 01:14:15 tbox Exp $ -->
+<!-- $Id: dig.html,v 1.13.18.33 2009/07/11 01:31:44 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -34,7 +34,7 @@
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>DESCRIPTION</h2>
+<a name="id2543518"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -80,7 +80,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543595"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543592"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -126,7 +126,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543686"></a><h2>OPTIONS</h2>
+<a name="id2543683"></a><h2>OPTIONS</h2>
 <p>
       The <code class="option">-b</code> option sets the source IP address of the query
       to <em class="parameter"><code>address</code></em>.  This must be a valid
@@ -230,7 +230,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544035"></a><h2>QUERY OPTIONS</h2>
+<a name="id2544032"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -499,12 +499,6 @@
               each record on a single line, to facilitate machine parsing
               of the <span><strong class="command">dig</strong></span> output.
             </p></dd>
-<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
-<dd><p>
-	      Print only one (starting) SOA record when performing
-	      an AXFR. The default is to print both the starting and
-	      ending SOA records.
-	    </p></dd>
 <dt><span class="term"><code class="option">+[no]fail</code></span></dt>
 <dd><p>
               Do not try the next server if you receive a SERVFAIL.  The
@@ -551,17 +545,13 @@
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
-<dd><p>
-              Include an EDNS name server ID request when sending a query.
-            </p></dd>
 </dl></div>
 <p>
 
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545184"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2545153"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -607,7 +597,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545245"></a><h2>IDN SUPPORT</h2>
+<a name="id2545214"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -621,14 +611,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545336"></a><h2>FILES</h2>
+<a name="id2545237"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545353"></a><h2>SEE ALSO</h2>
+<a name="id2545322"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -636,7 +626,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545390"></a><h2>BUGS</h2>
+<a name="id2545360"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>

bin/dig/dighost.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.328 2009/11/10 17:27:40 each Exp $ */
+/* $Id: dighost.c,v 1.259.18.58 2009/06/24 03:44:52 marka Exp $ */
 
 /*! \file
  *  \note
@@ -53,7 +53,6 @@
 #include <ctype.h>
 #endif
 #include <dns/fixedname.h>
-#include <dns/log.h>
 #include <dns/message.h>
 #include <dns/name.h>
 #include <dns/rdata.h>
@@ -72,12 +71,10 @@
 #include <isc/entropy.h>
 #include <isc/file.h>
 #include <isc/lang.h>
-#include <isc/log.h>
 #include <isc/netaddr.h>
 #ifdef DIG_SIGCHASE
 #include <isc/netdb.h>
 #endif
-#include <isc/parseint.h>
 #include <isc/print.h>
 #include <isc/random.h>
 #include <isc/result.h>
@@ -87,8 +84,6 @@
 #include <isc/types.h>
 #include <isc/util.h>
 
-#include <isccfg/namedconf.h>
-
 #include <lwres/lwres.h>
 #include <lwres/net.h>
 
@@ -126,7 +121,6 @@ in_port_t port = 53;
 unsigned int timeout = 0;
 unsigned int extrabytes;
 isc_mem_t *mctx = NULL;
-isc_log_t *lctx = NULL;
 isc_taskmgr_t *taskmgr = NULL;
 isc_task_t *global_task = NULL;
 isc_timermgr_t *timermgr = NULL;
@@ -399,7 +393,7 @@ count_dots(char *string) {
 
 static void
 hex_dump(isc_buffer_t *b) {
-	unsigned int len, i;
+	unsigned int len;
 	isc_region_t r;
 
 	isc_buffer_usedregion(b, &r);
@@ -407,29 +401,11 @@ hex_dump(isc_buffer_t *b) {
 	printf("%d bytes\n", r.length);
 	for (len = 0; len < r.length; len++) {
 		printf("%02x ", r.base[len]);
-		if (len % 16 == 15) {
-			fputs("         ", stdout);
-			for (i = len - 15; i <= len; i++) {
-				if (r.base[i] >= '!' && r.base[i] <= '}')
-					putchar(r.base[i]);
-				else
-					putchar('.');
-			}
+		if (len % 16 == 15)
 			printf("\n");
-		}
 	}
-	if (len % 16 != 0) {
-		for (i = len; (i % 16) != 0; i++)
-			fputs("   ", stdout);
-		fputs("         ", stdout);
-		for (i = ((len>>4)<<4); i < len; i++) {
-			if (r.base[i] >= '!' && r.base[i] <= '}')
-				putchar(r.base[i]);
-			else
-				putchar('.');
-		}
+	if (len % 16 != 0)
 		printf("\n");
-	}
 }
 
 /*%
@@ -753,7 +729,6 @@ make_empty_lookup(void) {
 	looknew->servfail_stops = ISC_TRUE;
 	looknew->besteffort = ISC_TRUE;
 	looknew->dnssec = ISC_FALSE;
-	looknew->nsid = ISC_FALSE;
 #ifdef DIG_SIGCHASE
 	looknew->sigchase = ISC_FALSE;
 #if DIG_SIGCHASE_TD
@@ -833,7 +808,6 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
 	looknew->servfail_stops = lookold->servfail_stops;
 	looknew->besteffort = lookold->besteffort;
 	looknew->dnssec = lookold->dnssec;
-	looknew->nsid = lookold->nsid;
 #ifdef DIG_SIGCHASE
 	looknew->sigchase = lookold->sigchase;
 #if DIG_SIGCHASE_TD
@@ -927,7 +901,9 @@ setup_text_key(void) {
 
 	secretsize = isc_buffer_usedlength(&secretbuf);
 
-	result = dns_name_fromtext(&keyname, namebuf, dns_rootname, 0, namebuf);
+	result = dns_name_fromtext(&keyname, namebuf,
+				   dns_rootname, ISC_FALSE,
+				   namebuf);
 	if (result != ISC_R_SUCCESS)
 		goto failure;
 
@@ -946,164 +922,14 @@ setup_text_key(void) {
 	isc_buffer_free(&namebuf);
 }
 
-isc_result_t
-parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
-	   const char *desc) {
-	isc_uint32_t n;
-	isc_result_t result = isc_parse_uint32(&n, value, 10);
-	if (result == ISC_R_SUCCESS && n > max)
-		result = ISC_R_RANGE;
-	if (result != ISC_R_SUCCESS) {
-		printf("invalid %s '%s': %s\n", desc,
-		       value, isc_result_totext(result));
-		return (result);
-	}
-	*uip = n;
-	return (ISC_R_SUCCESS);
-}
-
-static isc_uint32_t
-parse_bits(char *arg, const char *desc, isc_uint32_t max) {
-	isc_result_t result;
-	isc_uint32_t tmp;
-
-	result = parse_uint(&tmp, arg, max, desc);
-	if (result != ISC_R_SUCCESS)
-		fatal("couldn't parse digest bits");
-	tmp = (tmp + 7) & ~0x7U;
-	return (tmp);
-}
-
-
-/*
- * Parse HMAC algorithm specification
- */
-void
-parse_hmac(const char *hmac) {
-	char buf[20];
-	int len;
-
-	REQUIRE(hmac != NULL);
-
-	len = strlen(hmac);
-	if (len >= (int) sizeof(buf))
-		fatal("unknown key type '%.*s'", len, hmac);
-	strncpy(buf, hmac, sizeof(buf));
-
-	digestbits = 0;
-
-	if (strcasecmp(buf, "hmac-md5") == 0) {
-		hmacname = DNS_TSIG_HMACMD5_NAME;
-	} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
-		hmacname = DNS_TSIG_HMACMD5_NAME;
-		digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128);
-	} else if (strcasecmp(buf, "hmac-sha1") == 0) {
-		hmacname = DNS_TSIG_HMACSHA1_NAME;
-		digestbits = 0;
-	} else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
-		hmacname = DNS_TSIG_HMACSHA1_NAME;
-		digestbits = parse_bits(&buf[10], "digest-bits [0..160]", 160);
-	} else if (strcasecmp(buf, "hmac-sha224") == 0) {
-		hmacname = DNS_TSIG_HMACSHA224_NAME;
-	} else if (strncasecmp(buf, "hmac-sha224-", 12) == 0) {
-		hmacname = DNS_TSIG_HMACSHA224_NAME;
-		digestbits = parse_bits(&buf[12], "digest-bits [0..224]", 224);
-	} else if (strcasecmp(buf, "hmac-sha256") == 0) {
-		hmacname = DNS_TSIG_HMACSHA256_NAME;
-	} else if (strncasecmp(buf, "hmac-sha256-", 12) == 0) {
-		hmacname = DNS_TSIG_HMACSHA256_NAME;
-		digestbits = parse_bits(&buf[12], "digest-bits [0..256]", 256);
-	} else if (strcasecmp(buf, "hmac-sha384") == 0) {
-		hmacname = DNS_TSIG_HMACSHA384_NAME;
-	} else if (strncasecmp(buf, "hmac-sha384-", 12) == 0) {
-		hmacname = DNS_TSIG_HMACSHA384_NAME;
-		digestbits = parse_bits(&buf[12], "digest-bits [0..384]", 384);
-	} else if (strcasecmp(buf, "hmac-sha512") == 0) {
-		hmacname = DNS_TSIG_HMACSHA512_NAME;
-	} else if (strncasecmp(buf, "hmac-sha512-", 12) == 0) {
-		hmacname = DNS_TSIG_HMACSHA512_NAME;
-		digestbits = parse_bits(&buf[12], "digest-bits [0..512]", 512);
-	} else {
-		fprintf(stderr, ";; Warning, ignoring "
-			"invalid TSIG algorithm %s\n", buf);
-	}
-}
-
-/*
- * Get a key from a named.conf format keyfile
- */
-static isc_result_t
-read_confkey(void) {
-	isc_log_t *lctx = NULL;
-	cfg_parser_t *pctx = NULL;
-	cfg_obj_t *file = NULL;
-	const cfg_obj_t *key = NULL;
-	const cfg_obj_t *secretobj = NULL;
-	const cfg_obj_t *algorithmobj = NULL;
-	const char *keyname;
-	const char *secretstr;
-	const char *algorithm;
-	isc_result_t result;
-
-	if (! isc_file_exists(keyfile))
-		return (ISC_R_FILENOTFOUND);
-
-	result = cfg_parser_create(mctx, lctx, &pctx);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-
-	result = cfg_parse_file(pctx, keyfile, &cfg_type_sessionkey,
-				&file);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-
-	result = cfg_map_get(file, "key", &key);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-
-	(void) cfg_map_get(key, "secret", &secretobj);
-	(void) cfg_map_get(key, "algorithm", &algorithmobj);
-	if (secretobj == NULL || algorithmobj == NULL)
-		fatal("key must have algorithm and secret");
-
-	keyname = cfg_obj_asstring(cfg_map_getname(key));
-	secretstr = cfg_obj_asstring(secretobj);
-	algorithm = cfg_obj_asstring(algorithmobj);
-
-	strncpy(keynametext, keyname, sizeof(keynametext));
-	strncpy(keysecret, secretstr, sizeof(keysecret));
-	parse_hmac(algorithm);
-	setup_text_key();
-
- cleanup:
-	if (pctx != NULL) {
-		if (file != NULL)
-			cfg_obj_destroy(pctx, &file);
-		cfg_parser_destroy(&pctx);
-	}
-
-	return (result);
-}
-
 static void
 setup_file_key(void) {
 	isc_result_t result;
 	dst_key_t *dstkey = NULL;
 
 	debug("setup_file_key()");
-
-	/* Try reading the key from a K* pair */
-	result = dst_key_fromnamedfile(keyfile, NULL,
-				       DST_TYPE_PRIVATE | DST_TYPE_KEY, mctx,
-				       &dstkey);
-
-	/* If that didn't work, try reading it as a session.key keyfile */
-	if (result != ISC_R_SUCCESS) {
-		result = read_confkey();
-		if (result == ISC_R_SUCCESS)
-			return;
-	}
-
+	result = dst_key_fromnamedfile(keyfile, DST_TYPE_PRIVATE | DST_TYPE_KEY,
+				       mctx, &dstkey);
 	if (result != ISC_R_SUCCESS) {
 		fprintf(stderr, "Couldn't read key from %s: %s\n",
 			keyfile, isc_result_totext(result));
@@ -1292,7 +1118,6 @@ set_search_domain(char *domain) {
 void
 setup_libs(void) {
 	isc_result_t result;
-	isc_logconfig_t *logconfig = NULL;
 
 	debug("setup_libs()");
 
@@ -1309,18 +1134,6 @@ setup_libs(void) {
 	result = isc_mem_create(0, 0, &mctx);
 	check_result(result, "isc_mem_create");
 
-	result = isc_log_create(mctx, &lctx, &logconfig);
-	check_result(result, "isc_log_create");
-
-	isc_log_setcontext(lctx);
-	dns_log_init(lctx);
-	dns_log_setcontext(lctx);
-
-	result = isc_log_usechannel(logconfig, "default_debug", NULL, NULL);
-	check_result(result, "isc_log_usechannel");
-
-	isc_log_setdebuglevel(lctx, 0);
-
 	result = isc_taskmgr_create(mctx, 1, 0, &taskmgr);
 	check_result(result, "isc_taskmgr_create");
 
@@ -1358,11 +1171,11 @@ setup_libs(void) {
 
 /*%
  * Add EDNS0 option record to a message.  Currently, the only supported
- * options are UDP buffer size, the DO bit, and NSID request.
+ * options are UDP buffer size and the DO bit.
  */
 static void
 add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
-	isc_boolean_t dnssec, isc_boolean_t nsid)
+	isc_boolean_t dnssec)
 {
 	dns_rdataset_t *rdataset = NULL;
 	dns_rdatalist_t *rdatalist = NULL;
@@ -1385,19 +1198,8 @@ add_opt(dns_message_t *msg, isc_uint16_t udpsize, isc_uint16_t edns,
 	rdatalist->ttl = edns << 16;
 	if (dnssec)
 		rdatalist->ttl |= DNS_MESSAGEEXTFLAG_DO;
-	if (nsid) {
-		unsigned char data[4];
-		isc_buffer_t buf;
-
-		isc_buffer_init(&buf, data, sizeof(data));
-		isc_buffer_putuint16(&buf, DNS_OPT_NSID);
-		isc_buffer_putuint16(&buf, 0);
-		rdata->data = data;
-		rdata->length = sizeof(data);
-	} else {
-		rdata->data = NULL;
-		rdata->length = 0;
-	}
+	rdata->data = NULL;
+	rdata->length = 0;
 	ISC_LIST_INIT(rdatalist->rdata);
 	ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
 	dns_rdatalist_tordataset(rdatalist, rdataset);
@@ -2056,13 +1858,13 @@ setup_lookup(dig_lookup_t *lookup) {
 		isc_buffer_init(&b, lookup->origin->origin, len);
 		isc_buffer_add(&b, len);
 		result = dns_name_fromtext(lookup->oname, &b, dns_rootname,
-					   0, &lookup->onamebuf);
+					   ISC_FALSE, &lookup->onamebuf);
 		if (result != ISC_R_SUCCESS) {
 			dns_message_puttempname(lookup->sendmsg,
 						&lookup->name);
 			dns_message_puttempname(lookup->sendmsg,
 						&lookup->oname);
-			fatal("'%s' is not in legal name syntax (%s)",
+			fatal("Origin '%s' is not in legal name syntax (%s)",
 			      lookup->origin->origin,
 			      isc_result_totext(result));
 		}
@@ -2073,7 +1875,7 @@ setup_lookup(dig_lookup_t *lookup) {
 			isc_buffer_init(&b, lookup->textname, len);
 			isc_buffer_add(&b, len);
 			result = dns_name_fromtext(lookup->name, &b,
-						   lookup->oname, 0,
+						   lookup->oname, ISC_FALSE,
 						   &lookup->namebuf);
 		}
 		if (result != ISC_R_SUCCESS) {
@@ -2097,14 +1899,16 @@ setup_lookup(dig_lookup_t *lookup) {
 			isc_buffer_init(&b, idn_textname, len);
 			isc_buffer_add(&b, len);
 			result = dns_name_fromtext(lookup->name, &b,
-						   dns_rootname, 0,
+						   dns_rootname,
+						   ISC_FALSE,
 						   &lookup->namebuf);
 #else
 			len = strlen(lookup->textname);
 			isc_buffer_init(&b, lookup->textname, len);
 			isc_buffer_add(&b, len);
 			result = dns_name_fromtext(lookup->name, &b,
-						   dns_rootname, 0,
+						   dns_rootname,
+						   ISC_FALSE,
 						   &lookup->namebuf);
 #endif
 		}
@@ -2165,15 +1969,12 @@ setup_lookup(dig_lookup_t *lookup) {
 
 	if ((lookup->rdtype == dns_rdatatype_axfr) ||
 	    (lookup->rdtype == dns_rdatatype_ixfr)) {
+		lookup->doing_xfr = ISC_TRUE;
 		/*
-		 * Force TCP mode if we're doing an axfr.
+		 * Force TCP mode if we're doing an xfr.
+		 * XXX UDP ixfr's would be useful
 		 */
-		if (lookup->rdtype == dns_rdatatype_axfr) {
-			lookup->doing_xfr = ISC_TRUE;
-			lookup->tcp_mode = ISC_TRUE;
-		} else if (lookup->tcp_mode) {
-			lookup->doing_xfr = ISC_TRUE;
-		}
+		lookup->tcp_mode = ISC_TRUE;
 	}
 
 	add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
@@ -2210,7 +2011,7 @@ setup_lookup(dig_lookup_t *lookup) {
 		if (lookup->edns < 0)
 			lookup->edns = 0;
 		add_opt(lookup->sendmsg, lookup->udpsize,
-			lookup->edns, lookup->dnssec, lookup->nsid);
+			lookup->edns, lookup->dnssec);
 	}
 
 	result = dns_message_rendersection(lookup->sendmsg,
@@ -2582,9 +2383,11 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
 		if (!l->tcp_mode)
 			send_udp(ISC_LIST_NEXT(cq, link));
 		else {
-			if (query->sock != NULL)
-				isc_socket_cancel(query->sock, NULL,
-						  ISC_SOCKCANCEL_ALL);
+			isc_socket_cancel(query->sock, NULL,
+					  ISC_SOCKCANCEL_ALL);
+			isc_socket_detach(&query->sock);
+			sockcount--;
+			debug("sockcount=%d", sockcount);
 			send_tcp_connect(ISC_LIST_NEXT(cq, link));
 		}
 		UNLOCK_LOOKUP;
@@ -2788,8 +2591,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
 	if (sevent->result == ISC_R_CANCELED) {
 		debug("in cancel handler");
 		isc_socket_detach(&query->sock);
-		INSIST(sockcount > 0);
 		sockcount--;
+		INSIST(sockcount >= 0);
 		debug("sockcount=%d", sockcount);
 		query->waiting_connect = ISC_FALSE;
 		isc_event_free(&event);
@@ -3723,11 +3526,9 @@ destroy_libs(void) {
 		free_name(&chase_signame, mctx);
 #endif
 
-#endif
-	debug("Removing log context");
-	isc_log_destroy(&lctx);
-
 	debug("Destroy memory");
+
+#endif
 	if (memdebugging != 0)
 		isc_mem_stats(mctx, stderr);
 	if (mctx != NULL)
@@ -4216,7 +4017,7 @@ get_trusted_key(isc_mem_t *mctx)
 			return (ISC_R_FAILURE);
 		}
 		fclose(fptemp);
-		result = dst_key_fromnamedfile(filetemp, NULL, DST_TYPE_PUBLIC,
+		result = dst_key_fromnamedfile(filetemp, DST_TYPE_PUBLIC,
 					       mctx, &key);
 		removetmpkey(mctx, filetemp);
 		isc_mem_free(mctx, filetemp);
@@ -4249,7 +4050,7 @@ nameFromString(const char *str, dns_name_t *p_ret) {
 
 	dns_fixedname_init(&fixedname);
 	result = dns_name_fromtext(dns_fixedname_name(&fixedname), &buffer,
-				   dns_rootname, DNS_NAME_DOWNCASE, NULL);
+				   dns_rootname, ISC_TRUE, NULL);
 	check_result(result, "nameFromString");
 
 	if (dns_name_dynamic(p_ret))

bin/dig/host.1

@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.31 2009/07/11 01:12:45 tbox Exp $
+.\" $Id: host.1,v 1.14.18.18 2009/07/11 01:31:44 tbox Exp $
 .\"
 .hy 0
 .ad l

bin/dig/host.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.120 2009/09/29 15:06:05 fdupont Exp $ */
+/* $Id: host.c,v 1.94.18.22 2009/09/08 23:29:03 marka Exp $ */
 
 /*! \file */
 
@@ -141,9 +141,6 @@ rcode_totext(dns_rcode_t rcode)
 	return totext.deconsttext;
 }
 
-ISC_PLATFORM_NORETURN_PRE static void
-show_usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 show_usage(void) {
 	fputs(
@@ -709,7 +706,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				lookup->tcp_mode = ISC_TRUE;
 			} else if (rdtype == dns_rdatatype_ixfr) {
 				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = ISC_TRUE;
 				list_type = rdtype;
 #ifdef WITH_IDN
 			} else if (rdtype == dns_rdatatype_a ||

bin/dig/host.docbook

@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.20 2009/01/20 23:47:56 tbox Exp $ -->
+<!-- $Id: host.docbook,v 1.5.18.15 2009/01/22 23:46:00 tbox Exp $ -->
 <refentry id="man.host">
 
   <refentryinfo>

bin/dig/host.html

@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: host.html,v 1.30 2009/07/11 01:12:45 tbox Exp $ -->
+<!-- $Id: host.html,v 1.7.18.24 2009/07/11 01:31:44 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

bin/dig/include/dig/dig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.111 2009/09/29 15:06:06 fdupont Exp $ */
+/* $Id: dig.h,v 1.82.18.25 2008/12/16 23:46:02 tbox Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -129,8 +129,7 @@ struct dig_lookup {
 		need_search,
 		done_as_is,
 		besteffort,
-		dnssec,
-		nsid;   /*% Name Server ID (RFC 5001) */
+		dnssec;
 #ifdef DIG_SIGCHASE
 isc_boolean_t	sigchase;
 #if DIG_SIGCHASE_TD
@@ -292,9 +291,8 @@ isc_result_t
 get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
 	    isc_boolean_t strict);
 
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 void
 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
@@ -326,13 +324,6 @@ setup_libs(void);
 void
 setup_system(void);
 
-isc_result_t
-parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
-	   const char *desc);
-
-void
-parse_hmac(const char *hmacstr);
-
 dig_lookup_t *
 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.16 2010/02/23 01:14:31 tbox Exp $
+.\" $Id: nslookup.1,v 1.1.10.15 2009/07/11 01:31:44 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -54,13 +54,7 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
 Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
 Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp
-.RS 4
-.nf
-nslookup \-query=hinfo  \-timeout=10
-.fi
-.RE
-.sp
+.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
 .SH "INTERACTIVE COMMANDS"
 .PP
 \fBhost\fR [server]
@@ -254,5 +248,5 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .PP
 Andrew Cherenson
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dig/nslookup.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.124 2009/10/20 01:04:03 marka Exp $ */
+/* $Id: nslookup.c,v 1.101.18.20 2009/05/06 23:45:59 tbox Exp $ */
 
 #include <config.h>
 
@@ -373,7 +373,6 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 					printrdata(&rdata);
 				}
 				dns_rdata_reset(&rdata);
-				printf("\tttl = %u\n", rdataset->ttl);
 				loopresult = dns_rdataset_next(rdataset);
 			}
 		}
@@ -541,6 +540,22 @@ safecpy(char *dest, char *src, int size) {
 	dest[size-1] = 0;
 }
 
+static isc_result_t
+parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
+	   const char *desc) {
+	isc_uint32_t n;
+	isc_result_t result = isc_parse_uint32(&n, value, 10);
+	if (result == ISC_R_SUCCESS && n > max)
+		result = ISC_R_RANGE;
+	if (result != ISC_R_SUCCESS) {
+		printf("invalid %s '%s': %s\n", desc,
+		       value, isc_result_totext(result));
+		return result;
+	}
+	*uip = n;
+	return (ISC_R_SUCCESS);
+}
+
 static void
 set_port(const char *value) {
 	isc_uint32_t n;

bin/dig/nslookup.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.18 2010/02/22 23:49:11 tbox Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.4.2.13 2007/08/28 07:19:55 tbox Exp $ -->
 <!--
  - Copyright (c) 1985, 1989
  -    The Regents of the University of California.  All rights reserved.
@@ -73,7 +73,6 @@
       <year>2005</year>
       <year>2006</year>
       <year>2007</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -130,11 +129,11 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      <!-- <informalexample> produces bad nroff. -->
+      <informalexample>
         <programlisting>
 nslookup -query=hinfo  -timeout=10
 </programlisting>
-      <!-- </informalexample> -->
+      </informalexample>
     </para>
 
   </refsect1>

bin/dig/nslookup.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nslookup.html,v 1.23 2010/02/23 01:14:31 tbox Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.10.22 2009/07/11 01:31:44 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543358"></a><h2>DESCRIPTION</h2>
+<a name="id2543355"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543374"></a><h2>ARGUMENTS</h2>
+<a name="id2543371"></a><h2>ARGUMENTS</h2>
 <p>
       Interactive mode is entered in the following cases:
       </p>
@@ -68,17 +68,15 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      
-        </p>
-<pre class="programlisting">
+      </p>
+<div class="informalexample"><pre class="programlisting">
 nslookup -query=hinfo  -timeout=10
-</pre>
+</pre></div>
 <p>
-      
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543418"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2543413"></a><h2>INTERACTIVE COMMANDS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
 <dd>
@@ -288,19 +286,19 @@ nslookup -query=hinfo  -timeout=10
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546284"></a><h2>FILES</h2>
+<a name="id2546279"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546296"></a><h2>SEE ALSO</h2>
+<a name="id2546291"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546330"></a><h2>Author</h2>
+<a name="id2546325"></a><h2>Author</h2>
 <p>
       Andrew Cherenson
     </p>

bin/dig/win32/dig.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
 
 !ENDIF 
 

bin/dig/win32/dig.mak

@@ -132,19 +132,18 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dig.obj" \
 	"$(INTDIR)\dighost.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -192,7 +191,7 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
 BSC32_SBRS= \
@@ -205,13 +204,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dig.obj" \
 	"$(INTDIR)\dighost.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 

bin/dig/win32/dighost.dsp

@@ -43,7 +43,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
@@ -70,7 +70,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32

bin/dig/win32/host.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
 
 !ENDIF 
 

bin/dig/win32/host.mak

@@ -132,19 +132,18 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\host.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -192,7 +191,7 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
 BSC32_SBRS= \
@@ -205,13 +204,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\host.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 

bin/dig/win32/nslookup.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
 
 !ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
 
 !ENDIF 
 

bin/dig/win32/nslookup.mak

@@ -132,19 +132,18 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
 BSC32_SBRS= \
 	
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\nslookup.obj" \
 	"..\..\..\lib\dns\win32\Release\libdns.lib" \
 	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
 
@@ -192,7 +191,7 @@ CLEAN :
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
 BSC32_SBRS= \
@@ -205,13 +204,12 @@ BSC32_SBRS= \
 <<
 
 LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\dighost.obj" \
 	"$(INTDIR)\nslookup.obj" \
 	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
 	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
 	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
 	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
 

bin/dnssec/.cvsignore

@@ -1,10 +1,6 @@
 Makefile
-dnssec-dsfromkey
-dnssec-keyfromlabel
 dnssec-keygen
 dnssec-makekeyset
-dnssec-revoke
-dnssec-settime
 dnssec-signkey
 dnssec-signzone
 *.lo

bin/dnssec/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.26.18.4 2005/05/02 00:26:11 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -25,12 +25,11 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES =	-DVERSION=\"${VERSION}\" 
 CWARNINGS =
 
 DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
@@ -39,56 +38,32 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
-NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
-
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
-		dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
-		dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@
+TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
-		dnssec-revoke.c dnssec-settime.c dnssec-signzone.c dnssectool.c
+SRCS =		dnssec-keygen.c dnssec-signzone.c dnssectool.c
 
-MANPAGES =	dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
-		dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8
+MANPAGES =	dnssec-keygen.8 dnssec-signzone.8
 
-HTMLPAGES =	dnssec-dsfromkey.html dnssec-keyfromlabel.html \
-		dnssec-keygen.html dnssec-revoke.html \
-		dnssec-settime.html dnssec-signzone.html 
+HTMLPAGES =	dnssec-keygen.html dnssec-signzone.html
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
-
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
-
 dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+	dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
 dnssec-signzone.@O@: dnssec-signzone.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/dnssec-signzone.c
 
 dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
-
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-revoke.@O@ ${OBJS} ${LIBS}
-
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-settime.@O@ ${OBJS} ${LIBS}
+	dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/dnssec/dnssec-dsfromkey.8

@@ -1,143 +0,0 @@
-.\" Copyright (C) 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
-.\"
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-dsfromkey.8,v 1.11 2009/08/27 01:14:39 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-dsfromkey
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: August 26, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "August 26, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-dsfromkey \- DNSSEC DS RR generation tool
-.SH "SYNOPSIS"
-.HP 17
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
-.HP 17
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
-.SH "OPTIONS"
-.PP
-\-1
-.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
-.RE
-.PP
-\-2
-.RS 4
-Use SHA\-256 as the digest algorithm.
-.RE
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Select the digest algorithm. The value of
-\fBalgorithm\fR
-must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Look for key files (or, in keyset mode,
-\fIkeyset\-\fR
-files) in
-\fBdirectory\fR.
-.RE
-.PP
-\-f \fIfile\fR
-.RS 4
-Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
-\fBfile\fR. If the zone name is the same as
-\fBfile\fR, then it may be omitted.
-.RE
-.PP
-\-A
-.RS 4
-Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.
-.RE
-.PP
-\-l \fIdomain\fR
-.RS 4
-Generate a DLV set instead of a DS set. The specified
-\fBdomain\fR
-is appended to the name for each record in the set. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431.
-.RE
-.PP
-\-s
-.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class (default is IN). Useful only in keyset or zone file mode.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.SH "EXAMPLE"
-.PP
-To build the SHA\-256 DS RR from the
-\fBKexample.com.+003+26160\fR
-keyfile name, the following command would be issued:
-.PP
-\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
-.PP
-The command would print something like:
-.PP
-\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
-.SH "FILES"
-.PP
-The keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
-or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
-as generated by
-dnssec\-keygen(8).
-.PP
-The keyset file name is built from the
-\fBdirectory\fR, the string
-\fIkeyset\-\fR
-and the
-\fBdnsname\fR.
-.SH "CAVEAT"
-.PP
-A keyfile error can give a "file not found" even if the file exists.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 3658,
-RFC 4431.
-RFC 4509.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,518 +0,0 @@
-/*
- * Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-dsfromkey.c,v 1.18 2010/01/11 23:48:37 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/dbiterator.h>
-#include <dns/ds.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/keyvalues.h>
-#include <dns/master.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
-#include <dns/rdatatype.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024   /* AIX, WIN32, and others don't define this. */
-#endif
-
-const char *program = "dnssec-dsfromkey";
-int verbose;
-
-static dns_rdataclass_t rdclass;
-static dns_fixedname_t	fixed;
-static dns_name_t	*name = NULL;
-static isc_mem_t	*mctx = NULL;
-
-static isc_result_t
-initname(char *setname) {
-	isc_result_t result;
-	isc_buffer_t buf;
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-
-	isc_buffer_init(&buf, setname, strlen(setname));
-	isc_buffer_add(&buf, strlen(setname));
-	result = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-	return (result);
-}
-
-static isc_result_t
-loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
-	isc_result_t	 result;
-	dns_db_t	 *db = NULL;
-	dns_dbnode_t	 *node = NULL;
-	char setname[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(name, setname, sizeof(setname));
-
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
-			       rdclass, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't create database");
-
-	result = dns_db_load(db, filename);
-	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
-
-	result = dns_db_findnode(db, name, ISC_FALSE, &node);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't find %s node in %s", setname, filename);
-
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
-				     0, 0, rdataset, NULL);
-
-	if (result == ISC_R_NOTFOUND)
-		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	else if (result != ISC_R_SUCCESS)
-		fatal("dns_db_findrdataset");
-
-	if (node != NULL)
-		dns_db_detachnode(db, &node);
-	if (db != NULL)
-		dns_db_detach(&db);
-	return (result);
-}
-
-static isc_result_t
-loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
-	isc_result_t	 result;
-	char		 filename[PATH_MAX + 1];
-	isc_buffer_t	 buf;
-
-	dns_rdataset_init(rdataset);
-
-	isc_buffer_init(&buf, filename, sizeof(filename));
-	if (dirname != NULL) {
-		/* allow room for a trailing slash */
-		if (strlen(dirname) >= isc_buffer_availablelength(&buf))
-			return (ISC_R_NOSPACE);
-		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/')
-			isc_buffer_putstr(&buf, "/");
-	}
-
-	if (isc_buffer_availablelength(&buf) < 7)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putstr(&buf, "keyset-");
-
-	result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
-	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0)
-		return (ISC_R_NOSPACE);
-	isc_buffer_putuint8(&buf, 0);
-
-	return (loadsetfromfile(filename, rdataset));
-}
-
-static void
-loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata)
-{
-	isc_result_t  result;
-	dst_key_t     *key = NULL;
-	isc_buffer_t  keyb;
-	isc_region_t  r;
-
-	dns_rdata_init(rdata);
-
-	isc_buffer_init(&keyb, key_buf, key_buf_size);
-
-	result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (verbose > 2) {
-		char keystr[DST_KEY_FORMATSIZE];
-
-		dst_key_format(key, keystr, sizeof(keystr));
-		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
-
-	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't decode key");
-
-	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key),
-			     dns_rdatatype_dnskey, &r);
-
-	rdclass = dst_key_class(key);
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-	result = dns_name_copy(dst_key_name(key), name, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't copy name");
-
-	dst_key_free(&key);
-}
-
-static void
-logkey(dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	dst_key_t    *key = NULL;
-	isc_buffer_t buf;
-	char	     keystr[DST_KEY_FORMATSIZE];
-
-	isc_buffer_init(&buf, rdata->data, rdata->length);
-	isc_buffer_add(&buf, rdata->length);
-	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		return;
-
-	dst_key_format(key, keystr, sizeof(keystr));
-	fprintf(stderr, "%s: %s\n", program, keystr);
-
-	dst_key_free(&key);
-}
-
-static void
-emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
-     dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	unsigned char buf[DNS_DS_BUFFERSIZE];
-	char text_buf[DST_KEY_MAXTEXTSIZE];
-	char name_buf[DNS_NAME_MAXWIRE];
-	char class_buf[10];
-	isc_buffer_t textb, nameb, classb;
-	isc_region_t r;
-	dns_rdata_t ds;
-	dns_rdata_dnskey_t dnskey;
-
-	isc_buffer_init(&textb, text_buf, sizeof(text_buf));
-	isc_buffer_init(&nameb, name_buf, sizeof(name_buf));
-	isc_buffer_init(&classb, class_buf, sizeof(class_buf));
-
-	dns_rdata_init(&ds);
-
-	result = dns_rdata_tostruct(rdata, &dnskey, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't convert DNSKEY");
-
-	if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall)
-		return;
-
-	result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't build record");
-
-	result = dns_name_totext(name, ISC_FALSE, &nameb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print name");
-
-	/* Add lookaside origin, if set */
-	if (lookaside != NULL) {
-		if (isc_buffer_availablelength(&nameb) < strlen(lookaside))
-			fatal("DLV origin '%s' is too long", lookaside);
-		isc_buffer_putstr(&nameb, lookaside);
-		if (lookaside[strlen(lookaside) - 1] != '.') {
-			if (isc_buffer_availablelength(&nameb) < 1)
-				fatal("DLV origin '%s' is too long", lookaside);
-			isc_buffer_putstr(&nameb, ".");
-		}
-	}
-
-	result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print rdata");
-
-	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print class");
-
-	isc_buffer_usedregion(&nameb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-
-	putchar(' ');
-
-	isc_buffer_usedregion(&classb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-
-	if (lookaside == NULL)
-		printf(" DS ");
-	else
-		printf(" DLV ");
-
-	isc_buffer_usedregion(&textb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-	putchar('\n');
-}
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s options [-K dir] keyfile\n\n", program);
-	fprintf(stderr, "    %s options [-K dir] [-c class] -s dnsname\n\n",
-		program);
-	fprintf(stderr, "    %s options -f zonefile (as zone name)\n\n", program);
-	fprintf(stderr, "    %s options -f zonefile zonename\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -K <directory>: directory in which to find "
-			"key file or keyset file\n");
-	fprintf(stderr, "    -a algorithm: digest algorithm "
-			"(SHA-1 or SHA-256)\n");
-	fprintf(stderr, "    -1: use SHA-1\n");
-	fprintf(stderr, "    -2: use SHA-256\n");
-	fprintf(stderr, "    -l: add lookaside zone and print DLV records\n");
-	fprintf(stderr, "    -s: read keyset from keyset-<dnsname> file\n");
-	fprintf(stderr, "    -c class: rdata class for DS set (default: IN)\n");
-	fprintf(stderr, "    -f file: read keyset from zone file\n");
-	fprintf(stderr, "    -A: when used with -f, "
-			"include all keys in DS set, not just KSKs\n");
-	fprintf(stderr, "Output: DS or DLV RRs\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *classname = NULL;
-	char		*filename = NULL, *dir = NULL, *namestr;
-	char		*lookaside = NULL;
-	char		*endp;
-	int		ch;
-	unsigned int	dtype = DNS_DSDIGEST_SHA1;
-	isc_boolean_t	both = ISC_TRUE;
-	isc_boolean_t	usekeyset = ISC_FALSE;
-	isc_boolean_t	showall = ISC_FALSE;
-	isc_result_t	result;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataset_t	rdataset;
-	dns_rdata_t	rdata;
-
-	dns_rdata_init(&rdata);
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "12Aa:c:d:Ff:K:l:sv:h")) != -1) {
-		switch (ch) {
-		case '1':
-			dtype = DNS_DSDIGEST_SHA1;
-			both = ISC_FALSE;
-			break;
-		case '2':
-			dtype = DNS_DSDIGEST_SHA256;
-			both = ISC_FALSE;
-			break;
-		case 'A':
-			showall = ISC_TRUE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			both = ISC_FALSE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'd':
-			fprintf(stderr, "%s: the -d option is deprecated; "
-					"use -K\n", program);
-			/* fall through */
-		case 'K':
-			dir = isc_commandline_argument;
-			if (strlen(dir) == 0U)
-				fatal("directory must be non-empty string");
-			break;
-		case 'f':
-			filename = isc_commandline_argument;
-			break;
-		case 'l':
-			lookaside = isc_commandline_argument;
-			if (strlen(lookaside) == 0U)
-				fatal("lookaside must be a non-empty string");
-			break;
-		case 's':
-			usekeyset = ISC_TRUE;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'F':
-			/* Reserved for FIPS mode */
-			/* FALLTHROUGH */
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (algname != NULL) {
-		if (strcasecmp(algname, "SHA1") == 0 ||
-		    strcasecmp(algname, "SHA-1") == 0)
-			dtype = DNS_DSDIGEST_SHA1;
-		else if (strcasecmp(algname, "SHA256") == 0 ||
-			 strcasecmp(algname, "SHA-256") == 0)
-			dtype = DNS_DSDIGEST_SHA256;
-		else
-			fatal("unknown algorithm %s", algname);
-	}
-
-	rdclass = strtoclass(classname);
-
-	if (usekeyset && filename != NULL)
-		fatal("cannot use both -s and -f");
-
-	/* When not using -f, -A is implicit */
-	if (filename == NULL)
-		showall = ISC_TRUE;
-
-	if (argc < isc_commandline_index + 1 && filename == NULL)
-		fatal("the key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize hash");
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	setup_logging(verbose, mctx, &log);
-
-	dns_rdataset_init(&rdataset);
-
-	if (usekeyset || filename != NULL) {
-		if (argc < isc_commandline_index + 1 && filename != NULL) {
-			/* using zone name as the zone file name */
-			namestr = filename;
-		} else
-			namestr = argv[isc_commandline_index];
-
-		result = initname(namestr);
-		if (result != ISC_R_SUCCESS)
-			fatal("could not initialize name %s", namestr);
-
-		if (usekeyset)
-			result = loadkeyset(dir, &rdataset);
-		else
-			result = loadsetfromfile(filename, &rdataset);
-
-		if (result != ISC_R_SUCCESS)
-			fatal("could not load DNSKEY set: %s\n",
-			      isc_result_totext(result));
-
-		for (result = dns_rdataset_first(&rdataset);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&rdataset)) {
-			dns_rdata_init(&rdata);
-			dns_rdataset_current(&rdataset, &rdata);
-
-			if (verbose > 2)
-				logkey(&rdata);
-
-			if (both) {
-				emit(DNS_DSDIGEST_SHA1, showall, lookaside,
-				     &rdata);
-				emit(DNS_DSDIGEST_SHA256, showall, lookaside,
-				     &rdata);
-			} else
-				emit(dtype, showall, lookaside, &rdata);
-		}
-	} else {
-		unsigned char key_buf[DST_KEY_MAXSIZE];
-
-		loadkey(argv[isc_commandline_index], key_buf,
-			DST_KEY_MAXSIZE, &rdata);
-
-		if (both) {
-			emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
-			emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata);
-		} else
-			emit(dtype, showall, lookaside, &rdata);
-	}
-
-	if (dns_rdataset_isassociated(&rdataset))
-		dns_rdataset_disassociate(&rdataset);
-	cleanup_logging(&log);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	fflush(stdout);
-	if (ferror(stdout)) {
-		fprintf(stderr, "write error\n");
-		return (1);
-	} else
-		return (0);
-}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -1,255 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-dsfromkey.docbook,v 1.10 2009/08/26 21:56:05 jreed Exp $ -->
-<refentry id="man.dnssec-dsfromkey">
-  <refentryinfo>
-    <date>August 26, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-dsfromkey</application></refname>
-    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2009</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg choice="req">-s</arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg><option>-s</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
-      <arg><option>-A</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">dnsname</arg>
-   </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-dsfromkey</command>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-1</term>
-        <listitem>
-          <para>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-2</term>
-        <listitem>
-          <para>
-            Use SHA-256 as the digest algorithm.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Select the digest algorithm. The value of
-            <option>algorithm</option> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for key files (or, in keyset mode,
-            <filename>keyset-</filename> files) in
-            <option>directory</option>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">file</replaceable></term>
-        <listitem>
-          <para>
-            Zone file mode: in place of the keyfile name, the argument is
-            the DNS domain name of a zone master file, which can be read
-            from <option>file</option>.  If the zone name is the same as
-            <option>file</option>, then it may be omitted.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A</term>
-        <listitem>
-          <para>
-            Include ZSK's when generating DS records.  Without this option,
-            only keys which have the KSK flag set will be converted to DS
-            records and printed.  Useful only in zone file mode. 
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">domain</replaceable></term>
-        <listitem>
-          <para>
-            Generate a DLV set instead of a DS set.  The specified
-            <option>domain</option> is appended to the name for each
-            record in the set.
-            The DNSSEC Lookaside Validation (DLV) RR is described
-            in RFC 4431.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s</term>
-        <listitem>
-          <para>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the DNS class (default is IN).  Useful only
-            in keyset or zone file mode.
-          </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      To build the SHA-256 DS RR from the
-      <userinput>Kexample.com.+003+26160</userinput>
-      keyfile name, the following command would be issued:
-    </para>
-    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-      The command would print something like:
-    </para>
-    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para>
-      The keyfile can be designed by the key identification
-      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
-      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
-      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
-    </para>
-    <para>
-      The keyset file name is built from the <option>directory</option>,
-      the string <filename>keyset-</filename> and the
-      <option>dnsname</option>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>CAVEAT</title>
-    <para>
-      A keyfile error can give a "file not found" even if the file exists.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 3658</citetitle>,
-      <citetitle>RFC 4431</citetitle>.
-      <citetitle>RFC 4509</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-dsfromkey.html

@@ -1,154 +0,0 @@
-<!--
- - Copyright (C) 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-dsfromkey.html,v 1.11 2009/08/27 01:14:39 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543461"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543473"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-1</span></dt>
-<dd><p>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </p></dd>
-<dt><span class="term">-2</span></dt>
-<dd><p>
-            Use SHA-256 as the digest algorithm.
-          </p></dd>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Select the digest algorithm. The value of
-            <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for key files (or, in keyset mode,
-            <code class="filename">keyset-</code> files) in
-            <code class="option">directory</code>.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
-<dd><p>
-            Zone file mode: in place of the keyfile name, the argument is
-            the DNS domain name of a zone master file, which can be read
-            from <code class="option">file</code>.  If the zone name is the same as
-            <code class="option">file</code>, then it may be omitted.
-          </p></dd>
-<dt><span class="term">-A</span></dt>
-<dd><p>
-            Include ZSK's when generating DS records.  Without this option,
-            only keys which have the KSK flag set will be converted to DS
-            records and printed.  Useful only in zone file mode. 
-          </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-            Generate a DLV set instead of a DS set.  The specified
-            <code class="option">domain</code> is appended to the name for each
-            record in the set.
-            The DNSSEC Lookaside Validation (DLV) RR is described
-            in RFC 4431.
-          </p></dd>
-<dt><span class="term">-s</span></dt>
-<dd><p>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specifies the DNS class (default is IN).  Useful only
-            in keyset or zone file mode.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543659"></a><h2>EXAMPLE</h2>
-<p>
-      To build the SHA-256 DS RR from the
-      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-      keyfile name, the following command would be issued:
-    </p>
-<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
-    </p>
-<p>
-      The command would print something like:
-    </p>
-<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543689"></a><h2>FILES</h2>
-<p>
-      The keyfile can be designed by the key identification
-      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
-      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
-      <span class="refentrytitle">dnssec-keygen</span>(8).
-    </p>
-<p>
-      The keyset file name is built from the <code class="option">directory</code>,
-      the string <code class="filename">keyset-</code> and the
-      <code class="option">dnsname</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543724"></a><h2>CAVEAT</h2>
-<p>
-      A keyfile error can give a "file not found" even if the file exists.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543734"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 3658</em>,
-      <em class="citetitle">RFC 4431</em>.
-      <em class="citetitle">RFC 4509</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543773"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,219 +0,0 @@
-.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.17 2010/01/20 01:14:19 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-keyfromlabel
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: February 8, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-keyfromlabel \- DNSSEC key generation tool
-.SH "SYNOPSIS"
-.HP 20
-\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-keyfromlabel\fR
-gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. This must match the name of the zone for which the key is being generated.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
-.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
-.sp
-Note 2: DH automatically sets the \-k flag.
-.RE
-.PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pkcs11".
-.RE
-.PP
-\-l \fIlabel\fR
-.RS 4
-Specifies the label of the key pair in the crypto hardware. The label may be preceded by an optional OpenSSL engine name, separated by a colon, as in "pkcs11:keylabel".
-.RE
-.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.RE
-.PP
-\-C
-.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
-\fBdnssec\-keyfromlabel\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
-\fB\-C\fR
-option suppresses them.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
-.RE
-.PP
-\-G
-.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-keyfromlabel\fR.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to be written.
-.RE
-.PP
-\-k
-.RS 4
-Generate KEY records rather than DNSKEY records.
-.RE
-.PP
-\-p \fIprotocol\fR
-.RS 4
-Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Indicates the use of the key.
-\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-y
-.RS 4
-Allows DNSSEC key files to be generated even if the key ID would collide with that of an existing key, in the event of either key being revoked. (This is only safe to use if you are sure you won't be using RFC 5011 trust anchor maintenance with either of the keys involved.)
-.RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-U \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
-.SH "GENERATED KEY FILES"
-.PP
-When
-\fBdnssec\-keyfromlabel\fR
-completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key files it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
-.PP
-\fBdnssec\-keyfromlabel\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
-.PP
-The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
-.PP
-The
-\fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 4034.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,557 +0,0 @@
-/*
- * Copyright (C) 2007-2010  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-keyfromlabel.c,v 1.31 2010/01/19 23:48:55 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <ctype.h>
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/region.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/dnssec.h>
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/secalg.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#define MAX_RSA 4096 /* should be long enough... */
-
-const char *program = "dnssec-keyfromlabel";
-int verbose;
-
-#define DEFAULT_ALGORITHM "RSASHA1"
-#define DEFAULT_NSEC3_ALGORITHM "NSEC3RSASHA1"
-
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
-			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512";
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -l label [options] name\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -l label: label of the key pair\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
-	fprintf(stderr, "       (default: RSASHA1, or "
-			       "NSEC3RSASHA1 if using -3)\n");
-	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
-	fprintf(stderr, "    -c class (default: IN)\n");
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E enginename (default: pkcs11)\n");
-#else
-	fprintf(stderr, "    -E enginename\n");
-#endif
-	fprintf(stderr, "    -f keyflag: KSK | REVOKE\n");
-	fprintf(stderr, "    -K directory: directory in which to place "
-			"key files\n");
-	fprintf(stderr, "    -k: generate a TYPE=KEY key\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
-	fprintf(stderr, "    -p protocol: default: 3 [dnssec]\n");
-	fprintf(stderr, "    -t type: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -y: permit keys that might collide\n");
-	fprintf(stderr, "    -v verbose level\n");
-	fprintf(stderr, "Date options:\n");
-	fprintf(stderr, "    -P date/[+-]offset: set key publication date\n");
-	fprintf(stderr, "    -A date/[+-]offset: set key activation date\n");
-	fprintf(stderr, "    -R date/[+-]offset: set key revocation date\n");
-	fprintf(stderr, "    -I date/[+-]offset: set key inactivation date\n");
-	fprintf(stderr, "    -D date/[+-]offset: set key deletion date\n");
-	fprintf(stderr, "    -G: generate key only; do not set -P or -A\n");
-	fprintf(stderr, "    -C: generate a backward-compatible key, omitting"
-			" all dates\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-			"K<name>+<alg>+<id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *nametype = NULL, *type = NULL;
-	const char	*directory = NULL;
-#ifdef USE_PKCS11
-	const char	*engine = "pkcs11";
-#else
-	const char	*engine = NULL;
-#endif
-	char		*classname = NULL;
-	char		*endp;
-	dst_key_t	*key = NULL;
-	dns_fixedname_t	fname;
-	dns_name_t	*name;
-	isc_uint16_t	flags = 0, kskflag = 0, revflag = 0;
-	dns_secalg_t	alg;
-	isc_boolean_t	oldstyle = ISC_FALSE;
-	isc_mem_t	*mctx = NULL;
-	int		ch;
-	int		protocol = -1, signatory = 0;
-	isc_result_t	ret;
-	isc_textregion_t r;
-	char		filename[255];
-	isc_buffer_t	buf;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char		*label = NULL;
-	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
-	isc_stdtime_t	inactive = 0, delete = 0;
-	isc_stdtime_t	now;
-	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
-	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE;
-	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
-	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
-	isc_boolean_t	unsetdel = ISC_FALSE;
-	isc_boolean_t	genonly = ISC_FALSE;
-	isc_boolean_t	use_nsec3 = ISC_FALSE;
-	isc_boolean_t   avoid_collisions = ISC_TRUE;
-	isc_boolean_t	exact;
-	unsigned char	c;
-
-	if (argc == 1)
-		usage();
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	isc_stdtime_get(&now);
-
-	while ((ch = isc_commandline_parse(argc, argv,
-				"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
-	{
-	    switch (ch) {
-		case '3':
-			use_nsec3 = ISC_TRUE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			break;
-		case 'C':
-			oldstyle = ISC_TRUE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'E':
-			engine = isc_commandline_argument;
-			break;
-		case 'f':
-			c = (unsigned char)(isc_commandline_argument[0]);
-			if (toupper(c) == 'K')
-				kskflag = DNS_KEYFLAG_KSK;
-			else if (toupper(c) == 'R')
-				revflag = DNS_KEYFLAG_REVOKE;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
-		case 'K':
-			directory = isc_commandline_argument;
-			ret = try_dir(directory);
-			if (ret != ISC_R_SUCCESS)
-				fatal("cannot open directory %s: %s",
-				      directory, isc_result_totext(ret));
-			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
-		case 'l':
-			label = isc_mem_strdup(mctx, isc_commandline_argument);
-			break;
-		case 'n':
-			nametype = isc_commandline_argument;
-			break;
-		case 'p':
-			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255)
-				fatal("-p must be followed by a number "
-				      "[0..255]");
-			break;
-		case 't':
-			type = isc_commandline_argument;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'y':
-			avoid_collisions = ISC_FALSE;
-			break;
-		case 'G':
-			genonly = ISC_TRUE;
-			break;
-		case 'P':
-			if (setpub || unsetpub)
-				fatal("-P specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setpub = ISC_TRUE;
-				publish = strtotime(isc_commandline_argument,
-						    now, now);
-			} else {
-				unsetpub = ISC_TRUE;
-			}
-			break;
-		case 'A':
-			if (setact || unsetact)
-				fatal("-A specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setact = ISC_TRUE;
-				activate = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetact = ISC_TRUE;
-			}
-			break;
-		case 'R':
-			if (setrev || unsetrev)
-				fatal("-R specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setrev = ISC_TRUE;
-				revoke = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetrev = ISC_TRUE;
-			}
-			break;
-		case 'I':
-			if (setinact || unsetinact)
-				fatal("-I specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setinact = ISC_TRUE;
-				inactive = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetinact = ISC_TRUE;
-			}
-			break;
-		case 'D':
-			if (setdel || unsetdel)
-				fatal("-D specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setdel = ISC_TRUE;
-				delete = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetdel = ISC_TRUE;
-			}
-			break;
-		case 'F':
-			/* Reserved for FIPS mode */
-			/* FALLTHROUGH */
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	ret = dst_lib_init2(mctx, ectx, engine,
-			    ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (ret != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
-		      isc_result_totext(ret));
-
-	setup_logging(verbose, mctx, &log);
-
-	if (label == NULL)
-		fatal("the key label was not specified");
-	if (argc < isc_commandline_index + 1)
-		fatal("the key name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (strchr(label, ':') == NULL &&
-	    engine != NULL && strlen(engine) != 0U) {
-		char *l;
-		int len;
-
-		len = strlen(label) + strlen(engine) + 2;
-		l = isc_mem_allocate(mctx, len);
-		if (l == NULL)
-			fatal("cannot allocate memory");
-		snprintf(l, len, "%s:%s", engine, label);
-		isc_mem_free(mctx, label);
-		label = l;
-	}
-
-	if (algname == NULL) {
-		if (use_nsec3)
-			algname = strdup(DEFAULT_NSEC3_ALGORITHM);
-		else
-			algname = strdup(DEFAULT_ALGORITHM);
-		if (verbose > 0)
-			fprintf(stderr, "no algorithm specified; "
-				"defaulting to %s\n", algname);
-	}
-
-	if (strcasecmp(algname, "RSA") == 0) {
-		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
-				"If you still wish to use RSA (RSAMD5) please "
-				"specify \"-a RSAMD5\"\n");
-		return (1);
-	} else {
-		r.base = algname;
-		r.length = strlen(algname);
-		ret = dns_secalg_fromtext(&alg, &r);
-		if (ret != ISC_R_SUCCESS)
-			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
-	}
-
-	if (use_nsec3 &&
-	    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
-	    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512) {
-		fatal("%s is incompatible with NSEC3; "
-		      "do not use the -3 option", algname);
-	}
-
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-		if (strcasecmp(type, "NOAUTH") == 0)
-			flags |= DNS_KEYTYPE_NOAUTH;
-		else if (strcasecmp(type, "NOCONF") == 0)
-			flags |= DNS_KEYTYPE_NOCONF;
-		else if (strcasecmp(type, "NOAUTHCONF") == 0) {
-			flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
-		}
-		else if (strcasecmp(type, "AUTHCONF") == 0)
-			/* nothing */;
-		else
-			fatal("invalid type %s", type);
-	}
-
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
-		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
-		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if (directory == NULL)
-		directory = ".";
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
-		flags |= kskflag;
-		flags |= revflag;
-	}
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
-
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
-	}
-
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    alg == DNS_KEYALG_DH)
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
-	dns_fixedname_init(&fname);
-	name = dns_fixedname_name(&fname);
-	isc_buffer_init(&buf, argv[isc_commandline_index],
-			strlen(argv[isc_commandline_index]));
-	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
-	ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
-	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
-		      isc_result_totext(ret));
-
-	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
-
-	/* associate the key */
-	ret = dst_key_fromlabel(name, alg, flags, protocol,
-				rdclass, engine, label, NULL, mctx, &key);
-	isc_entropy_stopcallbacksources(ectx);
-
-	if (ret != ISC_R_SUCCESS) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char algstr[DNS_SECALG_FORMATSIZE];
-		dns_name_format(name, namestr, sizeof(namestr));
-		dns_secalg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to get key %s/%s: %s\n",
-		      namestr, algstr, isc_result_totext(ret));
-		/* NOTREACHED */
-		exit(-1);
-	}
-
-	/*
-	 * Set key timing metadata (unless using -C)
-	 *
-	 * Publish and activation dates are set to "now" by default, but
-	 * can be overridden.  Creation date is always set to "now".
-	 */
-	if (!oldstyle) {
-		dst_key_settime(key, DST_TIME_CREATED, now);
-
-		if (genonly && (setpub || setact))
-			fatal("cannot use -G together with -P or -A options");
-
-		if (setpub)
-			dst_key_settime(key, DST_TIME_PUBLISH, publish);
-		else if (setact)
-			dst_key_settime(key, DST_TIME_PUBLISH, activate);
-		else if (!genonly && !unsetpub)
-			dst_key_settime(key, DST_TIME_PUBLISH, now);
-
-		if (setact)
-			dst_key_settime(key, DST_TIME_ACTIVATE, activate);
-		else if (!genonly && !unsetact)
-			dst_key_settime(key, DST_TIME_ACTIVATE, now);
-
-		if (setrev) {
-			if (kskflag == 0)
-				fprintf(stderr, "%s: warning: Key is "
-					"not flagged as a KSK, but -R "
-					"was used. Revoking a ZSK is "
-					"legal, but undefined.\n",
-					program);
-			dst_key_settime(key, DST_TIME_REVOKE, revoke);
-		}
-
-		if (setinact)
-			dst_key_settime(key, DST_TIME_INACTIVE, inactive);
-
-		if (setdel)
-			dst_key_settime(key, DST_TIME_DELETE, delete);
-	} else {
-		if (setpub || setact || setrev || setinact ||
-		    setdel || unsetpub || unsetact ||
-		    unsetrev || unsetinact || unsetdel || genonly)
-			fatal("cannot use -C together with "
-			      "-P, -A, -R, -I, -D, or -G options");
-		/*
-		 * Compatibility mode: Private-key-format
-		 * should be set to 1.2.
-		 */
-		dst_key_setprivateformat(key, 1, 2);
-	}
-
-	/*
-	 * Do not overwrite an existing key.  Warn LOUDLY if there
-	 * is a risk of ID collision due to this key or another key
-	 * being revoked.
-	 */
-	if (key_collision(dst_key_id(key), name, directory, alg, mctx, &exact))
-	{
-		isc_buffer_clear(&buf);
-		ret = dst_key_buildfilename(key, 0, directory, &buf);
-		if (exact)
-			fatal("%s: %s already exists\n", program, filename);
-
-		if (avoid_collisions)
-			fatal("%s: %s could collide with another key upon "
-			      "revokation\n", program, filename);
-
-		fprintf(stderr, "%s: WARNING: Key %s could collide with "
-				"another key upon revokation.  If you plan "
-				"to revoke keys, destroy this key and "
-				"generate a different one.\n",
-				program, filename);
-	}
-
-	ret = dst_key_tofile(key, options, directory);
-	if (ret != ISC_R_SUCCESS) {
-		char keystr[DST_KEY_FORMATSIZE];
-		dst_key_format(key, keystr, sizeof(keystr));
-		fatal("failed to write key %s: %s\n", keystr,
-		      isc_result_totext(ret));
-	}
-
-	isc_buffer_clear(&buf);
-	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	printf("%s\n", filename);
-	dst_key_free(&key);
-
-	cleanup_logging(&log);
-	cleanup_entropy(&ectx);
-	dst_lib_destroy();
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_free(mctx, label);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -1,428 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.17 2010/01/19 23:48:55 tbox Exp $ -->
-<refentry id="man.dnssec-keyfromlabel">
-  <refentryinfo>
-    <date>February 8, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keyfromlabel</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keyfromlabel</command>
-      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
-      <arg><option>-3</option></arg>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-G</option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-k</option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-y</option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-keyfromlabel</command>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  This must match the name of the zone for which the key is
-      being generated.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-	  <para>
-	    Selects the cryptographic algorithm.  The value of
-            <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-	    These values are case insensitive.
-	  </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </para>
-          <para>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </para>
-          <para>
-            Note 2: DH automatically sets the -k flag.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3</term>
-        <listitem>
-          <para>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the name of the crypto hardware (OpenSSL engine).
-            When compiled with PKCS#11 support it defaults to "pkcs11".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">label</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the label of the key pair in the crypto hardware.
-            The label may be preceded by an optional OpenSSL engine name,
-            separated by a colon, as in "pkcs11:keylabel".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the owner type of the key.  The value of
-            <option>nametype</option> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-C</term>
-        <listitem>
-          <para>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <command>dnssec-keyfromlabel</command>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <option>-C</option> option suppresses them.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-G</term>
-        <listitem>
-          <para>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-keyfromlabel</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to be written.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k</term>
-        <listitem>
-          <para>
-            Generate KEY records rather than DNSKEY records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-        <listitem>
-          <para>
-            Sets the protocol value for the key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-        <listitem>
-          <para>
-            Indicates the use of the key.  <option>type</option> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-y</term>
-        <listitem>
-          <para>
-            Allows DNSSEC key files to be generated even if the key ID
-	    would collide with that of an existing key, in the event of
-	    either key being revoked.  (This is only safe to use if you
-            are sure you won't be using RFC 5011 trust anchor maintenance
-            with either of the keys involved.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-U <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEY FILES</title>
-    <para>
-      When <command>dnssec-keyfromlabel</command> completes
-      successfully,
-      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para><filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>aaa</filename> is the numeric representation
-          of the algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>iiiii</filename> is the key identifier (or
-          footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para><command>dnssec-keyfromlabel</command> 
-      creates two files, with names based
-      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-      contains the public key, and
-      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
-      private key.
-    </para>
-    <para>
-      The <filename>.key</filename> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </para>
-    <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,265 +0,0 @@
-<!--
- - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.16 2010/01/20 01:14:19 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543491"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  This must match the name of the zone for which the key is
-      being generated.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543509"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-<p>
-	    Selects the cryptographic algorithm.  The value of
-            <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-	    These values are case insensitive.
-	  </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </p>
-<p>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </p>
-<p>
-            Note 2: DH automatically sets the -k flag.
-          </p>
-</dd>
-<dt><span class="term">-3</span></dt>
-<dd><p>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Specifies the name of the crypto hardware (OpenSSL engine).
-            When compiled with PKCS#11 support it defaults to "pkcs11".
-          </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
-<dd><p>
-            Specifies the label of the key pair in the crypto hardware.
-            The label may be preceded by an optional OpenSSL engine name,
-            separated by a colon, as in "pkcs11:keylabel".
-          </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-            Specifies the owner type of the key.  The value of
-            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-C</span></dt>
-<dd><p>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <code class="option">-C</code> option suppresses them.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </p></dd>
-<dt><span class="term">-G</span></dt>
-<dd><p>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-keyfromlabel</strong></span>.
-          </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to be written.
-          </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-            Generate KEY records rather than DNSKEY records.
-          </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-            Sets the protocol value for the key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-            Indicates the use of the key.  <code class="option">type</code> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-y</span></dt>
-<dd><p>
-            Allows DNSSEC key files to be generated even if the key ID
-	    would collide with that of an existing key, in the event of
-	    either key being revoked.  (This is only safe to use if you
-            are sure you won't be using RFC 5011 trust anchor maintenance
-            with either of the keys involved.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543873"></a><h2>TIMING OPTIONS</h2>
-<p>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </p></dd>
-<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </p></dd>
-<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </p></dd>
-<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </p></dd>
-<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544039"></a><h2>GENERATED KEY FILES</h2>
-<p>
-      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
-      successfully,
-      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
-        </p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
-          of the algorithm.
-        </p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
-          footprint).
-        </p></li>
-</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 
-      creates two files, with names based
-      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
-      contains the public key, and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
-      private key.
-    </p>
-<p>
-      The <code class="filename">.key</code> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </p>
-<p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544112"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4034</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544145"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keygen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.53 2009/11/03 21:58:30 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.23.18.17 2009/07/11 01:31:44 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,64 +33,34 @@
 dnssec\-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP 14
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY (Transaction Key) as defined in RFC 2930.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
 .PP
 \-a \fIalgorithm\fR
 .RS 4
-Selects the cryptographic algorithm. For DNSSEC keys, the value of
+Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
 .sp
 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
 .sp
-Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the \-T KEY option.
+Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
 .RE
 .PP
 \-b \fIkeysize\fR
 .RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
-.sp
-The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
-\fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
-\fB\-a\fR, then there is no default key size, and the
-\fB\-b\fR
-must be used.
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
 .RE
 .PP
 \-n \fInametype\fR
 .RS 4
 Specifies the owner type of the key. The value of
 \fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
-.RE
-.PP
-\-3
-.RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256 and RSASHA512 algorithms are NSEC3\-capable.
-.RE
-.PP
-\-C
-.RS 4
-Compatibility mode: generates an old\-style key, without any metadata. By default,
-\fBdnssec\-keygen\fR
-will include the key's creation date in the metadata stored with the private key, and other dates may be set there as well (publication date, activation date, etc). Keys that include this data may be incompatible with older versions of BIND; the
-\fB\-C\fR
-option suppresses them.
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
 .RE
 .PP
 \-c \fIclass\fR
@@ -98,11 +68,6 @@ option suppresses them.
 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
 .RE
 .PP
-\-E \fIengine\fR
-.RS 4
-Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.PP
 \-e
 .RS 4
 If generating an RSAMD5/RSASHA1 key, use a large exponent.
@@ -110,12 +75,7 @@ If generating an RSAMD5/RSASHA1 key, use a large exponent.
 .PP
 \-f \fIflag\fR
 .RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flags are KSK (Key Signing Key) and REVOKE.
-.RE
-.PP
-\-G
-.RS 4
-Generate a key, but do not publish it or sign with it. This option is incompatible with \-P and \-A.
+Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
 .RE
 .PP
 \-g \fIgenerator\fR
@@ -129,14 +89,9 @@ Prints a short summary of the options and arguments to
 \fBdnssec\-keygen\fR.
 .RE
 .PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to be written.
-.RE
-.PP
 \-k
 .RS 4
-Deprecated in favor of \-T KEY.
+Generate KEY records rather than DNSKEY records.
 .RE
 .PP
 \-p \fIprotocol\fR
@@ -144,15 +99,6 @@ Deprecated in favor of \-T KEY.
 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
 .RE
 .PP
-\-q
-.RS 4
-Quiet mode: Suppresses unnecessary output, including progress indication. Without this option, when
-\fBdnssec\-keygen\fR
-is run interactively to generate an RSA or DSA key pair, it will print a string of symbols to
-\fIstderr\fR
-indicating the progress of the key generation. A '.' indicates that a random number has been found which passed an initial sieve test; '+' means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key.
-.RE
-.PP
 \-r \fIrandomdev\fR
 .RS 4
 Specifies the source of randomness. If the operating system does not provide a
@@ -169,14 +115,6 @@ indicates that keyboard input should be used.
 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
 .RE
 .PP
-\-T \fIrrtype\fR
-.RS 4
-Specifies the resource record type to use for the key.
-\fBrrtype\fR
-must be either DNSKEY or KEY. The default is DNSKEY when using a DNSSEC algorithm, but it can be overridden to KEY for use with SIG(0).
-Using any TSIG algorithm (HMAC\-* or DH) forces this option to KEY.
-.RE
-.PP
 \-t \fItype\fR
 .RS 4
 Indicates the use of the key.
@@ -188,34 +126,6 @@ must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF.
 .RS 4
 Sets the debugging level.
 .RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it. If not set, and if the \-G option has not been used, the default is "now".
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-I \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
 .SH "GENERATED KEYS"
 .PP
 When
@@ -279,12 +189,12 @@ and
 BIND 9 Administrator Reference Manual,
 RFC 2539,
 RFC 2845,
-RFC 4034.
+RFC 4033.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dnssec/dnssec-keygen.c

@@ -1,19 +1,6 @@
 /*
- * Portions Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  * Portions Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -29,15 +16,13 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.112 2010/01/19 23:48:55 tbox Exp $ */
+/* $Id: dnssec-keygen.c,v 1.66.18.10 2007/08/28 07:19:55 tbox Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
-#include <ctype.h>
 #include <stdlib.h>
-#include <unistd.h>
 
 #include <isc/buffer.h>
 #include <isc/commandline.h>
@@ -47,7 +32,6 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
-#include <dns/dnssec.h>
 #include <dns/fixedname.h>
 #include <dns/keyvalues.h>
 #include <dns/log.h>
@@ -65,98 +49,9 @@
 const char *program = "dnssec-keygen";
 int verbose;
 
-#define DEFAULT_ALGORITHM "RSASHA1"
-#define DEFAULT_NSEC3_ALGORITHM "NSEC3RSASHA1"
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void progress(int p);
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s [options] name\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "    -K <directory>: write keys into directory\n");
-	fprintf(stderr, "    -a <algorithm>:\n");
-	fprintf(stderr, "        RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
-				" | NSEC3DSA |\n");
-	fprintf(stderr, "        RSASHA256 | RSASHA512 |\n");
-	fprintf(stderr, "        DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
-				"HMAC-SHA256 | \n");
-	fprintf(stderr, "        HMAC-SHA384 | HMAC-SHA512\n");
-	fprintf(stderr, "       (default: RSASHA1, or "
-			       "NSEC3RSASHA1 if using -3)\n");
-	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
-	fprintf(stderr, "    -b <key size in bits>:\n");
-	fprintf(stderr, "	 RSAMD5:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA1:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 NSEC3RSASHA1:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA256:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA512:\t[1024..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 DH:\t\t[128..4096]\n");
-	fprintf(stderr, "	 DSA:\t\t[512..1024] and divisible by 64\n");
-	fprintf(stderr, "	 NSEC3DSA:\t[512..1024] and divisible "
-				"by 64\n");
-	fprintf(stderr, "	 HMAC-MD5:\t[1..512]\n");
-	fprintf(stderr, "	 HMAC-SHA1:\t[1..160]\n");
-	fprintf(stderr, "	 HMAC-SHA224:\t[1..224]\n");
-	fprintf(stderr, "	 HMAC-SHA256:\t[1..256]\n");
-	fprintf(stderr, "	 HMAC-SHA384:\t[1..384]\n");
-	fprintf(stderr, "	 HMAC-SHA512:\t[1..512]\n");
-	fprintf(stderr, "        (if using the default algorithm, key size\n"
-			"        defaults to 2048 for KSK, or 1024 for all "
-			"others)\n");
-	fprintf(stderr, "    -n <nametype>: ZONE | HOST | ENTITY | "
-					    "USER | OTHER\n");
-	fprintf(stderr, "	 (DNSKEY generation defaults to ZONE)\n");
-	fprintf(stderr, "    -c <class>: (default: IN)\n");
-	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E <engine name> (default \"pkcs11\")\n");
-#else
-	fprintf(stderr, "    -E <engine name>\n");
-#endif
-	fprintf(stderr, "    -e: use large exponent (RSAMD5/RSASHA1 only)\n");
-	fprintf(stderr, "    -f <keyflag>: KSK | REVOKE\n");
-	fprintf(stderr, "    -g <generator>: use specified generator "
-			"(DH only)\n");
-	fprintf(stderr, "    -p <protocol>: (default: 3 [dnssec])\n");
-	fprintf(stderr, "    -s <strength>: strength value this key signs DNS "
-			"records with (default: 0)\n");
-	fprintf(stderr, "    -T <rrtype>: DNSKEY | KEY (default: DNSKEY; "
-			"use KEY for SIG(0))\n");
-	fprintf(stderr, "    -t <type>: "
-			"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-			"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");
-
-	fprintf(stderr, "    -h: print usage and exit\n");
-	fprintf(stderr, "    -m <memory debugging mode>:\n");
-	fprintf(stderr, "	usage | trace | record | size | mctx\n");
-	fprintf(stderr, "    -v <level>: set verbosity level (0 - 10)\n");
-	fprintf(stderr, "Timing options:\n");
-	fprintf(stderr, "    -P date/[+-]offset/none: set key publication date "
-						"(default: now)\n");
-	fprintf(stderr, "    -A date/[+-]offset/none: set key activation date "
-						"(default: now)\n");
-	fprintf(stderr, "    -R date/[+-]offset/none: set key "
-						     "revocation date\n");
-	fprintf(stderr, "    -I date/[+-]offset/none: set key "
-						     "inactivation date\n");
-	fprintf(stderr, "    -D date/[+-]offset/none: set key deletion date\n");
-	fprintf(stderr, "    -G: generate key only; do not set -P or -A\n");
-	fprintf(stderr, "    -C: generate a backward-compatible key, omitting "
-			"all dates\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-			"K<name>+<alg>+<id>.private\n");
-
-	exit (-1);
-}
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |"
+			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | "
+			  " HMAC-SHA384 | HMAC-SHA512";
 
 static isc_boolean_t
 dsa_size_ok(int size) {
@@ -164,115 +59,85 @@ dsa_size_ok(int size) {
 }
 
 static void
-progress(int p)
-{
-	char c = '*';
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
+		program);
+	fprintf(stderr, "Version: %s\n", VERSION);
+	fprintf(stderr, "Required options:\n");
+	fprintf(stderr, "    -a algorithm: %s\n", algs);
+	fprintf(stderr, "    -b key size, in bits:\n");
+	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);
+	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+	fprintf(stderr, "        DH:\t\t[128..4096]\n");
+	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
+	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
+	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
+	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
+	fprintf(stderr, "        HMAC-SHA256:\t[1..256]\n");
+	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
+	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
+	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+	fprintf(stderr, "    name: owner of the key\n");
+	fprintf(stderr, "Other options:\n");
+	fprintf(stderr, "    -c <class> (default: IN)\n");
+	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");
+	fprintf(stderr, "    -e use large exponent (RSAMD5/RSASHA1 only)\n");
+	fprintf(stderr, "    -f keyflag: KSK\n");
+	fprintf(stderr, "    -g <generator> use specified generator "
+		"(DH only)\n");
+	fprintf(stderr, "    -t <type>: "
+		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+		"(default: AUTHCONF)\n");
+	fprintf(stderr, "    -p <protocol>: "
+	       "default: 3 [dnssec]\n");
+	fprintf(stderr, "    -s <strength> strength value this key signs DNS "
+		"records with (default: 0)\n");
+	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");
+	fprintf(stderr, "    -v <verbose level>\n");
+	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
+	fprintf(stderr, "Output:\n");
+	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
+		"K<name>+<alg>+<id>.private\n");
 
-	switch (p) {
-	case 0:
-		c = '.';
-		break;
-	case 1:
-		c = '+';
-		break;
-	case 2:
-		c = '*';
-		break;
-	case 3:
-		c = ' ';
-		break;
-	default:
-		break;
-	}
-	(void) putc(c, stderr);
-	(void) fflush(stderr);
+	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char	        *algname = NULL, *nametype = NULL, *type = NULL;
+	char		*algname = NULL, *nametype = NULL, *type = NULL;
 	char		*classname = NULL;
 	char		*endp;
-	dst_key_t	*key = NULL;
+	dst_key_t	*key = NULL, *oldkey;
 	dns_fixedname_t	fname;
 	dns_name_t	*name;
-	isc_uint16_t	flags = 0, kskflag = 0, revflag = 0;
+	isc_uint16_t	flags = 0, ksk = 0;
 	dns_secalg_t	alg;
 	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;
-	isc_boolean_t	oldstyle = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
 	int		ch, rsa_exp = 0, generator = 0, param = 0;
 	int		protocol = -1, size = -1, signatory = 0;
 	isc_result_t	ret;
 	isc_textregion_t r;
 	char		filename[255];
-	const char	*directory = NULL;
 	isc_buffer_t	buf;
 	isc_log_t	*log = NULL;
 	isc_entropy_t	*ectx = NULL;
-#ifdef USE_PKCS11
-	const char	*engine = "pkcs11";
-#else
-	const char	*engine = NULL;
-#endif
 	dns_rdataclass_t rdclass;
 	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
 	int		dbits = 0;
-	isc_boolean_t	use_default = ISC_FALSE, use_nsec3 = ISC_FALSE;
-	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
-	isc_stdtime_t	inactive = 0, delete = 0;
-	isc_stdtime_t	now;
-	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
-	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE;
-	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
-	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
-	isc_boolean_t	unsetdel = ISC_FALSE;
-	isc_boolean_t	genonly = ISC_FALSE;
-	isc_boolean_t	quiet = ISC_FALSE;
-	isc_boolean_t	show_progress = ISC_FALSE;
-	unsigned char	c;
 
 	if (argc == 1)
 		usage();
 
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	/*
-	 * Process memory debugging argument first.
-	 */
-#define CMDLINE_FLAGS "3a:b:Cc:d:E:eFf:g:K:km:n:p:qr:s:T:t:v:hGP:A:R:I:D:"
-	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-		switch (ch) {
-		case 'm':
-			if (strcasecmp(isc_commandline_argument, "record") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			if (strcasecmp(isc_commandline_argument, "trace") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			if (strcasecmp(isc_commandline_argument, "usage") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			if (strcasecmp(isc_commandline_argument, "size") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-			if (strcasecmp(isc_commandline_argument, "mctx") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-			break;
-		default:
-			break;
-		}
-	}
-	isc_commandline_reset = ISC_TRUE;
-
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
-	isc_stdtime_get(&now);
+	dns_result_register();
 
-	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
+	while ((ch = isc_commandline_parse(argc, argv,
+					   "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
+	{
 	    switch (ch) {
-		case '3':
-			use_nsec3 = ISC_TRUE;
-			break;
 		case 'a':
 			algname = isc_commandline_argument;
 			break;
@@ -281,9 +146,6 @@ main(int argc, char **argv) {
 			if (*endp != '\0' || size < 0)
 				fatal("-b requires a non-negative number");
 			break;
-		case 'C':
-			oldstyle = ISC_TRUE;
-			break;
 		case 'c':
 			classname = isc_commandline_argument;
 			break;
@@ -292,18 +154,12 @@ main(int argc, char **argv) {
 			if (*endp != '\0' || dbits < 0)
 				fatal("-d requires a non-negative number");
 			break;
-		case 'E':
-			engine = isc_commandline_argument;
-			break;
 		case 'e':
 			rsa_exp = 1;
 			break;
 		case 'f':
-			c = (unsigned char)(isc_commandline_argument[0]);
-			if (toupper(c) == 'K')
-				kskflag = DNS_KEYFLAG_KSK;
-			else if (toupper(c) == 'R')
-				revflag = DNS_KEYFLAG_REVOKE;
+			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
+				ksk = DNS_KEYFLAG_KSK;
 			else
 				fatal("unknown flag '%s'",
 				      isc_commandline_argument);
@@ -314,22 +170,14 @@ main(int argc, char **argv) {
 			if (*endp != '\0' || generator <= 0)
 				fatal("-g requires a positive number");
 			break;
-		case 'K':
-			directory = isc_commandline_argument;
-			ret = try_dir(directory);
-			if (ret != ISC_R_SUCCESS)
-				fatal("cannot open directory %s: %s",
-				      directory, isc_result_totext(ret));
-			break;
 		case 'k':
-			fatal("The -k option has been deprecated.\n"
-			      "To generate a key-signing key, use -f KSK.\n"
-			      "To generate a key with TYPE=KEY, use -T KEY.\n");
+			options |= DST_TYPE_KEY;
 			break;
 		case 'n':
 			nametype = isc_commandline_argument;
 			break;
-		case 'm':
+		case 't':
+			type = isc_commandline_argument;
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
@@ -337,12 +185,6 @@ main(int argc, char **argv) {
 				fatal("-p must be followed by a number "
 				      "[0..255]");
 			break;
-		case 'q':
-			quiet = ISC_TRUE;
-			break;
-		case 'r':
-			setup_entropy(mctx, isc_commandline_argument, &ectx);
-			break;
 		case 's':
 			signatory = strtol(isc_commandline_argument,
 					   &endp, 10);
@@ -350,19 +192,8 @@ main(int argc, char **argv) {
 				fatal("-s must be followed by a number "
 				      "[0..15]");
 			break;
-		case 'T':
-			if (strcasecmp(isc_commandline_argument, "KEY") == 0)
-				options |= DST_TYPE_KEY;
-			else if (strcasecmp(isc_commandline_argument,
-				 "DNSKEY") == 0)
-				/* default behavior */
-				;
-			else
-				fatal("unknown type '%s'",
-				      isc_commandline_argument);
-			break;
-		case 't':
-			type = isc_commandline_argument;
+		case 'r':
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 		case 'v':
 			endp = NULL;
@@ -370,100 +201,22 @@ main(int argc, char **argv) {
 			if (*endp != '\0')
 				fatal("-v must be followed by a number");
 			break;
-		case 'z':
-			/* already the default */
-			break;
-		case 'G':
-			genonly = ISC_TRUE;
-			break;
-		case 'P':
-			if (setpub || unsetpub)
-				fatal("-P specified more than once");
 
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setpub = ISC_TRUE;
-				publish = strtotime(isc_commandline_argument,
-						    now, now);
-			} else {
-				unsetpub = ISC_TRUE;
-			}
-			break;
-		case 'A':
-			if (setact || unsetact)
-				fatal("-A specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setact = ISC_TRUE;
-				activate = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetact = ISC_TRUE;
-			}
-			break;
-		case 'R':
-			if (setrev || unsetrev)
-				fatal("-R specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setrev = ISC_TRUE;
-				revoke = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetrev = ISC_TRUE;
-			}
-			break;
-		case 'I':
-			if (setinact || unsetinact)
-				fatal("-I specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setinact = ISC_TRUE;
-				inactive = strtotime(isc_commandline_argument,
-						     now, now);
-			} else {
-				unsetinact = ISC_TRUE;
-			}
-			break;
-		case 'D':
-			if (setdel || unsetdel)
-				fatal("-D specified more than once");
-
-			if (strcasecmp(isc_commandline_argument, "none")) {
-				setdel = ISC_TRUE;
-				delete = strtotime(isc_commandline_argument,
-						   now, now);
-			} else {
-				unsetdel = ISC_TRUE;
-			}
-			break;
-		case 'F':
-			/* Reserved for FIPS mode */
-			/* FALLTHROUGH */
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
 		case 'h':
 			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
+			fprintf(stderr, "%s: invalid argument -%c\n",
+				program, ch);
+			usage();
 		}
 	}
 
-	if (!isatty(0))
-		quiet = ISC_TRUE;
-
 	if (ectx == NULL)
 		setup_entropy(mctx, NULL, &ectx);
-	ret = dst_lib_init2(mctx, ectx, engine,
-			    ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	ret = dst_lib_init(mctx, ectx,
+			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (ret != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
-		      isc_result_totext(ret));
+		fatal("could not initialize dst");
 
 	setup_logging(verbose, mctx, &log);
 
@@ -472,17 +225,8 @@ main(int argc, char **argv) {
 	if (argc > isc_commandline_index + 1)
 		fatal("extraneous arguments");
 
-	if (algname == NULL) {
-		use_default = ISC_TRUE;
-		if (use_nsec3)
-			algname = strdup(DEFAULT_NSEC3_ALGORITHM);
-		else
-			algname = strdup(DEFAULT_ALGORITHM);
-		if (verbose > 0)
-			fprintf(stderr, "no algorithm specified; "
-				"defaulting to %s\n", algname);
-	}
-
+	if (algname == NULL)
+		fatal("no algorithm was specified");
 	if (strcasecmp(algname, "RSA") == 0) {
 		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
 				"If you still wish to use RSA (RSAMD5) please "
@@ -516,13 +260,6 @@ main(int argc, char **argv) {
 			options |= DST_TYPE_KEY;
 	}
 
-	if (use_nsec3 &&
-	    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
-	    alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512) {
-		fatal("%s is incompatible with NSEC3; "
-		      "do not use the -3 option", algname);
-	}
-
 	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
 		if (strcasecmp(type, "NOAUTH") == 0)
 			flags |= DNS_KEYTYPE_NOAUTH;
@@ -539,35 +276,20 @@ main(int argc, char **argv) {
 			fatal("invalid type %s", type);
 	}
 
-	if (size < 0) {
-		if (use_default) {
-			size = ((kskflag & DNS_KEYFLAG_KSK) != 0) ? 2048 : 1024;
-			if (verbose > 0)
-				fprintf(stderr, "key size not specified; "
-					"defaulting to %d\n", size);
-		} else {
-			fatal("key size not specified (-b option)");
-		}
-	}
+	if (size < 0)
+		fatal("key size not specified (-b option)");
 
 	switch (alg) {
 	case DNS_KEYALG_RSAMD5:
 	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
 		if (size != 0 && (size < 512 || size > MAX_RSA))
 			fatal("RSA key size %d out of range", size);
 		break;
-	case DNS_KEYALG_RSASHA512:
-		if (size != 0 && (size < 1024 || size > MAX_RSA))
-			fatal("RSA key size %d out of range", size);
-		break;
 	case DNS_KEYALG_DH:
 		if (size != 0 && (size < 128 || size > 4096))
 			fatal("DH key size %d out of range", size);
 		break;
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
 		if (size != 0 && !dsa_size_ok(size))
 			fatal("invalid DSS key size: %d", size);
 		break;
@@ -627,21 +349,18 @@ main(int argc, char **argv) {
 		break;
 	}
 
-	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
-	      alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
-	      alg == DNS_KEYALG_RSASHA512) && rsa_exp != 0)
+	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1) &&
+	    rsa_exp != 0)
 		fatal("specified RSA exponent for a non-RSA key");
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
 		fatal("specified DH generator for a non-DH key");
 
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
+	if (nametype == NULL)
+		fatal("no nametype specified");
+	if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY / HMAC */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
 		if (strcasecmp(nametype, "host") == 0 ||
 			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
@@ -654,15 +373,10 @@ main(int argc, char **argv) {
 
 	rdclass = strtoclass(classname);
 
-	if (directory == NULL)
-		directory = ".";
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
 		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
-		flags |= kskflag;
-		flags |= revflag;
-	}
+	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
+		flags |= ksk;
 
 	if (protocol == -1)
 		protocol = DNS_KEYPROTO_DNSSEC;
@@ -690,7 +404,7 @@ main(int argc, char **argv) {
 	isc_buffer_init(&buf, argv[isc_commandline_index],
 			strlen(argv[isc_commandline_index]));
 	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
-	ret = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL);
+	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
 	if (ret != ISC_R_SUCCESS)
 		fatal("invalid key name %s: %s", argv[isc_commandline_index],
 		      isc_result_totext(ret));
@@ -698,22 +412,12 @@ main(int argc, char **argv) {
 	switch(alg) {
 	case DNS_KEYALG_RSAMD5:
 	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
-	case DNS_KEYALG_RSASHA512:
 		param = rsa_exp;
-		show_progress = ISC_TRUE;
 		break;
-
 	case DNS_KEYALG_DH:
 		param = generator;
 		break;
-
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
-		show_progress = ISC_TRUE;
-		/* fall through */
-
 	case DST_ALG_HMACMD5:
 	case DST_ALG_HMACSHA1:
 	case DST_ALG_HMACSHA224:
@@ -731,127 +435,62 @@ main(int argc, char **argv) {
 
 	do {
 		conflict = ISC_FALSE;
+		oldkey = NULL;
 
-		if (!quiet && show_progress) {
-			fprintf(stderr, "Generating key pair.");
-			ret = dst_key_generate2(name, alg, size, param, flags,
-						protocol, rdclass, mctx, &key,
-						&progress);
-			putc('\n', stderr);
-			fflush(stderr);
-		} else {
-			ret = dst_key_generate2(name, alg, size, param, flags,
-						protocol, rdclass, mctx, &key,
-						NULL);
-		}
-
+		/* generate the key */
+		ret = dst_key_generate(name, alg, size, param, flags, protocol,
+				       rdclass, mctx, &key);
 		isc_entropy_stopcallbacksources(ectx);
 
 		if (ret != ISC_R_SUCCESS) {
 			char namestr[DNS_NAME_FORMATSIZE];
-			char algstr[DNS_SECALG_FORMATSIZE];
+			char algstr[ALG_FORMATSIZE];
 			dns_name_format(name, namestr, sizeof(namestr));
-			dns_secalg_format(alg, algstr, sizeof(algstr));
+			alg_format(alg, algstr, sizeof(algstr));
 			fatal("failed to generate key %s/%s: %s\n",
 			      namestr, algstr, isc_result_totext(ret));
-			/* NOTREACHED */
 			exit(-1);
 		}
 
 		dst_key_setbits(key, dbits);
 
 		/*
-		 * Set key timing metadata (unless using -C)
-		 *
-		 * Publish and activation dates are set to "now" by default,
-		 * but can be overridden.  Creation date is always set to
-		 * "now".
+		 * Try to read a key with the same name, alg and id from disk.
+		 * If there is one we must continue generating a new one
+		 * unless we were asked to generate a null key, in which
+		 * case we return failure.
 		 */
-		if (!oldstyle) {
-			dst_key_settime(key, DST_TIME_CREATED, now);
-
-			if (genonly && (setpub || setact))
-				fatal("cannot use -G together with "
-				      "-P or -A options");
-
-			if (setpub)
-				dst_key_settime(key, DST_TIME_PUBLISH, publish);
-			else if (setact)
-				dst_key_settime(key, DST_TIME_PUBLISH,
-						activate);
-			else if (!genonly && !unsetpub)
-				dst_key_settime(key, DST_TIME_PUBLISH, now);
-
-			if (setact)
-				dst_key_settime(key, DST_TIME_ACTIVATE,
-						activate);
-			else if (!genonly && !unsetact)
-				dst_key_settime(key, DST_TIME_ACTIVATE, now);
-
-			if (setrev) {
-				if (kskflag == 0)
-					fprintf(stderr, "%s: warning: Key is "
-						"not flagged as a KSK, but -R "
-						"was used. Revoking a ZSK is "
-						"legal, but undefined.\n",
-						program);
-				dst_key_settime(key, DST_TIME_REVOKE, revoke);
-			}
-
-			if (setinact)
-				dst_key_settime(key, DST_TIME_INACTIVE,
-						inactive);
-
-			if (setdel)
-				dst_key_settime(key, DST_TIME_DELETE, delete);
-		} else {
-			if (setpub || setact || setrev || setinact ||
-			    setdel || unsetpub || unsetact ||
-			    unsetrev || unsetinact || unsetdel || genonly)
-				fatal("cannot use -C together with "
-				      "-P, -A, -R, -I, -D, or -G options");
-			/*
-			 * Compatibility mode: Private-key-format
-			 * should be set to 1.2.
-			 */
-			dst_key_setprivateformat(key, 1, 2);
-		}
-
-		/*
-		 * Do not overwrite an existing key, or create a key
-		 * if there is a risk of ID collision due to this key
-		 * or another key being revoked.
-		 */
-		if (key_collision(dst_key_id(key), name, directory,
-				  alg, mctx, NULL)) {
+		ret = dst_key_fromfile(name, dst_key_id(key), alg,
+				       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
+		/* do not overwrite an existing key  */
+		if (ret == ISC_R_SUCCESS) {
+			dst_key_free(&oldkey);
 			conflict = ISC_TRUE;
-			if (null_key) {
-				dst_key_free(&key);
+			if (null_key)
 				break;
-			}
-
+		}
+		if (conflict == ISC_TRUE) {
 			if (verbose > 0) {
 				isc_buffer_clear(&buf);
-				dst_key_buildfilename(key, 0, directory, &buf);
+				ret = dst_key_buildfilename(key, 0, NULL, &buf);
 				fprintf(stderr,
-					"%s: %s already exists, or might "
-					"collide with another key upon "
-					"revokation.  Generating a new key\n",
+					"%s: %s already exists, "
+					"generating a new key\n",
 					program, filename);
 			}
-
 			dst_key_free(&key);
 		}
+
 	} while (conflict == ISC_TRUE);
 
 	if (conflict)
-		fatal("cannot generate a null key due to possible key ID "
-		      "collision");
+		fatal("cannot generate a null key when a key with id 0 "
+		      "already exists");
 
-	ret = dst_key_tofile(key, options, directory);
+	ret = dst_key_tofile(key, options, NULL);
 	if (ret != ISC_R_SUCCESS) {
-		char keystr[DST_KEY_FORMATSIZE];
-		dst_key_format(key, keystr, sizeof(keystr));
+		char keystr[KEY_FORMATSIZE];
+		key_format(key, keystr, sizeof(keystr));
 		fatal("failed to write key %s: %s\n", keystr,
 		      isc_result_totext(ret));
 	}

bin/dnssec/dnssec-keygen.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.33 2009/11/03 21:44:46 each Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.13 2008/10/15 23:46:06 tbox Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -41,7 +41,6 @@
       <year>2005</year>
       <year>2007</year>
       <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -56,32 +55,20 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>dnssec-keygen</command>
-      <arg><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg ><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-3</option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-C</option></arg>
+      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
+      <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
+      <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg><option>-e</option></arg>
       <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-G</option></arg>
       <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
       <arg><option>-h</option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-k</option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-q</option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-z</option></arg>
       <arg choice="req">name</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -91,13 +78,7 @@
     <para><command>dnssec-keygen</command>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
-      (Transaction Key) as defined in RFC 2930.
-    </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
+      TSIG (Transaction Signatures), as defined in RFC 2845.
     </para>
   </refsect1>
 
@@ -109,29 +90,18 @@
         <term>-a <replaceable class="parameter">algorithm</replaceable></term>
         <listitem>
           <para>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-	    For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
+            Selects the cryptographic algorithm.  The value of
+            <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </para>
           <para>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </para>
           <para>
-            Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
-            automatically set the -T KEY option.
+            Note 2: HMAC-MD5 and DH automatically set the -k flag.
           </para>
         </listitem>
       </varlistentry>
@@ -141,21 +111,13 @@
         <listitem>
           <para>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
           </para>
-          <para>
-            The key size does not need to be specified if using a default
-            algorithm.  The default key size is 1024 bits for zone signing
-            keys (ZSK's) and 2048 bits for key signing keys (KSK's,
-            generated with <option>-f KSK</option>).  However, if an
-            algorithm is explicitly specified with the <option>-a</option>,
-            then there is no default key size, and the <option>-b</option>
-            must be used.
-          </para>
         </listitem>
       </varlistentry>
 
@@ -168,36 +130,8 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3</term>
-        <listitem>
-          <para>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256 and RSASHA512 algorithms
-	    are NSEC3-capable.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-C</term>
-        <listitem>
-          <para>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <command>dnssec-keygen</command>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <option>-C</option> option suppresses them.
+            These values are
+            case insensitive.
           </para>
         </listitem>
       </varlistentry>
@@ -212,18 +146,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Uses a crypto hardware (OpenSSL engine) for random number
-            and, when supported, key generation. When compiled with PKCS#11
-            support it defaults to pkcs11; the empty name resets it to
-            no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-e</term>
         <listitem>
@@ -238,17 +160,7 @@
         <listitem>
           <para>
             Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-G</term>
-        <listitem>
-          <para>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
+            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
           </para>
         </listitem>
       </varlistentry>
@@ -275,20 +187,11 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to be written.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-k</term>
         <listitem>
           <para>
-            Deprecated in favor of -T KEY.
+            Generate KEY records rather than DNSKEY records.
           </para>
         </listitem>
       </varlistentry>
@@ -305,25 +208,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-q</term>
-        <listitem>
-          <para>
-            Quiet mode: Suppresses unnecessary output, including
-            progress indication.  Without this option, when
-            <command>dnssec-keygen</command> is run interactively
-            to generate an RSA or DSA key pair, it will print a string
-            of symbols to <filename>stderr</filename> indicating the
-            progress of the key generation.  A '.' indicates that a
-            random number has been found which passed an initial
-            sieve test; '+' means a number has passed a single
-            round of the Miller-Rabin primality test; a space
-            means that the number has passed all the tests and is
-            a satisfactory key.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
         <listitem>
@@ -352,22 +236,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-T <replaceable class="parameter">rrtype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the resource record type to use for the key.
-            <option>rrtype</option> must be either DNSKEY or KEY.  The
-            default is DNSKEY when using a DNSSEC algorithm, but it can be
-            overridden to KEY for use with SIG(0).
-          <para>
-          </para>
-            Using any TSIG algorithm (HMAC-* or DH) forces this option
-            to KEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t <replaceable class="parameter">type</replaceable></term>
         <listitem>
@@ -392,81 +260,6 @@
     </variablelist>
   </refsect1>
 
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-
   <refsect1>
     <title>GENERATED KEYS</title>
     <para>
@@ -550,7 +343,7 @@
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
       <citetitle>RFC 2539</citetitle>,
       <citetitle>RFC 2845</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
+      <citetitle>RFC 4033</citetitle>.
     </para>
   </refsect1>
 

bin/dnssec/dnssec-keygen.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.45 2009/11/03 21:58:30 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.9.18.23 2009/07/11 01:31:44 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,73 +29,46 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543558"></a><h2>DESCRIPTION</h2>
+<a name="id2543477"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
-      (Transaction Key) as defined in RFC 2930.
-    </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
+      TSIG (Transaction Signatures), as defined in RFC 2845.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543576"></a><h2>OPTIONS</h2>
+<a name="id2543489"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-	    For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
+            Selects the cryptographic algorithm.  The value of
+            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </p>
 <p>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </p>
 <p>
-            Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
-            automatically set the -T KEY option.
+            Note 2: HMAC-MD5 and DH automatically set the -k flag.
           </p>
 </dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd>
-<p>
+<dd><p>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
-          </p>
-<p>
-            The key size does not need to be specified if using a default
-            algorithm.  The default key size is 1024 bits for zone signing
-            keys (ZSK's) and 2048 bits for key signing keys (KSK's,
-            generated with <code class="option">-f KSK</code>).  However, if an
-            algorithm is explicitly specified with the <code class="option">-a</code>,
-            then there is no default key size, and the <code class="option">-b</code>
-            must be used.
-          </p>
-</dd>
+          </p></dd>
 <dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
 <dd><p>
             Specifies the owner type of the key.  The value of
@@ -103,39 +76,14 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </p></dd>
-<dt><span class="term">-3</span></dt>
-<dd><p>
-	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
-            If this option is used and no algorithm is explicitly
-            set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256 and RSASHA512 algorithms
-	    are NSEC3-capable.
-          </p></dd>
-<dt><span class="term">-C</span></dt>
-<dd><p>
-	    Compatibility mode:  generates an old-style key, without
-	    any metadata.  By default, <span><strong class="command">dnssec-keygen</strong></span>
-	    will include the key's creation date in the metadata stored
-	    with the private key, and other dates may be set there as well
-	    (publication date, activation date, etc).  Keys that include
-	    this data may be incompatible with older versions of BIND; the
-	    <code class="option">-C</code> option suppresses them.
+            These values are
+            case insensitive.
           </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
             Indicates that the DNS record containing the key should have
             the specified class.  If not specified, class IN is used.
           </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Uses a crypto hardware (OpenSSL engine) for random number
-            and, when supported, key generation. When compiled with PKCS#11
-            support it defaults to pkcs11; the empty name resets it to
-            no engine.
-          </p></dd>
 <dt><span class="term">-e</span></dt>
 <dd><p>
             If generating an RSAMD5/RSASHA1 key, use a large exponent.
@@ -143,12 +91,7 @@
 <dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
 <dd><p>
             Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flags are KSK (Key Signing Key) and REVOKE.
-          </p></dd>
-<dt><span class="term">-G</span></dt>
-<dd><p>
-            Generate a key, but do not publish it or sign with it.  This
-            option is incompatible with -P and -A.
+            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
           </p></dd>
 <dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
 <dd><p>
@@ -162,13 +105,9 @@
             Prints a short summary of the options and arguments to
             <span><strong class="command">dnssec-keygen</strong></span>.
           </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to be written.
-          </p></dd>
 <dt><span class="term">-k</span></dt>
 <dd><p>
-            Deprecated in favor of -T KEY.
+            Generate KEY records rather than DNSKEY records.
           </p></dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
 <dd><p>
@@ -177,20 +116,6 @@
             Other possible values for this argument are listed in
             RFC 2535 and its successors.
           </p></dd>
-<dt><span class="term">-q</span></dt>
-<dd><p>
-            Quiet mode: Suppresses unnecessary output, including
-            progress indication.  Without this option, when
-            <span><strong class="command">dnssec-keygen</strong></span> is run interactively
-            to generate an RSA or DSA key pair, it will print a string
-            of symbols to <code class="filename">stderr</code> indicating the
-            progress of the key generation.  A '.' indicates that a
-            random number has been found which passed an initial
-            sieve test; '+' means a number has passed a single
-            round of the Miller-Rabin primality test; a space
-            means that the number has passed all the tests and is
-            a satisfactory key.
-          </p></dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
 <dd><p>
             Specifies the source of randomness.  If the operating
@@ -209,21 +134,6 @@
             a number between 0 and 15, and currently has no defined
             purpose in DNSSEC.
           </p></dd>
-<dt><span class="term">-T <em class="replaceable"><code>rrtype</code></em></span></dt>
-<dd>
-<p>
-            Specifies the resource record type to use for the key.
-            <code class="option">rrtype</code> must be either DNSKEY or KEY.  The
-            default is DNSKEY when using a DNSSEC algorithm, but it can be
-            overridden to KEY for use with SIG(0).
-          </p>
-<p>
-          </p>
-<p>
-            Using any TSIG algorithm (HMAC-* or DH) forces this option
-            to KEY.
-          </p>
-</dd>
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd><p>
             Indicates the use of the key.  <code class="option">type</code> must be
@@ -238,54 +148,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544128"></a><h2>TIMING OPTIONS</h2>
-<p>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.  If not set, and if the -G option has
-            not been used, the default is "now".
-          </p></dd>
-<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.  If not set, and if the -G option has not been used, the
-            default is "now".
-          </p></dd>
-<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </p></dd>
-<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </p></dd>
-<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544226"></a><h2>GENERATED KEYS</h2>
+<a name="id2543824"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -331,7 +194,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544308"></a><h2>EXAMPLE</h2>
+<a name="id2543906"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -352,16 +215,16 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544352"></a><h2>SEE ALSO</h2>
+<a name="id2543949"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2539</em>,
       <em class="citetitle">RFC 2845</em>,
-      <em class="citetitle">RFC 4034</em>.
+      <em class="citetitle">RFC 4033</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544451"></a><h2>AUTHOR</h2>
+<a name="id2544049"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-revoke.8

@@ -1,83 +0,0 @@
-.\" Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
-.\"
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-revoke.8,v 1.8 2009/11/03 21:58:30 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-revoke
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 1, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-REVOKE" "8" "June 1, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
-.SH "SYNOPSIS"
-.HP 14
-\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] {keyfile}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-revoke\fR
-reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key.
-.SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Emit usage message and exit.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to reside.
-.RE
-.PP
-\-r
-.RS 4
-After writing the new keyset files remove the original keyset files.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.PP
-\-f
-.RS 4
-Force overwrite: Causes
-\fBdnssec\-revoke\fR
-to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 5011.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-revoke.c

@@ -1,266 +0,0 @@
-/*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-revoke.c,v 1.20 2009/12/18 23:49:02 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <libgen.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-revoke";
-int verbose;
-
-static isc_mem_t	*mctx = NULL;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E engine:    specify OpenSSL engine "
-					   "(default \"pkcs11\")\n");
-#else
-	fprintf(stderr, "    -E engine:    specify OpenSSL engine\n");
-#endif
-	fprintf(stderr, "    -f:	   force overwrite\n");
-	fprintf(stderr, "    -K directory: use directory for key files\n");
-	fprintf(stderr, "    -h:	   help\n");
-	fprintf(stderr, "    -r:	   remove old keyfiles after "
-					   "creating revoked version\n");
-	fprintf(stderr, "    -v level:	   set level of verbosity\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			     "K<name>+<alg>+<new id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t result;
-#ifdef USE_PKCS11
-	const char *engine = "pkcs11";
-#else
-	const char *engine = NULL;
-#endif
-	char *filename = NULL, *dir = NULL;
-	char newname[1024], oldname[1024];
-	char keystr[DST_KEY_FORMATSIZE];
-	char *endp;
-	int ch;
-	isc_entropy_t *ectx = NULL;
-	dst_key_t *key = NULL;
-	isc_uint32_t flags;
-	isc_buffer_t buf;
-	isc_boolean_t force = ISC_FALSE;
-	isc_boolean_t remove = ISC_FALSE;
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("Out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) {
-		switch (ch) {
-		    case 'E':
-			engine = isc_commandline_argument;
-			break;
-		    case 'f':
-			force = ISC_TRUE;
-			break;
-		    case 'K':
-			/*
-			 * We don't have to copy it here, but do it to
-			 * simplify cleanup later
-			 */
-			dir = isc_mem_strdup(mctx, isc_commandline_argument);
-			if (dir == NULL) {
-				fatal("Failed to allocate memory for "
-				      "directory");
-			}
-			break;
-		    case 'r':
-			remove = ISC_TRUE;
-			break;
-		    case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		    case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		    case 'h':
-			usage();
-
-		    default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL)
-		fatal("The key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("Extraneous arguments");
-
-	if (dir != NULL) {
-		filename = argv[isc_commandline_index];
-	} else {
-		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
-					    &dir, &filename);
-		if (result != ISC_R_SUCCESS)
-			fatal("cannot process filename %s: %s",
-			      argv[isc_commandline_index],
-			      isc_result_totext(result));
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize hash");
-	result = dst_lib_init2(mctx, ectx, engine,
-			       ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	result = dst_key_fromnamedfile(filename, dir,
-				       DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("Invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	dst_key_format(key, keystr, sizeof(keystr));
-
-	if (verbose > 2)
-		fprintf(stderr, "%s: %s\n", program, keystr);
-
-	if (force)
-		set_keyversion(key);
-	else
-		check_keyversion(key, keystr);
-
-
-	flags = dst_key_flags(key);
-	if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
-		isc_stdtime_t now;
-
-		if ((flags & DNS_KEYFLAG_KSK) == 0)
-			fprintf(stderr, "%s: warning: Key is not flagged "
-					"as a KSK. Revoking a ZSK is "
-					"legal, but undefined.\n",
-					program);
-
-		isc_stdtime_get(&now);
-		dst_key_settime(key, DST_TIME_REVOKE, now);
-
-		dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE);
-
-		isc_buffer_init(&buf, newname, sizeof(newname));
-		dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
-
-		if (access(newname, F_OK) == 0 && !force) {
-			fatal("Key file %s already exists; "
-			      "use -f to force overwrite", newname);
-		}
-
-		result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-					dir);
-		if (result != ISC_R_SUCCESS) {
-			dst_key_format(key, keystr, sizeof(keystr));
-			fatal("Failed to write key %s: %s", keystr,
-			      isc_result_totext(result));
-		}
-
-		printf("%s\n", newname);
-
-		isc_buffer_clear(&buf);
-		dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
-		printf("%s\n", newname);
-
-		/*
-		 * Remove old key file, if told to (and if
-		 * it isn't the same as the new file)
-		 */
-		if (remove && dst_key_alg(key) != DST_ALG_RSAMD5) {
-			isc_buffer_init(&buf, oldname, sizeof(oldname));
-			dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
-			dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
-			if (strcmp(oldname, newname) == 0)
-				goto cleanup;
-			if (access(oldname, F_OK) == 0)
-				unlink(oldname);
-			isc_buffer_clear(&buf);
-			dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
-			if (access(oldname, F_OK) == 0)
-				unlink(oldname);
-		}
-	} else {
-		dst_key_format(key, keystr, sizeof(keystr));
-		fatal("Key %s is already revoked", keystr);
-	}
-
-cleanup:
-	dst_key_free(&key);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_free(mctx, dir);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-revoke.docbook

@@ -1,149 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-revoke.docbook,v 1.7 2009/11/03 21:44:46 each Exp $ -->
-<refentry id="man.dnssec-revoke">
-  <refentryinfo>
-    <date>June 1, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-revoke</application></refname>
-    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-revoke</command>
-      <arg><option>-hr</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg><option>-f</option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-revoke</command>
-      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
-      in RFC 5011, and creates a new pair of key files containing the
-      now-revoked key.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-h</term>
-        <listitem>
-	  <para>
-	    Emit usage message and exit.
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to reside.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r</term>
-        <listitem>
-	  <para>
-	    After writing the new keyset files remove the original keyset
-	    files.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f</term>
-        <listitem>
-          <para>
-            Force overwrite: Causes <command>dnssec-revoke</command> to
-            write the new key pair even if a file already exists matching
-            the algorithm and key ID of the revoked key.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 5011</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-revoke.html

@@ -1,88 +0,0 @@
-<!--
- - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-revoke.html,v 1.8 2009/11/03 21:58:30 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-revoke</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] {keyfile}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543373"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-revoke</strong></span>
-      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
-      in RFC 5011, and creates a new pair of key files containing the
-      now-revoked key.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543385"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Emit usage message and exit.
-	  </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to reside.
-          </p></dd>
-<dt><span class="term">-r</span></dt>
-<dd><p>
-	    After writing the new keyset files remove the original keyset
-	    files.
-	  </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </p></dd>
-<dt><span class="term">-f</span></dt>
-<dd><p>
-            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
-            write the new key pair even if a file already exists matching
-            the algorithm and key ID of the revoked key.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543491"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 5011</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543515"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-settime.8

@@ -1,152 +0,0 @@
-.\" Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
-.\"
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-settime.8,v 1.12 2010/03/10 01:14:18 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-settime
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: July 15, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-SETTIME" "8" "July 15, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-settime \- Set the key timing metadata for a DNSSEC key
-.SH "SYNOPSIS"
-.HP 15
-\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-settime\fR
-reads a DNSSEC private key file and sets the key timing metadata as specified by the
-\fB\-P\fR,
-\fB\-A\fR,
-\fB\-R\fR,
-\fB\-I\fR, and
-\fB\-D\fR
-options. The metadata can then be used by
-\fBdnssec\-signzone\fR
-or other signing software to determine when a key is to be published, whether it should be used for signing a zone, etc.
-.PP
-If none of these options is set on the command line, then
-\fBdnssec\-settime\fR
-simply prints the key timing metadata already stored in the key.
-.PP
-When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR
-and
-\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file.
-.SH "OPTIONS"
-.PP
-\-f
-.RS 4
-Force an update of an old\-format key with no metadata fields. Without this option,
-\fBdnssec\-settime\fR
-will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Sets the directory in which the key files are to reside.
-.RE
-.PP
-\-h
-.RS 4
-Emit usage message and exit.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.SH "TIMING OPTIONS"
-.PP
-Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the argument begins with a '+' or '\-', it is interpreted as an offset from the present time. For convenience, if such an offset is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively. Without a suffix, the offset is computed in seconds. To unset a date, use 'none'.
-.PP
-\-P \fIdate/offset\fR
-.RS 4
-Sets the date on which a key is to be published to the zone. After that date, the key will be included in the zone but will not be used to sign it.
-.RE
-.PP
-\-A \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be activated. After that date, the key will be included in the zone and used to sign it.
-.RE
-.PP
-\-R \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
-.RE
-.PP
-\-I \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
-.RE
-.PP
-\-D \fIdate/offset\fR
-.RS 4
-Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
-.RE
-.SH "PRINTING OPTIONS"
-.PP
-\fBdnssec\-settime\fR
-can also be used to print the timing metadata associated with a key.
-.PP
-\-u
-.RS 4
-Print times in UNIX epoch format.
-.RE
-.PP
-\-p \fIC/P/A/R/I/D/all\fR
-.RS 4
-Print a specific metadata value or set of metadata values. The
-\fB\-p\fR
-option may be followed by one or more of the following letters to indicate which value or values to print:
-\fBC\fR
-for the creation date,
-\fBP\fR
-for the publication date,
-\fBA\fR
-for the activation date,
-\fBR\fR
-for the revocation date,
-\fBI\fR
-for the inactivation date, or
-\fBD\fR
-for the deletion date. To print all of the metadata, use
-\fB\-p all\fR.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 5011.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-settime.c

@@ -1,464 +0,0 @@
-/*
- * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-settime.c,v 1.25 2010/02/03 01:02:37 each Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <libgen.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <time.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/file.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/keyvalues.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-settime";
-int verbose;
-
-static isc_mem_t	*mctx = NULL;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s [options] keyfile\n\n", program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "General options:\n");
-#ifdef USE_PKCS11
-	fprintf(stderr, "    -E engine:          specify OpenSSL engine "
-						 "(default \"pkcs11\")\n");
-#else
-	fprintf(stderr, "    -E engine:          specify OpenSSL engine\n");
-#endif
-	fprintf(stderr, "    -f:                 force update of old-style "
-						 "keys\n");
-	fprintf(stderr, "    -K directory:       set key file location\n");
-	fprintf(stderr, "    -v level:           set level of verbosity\n");
-	fprintf(stderr, "    -h:                 help\n");
-	fprintf(stderr, "Timing options:\n");
-	fprintf(stderr, "    -P date/[+-]offset/none: set/unset key "
-						     "publication date\n");
-	fprintf(stderr, "    -A date/[+-]offset/none: set/unset key "
-						     "activation date\n");
-	fprintf(stderr, "    -R date/[+-]offset/none: set/unset key "
-						     "revocation date\n");
-	fprintf(stderr, "    -I date/[+-]offset/none: set/unset key "
-						     "inactivation date\n");
-	fprintf(stderr, "    -D date/[+-]offset/none: set/unset key "
-						     "deletion date\n");
-	fprintf(stderr, "Printing options:\n");
-	fprintf(stderr, "    -p C/P/A/R/I/D/all: print a particular time "
-						"value or values "
-						"[default: all]\n");
-	fprintf(stderr, "    -u:                 print times in unix epoch "
-						"format\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
-			     "K<name>+<alg>+<new id>.private\n");
-
-	exit (-1);
-}
-
-static void
-printtime(dst_key_t *key, int type, const char *tag, isc_boolean_t epoch,
-	  FILE *stream)
-{
-	isc_result_t result;
-	const char *output = NULL;
-	isc_stdtime_t when;
-
-	if (tag != NULL)
-		fprintf(stream, "%s: ", tag);
-
-	result = dst_key_gettime(key, type, &when);
-	if (result == ISC_R_NOTFOUND) {
-		fprintf(stream, "UNSET\n");
-	} else if (epoch) {
-		fprintf(stream, "%d\n", (int) when);
-	} else {
-		time_t time = when;
-		output = ctime(&time);
-		fprintf(stream, "%s", output);
-	}
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t result;
-#ifdef USE_PKCS11
-	const char *engine = "pkcs11";
-#else
-	const char *engine = NULL;
-#endif
-	char *filename = NULL, *directory = NULL;
-	char newname[1024];
-	char keystr[DST_KEY_FORMATSIZE];
-	char *endp, *p;
-	int ch;
-	isc_entropy_t *ectx = NULL;
-	dst_key_t *key = NULL;
-	isc_buffer_t buf;
-	isc_stdtime_t	now;
-	isc_stdtime_t	pub = 0, act = 0, rev = 0, inact = 0, del = 0;
-	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
-	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE;
-	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
-	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
-	isc_boolean_t	unsetdel = ISC_FALSE;
-	isc_boolean_t	printcreate = ISC_FALSE, printpub = ISC_FALSE;
-	isc_boolean_t	printact = ISC_FALSE,  printrev = ISC_FALSE;
-	isc_boolean_t	printinact = ISC_FALSE, printdel = ISC_FALSE;
-	isc_boolean_t	force = ISC_FALSE;
-	isc_boolean_t   epoch = ISC_FALSE;
-	isc_boolean_t   changed = ISC_FALSE;
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("Out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	isc_stdtime_get(&now);
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "E:fK:uhp:v:P:A:R:I:D:")) != -1) {
-		switch (ch) {
-		case 'E':
-			engine = isc_commandline_argument;
-			break;
-		case 'f':
-			force = ISC_TRUE;
-			break;
-		case 'p':
-			p = isc_commandline_argument;
-			if (!strcasecmp(p, "all")) {
-				printcreate = ISC_TRUE;
-				printpub = ISC_TRUE;
-				printact = ISC_TRUE;
-				printrev = ISC_TRUE;
-				printinact = ISC_TRUE;
-				printdel = ISC_TRUE;
-				break;
-			}
-
-			do {
-				switch (*p++) {
-				case 'C':
-					printcreate = ISC_TRUE;
-					break;
-				case 'P':
-					printpub = ISC_TRUE;
-					break;
-				case 'A':
-					printact = ISC_TRUE;
-					break;
-				case 'R':
-					printrev = ISC_TRUE;
-					break;
-				case 'I':
-					printinact = ISC_TRUE;
-					break;
-				case 'D':
-					printdel = ISC_TRUE;
-					break;
-				case ' ':
-					break;
-				default:
-					usage();
-					break;
-				}
-			} while (*p != '\0');
-			break;
-		case 'u':
-			epoch = ISC_TRUE;
-			break;
-		case 'K':
-			/*
-			 * We don't have to copy it here, but do it to
-			 * simplify cleanup later
-			 */
-			directory = isc_mem_strdup(mctx,
-						   isc_commandline_argument);
-			if (directory == NULL) {
-				fatal("Failed to allocate memory for "
-				      "directory");
-			}
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case 'P':
-			if (setpub || unsetpub)
-				fatal("-P specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetpub = ISC_TRUE;
-			} else {
-				setpub = ISC_TRUE;
-				pub = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'A':
-			if (setact || unsetact)
-				fatal("-A specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetact = ISC_TRUE;
-			} else {
-				setact = ISC_TRUE;
-				act = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'R':
-			if (setrev || unsetrev)
-				fatal("-R specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetrev = ISC_TRUE;
-			} else {
-				setrev = ISC_TRUE;
-				rev = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'I':
-			if (setinact || unsetinact)
-				fatal("-I specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetinact = ISC_TRUE;
-			} else {
-				setinact = ISC_TRUE;
-				inact = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case 'D':
-			if (setdel || unsetdel)
-				fatal("-D specified more than once");
-
-			changed = ISC_TRUE;
-			if (!strcasecmp(isc_commandline_argument, "none")) {
-				unsetdel = ISC_TRUE;
-			} else {
-				setdel = ISC_TRUE;
-				del = strtotime(isc_commandline_argument,
-						now, now);
-			}
-			break;
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (argc < isc_commandline_index + 1 ||
-	    argv[isc_commandline_index] == NULL)
-		fatal("The key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("Extraneous arguments");
-
-	if (directory != NULL) {
-		filename = argv[isc_commandline_index];
-	} else {
-		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
-					    &directory, &filename);
-		if (result != ISC_R_SUCCESS)
-			fatal("cannot process filename %s: %s",
-			      argv[isc_commandline_index],
-			      isc_result_totext(result));
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize hash");
-	result = dst_lib_init2(mctx, ectx, engine,
-			       ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("Could not initialize dst: %s",
-		      isc_result_totext(result));
-	isc_entropy_stopcallbacksources(ectx);
-
-	result = dst_key_fromnamedfile(filename, directory,
-				       DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
-				       mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("Invalid keyfile %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (!dst_key_isprivate(key))
-		fatal("%s is not a private key", filename);
-
-	dst_key_format(key, keystr, sizeof(keystr));
-
-	if (force)
-		set_keyversion(key);
-	else
-		check_keyversion(key, keystr);
-
-	if (verbose > 2)
-		fprintf(stderr, "%s: %s\n", program, keystr);
-
-	/*
-	 * Set time values.
-	 */
-	if (setpub)
-		dst_key_settime(key, DST_TIME_PUBLISH, pub);
-	else if (unsetpub)
-		dst_key_unsettime(key, DST_TIME_PUBLISH);
-
-	if (setact)
-		dst_key_settime(key, DST_TIME_ACTIVATE, act);
-	else if (unsetact)
-		dst_key_unsettime(key, DST_TIME_ACTIVATE);
-
-	if (setrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
-			fprintf(stderr, "%s: warning: Key %s is already "
-					"revoked; changing the revocation date "
-					"will not affect this.\n",
-					program, keystr);
-		if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0)
-			fprintf(stderr, "%s: warning: Key %s is not flagged as "
-					"a KSK, but -R was used.  Revoking a "
-					"ZSK is legal, but undefined.\n",
-					program, keystr);
-		dst_key_settime(key, DST_TIME_REVOKE, rev);
-	} else if (unsetrev) {
-		if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
-			fprintf(stderr, "%s: warning: Key %s is already "
-					"revoked; removing the revocation date "
-					"will not affect this.\n",
-					program, keystr);
-		dst_key_unsettime(key, DST_TIME_REVOKE);
-	}
-
-	if (setinact)
-		dst_key_settime(key, DST_TIME_INACTIVE, inact);
-	else if (unsetinact)
-		dst_key_unsettime(key, DST_TIME_INACTIVE);
-
-	if (setdel)
-		dst_key_settime(key, DST_TIME_DELETE, del);
-	else if (unsetdel)
-		dst_key_unsettime(key, DST_TIME_DELETE);
-
-	/*
-	 * Print out time values, if -p was used.
-	 */
-	if (printcreate)
-		printtime(key, DST_TIME_CREATED, "Created", epoch, stdout);
-
-	if (printpub)
-		printtime(key, DST_TIME_PUBLISH, "Publish", epoch, stdout);
-
-	if (printact)
-		printtime(key, DST_TIME_ACTIVATE, "Activate", epoch, stdout);
-
-	if (printrev)
-		printtime(key, DST_TIME_REVOKE, "Revoke", epoch, stdout);
-
-	if (printinact)
-		printtime(key, DST_TIME_INACTIVE, "Inactive", epoch, stdout);
-
-	if (printdel)
-		printtime(key, DST_TIME_DELETE, "Delete", epoch, stdout);
-
-	if (changed) {
-		isc_buffer_init(&buf, newname, sizeof(newname));
-		result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory,
-					       &buf);
-		if (result != ISC_R_SUCCESS) {
-			fatal("Failed to build public key filename: %s",
-			      isc_result_totext(result));
-		}
-
-		result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-					directory);
-		if (result != ISC_R_SUCCESS) {
-			dst_key_format(key, keystr, sizeof(keystr));
-			fatal("Failed to write key %s: %s", keystr,
-			      isc_result_totext(result));
-		}
-
-		printf("%s\n", newname);
-
-		isc_buffer_clear(&buf);
-		result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory,
-					       &buf);
-		if (result != ISC_R_SUCCESS) {
-			fatal("Failed to build private key filename: %s",
-			      isc_result_totext(result));
-		}
-		printf("%s\n", newname);
-	}
-
-	dst_key_free(&key);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_free(mctx, directory);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-settime.docbook

@@ -1,278 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-settime.docbook,v 1.10 2010/03/09 03:35:34 marka Exp $ -->
-<refentry id="man.dnssec-settime">
-  <refentryinfo>
-    <date>July 15, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-settime</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-settime</application></refname>
-    <refpurpose>Set the key timing metadata for a DNSSEC key</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <year>2010</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-settime</command>
-      <arg><option>-f</option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-settime</command>
-      reads a DNSSEC private key file and sets the key timing metadata
-      as specified by the <option>-P</option>, <option>-A</option>,
-      <option>-R</option>, <option>-I</option>, and <option>-D</option>
-      options.  The metadata can then be used by
-      <command>dnssec-signzone</command> or other signing software to
-      determine when a key is to be published, whether it should be
-      used for signing a zone, etc.
-    </para>
-    <para>
-      If none of these options is set on the command line,
-      then <command>dnssec-settime</command> simply prints the key timing
-      metadata already stored in the key.
-    </para>
-    <para>
-      When key metadata fields are changed, both files of a key
-      pair (<filename>Knnnn.+aaa+iiiii.key</filename> and
-      <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated.
-      Metadata fields are stored in the private file.  A human-readable
-      description of the metadata is also placed in comments in the key
-      file.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-	<term>-f</term>
-        <listitem>
-	  <para>
-	    Force an update of an old-format key with no metadata fields.
-            Without this option, <command>dnssec-settime</command> will
-            fail when attempting to update a legacy key.  With this option,
-            the key will be recreated in the new format, but with the
-            original key data retained.  The key's creation date will be
-            set to the present time. 
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Sets the directory in which the key files are to reside.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-        <listitem>
-	  <para>
-	    Emit usage message and exit.
-	  </para>
-        </listitem>
-      </varlistentry>
-  
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>TIMING OPTIONS</title>
-    <para>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.  To unset a date, use 'none'.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-        <term>-P <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-R <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D <replaceable class="parameter">date/offset</replaceable></term>
-        <listitem>
-          <para>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>PRINTING OPTIONS</title>
-    <para>
-      <command>dnssec-settime</command> can also be used to print the
-      timing metadata associated with a key.
-    </para>
-
-    <variablelist>
-      <varlistentry>
-	<term>-u</term>
-        <listitem>
-	  <para>
-	    Print times in UNIX epoch format.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">C/P/A/R/I/D/all</replaceable></term>
-        <listitem>
-	  <para>
-	    Print a specific metadata value or set of metadata values.
-            The <option>-p</option> option may be followed by one or more
-            of the following letters to indicate which value or values to print:
-            <option>C</option> for the creation date,
-            <option>P</option> for the publication date,
-            <option>A</option> for the activation date,
-            <option>R</option> for the revocation date,
-            <option>I</option> for the inactivation date, or
-            <option>D</option> for the deletion date.
-            To print all of the metadata, use <option>-p all</option>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 5011</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-settime.html

@@ -1,175 +0,0 @@
-<!--
- - Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-settime.html,v 1.12 2010/03/10 01:14:18 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-settime</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-settime"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543419"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-settime</strong></span>
-      reads a DNSSEC private key file and sets the key timing metadata
-      as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
-      <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
-      options.  The metadata can then be used by
-      <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
-      determine when a key is to be published, whether it should be
-      used for signing a zone, etc.
-    </p>
-<p>
-      If none of these options is set on the command line,
-      then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
-      metadata already stored in the key.
-    </p>
-<p>
-      When key metadata fields are changed, both files of a key
-      pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
-      Metadata fields are stored in the private file.  A human-readable
-      description of the metadata is also placed in comments in the key
-      file.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543467"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-f</span></dt>
-<dd><p>
-	    Force an update of an old-format key with no metadata fields.
-            Without this option, <span><strong class="command">dnssec-settime</strong></span> will
-            fail when attempting to update a legacy key.  With this option,
-            the key will be recreated in the new format, but with the
-            original key data retained.  The key's creation date will be
-            set to the present time. 
-	  </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Sets the directory in which the key files are to reside.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-	    Emit usage message and exit.
-	  </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Use the given OpenSSL engine. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543559"></a><h2>TIMING OPTIONS</h2>
-<p>
-      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
-      If the argument begins with a '+' or '-', it is interpreted as
-      an offset from the present time.  For convenience, if such an offset
-      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
-      then the offset is computed in years (defined as 365 24-hour days,
-      ignoring leap years), months (defined as 30 24-hour days), weeks,
-      days, hours, or minutes, respectively.  Without a suffix, the offset
-      is computed in seconds.  To unset a date, use 'none'.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which a key is to be published to the zone.
-            After that date, the key will be included in the zone but will
-            not be used to sign it.
-          </p></dd>
-<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be activated.  After that
-            date, the key will be included in the zone and used to sign
-            it.
-          </p></dd>
-<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be revoked.  After that
-            date, the key will be flagged as revoked.  It will be included
-            in the zone and will be used to sign it.
-          </p></dd>
-<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be retired.  After that
-            date, the key will still be included in the zone, but it
-            will not be used to sign it.
-          </p></dd>
-<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
-<dd><p>
-            Sets the date on which the key is to be deleted.  After that
-            date, the key will no longer be included in the zone.  (It
-            may remain in the key repository, however.)
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543657"></a><h2>PRINTING OPTIONS</h2>
-<p>
-      <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
-      timing metadata associated with a key.
-    </p>
-<div class="variablelist"><dl>
-<dt><span class="term">-u</span></dt>
-<dd><p>
-	    Print times in UNIX epoch format.
-	  </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>C/P/A/R/I/D/all</code></em></span></dt>
-<dd><p>
-	    Print a specific metadata value or set of metadata values.
-            The <code class="option">-p</code> option may be followed by one or more
-            of the following letters to indicate which value or values to print:
-            <code class="option">C</code> for the creation date,
-            <code class="option">P</code> for the publication date,
-            <code class="option">A</code> for the activation date,
-            <code class="option">R</code> for the revocation date,
-            <code class="option">I</code> for the inactivation date, or
-            <code class="option">D</code> for the deletion date.
-            To print all of the metadata, use <code class="option">-p all</code>.
-	  </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543735"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 5011</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543768"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-signzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,18 +13,18 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.59 2009/12/04 01:13:44 tbox Exp $
+.\" $Id: dnssec-signzone.8,v 1.28.18.20 2009/07/11 01:31:44 tbox Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dnssec\-signzone
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 05, 2009
+.\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
 .\"
-.TH "DNSSEC\-SIGNZONE" "8" "June 05, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -33,7 +33,7 @@
 dnssec\-signzone \- DNSSEC zone signing tool
 .SH "SYNOPSIS"
 .HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-signzone\fR
@@ -52,45 +52,6 @@ Verify all generated signatures.
 Specifies the DNS class of the zone.
 .RE
 .PP
-\-C
-.RS 4
-Compatibility mode: Generate a
-\fIkeyset\-\fR\fI\fIzonename\fR\fR
-file in addition to
-\fIdsset\-\fR\fI\fIzonename\fR\fR
-when signing a zone, for use by older versions of
-\fBdnssec\-signzone\fR.
-.RE
-.PP
-\-d \fIdirectory\fR
-.RS 4
-Look for
-\fIdsset\-\fR
-or
-\fIkeyset\-\fR
-files in
-\fBdirectory\fR.
-.RE
-.PP
-\-E \fIengine\fR
-.RS 4
-Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
-.RE
-.PP
-\-g
-.RS 4
-Generate DS records for child zones from
-\fIdsset\-\fR
-or
-\fIkeyset\-\fR
-file. Existing DS records will be removed.
-.RE
-.PP
-\-K \fIdirectory\fR
-.RS 4
-Key repository: Specify a directory to search for DNSSEC keys. If not specified, defaults to the current directory.
-.RE
-.PP
 \-k \fIkey\fR
 .RS 4
 Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
@@ -101,6 +62,20 @@ Treat specified key as a key signing key ignoring any key flags. This option may
 Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
 .RE
 .PP
+\-d \fIdirectory\fR
+.RS 4
+Look for
+\fIkeyset\fR
+files in
+\fBdirectory\fR
+as the directory
+.RE
+.PP
+\-g
+.RS 4
+Generate DS records for child zones from keyset files. Existing DS records will be removed.
+.RE
+.PP
 \-s \fIstart\-time\fR
 .RS 4
 Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
@@ -114,9 +89,6 @@ Specify the date and time when the generated RRSIG records expire. As with
 \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
 \fBend\-time\fR
 is specified, 30 days from the start time is used as a default.
-\fBend\-time\fR
-must be later than
-\fBstart\-time\fR.
 .RE
 .PP
 \-f \fIoutput\-file\fR
@@ -214,13 +186,6 @@ The format of the output file containing the signed zone. Possible formats are
 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
 .RE
 .PP
-\-P
-.RS 4
-Disable post sign verification tests.
-.sp
-The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
-.RE
-.PP
 \-r \fIrandomdev\fR
 .RS 4
 Specifies the source of randomness. If the operating system does not provide a
@@ -232,94 +197,19 @@ specifies the name of a character device or file containing random data to be us
 indicates that keyboard input should be used.
 .RE
 .PP
-\-S
-.RS 4
-Smart signing: Instructs
-\fBdnssec\-signzone\fR
-to search the key repository for keys that match the zone being signed, and to include them in the zone if appropriate.
-.sp
-When a key is found, its timing metadata is examined to determine how it should be used, according to the following rules. Each successive rule takes priority over the prior ones:
-.RS 4
-.PP
-.RS 4
-If no timing metadata has been set for the key, the key is published in the zone and used to sign the zone.
-.RE
-.PP
-.RS 4
-If the key's publication date is set and is in the past, the key is published in the zone.
-.RE
-.PP
-.RS 4
-If the key's activation date is set and in the past, the key is published (regardless of publication date) and used to sign the zone.
-.RE
-.PP
-.RS 4
-If the key's revocation date is set and in the past, and the key is published, then the key is revoked, and the revoked key is used to sign the zone.
-.RE
-.PP
-.RS 4
-If either of the key's unpublication or deletion dates are set and in the past, the key is NOT published or used to sign the zone, regardless of any other metadata.
-.RE
-.RE
-.RE
-.PP
-\-T \fIttl\fR
-.RS 4
-Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without
-\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them.
-.RE
-.PP
 \-t
 .RS 4
 Print statistics at completion.
 .RE
 .PP
-\-u
-.RS 4
-Update NSEC/NSEC3 chain when re\-signing a previously signed zone. With this option, a zone signed with NSEC can be switched to NSEC3, or a zone signed with NSEC3 can be switch to NSEC or to NSEC3 with different parameters. Without this option,
-\fBdnssec\-signzone\fR
-will retain the existing chain when re\-signing.
-.RE
-.PP
 \-v \fIlevel\fR
 .RS 4
 Sets the debugging level.
 .RE
 .PP
-\-x
-.RS 4
-Only sign the DNSKEY RRset with key\-signing keys, and omit signatures from zone\-signing keys. (This is similar to the
-\fBdnssec\-dnskey\-kskonly yes;\fR
-zone option in
-\fBnamed\fR.)
-.RE
-.PP
 \-z
 .RS 4
-Ignore KSK flag on key when determining what to sign. This causes KSK\-flagged keys to sign all records, not just the DNSKEY RRset. (This is similar to the
-\fBupdate\-check\-ksk no;\fR
-zone option in
-\fBnamed\fR.)
-.RE
-.PP
-\-3 \fIsalt\fR
-.RS 4
-Generate an NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain.
-.RE
-.PP
-\-H \fIiterations\fR
-.RS 4
-When generating an NSEC3 chain, use this many interations. The default is 10.
-.RE
-.PP
-\-A
-.RS 4
-When generating an NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations.
-.sp
-Using this option twice (i.e.,
-\fB\-AA\fR) turns the OPTOUT flag off for all records. This is useful when using the
-\fB\-u\fR
-option to modify an NSEC3 chain which previously had OPTOUT set.
+Ignore KSK flag on key when determining what to sign.
 .RE
 .PP
 zonefile
@@ -337,11 +227,9 @@ The following command signs the
 \fBexample.com\fR
 zone with the DSA key generated by
 \fBdnssec\-keygen\fR
-(Kexample.com.+003+17247). Because the
-\fB\-S\fR
-option is not being used, the zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
-\fIdsset\fR
-files, in the current directory, so that DS records can be imported from them (\fB\-g\fR).
+(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
+\fIkeyset\fR
+files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
 .sp
 .RS 4
 .nf
@@ -378,7 +266,7 @@ RFC 4033.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2008 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dnssec/dnssec-signzone.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,10 +18,10 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.10.18.19 2008/10/15 23:46:06 tbox Exp $ -->
 <refentry id="man.dnssec-signzone">
   <refentryinfo>
-    <date>June 05, 2009</date>
+    <date>June 30, 2000</date>
   </refentryinfo>
 
   <refmeta>
@@ -42,7 +42,6 @@
       <year>2006</year>
       <year>2007</year>
       <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -60,12 +59,10 @@
       <arg><option>-a</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
       <arg><option>-g</option></arg>
       <arg><option>-h</option></arg>
-      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
@@ -75,19 +72,11 @@
       <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
       <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
       <arg><option>-p</option></arg>
-      <arg><option>-P</option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-S</option></arg>
       <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-      <arg><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg><option>-t</option></arg>
-      <arg><option>-u</option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-x</option></arg>
       <arg><option>-z</option></arg>
-      <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
-      <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
-      <arg><option>-A</option></arg>
       <arg choice="req">zonefile</arg>
       <arg rep="repeat">key</arg>
     </cmdsynopsis>
@@ -127,63 +116,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-C</term>
-        <listitem>
-          <para>
-            Compatibility mode: Generate a
-            <filename>keyset-<replaceable>zonename</replaceable></filename>
-            file in addition to
-            <filename>dsset-<replaceable>zonename</replaceable></filename>
-            when signing a zone, for use by older versions of
-            <command>dnssec-signzone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-d <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for <filename>dsset-</filename> or
-            <filename>keyset-</filename> files in <option>directory</option>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-E <replaceable class="parameter">engine</replaceable></term>
-        <listitem>
-          <para>
-            Uses a crypto hardware (OpenSSL engine) for the crypto operations
-            it supports, for instance signing with private keys from
-            a secure key store. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-g</term>
-        <listitem>
-          <para>
-            Generate DS records for child zones from
-            <filename>dsset-</filename> or <filename>keyset-</filename>
-            file.  Existing DS records will be removed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-K <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Key repository: Specify a directory to search for DNSSEC keys.
-            If not specified, defaults to the current directory.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-k <replaceable class="parameter">key</replaceable></term>
         <listitem>
@@ -204,6 +136,26 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-d <replaceable class="parameter">directory</replaceable></term>
+        <listitem>
+          <para>
+            Look for <filename>keyset</filename> files in
+            <option>directory</option> as the directory
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-g</term>
+        <listitem>
+          <para>
+            Generate DS records for child zones from keyset files.
+            Existing DS records will be removed.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-s <replaceable class="parameter">start-time</replaceable></term>
         <listitem>
@@ -231,8 +183,6 @@
             the start time.  A time relative to the current time is
             indicated with now+N.  If no <option>end-time</option> is
             specified, 30 days from the start time is used as a default.
-            <option>end-time</option> must be later than
-            <option>start-time</option>.
           </para>
         </listitem>
       </varlistentry>
@@ -405,22 +355,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-P</term>
-        <listitem>
-          <para>
-	    Disable post sign verification tests.
-          </para>
-          <para>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
         <listitem>
@@ -438,89 +372,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-S</term>
-        <listitem>
-          <para>
-            Smart signing: Instructs <command>dnssec-signzone</command> to
-            search the key repository for keys that match the zone being
-            signed, and to include them in the zone if appropriate.
-          </para>
-          <para>
-            When a key is found, its timing metadata is examined to
-            determine how it should be used, according to the following
-            rules.  Each successive rule takes priority over the prior
-            ones:
-          </para>
-          <variablelist>
-	    <varlistentry>
-              <listitem>
-                <para>
-                  If no timing metadata has been set for the key, the key is
-                  published in the zone and used to sign the zone.
-                </para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-              <listitem>
-                <para>
-                  If the key's publication date is set and is in the past, the
-                  key is published in the zone.
-                </para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-              <listitem>
-                <para>
-                  If the key's activation date is set and in the past, the
-                  key is published (regardless of publication date) and
-                  used to sign the zone.  
-                </para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-              <listitem>
-                <para>
-                  If the key's revocation date is set and in the past, and the
-                  key is published, then the key is revoked, and the revoked key
-                  is used to sign the zone.
-                </para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-              <listitem>
-                <para>
-                  If either of the key's unpublication or deletion dates are set
-                  and in the past, the key is NOT published or used to sign the
-                  zone, regardless of any other metadata.
-                </para>
-	      </listitem>
-            </varlistentry>
-	 </variablelist>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-T <replaceable class="parameter">ttl</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the TTL to be used for new DNSKEY records imported
-            into the zone from the key repository.  If not specified,
-            the default is the minimum TTL value from the zone's SOA
-            record.  This option is ignored when signing without
-            <option>-S</option>, since DNSKEY records are not imported
-            from the key repository in that case.  It is also ignored if
-            there are any pre-existing DNSKEY records at the zone apex,
-            in which case new records' TTL values will be set to match
-            them.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t</term>
         <listitem>
@@ -530,20 +381,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-u</term>
-        <listitem>
-          <para>
-            Update NSEC/NSEC3 chain when re-signing a previously signed
-            zone.  With this option, a zone signed with NSEC can be
-            switched to NSEC3, or a zone signed with NSEC3 can
-            be switch to NSEC or to NSEC3 with different parameters.
-            Without this option, <command>dnssec-signzone</command> will
-            retain the existing chain when re-signing.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-v <replaceable class="parameter">level</replaceable></term>
         <listitem>
@@ -553,65 +390,11 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-x</term>
-        <listitem>
-          <para>
-            Only sign the DNSKEY RRset with key-signing keys, and omit
-            signatures from zone-signing keys.  (This is similar to the
-            <command>dnssec-dnskey-kskonly yes;</command> zone option in
-            <command>named</command>.)
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-z</term>
         <listitem>
           <para>
-            Ignore KSK flag on key when determining what to sign.  This
-            causes KSK-flagged keys to sign all records, not just the
-            DNSKEY RRset.  (This is similar to the
-            <command>update-check-ksk no;</command> zone option in
-            <command>named</command>.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3 <replaceable class="parameter">salt</replaceable></term>
-        <listitem>
-          <para>
-            Generate an NSEC3 chain with the given hex encoded salt.
-	    A dash (<replaceable class="parameter">salt</replaceable>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-H <replaceable class="parameter">iterations</replaceable></term>
-        <listitem>
-          <para>
-	    When generating an NSEC3 chain, use this many interations.  The
-	    default is 10.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A</term>
-        <listitem>
-          <para>
-	    When generating an NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </para>
-          <para>
-	    Using this option twice (i.e., <option>-AA</option>)
-	    turns the OPTOUT flag off for all records.  This is useful
-	    when using the <option>-u</option> option to modify an NSEC3
-	    chain which previously had OPTOUT set.
+            Ignore KSK flag on key when determining what to sign.
           </para>
         </listitem>
       </varlistentry>
@@ -646,11 +429,10 @@
     <para>
       The following command signs the <userinput>example.com</userinput>
       zone with the DSA key generated by <command>dnssec-keygen</command>
-      (Kexample.com.+003+17247).  Because the <command>-S</command> option
-      is not being used, the zone's keys must be in the master file
-      (<filename>db.example.com</filename>).  This invocation looks
-      for <filename>dsset</filename> files, in the current directory,
-      so that DS records can be imported from them (<command>-g</command>).
+      (Kexample.com.+003+17247).  The zone's keys must be in the master
+      file (<filename>db.example.com</filename>).  This invocation looks
+      for <filename>keyset</filename> files, in the current directory,
+      so that DS records can be generated from them (<command>-g</command>).
     </para>
 <programlisting>% dnssec-signzone -g -o example.com db.example.com \
 Kexample.com.+003+17247

bin/dnssec/dnssec-signzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.45 2009/12/04 01:13:44 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.8.18.26 2009/07/11 01:31:44 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543596"></a><h2>DESCRIPTION</h2>
+<a name="id2543529"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543611"></a><h2>OPTIONS</h2>
+<a name="id2543544"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -53,38 +53,6 @@
 <dd><p>
             Specifies the DNS class of the zone.
           </p></dd>
-<dt><span class="term">-C</span></dt>
-<dd><p>
-            Compatibility mode: Generate a
-            <code class="filename">keyset-<em class="replaceable"><code>zonename</code></em></code>
-            file in addition to
-            <code class="filename">dsset-<em class="replaceable"><code>zonename</code></em></code>
-            when signing a zone, for use by older versions of
-            <span><strong class="command">dnssec-signzone</strong></span>.
-          </p></dd>
-<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for <code class="filename">dsset-</code> or
-            <code class="filename">keyset-</code> files in <code class="option">directory</code>.
-          </p></dd>
-<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
-<dd><p>
-            Uses a crypto hardware (OpenSSL engine) for the crypto operations
-            it supports, for instance signing with private keys from
-            a secure key store. When compiled with PKCS#11 support
-            it defaults to pkcs11; the empty name resets it to no engine.
-          </p></dd>
-<dt><span class="term">-g</span></dt>
-<dd><p>
-            Generate DS records for child zones from
-            <code class="filename">dsset-</code> or <code class="filename">keyset-</code>
-            file.  Existing DS records will be removed.
-          </p></dd>
-<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Key repository: Specify a directory to search for DNSSEC keys.
-            If not specified, defaults to the current directory.
-          </p></dd>
 <dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
 <dd><p>
             Treat specified key as a key signing key ignoring any
@@ -95,6 +63,16 @@
             Generate a DLV set in addition to the key (DNSKEY) and DS sets.
             The domain is appended to the name of the records.
           </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+            Look for <code class="filename">keyset</code> files in
+            <code class="option">directory</code> as the directory
+          </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+            Generate DS records for child zones from keyset files.
+            Existing DS records will be removed.
+          </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
 <dd><p>
             Specify the date and time when the generated RRSIG records
@@ -115,8 +93,6 @@
             the start time.  A time relative to the current time is
             indicated with now+N.  If no <code class="option">end-time</code> is
             specified, 30 days from the start time is used as a default.
-            <code class="option">end-time</code> must be later than
-            <code class="option">start-time</code>.
           </p></dd>
 <dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
 <dd><p>
@@ -226,19 +202,6 @@
             may be useful when signing large zones or when the entropy
             source is limited.
           </p></dd>
-<dt><span class="term">-P</span></dt>
-<dd>
-<p>
-	    Disable post sign verification tests.
-          </p>
-<p>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </p>
-</dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
 <dd><p>
             Specifies the source of randomness.  If the operating
@@ -251,119 +214,18 @@
             <code class="filename">keyboard</code> indicates that keyboard
             input should be used.
           </p></dd>
-<dt><span class="term">-S</span></dt>
-<dd>
-<p>
-            Smart signing: Instructs <span><strong class="command">dnssec-signzone</strong></span> to
-            search the key repository for keys that match the zone being
-            signed, and to include them in the zone if appropriate.
-          </p>
-<p>
-            When a key is found, its timing metadata is examined to
-            determine how it should be used, according to the following
-            rules.  Each successive rule takes priority over the prior
-            ones:
-          </p>
-<div class="variablelist"><dl>
-<dt></dt>
-<dd><p>
-                  If no timing metadata has been set for the key, the key is
-                  published in the zone and used to sign the zone.
-                </p></dd>
-<dt></dt>
-<dd><p>
-                  If the key's publication date is set and is in the past, the
-                  key is published in the zone.
-                </p></dd>
-<dt></dt>
-<dd><p>
-                  If the key's activation date is set and in the past, the
-                  key is published (regardless of publication date) and
-                  used to sign the zone.  
-                </p></dd>
-<dt></dt>
-<dd><p>
-                  If the key's revocation date is set and in the past, and the
-                  key is published, then the key is revoked, and the revoked key
-                  is used to sign the zone.
-                </p></dd>
-<dt></dt>
-<dd><p>
-                  If either of the key's unpublication or deletion dates are set
-                  and in the past, the key is NOT published or used to sign the
-                  zone, regardless of any other metadata.
-                </p></dd>
-</dl></div>
-</dd>
-<dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd><p>
-            Specifies the TTL to be used for new DNSKEY records imported
-            into the zone from the key repository.  If not specified,
-            the default is the minimum TTL value from the zone's SOA
-            record.  This option is ignored when signing without
-            <code class="option">-S</code>, since DNSKEY records are not imported
-            from the key repository in that case.  It is also ignored if
-            there are any pre-existing DNSKEY records at the zone apex,
-            in which case new records' TTL values will be set to match
-            them.
-          </p></dd>
 <dt><span class="term">-t</span></dt>
 <dd><p>
             Print statistics at completion.
           </p></dd>
-<dt><span class="term">-u</span></dt>
-<dd><p>
-            Update NSEC/NSEC3 chain when re-signing a previously signed
-            zone.  With this option, a zone signed with NSEC can be
-            switched to NSEC3, or a zone signed with NSEC3 can
-            be switch to NSEC or to NSEC3 with different parameters.
-            Without this option, <span><strong class="command">dnssec-signzone</strong></span> will
-            retain the existing chain when re-signing.
-          </p></dd>
 <dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
 <dd><p>
             Sets the debugging level.
           </p></dd>
-<dt><span class="term">-x</span></dt>
-<dd><p>
-            Only sign the DNSKEY RRset with key-signing keys, and omit
-            signatures from zone-signing keys.  (This is similar to the
-            <span><strong class="command">dnssec-dnskey-kskonly yes;</strong></span> zone option in
-            <span><strong class="command">named</strong></span>.)
-          </p></dd>
 <dt><span class="term">-z</span></dt>
 <dd><p>
-            Ignore KSK flag on key when determining what to sign.  This
-            causes KSK-flagged keys to sign all records, not just the
-            DNSKEY RRset.  (This is similar to the
-            <span><strong class="command">update-check-ksk no;</strong></span> zone option in
-            <span><strong class="command">named</strong></span>.)
+            Ignore KSK flag on key when determining what to sign.
           </p></dd>
-<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
-<dd><p>
-            Generate an NSEC3 chain with the given hex encoded salt.
-	    A dash (<em class="replaceable"><code>salt</code></em>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </p></dd>
-<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
-<dd><p>
-	    When generating an NSEC3 chain, use this many interations.  The
-	    default is 10.
-          </p></dd>
-<dt><span class="term">-A</span></dt>
-<dd>
-<p>
-	    When generating an NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </p>
-<p>
-	    Using this option twice (i.e., <code class="option">-AA</code>)
-	    turns the OPTOUT flag off for all records.  This is useful
-	    when using the <code class="option">-u</code> option to modify an NSEC3
-	    chain which previously had OPTOUT set.
-          </p>
-</dd>
 <dt><span class="term">zonefile</span></dt>
 <dd><p>
             The file containing the zone to be signed.
@@ -379,15 +241,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544896"></a><h2>EXAMPLE</h2>
+<a name="id2544330"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
       zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  Because the <span><strong class="command">-S</strong></span> option
-      is not being used, the zone's keys must be in the master file
-      (<code class="filename">db.example.com</code>).  This invocation looks
-      for <code class="filename">dsset</code> files, in the current directory,
-      so that DS records can be imported from them (<span><strong class="command">-g</strong></span>).
+      (Kexample.com.+003+17247).  The zone's keys must be in the master
+      file (<code class="filename">db.example.com</code>).  This invocation looks
+      for <code class="filename">keyset</code> files, in the current directory,
+      so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
     </p>
 <pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
 Kexample.com.+003+17247
@@ -409,14 +270,14 @@ db.example.com.signed
 %</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545019"></a><h2>SEE ALSO</h2>
+<a name="id2544381"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 4033</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545044"></a><h2>AUTHOR</h2>
+<a name="id2544406"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssectool.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.60 2010/01/19 23:48:56 tbox Exp $ */
+/* $Id: dnssectool.c,v 1.40.18.3 2005/07/01 03:55:28 marka Exp $ */
 
 /*! \file */
 
@@ -28,7 +28,6 @@
 #include <stdlib.h>
 
 #include <isc/buffer.h>
-#include <isc/dir.h>
 #include <isc/entropy.h>
 #include <isc/list.h>
 #include <isc/mem.h>
@@ -37,8 +36,6 @@
 #include <isc/util.h>
 #include <isc/print.h>
 
-#include <dns/dnssec.h>
-#include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/name.h>
 #include <dns/rdatastruct.h>
@@ -68,7 +65,7 @@ void
 fatal(const char *format, ...) {
 	va_list args;
 
-	fprintf(stderr, "%s: fatal: ", program);
+	fprintf(stderr, "%s: ", program);
 	va_start(args, format);
 	vfprintf(stderr, format, args);
 	va_end(args);
@@ -113,16 +110,39 @@ type_format(const dns_rdatatype_t type, char *cp, unsigned int size) {
 	r.base[r.length] = 0;
 }
 
+void
+alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_result_t result;
+
+	isc_buffer_init(&b, cp, size - 1);
+	result = dns_secalg_totext(alg, &b);
+	check_result(result, "dns_secalg_totext()");
+	isc_buffer_usedregion(&b, &r);
+	r.base[r.length] = 0;
+}
+
 void
 sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
 	char namestr[DNS_NAME_FORMATSIZE];
 	char algstr[DNS_NAME_FORMATSIZE];
 
 	dns_name_format(&sig->signer, namestr, sizeof(namestr));
-	dns_secalg_format(sig->algorithm, algstr, sizeof(algstr));
+	alg_format(sig->algorithm, algstr, sizeof(algstr));
 	snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
 }
 
+void
+key_format(const dst_key_t *key, char *cp, unsigned int size) {
+	char namestr[DNS_NAME_FORMATSIZE];
+	char algstr[DNS_NAME_FORMATSIZE];
+
+	dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
+	alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof(algstr));
+	snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
+}
+
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 	isc_result_t result;
@@ -202,7 +222,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
 
 	REQUIRE(ectx != NULL);
-
+	
 	if (*ectx == NULL) {
 		result = isc_entropy_create(mctx, ectx);
 		if (result != ISC_R_SUCCESS)
@@ -245,92 +265,32 @@ cleanup_entropy(isc_entropy_t **ectx) {
 	isc_entropy_detach(ectx);
 }
 
-static isc_stdtime_t
-time_units(isc_stdtime_t offset, char *suffix, const char *str) {
-	switch (suffix[0]) {
-	    case 'Y': case 'y':
-		return (offset * (365 * 24 * 3600));
-	    case 'M': case 'm':
-		switch (suffix[1]) {
-		    case 'O': case 'o':
-			return (offset * (30 * 24 * 3600));
-		    case 'I': case 'i':
-			return (offset * 60);
-		    case '\0':
-			fatal("'%s' ambiguous: use 'mi' for minutes "
-			      "or 'mo' for months", str);
-		    default:
-			fatal("time value %s is invalid", str);
-		}
-		/* NOTREACHED */
-		break;
-	    case 'W': case 'w':
-		return (offset * (7 * 24 * 3600));
-	    case 'D': case 'd':
-		return (offset * (24 * 3600));
-	    case 'H': case 'h':
-		return (offset * 3600);
-	    case 'S': case 's': case '\0':
-		return (offset);
-	    default:
-		fatal("time value %s is invalid", str);
-	}
-	/* NOTREACHED */
-	return(0); /* silence compiler warning */
-}
-
-dns_ttl_t
-strtottl(const char *str) {
-	const char *orig = str;
-	dns_ttl_t ttl;
-	char *endp;
-
-	ttl = strtol(str, &endp, 0);
-	if (ttl == 0 && endp == str)
-		fatal("TTL must be numeric");
-	ttl = time_units(ttl, endp, orig);
-	return (ttl);
-}
-
 isc_stdtime_t
 strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
 	isc_int64_t val, offset;
 	isc_result_t result;
-	const char *orig = str;
 	char *endp;
 
-	if ((str[0] == '0' || str[0] == '-') && str[1] == '\0')
-		return ((isc_stdtime_t) 0);
-
-	if (strncmp(str, "now", 3) == 0) {
-		base = now;
-		str += 3;
-	}
-
-	if (str[0] == '\0')
-		return ((isc_stdtime_t) base);
-	else if (str[0] == '+') {
+	if (str[0] == '+') {
 		offset = strtol(str + 1, &endp, 0);
-		offset = time_units((isc_stdtime_t) offset, endp, orig);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
 		val = base + offset;
-	} else if (str[0] == '-') {
-		offset = strtol(str + 1, &endp, 0);
-		offset = time_units((isc_stdtime_t) offset, endp, orig);
-		val = base - offset;
+	} else if (strncmp(str, "now+", 4) == 0) {
+		offset = strtol(str + 4, &endp, 0);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
+		val = now + offset;
 	} else if (strlen(str) == 8U) {
 		char timestr[15];
 		sprintf(timestr, "%s000000", str);
 		result = dns_time64_fromtext(timestr, &val);
 		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid: %s", orig,
-			      isc_result_totext(result));
-	} else if (strlen(str) > 14U) {
-		fatal("time value %s is invalid", orig);
+			fatal("time value %s is invalid", str);
 	} else {
 		result = dns_time64_fromtext(str, &val);
 		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid: %s", orig,
-			      isc_result_totext(result));
+			fatal("time value %s is invalid", str);
 	}
 
 	return ((isc_stdtime_t) val);
@@ -351,114 +311,3 @@ strtoclass(const char *str) {
 		fatal("unknown class %s", str);
 	return (rdclass);
 }
-
-isc_result_t
-try_dir(const char *dirname) {
-	isc_result_t result;
-	isc_dir_t d;
-
-	isc_dir_init(&d);
-	result = isc_dir_open(&d, dirname);
-	if (result == ISC_R_SUCCESS) {
-		isc_dir_close(&d);
-	}
-	return (result);
-}
-
-/*
- * Check private key version compatibility.
- */
-void
-check_keyversion(dst_key_t *key, char *keystr) {
-	int major, minor;
-	dst_key_getprivateformat(key, &major, &minor);
-	INSIST(major <= DST_MAJOR_VERSION); /* invalid private key */
-
-	if (major < DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
-		fatal("Key %s has incompatible format version %d.%d, "
-		      "use -f to force upgrade to new version.",
-		      keystr, major, minor);
-	if (minor > DST_MINOR_VERSION)
-		fatal("Key %s has incompatible format version %d.%d, "
-		      "use -f to force downgrade to current version.",
-		      keystr, major, minor);
-}
-
-void
-set_keyversion(dst_key_t *key) {
-	int major, minor;
-	dst_key_getprivateformat(key, &major, &minor);
-	INSIST(major <= DST_MAJOR_VERSION);
-
-	if (major != DST_MAJOR_VERSION || minor != DST_MINOR_VERSION)
-		dst_key_setprivateformat(key, DST_MAJOR_VERSION,
-					 DST_MINOR_VERSION);
-
-	/*
-	 * If the key is from a version older than 1.3, set
-	 * set the creation date
-	 */
-	if (major < 1 || (major == 1 && minor <= 2)) {
-		isc_stdtime_t now;
-		isc_stdtime_get(&now);
-		dst_key_settime(key, DST_TIME_CREATED, now);
-	}
-}
-
-isc_boolean_t
-key_collision(isc_uint16_t id, dns_name_t *name, const char *dir,
-	      dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact)
-{
-	isc_result_t result;
-	isc_boolean_t conflict = ISC_FALSE;
-	dns_dnsseckeylist_t matchkeys;
-	dns_dnsseckey_t *key = NULL;
-	isc_uint16_t oldid, diff;
-	isc_uint16_t bits = DNS_KEYFLAG_REVOKE;   /* flag bits to look for */
-
-	if (exact != NULL)
-		*exact = ISC_FALSE;
-
-	ISC_LIST_INIT(matchkeys);
-	result = dns_dnssec_findmatchingkeys(name, dir, mctx, &matchkeys);
-	if (result == ISC_R_NOTFOUND)
-		return (ISC_FALSE);
-
-	while (!ISC_LIST_EMPTY(matchkeys) && !conflict) {
-		key = ISC_LIST_HEAD(matchkeys);
-		if (dst_key_alg(key->key) != alg)
-			goto next;
-
-		oldid = dst_key_id(key->key);
-		diff = (oldid > id) ? (oldid - id) : (id - oldid);
-		if ((diff & ~bits) == 0) {
-			conflict = ISC_TRUE;
-			if (diff != 0) {
-				if (verbose > 1)
-					fprintf(stderr, "Key ID %d could "
-						"collide with %d\n",
-						id, oldid);
-			} else {
-				if (exact != NULL)
-					*exact = ISC_TRUE;
-				if (verbose > 1)
-					fprintf(stderr, "Key ID %d exists\n",
-						id);
-			}
-		}
-
- next:
-		ISC_LIST_UNLINK(matchkeys, key, link);
-		dns_dnsseckey_destroy(mctx, &key);
-	}
-
-	/* Finish freeing the list */
-	while (!ISC_LIST_EMPTY(matchkeys)) {
-		key = ISC_LIST_HEAD(matchkeys);
-		ISC_LIST_UNLINK(matchkeys, key, link);
-		dns_dnsseckey_destroy(mctx, &key);
-	}
-
-	return (conflict);
-}
-

bin/dnssec/dnssectool.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2007-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.31 2010/01/19 23:48:56 tbox Exp $ */
+/* $Id: dnssectool.h,v 1.18 2004/03/05 04:57:41 marka Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
@@ -27,9 +27,8 @@
 
 typedef void (fatalcallback_t)(void);
 
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+void
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 void
 setfatalcallback(fatalcallback_t *callback);
@@ -42,11 +41,19 @@ vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
 
 void
 type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
-#define TYPE_FORMATSIZE 20
+#define TYPE_FORMATSIZE 10
+
+void
+alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
+#define ALG_FORMATSIZE 10
 
 void
 sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
-#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + sizeof("65535"))
+#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
+
+void
+key_format(const dst_key_t *key, char *cp, unsigned int size);
+#define KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
 
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
@@ -60,24 +67,10 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx);
 void
 cleanup_entropy(isc_entropy_t **ectx);
 
-dns_ttl_t strtottl(const char *str);
-
 isc_stdtime_t
 strtotime(const char *str, isc_int64_t now, isc_int64_t base);
 
 dns_rdataclass_t
 strtoclass(const char *str);
 
-isc_result_t
-try_dir(const char *dirname);
-
-void
-check_keyversion(dst_key_t *key, char *keystr);
-
-void
-set_keyversion(dst_key_t *key);
-
-isc_boolean_t
-key_collision(isc_uint16_t id, dns_name_t *name, const char *dir,
-	      dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact);
 #endif /* DNSSEC_DNSSECTOOL_H */

bin/dnssec/win32/dnssectool.dsp

@@ -43,7 +43,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
@@ -70,7 +70,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
 # SUBTRACT CPP /X
 # ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
 # ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32

bin/dnssec/win32/dnssectool.dsw

@@ -3,7 +3,7 @@ Microsoft Developer Studio Workspace File, Format Version 6.00
 
 ###############################################################################
 
-Project: "dnssectool"=".\dnssectool.dsp" - Package Owner=<4>
+Project: "dighost"=".\dnssectool.dsp" - Package Owner=<4>
 
 Package=<5>
 {{{

bin/dnssec/win32/dsfromkey.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dsfromkey" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=dsfromkey - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe"
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dsfromkey - Win32 Release"
-# Name "dsfromkey - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-dsfromkey.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/dsfromkey.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dsfromkey"=".\dsfromkey.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/dsfromkey.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on dsfromkey.dsp
-!IF "$(CFG)" == ""
-CFG=dsfromkey - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to dsfromkey - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "dsfromkey - Win32 Release" && "$(CFG)" != "dsfromkey - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dsfromkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-dsfromkey.exe" "$(OUTDIR)\dsfromkey.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssec-dsfromkey.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-dsfromkey.pdb"
-	-@erase "$(OUTDIR)\dsfromkey.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-dsfromkey.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\dsfromkey.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("dsfromkey.dep")
-!INCLUDE "dsfromkey.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "dsfromkey.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "dsfromkey - Win32 Release" || "$(CFG)" == "dsfromkey - Win32 Debug"
-SOURCE="..\dnssec-dsfromkey.c"
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj"	"$(INTDIR)\dnssec-dsfromkey.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/keyfromlabel.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="keyfromlabel" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe"
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "keyfromlabel - Win32 Release"
-# Name "keyfromlabel - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-keyfromlabel.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/keyfromlabel.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "keyfromlabel"=".\keyfromlabel.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/keyfromlabel.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on keyfromlabel.dsp
-!IF "$(CFG)" == ""
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to keyfromlabel - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "keyfromlabel - Win32 Release" && "$(CFG)" != "keyfromlabel - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keyfromlabel.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-keyfromlabel.exe" "$(OUTDIR)\keyfromlabel.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-keyfromlabel.pdb"
-	-@erase "$(OUTDIR)\keyfromlabel.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-keyfromlabel.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\keyfromlabel.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("keyfromlabel.dep")
-!INCLUDE "keyfromlabel.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "keyfromlabel.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "keyfromlabel - Win32 Release" || "$(CFG)" == "keyfromlabel - Win32 Debug"
-SOURCE="..\dnssec-keyfromlabel.c"
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj"	"$(INTDIR)\dnssec-keyfromlabel.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP