This commit was manufactured by cvs2git to create tag 'v9_0_0b5'.

294.   [bug]           If we run out of space in while processing glue
                        when reading a master file and commit "current name"
                        reverts to "name_current" instead of staying as
                        "name_glue".

CHANGES

@@ -1,3 +1,30 @@
+	--- 9.0.0b5 released ---
+
+ 298.	[bug]		A mutex deadlock occurred during shutdown of the
+			interface manager under certain conditions.
+			Digital Unix systems were the most affected.
+
+ 297.   [bug]           Specifying a key name that wasn't fully qualified
+                        in certain parts of the config file could cause
+                        an assertion failure.
+
+ 296.	[bug]		"make install" from a separate build directory
+			failed unless configure had been run in the source
+			directory, too.
+
+ 295.	[bug]		When invoked with type==CNAME and a message
+			not constructed by dns_message_parse(),
+			dns_message_findname() failed to find anything
+			due to checking for attribute bits that are set
+			only in dns_message_parse().   This caused an
+			infinite loop when constructing the response to
+			an ANY query at a CNAME in a secure zone.
+
+ 294.	[bug]		If we run out of space in while processing glue
+			when reading a master file and commit "current name"
+			reverts to "name_current" instead of staying as
+			"name_glue".
+
  292.	[bug]		Due to problems with the way some operating systems
 			handle simultaneous listening on IPv4 and IPv6
 			addresses, the server no longer listens on IPv6

Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.25 2000/06/27 00:09:58 gson Exp $
+# $Id: Makefile.in,v 1.21.2.2 2000/06/27 00:46:05 explorer Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -39,6 +39,8 @@ distclean::
 	rm -f libtool isc-config.sh
 	rm -f util/conf.sh
 
+cleandir: distclean
+
 install:: isc-config.sh
 	${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
 

README

@@ -68,12 +68,81 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 
 
-BIND 9.1.0a1
+BIND 9.0.0b5
 
-	This is an unreleased alpha version of BIND 9.1.0.
+	BIND 9.0.0b5 is the fifth public release of BIND 9 code.  It 
+	contains the final set of features for the upcoming 9.0.0 release,
+	but it is not considered a release candidate due to a number
+	of known problems, in particular with the "nsupdate" and "dig"
+	programs.
 
-	For a detailed list of user-visible changes from
-	previous releases, see the CHANGES file.	
+	This release is aimed at early adopters and those
+	who wish to make use of new 9.0 features, such as IPv6 and
+	DNSSEC secure resolution support.
+
+	We are running 9.0.0b5 in production, but it has not been
+	extensively tested in large installations or under heavy load,
+	We welcome your feedback about how it performs in the real
+	world.
+
+	The distribution includes a new lightweight resolver library
+	and associated resolver daemon.  These should still be considered
+	experimental.
+
+	The server-side support for DNSSEC secured zones is stable and
+	complete with the exception of the handling of wildcard records.
+	The support for secure resolution is still to be considered
+	experimental.
+
+	There have been some changes since beta 4; the highlights are:
+
+		The default value of the 'transfer-format' option is
+		now 'many-answers'.
+
+		The default value of the 'listen-on-v6' option is
+		now '{ none; }'.
+
+		The 'lwresd' program is now a link to 'named'.
+
+		The DNSSEC key generation and signing tools now
+		generate randomness from keyboard input on systems
+		that lack /dev/random.
+
+		A plain text version of the Administratior Reference
+		Manual has been added.
+		
+		Various bug fixes and cleanups.
+
+
+	There are a few known bugs:
+
+		The "nsupdate" program is almost completely broken.
+
+		The "dig" program is somewhat unstable.
+
+		The option "query-source * port 53;" will not work as
+		expected.  Instead of the wildcard address "*", you need 
+		to use an explicit source IP address.
+
+		On some systems, IPv6 and IPv4 sockets interact in
+		unexpected ways.  For details, see doc/misc/ipv6.
+		To reduce the impact of these problems, the server
+		no longer listens for requests on IPv6 addresses
+		by default.  If you need to accept DNS queries over
+		IPv6, you must specify "listen-on-v6 { any; };"
+		in the named.conf options statement.
+
+		There are known problems with thread signal handling 
+		under Solaris 2.6.
+
+
+	For a detailed list of user-visible changes since beta 4, see
+	the CHANGES file.	
+
+	BIND 9.0.0 will support most but not all BIND 8 features.  Among
+	the missing features are selective (per-domain) forwarding,
+	sortlists, statistics, and process limits.  We plan to implement
+	most of the missing ones in BIND 9.1.
 
 
 Building

bin/Makefile.in

@@ -13,13 +13,13 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.16 2000/06/26 23:01:12 gson Exp $
+# $Id: Makefile.in,v 1.15.2.2 2000/06/29 00:05:25 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests
+SUBDIRS =	named rndc dig dnssec tests nsupdate
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/dig/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.11 2000/06/28 16:32:41 tale Exp $
+# $Id: Makefile.in,v 1.10.2.1 2000/06/28 16:33:42 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/dig.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.52 2000/06/28 18:20:41 mws Exp $ */
+/* $Id: dig.c,v 1.51.2.1 2000/06/28 19:40:12 gson Exp $ */
 
 #include <config.h>
 #include <stdlib.h>

bin/dig/dighost.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.61 2000/06/28 18:20:43 mws Exp $ */
+/* $Id: dighost.c,v 1.58.2.2 2000/06/28 19:40:14 gson Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -1216,7 +1216,7 @@ send_udp(dig_lookup_t *lookup) {
 /* connect_timeout is used for both UDP recieves and TCP connects. */
 static void
 connect_timeout(isc_task_t *task, isc_event_t *event) {
-	dig_lookup_t *lookup=NULL;
+	dig_lookup_t *lookup=NULL, *next=NULL;
 	dig_query_t *q=NULL;
 	isc_result_t result;
 	isc_buffer_t *b=NULL;
@@ -1249,12 +1249,24 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
 					       q->lookup->textname,
 					       q->lookup->retries-1);
 				else {
-					printf(";; Connection to "
-					       "server %.*s "
-					       "for %s timed out.  "
-					       "Giving up.\n",
-					       (int)r.length, r.base,
-					       q->lookup->textname);
+					if (lookup->tcp_mode) {
+						printf(";; Connection to "
+						       "server %.*s "
+						       "for %s timed out.  "
+						       "Giving up.\n",
+						       (int)r.length, r.base,
+						       q->lookup->textname);
+					} else {
+						printf(";; Connection to "
+						       "server %.*s "
+						       "for %s timed out.  "
+						       "Trying TCP.\n",
+						       (int)r.length, r.base,
+						       q->lookup->textname);
+						next = requeue_lookup
+							(lookup,ISC_TRUE);
+						next->tcp_mode = ISC_TRUE;
+					}
 				}
 			}
 			isc_socket_cancel(q->sock, task,

bin/dig/host.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: host.c,v 1.30 2000/06/28 18:20:44 mws Exp $ */
+/* $Id: host.c,v 1.29.2.1 2000/06/28 19:40:16 gson Exp $ */
 
 #include <config.h>
 #include <stdlib.h>

bin/dnssec/dnssec-keygen.8

@@ -1,296 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keygen.8,v 1.2 2000/06/28 03:20:46 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-KEYGEN 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-keygen
-.Nd key generation tool for DNSSEC
-.Sh SYNOPSIS
-.Nm dnssec-keygen
-.Op Fl a Ar algorithm
-.Op Fl b Ar keysize
-.Op Fl e
-.Op Fl g Ar generator
-.Op Fl h
-.Op Fl n Ar nametype
-.Op Fl p Ar protocol-value
-.Op Fl r Ar randomdev
-.Op Fl s Ar strength-value
-.Op Fl t Ar type
-.Op Fl v Ar level
-.Ar name
-.Sh DESCRIPTION
-.Nm dnssec-keygen
-generates keys for DNSSEC, Secure DNS, as defined in RFC2535.
-It also generates keys for use in Transaction Signatures, TSIG, which
-is defined in RFC2845.
-A short summary of the options and arguments to
-.Nm dnssec-keygen
-is printed by the
-.Ar h
-(help) option.
-The
-.Ar a ,
-.Ar b ,
-and
-.Ar n
-options and their arguments must be supplied when generating keys.
-The domain name that the key has to be generated for is given by
-.Ar name .
-.Pp
-The choice of encryption algorithm is selected by the
-.Ar a
-option to
-.Nm dnssec-keygen .
-.Ar algorithm
-must be one of
-.Dv RSAMD5
-.Dv DH ,
-.Dv DSA
-or
-.Dv HMAC-MD5
-to indicate that an RSA, Diffie-Hellman, Digital Signature
-Algorithm or HMAC-MD5 key is required.
-An argument of
-.Dv RSA
-can also be given.
-It is equivalent to
-.Dv RSAMD5 .
-The argument identifying the encryption algorithm is case-insensitive.
-DNSSEC specifies DSA as a mandatory algorithm and RSA as a recommended one.
-Implementations of TSIG must support HMAC-MD5.
-.Pp
-The number of bits in the key are determined by the
-.Ar keysize
-argument following the
-.Ar b
-option.
-The choice of key size depends on the algorithm that is used.
-RSA keys must be between 512 and 2048 bits.
-Diffie-Hellman keys have to be between 128 and 4096 bits.
-For DSA, the key size must be between 512 and 1024 bits and a multiple
-of 64.
-The length of an HMAC-MD5 key can be between 1 and 512 bits.
-.Pp
-The
-.Ar -n
-option specifies how the generated key will be used.
-.Ar nametype
-can be either
-.Dv ZONE ,
-.Dv HOST , 
-.Dv ENTITY ,
-or
-.Dv USER
-to indicate that the key will be used for signing a zone, host,
-entity or user respectively.
-In this context
-.Dv HOST
-and
-.Dv ENTITY
-are identical.
-.Ar nametype
-is case-insensitive.
-.Pp
-The
-.Ar e
-option can only be used when generating RSA keys.
-It tells
-.Nm dnssec-keygen
-to use a large exponent.
-When creating Diffie-Hellman keys, the
-.Ar g
-option selects the Diffie-Hellman generator
-.Ar generator
-that is to be used.
-The only supported values value of
-.Ar generator
-are 2 and 5.
-If no Diffie-Hellman generator is supplied a known prime 
-from RFC2539 will be used if possible; otherwise 2 will be used as the
-generator.
-.Pp
-.Ar protocol-value
-sets the protocol value for the generated key.
-The default is 2 (email) for keys of type
-.Dv USER 
-and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in RFC2535 and its
-successors.
-.Pp
-.Nm dnssec-keygen
-uses random numbers to seed the process
-of generating keys.
-If the system does not have a pseudo-device like
-.Pa /dev/random
-for generating random numbers,
-.Nm dnssec-keygen
-will prompt for some keyboard input and use the time intervals between
-keystrokes to provide some randomness.
-The
-.Ar r
-option overrides this behaviour, making 
-.Nm dnssec-keygen
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The strength value that the key will sign DNS resource records with is
-given by
-.Ar strength-value .
-It should be a number between 0 and 15.
-The default strength is zero.
-The key strength field currently has no defined purpose in DNSSEC.
-.Pp
-The
-.Ar t
-option indicates if the key is to be used for authentication or
-confidentiality.
-.Ar type
-can be one of
-.Dv AUTHCONF ,
-.Dv NOAUTHCONF ,
-.Dv NOAUTH 
-or
-.Dv NOCONF .
-The default is
-.Dv AUTHCONF .
-If type is
-.Dv AUTHCONF 
-the key can be used for authentication and confidentialty.
-Setting
-.Ar type 
-to
-.Dv NOAUTHCONF
-indicates that the key cannot be used for authentication or confidentialty.
-A value of
-.Dv NOAUTH
-means the key can be used for confidentiality but not for
-authentication.
-Similarly,
-.Dv NOCONF
-defines that the key cannot be used for confidentiality though it can
-be used for authentication.
-.Pp
-The 
-.Ar v
-option can be used to make
-.Nm dnssec-keygen
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases, 
-.Nm dnssec-keygen
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh GENERATED KEYS
-When
-.Nm dnssec-keygen
-completes it prints a string of the form
-.Ar Knnnn.+aaa+iiiii
-on the standard output.
-This is an identification string for the key it has generated.
-These strings can be supplied as arguments to
-.Xr dnssec-makekeyset 8 .
-.Pp
-The
-.Ar nnnn.
-part is the dot-terminated domain name given by
-.Ar name .
-The DNSSEC algorithm identifier is indicated by
-.Ar aaa -
-001 for RSA, 002 for Diffie-Hellman, 003 for DSA or 157 for HMAC-MD5.
-.Ar iiiii
-is a five-digit number identifying the key.
-.Pp
-.Nm dnssec-keygen
-creates two files.
-The file names are adapted from the key identification string above.
-They have names of the form:
-.Ar Knnnn.+aaa+iiiii.key
-and
-.Ar Knnnn.+aaa+iiiii.private .
-These contain the public and private parts of the key respectively.
-The files generated by
-.Nm dnssec-keygen
-obey this naming convention to
-make it easy for the signing tool
-.Xr dnssec-signzone 8
-to identify which file(s) have to be read to find the necessary
-key(s) for generating or validating signatures.
-.Pp
-The
-.Ar .key
-file contains a KEY resource record that can be inserted into a zone file
-with a 
-.Dv $INCLUDE
-statement.
-The private part of the key is in the
-.Ar .private
-file.
-It contains details of the encryption algorithm that was used and any
-relevant parameters: prime number, exponent, modulus, subprime, etc.
-For obvious security reasons, this file does not have general read
-permission.
-The private part of the key is used by
-.Xr dnssec-signzone 8
-to generate signatures and the public part is used to verify the
-signatures.
-A 
-.Ar .private
-key file is generated for a symmetric encryption algorithm such as
-HDMAC-MD5, even though it has no private key.
-.Sh EXAMPLE
-To generate a 768-bit DSA key for the domain
-.Dv example.com ,
-the following command would be issued:
-.Pp
-.Dl # dnssec-keygen -a DSA -b 768 -n ZONE example.com
-.Dl Kexample.com.+003+26160
-.Pp
-.Nm dnssec-keygen
-has printed the key identification string
-.Dv Kexample.com.+003+26160 ,
-indicating a DSA key with identifier 26160.
-It will also have created the files
-.Pa Kexample.com.+003+26160.key 
-and
-.Pa Kexample.com.+003+26160.private
-containing respectively the public and private keys for the generated
-DSA key.
-.Sh FILES
-.Pa /dev/random 
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr RFC2845,
-.Xr RFC2539,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 ,
-.Xr dnssec-signzone 8 .
-.Sh BUGS
-The naming convention for the public and private key files is a little
-clumsy.
-It won't work for domain names that are longer than 236 characters
-because of the 
-.Ar .+aaa+iiiii.private
-suffix results in filenames that are too long for most
-.Ux
-systems.

bin/dnssec/dnssec-makekeyset.8

@@ -1,202 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-makekeyset.8,v 1.2 2000/06/28 03:20:47 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-MAKEKEYSET 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-makekeyset
-.Nd produce a set of DNSSEC keys
-.Sh SYNOPSIS
-.Nm dnssec-makekeyset
-.Op Fl h
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl t Ar TTL
-.Op Fl r Ar randomdev
-.Op Fl v level
-.Ar keyfile ....
-.Sh DESCRIPTION
-.Nm dnssec-makekeyset
-generates a key set from one or more keys created by
-.Xr dnssec-keygen 8 .
-It creates a file containing KEY and SIG records for some zone which
-can then be signed by the zone's parent if the parent zone is
-DNSSEC-aware.
-.Ar keyfile
-should be a key identification string as reported by
-.Xr dnssec-keygen 8 :
-i.e.
-.Ar Knnnn.+aaa+iiiii
-where
-.Ar nnnn
-is the name of the key,
-.Ar aaa
-is the encryption algorithm and
-.Ar iiiii
-is the key identifier.
-Multiple
-.Ar keyfile
-arguments can be supplied when there are several keys to be combined
-by
-.Nm dnssec-makekeyset
-into a key set.
-.Pp
-For any SIG records that are in the key set, the start time when the
-SIG records become valid is specified with the
-.Ar s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Ar s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Ar e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is written as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-makekeyset
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-An alternate source of random data can be specified with the
-.Ar r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Ar r
-option is used,
-.Nm dnssec-makekeyset
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-The
-.Ar t
-option is followed by a time-to-live argument
-.Ar TTL
-which indicates the TTL value that will be assigned to the assembled KEY
-and SIG records in the output file.
-.Ar TTL
-is expressed in seconds.
-If no
-.Ar t
-option is provided,
-.Nm dnssec-makekeyset
-prints a warning and assumes that a default TTL of
-3600 seconds was required.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-makekeyset
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-makekeyset
-generates increasingly detailed reports about what it is doing.
-The default level is zero. 
-An option of
-.Ar h
-gets
-.Nm dnssec-makekeyset
-to print a short summary of its options and arguments.
-.Pp
-If
-.Nm dnssec-makekeyset
-is successful, it creates a file name of the form
-.Ar nnnn.keyset .
-This file contains the KEY and SIG records for domain
-.Dv nnnn ,
-the domain name part from the key file identifier produced when
-.Nm dnssec-keygen
-created the domain's public and private keys.
-The
-.Ar .keyset
-file can then be transferred to the DNS administrator of the parent
-zone for them to sign the contents with
-.Xr dnssec-signkey 8 .
-.Sh EXAMPLE
-The following command generates a key set for the DSA key for
-.Dv example.com
-that was shown in the
-.Xr dnssec-keygen 8
-man page.
-The backslash is for typographic reasons and would not be provided on
-the command line when running
-.Nm dnssec-makekeyset .
-.nf
-.Dl # dnssec-makekeyset -t 86400 -s 20000701120000 \e\p 
-.Dl -e +2592000 Kexample.com.+003+26160
-.fi
-.Pp
-.Nm dnssec-makekeyset
-will create a file called
-.Pa example.com.keyset
-containing a SIG and KEY record for
-.Dv example.com.
-These records will have a TTL of 1 day: 86400 seconds.
-The SIG record becomes valid at noon UTC on July 1st 2000 and expires
-30 days (2592000 seconds) later.
-.Pp
-The DNS administrator for
-.Dv example.com
-could then send
-.Pa example.com.keyset
-to the DNS administrator for
-.Dv .com
-so that they could sign the resource records in the file.
-This assumes that the
-.Dv .com 
-zone is DNSSEC-aware and the administrators of the two zones have some
-mechanism for authenticating each other and exchanging the keys and
-signatures securely.
-.Sh FILES
-.Pa /dev/random .
-.Sh SEE ALSO
-.Xr RFC2535 ,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-signkey 8 .

bin/dnssec/dnssec-signkey.8

@@ -1,157 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signkey.8,v 1.2 2000/06/28 03:20:48 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNKEY 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signkey
-.Nd DNSSEC keyset signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signkey
-.Op Fl h
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar keyset
-.Ar keyfile ...
-.Sh DESCRIPTION
-.Nm dnssec-signkey
-is used to sign a key set for a child zone.
-Typically this would be provided by a 
-.Ar .keyset
-file generated by
-.Xr dnssec-makekeyset 8 .
-This provides a mechanism for a DNSSEC-aware zone to sign the keys of
-any DNSSEC-aware child zones.
-The child zone's key set gets signed with the zone keys for its parent
-zone.
-.Ar keyset
-will be the pathname of the child zone's
-.Ar .keyset
-file.
-Each
-.Ar keyfile
-argument will be a key identification string as reported by
-.Xr dnssec-keygen 8
-for the parent zone.
-This allows the child's keys to be signed by more than 1 parent zone
-key if these exist. 
-.Pp
-The
-.Ar p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys which is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign and CPU resources are limited.
-It could also be used for short-lived keys and signatures that don't
-require strengthening against cryptanalysis: for instance when the key
-will be discarded long before it could be compromised.
-.Pp
-An alternate file for obtaining random data can be used with the
-.Ar r
-option.
-.Ar filename
-is the name of the file to use.
-If no
-.Ar r
-option is used and the default file for random data
-.Pa /dev/random
-does not exist,
-.Nm dnssec-signkey
-will prompt for input from the keyboard.
-The time between keystrokes will be measured and used to derive random
-data.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-signkey
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signkey
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-An option of
-.Ar h
-makes
-.Nm dnssec-signkey
-print a short summary of its command line options
-and arguments.
-.Pp
-When
-.Nm dnssec-signkey
-completes successfully, it generates a file called
-.Ar nnnn.signedkey
-containing the signed keys for child zone
-.Ar nnnn .
-The keys from the
-.Ar keyset
-file will have been signed by the parent zone's key or keys which were
-supplied as
-.Ar keyfile
-arguments.
-This file should be sent to the DNS administrator of the child zone.
-They arrange for its contents to be incorporated into the zone file
-when it next gets signed with
-.Xr dnssec-signzone 8 .
-A copy of the generated
-.Ar signedkey
-file should be kept by the parent zone's DNS administrator.
-.Sh EXAMPLE
-The DNS administrator for a DNSSEC-aware
-.Dv .com
-zone would use the following command to make
-.Nm dnssec-signkey
-sign the
-.Ar .keyset
-file for
-.Dv example.com
-created in the example shown in the man page for
-.Nm dnssec-makekeyset :
-.Dl # dnssec-signkey example.com.keyset Kcom.+003+51944
-.Pp
-where
-.Dv Kcom.+003+51944
-was a key file identifier that was produced when
-.Nm dnssec-keygen
-generated a key for the
-.Dv .com
-zone.
-.Pp
-.Nm dnssec-signkey
-will produce a file called
-.Dv example.com.signedkey
-which has the keys for
-.Dv example.com
-signed by the
-.Dv com
-zone's zone key.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signzone 8 .

bin/dnssec/dnssec-signzone.8

@@ -1,278 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signzone.8,v 1.2 2000/06/28 03:20:49 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNZONE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signzone
-.Nd DNSSEC zone signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signzone
-.Op Fl a
-.Op Fl c Ar cycle-time
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl o Ar origin
-.Op Fl f Ar output-file
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar zonefile
-.Op keyfile ....
-.Sh DESCRIPTION
-.Pp
-.Nm dnssec-signzone
-is used to sign a zone.
-Any
-.Ar .signedkey
-files for the zone to be signed should be present in the current
-directory, along with the keys that will be used to sign the zone.
-If no
-.Ar keyfile
-arguments are supplied, the default behaviour is to use all the zone's
-keys.
-Providing specific
-.Ar keyfile
-arguments constrains
-.Nm dnssec-signzone
-to only use those keys for signing the zone.
-Each
-.Ar keyfile
-argument would be an identification string for a key created with
-.Xr dnssec-keygen 8 .
-If the zone to be signed has any secure subzones, the
-.Ar .signedkey
-files for those subzones need to be available in the
-current working directory used by
-.Nm dnssec-signzone .
-.Pp
-.Ar zonefile
-is the name of the unsigned zone file.
-Unless the file name is the same as the name of the zone, the
-.Ar o
-option should be given.
-.Ar origin
-will be the fully qualified domain origin for the zone.
-.Pp
-.Nm dnssec-signzone
-will generate NXT and SIG records for the zone and produce a signed
-version of the zone.
-If there is a
-.Ar signedkey
-file from the zone's parent, the parent's signatures will be
-incorporated into the generated signed zone file.
-Any delegation points in the signed zone will have their security
-status defined - i.e. whether they are DNSSEC-aware or not.
-.Pp
-By default,
-.Nm dnssec-signzone
-generates a file called
-.Ar zonefile.signed
-containing the signed zone file.
-This can be overridden by the
-.Ar f
-option.
-Instead of this default file name, the signed zone file will be
-written to
-.Ar output-file .
-.\" Don't hyphenate YYYYMMDDHHMMSS
-.nh YYYYMMDDHHMMSS
-.Pp
-.Nm dnssec-signzone
-does not verify the signatures by default.
-The
-.Ar a
-option makes it verify the signatures it generated.
-.Pp
-The date and time when the generated
-SIG records become valid can be specified with the
-.Ar s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Ar s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Ar e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is supplied as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-signzone
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-.Nm dnssec-signzone
-can automatically re-sign records if their signatures expire before
-the expiry date that applies for the current zone signing activity.
-This would apply to a zone that has previously been signed.
-The decision to generate a new SIG record is determined by the cycle
-time.
-If the current SIG record expires after the cycle time, it is left
-alone.
-If it expires before the cycle time, the SIG record is considered to
-be close to expiry.
-Therefore
-.Nm dnssec-signzone
-creates a new SIG record to replace then one that is about to expire.
-.Pp
-The default cycle time is quarter of the difference between the
-signature end and start dates for the current invocation of
-.Nm dnssec-signzone .
-So if the 
-.Ar e
-and 
-.Ar s
-options are not specified,
-.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current
-date by default.
-The cycle time would be 7.5 days from the current date.
-Therefore any SIG records that
-were due to expire in that time would be replaced with new ones.
-.Pp
-The
-.Ar c
-option can be used to change the cycle time.
-.Ar cycle-time
-indicates the number of seconds from the current time that should be
-used to
-set the cycle time and 
-determine when fresh SIG records should be generated.
-.Pp
-The
-.Ar p
-option instructs
-.Nm dnssec-signzone
-to use pseudo-random data when signing the zone's resource records.
-This is faster but less secure than using genuinely random data for signing.
-This option may be useful when the zone has many resource records to be
-signed and the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require strengthening against cryptanalysis: for instance when the signatures
-will be discarded long before the signed data could be compromised.
-.Pp
-An alternate source of random data can be specified with the
-.Ar r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Ar r
-option is used,
-.Nm dnssec-signzone
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-An option of
-.Ar h
-makes
-.Nm dnssec-signzone
-print a short summary of its command line options
-and arguments.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-signzone
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signzone
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh EXAMPLE
-The example below shows how
-.Nm dnssec-signzone
-could be used to sign the
-.Dv example.com
-zone with the key that was generated in the example given in the
-man page for
-.Xr dnssec-keygen 8 .
-The zone file for this zone is
-.Dv example.com
-and it can be assumed to contain fully qualified domain names which
-means there is no need to use the
-.Ar o
-option to set the domain origin.
-This zone file contains the keyset for
-.Dv example.com
-that was created by
-.Xr dnssec-makekeyset 8 .
-The zone's keys were either appended to the zone file or
-incorporated using a 
-.Dv $INCLUDE 
-statement.
-If there was a
-.Ar .signedkey
-file from the parent zone - i.e. 
-.Dv example.com.signedkey 
-- it should be present in the current directory.
-This allows the parent zone's signature to be included in the signed
-version of the
-.Dv example.com
-zone.
-.Pp
-.Dl # dnssec-signzone example.com Kexample.com.+003+26160
-.Pp
-.Nm dnssec-signzone
-will create a file called
-.Dv example.com.signed ,
-the signed version of the
-.Dv example.com
-zone.
-This file can then be referenced in a
-.Dv zone{}
-statement in
-.Pa /etc/named.conf
-so that it can be loaded by the name server.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 .

bin/named/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.50 2000/06/28 02:54:55 tale Exp $
+# $Id: Makefile.in,v 1.49.2.1 2000/06/28 02:56:24 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/named/aclconf.c

@@ -1,199 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: aclconf.c,v 1.18 2000/06/22 21:54:17 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/aclconf.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx) {
-	ISC_LIST_INIT(ctx->named_acl_cache);
-}
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx) {
-     	dns_acl_t *dacl, *next;	
-	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
-	     dacl != NULL;
-	     dacl = next)
-	{
-		next = ISC_LIST_NEXT(dacl, nextincache);
-		dacl->name = NULL;
-		dns_acl_detach(&dacl);
-	}
-}
-
-static isc_result_t
-convert_named_acl(char *aclname, dns_c_ctx_t *cctx,
-		  dns_aclconfctx_t *ctx, isc_mem_t *mctx,
-		  dns_acl_t **target)
-{
-	isc_result_t result;
-	dns_c_acl_t *cacl;
-	dns_acl_t *dacl;
-
-	/* Look for an already-converted version. */
-	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
-	     dacl != NULL;
-	     dacl = ISC_LIST_NEXT(dacl, nextincache))
-	{
-		if (strcmp(aclname, dacl->name) == 0) {
-			dns_acl_attach(dacl, target);
-			return ISC_R_SUCCESS;
-		}
-	}
-	/* Not yet converted.  Convert now. */
-	result = dns_c_acltable_getacl(cctx->acls, aclname, &cacl);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-			      "undefined ACL '%s'", aclname);
-		return (result);
-	}
-	result = dns_acl_fromconfig(cacl->ipml, cctx, ctx, mctx, &dacl);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	dacl->name = aclname;
-	ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache);
-	dns_acl_attach(dacl, target);
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) {
-	isc_result_t result;
-	isc_buffer_t buf;
-	dns_fixedname_t fixname;
-	unsigned int keylen;
-
-	keylen = strlen(txtname);
-	isc_buffer_init(&buf, txtname, keylen);
-	isc_buffer_add(&buf, keylen);
-	dns_fixedname_init(&fixname);
-	result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
-				   dns_rootname, ISC_FALSE, NULL);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-			      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-			      "key name \"%s\" is not a valid domain name",
-			      txtname);
-		return (result);
-	}
-	return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
-}
-	       
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
-		   dns_c_ctx_t *cctx,
-		   dns_aclconfctx_t *ctx,
-		   isc_mem_t *mctx,
-		   dns_acl_t **target)
-{
-	isc_result_t result;
-	unsigned int count;
-	dns_acl_t *dacl = NULL;
-	dns_aclelement_t *de;
-	dns_c_ipmatchelement_t *ce;
-
-	REQUIRE(target != NULL && *target == NULL);
-	
-	count = 0;
-	for (ce = ISC_LIST_HEAD(caml->elements);
-	     ce != NULL;
-	     ce = ISC_LIST_NEXT(ce, next))
-		count++;
-
-	result = dns_acl_create(mctx, count, &dacl);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	
-	de = dacl->elements;
-	for (ce = ISC_LIST_HEAD(caml->elements);
-	     ce != NULL;
-	     ce = ISC_LIST_NEXT(ce, next))
-	{
-		de->negative = dns_c_ipmatchelement_isneg(ce);
-		switch (ce->type) {
-		case dns_c_ipmatch_pattern:
-			de->type = dns_aclelementtype_ipprefix;
-			isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
-						 &ce->u.direct.address);
-			/* XXX "mask" is a misnomer */
-			de->u.ip_prefix.prefixlen = ce->u.direct.mask;
-			break;
-		case dns_c_ipmatch_key:
-			de->type = dns_aclelementtype_keyname;
-			dns_name_init(&de->u.keyname, NULL);
-			result = convert_keyname(ce->u.key, mctx,
-						 &de->u.keyname);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		case dns_c_ipmatch_indirect:
-			de->type = dns_aclelementtype_nestedacl;
-			result = dns_acl_fromconfig(ce->u.indirect.list,
-						    cctx, ctx, mctx,
-						    &de->u.nestedacl);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		case dns_c_ipmatch_localhost:
-			de->type = dns_aclelementtype_localhost;
-			break;
-
-		case dns_c_ipmatch_any:
-			de->type = dns_aclelementtype_any;
-			break;
-
-		case dns_c_ipmatch_localnets:
-			de->type = dns_aclelementtype_localnets;
-			break;
-		case dns_c_ipmatch_acl:
-			de->type = dns_aclelementtype_nestedacl;
-			result = convert_named_acl(ce->u.aclname,
-						   cctx, ctx, mctx,
-						   &de->u.nestedacl);
-			if (result != ISC_R_SUCCESS)
-				goto cleanup;
-			break;
-		default:
-			isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
-				      DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
-				      "address match list contains "
-				      "unsupported element type");
-			result = ISC_R_FAILURE;
-			goto cleanup;
-		}
-		de++;
-		dacl->length++;
-	}
-
-	*target = dacl;
-	return (ISC_R_SUCCESS);
-	
- cleanup:
-	dns_acl_detach(&dacl);
-	return (result);
-}

bin/named/include/named/aclconf.h

@@ -1,71 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: aclconf.h,v 1.7 2000/06/22 21:55:06 tale Exp $ */
-
-#ifndef DNS_ACLCONF_H
-#define DNS_ACLCONF_H 1
-
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-#include <dns/types.h>
-
-typedef struct dns_aclconfctx {
-	ISC_LIST(dns_acl_t) named_acl_cache;
-} dns_aclconfctx_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx);
-/*
- * Initialize an ACL configuration context.
- */
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx);
-/*
- * Destroy an ACL configuration context.
- */
-
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
-		   dns_c_ctx_t *cctx,
-		   dns_aclconfctx_t *ctx,
-		   isc_mem_t *mctx,
-		   dns_acl_t **target);
-/*
- * Construct a new dns_acl_t from configuration data in 'caml' and
- * 'cctx'.  Memory is allocated through 'mctx'.
- *
- * Any named ACLs referred to within 'caml' will be be converted
- * inte nested dns_acl_t objects.  Multiple references to the same
- * named ACLs will be converted into shared references to a single
- * nested dns_acl_t object when the referring objects were created
- * passing the same ACL configuration context 'ctx'.
- *
- * On success, attach '*target' to the new dns_acl_t object.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ACLCONF_H */

bin/named/include/named/lwdclient.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.3 2000/06/26 20:50:00 bwelling Exp $ */
+/* $Id: lwdclient.h,v 1.2.2.1 2000/06/26 21:47:36 gson Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1

bin/named/include/named/lwresd.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.3 2000/06/28 00:06:25 bwelling Exp $ */
+/* $Id: lwresd.h,v 1.2.2.1 2000/06/28 00:19:06 gson Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1

bin/named/include/named/tkeyconf.h

@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tkeyconf.h,v 1.4 2000/06/22 21:56:16 tale Exp $ */
-
-#ifndef DNS_TKEYCONF_H
-#define DNS_TKEYCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
-		       dns_tkeyctx_t **tctxp);
-/*
- * 	Create a TKEY context and configure it, including the default DH key
- *	and default domain, according to 'cfg'.
- *
- *	Requires:
- *		'cfg' is a valid configuration context.
- *		'mctx' is not NULL
- *		'ectx' is not NULL
- *		'tctx' is not NULL
- *		'*tctx' is NULL
- *
- *	Returns:
- *		ISC_R_SUCCESS
- *		ISC_R_NOMEMORY
- */
- 
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TKEYCONF_H */

bin/named/include/named/tsigconf.h

@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tsigconf.h,v 1.4 2000/06/22 21:56:18 tale Exp $ */
-
-#ifndef DNS_TSIGCONF_H
-#define DNS_TSIGCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
-			   isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
-/*
- * Create a TSIG key ring and configure it according to the 'key'
- * statements in 'confview' and 'confctx'.
- *
- *	Requires:
- *		'confctx' is a valid configuration context.
- *		'mctx' is not NULL
- *		'ring' is not NULL, and '*ring' is NULL
- *
- *	Returns:
- *		ISC_R_SUCCESS
- *		ISC_R_NOMEMORY
- */
- 
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TSIGCONF_H */

bin/named/include/named/zoneconf.h

@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: zoneconf.h,v 1.11 2000/06/22 21:56:26 tale Exp $ */
-
-#ifndef DNS_ZONECONF_H
-#define DNS_ZONECONF_H 1
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-#include <dns/aclconf.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, dns_c_zone_t *czone,
-		   dns_aclconfctx_t *ac, dns_zone_t *zone);
-/*
- * Configure or reconfigure a zone according to the named.conf
- * data in 'cctx' and 'czone'.
- *
- * The zone origin is not configured, it is assumed to have been set
- * at zone creation time.
- *
- * Require:
- *	'lctx' to be initalised or NULL.
- *	'cctx' to be initalised or NULL.
- *	'ac' to point to an initialized ns_aclconfctx_t.
- *	'czone' to be initalised.
- *	'zone' to be initalised.
- */
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone);
-/*
- * If 'zone' can be safely reconfigured according to the configuration
- * data in 'czone', return ISC_TRUE.  If the configuration data is so
- * different from the current zone state that the zone needs to be destroyed
- * and recreated, return ISC_FALSE.
- */
-
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zonemgr);
-/*
- * Configure the zone manager according to the named.conf data
- * in 'cctx'.
- */
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ZONECONF_H */

bin/named/interfacemgr.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.44 2000/06/22 21:49:19 tale Exp $ */
+/* $Id: interfacemgr.c,v 1.44.2.1 2000/06/30 02:50:04 gson Exp $ */
 
 #include <config.h>
 
@@ -159,7 +159,6 @@ void
 ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr) {
 	REQUIRE(NS_INTERFACEMGR_VALID(mgr));
 
-	LOCK(&mgr->lock);
 	/*
 	 * Shut down and detach all interfaces.
 	 * By incrementing the generation count, we make purge_old_interfaces()
@@ -167,8 +166,6 @@ ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr) {
 	 */
 	mgr->generation++;
 	purge_old_interfaces(mgr);
-	INSIST(ISC_LIST_EMPTY(mgr->interfaces));
-	UNLOCK(&mgr->lock);	
 }
 
 
@@ -372,7 +369,7 @@ ns_interface_destroy(ns_interface_t *ifp) {
 	if (ifp->udpdispatch != NULL)
 		dns_dispatch_detach(&ifp->udpdispatch);
 	if (ifp->tcpsocket != NULL) {
-		isc_socket_cancel(ifp->tcpsocket, NULL, ISC_SOCKCANCEL_ALL);
+		/* isc_socket_cancel(ifp->tcpsocket, NULL, ISC_SOCKCANCEL_ALL); */
 		isc_socket_detach(&ifp->tcpsocket);
 	}
 

bin/named/lwdclient.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdclient.c,v 1.4 2000/06/26 20:49:56 bwelling Exp $ */
+/* $Id: lwdclient.c,v 1.3.2.1 2000/06/26 21:47:32 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwdgabn.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.4 2000/06/26 20:49:57 bwelling Exp $ */
+/* $Id: lwdgabn.c,v 1.3.2.1 2000/06/26 21:47:33 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwdgnba.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwdgnba.c,v 1.4 2000/06/26 20:49:59 bwelling Exp $ */
+/* $Id: lwdgnba.c,v 1.3.2.1 2000/06/26 21:47:35 gson Exp $ */
 
 #include <config.h>
 

bin/named/lwresd.8

@@ -1,191 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: lwresd.8,v 1.2 2000/06/28 02:51:45 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt LWRESD 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm lwresd
-.Nd lightweight resolver daemon
-.Sh SYNOPSIS
-.Nm lwresd
-.Op Fl C Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl i Ar pid-file
-.Op Fl n Ar #cpus
-.Op Fl P Ar query-port#
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Sh DESCRIPTION
-.Nm lwresd
-is the daemon for processes that use the BIND9 lightweight resolver
-library.
-The daemon is actually a DNS name server, 
-.Nm named ,
-though when it operates as the lightweight resolver server
-.Nm lwresd ,
-it is functionally and logically distinct from an actual name server.
-It does not handle conventional DNS lookups in the wire format defined
-in RFC1035 or listen for queries on the default name server port number.
-.Nm lwresd
-only handles requests that are in the canonical
-format for the lightweight resolver protocol.
-.Pp
-When listening for lightweight resolver queries,
-.Nm lwresd
-uses a UDP port on the IPv4 loopback interface, 127.0.0.1.
-This means that
-.Nm lwresd
-can only be used by processes running on the local machine.
-By default UDP port number 921 is used for lightweight resolver
-requests and responses.
-.Pp
-Incoming lightweight resolver requests are decoded by
-.Nm lwresd
-which resolves them using the DNS protocol.
-.Nm lwresd
-either forwards the DNS queries to the name servers listed in
-.Pa /etc/resolv.conf
-or else resolves the request for itself by querying its built-in list
-of root name servers.
-When the DNS lookup completes,
-.Nm lwresd
-encodes the answers from the name servers in the lightweight
-resolver format and returns them to the client that made the original
-request.
-.Pp
-The lightweight resolver daemon is comparable to a forwarding name server
-except that it receives requests in the lightweight resolver format
-rather than conventional DNS queries.
-It reads
-.Pa /etc/resolv.conf
-and uses the
-.Sy nameserver
-entries to determine which IP addresses to use when making DNS
-lookups.
-If no
-.Pa /etc/resolv.conf
-is present,
-.Nm lwresd
-uses its built-in list of root name servers.
-In this mode of operation,
-.Nm lwresd
-analagous to a caching-only name server, albeit one that does not
-receive conventional DNS queries.
-.Pp
-The lightweight resolver simplifies the task of looking up hostnames
-or IP addresses in the DNS.
-Clients construct simple questions like \*qwhat is the hostname for
-the following address?\*q or \*qwhat are the addresses of hostname
-.Dv host.example.com?\*q and send them to
-.Nm lwresd .
-This saves them from a number of possible complications and perhaps
-having to make many DNS queries to resolve the hostname or IP address.
-Without the lightweight resolver, clients would be expected to deal
-with the complexities of 
-processing the DNS resource records used for IPv6 addresses, dealing
-with DNAME records and possibly DNSSEC.
-Instead of directly handling those complications, clients can make
-.Nm lwresd
-do the work for them.
-.Pp
-The options to
-.Nm lwresd
-are as follows:
-.Bl -tag -width Ds
-.It Fl C
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm lwresd
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm lwresd
-in the foreground.
-.It Fl g
-also runs the lightweight resolver daemon in the foreground, but
-logs to
-.Dv stderr .
-.It Fl i
-write the daemon's process id (PID) to
-.Ar pid-file
-instead of the default pathname.
-.It Fl n
-create threads that use
-.Ar #cpus
-CPUs if the hardware and software permits this.
-When
-.Ar #cpus
-is set to zero,
-.Nm lwresd
-will try to determine the number of CPUs present and use 1 if this
-attempt fails.
-.It Fl P
-send DNS lookups to port number
-.Ar query-port#
-when querying name servers.
-This provides a way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard port number.
-.It Fl p
-listen for lightweight resolver queries on the loopback interface
-using UDP port
-.Ar port#
-instead of the default port number, 921.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit. This option is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm lwresd
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-.It Fl u
-run
-.Nm lwresd
-as UID
-.Ar user-id .
-The lightweight resolver daemon will change its UID after it has
-carried out any privileged operations, such as writing the PID file
-or creating a socket that uses its default UDP port number.
-.El
-.Sh FILES
-.Bl -tag -width  /var/run/lwresd.pid -compact
-.It Pa /etc/resolv.conf
-default configuration file
-.It Pa /var/run/lwresd.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr lwres 3 .
-.Sh BUGS
-.Nm lwresd
-is a daemon for lightweight resolvers, not a lightweight daemon
-for resolvers.

bin/named/lwresd.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.10 2000/06/28 00:06:24 bwelling Exp $ */
+/* $Id: lwresd.c,v 1.8.2.2 2000/06/28 00:19:05 gson Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.

bin/named/named.8

@@ -1,175 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: named.8,v 1.2 2000/06/28 02:51:46 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt NAMED 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named
-.Nd Internet domain name server (DNS)
-.Sh SYNOPSIS
-.Nm named
-.Op Fl c Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl n Ar #cpus
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Op Fl x Ar cache-file
-.Sh DESCRIPTION
-.Nm named
-is the ISC implementation of an Internet domain name server.
-See RFCs 1033, 1034, and 1035 for more information on the Internet
-domain name system.
-For historical reasons, the ISC's DNS software is known as BIND -
-Berkeley Internet Nameserver Distribution - because it was originally
-supplied with BSD
-.Ux
-releases.
-.Pp
-Without any arguments,
-.Nm named
-will read the default configuration file
-.Pa /etc/named.conf ,
-read any initial data, and listen for queries.
-It is also possible to use the BIND9 name server
-as a lightweight resolver server
-.Nm lwresd .
-However when operating as a lightweight resolver server,
-.Nm named
-is functionally and logically distinct from a
-conventional name server.
-More information can be found in 
-.Xr lwresd 8 .
-.Pp
-Although some command-line options can be used with
-.Nm named ,
-the name server's behaviour is controlled by its configuration file, 
-.Pa /etc/named.conf .
-Refer to the BIND9 Administrator Reference Manual for further details.
-.Pp
-The options to
-.Nm named
-are as follows:
-.Bl -tag -width Ds
-.It Fl c
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm named
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm named
-in the foreground.
-.It Fl g
-also runs the name server in the foreground, but
-logs to
-.Dv stderr .
-.It Fl n
-create threads that use
-.Ar #cpus
-CPUs if the hardware and software permits this.
-When
-.Ar #cpus
-is set to zero,
-.Nm named
-will try to determine the number of CPUs present and use 1 if this
-attempt fails.
-.It Fl p
-listen for queries on  port
-.Ar port#
-instead of the default port number, 53.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm named
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-.It Fl u
-run
-.Nm named
-as UID
-.Ar user-id .
-.Nm named
-will change its UID after it has
-carried out any privileged operations, such as writing the PID file
-or creating a socket that listens on port number 53.
-.It Fl x
-load DNS data from
-.Ar cache-file .
-This option must not be used.
-It is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.El
-.Sh SIGNALS
-In routine operation, signals should not be used to \*qcontrol\*q the
-name server.
-.Nm rndc
-should be used instead.
-Sending the name server a
-.Dv SIGHUP
-signal forces a reload of the server.
-A
-.Dv SIGINT
-or
-.Dv SIGTERM
-signal can be used to gracefully shut down the server.
-With the exception of
-.Dv SIGPIPE
-which
-.Nm named
-uses internally, sending any other signals to the name server
-will have an undefined outcome.
-The most likely result will be for the name server to terminate.
-It could hang because an internal deadlock was created when the name
-server took delivery of the signal.
-.\".Sh CONFIGURATION FILE FORMAT
-.\".Nm named 's
-.\"configuration file is too complex to describe in detail here.
-.\"A complete description is provided in the BIND9 Administrator
-.\"Reference Manual.
-.Sh FILES
-.Bl -tag -width  /var/run/named.pid -compact
-.It Pa /etc/named.conf
-default configuration file
-.It Pa /var/run/named.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr RFC1033 ,
-.Xr RFC1034 ,
-.Xr RFC1035 ,
-.Xr named.conf 5 ,
-.Xr zonefile 5 ,
-.Xr rndc 8 ,
-.Xr lwresd 8 ,
-BIND9 Administrator Reference Manual, June 2000.

bin/named/query.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: query.c,v 1.110 2000/06/26 21:42:33 explorer Exp $ */
+/* $Id: query.c,v 1.109.2.1 2000/06/26 22:38:56 gson Exp $ */
 
 #include <config.h>
 

bin/named/tkeyconf.c

@@ -1,97 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tkeyconf.c,v 1.11 2000/06/22 21:54:50 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/buffer.h>
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/mem.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-#include <dns/tkey.h>
-#include <dns/tkeyconf.h>
-
-#define RETERR(x) do { \
-	result = (x); \
-	if (result != ISC_R_SUCCESS) \
-		goto failure; \
-	} while (0)
-
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
-		       dns_tkeyctx_t **tctxp)
-{
-	isc_result_t result;
-	dns_tkeyctx_t *tctx = NULL;
-	char *s;
-	isc_uint32_t n;
-	isc_buffer_t b, namebuf;
-	unsigned char data[1024];
-	dns_name_t domain, keyname;
-
-	result = dns_tkeyctx_create(mctx, ectx, &tctx);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	s = NULL;
-	result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
-	if (result == ISC_R_NOTFOUND) {
-		*tctxp = tctx;
-		return (ISC_R_SUCCESS);
-	}
-	isc_buffer_init(&namebuf, data, sizeof(data));
-	dns_name_init(&keyname, NULL);
-	isc_buffer_init(&b, s, strlen(s));
-	isc_buffer_add(&b, strlen(s));
-	dns_name_fromtext(&keyname, &b, dns_rootname, ISC_FALSE, &namebuf);
-	RETERR(dst_key_fromfile(&keyname, n, DNS_KEYALG_DH,
-				DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
-				NULL, mctx, &tctx->dhkey));
-	s = NULL;
-	RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
-	dns_name_init(&domain, NULL);
-	tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
-	if (tctx->domain == NULL) {
-		result = ISC_R_NOMEMORY;
-		goto failure;
-	}
-	dns_name_init(tctx->domain, NULL);
-	isc_buffer_init(&b, s, strlen(s));
-	isc_buffer_add(&b, strlen(s));
-	RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
-				 &namebuf));
-	RETERR(dns_name_dup(&domain, mctx, tctx->domain));
-
-	*tctxp = tctx;
-	return (ISC_R_SUCCESS);
-
- failure:
-	if (tctx->dhkey != NULL)
-		dst_key_free(&tctx->dhkey);
-	if (tctx->domain != NULL) {
-		dns_name_free(tctx->domain, mctx);
-		isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
-		tctx->domain = NULL;
-	}
-	dns_tkeyctx_destroy(&tctx);
-	return (result);
-}
-

bin/named/tsigconf.c

@@ -1,166 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: tsigconf.c,v 1.7 2000/06/22 21:54:51 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/lex.h>
-#include <isc/mem.h>
-#include <isc/string.h>
-
-#include <dns/tsig.h>
-#include <dns/tsigconf.h>
-
-static isc_result_t
-add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
-		 isc_mem_t *mctx)
-{
-	isc_lex_t *lex = NULL;
-	dns_c_kdef_t *key;
-	unsigned char *secret = NULL;
-	int secretalloc = 0;
-	int secretlen = 0;
-	isc_result_t ret;
-	isc_stdtime_t now;
-
-	key = ISC_LIST_HEAD(list->keydefs);
-	while (key != NULL) {
-		dns_name_t keyname;
-		dns_name_t alg;
-		char keynamedata[1024], algdata[1024];
-		isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
-		isc_buffer_t secretsrc, secretbuf;
-
-		dns_name_init(&keyname, NULL);
-		dns_name_init(&alg, NULL);
-
-		/*
-		 * Create the key name.
-		 */
-		isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid));
-		isc_buffer_add(&keynamesrc, strlen(key->keyid));
-		isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
-		ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
-					ISC_TRUE, &keynamebuf);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-
-		/*
-		 * Create the algorithm.
-		 */
-		if (strcasecmp(key->algorithm, "hmac-md5") == 0)
-			alg = *dns_tsig_hmacmd5_name;
-		else {
-			isc_buffer_init(&algsrc, key->algorithm,
-					strlen(key->algorithm));
-			isc_buffer_add(&algsrc, strlen(key->algorithm));
-			isc_buffer_init(&algbuf, algdata, sizeof(algdata));
-			ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
-						ISC_TRUE, &algbuf);
-			if (ret != ISC_R_SUCCESS)
-				goto failure;
-		}
-
-		if (strlen(key->secret) % 4 != 0) {
-			ret = ISC_R_BADBASE64;
-			goto failure;
-		}
-		secretalloc = secretlen = strlen(key->secret) * 3 / 4;
-		secret = isc_mem_get(mctx, secretlen);
-		if (secret == NULL) {
-			ret = ISC_R_NOMEMORY;
-			goto failure;
-		}
-		isc_buffer_init(&secretsrc, key->secret, strlen(key->secret));
-		isc_buffer_add(&secretsrc, strlen(key->secret));
-		isc_buffer_init(&secretbuf, secret, secretlen);
-		ret = isc_lex_create(mctx, strlen(key->secret), &lex);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		ret = isc_lex_openbuffer(lex, &secretsrc);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		ret = isc_base64_tobuffer(lex, &secretbuf, -1);
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		secretlen = isc_buffer_usedlength(&secretbuf);
-		isc_lex_close(lex);
-		isc_lex_destroy(&lex);
-
-		isc_stdtime_get(&now);
-		ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
-					 ISC_FALSE, NULL, now, now,
-					 mctx, ring, NULL);
-		isc_mem_put(mctx, secret, secretalloc);
-		secret = NULL;
-		if (ret != ISC_R_SUCCESS)
-			goto failure;
-		key = ISC_LIST_NEXT(key, next);
-	}
-	return (ISC_R_SUCCESS);
-
- failure:
-	if (lex != NULL)
-		isc_lex_destroy(&lex);
-	if (secret != NULL)
-		isc_mem_put(mctx, secret, secretlen);
-	return (ret);
-
-}
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_view_t *confview, dns_c_ctx_t *confctx,
-			   isc_mem_t *mctx, dns_tsig_keyring_t **ringp)
-{
-	dns_c_kdeflist_t *keylist;
-	dns_tsig_keyring_t *ring = NULL;
-	isc_result_t result;
-
-	result = dns_tsigkeyring_create(mctx, &ring);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	keylist = NULL;
-	result = dns_c_ctx_getkdeflist(confctx, &keylist);
-	if (result == ISC_R_SUCCESS)
-		result = add_initial_keys(keylist, ring, mctx);
-	else if (result == ISC_R_NOTFOUND)
-		result = ISC_R_SUCCESS;
-	if (result != ISC_R_SUCCESS)
-		goto failure;
-
-	if (confview != NULL) {
-		keylist = NULL;	
-		result = dns_c_view_getkeydefs(confview, &keylist);
-		if (result == ISC_R_SUCCESS)
-			result = add_initial_keys(keylist, ring, mctx);
-		else if (result == ISC_R_NOTFOUND)
-			result = ISC_R_SUCCESS;
-		if (result != ISC_R_SUCCESS)
-			goto failure;
-	}
-
-	*ringp = ring;
-	return (ISC_R_SUCCESS);
-
- failure:
-	dns_tsigkeyring_destroy(&ring);
-	return (result);
-}

bin/named/unix/os.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: os.c,v 1.19 2000/06/28 16:26:40 explorer Exp $ */
+/* $Id: os.c,v 1.18.2.1 2000/06/28 16:50:01 gson Exp $ */
 
 #include <config.h>
 

bin/named/zoneconf.c

@@ -1,356 +0,0 @@
-/*
- * Copyright (C) 1999, 2000  Internet Software Consortium.
- * 
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/* $Id: zoneconf.c,v 1.43 2000/06/22 21:54:57 tale Exp $ */
-
-#include <config.h>
-
-#include <isc/string.h>		/* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/zone.h>
-#include <dns/zoneconf.h>
-#include <dns/ssu.h>
-
-/*
- * These are BIND9 server defaults, not necessarily identical to the
- * library defaults defined in zone.c.
- */
-#define MAX_XFER_TIME (2*3600)	/* Documented default is 2 hours. */
-#define DNS_DEFAULT_IDLEIN 3600		/* 1 hour */
-#define DNS_DEFAULT_IDLEOUT 3600	/* 1 hour */
-
-#define RETERR(x) do { \
-	isc_result_t _r = (x); \
-	if (_r != ISC_R_SUCCESS) \
-		return (_r); \
-	} while (0)
-
-/*
- * Convenience function for configuring a single zone ACL.
- */
-static isc_result_t
-configure_zone_acl(dns_c_zone_t *czone, dns_c_ctx_t *cctx, dns_c_view_t *cview,
-		   dns_aclconfctx_t *aclconfctx, dns_zone_t *zone,
-		   isc_result_t (*getcacl)(dns_c_zone_t *,
-					   dns_c_ipmatchlist_t **),
-		   isc_result_t (*getviewcacl)(dns_c_view_t *
-					       , dns_c_ipmatchlist_t **),
-		   isc_result_t (*getglobalcacl)(dns_c_ctx_t *,
-						 dns_c_ipmatchlist_t **),
-		   void (*setzacl)(dns_zone_t *, dns_acl_t *),
-		   void (*clearzacl)(dns_zone_t *))
-{
-	isc_result_t result;
-	dns_c_ipmatchlist_t *cacl;
-	dns_acl_t *dacl = NULL;
-	result = (*getcacl)(czone, &cacl);
-	if (result == ISC_R_NOTFOUND && getviewcacl != NULL && cview != NULL) {
-		result = (*getviewcacl)(cview, &cacl);
-	}
-	if (result == ISC_R_NOTFOUND && getglobalcacl != NULL) {
-		result = (*getglobalcacl)(cctx, &cacl);
-	}
-	if (result == ISC_R_SUCCESS) {
-		result = dns_acl_fromconfig(cacl, cctx, aclconfctx,
-					   dns_zone_getmctx(zone), &dacl);
-		dns_c_ipmatchlist_detach(&cacl);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-		(*setzacl)(zone, dacl);
-		dns_acl_detach(&dacl);
-		return (ISC_R_SUCCESS);
-	} else if (result == ISC_R_NOTFOUND) {
-		(*clearzacl)(zone);
-		return (ISC_R_SUCCESS);
-	} else {
-		return (result);
-	}
-}
-
-/*
- * Conver a config file zone type into a server zone type.
- */
-static dns_zonetype_t
-dns_zonetype_fromconf(dns_c_zonetype_t cztype) {
-	switch (cztype) {
-	case dns_c_zone_master:
-		return dns_zone_master;
-	case dns_c_zone_slave:
-		return dns_zone_slave;
-	case dns_c_zone_stub:
-		return dns_zone_stub;
-	default:
-		/*
-		 * Hint and forward zones are not really zones;
-		 * they should never get this far.
-		 */
-		INSIST(0);
-		return (dns_zone_none); /*NOTREACHED*/
-	}
-}
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, 
-		   dns_c_zone_t *czone, dns_aclconfctx_t *ac, 
-		   dns_zone_t *zone)
-{
-	isc_result_t result;
-	isc_boolean_t boolean;
-	const char *filename = NULL;
-#ifdef notyet
-	dns_c_severity_t severity;
-#endif
-	dns_c_iplist_t *iplist;
-	isc_sockaddr_t sockaddr;
-	isc_uint32_t uintval;
-	isc_sockaddr_t sockaddr_any4, sockaddr_any6;
-	dns_ssutable_t *ssutable = NULL;
-
-	isc_sockaddr_any(&sockaddr_any4);	
-	isc_sockaddr_any6(&sockaddr_any6);
-	
-	/*
-	 * Configure values common to all zone types.
-	 */
-
-	dns_zone_setclass(zone, czone->zclass);
-
-	dns_zone_settype(zone, dns_zonetype_fromconf(czone->ztype));
-
-	/* XXX needs to be an zone option */
-	RETERR(dns_zone_setdbtype(zone, "rbt"));
-
-	result = dns_c_zone_getfile(czone, &filename);
-	if (result == ISC_R_SUCCESS)
-		RETERR(dns_zone_setdatabase(zone, filename));
-	else if (czone->ztype != dns_c_zone_slave &&
-		 czone->ztype != dns_c_zone_stub)
-		return (result);
-
-#ifdef notyet
-	result = dns_c_zone_getchecknames(czone, &severity);
-	if (result == ISC_R_SUCCESS)
-		dns_zone_setchecknames(zone, severity);
-	else
-		dns_zone_setchecknames(zone, dns_c_severity_warn);
-#endif
-
-	/*
-	 * XXXAG This probably does not make sense for stubs.
-	 */
-	RETERR(configure_zone_acl(czone, cctx, cview, ac, zone,
-				  dns_c_zone_getallowquery,
-				  dns_c_view_getallowquery,
-				  dns_c_ctx_getallowquery,
-				  dns_zone_setqueryacl,
-				  dns_zone_clearqueryacl));
-
-	result = dns_c_zone_getdialup(czone, &boolean);
-	if (result != ISC_R_SUCCESS)
-		result = dns_c_ctx_getdialup(cctx, &boolean);
-	if (result != ISC_R_SUCCESS)
-		boolean = ISC_FALSE;
-	dns_zone_setoption(zone, DNS_ZONEOPT_DIALUP, boolean);
-
-	/*
-	 * Configure master functionality.  This applies
-	 * to primary masters (type "master") and slaves
-	 * acting as masters (type "slave"), but not to stubs.
-	 */
-	if (czone->ztype != dns_c_zone_stub) {
-		result = dns_c_zone_getnotify(czone, &boolean);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getnotify(cview, &boolean);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getnotify(cctx, &boolean);
-		if (result != ISC_R_SUCCESS)
-			boolean = ISC_TRUE;
-		dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFY, boolean);
-
-		iplist = NULL;
-		result = dns_c_zone_getalsonotify(czone, &iplist);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getalsonotify(cview, &iplist);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getalsonotify(cctx, &iplist);
-		if (result == ISC_R_SUCCESS)
-			RETERR(dns_zone_setalsonotify(zone, iplist->ips,
-						      iplist->nextidx));
-		else
-			RETERR(dns_zone_setalsonotify(zone, NULL, 0));
-		
-		RETERR(configure_zone_acl(czone, cctx, cview, ac, zone,
-					  dns_c_zone_getallowtransfer,
-					  dns_c_view_gettransferacl,
-					  dns_c_ctx_getallowtransfer,
-					  dns_zone_setxfracl,
-					  dns_zone_clearxfracl));
-
-		result = dns_c_zone_getmaxtranstimeout(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getmaxtransfertimeout(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getmaxtransfertimeout(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = MAX_XFER_TIME;
-		dns_zone_setmaxxfrout(zone, uintval);
-
-		result = dns_c_zone_getmaxtransidleout(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL) 
-			result = dns_c_view_getmaxtransferidleout(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransferidleout(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = DNS_DEFAULT_IDLEOUT;
-		dns_zone_setidleout(zone, uintval);
-	}
-
-	/*
-	 * Configure update-related options.  These apply to
-	 * primary masters only.
-	 */
-	if (czone->ztype == dns_c_zone_master) {
-		RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
-					  dns_c_zone_getallowupd,
-					  NULL, NULL,
-					  dns_zone_setupdateacl,
-					  dns_zone_clearupdateacl));
-
-		dns_zone_getssutable(zone, &ssutable);
-		if (ssutable != NULL)
-			dns_ssutable_detach(&ssutable);
-		result = dns_c_zone_getssuauth(czone, &ssutable);
-		if (result == ISC_R_SUCCESS) {
-			dns_ssutable_t *newssutable = NULL;
-			dns_ssutable_attach(ssutable, &newssutable);
-			dns_zone_setssutable(zone, newssutable);
-		}
-
-		result = dns_c_zone_getsigvalidityinterval(czone, &uintval);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_getsigvalidityinterval(cview,
-								  &uintval);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_getsigvalidityinterval(cctx,
-								 &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = 30 * 24 * 3600;
-		dns_zone_setsigvalidityinterval(zone, uintval);
-	}
-
-	/*
-	 * Configure slave functionality.
-	 */
-	switch (czone->ztype) {
-	case dns_c_zone_slave:
-	case dns_c_zone_stub:
-		iplist = NULL;
-		result = dns_c_zone_getmasterips(czone, &iplist);
-		if (result == ISC_R_SUCCESS)
-			result = dns_zone_setmasters(zone, iplist->ips,
-						     iplist->nextidx);
-		else
-			result = dns_zone_setmasters(zone, NULL, 0);
-		RETERR(result);
-
-		result = dns_c_zone_getmaxtranstimein(czone, &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransfertimein(cctx, &uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = MAX_XFER_TIME;
-		dns_zone_setmaxxfrin(zone, uintval);
-
-		result = dns_c_zone_getmaxtransidlein(czone, &uintval);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_getmaxtransferidlein(cctx,
-								&uintval);
-		if (result != ISC_R_SUCCESS)
-			uintval = DNS_DEFAULT_IDLEIN;
-		dns_zone_setidlein(zone, uintval);
-
-		result = dns_c_zone_gettransfersource(czone, &sockaddr);
-		if (result != ISC_R_SUCCESS && cview != NULL)
-			result = dns_c_view_gettransfersource(cview,
-							      &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			result = dns_c_ctx_gettransfersource(cctx, &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			sockaddr = sockaddr_any4;
-		dns_zone_setxfrsource4(zone, &sockaddr);
-
-		result = dns_c_zone_gettransfersourcev6(czone, &sockaddr);
-		if (result != ISC_R_SUCCESS && cview != NULL) 
-			result = dns_c_view_gettransfersourcev6(cview,
-								&sockaddr);
-		if (result != ISC_R_SUCCESS) 
-			result = dns_c_ctx_gettransfersourcev6(cctx,
-							       &sockaddr);
-		if (result != ISC_R_SUCCESS)
-			sockaddr = sockaddr_any6;
-		dns_zone_setxfrsource6(zone, &sockaddr);
-
-		break;
-		
-	default:
-		break;
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone) {
-	const char *cfilename;
-	const char *zfilename;
-
-	if (dns_zonetype_fromconf(czone->ztype) != dns_zone_gettype(zone))
-		return (ISC_FALSE);
-
-	cfilename = NULL;
-	(void) dns_c_zone_getfile(czone, &cfilename);
-	zfilename = dns_zone_getdatabase(zone);
-	if (cfilename == NULL || zfilename == NULL ||
-	    strcmp(cfilename, zfilename) != 0)
-		return (ISC_FALSE);
-
-	return (ISC_TRUE);
-}
-	
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zmgr) {
-	isc_uint32_t val;
-	isc_result_t result;
-	
-	result = dns_c_ctx_gettransfersin(cctx, &val);
-	if (result != ISC_R_SUCCESS)
-		val = 10;
-	dns_zonemgr_settransfersin(zmgr, val);
-
-	result = dns_c_ctx_gettransfersperns(cctx, &val);
-	if (result != ISC_R_SUCCESS)
-		val = 2;
-	dns_zonemgr_settransfersperns(zmgr, val);
-
-	return (ISC_R_SUCCESS);
-}
-

bin/nsupdate/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.2 2000/06/22 21:49:59 tale Exp $
+# $Id: Makefile.in,v 1.2.2.1 2000/06/29 00:06:11 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -57,9 +57,9 @@ clean distclean::
 	rm -f ${TARGETS}
 
 installdirs:
-	if [ ! -d ${DESTDIR}${sbindir} ]; then \
-		mkdir ${DESTDIR}${sbindir}; \
+	if [ ! -d ${DESTDIR}${bindir} ]; then \
+		mkdir ${DESTDIR}${bindir}; \
 	fi
 
 install:: nsupdate
-	${LIBTOOL} ${INSTALL_PROGRAM} dig ${DESTDIR}${sbindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} nsupdate ${DESTDIR}${bindir}

bin/nsupdate/nsupdate.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: nsupdate.c,v 1.10 2000/06/27 22:04:06 mws Exp $ */
+/* $Id: nsupdate.c,v 1.8.2.2 2000/06/29 03:00:57 gson Exp $ */
 
 #include <config.h>
 #include <netdb.h>
@@ -1040,7 +1040,7 @@ update_completed(isc_task_t *task, isc_event_t *event) {
 	check_result(result, "dns_message_create");
 	result = dns_request_getresponse(reqev->request, rcvmsg, ISC_TRUE);
 	check_result(result, "dns_request_getresponse");
-	if (debug) {
+	if (debugging) {
 		isc_buffer_init(&buf, bufstore, MSGTEXT);
 		result = dns_message_totext(rcvmsg, 0, &buf);
 		check_result(result, "dns_message_totext");

bin/rndc/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.8 2000/06/28 16:27:17 tale Exp $
+# $Id: Makefile.in,v 1.7.2.1 2000/06/28 16:28:03 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/rndc/rndc.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.14 2000/06/28 16:09:53 tale Exp $ */
+/* $Id: rndc.c,v 1.12.2.2 2000/06/28 16:13:46 tale Exp $ */
 
 /* 
  * Principal Author: DCL

bin/tests/adb_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: adb_test.c,v 1.55 2000/06/28 16:19:52 explorer Exp $ */
+/* $Id: adb_test.c,v 1.54.2.1 2000/06/28 16:45:22 gson Exp $ */
 
 #include <config.h>
 

bin/tests/byaddr_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: byaddr_test.c,v 1.17 2000/06/28 16:19:53 explorer Exp $ */
+/* $Id: byaddr_test.c,v 1.16.2.1 2000/06/28 16:45:24 gson Exp $ */
 
 /*
  * Principal Author: Bob Halley

bin/tests/byname_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: byname_test.c,v 1.19 2000/06/28 16:19:54 explorer Exp $ */
+/* $Id: byname_test.c,v 1.18.2.1 2000/06/28 16:45:25 gson Exp $ */
 
 /*
  * Principal Author: Bob Halley

bin/tests/dispatch_tcp_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dispatch_tcp_test.c,v 1.33 2000/06/28 16:19:55 explorer Exp $ */
+/* $Id: dispatch_tcp_test.c,v 1.32.2.1 2000/06/28 16:45:26 gson Exp $ */
 
 #include <config.h>
 

bin/tests/dispatch_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dispatch_test.c,v 1.44 2000/06/28 16:19:56 explorer Exp $ */
+/* $Id: dispatch_test.c,v 1.43.2.1 2000/06/28 16:45:27 gson Exp $ */
 
 #include <config.h>
 

bin/tests/keyboard_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: keyboard_test.c,v 1.4 2000/06/28 16:19:57 explorer Exp $ */
+/* $Id: keyboard_test.c,v 1.3.2.1 2000/06/28 16:45:29 gson Exp $ */
 
 #include <config.h>
 

bin/tests/omapi_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: omapi_test.c,v 1.24 2000/06/28 03:37:47 tale Exp $ */
+/* $Id: omapi_test.c,v 1.22.2.2 2000/06/28 03:41:27 tale Exp $ */
 
 /* 
  * Test code for OMAPI.

bin/tests/ratelimiter_test.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: ratelimiter_test.c,v 1.12 2000/06/28 16:27:36 gson Exp $ */
+/* $Id: ratelimiter_test.c,v 1.11.2.1 2000/06/28 17:59:06 gson Exp $ */
 
 #include <config.h>
 

bin/tests/system/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.11 2000/06/26 18:00:15 explorer Exp $
+# $Id: Makefile.in,v 1.10.2.1 2000/06/26 21:33:29 gson Exp $
 
 @BIND9_INCLUDES@
 SUBDIRS =	lwresd

bin/tests/system/limits/clean.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: clean.sh,v 1.2 2000/06/28 19:01:32 gson Exp $
+# $Id: clean.sh,v 1.1.2.1 2000/06/28 19:33:16 gson Exp $
 
 #
 # Clean up after zone transfer tests.

bin/tests/system/limits/tests.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: tests.sh,v 1.3 2000/06/28 19:01:38 gson Exp $
+# $Id: tests.sh,v 1.2.2.1 2000/06/28 19:33:17 gson Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh

bin/tests/system/lwresd/Makefile.in

@@ -13,7 +13,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: Makefile.in,v 1.4 2000/06/22 21:52:03 tale Exp $
+# $Id: Makefile.in,v 1.4.2.1 2000/06/28 23:22:34 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -28,11 +28,11 @@ CINCLUDES =	${LWRES_INCLUDES} ${ISC_INCLUDES}
 CDEFINES =
 CWARNINGS =
 
-LWRESLIBS =	${top_srcdir}/lib/lwres/liblwres.@A@
-ISCLIBS =	${top_srcdir}/lib/isc/libisc.@A@
+LWRESLIBS =	../../../../lib/lwres/liblwres.@A@
+ISCLIBS =	../../../../lib/isc/libisc.@A@
 
-LWRESDEPLIBS =	${top_srcdir}/lib/lwres/liblwres.@A@
-ISCDEPLIBS =	${top_srcdir}/lib/isc/libisc.@A@
+LWRESDEPLIBS =	../../../../lib/lwres/liblwres.@A@
+ISCDEPLIBS =	../../../../lib/isc/libisc.@A@
 
 DEPLIBS =	${LWRESDEPLIBS} ${ISCDEPLIBS}
 

bin/tests/system/lwresd/lwtest.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: lwtest.c,v 1.9 2000/06/28 22:41:46 bwelling Exp $ */
+/* $Id: lwtest.c,v 1.6.2.2 2000/06/28 22:53:21 gson Exp $ */
 
 #include <config.h>
 

bin/tests/system/lwresd/ns1/example1.db

@@ -13,7 +13,7 @@
 ; ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 ; SOFTWARE.
 
-; $Id: example1.db,v 1.5 2000/06/28 21:56:13 bwelling Exp $
+; $Id: example1.db,v 1.4.2.1 2000/06/28 22:01:42 gson Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (

bin/tests/system/start.sh

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: start.sh,v 1.22 2000/06/26 20:56:33 mws Exp $
+# $Id: start.sh,v 1.21.2.1 2000/06/26 21:21:18 gson Exp $
 
 #
 # Start name servers for running system tests.

bin/tests/system/testsock.pl

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: testsock.pl,v 1.7 2000/06/26 23:46:20 mws Exp $
+# $Id: testsock.pl,v 1.5.2.1 2000/06/26 20:50:23 gson Exp $
 
 # Test whether the interfaces on 10.53.0.* are up.
 
@@ -36,5 +36,4 @@ for ($id = 1 ; $id < 6 ; $id++) {
 	    	or die sprintf("$0: bind(%s, %d): $!\n",
 			       inet_ntoa($addr), $port);
 	close(SOCK);
-	sleep (1);
 }

configure

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# From configure.in Revision: 1.167 
+# From configure.in Revision: 1.165.2.2 
 
 ## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*-
 ## Copyright (C) 1996-1999 Free Software Foundation, Inc.

configure.in

@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)dnl
 esyscmd([sed "s/^/# /" COPYRIGHT])dnl
 AC_DIVERT_POP()dnl
 
-AC_REVISION($Revision: 1.167 $)
+AC_REVISION($Revision: 1.165.2.2 $)
 
 AC_INIT(lib/dns/name.c)
 AC_PREREQ(2.13)

contrib/nanny/nanny.pl

@@ -15,7 +15,7 @@
 # ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 # SOFTWARE.
 
-# $Id: nanny.pl,v 1.5 2000/06/27 00:31:36 mws Exp $
+# $Id: nanny.pl,v 1.4.2.1 2000/06/27 00:38:24 gson Exp $
 
 # A simple nanny to make sure named stays running.
 

doc/arm/Bv9ARM.1.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.1.html,v 1.5.2.2 2000/06/29 00:14:56 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.2.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.2.html,v 1.5.2.2 2000/06/29 00:14:57 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.3.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.3.html,v 1.5.2.2 2000/06/29 00:14:58 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.4.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.4.html,v 1.5.2.2 2000/06/29 00:15:00 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.5.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.5.html,v 1.5.2.2 2000/06/29 00:15:01 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.6.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.6.html,v 1.5.2.2 2000/06/29 00:15:03 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.7.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.7.html,v 1.5.2.2 2000/06/29 00:15:04 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.8.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.8.html,v 1.5.2.2 2000/06/29 00:15:05 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.9.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.9.html,v 1.1.2.1 2000/06/29 00:15:06 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.css

@@ -1,3 +1,22 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: Bv9ARM.css,v 1.4.2.2 2000/06/29 00:15:08 gson Exp $ */
+
 A:link {
 	color: blue;
 	text-decoration: underline;

doc/arm/Bv9ARM.html

@@ -1,4 +1,23 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML EXPERIMENTAL 970324//EN">
+<!--
+ - Copyright (C) 2000  Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ - ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ - OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ - CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ - DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ - PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ - ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ - SOFTWARE.
+-->
+
+<!-- $Id: Bv9ARM.html,v 1.4.2.2 2000/06/29 00:15:09 gson Exp $ -->
+
 <HTML>
 <HEAD>
 <META NAME="GENERATOR" CONTENT="Adobe FrameMaker 5.5/HTML Export Filter">

doc/arm/Bv9ARM.txt

@@ -1,3 +1,8 @@
+Copyright (C) 2000  Internet Software Consortium.
+See COPYRIGHT in the source root or http://www.isc.org/copyright for terms.
+
+$Id: Bv9ARM.txt,v 1.3.2.2 2000/06/29 00:15:10 gson Exp $
+
 BIND 9 Administrator Reference Manual
 June 2000
 Copyright (c) 2000 Internet Software Consortium

doc/dev/cvs-usage

@@ -1,72 +0,0 @@
-Copyright (C) 2000  Internet Software Consortium.
-See COPYRIGHT in the source root or http://www.isc.org/copyright for terms.
-
-Notes on CVS Usage
-
-Accessing the repository
-
-
-The recommended way of accessing the BIND 9 CVS repository is by ssh
-to rc.isc.org, using the following environment settings:
-
-   CVSROOT=:ext:rc.isc.org:/proj/cvs/isc
-   CVS_RSH=ssh
-
-
-
-Renaming files by respository copy
-
-
-When you need to rename or move a file that is under CVS control, use
-the "repository copy" method as described in the following text 
-borrowed from an ancient CVS FAQ:
-
-        2C.4   How do I rename a file?
-
-        CVS does not offer a way to rename a file in a way that CVS can
-        track later.  See Section 4B for more information.
-
-        Here is the best way to get the effect of renaming, while
-        preserving the change log:
-
-           1. Copy the RCS (",v") file directly in the Repository.
-
-                cp $CVSROOT/<odir>/<ofile>,v $CVSROOT/<ndir>/<nfile>,v
-
-           2. Remove the old file using CVS.
-
-              By duplicating the file, you will preserve the change
-              history and the ability to retrieve earlier revisions of the
-              old file via the "-r <tag/rev>" or "-D <date>" options to
-              "checkout" and "update".
-
-                cd <working-dir>/<odir>
-                rm <ofile>
-                cvs remove <ofile>
-                cvs commit <ofile>
-
-           3. Retrieve <newfile> and remove all the Tags from it.
-
-              By stripping off all the old Tags, the "checkout -r" and
-              "update -r" commands won't retrieve revisions Tagged before
-              the renaming.
-
-                cd <working-dir>/<ndir>
-                cvs update <nfile>
-                cvs log <nfile>                 # Save the list of Tags
-                cvs tag -d <tag1> <nfile>
-                cvs tag -d <tag2> <nfile>
-                . . .
-
-
-        This technique can be used to rename files within one directory or
-        across different directories.  You can apply this idea to
-        directories too, as long as you apply the above to each file and
-        don't delete the old directory.
-
-        Of course, you have to change the build system (e.g. Makefile) in
-        your <working-dir> to know about the name change.
-
-
-
-$Id: cvs-usage,v 1.2 2000/06/21 23:48:13 tale Exp $

doc/dev/tests

@@ -1,7 +1,3 @@
-Copyright (C) 2000  Internet Software Consortium.
-See COPYRIGHT in the source root or http://www.isc.org/copyright for terms.
-
-$Id: tests,v 1.6 2000/06/28 19:01:52 gson Exp $
 
 We do hourly test builds of the bind9 tree.  This is an attempt to
 document how they work.
@@ -11,7 +7,9 @@ document how they work.
 
 The scripts driving the build system are in ~wpk/b9t.  They are not
 under CVS control.  The builds are driven by cron jobs separately
-installed on each build system, running as user wpk. 
+installed on each build system, running as user wpk.  Here is a
+relevant extract from wpk's crontab on bb.rc.vix.com (reformatted to
+fit in 80 columns):
 
 The sources are checked out, and the web reports are generated,
 on bb, as driven by the following cron jobs:
@@ -49,27 +47,6 @@ they are not related.  The shell script b9t.cron then calls make,
 using the makefile b9t.mk in the same location.  This makefile moves
 the old status files out of the way and runs through the tests.
 
-The current test schedule is as follows:
-
-  :45             CVS tree extracted, tarball built and distributed
-  :00             Most tests begin
-  :45             Status report generator runs (was :30)
-
-  aix:            I can't seem to access that machine; it appears to be down.
-  bb:             Build starts at top of hour, 0300 to 2200
-  durango:        Build starts at top of hour, 0300 to 2200
-  trantor:        Build starts at top of hour, 0300 to 2100, odd-numbered hours
-		  only
-  hp:             Build starts at top of hour, 0300 to 2200
-  irix:           Build starts at top of hour, 0300 to 2200
-  netbsd:         Build starts at top of hour, 0300 to 2200 (was :45)
-  aa:             Build starts at top of hour, 0300 to 2200
-  rc:             Build starts at top of hour, 0300 to 2200
-  mirepoix:       Build starts at top of hour, 0300 to 2200
-  sol:            Build starts at top of hour, 0300 to 2200
-  truffle:        Build starts at top of hour, 0300 to 2200
-  anthrax:        Build starts at top of hour, 0300 to 2200
-
 The actual builds take place in a directory whose location differs
 among systems.  On most of them, it's on a local disk, under /build.
 On some, it's on NFS; in this case the location is defined in

doc/draft/draft-ietf-dnsext-apl-rr-00.txt

@@ -1,9 +1,10 @@
+
 INTERNET-DRAFT                                                Peter Koch
-Expires: December 2000                            Universitaet Bielefeld
-Updates: RFC 1035                                              June 2000
+Expires: September 2000                           Universitaet Bielefeld
+Updates: RFC 1035                                             March 2000
 
           A DNS RR Type for Lists of Address Prefixes (APL RR)
-                    draft-ietf-dnsext-apl-rr-01.txt
+                    draft-ietf-dnsext-apl-rr-00.txt
 
 
 Status of this Memo
@@ -27,7 +28,7 @@ Status of this Memo
    The list of Internet-Draft Shadow Directories can be accessed at
    http://www.ietf.org/shadow.html.
 
-   Comments should be sent to the author or the DNSEXT WG mailing list
+   Comments should be sent to the author or the DNSIND WG mailing list
    <namedroppers@internic.net>.
 
 Abstract
@@ -49,17 +50,17 @@ Abstract
 
 
 
-Koch                     Expires December 2000                  [Page 1]
+Koch                     Expires September 2000                 [Page 1]
 
-INTERNET-DRAFT                 DNS APL RR                      June 2000
+INTERNET-DRAFT                 DNS APL RR                     March 2000
 
 
 2. Background
 
    The Domain Name System [RFC1034], [RFC1035] provides a mechanism to
-   associate addresses and other Internet infrastructure elements with
+   associate addresses and other internet infrastructure elements with
    hierarchically built domain names. Various types of resource records
-   have been defined, especially those for IPv4 and IPv6 [RFCxxxx]
+   have been defined, especially those for IPv4 and IPv6 [RFC1886]
    addresses.  In [RFC1101] a method is described to publish information
    about the address space allocated to an organisation. In older BIND
    versions, a weak form of controlling access to zone data was
@@ -69,10 +70,9 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
 3. APL RR Type
 
-   An APL record has the DNS type of "APL" [draft, IANA: not yet applied
-   for] and a numeric value of [draft, IANA:to be assigned]. The APL RR
-   is defined in the IN class only. APL RRs cause no additional section
-   processing.
+   An APL record has the DNS type of "APL" [draft: not yet applied for]
+   and a numeric value of [draft:to be assigned]. The APL RR is defined
+   in the IN class only. APL RRs cause no additional section processing.
 
 4. APL RDATA format
 
@@ -102,51 +102,39 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
       AFDPART           address family dependent part. See below.
 
 
-
-
-
-Koch                     Expires December 2000                  [Page 2]
-
-INTERNET-DRAFT                 DNS APL RR                      June 2000
-
-
    This document defines the AFDPARTs for address families 1 (IPv4) and
+
+
+
+Koch                     Expires September 2000                 [Page 2]
+
+INTERNET-DRAFT                 DNS APL RR                     March 2000
+
+
    2 (IPv6).  Future revisions may deal with additional address
    families.
 
 4.1. AFDPART for IPv4
 
    The encoding of an IPv4 address (address family 1) follows the
-   encoding specified for the A RR by [RFC1035], section 3.4.1.
+   encoding specified for the A RR by [RFC1035], section 3.4.1. Trailing
+   zero octets MUST be ignored, regardless of the prefix length.
 
    PREFIX specifies the number of bits of the IPv4 address starting at
    the most significant bit. Legal values range from 0 to 32.
 
-   Trailing zero octets do not bear any information (e.g. there is no
-   semantic difference between 10.0.0.0/16 and 10/16) in an address
-   prefix, so the shortest possible AFDLENGTH can be used to encode it.
-   However, for DNSSEC [RFC2535] a single wire encoding must be used by
-   all. Therefore the sender MUST NOT include trailing zero octets in
-   the AFDPART regardless of the value of PREFIX. This includes cases in
-   which AFDLENGTH times 8 results in a value less than PREFIX. The
-   AFDPART is padded with zero bits to match a full octet boundary.
-
    An IPv4 AFDPART has a variable length of 0 to 4 octets.
 
 4.2. AFDPART for IPv6
 
-   The 128 bit IPv6 address (address family 2) is encoded in network
-   byte order (high-order byte first).
+   The encoding of an IPv6 address (address family 2) follows the
+   specification for the AAAA RR in [RFC1886], section 2.2. The 128 bit
+   address is encoded in network byte order. Trailing zero octets MUST
+   be ignored, regardless of the prefix length.
 
    PREFIX specifies the number of bits of the IPv6 address starting at
    the most significant bit. Legal values range from 0 to 128.
 
-   With the same reasoning as in 4.1 above, the sender MUST NOT include
-   trailing zero octets in the AFDPART regardless of the value of
-   PREFIX. This includes cases in which AFDLENGTH times 8 results in a
-   value less than PREFIX.  The AFDPART is padded with zero bits to
-   match a full octet boundary.
-
    An IPv6 AFDPART has a variable length of 0 to 16 octets.
 
 5. Zone File Syntax
@@ -158,19 +146,11 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
    The data consists of zero or more strings of the address family
    indicator <afi>, immediately followed by a colon ":", an address,
-
-
-
-Koch                     Expires December 2000                  [Page 3]
-
-INTERNET-DRAFT                 DNS APL RR                      June 2000
-
-
    immediately followed by the "/" character, immediately followed by a
    decimal numeric value for the prefix length. Any such string may be
-   preceded by a "!" character. The strings are separated by whitespace.
-   The <afi> is the decimal numeric value of that particular address
-   family.
+   preceeded by a "!" character. The strings are separated by
+   whitespace.  The <afi> is the decimal numeric value of that
+   particular address family.
 
 5.1. Textual Representation of IPv4 Addresses
 
@@ -180,6 +160,13 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
 5.2. Textual Representation of IPv6 Addresses
 
+
+
+Koch                     Expires September 2000                 [Page 3]
+
+INTERNET-DRAFT                 DNS APL RR                     March 2000
+
+
    The representation of an IPv6 address in the <address> part of an
    <apstring> follows [RFC2373], section 2.2. Legal values for <prefix>
    are from the interval 0..128 (decimal).
@@ -187,13 +174,13 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 6. APL RR usage
 
    An APL RR with empty RDATA is valid and implements an empty list.
-   Multiple occurrences of the same <apstring> in a single APL RR are
+   Multiple occurences of the same <apstring> in a single APL RR are
    allowed and MUST NOT be merged by a DNS server or resolver.
    <apstrings> MUST be kept in order and MUST NOT be rearranged or
    aggregated.
 
    A single APL RR may contain <apstrings> belonging to different
-   address families.  The maximum number of <apstrings> is upper bounded
+   address families.  The maximum number of <apstrings> is upperbounded
    by the available RDATA space.
 
    RRSets consisting of more than one APL RR are legal but the
@@ -215,13 +202,6 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
     o how to interpret an empty APL RR
 
-
-
-Koch                     Expires December 2000                  [Page 4]
-
-INTERNET-DRAFT                 DNS APL RR                      June 2000
-
-
     o which address families are expected to appear in the APL RRs for
       that application
 
@@ -230,11 +210,19 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
     o the exact semantics of list elements negated by the "!" character
 
+
    Possible applications include the publication of address ranges
    similar to [RFC1101], description of zones built following [RFC2317]
    and in-band access control to limit general access or zone transfer
    (AXFR) availability for zone data held in DNS servers.
 
+
+
+Koch                     Expires September 2000                 [Page 4]
+
+INTERNET-DRAFT                 DNS APL RR                     March 2000
+
+
    The specification of particular application scenarios is out of the
    scope of this document.
 
@@ -264,20 +252,13 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 9. Security Considerations
 
    Any information obtained from the DNS should be regarded as unsafe
-   unless techniques specified in [RFC2535] or [RFC2845] were used. The
+   unless techniques specified in [RFC2535] or [TSIGRR] were used. The
    definition of a new RR type does not introduce security problems into
    the DNS, but usage of information made available by APL RRs may
    compromise security. This includes disclosure of network topology
    information and in particular the use of APL RRs to construct access
    control lists.
 
-
-
-Koch                     Expires December 2000                  [Page 5]
-
-INTERNET-DRAFT                 DNS APL RR                      June 2000
-
-
 10. IANA Considerations
 
    This section is to be interpreted as following [RFC2434].
@@ -290,6 +271,14 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
 11. Acknowledgements
 
+
+
+
+Koch                     Expires September 2000                 [Page 5]
+
+INTERNET-DRAFT                 DNS APL RR                     March 2000
+
+
    The author would like to thank Mark Andrews for his review and
    constructive comments.
 
@@ -305,9 +294,8 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
    [RFC1101]   Mockapetris,P., "DNS Encoding of Network Names and Other
                Types", RFC 1101, April 1989
 
-   [RFCxxxx]   Crawford,M., Huitema,C., Thomson,S., "DNS Extensions to
-               Support IPv6 Address Aggregation and Renumbering", work in
-               progress
+   [RFC1886]   Thomson,S., Huitema.,C., "DNS Extensions to support IP
+               version 6", RFC 1886, December 1995
 
    [RFC2119]   Bradner,S., "Key words for use in RFCs to Indicate
                Requirement Levels", RFC 2119, BCP 14, March 1997
@@ -325,29 +313,28 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
                Considerations Section in RFCs", RFC 2434, BCP 26, October
                1998
 
-
-
-
-
-Koch                     Expires December 2000                  [Page 6]
-
-INTERNET-DRAFT                 DNS APL RR                      June 2000
-
-
    [RFC2535]   Eastlake,D., "Domain Name System Security Extensions", RFC
                2535, March 1999
 
    [RFC2606]   Eastlake,D., Panitz,A., "Reserved Top Level DNS Names",
                RFC 2606, BCP 32, June 1999
 
-   [RFC2845]   Vixie,P., Gudmundsson,O., Eastlake,D., Wellington,B.,
-               "Secret Key Transaction Authentication for DNS (TSIG)",
-               RFC 2845, May 2000
+   [TSIGRR]    Vixie,P., Gudmundsson,O., Eastlake,D., Wellington,B.,
+               "Secret Key Transaction Signatures for DNS (TSIG)",
+               <draft-ietf-dnsind-tsig-XX.txt>, work in progress
 
 
 13. Author's Address
 
    Peter Koch
+
+
+
+Koch                     Expires September 2000                 [Page 6]
+
+INTERNET-DRAFT                 DNS APL RR                     March 2000
+
+
    Universitaet Bielefeld
    Technische Fakultaet
    D-33594 Bielefeld
@@ -385,4 +372,18 @@ INTERNET-DRAFT                 DNS APL RR                      June 2000
 
 
 
-Koch                     Expires December 2000                  [Page 7]
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Koch                     Expires September 2000                 [Page 7]

doc/man/app.3

@@ -14,13 +14,14 @@
 .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: isc_app.3,v 1.2 2000/06/28 02:35:01 jim Exp $
+.\" $Id: app.3,v 1.1 2000/06/23 00:17:06 jim Exp $
 .\"
 .Dd Jun 30, 2000
-.Dt ISC_APP 3
+.Dt APP 3
 .Os BIND9 9
 .ds vT BIND9 Programmer's Manual
 .Sh NAME
+.Nm handle_signal ,
 .Nm isc_app_start ,
 .Nm isc_app_onrun ,
 .Nm isc_app_run ,
@@ -47,11 +48,10 @@
 .Fd #include <isc/string.h>
 .Fd #include <isc/task.h>
 .Fd #include <isc/util.h>
-
+.Ft static isc_result_t
+.Fn handle_signal "int sig" "void (*handler)(int)"
 .Ft isc_result_t
-.Fo isc_app_start
-.Fa void
-.Fc
+.Fn isc_app_start "void"
 .Ft isc_result_t
 .Fo isc_app_onrun
 .Fa "isc_mem_t *mctx"
@@ -60,25 +60,30 @@
 .Fa "void *arg"
 .Fc
 .Ft isc_result_t
-.Fo isc_app_run
-.Fa void
-.Fc
+.Fn isc_app_run "void"
 .Ft isc_result_t
-.Fo isc_app_shutdown
-.Fa void
-.Fc
+.Fn isc_app_shutdown "void"
 .Ft isc_result_t
-.Fo isc_app_reload
-.Fa void
-.Fc
+.Fn isc_app_reload "void"
 .Ft void
-.Fo isc_app_finish
-.Fa void
-.Fc
+.Fn isc_app_finish "void"
 .Sh DESCRIPTION
 These functions define the interface for creating and terminating
 applications which use the BIND9 library.
 .Pp
+.Fn handle_signal
+sets up a signal handler for signal
+.Fa sig .
+.Fa handler
+is a pointer to the function that will be called whenever signal
+.Fa sig
+is delivered to the name server.
+The signal handler is a void function which is passed an
+.Ft int
+argument: the number of the signal
+.Fa sig
+that has been delivered.
+.Pp
 Applications which use the BIND9 library should begin by calling
 .Fn isc_app_start .
 It sets up a signal handler to ignore
@@ -188,7 +193,7 @@ returns
 .Er ISC_R_SUCCESS
 or
 .Er ISC_R_UNEXPECTED
-depending on whether the signal handler was successfully installed
+depending on whether the signal handlers were successfully installed
 or not.
 .Pp
 .Fn isc_app_onrun

doc/man/app.man

@@ -0,0 +1,233 @@
+.\" Copyright (C) 2000  Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+
+.\" $Id: app.man,v 1.2 2000/06/22 00:52:05 tale Exp $
+.\"
+.Dd Jun 30, 2000
+.Dt APP 3
+.Os BIND9 9
+.ds vT BIND9 Programmer's Manual
+.Sh NAME
+.Nm handle_signal ,
+.Nm isc_app_start ,
+.Nm isc_app_onrun ,
+.Nm isc_app_run ,
+.Nm isc_app_shutdown ,
+.Nm isc_app_reload ,
+.Nm isc_app_finish 
+.Nd application management functions
+.Sh SYNOPSIS
+.Fd #include <config.h>
+ 
+.Fd #include <pthread.h>
+ 
+.Fd #include <sys/types.h>
+ 
+.Fd #include <stddef.h>
+.Fd #include <errno.h>
+.Fd #include <unistd.h>
+.fd #include <signal.h>
+ 
+.Fd #include <isc/app.h>
+.Fd #include <isc/boolean.h>
+.Fd #include <isc/mutex.h>
+.Fd #include <isc/event.h>
+.Fd #include <isc/string.h>
+.Fd #include <isc/task.h>
+.Fd #include <isc/util.h>
+.Ft static isc_result_t
+.Fn handle_signal "int sig" "void (*handler)(int)"
+.Ft isc_result_t
+.Fn isc_app_start "void"
+.Ft isc_result_t
+.Fo isc_app_onrun
+.Fa "isc_mem_t *mctx"
+.Fa "isc_task_t *task"
+.Fa "isc_taskaction_t action"
+.Fa "void *arg"
+.Fc
+.Ft isc_result_t
+.Fn isc_app_run "void"
+.Ft isc_result_t
+.Fn isc_app_shutdown "void"
+.Ft isc_result_t
+.Fn isc_app_reload "void"
+.Ft void
+.Fn isc_app_finish "void"
+.Sh DESCRIPTION
+These functions define the interface for creating and terminating
+applications which use the BIND9 library.
+.Pp
+.Fn handle_signal
+sets up a signal handler for signal
+.Fa sig .
+.Fa handler
+is a pointer to the function that will be called whenever signal
+.Fa sig
+is delivered to the name server.
+The signal handler is a void function which is passed an
+.Ft int
+argument: the number of the signal
+.Fa sig
+that has been delivered.
+.Pp
+Applications which use the BIND9 library should begin by calling
+.Fn isc_app_start .
+It sets up a signal handler to ignore
+.Dv SIGPIPE .
+.Fn isc_app_start 
+blocks signals
+.Dv SIGHUP ,
+.Dv SIGINT 
+and
+.Dv SIGTERM
+This ensures that all subsequent threads will have these signals blocked by
+default.
+Any thread which wants to take delivery of these signals will have to
+arrange its own signal handlers for them.
+.Fn isc_app_start
+then initialises a queue of runnable tasks for the application.
+Calls to
+.Fn isc_app_start
+should be made before any other BIND9 library call, ideally as 
+close to the beginning of the application as possible.
+.Pp 
+.Fn isc_app_onrun
+arranges for delivery of an event to an application when it is executing.
+This function should only be invoked after
+.Fn isc_app_start
+has been called.
+It creates an 
+.Ft isc_event_t
+structure from memory context
+.Fa mctx
+for task
+.Fa task .
+.Fa arg
+is a pointer to some structure that can be referenced by the event
+handler
+.Fa action 
+which is invoked when the application takes delivery of a shutdown
+event
+.Dv ISC_APPEVENT_SHUTDOWN .
+.Pp
+An ISC library application is executed by calling
+.Fn isc_app_run .
+It should only be used after
+.Fn isc_app_start
+has been called.
+.Fn isc_app_run
+will not block until any events that have been requested with
+.Fn isc_app_onrun
+have been posted.
+These events will be in FIFO order.
+Typically
+.Fn isc_app_run
+will be called by the initial thread of an application which will then
+block until shutdown is requested.
+When a call to
+.Fn isc_app_run
+returns, the caller should arrange to shutdown the application.
+.Pp
+Applications should be shutdown using
+.Fn isc_app_shutdown .
+It can only be invoked after
+.Fn isc_app_run
+has been called.
+.Fn isc_app_shutdown
+sends a
+.Dv SIGTERM 
+signal to the current process.
+Multiple calls to
+.Fn isc_app_shutdown
+can be made.
+Only one shutdown attempt will be carried out.
+.Pp
+The reload signal
+.Dv SIGHUP
+is sent to the process by 
+.Fn isc_app_reload .
+The function returns
+.Er ISC_R_SUCCESS
+on success or
+.Er ISC_R_UNEXPECTED
+if the attempt to send the reload signal fails.
+.Pp
+.Fn isc_app_finish
+should be called at the end of an application which uses the BIND9
+library.
+It should be invoked at or near to the end of
+.Dv main() .
+The function ensures that any resources allocated by
+.Fn isc_app_start
+get released.
+It therefore follows that
+.Fn isc_app_finish
+should only be used if
+.Fn isc_app_start
+was called earlier in the application.
+.Sh RETURN VALUES
+A successful call to
+.Fn handle_signal
+returns 
+.Er ISC_R_SUCCESS
+and
+.Er ISC_R_UNEXPECTED
+is returned if it was unable to set up a signal handler.
+.Pp
+.Fn isc_app_start
+returns
+.Er ISC_R_SUCCESS
+or
+.Er ISC_R_UNEXPECTED
+depending on whether the signal handlers were successfully installed
+or not.
+.Pp
+.Fn isc_app_onrun
+returns
+.Er ISC_R_SUCCESS
+unless it was not possible to create the event structure
+.Ft isc_event_t 
+in which case it returns
+.Er ISC_R_NOMEMORY .
+.Pp
+.Fn isc_app_run
+returns
+.Er ISC_R_SUCCESS
+if shutdown has been requested and
+.Er ISC_R_RELOAD
+if a reload was requested.
+.Er ISC_R_UNEXPECTED
+is returned by
+.Fn isc_app_run
+when attempts to set or reset signal handlers fail.
+.Pp
+.Er ISC_R_UNEXPECTED
+is returned by 
+.Fn isc_app_shutdown
+if the signal was not sent successfully.
+Otherwise
+.Fn isc_app_shutdown
+returns
+.Er ISC_R_SUCCESS .
+.Pp
+Functions which return
+.Er ISC_R_UNEXPECTED
+will print an error message on the standard error output,
+.Dv stderr .
+.Sh SEE ALSO
+.Xr sigsetops 3 ,
+.Xr pthreads 3 ,
+.Xr kill 2

doc/man/bin/lwresd.8

@@ -1,191 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: lwresd.8,v 1.2 2000/06/28 02:51:45 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt LWRESD 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm lwresd
-.Nd lightweight resolver daemon
-.Sh SYNOPSIS
-.Nm lwresd
-.Op Fl C Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl i Ar pid-file
-.Op Fl n Ar #cpus
-.Op Fl P Ar query-port#
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Sh DESCRIPTION
-.Nm lwresd
-is the daemon for processes that use the BIND9 lightweight resolver
-library.
-The daemon is actually a DNS name server, 
-.Nm named ,
-though when it operates as the lightweight resolver server
-.Nm lwresd ,
-it is functionally and logically distinct from an actual name server.
-It does not handle conventional DNS lookups in the wire format defined
-in RFC1035 or listen for queries on the default name server port number.
-.Nm lwresd
-only handles requests that are in the canonical
-format for the lightweight resolver protocol.
-.Pp
-When listening for lightweight resolver queries,
-.Nm lwresd
-uses a UDP port on the IPv4 loopback interface, 127.0.0.1.
-This means that
-.Nm lwresd
-can only be used by processes running on the local machine.
-By default UDP port number 921 is used for lightweight resolver
-requests and responses.
-.Pp
-Incoming lightweight resolver requests are decoded by
-.Nm lwresd
-which resolves them using the DNS protocol.
-.Nm lwresd
-either forwards the DNS queries to the name servers listed in
-.Pa /etc/resolv.conf
-or else resolves the request for itself by querying its built-in list
-of root name servers.
-When the DNS lookup completes,
-.Nm lwresd
-encodes the answers from the name servers in the lightweight
-resolver format and returns them to the client that made the original
-request.
-.Pp
-The lightweight resolver daemon is comparable to a forwarding name server
-except that it receives requests in the lightweight resolver format
-rather than conventional DNS queries.
-It reads
-.Pa /etc/resolv.conf
-and uses the
-.Sy nameserver
-entries to determine which IP addresses to use when making DNS
-lookups.
-If no
-.Pa /etc/resolv.conf
-is present,
-.Nm lwresd
-uses its built-in list of root name servers.
-In this mode of operation,
-.Nm lwresd
-analagous to a caching-only name server, albeit one that does not
-receive conventional DNS queries.
-.Pp
-The lightweight resolver simplifies the task of looking up hostnames
-or IP addresses in the DNS.
-Clients construct simple questions like \*qwhat is the hostname for
-the following address?\*q or \*qwhat are the addresses of hostname
-.Dv host.example.com?\*q and send them to
-.Nm lwresd .
-This saves them from a number of possible complications and perhaps
-having to make many DNS queries to resolve the hostname or IP address.
-Without the lightweight resolver, clients would be expected to deal
-with the complexities of 
-processing the DNS resource records used for IPv6 addresses, dealing
-with DNAME records and possibly DNSSEC.
-Instead of directly handling those complications, clients can make
-.Nm lwresd
-do the work for them.
-.Pp
-The options to
-.Nm lwresd
-are as follows:
-.Bl -tag -width Ds
-.It Fl C
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm lwresd
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm lwresd
-in the foreground.
-.It Fl g
-also runs the lightweight resolver daemon in the foreground, but
-logs to
-.Dv stderr .
-.It Fl i
-write the daemon's process id (PID) to
-.Ar pid-file
-instead of the default pathname.
-.It Fl n
-create threads that use
-.Ar #cpus
-CPUs if the hardware and software permits this.
-When
-.Ar #cpus
-is set to zero,
-.Nm lwresd
-will try to determine the number of CPUs present and use 1 if this
-attempt fails.
-.It Fl P
-send DNS lookups to port number
-.Ar query-port#
-when querying name servers.
-This provides a way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard port number.
-.It Fl p
-listen for lightweight resolver queries on the loopback interface
-using UDP port
-.Ar port#
-instead of the default port number, 921.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit. This option is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm lwresd
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-.It Fl u
-run
-.Nm lwresd
-as UID
-.Ar user-id .
-The lightweight resolver daemon will change its UID after it has
-carried out any privileged operations, such as writing the PID file
-or creating a socket that uses its default UDP port number.
-.El
-.Sh FILES
-.Bl -tag -width  /var/run/lwresd.pid -compact
-.It Pa /etc/resolv.conf
-default configuration file
-.It Pa /var/run/lwresd.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr named 8 ,
-.Xr lwres 3 .
-.Sh BUGS
-.Nm lwresd
-is a daemon for lightweight resolvers, not a lightweight daemon
-for resolvers.

doc/man/bin/named.8

@@ -1,175 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: named.8,v 1.2 2000/06/28 02:51:46 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt NAMED 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm named
-.Nd Internet domain name server (DNS)
-.Sh SYNOPSIS
-.Nm named
-.Op Fl c Ar config-file
-.Op Fl d Ar debuglevel
-.Op Fl f g s
-.Op Fl n Ar #cpus
-.Op Fl p Ar port#
-.Op Fl t Ar directory
-.Op Fl u Ar user-id
-.Op Fl x Ar cache-file
-.Sh DESCRIPTION
-.Nm named
-is the ISC implementation of an Internet domain name server.
-See RFCs 1033, 1034, and 1035 for more information on the Internet
-domain name system.
-For historical reasons, the ISC's DNS software is known as BIND -
-Berkeley Internet Nameserver Distribution - because it was originally
-supplied with BSD
-.Ux
-releases.
-.Pp
-Without any arguments,
-.Nm named
-will read the default configuration file
-.Pa /etc/named.conf ,
-read any initial data, and listen for queries.
-It is also possible to use the BIND9 name server
-as a lightweight resolver server
-.Nm lwresd .
-However when operating as a lightweight resolver server,
-.Nm named
-is functionally and logically distinct from a
-conventional name server.
-More information can be found in 
-.Xr lwresd 8 .
-.Pp
-Although some command-line options can be used with
-.Nm named ,
-the name server's behaviour is controlled by its configuration file, 
-.Pa /etc/named.conf .
-Refer to the BIND9 Administrator Reference Manual for further details.
-.Pp
-The options to
-.Nm named
-are as follows:
-.Bl -tag -width Ds
-.It Fl c
-use
-.Ar config-file
-as the configuration file instead of the default,
-.Pa /etc/resolv.conf .
-.It Fl d
-set the daemon's debug level to
-.Ar debuglevel .
-Debugging traces from
-.Nm named
-become more verbose as the debug level increases.
-.It Fl f
-run
-.Nm named
-in the foreground.
-.It Fl g
-also runs the name server in the foreground, but
-logs to
-.Dv stderr .
-.It Fl n
-create threads that use
-.Ar #cpus
-CPUs if the hardware and software permits this.
-When
-.Ar #cpus
-is set to zero,
-.Nm named
-will try to determine the number of CPUs present and use 1 if this
-attempt fails.
-.It Fl p
-listen for queries on  port
-.Ar port#
-instead of the default port number, 53.
-.It Fl s
-write memory usage statistics to
-.Dv stdout
-on exit.
-This option is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.It Fl t
-tells
-.Nm named
-to chroot() to
-.Ar directory
-immediately after reading its config file.
-.It Fl u
-run
-.Nm named
-as UID
-.Ar user-id .
-.Nm named
-will change its UID after it has
-carried out any privileged operations, such as writing the PID file
-or creating a socket that listens on port number 53.
-.It Fl x
-load DNS data from
-.Ar cache-file .
-This option must not be used.
-It is only of interest
-to BIND9 developers and may be removed or changed in a future release.
-.El
-.Sh SIGNALS
-In routine operation, signals should not be used to \*qcontrol\*q the
-name server.
-.Nm rndc
-should be used instead.
-Sending the name server a
-.Dv SIGHUP
-signal forces a reload of the server.
-A
-.Dv SIGINT
-or
-.Dv SIGTERM
-signal can be used to gracefully shut down the server.
-With the exception of
-.Dv SIGPIPE
-which
-.Nm named
-uses internally, sending any other signals to the name server
-will have an undefined outcome.
-The most likely result will be for the name server to terminate.
-It could hang because an internal deadlock was created when the name
-server took delivery of the signal.
-.\".Sh CONFIGURATION FILE FORMAT
-.\".Nm named 's
-.\"configuration file is too complex to describe in detail here.
-.\"A complete description is provided in the BIND9 Administrator
-.\"Reference Manual.
-.Sh FILES
-.Bl -tag -width  /var/run/named.pid -compact
-.It Pa /etc/named.conf
-default configuration file
-.It Pa /var/run/named.pid
-default process-id file
-.El
-.Sh SEE ALSO
-.Xr RFC1033 ,
-.Xr RFC1034 ,
-.Xr RFC1035 ,
-.Xr named.conf 5 ,
-.Xr zonefile 5 ,
-.Xr rndc 8 ,
-.Xr lwresd 8 ,
-BIND9 Administrator Reference Manual, June 2000.

doc/man/dir.3

@@ -16,10 +16,10 @@
 .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: isc_dir.3,v 1.1 2000/06/27 21:51:44 jim Exp $
+.\" $Id: dir.3,v 1.1 2000/06/23 00:30:11 jim Exp $
 .\"
 .Dd Jun 30, 2000
-.Dt ISC_DIR 3 
+.Dt FSDIR 3 
 .Os BIND9 9
 .ds vT BIND9 Programmer's Manual
 .Sh NAME
@@ -42,26 +42,15 @@
  
 .Fd #include \*qerrno2result.h\*q
 .Ft void
-.Fo isc_dir_init
-.Fa "isc_dir_t *dir"
-.Fc
+.Fn isc_dir_init "isc_dir_t *dir"
 .Ft isc_result_t
-.Fo isc_dir_open
-.Fa "isc_dir_t *dir,
-.Fa "const char *dirname"
-.Fc
+.Fn isc_dir_open "isc_dir_t *dir, const char *dirname"
 .Ft isc_result_t
-.Fo isc_dir_read
-.Fa "isc_dir_t *dir"
-.Fc
+.Fn isc_dir_read "isc_dir_t *dir"
 .Ft isc_result_t
-.Fo isc_dir_close
-.Fa "isc_dir_t *dir"
-.Fc
+.Fn isc_dir_close "isc_dir_t *dir"
 .Ft isc_result_t
-.Fo isc_dir_chdir
-.Fa "const char *dirname"
-.Fc
+.Fn isc_dir_chdir "const char *dirname"
 .Sh DESCRIPTION
 These functions define the operations performed on the file system's
 directories by the name server.
@@ -157,7 +146,7 @@ An error of
 can be returned in the WinNT versions of
 .Fn isc_dir_open
 and
-.Fn isc_dir_reset .
+.Fn isc_dir_reset
 .Sh SEE ALSO
 .Xr opendir 3 , 
 .Xr readdir 3 ,

doc/man/dir.man

@@ -0,0 +1,152 @@
+.\" Copyright (C) 2000  Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+
+.\" $Id: dir.man,v 1.2 2000/06/22 00:52:08 tale Exp $
+.\"
+.Dd Jun 30, 2000
+.Dt FSDIR 3 
+.Os BIND9 9
+.ds vT BIND9 Programmer's Manual
+.Sh NAME
+.Nm isc_dir_init ,
+.Nm isc_dir_open ,
+.Nm isc_dir_read ,
+.Nm isc_dir_close , 
+.Nm isc_dir_reset ,
+.Nm isc_dir_chdir 
+.Nd file system directory operations
+.Sh SYNOPSIS
+.Fd #include <config.h>
+.Fd #include <errno.h>
+.Fd #include <unistd.h>
+ 
+.Fd #include <isc/dir.h>
+.Fd #include <isc/magic.h>
+.Fd #include <isc/string.h>
+.Fd #include <isc/util.h>
+ 
+.Fd #include \*qerrno2result.h\*q
+.Ft void
+.Fn isc_dir_init "isc_dir_t *dir"
+.Ft isc_result_t
+.Fn isc_dir_open "isc_dir_t *dir, const char *dirname"
+.Ft isc_result_t
+.Fn isc_dir_read "isc_dir_t *dir"
+.Ft isc_result_t
+.Fn isc_dir_close "isc_dir_t *dir"
+.Ft isc_result_t
+.Fn isc_dir_chdir "const char *dirname"
+.Sh DESCRIPTION
+These functions define the operations performed on the file system's
+directories by the name server.
+They are intended to isolate BIND9 from the semantics of the underlying
+directory access routines provided by the operating system,
+BIND9 uses an internal structure of type
+.Fa isc_dir_t 
+to reference a directory.
+The contents of this structure are OS-specific.
+.Fn isc_dir_init
+initialises the directory structure pointed at 
+.Fa dir .
+All functions taking a
+.Fa dir
+argument must ensure that
+this parameter points at a valid
+.Fa isc_dir_t
+structure.
+.Pp
+.Fn isc_dir_open
+opens the directory named by 
+.Fa dirname .
+.Pp
+.Fn isc_dir_read
+retrieves the next entry from the file descriptor associated with directory 
+.Fa dir .
+The name of that entry and the length of its name are copied to
+.Fa dir .
+A successful initial call to
+.Fn isc_dir_read
+on a directory will populate the
+.Fa isc_dir_t
+with details of the first valid directory entry.
+Subsequent calls fetch the next entries.
+.Pp
+The
+.Fn isc_dir_close
+function
+closes the file descriptor associated with
+.Fa dir .
+.Pp
+.Fn isc_dir_reset
+repositions 
+.Fa dir
+to the start of the directory.
+.Pp
+The name server's current directory is changed to
+.Fa dirname
+by
+.Fn isc_dir_chdir . 
+.Pp
+.Sh RETURN VALUES
+Successful calls to
+.Fn isc_dir_open ,
+.Fn isc_dir_read ,
+.Fn isc_dir_reset ,
+.Fn isc_dir_read 
+and
+.Fn isc_dir_chdir
+return
+.Er ISC_R_SUCCESS .
+.Fn isc_dir_read
+returns
+.Er ISC_R_NOMORE
+when there are no more entries in the directory.
+.Er ISC_R_UNEXPECTED
+is returned if the name of the next directory entry is too big
+to fit in the
+.Fa isc_dir_t
+structure.
+If 
+.Fn isc_dir_chdir
+fails, 
+.Er ISC_R_INVALIDFILE
+is returned if
+.Fa dirname
+is not a directory, or 
+.Er ISC_R_NOPERM
+if access permission is denied or
+.Er ISC_R_IOERROR
+if an I/O error occurs.
+The WinNT version of 
+.Fn isc_dir_chdir
+returns
+.Er ISC_R_NOTIMPLEMENTED
+when the operating system reports an error that cannot be defined by
+either a return value of
+.Er ISC_R_NOTFOUND
+or
+.Er ISC_R_UNEXPECTED .
+An error of
+.Er ISC_R_FAILURE
+can be returned in the WinNT versions of
+.Fn isc_dir_open
+and
+.Fn isc_dir_reset
+.Sh SEE ALSO
+.Xr opendir 3 , 
+.Xr readdir 3 ,
+.Xr closedir 3 , 
+.Xr rewinddir 3 ,
+.Xr chdir 2

doc/man/dnssec/dnssec-keygen.8

@@ -1,296 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keygen.8,v 1.2 2000/06/28 03:20:46 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-KEYGEN 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-keygen
-.Nd key generation tool for DNSSEC
-.Sh SYNOPSIS
-.Nm dnssec-keygen
-.Op Fl a Ar algorithm
-.Op Fl b Ar keysize
-.Op Fl e
-.Op Fl g Ar generator
-.Op Fl h
-.Op Fl n Ar nametype
-.Op Fl p Ar protocol-value
-.Op Fl r Ar randomdev
-.Op Fl s Ar strength-value
-.Op Fl t Ar type
-.Op Fl v Ar level
-.Ar name
-.Sh DESCRIPTION
-.Nm dnssec-keygen
-generates keys for DNSSEC, Secure DNS, as defined in RFC2535.
-It also generates keys for use in Transaction Signatures, TSIG, which
-is defined in RFC2845.
-A short summary of the options and arguments to
-.Nm dnssec-keygen
-is printed by the
-.Ar h
-(help) option.
-The
-.Ar a ,
-.Ar b ,
-and
-.Ar n
-options and their arguments must be supplied when generating keys.
-The domain name that the key has to be generated for is given by
-.Ar name .
-.Pp
-The choice of encryption algorithm is selected by the
-.Ar a
-option to
-.Nm dnssec-keygen .
-.Ar algorithm
-must be one of
-.Dv RSAMD5
-.Dv DH ,
-.Dv DSA
-or
-.Dv HMAC-MD5
-to indicate that an RSA, Diffie-Hellman, Digital Signature
-Algorithm or HMAC-MD5 key is required.
-An argument of
-.Dv RSA
-can also be given.
-It is equivalent to
-.Dv RSAMD5 .
-The argument identifying the encryption algorithm is case-insensitive.
-DNSSEC specifies DSA as a mandatory algorithm and RSA as a recommended one.
-Implementations of TSIG must support HMAC-MD5.
-.Pp
-The number of bits in the key are determined by the
-.Ar keysize
-argument following the
-.Ar b
-option.
-The choice of key size depends on the algorithm that is used.
-RSA keys must be between 512 and 2048 bits.
-Diffie-Hellman keys have to be between 128 and 4096 bits.
-For DSA, the key size must be between 512 and 1024 bits and a multiple
-of 64.
-The length of an HMAC-MD5 key can be between 1 and 512 bits.
-.Pp
-The
-.Ar -n
-option specifies how the generated key will be used.
-.Ar nametype
-can be either
-.Dv ZONE ,
-.Dv HOST , 
-.Dv ENTITY ,
-or
-.Dv USER
-to indicate that the key will be used for signing a zone, host,
-entity or user respectively.
-In this context
-.Dv HOST
-and
-.Dv ENTITY
-are identical.
-.Ar nametype
-is case-insensitive.
-.Pp
-The
-.Ar e
-option can only be used when generating RSA keys.
-It tells
-.Nm dnssec-keygen
-to use a large exponent.
-When creating Diffie-Hellman keys, the
-.Ar g
-option selects the Diffie-Hellman generator
-.Ar generator
-that is to be used.
-The only supported values value of
-.Ar generator
-are 2 and 5.
-If no Diffie-Hellman generator is supplied a known prime 
-from RFC2539 will be used if possible; otherwise 2 will be used as the
-generator.
-.Pp
-.Ar protocol-value
-sets the protocol value for the generated key.
-The default is 2 (email) for keys of type
-.Dv USER 
-and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in RFC2535 and its
-successors.
-.Pp
-.Nm dnssec-keygen
-uses random numbers to seed the process
-of generating keys.
-If the system does not have a pseudo-device like
-.Pa /dev/random
-for generating random numbers,
-.Nm dnssec-keygen
-will prompt for some keyboard input and use the time intervals between
-keystrokes to provide some randomness.
-The
-.Ar r
-option overrides this behaviour, making 
-.Nm dnssec-keygen
-use
-.Ar randomdev
-as a source of random data.
-.Pp
-The strength value that the key will sign DNS resource records with is
-given by
-.Ar strength-value .
-It should be a number between 0 and 15.
-The default strength is zero.
-The key strength field currently has no defined purpose in DNSSEC.
-.Pp
-The
-.Ar t
-option indicates if the key is to be used for authentication or
-confidentiality.
-.Ar type
-can be one of
-.Dv AUTHCONF ,
-.Dv NOAUTHCONF ,
-.Dv NOAUTH 
-or
-.Dv NOCONF .
-The default is
-.Dv AUTHCONF .
-If type is
-.Dv AUTHCONF 
-the key can be used for authentication and confidentialty.
-Setting
-.Ar type 
-to
-.Dv NOAUTHCONF
-indicates that the key cannot be used for authentication or confidentialty.
-A value of
-.Dv NOAUTH
-means the key can be used for confidentiality but not for
-authentication.
-Similarly,
-.Dv NOCONF
-defines that the key cannot be used for confidentiality though it can
-be used for authentication.
-.Pp
-The 
-.Ar v
-option can be used to make
-.Nm dnssec-keygen
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases, 
-.Nm dnssec-keygen
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh GENERATED KEYS
-When
-.Nm dnssec-keygen
-completes it prints a string of the form
-.Ar Knnnn.+aaa+iiiii
-on the standard output.
-This is an identification string for the key it has generated.
-These strings can be supplied as arguments to
-.Xr dnssec-makekeyset 8 .
-.Pp
-The
-.Ar nnnn.
-part is the dot-terminated domain name given by
-.Ar name .
-The DNSSEC algorithm identifier is indicated by
-.Ar aaa -
-001 for RSA, 002 for Diffie-Hellman, 003 for DSA or 157 for HMAC-MD5.
-.Ar iiiii
-is a five-digit number identifying the key.
-.Pp
-.Nm dnssec-keygen
-creates two files.
-The file names are adapted from the key identification string above.
-They have names of the form:
-.Ar Knnnn.+aaa+iiiii.key
-and
-.Ar Knnnn.+aaa+iiiii.private .
-These contain the public and private parts of the key respectively.
-The files generated by
-.Nm dnssec-keygen
-obey this naming convention to
-make it easy for the signing tool
-.Xr dnssec-signzone 8
-to identify which file(s) have to be read to find the necessary
-key(s) for generating or validating signatures.
-.Pp
-The
-.Ar .key
-file contains a KEY resource record that can be inserted into a zone file
-with a 
-.Dv $INCLUDE
-statement.
-The private part of the key is in the
-.Ar .private
-file.
-It contains details of the encryption algorithm that was used and any
-relevant parameters: prime number, exponent, modulus, subprime, etc.
-For obvious security reasons, this file does not have general read
-permission.
-The private part of the key is used by
-.Xr dnssec-signzone 8
-to generate signatures and the public part is used to verify the
-signatures.
-A 
-.Ar .private
-key file is generated for a symmetric encryption algorithm such as
-HDMAC-MD5, even though it has no private key.
-.Sh EXAMPLE
-To generate a 768-bit DSA key for the domain
-.Dv example.com ,
-the following command would be issued:
-.Pp
-.Dl # dnssec-keygen -a DSA -b 768 -n ZONE example.com
-.Dl Kexample.com.+003+26160
-.Pp
-.Nm dnssec-keygen
-has printed the key identification string
-.Dv Kexample.com.+003+26160 ,
-indicating a DSA key with identifier 26160.
-It will also have created the files
-.Pa Kexample.com.+003+26160.key 
-and
-.Pa Kexample.com.+003+26160.private
-containing respectively the public and private keys for the generated
-DSA key.
-.Sh FILES
-.Pa /dev/random 
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr RFC2845,
-.Xr RFC2539,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 ,
-.Xr dnssec-signzone 8 .
-.Sh BUGS
-The naming convention for the public and private key files is a little
-clumsy.
-It won't work for domain names that are longer than 236 characters
-because of the 
-.Ar .+aaa+iiiii.private
-suffix results in filenames that are too long for most
-.Ux
-systems.

doc/man/dnssec/dnssec-makekeyset.8

@@ -1,202 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-makekeyset.8,v 1.2 2000/06/28 03:20:47 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-MAKEKEYSET 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-makekeyset
-.Nd produce a set of DNSSEC keys
-.Sh SYNOPSIS
-.Nm dnssec-makekeyset
-.Op Fl h
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl t Ar TTL
-.Op Fl r Ar randomdev
-.Op Fl v level
-.Ar keyfile ....
-.Sh DESCRIPTION
-.Nm dnssec-makekeyset
-generates a key set from one or more keys created by
-.Xr dnssec-keygen 8 .
-It creates a file containing KEY and SIG records for some zone which
-can then be signed by the zone's parent if the parent zone is
-DNSSEC-aware.
-.Ar keyfile
-should be a key identification string as reported by
-.Xr dnssec-keygen 8 :
-i.e.
-.Ar Knnnn.+aaa+iiiii
-where
-.Ar nnnn
-is the name of the key,
-.Ar aaa
-is the encryption algorithm and
-.Ar iiiii
-is the key identifier.
-Multiple
-.Ar keyfile
-arguments can be supplied when there are several keys to be combined
-by
-.Nm dnssec-makekeyset
-into a key set.
-.Pp
-For any SIG records that are in the key set, the start time when the
-SIG records become valid is specified with the
-.Ar s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Ar s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Ar e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is written as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-makekeyset
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-An alternate source of random data can be specified with the
-.Ar r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Ar r
-option is used,
-.Nm dnssec-makekeyset
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-The
-.Ar t
-option is followed by a time-to-live argument
-.Ar TTL
-which indicates the TTL value that will be assigned to the assembled KEY
-and SIG records in the output file.
-.Ar TTL
-is expressed in seconds.
-If no
-.Ar t
-option is provided,
-.Nm dnssec-makekeyset
-prints a warning and assumes that a default TTL of
-3600 seconds was required.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-makekeyset
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-makekeyset
-generates increasingly detailed reports about what it is doing.
-The default level is zero. 
-An option of
-.Ar h
-gets
-.Nm dnssec-makekeyset
-to print a short summary of its options and arguments.
-.Pp
-If
-.Nm dnssec-makekeyset
-is successful, it creates a file name of the form
-.Ar nnnn.keyset .
-This file contains the KEY and SIG records for domain
-.Dv nnnn ,
-the domain name part from the key file identifier produced when
-.Nm dnssec-keygen
-created the domain's public and private keys.
-The
-.Ar .keyset
-file can then be transferred to the DNS administrator of the parent
-zone for them to sign the contents with
-.Xr dnssec-signkey 8 .
-.Sh EXAMPLE
-The following command generates a key set for the DSA key for
-.Dv example.com
-that was shown in the
-.Xr dnssec-keygen 8
-man page.
-The backslash is for typographic reasons and would not be provided on
-the command line when running
-.Nm dnssec-makekeyset .
-.nf
-.Dl # dnssec-makekeyset -t 86400 -s 20000701120000 \e\p 
-.Dl -e +2592000 Kexample.com.+003+26160
-.fi
-.Pp
-.Nm dnssec-makekeyset
-will create a file called
-.Pa example.com.keyset
-containing a SIG and KEY record for
-.Dv example.com.
-These records will have a TTL of 1 day: 86400 seconds.
-The SIG record becomes valid at noon UTC on July 1st 2000 and expires
-30 days (2592000 seconds) later.
-.Pp
-The DNS administrator for
-.Dv example.com
-could then send
-.Pa example.com.keyset
-to the DNS administrator for
-.Dv .com
-so that they could sign the resource records in the file.
-This assumes that the
-.Dv .com 
-zone is DNSSEC-aware and the administrators of the two zones have some
-mechanism for authenticating each other and exchanging the keys and
-signatures securely.
-.Sh FILES
-.Pa /dev/random .
-.Sh SEE ALSO
-.Xr RFC2535 ,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-signkey 8 .

doc/man/dnssec/dnssec-signkey.8

@@ -1,157 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signkey.8,v 1.2 2000/06/28 03:20:48 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNKEY 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signkey
-.Nd DNSSEC keyset signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signkey
-.Op Fl h
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar keyset
-.Ar keyfile ...
-.Sh DESCRIPTION
-.Nm dnssec-signkey
-is used to sign a key set for a child zone.
-Typically this would be provided by a 
-.Ar .keyset
-file generated by
-.Xr dnssec-makekeyset 8 .
-This provides a mechanism for a DNSSEC-aware zone to sign the keys of
-any DNSSEC-aware child zones.
-The child zone's key set gets signed with the zone keys for its parent
-zone.
-.Ar keyset
-will be the pathname of the child zone's
-.Ar .keyset
-file.
-Each
-.Ar keyfile
-argument will be a key identification string as reported by
-.Xr dnssec-keygen 8
-for the parent zone.
-This allows the child's keys to be signed by more than 1 parent zone
-key if these exist. 
-.Pp
-The
-.Ar p
-option instructs
-.Nm dnssec-signkey
-to use pseudo-random data when signing the keys which is faster, but
-less secure, than using genuinely random data for signing.
-This option may be useful when there are many child zone keysets to
-sign and CPU resources are limited.
-It could also be used for short-lived keys and signatures that don't
-require strengthening against cryptanalysis: for instance when the key
-will be discarded long before it could be compromised.
-.Pp
-An alternate file for obtaining random data can be used with the
-.Ar r
-option.
-.Ar filename
-is the name of the file to use.
-If no
-.Ar r
-option is used and the default file for random data
-.Pa /dev/random
-does not exist,
-.Nm dnssec-signkey
-will prompt for input from the keyboard.
-The time between keystrokes will be measured and used to derive random
-data.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-signkey
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signkey
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Pp
-An option of
-.Ar h
-makes
-.Nm dnssec-signkey
-print a short summary of its command line options
-and arguments.
-.Pp
-When
-.Nm dnssec-signkey
-completes successfully, it generates a file called
-.Ar nnnn.signedkey
-containing the signed keys for child zone
-.Ar nnnn .
-The keys from the
-.Ar keyset
-file will have been signed by the parent zone's key or keys which were
-supplied as
-.Ar keyfile
-arguments.
-This file should be sent to the DNS administrator of the child zone.
-They arrange for its contents to be incorporated into the zone file
-when it next gets signed with
-.Xr dnssec-signzone 8 .
-A copy of the generated
-.Ar signedkey
-file should be kept by the parent zone's DNS administrator.
-.Sh EXAMPLE
-The DNS administrator for a DNSSEC-aware
-.Dv .com
-zone would use the following command to make
-.Nm dnssec-signkey
-sign the
-.Ar .keyset
-file for
-.Dv example.com
-created in the example shown in the man page for
-.Nm dnssec-makekeyset :
-.Dl # dnssec-signkey example.com.keyset Kcom.+003+51944
-.Pp
-where
-.Dv Kcom.+003+51944
-was a key file identifier that was produced when
-.Nm dnssec-keygen
-generated a key for the
-.Dv .com
-zone.
-.Pp
-.Nm dnssec-signkey
-will produce a file called
-.Dv example.com.signedkey
-which has the keys for
-.Dv example.com
-signed by the
-.Dv com
-zone's zone key.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signzone 8 .

doc/man/dnssec/dnssec-signzone.8

@@ -1,278 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-signzone.8,v 1.2 2000/06/28 03:20:49 jim Exp $
-.\"
-.Dd Jun 30, 2000
-.Dt DNSSEC-SIGNZONE 8
-.Os BIND9 9
-.ds vT BIND9 Programmer's Manual
-.Sh NAME
-.Nm dnssec-signzone
-.Nd DNSSEC zone signing tool
-.Sh SYNOPSIS
-.Nm dnssec-signzone
-.Op Fl a
-.Op Fl c Ar cycle-time
-.Op Fl s Ar start-time
-.Op Fl e Ar end-time
-.Op Fl o Ar origin
-.Op Fl f Ar output-file
-.Op Fl p
-.Op Fl r Ar randomdev
-.Op Fl v Ar level
-.Ar zonefile
-.Op keyfile ....
-.Sh DESCRIPTION
-.Pp
-.Nm dnssec-signzone
-is used to sign a zone.
-Any
-.Ar .signedkey
-files for the zone to be signed should be present in the current
-directory, along with the keys that will be used to sign the zone.
-If no
-.Ar keyfile
-arguments are supplied, the default behaviour is to use all the zone's
-keys.
-Providing specific
-.Ar keyfile
-arguments constrains
-.Nm dnssec-signzone
-to only use those keys for signing the zone.
-Each
-.Ar keyfile
-argument would be an identification string for a key created with
-.Xr dnssec-keygen 8 .
-If the zone to be signed has any secure subzones, the
-.Ar .signedkey
-files for those subzones need to be available in the
-current working directory used by
-.Nm dnssec-signzone .
-.Pp
-.Ar zonefile
-is the name of the unsigned zone file.
-Unless the file name is the same as the name of the zone, the
-.Ar o
-option should be given.
-.Ar origin
-will be the fully qualified domain origin for the zone.
-.Pp
-.Nm dnssec-signzone
-will generate NXT and SIG records for the zone and produce a signed
-version of the zone.
-If there is a
-.Ar signedkey
-file from the zone's parent, the parent's signatures will be
-incorporated into the generated signed zone file.
-Any delegation points in the signed zone will have their security
-status defined - i.e. whether they are DNSSEC-aware or not.
-.Pp
-By default,
-.Nm dnssec-signzone
-generates a file called
-.Ar zonefile.signed
-containing the signed zone file.
-This can be overridden by the
-.Ar f
-option.
-Instead of this default file name, the signed zone file will be
-written to
-.Ar output-file .
-.\" Don't hyphenate YYYYMMDDHHMMSS
-.nh YYYYMMDDHHMMSS
-.Pp
-.Nm dnssec-signzone
-does not verify the signatures by default.
-The
-.Ar a
-option makes it verify the signatures it generated.
-.Pp
-The date and time when the generated
-SIG records become valid can be specified with the
-.Ar s
-option.
-.Ar start-time
-can either be an absolute or relative date.
-An absolute start time is indicated by a number in YYYYMMDDHHMMSS
-notation: 20000530144500 denotes 14:45:00 UTC on May 30th, 2000.
-A relative start time is supplied when
-.Ar start-time
-is given as +N: N seconds from the current time.
-If no
-.Ar s 
-option is supplied, the current date and time is used for the start
-time of the SIG records.
-.Pp
-The expiry date for the SIG records can be set by the
-.Ar e
-option.
-Note that in this context, the expiry date specifies when the SIG
-records are no longer valid, not when they are deleted from caches on name
-servers.
-.Ar end-date
-also represents an absolute or relative date.
-YYYYMMDDHHMMSS notation is used as before to indicate an absolute date
-and time.
-When
-.Ar end-date
-is +N,
-it indicates that the SIG records will expire in N seconds after their
-start date.
-If
-.Ar end-date
-is supplied as now+N,
-the SIG records will expire in N seconds after the current time.
-When no expiry date is set for the SIG records,
-.Nm dnssec-signzone
-defaults to an expire time of 30 days from the start time of the SIG
-records.
-.Pp
-.Nm dnssec-signzone
-can automatically re-sign records if their signatures expire before
-the expiry date that applies for the current zone signing activity.
-This would apply to a zone that has previously been signed.
-The decision to generate a new SIG record is determined by the cycle
-time.
-If the current SIG record expires after the cycle time, it is left
-alone.
-If it expires before the cycle time, the SIG record is considered to
-be close to expiry.
-Therefore
-.Nm dnssec-signzone
-creates a new SIG record to replace then one that is about to expire.
-.Pp
-The default cycle time is quarter of the difference between the
-signature end and start dates for the current invocation of
-.Nm dnssec-signzone .
-So if the 
-.Ar e
-and 
-.Ar s
-options are not specified,
-.Nm dnssec-signzone
-generates signatures that are valid for 30 days from the current
-date by default.
-The cycle time would be 7.5 days from the current date.
-Therefore any SIG records that
-were due to expire in that time would be replaced with new ones.
-.Pp
-The
-.Ar c
-option can be used to change the cycle time.
-.Ar cycle-time
-indicates the number of seconds from the current time that should be
-used to
-set the cycle time and 
-determine when fresh SIG records should be generated.
-.Pp
-The
-.Ar p
-option instructs
-.Nm dnssec-signzone
-to use pseudo-random data when signing the zone's resource records.
-This is faster but less secure than using genuinely random data for signing.
-This option may be useful when the zone has many resource records to be
-signed and the entropy source is limited.
-It could also be used for short-lived keys and signatures that don't
-require strengthening against cryptanalysis: for instance when the signatures
-will be discarded long before the signed data could be compromised.
-.Pp
-An alternate source of random data can be specified with the
-.Ar r
-option.
-.Ar randomdev
-is the name of the file to use to obtain random data.
-By default
-.Pa /dev/random
-is used if this device is available.
-If it is not provided by the operating system and no
-.Ar r
-option is used,
-.Nm dnssec-signzone
-will prompt the user for input from the keyboard and use the time
-between keystrokes to derive some random data.
-.Pp
-An option of
-.Ar h
-makes
-.Nm dnssec-signzone
-print a short summary of its command line options
-and arguments.
-.Pp
-The
-.Ar v
-option can be used to make
-.Nm dnssec-signzone
-more verbose.
-As the debugging/tracing level
-.Ar level
-increases,
-.Nm dnssec-signzone
-generates increasingly detailed reports about what it is doing.
-The default level is zero.
-.Sh EXAMPLE
-The example below shows how
-.Nm dnssec-signzone
-could be used to sign the
-.Dv example.com
-zone with the key that was generated in the example given in the
-man page for
-.Xr dnssec-keygen 8 .
-The zone file for this zone is
-.Dv example.com
-and it can be assumed to contain fully qualified domain names which
-means there is no need to use the
-.Ar o
-option to set the domain origin.
-This zone file contains the keyset for
-.Dv example.com
-that was created by
-.Xr dnssec-makekeyset 8 .
-The zone's keys were either appended to the zone file or
-incorporated using a 
-.Dv $INCLUDE 
-statement.
-If there was a
-.Ar .signedkey
-file from the parent zone - i.e. 
-.Dv example.com.signedkey 
-- it should be present in the current directory.
-This allows the parent zone's signature to be included in the signed
-version of the
-.Dv example.com
-zone.
-.Pp
-.Dl # dnssec-signzone example.com Kexample.com.+003+26160
-.Pp
-.Nm dnssec-signzone
-will create a file called
-.Dv example.com.signed ,
-the signed version of the
-.Dv example.com
-zone.
-This file can then be referenced in a
-.Dv zone{}
-statement in
-.Pa /etc/named.conf
-so that it can be loaded by the name server.
-.Sh FILES
-.Pa /dev/random
-.Sh SEE ALSO
-.Xr RFC2535,
-.Xr dnssec-keygen 8 ,
-.Xr dnssec-makekeyset 8 ,
-.Xr dnssec-signkey 8 .

doc/man/error.3

@@ -14,7 +14,7 @@
 .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: isc_error.3,v 1.1 2000/06/27 21:51:44 jim Exp $
+.\" $Id: error.3,v 1.1 2000/06/23 00:30:11 jim Exp $
 .\"
 .Dd Jun 30, 2000
 .Dt error 3
@@ -32,18 +32,12 @@
  
 .Fd #include "errno2result.h"
 .Ft isc_result_t
-.Fo isc__errno2result
-.Fa "int posixerrno"
-.Fc
+.Fn isc__errno2result "int posixerrno"
 .Sh DESCRIPTION
 .Fn isc__errno2result
 maps the POSIX error code
 .Fa posixerrno
 to its equivalent BIND9 error code.
-This function is internal to BIND9.
-It is not intended to be called by applications using the BIND9 library.
-The function is documented here to indicate how POSIX error codes
-are mapped to their ISC equivalents.
 .Pp
 .Sh RETURN VALUES
 When 

doc/man/error.man

@@ -0,0 +1,89 @@
+.\" Copyright (C) 2000  Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+
+.\" $Id: error.man,v 1.2 2000/06/22 00:52:09 tale Exp $
+.\"
+.Dd Jun 30, 2000
+.Dt error 3
+.Os BIND9 9
+.ds vT BIND9 Programmer's Manual
+.Sh NAME
+.Nm isc__errno2result
+.Nd map POSIX error codes to BIND9 error codes
+.Sh SYNOPSIS
+.Fd #include <config.h>
+ 
+.Fd #include <errno.h>
+ 
+.Fd #include <isc/result.h>
+ 
+.Fd #include "errno2result.h"
+.Ft isc_result_t
+.Fn isc__errno2result "int posixerrno"
+.Sh DESCRIPTION
+.Fn isc__errno2result
+maps the POSIX error code
+.Fa posixerrno
+to its equivalent BIND9 error code.
+.Pp
+.Sh RETURN VALUES
+When 
+.Fa posixerrno 
+is set to the POSIX error codes
+.Er ENOTDIR ,
+.Er ELOOP ,
+.Er EINVAL ,
+.Er ENAMETOOLONG ,
+and
+.Er EBADF ,
+.Fn isc__errno2result 
+returns
+.Er ISC_R_INVALIDFILE .
+.Er ISC_R_FILENOTFOUND
+is returned when
+.Fa posixerrno 
+is set to
+.Er ENOENT .
+A retun value of
+.Er ISC_R_NOPERM
+is produced when the POSIX error code is
+.Er EACCES .
+If
+.Fa posixerrno
+is set to
+.Er EIO
+.Fn isc__errno2result
+returns
+.Er ISC_R_IOERROR 
+and if the error code is
+.Er ENOMEM ,
+.Er ISC_R_NOMEMORY 
+is returned.
+For all other values of
+.Fa posixerrno ,
+.Fn isc__errno2result
+returns 
+.Er ISC_R_UNEXPECTED .
+.Sh SEE ALSO
+.Xr errno 2 ,
+.Xr perror 3 
+.Sh BUGS
+Returning
+.Er ISC_R_UNEXPECTED
+for so many error codes is a little unhelpful.
+It would be nice if
+.Fn isc__errno2result
+produced something more descriptive like the system's error string for
+these error codes.

doc/man/file.3

@@ -14,13 +14,14 @@
 .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: isc_file.3,v 1.2 2000/06/28 02:35:02 jim Exp $
+.\" $Id: file.3,v 1.1 2000/06/23 00:30:12 jim Exp $
 .\"
 .Dd Jun 30, 2000
-.Dt ISC_FILE 3
+.Dt FILE 3
 .Os BIND9 9
 .ds vT BIND9 Programmer's Manual
 .Sh NAME
+.Nm file_stats ,
 .Nm isc_file_getmodtime ,
 .Nm isc_file_settime ,
 .Nm isc_file_mktemplate ,
@@ -43,35 +44,30 @@
 .Fd #include <isc/util.h>
  
 .Fd #include \*qerrno2result.h\*q
-
+.Ft static isc_result_t
+.Fn file_stats "const char *file" "struct stat *stats"
 .Ft isc_result_t
-.Fo isc_file_getmodtime
-.Fa "const char *file"
-.Fa "isc_time_t *time"
-.Fc
+.Fn isc_file_getmodtime "const char *file" "isc_time_t *time"
 .Ft isc_result_t
-.Fo isc_file_settime
-.Fa "const char *file"
-.Fa "isc_time_t *time"
-.Fc
+.Fn isc_file_settime "const char *file" "isc_time_t *time"
 .Ft isc_result_t
-.Fo isc_file_mktemplate
-.Fa "const char *path"
-.Fa "char *buf"
-.Fa "size_t buflen"
-.Fc
+.Fn isc_file_mktemplate "const char *path" "char *buf" "size_t buflen"
 .Ft isc_result_t
-.Fo isc_file_openunique
-.Fa "char *templet"
-.Fa "FILE **fp"
-.Fc
+.Fn isc_file_openunique "char *templet" "FILE **fp"
 .Ft isc_result_t
-.Fo isc_file_remove
-.Fa "const char *filename"
-.Fc
+.Fn isc_file_remove "const char *filename"
 .Sh DESCRIPTION
 The BIND9 library provides these function calls to manipulate files.
 .Pp
+.Fn file_stats
+performs a
+.Fn stat
+call on the filename
+.Fa file
+and stores the result in the 
+.Dv "struct stat"
+.Fa stats .
+.Pp
 The modification date of filename
 .Fa file
 is obtained by a call to
@@ -91,9 +87,9 @@ Pathnames for temporary files are created with
 .Fn isc_file_mktemplate .
 It copies the pathname in 
 .Fa path
-up to the last \*q/\*q character, if any, in
+up to the last \*q/\*q character if any in
 .Fa buf .
-The 14-character string \*qtmp-XXXXXXXXXX\*q is then appended to that
+the 14-character string \*qtmp-XXXXXXXXXX\*q is then appended to that
 buffer.
 .Fa buflen
 indicates the size of buffer 
@@ -156,4 +152,4 @@ if the pathname overflows the allocated buffer.
 .Xr utimes 2 ,
 .Xr mkstemp 3 ,
 .Xr fdopen 3 ,
-.Xr unlink 2 .
+.Xr unlink 2

doc/man/file.man

@@ -0,0 +1,154 @@
+.\" Copyright (C) 2000  Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+
+.\" $Id: file.man,v 1.2 2000/06/22 00:52:10 tale Exp $
+.\"
+.Dd Jun 30, 2000
+.Dt FILE 3
+.Os BIND9 9
+.ds vT BIND9 Programmer's Manual
+.Sh NAME
+.Nm file_stats ,
+.Nm isc_file_getmodtime ,
+.Nm isc_file_settime ,
+.Nm isc_file_mktemplate ,
+.Nm isc_file_openunique ,
+.Nm isc_file_remove
+.Nd BIND9 file operation functions
+.Sh SYNOPSIS
+.Fd #include <config.h>
+.Fd #include <errno.h>
+.Fd #include <limits.h>
+.Fd #include <stdlib.h>
+.Fd #include <unistd.h>
+ 
+.Fd #include <sys/stat.h>
+.Fd #include <sys/time.h>
+ 
+.Fd #include <isc/file.h>
+.Fd #include <isc/string.h>
+.Fd #include <isc/time.h>
+.Fd #include <isc/util.h>
+ 
+.Fd #include \*qerrno2result.h\*q
+.Ft static isc_result_t
+.Fn file_stats "const char *file" "struct stat *stats"
+.Ft isc_result_t
+.Fn isc_file_getmodtime "const char *file" "isc_time_t *time"
+.Ft isc_result_t
+.Fn isc_file_settime "const char *file" "isc_time_t *time"
+.Ft isc_result_t
+.Fn isc_file_mktemplate "const char *path" "char *buf" "size_t buflen"
+.Ft isc_result_t
+.Fn isc_file_openunique "char *templet" "FILE **fp"
+.Ft isc_result_t
+.Fn isc_file_remove "const char *filename"
+.Sh DESCRIPTION
+The BIND9 library provides these function calls to manipulate files.
+.Pp
+.Fn file_stats
+performs a
+.Fn stat
+call on the filename
+.Fa file
+and stores the result in the 
+.Dv "struct stat"
+.Fa stats .
+.Pp
+The modification date of filename
+.Fa file
+is obtained by a call to
+.Fn isc_file_getmodtime .
+.Fa time
+is a pointer to an
+.Dv isc_time_t
+structure which contains the file's modification date.
+.Pp
+.Fn isc_file_settime
+sets the access and modification times of the file named 
+.Fa file
+to the value of the timestamp supplied in
+.Fa time .
+.Pp
+Pathnames for temporary files are created with
+.Fn isc_file_mktemplate .
+It copies the pathname in 
+.Fa path
+up to the last \*q/\*q character if any in
+.Fa buf .
+the 14-character string \*qtmp-XXXXXXXXXX\*q is then appended to that
+buffer.
+.Fa buflen
+indicates the size of buffer 
+.Fa buf .
+Calls to 
+.Fn isc_file_mktemplate
+fail if the buffer is too small to hold for the newly-created pathname.
+.Pp
+.Fn isc_file_openunique
+creates a unique file name with access permissions 0600 and opens the
+file for reading and writing.
+The name of the unique file is returned in
+.Fa templet
+and a pointer to a pointer to a 
+.Dv stdio stream
+associated with the opened file is returned in
+.Fa fp .
+The file name template
+.Fa templet
+should be generated by calling 
+.Fn isc_file_mktemplate .
+This ensures the last 10 characters of the template are the letter \*qX\*q
+so that these can be overwritten by 
+.Fn mkstemp
+to generate a unique file name.
+.Pp
+Files are deleted with
+.Fn isc_file_remove .
+It unlinks the file named 
+.Fa filename .
+.Sh RETURN VALUES
+Successful calls to these functions all return
+.Er ISC_R_SUCCESS .
+Apart from the exceptions listed below, failed calls return 
+a BIND9 error code by mapping the corresponding POSIX error code using\p
+.Fn isc__errno2result .
+.Fn file_stats ,
+.Fn isc_file_getmodtime
+calls
+.Fn file_stats
+and returns whatever values can be returned by that function.
+.Pp
+.Fn isc_file_settime
+will return
+.Er ISC_R_RANGE
+if the count of the number of seconds in
+.Dv time
+is too big to fit in a 32-bit quantity.
+.Pp
+An error of
+.Ev ISC_R_NOSPACE
+is returned by
+.Fn isc_file_mktemplate
+if the pathname overflows the allocated buffer.
+.Sh SEE ALSO
+.Xr perror 3 ,
+.Xr isc__errno2result 3 ,
+.Xr stat 2 ,
+.Xr isc_time_set 3 ,
+.Xr utimes 2 ,
+.Xr mkstemp 3 ,
+.Xr fdopen 3 ,
+.Xr unlink 2

doc/man/ipproto.3

@@ -14,13 +14,15 @@
 .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: isc_ipproto.3,v 1.2 2000/06/28 02:35:04 jim Exp $
+.\" $Id: ipproto.3,v 1.1 2000/06/23 00:30:12 jim Exp $
 .\"
 .Dd Jun 30, 2000
-.Dt ISC_IPPROTO 3
+.Dt IPPROTO 3
 .Os BIND9 9
 .ds vT BIND9 Programmer's Manual
 .Sh NAME
+.Nm try_proto ,
+.Nm initialize_action ,
 .Nm isc_net_probeipv4 ,
 .Nm isc_net_probeipv6
 .Nd protocol probe functions
@@ -35,19 +37,38 @@
 .Fd #include <isc/string.h>
 .Fd #include <isc/util.h> 
 
-.Fo isc_net_probeipv4
-.Fa void
-.Fc
+.Ft static isc_result_t
+.Fn try_proto "int domain"
+.Ft static void
+.Fn initialize_action
 .Ft isc_result_t
-.Fo isc_net_probeipv4
-.Fa void
-.Fc
+.Fn isc_net_probeipv4 void
+.Ft isc_result_t
+.Fn isc_net_probeipv4 void
 .Sh DESCRIPTION
 .Fn isc_net_probeipv4
 and
 .Fn isc_net_probeipv6
 check that the operating system support the IPv4 and IPv6 protocols
 respectively.
+They call
+.Fn try_proto
+which tries to create a socket of type
+.Dv SOCK_STREAM
+for the appropriate protocol family,
+.Fa domain .
+.Pp
+.Fn initialize_action
+sets the external variables
+.Dv ipv4_result
+and
+.Dv ipv6_result
+to
+.Er ISC_R_SUCCESS
+if the IPv4 and IPv6 protocols respectively are supported by the
+operating system.
+These variables can be tested by applications which need to perform
+protocol-specific tasks.
 .Sh RETURN VALUES
 .Fn isc_net_probeipv4
 returns 

doc/man/ipproto.man

@@ -0,0 +1,97 @@
+.\" Copyright (C) 2000  Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+.\" SOFTWARE.
+
+.\" $Id: ipproto.man,v 1.2 2000/06/22 00:52:11 tale Exp $
+.\"
+.Dd Jun 30, 2000
+.Dt IPPROTO 3
+.Os BIND9 9
+.ds vT BIND9 Programmer's Manual
+.Sh NAME
+.Nm try_proto ,
+.Nm initialize_action ,
+.Nm isc_net_probeipv4 ,
+.Nm isc_net_probeipv6
+.Nd protocol probe functions
+.Sh SYNOPSIS
+.Fd #include  <config.h>
+ 
+.Fd #include <errno.h>
+.Fd #include <unistd.h>
+ 
+.Fd #include <isc/net.h>
+.Fd #include <isc/once.h>
+.Fd #include <isc/string.h>
+.Fd #include <isc/util.h> 
+
+.Ft static isc_result_t
+.Fn try_proto "int domain"
+.Ft static void
+.Fn initialize_action
+.Ft isc_result_t
+.Fn isc_net_probeipv4 void
+.Ft isc_result_t
+.Fn isc_net_probeipv4 void
+.Sh DESCRIPTION
+.Fn isc_net_probeipv4
+and
+.Fn isc_net_probeipv6
+check that the operating system support the IPv4 and IPv6 protocols
+respectively.
+They call
+.Fn try_proto
+which tries to create a socket of type
+.Dv SOCK_STREAM
+for the appropriate protocol family,
+.Fa domain .
+.Pp
+.Fn initialize_action
+sets the external variables
+.Dv ipv4_result
+and
+.Dv ipv6_result
+to
+.Er ISC_R_SUCCESS
+if the IPv4 and IPv6 protocols respectively are supported by the
+operating system.
+These variables can be tested by applications which need to perform
+protocol-specific tasks.
+.Sh RETURN VALUES
+.Fn isc_net_probeipv4
+returns 
+.Er ISC_R_SUCCESS
+if the IPv4 protocol is supported by the kernel and
+.Fn isc_net_probeipv6
+returns
+.Er ISC_R_SUCCESS 
+if the operating system supports IPv6.
+.Fn try_proto
+returns
+.Fn ISC_R_NOTFOUND
+if the chosen protocol family
+.Fa domain
+is not supported by the kernel.
+An error message is printed on
+.Dv stderr
+and
+.Er ISC_R_UNEXPECTED
+returned if another error occurred when the attempt was made to create
+the
+.Dv SOCK_STREAM
+socket.
+.Sh SEE ALSO
+.Xr socket 2 ,
+.Xr ip 4 ,
+.Xr ipv6 4 .

doc/man/isc/isc__errno2result.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc__errno2result.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_error.3

doc/man/isc/isc_app_finish.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_finish.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_app_onrun.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_onrun.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_app_reload.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_reload.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_app_run.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_run.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_app_shutdown.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_shutdown.3,v 1.1 2000/06/28 02:48:25 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_app_start.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_app_start.3,v 1.1 2000/06/28 02:48:26 jim Exp $
-.\"
-.so isc_app.3

doc/man/isc/isc_dir_chdir.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_chdir.3,v 1.1 2000/06/28 02:48:26 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_dir_close.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_close.3,v 1.1 2000/06/28 02:48:26 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_dir_init.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_init.3,v 1.1 2000/06/28 02:48:26 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_dir_open.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_open.3,v 1.1 2000/06/28 02:48:26 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_dir_read.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_read.3,v 1.1 2000/06/28 02:48:27 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_dir_reset.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_dir_reset.3,v 1.1 2000/06/28 02:48:27 jim Exp $
-.\"
-.so isc_dir.3

doc/man/isc/isc_file_getmodtime.3

@@ -1,19 +0,0 @@
-.\"
-.\" Copyright (C) 2000  Internet Software Consortium.
-.\"
-.\" Permission to use, copy, modify, and distribute this document for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
-.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
-.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
-.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
-.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: isc_file_getmodtime.3,v 1.1 2000/06/28 02:48:27 jim Exp $
-.\"
-.so isc_file.3