This commit was manufactured by cvs2git to create tag 'v9_2_7b1'.

openssl engine support. [RT #16030]

CHANGES

@@ -1,4 +1,563 @@
 
+	--- 9.2.7b1 released ---
+
+2030.	[bug]		We were being overly conservative when disabling
+			openssl engine support. [RT #16030]
+
+2028.	[port]		linux: socket.c compatability for old systems.
+			[RT #16015]
+
+2027.	[port]		libbind: Solaris x86 support. [RT #16020]
+
+2026.	[bug]		Rate limit the recursive client exceeded message.
+			[RT #16044]
+
+2024.	[bug]		named emited spurious "zone serial unchanged"
+			messages on reload. [RT #16027]
+
+2023.	[bug]		"make install" should create ${localstatedir}/run and
+			${sysconfdir} if they do not exist. [RT #16033]
+
+2016.	[bug]		Return a partial answer if recursion is not
+			allowed but requested and we had the answer
+			to the original qname. [RT #15945]
+
+2013.	[bug]		Handle unexpected TSIGs on unsigned AXFR/IXFR
+			responses more gracefully. [RT #15941]
+
+2009.	[bug]		libbind: coverity fixes. [RT #15808]
+
+2005.	[bug]		libbind: Retransmission timeouts should be
+			based on which attempt it is to the nameserver
+			and not the nameserver itself. [RT #13548]
+
+2004.	[bug]		dns_tsig_sign() could pass a NULL pointer to
+			dst_context_destroy() when cleaning up after a
+			error. [RT #15835]
+
+2003.	[bug]		libbind: The DNS name/address lookup functions could
+			occasionally follow a random pointer due to
+			structures not being completely zeroed. [RT #15806]
+
+2002.	[bug]		libbind: tighten the constraints on when
+			struct addrinfo._ai_pad exists.  [RT #15783]
+
+1997.	[bug]		Named was failing to replace negative cache entries
+			when a positive one for the type was learnt.
+			[RT #15818]
+
+1994.	[port]		OpenSSL 0.9.8 support. [RT #15694]
+
+1991.	[cleanup]	The configuration data, once read, should be treated
+			as readonly.  Expand the use of const to enforce this
+			at compile time. [RT #15813]
+
+1990.	[bug]		libbind:  isc's override of broken gettimeofday()
+			implementions was not always effective.
+			[RT #15709]
+
+1981.	[bug]		win32: condition.c:wait() could fail to reattain
+			the mutex lock.
+
+1979.	[port]		linux: allow named to drop core after changing
+			user ids. [RT #15753]
+
+1978.	[port]		Handle systems which have a broken recvmsg().
+			[RT #15742]
+
+1977.	[bug]		Silence noisy log message. [RT #15704]
+
+1976.	[bug]		Handle systems with no IPv4 addresses. [RT #15695]
+
+1975.	[bug]		libbind: isc_gethexstring() could misparse multi-line
+			hex strings with comments. [RT #15814]
+
+1974.	[doc]		List each of the zone types and associated zone
+			options seperately in the ARM.
+
+1972.	[contrib]	DBUS dynamic forwarders integation from
+			Jason Vas Dias <jvdias@redhat.com>.
+
+1971.	[port]		linux: make detection of missing IF_NAMESIZE more
+			robust. [RT #15443]
+
+1969.	[bug]		win32: the socket code was freeing the socket
+			structure too early. [RT #15776]
+
+1966.	[bug]		Don't set CD when we have fallen back to plain DNS.
+			[RT #15727]
+
+1962.	[bug]		Named failed to clear old update-policy when it
+			was removed. [RT #15491]
+
+1961.	[bug]		Check the port and address of responses forwarded
+			to dispatch. [RT #15474]
+
+1960.	[bug]		Update code should set NXT ttls from SOA MINIMUM.
+			[RT #15465]
+
+1958.	[bug]		Named failed to update the zone's secure state
+			until the zone was reloaded. [RT #15412]
+
+1957.	[bug]		Dig mishandled responses to class ANY queries.
+			[RT #15402]
+
+1956.	[bug]		Improve cross compile support, 'gen' is now built
+			by native compiler.  See README for additional
+			cross compile support information. [RT #15148]
+
+1955.	[bug]		Pre-allocate the cache cleaning interator. [RT #14998]
+
+1952.	[port]		hpux: tell the linker to build a runtime link
+			path "-Wl,+b:". [RT #14816].
+
+1951.	[security]	Drop queries from particular well known ports.
+			Don't return FORMERR to queries from particular
+			well known ports.  [RT #15636]
+			
+1950.	[port]		Solaris 2.5.1 and earlier cannot bind() then connect()
+			a TCP socket. This prevents the source address being
+			set for TCP connections. [RT #15628]
+
+1948.	[bug]		If was possible to trigger a REQUIRE failure in
+			xfrin.c:maybe_free() if named ran out of memory.
+			[RT #15568]
+
+1944.	[cleanup]	isc_hash_create() does not need a read/write lock.
+			[RT #15522]
+
+1943.	[bug]		Set the loadtime after rolling forward the journal.
+			[RT #15647]
+
+1940.	[bug]		Fixed a number of error conditions reported by
+			Coverity.
+
+	--- 9.2.6 released ---
+
+	--- 9.2.6rc1 released ---
+
+1932.	[bug]		hpux: LDFLAGS was getting corrupted. [RT #15530]
+
+	--- 9.2.6b2 released ---
+
+1930.	[port]		HPUX: ia64 support. [RT #15473]
+
+1929.	[port]		FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
+
+1926.	[bug]		BINDinstall was being installed in the wrong place.
+			[RT #15483]
+
+1925.	[port]		All outer level AC_TRY_RUNs need cross compiling
+			defaults. [RT #15469]
+
+1924.	[port]		libbind: hpux ia64 support. [RT #15473]
+
+1923.	[bug]		ns_client_detach() called too early. [RT #15499]
+
+	--- 9.2.6b1 released ---
+
+1917.	[doc]		funcsynopsisinfo wasn't being treated as verbatim
+			when generating man pages. [RT #15385]
+
+1911.	[bug]		Update windows socket code. [RT #14965]
+
+1905.	[bug]		Strings returned from cfg_obj_asstring() should be
+                        treated as read-only.  [RT #15256]
+
+1895.	[bug]		A escaped character is, potentially, converted to
+			the output character set too early. [RT #14666]
+
+1893.	[port]		Use uintptr_t if available. [RT #14606]
+
+1889.	[port]		sunos: non blocking i/o support. [RT #14951]
+
+1887.	[bug]		The cache could delete expired records too fast for
+			clients with a virtual time in the past. [RT #14991]
+
+1886.	[bug]		fctx_create() could return success even though it
+			failed. [RT #14993]
+
+1884.	[cleanup]	dighost.c: move external declarations into <dig/dig.h>.
+
+1883.	[bug]		dnssec-signzone, dnssec-keygen, dnssec-signkey,
+			dnssec-makekeyset: handle negative debug levels.
+			[RT #14962]
+
+1881.	[func]		Add a system test for named-checkconf. [RT #14931]
+
+1877.	[bug]		Fix unreasonably low quantum on call to
+			dns_rbt_destroy2().  Remove unnecessay unhash_node()
+			call. [RT #14919]
+
+1875.	[bug]		process_dhtkey() was using the wrong memory context
+			to free some memory. [RT #14890]
+
+1873.	[port]		win32: isc__errno2result() now reports its caller.
+			[RT #13753]
+
+1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
+
+1871.	[bug]		dnssec_makekeyset and dnssec-signkey failed to
+			initalize the hash context. [RT #13771]
+
+1865.	[bug]		Silently ignore nameservers in /etc/resolv.conf with
+			bad addresses. [RT #14841]
+
+1861.	[bug]		dig could trigger a INSIST on certain malformed
+			responses. [RT #14801]
+
+1860.	[port]		solaris 2.8: hack_shutup_pthreadmutexinit was
+			incorrectly set. [RT #14775]
+
+1856.	[doc]		Switch Docbook toolchain from DSSSL to XSL.
+			[RT #11398]
+
+1854.	[bug]		lwres also needs to know the print format for
+			(long long).  [RT #13754]
+
+1850.	[bug]		Memory leak in lwres_getipnodebyaddr(). [RT #14591]
+
+1849.	[doc]		All forms of the man pages (docbook, man, html) should
+			have consistant copyright dates.
+
+1848.	[bug]		Improve SMF integration. [RT #13238]
+
+1847.	[bug]		isc_ondestroy_init() is called too late in
+			dns_rbtdb_create()/dns_rbtdb64_create(). 
+			[RT #13661]
+			
+1846.	[contrib]	query-loc-0.3.0 from Stephane Bortzmeyer
+			<bortzmeyer@nic.fr>.
+
+1845.	[bug]		Improve error reporting to distingish between
+			accept()/fcntl() and socket()/fcntl() errors.
+			[RT #13745]
+
+1844.	[bug]		inet_pton() accepted more that 4 hexadecimal digits
+			for each 16 bit piece of the IPv6 address.  The text
+			representation of a IPv6 address has been tighted
+			to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
+			[RT #5662]
+
+1843.	[cleanup]	CINCLUDES takes precedence over CFLAGS.  This helps
+			when CFLAGS contains "-I /usr/local/include"
+			resulting in old header files being used.
+
+1842.	[port]		cmsg_len() could produce incorrect results on
+			some platform. [RT #13744]
+
+1841.	[bug]		"dig +nssearch" now makes a recursive query to
+			find the list of nameservers to query. [RT #13694]
+
+1839.	[bug]		<isc/hash.h> was not being installed.
+
+1838.	[cleanup]	Don't allow Linux capabilities to be inherited.
+			[RT #13707]
+
+1836.	[cleanup]	Silence compiler warnings in hash_test.c.
+
+1835.	[bug]		Update dnssec-signzone's usage message. [RT #13657]
+
+1834.	[bug]		Bad memset in rdata_test.c. [RT #13658]
+
+1833.	[bug]		Race condition in isc_mutex_lock_profile(). [RT #13660]
+
+1832.	[bug]		named fails to return BADKEY on unknown TSIG algorithm.
+			[RT #13620]
+
+1830.	[bug]		adb lame cache has sence of test reversed. [RT #13600]
+
+1828.	[bug]		isc_rwlock_init() failed to properly cleanup if it
+			encountered a error. [RT #13549]
+
+1827.	[bug]		host: update usage message for '-a'. [RT #37116]
+
+1826.	[bug]		Missing DESTROYLOCK() in isc_mem_createx() on out
+			of memory error. [RT #13537]
+
+1825.	[bug]		Missing UNLOCK() on out of memory error from in
+			rbtdb.c:subtractrdataset(). [RT #13519]
+
+1824.	[bug]		Memory leak on dns_zone_setdbtype() failure.
+			[RT #13510]
+
+1823.	[bug]		Wrong macro used to check for point to point interface.
+			[RT#13418]
+
+1821.	[doc]		acls definitions are no longer required to be
+			in named.conf prior to reference.  They can be
+			defined after being referenced.
+
+1820.	[bug]		Gracefully handle acl loops. [RT #13659]
+
+1815.	[bug]		nsupdate triggered a REQUIRE if the server was set
+			without also setting the zone and it encountered
+			a CNAME and was using TSIG.  [RT #13086]
+
+1810.	[bug]		configure, lib/bind/configure make different default
+			decisions about whether to do a threaded build.
+			[RT #13212]
+
+1809.	[bug]		"make distclean" failed for libbind if the platform
+			is not supported.
+
+1807.	[bug]		When forwarding (forward only) set the active domain
+			from the forward zone name. [RT #13526]
+			
+1804.	[bug]		Ensure that if we are queried for glue that it fits
+			in the additional section or TC is set to tell the
+			client to retry using TCP. [RT #10114]
+
+1802.	[bug]		Handle connection resets better. [RT #11280]
+
+	--- 9.2.5 released ---
+
+	--- 9.2.5rc1 released ---
+
+1812.	[port]		win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
+			[RT #13453]
+
+1808.	[bug]		zone.c:notify_zone() contained a race condition,
+			zone->db could change underneath it.  [RT #13511]
+
+	--- 9.2.5beta2 released ---
+
+1800.	[bug]		Changes #1719 allowed a INSIST to be triggered.
+			[RT #13428]
+
+	--- 9.2.5beta1 released ---
+
+1790.	[cleanup]	Move lib/dns/sec/dst up into lib/dns.  This should
+			allow parallel make to succeed.
+
+1789.	[bug]		Prerequisite test for tkey and dnssec could fail
+			with "configure --with-libtool".
+
+1787.	[port]		HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
+
+1786.	[port]		AIX: libt_api needs to be taught to look for
+			T_testlist in the main executable (--with-libtool).
+			[RT #13239]
+
+1784.	[cleanup]	"libtool -allow-undefined" is the default.
+			Leave hooks in configure to allow it to be set
+			if needed in the future.
+
+1783.	[cleanup]	We only need one copy of libtool.m4, ltmain.sh in the
+			source tree.
+
+1782.	[port]		OSX: --with-libtool + --enable-libbind broke on
+			__evOptMonoTime.  [RT #13219]
+
+1781.	[port]		FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
+
+1780.	[bug]		Update libtool to 1.5.10.
+
+1779.	[port]		OSF 5.1: libtool didn't handle -pthread correctly.
+
+1778.	[port]		HUX 11.11: fix broken IN6ADDR_ANY_INIT and
+			IN6ADDR_LOOPBACK_INIT macros.
+
+1777.	[port]		OSF 5.1: fix broken IN6ADDR_ANY_INIT and
+			IN6ADDR_LOOPBACK_INIT macros.
+
+1776.	[port]		Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
+			IN6ADDR_LOOPBACK_INIT macros.
+
+1775.	[bug]		Only compile getnetent_r.c when threaded. [RT #13205]
+
+1774.	[port]		Aix: Silence compiler warnings / build failures.
+			[RT #13154]
+
+1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]
+
+1772.	[bug]		Change #1740 needed more work in 9.2 as bit-labels
+			are still supported. [RT #13015]
+
+1771.	[bug]		Built-in zones did not have SOA or NS records.
+			[RT #13015]
+
+1770.	[bug]		named-checkconf failed to report missing a missing
+			file clause for rbt{64} master/hint zones. [RT#13009]
+
+1769.	[port]		win32: change compiler flags /MTd ==> /MDd,
+			/MT ==> /MD.
+
+1767.	[port]		Builds on IPv6 platforms without IPv6 Advanced API
+			support for (struct in6_pktinfo) failed.  [RT #13077]
+
+1766.	[bug]		Update the master file timestamp on successful refresh
+			as well as the journal's timestamp. [RT# 13062]
+
+1764.	[bug]		dns_zone_replacedb failed to emit a error message
+			if there was no SOA record in the replacment db.
+			[RT #13016]
+
+1760.	[bug]		Host / net unreachable was not penalising rtt
+			estimates. [RT #12970]
+
+1753.	[bug]		Don't serve a slave zone which has no NS records.
+			[RT #12894]
+
+1752.	[port]		Move isc_app_start() to after ns_os_daemonise()
+			as some fork() implementations unblock the signals
+			that are blocked by isc_app_start(). [RT #12810]
+
+1750.	[port]		lib/bind/make/rules.in:subdirs was not bash friendly.
+			[RT #12864]
+
+1747.	[bug]		BIND 8 compatability: named/named-checkconf failed
+			to parse "host-statistics-max" in named.conf.
+
+1744.	[bug]		If tuple2msgname() failed to convert a tuple to
+			a name a REQUIRE could be triggered. [RT #12796]
+
+1743.	[bug]		If isc_taskmgr_create() was not able to create the
+			requested number of worker threads then destruction
+			of the manager would trigger an INSIST() failure.
+			[RT #12790]
+			
+1742.	[bug]		Deleting all records at a node then adding a
+			previously existing record, in a single UPDATE
+			transaction, failed to leave / regenerate the
+			associated SIG records. [RT #12788]
+
+1741.	[bug]		Deleting all records at a node in a secure zone
+			using a update-policy grant failed. [RT #12787]
+
+1740.	[bug]		Replace rbt's hash algorithm as it performed badly
+			with certain zones. [RT #12729]
+			
+			NOTE: a hash context now needs to be established
+			via isc_hash_create() if the application was not
+			already doing this.
+
+1739.	[bug]		dns_rbt_deletetree() could incorrectly return
+			ISC_R_QUOTA.  [RT #12695]
+
+1738.	[bug]		Enable overrun checking by default. [RT #12695]
+
+1734.	[cleanup]	'rndc-confgen -a -t' remove extra '/' in path.
+			[RT #12588]
+
+1733.	[bug]		Return non-zero exit status on initial load failure.
+			[RT #12658]
+
+1731.	[port]		darwin: relax version test in ifconfig.sh.
+			[RT #12581]
+
+1730.	[port]		Determine the length type used by the socket API.
+			[RT #12581]
+
+1726.	[port]		aix5: add support for aix5.
+
+1725.	[port]		linux: update error message on interaction of threads,
+			capabilities and setuid support (named -u). [RT #12541]
+
+1723.	[cleanup]	Silence compiler warnings from t_tasks.c. [RT #12493]
+
+1722.	[bug]		Don't commit the journal on malformed ixfr streams.
+			[RT #12519]
+
+1721.	[bug]		Error message from the journal processing were not
+			always identifing the relevent journal. [RT #12519]
+
+1720.	[bug]		'dig +chase' did not terminate on a RFC 2308 Type 1
+			negative response. [RT #12506]
+
+1719.	[bug]		named was not correctly caching a RFC 2308 Type 1
+			negative response. [RT #12506]
+
+1718.	[bug]		nsupdate was not handling RFC 2308 Type 3 negative
+			responses when looking for the zone / master server.
+			[RT #12506]
+
+1717.	[port]		solaris: ifconfig.sh did not support Solaris 10.
+			"ifconfig.sh down" didn't work for Solaris 9.
+
+1716.	[doc]		named.conf(5) was being installed in the wrong
+			location.  [RT# 12441]
+
+1714.	[bug]		dig/host/nslookup were only trying the first
+			address when a nameserver was specified by name.
+			[RT #12286]
+
+1713.	[port]		linux: extend capset failure message to say:
+			please ensure that the capset kernel module is
+			loaded.  see insmod(8)
+
+	--- 9.2.4 released ---
+
+	--- 9.2.4rc8 released ---
+
+1709.	[port]		solaris: add SMF support from Sun.
+
+1708.	[cleanup]	Replaced dns_fullname_hash() with dns_name_fullhash()
+			for conformance to the name space convention.  Binary
+			backward compatibility to the old function name is
+			provided. [RT #12376]
+
+1707.	[contrib]	sdb/ldap updated to version 1.0-beta.
+
+1704.	[port]		lwres needed a snprintf() implementation for
+			platforms without snprintf(). [RT #12321]
+
+1701.	[doc]		A minimal named.conf man page.
+
+1700.	[func]		nslookup is no longer to be treated as deprecated.
+			Remove "deprecated" warning message.  Add man page.
+
+1698.	[doc]		Use reserved IPv6 documentation prefix.
+
+	--- 9.2.4rc7 released ---
+
+1694.	[bug]		Report if the builtin views of "_default" / "_bind"
+			are defined in named.conf. [RT #12023]
+
+1692.	[bug]		Don't set -I, -L and -R flags when libcrypto is in
+			/usr/lib. [RT #11971]
+
+1691.	[bug]		sdb's attachversion was not complete. [RT #11990]
+
+1690.	[bug]		Delay detaching view from the client until UPDATE
+			processing completes when shutting down. [RT #11714]
+
+1689.	[bug]		DNS_NAME_TOREGION() macros contained a gratuitous
+			semicolons. [RT #11707]
+
+1688.	[bug]		LDFLAGS was not supported.
+
+1687.	[bug]		Race condition in dispatch. [RT #10272]
+
+1686.	[bug]		Named sent a extraneous NOTIFY when it received a
+			redundant UPDATE request. [RT #11943]
+
+	--- 9.2.4rc6 released ---
+
+1685.	[bug]		Change #1679 loop tests weren't quite right.
+
+1682.	[port]		Update configure test for (long long) printf format.
+			[RT #5066]
+
+1681.	[bug]		Only set SO_REUSEADDR when a port is specified in
+			isc_socket_bind(). [RT #11742]
+
+1679.	[bug]		When there was a single nameserver with multiple
+			addresses for a zone not all addresses were tried.
+			[RT #11706]
+
+1672.	[cleanup]	Tests which only function in a threaded build
+			now return R:THREADONLY (rather than R:UNTESTED)
+			in a non-threaded build.
+
+1671.	[contrib]	queryperf: add NAPTR to the list of known types.
+
+1669.	[bug]		Restore "update forwarding denied" log messages
+			accidentally suppressed by change #1633. [RT# 11657]
+
+1660.	[bug]		win32: connection_reset_fix() was being called
+			unconditionally.  [RT #11595]
+
 	--- 9.2.4rc5 released ---
 
 1655.	[bug]		Logging multiple versions w/o a size was broken.
@@ -4216,7 +4775,7 @@
 			<isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
 			<isc/net.h>.
 
- 119.	[cleanup]	structure definitions for generic rdata stuctures do
+ 119.	[cleanup]	structure definitions for generic rdata structures do
 			not have _generic_ in their names.
 
  118.	[cleanup]	libdns.a is now namespace-clean, on NetBSD, excepting

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.6.2.4 2004/03/15 04:44:37 marka Exp $
+$Id: COPYRIGHT,v 1.6.2.6 2006/01/04 00:37:21 marka Exp $
 
 Portions Copyright (C) 1996-2001  Nominum, Inc.
 

FAQ

@@ -1,449 +1,632 @@
-
-
-
 Frequently Asked Questions about BIND 9
 
+-------------------------------------------------------------------------------
 
 Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
 
-A: Linux threads do not fully implement the Posix threads (pthreads) standard.
-In particular, setuid() operates only on the current thread, not the full
-process.  Because of this limitation, BIND 9 cannot use setuid() on Linux as it
-can on all other supported platforms.  setuid() cannot be called before
-creating threads, since the server does not start listening on reserved ports
-until after threads have started.
+A: Linux threads do not fully implement the Posix threads (pthreads) standard. In
+   particular, setuid() operates only on the current thread, not the full process.
+   Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on
+   all other supported platforms. setuid() cannot be called before creating
+   threads, since the server does not start listening on reserved ports until
+   after threads have started.
 
-  In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
-capabilities across a setuid() call is present.  This allows BIND 9 to call
-setuid() early, while retaining the ability to bind reserved ports.  This is
-a Linux-specific hack.
+   In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
+   capabilities across a setuid() call is present. This allows BIND 9 to call
+   setuid() early, while retaining the ability to bind reserved ports. This is a
+   Linux-specific hack.
 
-  On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
-of a security risk than a root process that has not dropped privileges.
+   On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of
+   a security risk than a root process that has not dropped privileges.
 
-  If Linux threads ever work correctly, this restriction will go away.
+   If Linux threads ever work correctly, this restriction will go away.
 
-  Configuring BIND9 with the --disable-threads option (the default) causes a
-non-threaded version to be built, which will allow -u to be used.
+   Configuring BIND9 with the --disable-threads option (the default) causes a
+   non-threaded version to be built, which will allow -u to be used.
 
+Q: Why do I get the following errors:
 
-Q: Why does named log the warning message "no TTL specified - using SOA
-MINTTL instead"?
+   general: errno2result.c:109: unexpected error:
+   general: unable to convert errno to isc_result: 14: Bad address
+   client: UDP client handler shutting down due to fatal receive error: unexpected error
 
-A: Your zone file is illegal according to RFC1035.  It must either
-have a line like
+A: This is the result of a Linux kernel bug.
+
+   See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+
+Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
+   instead"?
+
+A: Your zone file is illegal according to RFC1035. It must either have a line
+   like:
 
    $TTL 86400
 
-at the beginning, or the first record in it must have a TTL field,
-like the "84600" in this example:
+   at the beginning, or the first record in it must have a TTL field, like the
+   "84600" in this example:
 
    example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
 
 Q: Why do I see 5 (or more) copies of named on Linux?
 
-A: Linux threads each show up as a process under ps.  The approximate
-number of threads running is n+4, where n is the number of CPUs.  Note that
-the amount of memory used is not cumulative; if each process is using 10M of
-memory, only a total of 10M is used.
+A: Linux threads each show up as a process under ps. The approximate number of
+   threads running is n+4, where n is the number of CPUs. Note that the amount of
+   memory used is not cumulative; if each process is using 10M of memory, only a
+   total of 10M is used.
 
+   Newer versions of Linux's ps command hide the individual threads and require -L
+   to display them.
 
-Q: Why does BIND 9 log "permission denied" errors accessing its
-configuration files or zones on my Linux system even though it is running
-as root?
+Q: Why does BIND 9 log "permission denied" errors accessing its configuration
+   files or zones on my Linux system even though it is running as root?
 
-A: On Linux, BIND 9 drops most of its root privileges on startup.
-This including the privilege to open files owned by other users.
-Therefore, if the server is running as root, the configuration files
-and zone files should also be owned by root.
+A: On Linux, BIND 9 drops most of its root privileges on startup. This including
+   the privilege to open files owned by other users. Therefore, if the server is
+   running as root, the configuration files and zone files should also be owned by
+   root.
 
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar:
+   ran out of space"?
 
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file
-bar: ran out of space"
-
-A: This is often caused by TXT records with missing close quotes.  Check that
-all TXT records containing quoted strings have both open and close quotes.
-
+A: This is often caused by TXT records with missing close quotes. Check that all
+   TXT records containing quoted strings have both open and close quotes.
 
 Q: How do I produce a usable core file from a multithreaded named on Linux?
 
-A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps
-are usable (that is, the correct thread is dumped).  Otherwise, if using
-a 2.2 kernel, apply the kernel patch found in contrib/linux/coredump-patch
-and rebuild the kernel.  This patch will cause multithreaded programs to dump
-the correct thread.
-
+A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
+   (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
+   apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
+   kernel. This patch will cause multithreaded programs to dump the correct
+   thread.
 
 Q: How do I restrict people from looking up the server version?
 
-A: Put a "version" option containing something other than the real
-version in the "options" section of named.conf.  Note doing this will
-not prevent attacks and may impede people trying to diagnose problems
-with your server.  Also it is possible to "fingerprint" nameservers to
-determine their version.
+A: Put a "version" option containing something other than the real version in the
+   "options" section of named.conf. Note doing this will not prevent attacks and
+   may impede people trying to diagnose problems with your server. Also it is
+   possible to "fingerprint" nameservers to determine their version.
 
+Q: How do I restrict only remote users from looking up the server version?
 
-Q: How do I restrict only remote users from looking up the server
-version?
-
-A: The following view statement will intercept lookups as the internal
-view that holds the version information will be matched last.  The
-caveats of the previous answer still apply, of course.
-
-  view "chaos" chaos {
-	  match-clients { <those to be refused>; };
-	  allow-query { none; };
-	  zone "." {
-		  type hint;
-		  file "/dev/null";  // or any empty file
-	  };
-  };
+A: The following view statement will intercept lookups as the internal view that
+   holds the version information will be matched last. The caveats of the previous
+   answer still apply, of course.
 
+   view "chaos" chaos {
+           match-clients { <those to be refused>; };
+           allow-query { none; };
+           zone "." {
+                   type hint;
+                   file "/dev/null";  // or any empty file
+           };
+   };
 
 Q: What do "no source of entropy found" or "could not open entropy source foo"
-mean?
+   mean?
 
-A: The server requires a source of entropy to perform certain operations,
-mostly DNSSEC related.  These messages indicate that you have no source
-of entropy.  On systems with /dev/random or an equivalent, it is used by
-default.  A source of entropy can also be defined using the random-device
-option in named.conf.
+A: The server requires a source of entropy to perform certain operations, mostly
+   DNSSEC related. These messages indicate that you have no source of entropy. On
+   systems with /dev/random or an equivalent, it is used by default. A source of
+   entropy can also be defined using the random-device option in named.conf.
 
+Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
 
-Q: I installed BIND 9 and restarted named, but it's still BIND 8.  Why?
+A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
+   under /usr. Check that the correct named is running.
 
-A: BIND 9 is installed under /usr/local by default.  BIND 8 is often
-installed under /usr.  Check that the correct named is running.
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm
+   sure I have the keys set up correctly, but the server is rejecting the TSIG.
+   Why?
 
+A: This may be a clock skew problem. Check that the the clocks on the client and
+   server are properly synchronised (e.g., using ntp).
 
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone
-transfers.  I'm sure I have the keys set up correctly, but the server
-is rejecting the TSIG.  Why?
+Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
+   found. Why?
 
-A: This may be a clock skew problem.  Check that the the clocks on
-the client and server are properly synchronized (e.g., using ntp).
+A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
+   doesn't work. If you are using one of these, use normal make or gmake instead.
 
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error
+   messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's
+   wrong?
 
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not
-being found.  Why?
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND
+   8.2.4. It can be safely ignored - the notify has been acted on by the slave
+   despite the error message.
 
-A: Using a parallel or distributed "make" to build BIND 9 is not
-supported, and doesn't work.  If you are using one of these, use
-normal make or gmake instead.
+Q: I keep getting log messages like the following. Why?
 
+   Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
+   failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
 
-Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is
-logging error messages like "notify to 10.0.0.1#53 failed: unexpected
-end of input".  What's wrong?
+A: DNS updates allow the update request to test to see if certain conditions are
+   met prior to proceeding with the update. The message above is saying that
+   conditions were not met and the update is not proceeding. See doc/rfc/
+   rfc2136.txt for more details on prerequisites.
 
-A: This error message is caused by a known bug in BIND 8.2.3 and is fixed
-in BIND 8.2.4.  It can be safely ignored - the notify has been acted on by
-the slave despite the error message.
-
-
-Q: I keep getting log messages like the following.  Why?
-
-   Dec  4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
-   update failed: 'RRset exists (value dependent)' prerequisite not
-   satisfied (NXRRSET)
-
-A: DNS updates allow the update request to test to see if certain
-conditions are met prior to proceeding with the update.  The message
-above is saying that conditions were not met and the update is not
-proceeding.  See doc/rfc/rfc2136.txt for more details on prerequisites.
-
-
-Q: I keep getting log messages like the following.  Why?
+Q: I keep getting log messages like the following. Why?
 
    Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
 
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic
-Update protocol.  Windows 2000 machines have a habit of sending dynamic
-update requests to DNS servers without being specifically configured to
-do so.  If the update requests are coming from a Windows 2000 machine,
-see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
-for information about how to turn them off.
+A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
+   protocol. Windows 2000 machines have a habit of sending dynamic update requests
+   to DNS servers without being specifically configured to do so. If the update
+   requests are coming from a Windows 2000 machine, see http://
+   support.microsoft.com/support/kb/articles/q246/8/04.asp for information about
+   how to turn them off.
 
-
-Q: I see a log message like the following.  Why?
+Q: I see a log message like the following. Why?
 
    couldn't open pid file '/var/run/named.pid': Permission denied
 
-A: You are most likely running named as a non-root user, and that user
-does not have permission to write in /var/run.  The common ways of
-fixing this are to create a /var/run/named directory owned by the named
-user and set pid-file to "/var/run/named/named.pid", or set
-pid-file to "named.pid", which will put the file in the directory
-specified by the directory option (which, in this case, must be writable
-by the named user).
+A: You are most likely running named as a non-root user, and that user does not
+   have permission to write in /var/run. The common ways of fixing this are to
+   create a /var/run/named directory owned by the named user and set pid-file to "
+   /var/run/named/named.pid", or set pid-file to "named.pid", which will put the
+   file in the directory specified by the directory option (which, in this case,
+   must be writable by the named user).
 
+Q: When I do a "dig . ns", many of the A records for the root servers are missing.
+   Why?
 
-Q: When I do a "dig . ns", many of the A records for the root
-servers are missing.  Why?
+A: This is normal and harmless. It is a somewhat confusing side effect of the way
+   BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid
+   promoting glue into answers.
 
-A: This is normal and harmless.  It is a somewhat confusing side effect
-of the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
-makes to avoid promoting glue into answers.
+   When BIND 9 first starts up and primes its cache, it receives the root server
+   addresses as additional data in an authoritative response from a root server,
+   and these records are eligible for inclusion as additional data in responses.
+   Subsequently it receives a subset of the root server addresses as additional
+   data in a non-authoritative (referral) response from a root server. This causes
+   the addresses to now be considered non-authoritative (glue) data, which is not
+   eligible for inclusion in responses.
 
-When BIND 9 first starts up and primes its cache, it receives the root
-server addresses as additional data in an authoritative response from
-a root server, and these records are eligible for inclusion as
-additional data in responses.  Subsequently it receives a subset of
-the root server addresses as additional data in a non-authoritative
-(referral) response from a root server.  This causes the addresses to
-now be considered non-authoritative (glue) data, which is not eligible
-for inclusion in responses.
+   The server does have a complete set of root server addresses cached at all
+   times, it just may not include all of them as additional data, depending on
+   whether they were last received as answers or as glue. You can always look up
+   the addresses with explicit queries like "dig a.root-servers.net A".
 
-The server does have a complete set of root server addresses cached
-at all times, it just may not include all of them as additional data,
-depending on whether they were last received as answers or as glue.
-You can always look up the addresses with explicit queries like
-"dig a.root-servers.net A".
-
-
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave
-fail.  Why?
-
-A: This may be caused by a bug in the Windows 2000 DNS server where
-DNS messages larger than 16K are not handled properly.  This can be
-worked around by setting the option "transfer-format one-answer;".
-Also check whether your zone contains domain names with embedded
-spaces or other special characters, like "John\032Doe\213s\032Computer",
-since such names have been known to cause Windows 2000 slaves to
-incorrectly reject the zone.
+Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
 
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages
+   larger than 16K are not handled properly. This can be worked around by setting
+   the option "transfer-format one-answer;". Also check whether your zone contains
+   domain names with embedded spaces or other special characters, like "John\
+   032Doe\213s\032Computer", since such names have been known to cause Windows
+   2000 slaves to incorrectly reject the zone.
 
 Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
 
-A: A zone can be updated either by editing zone files and reloading
-the server or by dynamic update, but not both.  If you have enabled
-dynamic update for a zone using the "allow-update" option, you are not
-supposed to edit the zone file by hand, and the server will not
-attempt to reload it.
+A: A zone can be updated either by editing zone files and reloading the server or
+   by dynamic update, but not both. If you have enabled dynamic update for a zone
+   using the "allow-update" option, you are not supposed to edit the zone file by
+   hand, and the server will not attempt to reload it.
 
+Q: I can query the nameserver from the nameserver but not from other machines.
+   Why?
 
-Q: I can query the nameserver from the nameserver but not from other
-machines.  Why?
+A: This is usually the result of the firewall configuration stopping the queries
+   and / or the replies.
 
-A: This is usually the result of the firewall configuration stopping
-the queries and / or the replies.
+Q: How can I make a server a slave for both an internal and an external view at
+   the same time? When I tried, both views on the slave were transferred from the
+   same view on the master.
 
+A: You will need to give the master and slave multiple IP addresses and use those
+   to make sure you reach the correct view on the other machine.
 
-Q: How can I make a server a slave for both an internal and
-an external view at the same time?  When I tried, both views
-on the slave were transferred from the same view on the master.
+   Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
+       internal:
+           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+                   notify-source 10.0.1.1;
+                   transfer-source 10.0.1.1;
+                   query-source address 10.0.1.1;
+       external:
+           match-clients { any; };
+           recursion no;   // don't offer recursion to the world
+           notify-source 10.0.1.2;
+           transfer-source 10.0.1.2;
+           query-source address 10.0.1.2;
 
-A: You will need to give the master and slave multiple IP addresses and
-use those to make sure you reach the correct view on the other machine.
+   Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
+       internal:
+           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
+           notify-source 10.0.1.3;
+           transfer-source 10.0.1.3;
+           query-source address 10.0.1.3;
+      external:
+           match-clients { any; };
+           recursion no;   // don't offer recursion to the world
+           notify-source 10.0.1.4;
+           transfer-source 10.0.1.4;
+           query-source address 10.0.1.4;
 
-	e.g.
-	Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
-	    internal:
-		match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-		notify-source 10.0.1.1;
-		transfer-source 10.0.1.1;
-		query-source address 10.0.1.1;
-	    external:
-		match-clients { any; };
-		recursion no;	// don't offer recursion to the world
-		notify-source 10.0.1.2;
-		transfer-source 10.0.1.2;
-		query-source address 10.0.1.2;
+   You put the external address on the alias so that all the other dns clients on
+   these boxes see the internal view by default.
 
-	Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
-	    internal:
-		match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-		notify-source 10.0.1.3;
-		transfer-source 10.0.1.3;
-		query-source address 10.0.1.3;
-	    external:
-		match-clients { any; };
-		recursion no;	// don't offer recursion to the world
-		notify-source 10.0.1.4;
-		transfer-source 10.0.1.4;
-		query-source address 10.0.1.4;
+A: BIND 9.3 and later: Use TSIG to select the appropriate view.
 
-	You put the external address on the alias so that all the other
-	dns clients on these boxes see the internal view by default.
+   Master 10.0.1.1:
+           key "external" {
+                   algorithm hmac-md5;
+                   secret "xxxxxxxx";
+           };
+           view "internal" {
+                   match-clients { !key external; 10.0.1/24; };
+                   ...
+           };
+           view "external" {
+                   match-clients { key external; any; };
+                   server 10.0.1.2 { keys external; };
+                   recursion no;
+                   ...
+           };
 
-A: (BIND 9.3 and later) Use TSIG to select the appropriate view.
+   Slave 10.0.1.2:
+           key "external" {
+                   algorithm hmac-md5;
+                   secret "xxxxxxxx";
+           };
+           view "internal" {
+                   match-clients { !key external; 10.0.1/24; };
+                   ...
+           };
+           view "external" {
+                   match-clients { key external; any; };
+                   server 10.0.1.1 { keys external; };
+                   recursion no;
+                   ...
+           };
 
-	Master 10.0.1.1:
-	key "external" {
-		algorithm hmac-md5;
-		secret "xxxxxxxx";
-	};
-	view "internal" {
-		match-clients { !key external; 10.0.1/24; };
-		...
-	};
-	view "external" {
-		match-clients { key external; any; };
-		server 10.0.0.2 { keys external; };
-		recursion no;
-		...
-	};
+Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
 
-	Slave 10.0.1.2:
-	key "external" {
-		 algorithm hmac-md5;
-		 secret "xxxxxxxx";
-	};
-	view "internal" {
-		match-clients { !key external; 10.0.1/24; };
-	};
-	view "external" {
-		match-clients { key external; any; };
-		server 10.0.0.1 { keys external; };
-		recursion no;
-		...
-	};
+A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
+   certain interrupts as a source of random events. You can make this permanent by
+   setting rand_irqs in /etc/rc.conf.
 
+   /etc/rc.conf
+   rand_irqs="3 14 15"
 
-Q: I have Freebsd 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured.  Use rndcontrol(8) to tell the kernel
-to use certain interrupts as a source of random events.  You can make this
-permanent by setting rand_irqs in /etc/rc.conf.
-
-e.g.
-	/etc/rc.conf
-	rand_irqs="3 14 15"
-
-See also http://people.freebsd.org/~dougb/randomness.html
-
+   See also http://people.freebsd.org/~dougb/randomness.html
 
 Q: Why is named listening on UDP port other than 53?
 
-A: Named uses a system selected port to make queries of other nameservers.
-This behaviour can be overridden by using query-source to lock down the
-port and/or address.  See also notify-source and transfer-source.
+A: Named uses a system selected port to make queries of other nameservers. This
+   behaviour can be overridden by using query-source to lock down the port and/or
+   address. See also notify-source and transfer-source.
 
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other
+   data" when transferring a zone. What does this mean?
 
-Q: I get error messages like "multiple RRs of singleton type" and
-"CNAME and other data" when transferring a zone.  What does this mean?
+A: These indicate a malformed master zone. You can identify the exact records
+   involved by transferring the zone using dig then running named-checkzone on it.
 
-A: These indicate a malformed master zone.  You can identify the
-exact records involved by transferring the zone using dig then
-running named-checkzone on it.
+   dig axfr example.com @master-server > tmp
+   named-checkzone example.com tmp
 
-	e.g.
-		dig axfr example.com @master-server > tmp
-		named-checkzone example.com tmp
+   A CNAME record cannot exist with the same name as another record except for the
+   DNSSEC records which prove its existance (NSEC).
 
+   RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
+   should be present; this ensures that the data for a canonical name and its
+   aliases cannot be different. This rule also insures that a cached CNAME can be
+   used without checking with an authoritative server for other RR types."
 
-Q: I get error messages like "named.conf:99: unexpected end of input" where
-99 is the last line of named.conf.
+Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is
+   the last line of named.conf.
 
-A: Some text editors (notepad and wordpad) fail to put a line termination
-indication (e.g. CR/LF) on the last line of a text file.  This can be fixed
-by "adding" a blank line to the end of the file.  Named expects to see EOF
-immediately after EOL and treats text files where this is not met as truncated.
+A: Some text editors (notepad and wordpad) fail to put a line title indication
+   (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a
+   blank line to the end of the file. Named expects to see EOF immediately after
+   EOL and treats text files where this is not met as truncated.
 
-
-Q: I get warning messages like "zone example.com/IN: refresh: failure trying master
-1.2.3.4#53: timed out".
+Q: I get warning messages like "zone example.com/IN: refresh: failure trying
+   master 1.2.3.4#53: timed out".
 
 A: Check that you can make UDP queries from the slave to the master
 
-	dig +norec example.com soa @1.2.3.4
+   dig +norec example.com soa @1.2.3.4
 
-A: You could be generating queries faster than the slave can cope with.  Lower
-the serial query rate.
+   You could be generating queries faster than the slave can cope with. Lower the
+   serial query rate.
 
-	serial-query-rate 5; // default 20
+   serial-query-rate 5; // default 20
 
 Q: How do I share a dynamic zone between multiple views?
 
-A: You choose one view to be master and the second a slave and transfer
-the zone between views.
+A: You choose one view to be master and the second a slave and transfer the zone
+   between views.
 
-	Master 10.0.1.1:
-	key "external" {
-		algorithm hmac-md5;
-		secret "xxxxxxxx";
-	};
+   Master 10.0.1.1:
+           key "external" {
+                   algorithm hmac-md5;
+                   secret "xxxxxxxx";
+           };
 
-	key "mykey" {
-		algorithm hmac-md5;
-		secret "yyyyyyyy";
-	};
+           key "mykey" {
+                   algorithm hmac-md5;
+                   secret "yyyyyyyy";
+           };
 
-	view "internal" {
-		match-clients { !external; 10.0.1/24; };
-		server 10.0.1.1 {
-			/* Deliver notify messages to external view. */
-			keys { external; };
-		};
-		zone "example.com" {
-			type master;
-			file "internal/example.db";
-			allow-update { key mykey; };
-			notify-also { 10.0.1.1; };
-		};
-	};
+           view "internal" {
+                   match-clients { !external; 10.0.1/24; };
+                   server 10.0.1.1 {
+                           /* Deliver notify messages to external view. */
+                           keys { external; };
+                   };
+                   zone "example.com" {
+                           type master;
+                           file "internal/example.db";
+                           allow-update { key mykey; };
+                           notify-also { 10.0.1.1; };
+                   };
+           };
 
-	view "external" {
-		match-clients { external; any; };
-		zone "example.com" {
-			type slave;
-			file "external/example.db";
-			masters { 10.0.1.1; };
-			transfer-source { 10.0.1.1; };
-			// allow-update-forwarding { any; };
-			// allow-notify { ... };
-		};
-	};
+           view "external" {
+                   match-clients { external; any; };
+                   zone "example.com" {
+                           type slave;
+                           file "external/example.db";
+                           masters { 10.0.1.1; };
+                           transfer-source { 10.0.1.1; };
+                           // allow-update-forwarding { any; };
+                           // allow-notify { ... };
+                   };
+           };
 
 Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
-file primaries/wireless.ietf56.ietf.org: no owner".
-
-A: This error is produced when a line in the master file contains leading
-white space (tab/space) but the is no current record owner name to inherit
-the name from.  Usually this is the result of putting white space before
-a comment.  Forgeting the "@" for the SOA record or indenting the master
-file.
+   file primaries/wireless.ietf56.ietf.org: no owner".
 
+A: This error is produced when a line in the master file contains leading white
+   space (tab/space) but the is no current record owner name to inherit the name
+   from. Usually this is the result of putting white space before a comment.
+   Forgeting the "@" for the SOA record or indenting the master file.
 
 Q: Why are my logs in GMT (UTC).
 
-A: You are running chrooted (-t) and have not supplied local timzone
-information in the chroot area.
+A: You are running chrooted (-t) and have not supplied local timzone information
+   in the chroot area.
 
-	FreeBSD: /etc/localtime
-	Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
-	OSF: /etc/zoneinfo/localtime
+   FreeBSD: /etc/localtime
+   Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
+   OSF: /etc/zoneinfo/localtime
 
-	See also tzset(3) and zic(8).
+   See also tzset(3) and zic(8).
 
+Q: I get the error message "named: capset failed: Operation not permitted" when
+   starting named.
 
-Q: I get the error message "named: capset failed: Operation not permitted"
-when starting named.
+A: The capability module, part of "Linux Security Modules/LSM", has not been
+   loaded into the kernel. See insmod(8).
 
-A: The capset module has not been loaded into the kernel.  See insmod(8).
-
-
-Q: I get "rndc: connect failed: connection refused" when I try to run
-   rndc.
+Q: I get "rndc: connect failed: connection refused" when I try to run rndc.
 
 A: This is usually a configuration error.
 
-   First ensure that named is running and no errors are being
-   reported at startup (/var/log/messages or equivalent).  Running
-   "named -g <usual arguements>" from a terminal can help at this
-   point.
+   First ensure that named is running and no errors are being reported at startup
+   (/var/log/messages or equivalent). Running "named -g <usual arguments>" from a
+   title can help at this point.
 
-   Secondly ensure that named is configured to use rndc either by
-   "rndc-confgen -a", rndc-confgen or manually.  The Administators
-   Reference manual has details on how to do this.
+   Secondly ensure that named is configured to use rndc either by "rndc-confgen
+   -a", rndc-confgen or manually. The Administrators Reference manual has details
+   on how to do this.
 
-   Old versions of rndc-confgen used localhost rather than 127.0.0.1
-   in /etc/rndc.conf for the default server.  Update /etc/rndc.conf
-   if necessary so that the default server listed in /etc/rndc.conf
-   matches the addresses used in named.conf.  "localhost" has two
-   address (127.0.0.1 and ::1).
+   Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
+   rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
+   the default server listed in /etc/rndc.conf matches the addresses used in
+   named.conf. "localhost" has two address (127.0.0.1 and ::1).
+
+   If you use "rndc-confgen -a" and named is running with -t or -u ensure that /
+   etc/rndc.conf has the correct ownership and that a copy is in the chroot area.
+   You can do this by re-running "rndc-confgen -a" with appropriate -t and -u
+   arguments.
+
+Q: I don't get RRSIG's returned when I use "dig +dnssec".
+
+A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
+
+Q: I get "Error 1067" when starting named under Windows.
+
+A: This is the service manager saying that named exited. You need to examine the
+   Application log in the EventViewer to find out why.
+
+   Common causes are that you failed to create "named.conf" (usually "C:\windows\
+   dns\etc\named.conf") or failed to specify the directory in named.conf.
+
+   options {
+           Directory "C:\windows\dns\etc";
+   };
+
+Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
+   receiving responses: permission denied" error messages.
+
+A: These indicate a filesystem permission error preventing named creating /
+   renaming the temporary file. These will usually also have other associated
+   error messages like
+
+   "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
+
+   Named needs write permission on the directory containing the file. Named writes
+   the new cache file to a temporary file then renames it to the name specified in
+   named.conf to ensure that the contents are always complete. This is to prevent
+   named loading a partial zone in the event of power failure or similar
+   interrupting the write of the master file.
+
+   Note file names are relative to the directory specified in options and any
+   chroot directory ([<chroot dir>/][<options dir>]).
+
+   If named is invoked as "named -t /chroot/DNS" with the following named.conf
+   then "/chroot/DNS/var/named/sl" needs to be writable by the user named is
+   running as.
+
+   options {
+           directory "/var/named";
+   };
+
+   zone "example.net" {
+           type slave;
+           file "sl/example.net";
+           masters { 192.168.4.12; };
+   };
+
+Q: How do I intergrate BIND 9 and Solaris SMF
+
+A: Sun has a blog entry describing how to do this.
+
+   http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris
+
+Q: Can a NS record refer to a CNAME.
+
+A: No. The rules for glue (copies of the *address* records in the parent zones)
+   and additional section processing do not allow it to work.
+
+   You would have to add both the CNAME and address records (A/AAAA) as glue to
+   the parent zone and have CNAMEs be followed when doing additional section
+   processing to make it work. No namesever implementation supports either of
+   these requirements.
+
+Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
+
+A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
+   using then you have failed to follow RFC 1918 usage rules and are leaking
+   queries to the Internet. You should establish your own zones for these
+   addresses to prevent you quering the Internet's name servers for these
+   addresses. Please see http://as112.net/ for details of the problems you are
+   causing and the counter measures that have had to be deployed.
+
+   If you are not using these private addresses then a client has queried for
+   them. You can just ignore the messages, get the offending client to stop
+   sending you these messages as they are most probably leaking them or setup your
+   own zones empty zones to serve answers to these queries.
+
+   zone "10.IN-ADDR.ARPA" {
+           type master;
+           file "empty";
+   };
+
+   zone "16.172.IN-ADDR.ARPA" {
+           type master;
+           file "empty";
+   };
+
+   ...
+
+   zone "31.172.IN-ADDR.ARPA" {
+           type master;
+           file "empty";
+   };
+
+   zone "168.192.IN-ADDR.ARPA" {
+           type master;
+           file "empty";
+   };
+
+   empty:
+   @ 10800 IN SOA <name-of-server>. <contact-email>. (
+                  1 3600 1200 604800 10800 )
+   @ 10800 IN NS <name-of-server>.
+
+   Note
+
+   Future versions of named are likely to do this automatically.
+
+Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
+
+   Why can't named update slave zone database files?
+
+   Why can't named create DDNS journal files or update the master zones from
+   journals?
+
+   Why can't named create custom log files?
+
+A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
+
+   Red Hat have adopted the National Security Agency's SELinux security policy (
+   see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
+   are more secure than running named in a chroot and make use of the bind-chroot
+   environment unecessary .
+
+   By default, named is not allowed by the SELinux policy to write, create or
+   delete any files EXCEPT in these directories:
+
+   $ROOTDIR/var/named/slaves
+   $ROOTDIR/var/named/data
+   $ROOTDIR/var/tmp
+
+
+   where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
+
+   The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var
+   /named directory, the default location for master zone database files.
+
+   SELinux policy overrules file access permissions - so even if all the files
+   under /var/named have ownership named:named and mode rw-rw-r--, named will
+   still not be able to write or create files except in the directories above,
+   with SELinux in Enforcing mode.
+
+   So, to allow named to update slave or DDNS zone files, it is best to locate
+   them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as:
+
+   zone "slave.zone." IN {
+           type slave;
+           file "slaves/slave.zone.db";
+           ...
+   };
+   zone "ddns.zone." IN  {
+           type master;
+           allow-updates {...};
+           file "slaves/ddns.zone.db";
+   };
+
+
+   To allow named to create its cache dump and statistics files, for example, you
+   could use named.conf options statements such as:
+
+   options {
+           ...
+           dump-file "/var/named/data/cache_dump.db";
+           statistics-file "/var/named/data/named_stats.txt";
+           ...
+   };
+
+
+   You can also tell SELinux to allow named to update any zone database files, by
+   setting the SELinux tunable boolean parameter 'named_write_master_zones=1',
+   using the system-config-securitylevel GUI, using the 'setsebool' command, or in
+   /etc/selinux/targeted/booleans.
+
+   You can disable SELinux protection for named entirely by setting the
+   'named_disable_trans=1' SELinux tunable boolean parameter.
+
+   The SELinux named policy defines these SELinux contexts for named:
+
+   named_zone_t : for zone database files       - $ROOTDIR/var/named/*
+   named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
+   named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
+
+
+   If you want to retain use of the SELinux policy for named, and put named files
+   in different locations, you can do so by changing the context of the custom
+   file locations .
+
+   To create a custom configuration file location, eg. '/root/named.conf', to use
+   with the 'named -c' option, do:
+
+   # chcon system_u:object_r:named_conf_t /root/named.conf
+
+
+   To create a custom modifiable named data location, eg. '/var/log/named' for a
+   log file, do:
+
+   # chcon system_u:object_r:named_cache_t /var/log/named
+
+
+   To create a custom zone file location, eg. /root/zones/, do:
+
+   # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
+
+
+   See these man-pages for more information : selinux(8), named_selinux(8), chcon
+   (1), setsebool(8)
 
-   If you use "rndc-confgen -a" and named is running with -t or -u
-   ensure that /etc/rndc.conf has the correct ownership and that
-   a copy is in the chroot area.  You can do this by re-running
-   "rndc-confgen -a" with appropriate -t and -u arguements.

Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2001, 2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.41.2.3 2004/03/09 06:09:07 marka Exp $
+# $Id: Makefile.in,v 1.41.2.5 2006/05/19 00:03:59 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -44,7 +44,8 @@ maintainer-clean::
 	rm -f configure
 
 installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
+	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
 
 install:: isc-config.sh installdirs
 	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}

README

@@ -43,6 +43,20 @@ BIND 9
 		Nominum, Inc.
 
 
+BIND 9.2.6
+
+	BIND 9.2.6 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.5.
+
+	libbind: corresponds to that from BIND 8.4.7-REL.
+
+BIND 9.2.5
+
+	BIND 9.2.5 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.4.
+
+	libbind: corresponds to that from BIND 8.4.6-REL.
+
 BIND 9.2.4
 
 	BIND 9.2.4 is a maintenance release, containing fixes for
@@ -182,16 +196,13 @@ Building
 
 	We've had successful builds and tests on the following systems:
 
-		AIX 4.3
-		COMPAQ Tru64 UNIX 4.0D
-		COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
-		FreeBSD 3.4-STABLE, 3.5, 4.0, 4.1
-		HP-UX 11.x, x < 11
-		IRIX64 6.5
-		NetBSD 1.5
-		Red Hat Linux 6.0, 6.1, 6.2, 7.0
-		Solaris 2.6, 7, 8
-		Windows NT/W2K
+                COMPAQ Tru64 UNIX 5.1B
+                FreeBSD 4.10, 5.2.1
+                HP-UX 11.11
+                NetBSD 1.5
+                Slackware Linux 8.1
+                Solaris 8, 9, 9 (x86)
+                Windows NT/2000/XP/2003
 
 	Additionally, we have unverified reports of success building
 	previous versions of BIND 9 from users of the following systems:
@@ -206,7 +217,7 @@ Building
 		HP-UX 10.20
 		BSD/OS 4.2
 		OpenUNIX 8
-		Mac OS X 10.1
+		Mac OS X 10.1, 10.3.8
 
 	To build, just
 
@@ -241,6 +252,23 @@ Building
 			is incompatable with the upcoming DS support
 			and SHOULD NOT be set unless you are currently
 			making use of it.
+		-DNS_CLIENT_DROPPORT=0
+			Disable dropping queries from particular well
+			known ports.
+
+	    LDFLAGS
+		Linker flags. Defaults to empty string.
+
+	The following need to be set when cross compiling.
+
+	    BUILD_CC
+		The native C compiler.
+	    BUILD_CFLAGS (optional)
+	    BUILD_CPPFLAGS (optional)
+		Possible Settings:
+		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
+	    BUILD_LDFLAGS (optional)
+	    BUILD_LIBS (optional)
 
 	To build shared libraries, specify "--with-libtool" on the
 	configure command line.
@@ -293,9 +321,12 @@ Building
 	Building with gcc is not supported, unless gcc is the vendor's usual
 	compiler (e.g. the various BSD systems, Linux).
 	
+	Known compiler issues:
 	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86
 	  if the optimiser is enabled.  Use -O0 to disable the optimiser.
 	* gcc ultrasparc generates incorrect code at -02.
+	* gcc-3.3.5 powerpc generates incorrect code at -02.
+	* Irix, MipsPRO 7.4.1m is known to cause problems.
 
 	A limited test suite can be run with "make test".  Many of
 	the tests require you to configure a set of virtual IP addresses

acconfig.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.35.2.8 2004/03/09 06:09:07 marka Exp $ */
+/* $Id: acconfig.h,v 1.35.2.10 2004/12/04 06:44:36 marka Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -130,3 +130,9 @@ int sigwait(const unsigned int *set, int *sig);
 
 /* define if you have strerror in the C library. */
 #undef HAVE_STRERROR
+
+/* Define to the length type used by the socket API (socklen_t, size_t, int). */
+#undef ISC_SOCKADDR_LEN_T
+
+/* Define if threads need PTHREAD_SCOPE_SYSTEM */
+#undef NEED_PTHREAD_SCOPE_SYSTEM

bin/check/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.15.2.5 2004/03/09 06:09:08 marka Exp $
+# $Id: Makefile.in,v 1.15.2.6 2004/07/20 07:00:09 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -64,11 +64,11 @@ named-checkzone.@O@: named-checkzone.c
 
 named-checkconf: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
 		 ${ISCCFGDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ named-checkconf.@O@ \
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ named-checkconf.@O@ \
 	check-tool.@O@ ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 named-checkzone: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ named-checkzone.@O@ \
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ named-checkzone.@O@ \
 	check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 doc man:: ${MANOBJS}

bin/check/named-checkconf.8

@@ -1,52 +1,63 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.11.2.2 2004/06/03 05:21:07 marka Exp $
+.\" $Id: named-checkconf.8,v 1.11.2.5 2005/10/13 02:23:25 marka Exp $
 .\"
-.TH "NAMED-CHECKCONF" "8" "June 14, 2000" "BIND9" ""
-.SH NAME
-named-checkconf \- named configuration file syntax checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkconf\fR [ \fB-v\fR ]  [ \fB-t \fIdirectory\fB\fR ]  \fBfilename\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkconf \- named configuration file syntax checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
 .SH "DESCRIPTION"
 .PP
-\fBnamed-checkconf\fR checks the syntax, but not
-the semantics, of a named configuration file.
+\fBnamed\-checkconf\fR
+checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
 .TP
-\fB-t \fIdirectory\fB\fR
-chroot to \fIdirectory\fR so that include
-directives in the configuration file are processed as if
-run by a similarly chrooted named.
+\-t \fIdirectory\fR
+chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
 .TP
-\fB-v\fR
-Print the version of the \fBnamed-checkconf\fR
+\-v
+Print the version of the
+\fBnamed\-checkconf\fR
 program and exit.
 .TP
-\fBfilename\fR
-The name of the configuration file to be checked. If not
-specified, it defaults to \fI/etc/named.conf\fR.
+filename
+The name of the configuration file to be checked. If not specified, it defaults to
+\fI/etc/named.conf\fR.
 .SH "RETURN VALUES"
 .PP
-\fBnamed-checkconf\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkconf\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/check/named-checkconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.12.2.1 2004/03/09 06:09:09 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.12.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -45,9 +45,9 @@ usage(void) {
 }
 
 static isc_result_t
-directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
+directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	isc_result_t result;
-	char *directory;
+	const char *directory;
 
 	REQUIRE(strcasecmp("directory", clausename) == 0);
 

bin/check/named-checkconf.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.3.2.3 2004/06/03 02:25:54 marka Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.3.2.5 2005/05/12 21:35:05 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>named-checkconf</application></refname>
     <refpurpose>named configuration file syntax checking tool</refpurpose>
@@ -95,6 +111,7 @@
     <para>
         <command>named-checkconf</command> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
+    </para>
   </refsect1>
 
   <refsect1>

bin/check/named-checkconf.html

@@ -1,196 +1,83 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: named-checkconf.html,v 1.5.2.3 2004/06/03 05:21:08 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->named-checkconf</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkconf</SPAN
->&nbsp;--&nbsp;named configuration file syntax checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkconf</B
->  [<TT
-CLASS="OPTION"
->-v</TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN22"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkconf</B
-> checks the syntax, but not
+<!-- $Id: named-checkconf.html,v 1.5.2.13 2006/04/23 10:10:07 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkconf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524081"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
 	the semantics, of a named configuration file.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN26"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->	      chroot to <TT
-CLASS="FILENAME"
->directory</TT
-> so that include
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524435"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+	      chroot to <code class="filename">directory</code> so that include
 	      directives in the configuration file are processed as if
 	      run by a similarly chrooted named.
-	  </P
-></DD
-><DT
->-v</DT
-><DD
-><P
->	      Print the version of the <B
-CLASS="COMMAND"
->named-checkconf</B
->
+	  </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+	      Print the version of the <span><strong class="command">named-checkconf</strong></span>
 	      program and exit.
-	  </P
-></DD
-><DT
->filename</DT
-><DD
-><P
->	       The name of the configuration file to be checked.  If not
-	       specified, it defaults to <TT
-CLASS="FILENAME"
->/etc/named.conf</TT
->.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN45"
-></A
-><H2
->RETURN VALUES</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkconf</B
-> returns an exit status of 1 if
+	  </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+	       The name of the configuration file to be checked.  If not
+	       specified, it defaults to <code class="filename">/etc/named.conf</code>.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524498"></a><h2>RETURN VALUES</h2>
+<p>
+        <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
-  </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN49"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN56"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525193"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525217"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/check/named-checkzone.8

@@ -1,65 +1,77 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.11.2.3 2004/06/03 05:21:08 marka Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.6 2005/10/13 02:23:25 marka Exp $
 .\"
-.TH "NAMED-CHECKZONE" "8" "June 13, 2000" "BIND9" ""
-.SH NAME
-named-checkzone \- zone file validity checking tool
-.SH SYNOPSIS
-.sp
-\fBnamed-checkzone\fR [ \fB-d\fR ]  [ \fB-j\fR ]  [ \fB-q\fR ]  [ \fB-v\fR ]  [ \fB-c \fIclass\fB\fR ]  \fBzonename\fR \fBfilename\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkzone \- zone file validity checking tool
+.SH "SYNOPSIS"
+.HP 16
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
-\fBnamed-checkzone\fR checks the syntax and integrity of
-a zone file. It performs the same checks as \fBnamed\fR
+\fBnamed\-checkzone\fR
+checks the syntax and integrity of a zone file. It performs the same checks as
+\fBnamed\fR
 does when loading a zone. This makes
-\fBnamed-checkzone\fR useful for checking zone
-files before configuring them into a name server.
+\fBnamed\-checkzone\fR
+useful for checking zone files before configuring them into a name server.
 .SH "OPTIONS"
 .TP
-\fB-d\fR
+\-d
 Enable debugging.
 .TP
-\fB-q\fR
-Quiet mode - exit code only.
+\-q
+Quiet mode \- exit code only.
 .TP
-\fB-v\fR
-Print the version of the \fBnamed-checkzone\fR
+\-v
+Print the version of the
+\fBnamed\-checkzone\fR
 program and exit.
 .TP
-\fB-j\fR
+\-j
 When loading the zone file read the journal if it exists.
 .TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
 Specify the class of the zone. If not specified "IN" is assumed.
 .TP
-\fBzonename\fR
+zonename
 The domain name of the zone being checked.
 .TP
-\fBfilename\fR
+filename
 The name of the zone file.
 .SH "RETURN VALUES"
 .PP
-\fBnamed-checkzone\fR returns an exit status of 1 if
-errors were detected and 0 otherwise.
+\fBnamed\-checkzone\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fIRFC 1035\fR,
-\fIBIND 9 Administrator Reference Manual\fR.
+RFC 1035,
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/check/named-checkzone.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.13.2.4 2004/03/09 06:09:09 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.13.2.5 2004/10/25 01:45:25 marka Exp $ */
 
 #include <config.h>
 
@@ -23,6 +23,8 @@
 
 #include <isc/app.h>
 #include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
 #include <isc/socket.h>
@@ -45,6 +47,7 @@ static int debug = 0;
 isc_boolean_t nomerge = ISC_TRUE;
 static int quiet = 0;
 static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
 dns_zone_t *zone = NULL;
 dns_zonetype_t zonetype = dns_zone_master;
 static const char *dbtype[] = { "rbt" };
@@ -162,6 +165,9 @@ main(int argc, char **argv) {
 		dns_log_init(lctx);
 		dns_log_setcontext(lctx);
 	}
+	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
+		      == ISC_R_SUCCESS);
 
 	dns_result_register();
 
@@ -173,6 +179,8 @@ main(int argc, char **argv) {
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);
+	isc_hash_destroy();
+	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.3.2.4 2004/06/03 02:25:55 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.3.2.6 2005/05/12 21:35:05 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>named-checkzone</application></refname>
     <refpurpose>zone file validity checking tool</refpurpose>
@@ -97,6 +113,7 @@
               When loading the zone file read the journal if it exists.
           </para>   
         </listitem>
+      </varlistentry>
 
       <varlistentry>
         <term>-c <replaceable class="parameter">class</replaceable></term>
@@ -134,6 +151,7 @@
     <para>
         <command>named-checkzone</command> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
+    </para>
   </refsect1>
 
   <refsect1>

bin/check/named-checkzone.html

@@ -1,237 +1,100 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2002  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: named-checkzone.html,v 1.5.2.4 2004/06/03 05:21:08 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->named-checkzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->named-checkzone</SPAN
->&nbsp;--&nbsp;zone file validity checking tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->named-checkzone</B
->  [<TT
-CLASS="OPTION"
->-d</TT
->] [<TT
-CLASS="OPTION"
->-j</TT
->] [<TT
-CLASS="OPTION"
->-q</TT
->] [<TT
-CLASS="OPTION"
->-v</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] {zonename} {filename}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN29"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> checks the syntax and integrity of
-	a zone file.  It performs the same checks as <B
-CLASS="COMMAND"
->named</B
->
+<!-- $Id: named-checkzone.html,v 1.5.2.13 2006/04/23 10:10:07 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named-checkzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] {zonename} {filename}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524440"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
+	a zone file.  It performs the same checks as <span><strong class="command">named</strong></span>
 	does when loading a zone.  This makes
-	<B
-CLASS="COMMAND"
->named-checkzone</B
-> useful for checking zone
+	<span><strong class="command">named-checkzone</strong></span> useful for checking zone
 	files before configuring them into a name server.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN35"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-d</DT
-><DD
-><P
->	      Enable debugging.
-	  </P
-></DD
-><DT
->-q</DT
-><DD
-><P
->	      Quiet mode - exit code only.
-	  </P
-></DD
-><DT
->-v</DT
-><DD
-><P
->	      Print the version of the <B
-CLASS="COMMAND"
->named-checkzone</B
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524460"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-d</span></dt>
+<dd><p>
+	      Enable debugging.
+	  </p></dd>
+<dt><span class="term">-q</span></dt>
+<dd><p>
+	      Quiet mode - exit code only.
+	  </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+	      Print the version of the <span><strong class="command">named-checkzone</strong></span>
 	      program and exit.
-	  </P
-></DD
-><DT
->-j</DT
-><DD
-><P
->              When loading the zone file read the journal if it exists.
-          </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	      Specify the class of the zone.  If not specified "IN" is assumed.
-	  </P
-></DD
-><DT
->zonename</DT
-><DD
-><P
->	       The domain name of the zone being checked.
-	  </P
-></DD
-><DT
->filename</DT
-><DD
-><P
->	       The name of the zone file.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN68"
-></A
-><H2
->RETURN VALUES</H2
-><P
->        <B
-CLASS="COMMAND"
->named-checkzone</B
-> returns an exit status of 1 if
+	  </p></dd>
+<dt><span class="term">-j</span></dt>
+<dd><p>
+              When loading the zone file read the journal if it exists.
+          </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	      Specify the class of the zone.  If not specified "IN" is assumed.
+	  </p></dd>
+<dt><span class="term">zonename</span></dt>
+<dd><p>
+	       The domain name of the zone being checked.
+	  </p></dd>
+<dt><span class="term">filename</span></dt>
+<dd><p>
+	       The name of the zone file.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525254"></a><h2>RETURN VALUES</h2>
+<p>
+        <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
-  </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN72"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->RFC 1035</I
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN80"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525267"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <em class="citetitle">RFC 1035</em>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525293"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/check/win32/namedcheckconf.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/check/win32/namedcheckconf.mak

@@ -49,7 +49,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -131,7 +131,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/check/win32/namedcheckzone.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/check/win32/namedcheckzone.mak

@@ -49,7 +49,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -131,7 +131,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dig/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.25.2.2 2004/03/09 06:09:10 marka Exp $
+# $Id: Makefile.in,v 1.25.2.4 2004/08/18 23:22:52 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -48,22 +48,22 @@ UOBJS =
 
 SRCS =		dig.c dighost.c host.c nslookup.c
 
-MANPAGES =	dig.1 host.1
+MANPAGES =	dig.1 host.1 nslookup.1
 
-HTMLPAGES =	dig.html host.html
+HTMLPAGES =	dig.html host.html nslookup.html
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
 dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/dig/dig.1

@@ -1,357 +1,366 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.14.2.5 2004/03/15 04:44:38 marka Exp $
+.\" $Id: dig.1,v 1.14.2.9 2005/10/13 02:23:26 marka Exp $
 .\"
-.TH "DIG" "1" "Jun 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 dig \- DNS lookup utility
-.SH SYNOPSIS
-.sp
-\fBdig\fR [ \fB@server\fR ]  [ \fB-b \fIaddress\fB\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-f \fIfilename\fB\fR ]  [ \fB-k \fIfilename\fB\fR ]  [ \fB-p \fIport#\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-x \fIaddr\fB\fR ]  [ \fB-y \fIname:key\fB\fR ]  [ \fBname\fR ]  [ \fBtype\fR ]  [ \fBclass\fR ]  [ \fBqueryopt\fR\fI...\fR ] 
-.sp
-\fBdig\fR [ \fB-h\fR ] 
-.sp
-\fBdig\fR [ \fBglobal-queryopt\fR\fI...\fR ]  [ \fBquery\fR\fI...\fR ] 
+.SH "SYNOPSIS"
+.HP 4
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [name] [type] [class] [queryopt...]
+.HP 4
+\fBdig\fR [\fB\-h\fR]
+.HP 4
+\fBdig\fR [global\-queryopt...] [query...]
 .SH "DESCRIPTION"
 .PP
-\fBdig\fR (domain information groper) is a flexible tool
-for interrogating DNS name servers. It performs DNS lookups and
-displays the answers that are returned from the name server(s) that
-were queried. Most DNS administrators use \fBdig\fR to
-troubleshoot DNS problems because of its flexibility, ease of use and
-clarity of output. Other lookup tools tend to have less functionality
-than \fBdig\fR.
+\fBdig\fR
+(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
+\fBdig\fR
+to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
+\fBdig\fR.
 .PP
-Although \fBdig\fR is normally used with command-line
-arguments, it also has a batch mode of operation for reading lookup
-requests from a file. A brief summary of its command-line arguments
-and options is printed when the \fB-h\fR option is given.
-Unlike earlier versions, the BIND9 implementation of
-\fBdig\fR allows multiple lookups to be issued from the
-command line.
+Although
+\fBdig\fR
+is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
+\fB\-h\fR
+option is given. Unlike earlier versions, the BIND9 implementation of
+\fBdig\fR
+allows multiple lookups to be issued from the command line.
 .PP
 Unless it is told to query a specific name server,
-\fBdig\fR will try each of the servers listed in
+\fBdig\fR
+will try each of the servers listed in
 \fI/etc/resolv.conf\fR.
 .PP
-When no command line arguments or options are given, will perform an
-NS query for "." (the root).
+When no command line arguments or options are given, will perform an NS query for "." (the root).
 .PP
-It is possible to set per user defaults for \fBdig\fR via
-\fI${HOME}/.digrc\fR. This file is read and any options in it
-are applied before the command line arguements.
+It is possible to set per user defaults for
+\fBdig\fR
+via
+\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
 .SH "SIMPLE USAGE"
 .PP
-A typical invocation of \fBdig\fR looks like:
+A typical invocation of
+\fBdig\fR
+looks like:
 .sp
 .nf
  dig @server name type 
-.sp
 .fi
+.sp
 where:
 .TP
 \fBserver\fR
-is the name or IP address of the name server to query. This can be an IPv4
-address in dotted-decimal notation or an IPv6
-address in colon-delimited notation. When the supplied
-\fIserver\fR argument is a hostname,
-\fBdig\fR resolves that name before querying that name
-server. If no \fIserver\fR argument is provided,
-\fBdig\fR consults \fI/etc/resolv.conf\fR
-and queries the name servers listed there. The reply from the name
-server that responds is displayed.
+is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
+\fIserver\fR
+argument is a hostname,
+\fBdig\fR
+resolves that name before querying that name server. If no
+\fIserver\fR
+argument is provided,
+\fBdig\fR
+consults
+\fI/etc/resolv.conf\fR
+and queries the name servers listed there. The reply from the name server that responds is displayed.
 .TP
 \fBname\fR
 is the name of the resource record that is to be looked up.
 .TP
 \fBtype\fR
-indicates what type of query is required \(em
-ANY, A, MX, SIG, etc.
-\fItype\fR can be any valid query type. If no
-\fItype\fR argument is supplied,
-\fBdig\fR will perform a lookup for an A record.
+indicates what type of query is required \(em ANY, A, MX, SIG, etc.
+\fItype\fR
+can be any valid query type. If no
+\fItype\fR
+argument is supplied,
+\fBdig\fR
+will perform a lookup for an A record.
 .SH "OPTIONS"
 .PP
-The \fB-b\fR option sets the source IP address of the query
-to \fIaddress\fR. This must be a valid address on
-one of the host's network interfaces.
+The
+\fB\-b\fR
+option sets the source IP address of the query to
+\fIaddress\fR. This must be a valid address on one of the host's network interfaces.
 .PP
 The default query class (IN for internet) is overridden by the
-\fB-c\fR option. \fIclass\fR is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+\fB\-c\fR
+option.
+\fIclass\fR
+is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
 .PP
-The \fB-f\fR option makes \fBdig \fR operate
-in batch mode by reading a list of lookup requests to process from the
-file \fIfilename\fR. The file contains a number of
-queries, one per line. Each entry in the file should be organised in
-the same way they would be presented as queries to
-\fBdig\fR using the command-line interface.
+The
+\fB\-f\fR
+option makes
+\fBdig \fR
+operate in batch mode by reading a list of lookup requests to process from the file
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
+\fBdig\fR
+using the command\-line interface.
 .PP
-If a non-standard port number is to be queried, the
-\fB-p\fR option is used. \fIport#\fR is
-the port number that \fBdig\fR will send its queries
-instead of the standard DNS port number 53. This option would be used
-to test a name server that has been configured to listen for queries
-on a non-standard port number.
+If a non\-standard port number is to be queried, the
+\fB\-p\fR
+option is used.
+\fIport#\fR
+is the port number that
+\fBdig\fR
+will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
 .PP
-The \fB-t\fR option sets the query type to
-\fItype\fR. It can be any valid query type which is
-supported in BIND9. The default query type "A", unless the
-\fB-x\fR option is supplied to indicate a reverse lookup.
-A zone transfer can be requested by specifying a type of AXFR. When
-an incremental zone transfer (IXFR) is required,
-\fItype\fR is set to ixfr=N.
-The incremental zone transfer will contain the changes made to the zone
-since the serial number in the zone's SOA record was
+The
+\fB\-t\fR
+option sets the query type to
+\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
+\fB\-x\fR
+option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
+\fItype\fR
+is set to
+ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
 \fIN\fR.
 .PP
-Reverse lookups - mapping addresses to names - are simplified by the
-\fB-x\fR option. \fIaddr\fR is an IPv4
-address in dotted-decimal notation, or a colon-delimited IPv6 address.
-When this option is used, there is no need to provide the
-\fIname\fR, \fIclass\fR and
-\fItype\fR arguments. \fBdig\fR
+Reverse lookups \- mapping addresses to names \- are simplified by the
+\fB\-x\fR
+option.
+\fIaddr\fR
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
+\fIname\fR,
+\fIclass\fR
+and
+\fItype\fR
+arguments.
+\fBdig\fR
 automatically performs a lookup for a name like
-11.12.13.10.in-addr.arpa and sets the query type and
-class to PTR and IN respectively. By default, IPv6 addresses are
-looked up using the IP6.ARPA domain and binary labels as defined in
-RFC2874. To use the older RFC1886 method using the IP6.INT domain and
-"nibble" labels, specify the \fB-n\fR (nibble) option.
+11.12.13.10.in\-addr.arpa
+and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using the IP6.ARPA domain and binary labels as defined in RFC2874. To use the older RFC1886 method using the IP6.INT domain and "nibble" labels, specify the
+\fB\-n\fR
+(nibble) option.
 .PP
-To sign the DNS queries sent by \fBdig\fR and their
-responses using transaction signatures (TSIG), specify a TSIG key file
-using the \fB-k\fR option. You can also specify the TSIG
-key itself on the command line using the \fB-y\fR option;
-\fIname\fR is the name of the TSIG key and
-\fIkey\fR is the actual key. The key is a base-64
-encoded string, typically generated by \fBdnssec-keygen\fR(8).
-Caution should be taken when using the \fB-y\fR option on
-multi-user systems as the key can be visible in the output from
-\fBps\fR(1) or in the shell's history file. When
-using TSIG authentication with \fBdig\fR, the name
-server that is queried needs to know the key and algorithm that is
-being used. In BIND, this is done by providing appropriate
-\fBkey\fR and \fBserver\fR statements in
+To sign the DNS queries sent by
+\fBdig\fR
+and their responses using transaction signatures (TSIG), specify a TSIG key file using the
+\fB\-k\fR
+option. You can also specify the TSIG key itself on the command line using the
+\fB\-y\fR
+option;
+\fIname\fR
+is the name of the TSIG key and
+\fIkey\fR
+is the actual key. The key is a base\-64 encoded string, typically generated by
+\fBdnssec\-keygen\fR(8). Caution should be taken when using the
+\fB\-y\fR
+option on multi\-user systems as the key can be visible in the output from
+\fBps\fR(1 )
+or in the shell's history file. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
+\fBkey\fR
+and
+\fBserver\fR
+statements in
 \fInamed.conf\fR.
 .SH "QUERY OPTIONS"
 .PP
-\fBdig\fR provides a number of query options which affect
-the way in which lookups are made and the results displayed. Some of
-these set or reset flag bits in the query header, some determine which
-sections of the answer get printed, and others determine the timeout
-and retry strategies.
+\fBdig\fR
+provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
 .PP
-Each query option is identified by a keyword preceded by a plus sign
-(+). Some keywords set or reset an option. These may be preceded
-by the string no to negate the meaning of that keyword. Other
-keywords assign values to options like the timeout interval. They
-have the form \fB+keyword=value\fR.
-The query options are:
+Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
+no
+to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
+\fB+keyword=value\fR. The query options are:
 .TP
 \fB+[no]tcp\fR
-Use [do not use] TCP when querying name servers. The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
-which case a TCP connection is used.
+Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
 .TP
 \fB+[no]vc\fR
-Use [do not use] TCP when querying name servers. This alternate
-syntax to \fI+[no]tcp\fR is provided for backwards
-compatibility. The "vc" stands for "virtual circuit".
+Use [do not use] TCP when querying name servers. This alternate syntax to
+\fI+[no]tcp\fR
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
 .TP
 \fB+[no]ignore\fR
-Ignore truncation in UDP responses instead of retrying with TCP. By
-default, TCP retries are performed.
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
 .TP
 \fB+domain=somename\fR
 Set the search list to contain the single domain
 \fIsomename\fR, as if specified in a
-\fBdomain\fR directive in
-\fI/etc/resolv.conf\fR, and enable search list
-processing as if the \fI+search\fR option were given.
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
+\fI+search\fR
+option were given.
 .TP
 \fB+[no]search\fR
-Use [do not use] the search list defined by the searchlist or domain
-directive in \fIresolv.conf\fR (if any).
-The search list is not used by default.
+Use [do not use] the search list defined by the searchlist or domain directive in
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
 .TP
 \fB+[no]defname\fR
-Deprecated, treated as a synonym for \fI+[no]search\fR
+Deprecated, treated as a synonym for
+\fI+[no]search\fR
 .TP
 \fB+[no]aaonly\fR
-This option does nothing. It is provided for compatibility with old
-versions of \fBdig\fR where it set an unimplemented
-resolver flag.
+This option does nothing. It is provided for compatibility with old versions of
+\fBdig\fR
+where it set an unimplemented resolver flag.
 .TP
 \fB+[no]adflag\fR
-Set [do not set] the AD (authentic data) bit in the query. The AD bit
-currently has a standard meaning only in responses, not in queries,
-but the ability to set the bit in the query is provided for
-completeness.
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
 .TP
 \fB+[no]cdflag\fR
-Set [do not set] the CD (checking disabled) bit in the query. This
-requests the server to not perform DNSSEC validation of responses.
+Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
 .TP
 \fB+[no]recurse\fR
-Toggle the setting of the RD (recursion desired) bit in the query.
-This bit is set by default, which means \fBdig\fR
-normally sends recursive queries. Recursion is automatically disabled
-when the \fI+nssearch\fR or
-\fI+trace\fR query options are used.
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+\fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled when the
+\fI+nssearch\fR
+or
+\fI+trace\fR
+query options are used.
 .TP
 \fB+[no]nssearch\fR
-When this option is set, \fBdig\fR attempts to find the
-authoritative name servers for the zone containing the name being
-looked up and display the SOA record that each name server has for the
-zone.
+When this option is set,
+\fBdig\fR
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
 .TP
 \fB+[no]trace\fR
-Toggle tracing of the delegation path from the root name servers for
-the name being looked up. Tracing is disabled by default. When
-tracing is enabled, \fBdig\fR makes iterative queries to
-resolve the name being looked up. It will follow referrals from the
-root servers, showing the answer from each server that was used to
-resolve the lookup.
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+\fBdig\fR
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
 .TP
 \fB+[no]cmd\fR
-toggles the printing of the initial comment in the output identifying
-the version of \fBdig\fR and the query options that have
-been applied. This comment is printed by default.
+toggles the printing of the initial comment in the output identifying the version of
+\fBdig\fR
+and the query options that have been applied. This comment is printed by default.
 .TP
 \fB+[no]short\fR
-Provide a terse answer. The default is to print the answer in a
-verbose form.
+Provide a terse answer. The default is to print the answer in a verbose form.
 .TP
 \fB+[no]identify\fR
-Show [or do not show] the IP address and port number that supplied the
-answer when the \fI+short\fR option is enabled. If
-short form answers are requested, the default is not to show the
-source address and port number of the server that provided the answer.
+Show [or do not show] the IP address and port number that supplied the answer when the
+\fI+short\fR
+option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
 .TP
 \fB+[no]comments\fR
-Toggle the display of comment lines in the output. The default is to
-print comments.
+Toggle the display of comment lines in the output. The default is to print comments.
 .TP
 \fB+[no]stats\fR
-This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on. The default behaviour is
-to print the query statistics.
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
 .TP
 \fB+[no]qr\fR
-Print [do not print] the query as it is sent.
-By default, the query is not printed.
+Print [do not print] the query as it is sent. By default, the query is not printed.
 .TP
 \fB+[no]question\fR
-Print [do not print] the question section of a query when an answer is
-returned. The default is to print the question section as a comment.
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
 .TP
 \fB+[no]answer\fR
-Display [do not display] the answer section of a reply. The default
-is to display it.
+Display [do not display] the answer section of a reply. The default is to display it.
 .TP
 \fB+[no]authority\fR
-Display [do not display] the authority section of a reply. The
-default is to display it.
+Display [do not display] the authority section of a reply. The default is to display it.
 .TP
 \fB+[no]additional\fR
-Display [do not display] the additional section of a reply.
-The default is to display it.
+Display [do not display] the additional section of a reply. The default is to display it.
 .TP
 \fB+[no]all\fR
 Set or clear all display flags.
 .TP
 \fB+time=T\fR
 Sets the timeout for a query to
-\fIT\fR seconds. The default time out is 5 seconds.
-An attempt to set \fIT\fR to less than 1 will result
-in a query timeout of 1 second being applied.
+\fIT\fR
+seconds. The default time out is 5 seconds. An attempt to set
+\fIT\fR
+to less than 1 will result in a query timeout of 1 second being applied.
 .TP
 \fB+tries=T\fR
 Sets the number of times to retry UDP queries to server to
-\fIT\fR instead of the default, 3. If
-\fIT\fR is less than or equal to zero, the number of
-retries is silently rounded up to 1.
+\fIT\fR
+instead of the default, 3. If
+\fIT\fR
+is less than or equal to zero, the number of retries is silently rounded up to 1.
 .TP
 \fB+ndots=D\fR
 Set the number of dots that have to appear in
-\fIname\fR to \fID\fR for it to be
-considered absolute. The default value is that defined using the
-ndots statement in \fI/etc/resolv.conf\fR, or 1 if no
-ndots statement is present. Names with fewer dots are interpreted as
-relative names and will be searched for in the domains listed in the
-\fBsearch\fR or \fBdomain\fR directive in
+\fIname\fR
+to
+\fID\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
 \fI/etc/resolv.conf\fR.
 .TP
 \fB+bufsize=B\fR
 Set the UDP message buffer size advertised using EDNS0 to
-\fIB\fR bytes. The maximum and minimum sizes of this
-buffer are 65535 and 0 respectively. Values outside this range are
-rounded up or down appropriately.
+\fIB\fR
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
 .TP
 \fB+[no]multiline\fR
-Print records like the SOA records in a verbose multi-line
-format with human-readable comments. The default is to print
-each record on a single line, to facilitate machine parsing 
-of the \fBdig\fR output.
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+\fBdig\fR
+output.
 .TP
 \fB+[no]fail\fR
-Do not try the next server if you receive a SERVFAIL. The default is
-to not try the next server which is the reverse of normal stub resolver
-behaviour.
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
 .TP
 \fB+[no]besteffort\fR
-Attempt to display the contents of messages which are malformed.
-The default is to not display malformed answers.
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
 .TP
 \fB+[no]dnssec\fR
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
-in the OPT record in the additional section of the query.
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
 .SH "MULTIPLE QUERIES"
 .PP
-The BIND 9 implementation of \fBdig \fR supports
-specifying multiple queries on the command line (in addition to
-supporting the \fB-f\fR batch file option). Each of those
-queries can be supplied with its own set of flags, options and query
-options.
+The BIND 9 implementation of
+\fBdig \fR
+supports specifying multiple queries on the command line (in addition to supporting the
+\fB\-f\fR
+batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
 .PP
-In this case, each \fIquery\fR argument represent an
-individual query in the command-line syntax described above. Each
-consists of any of the standard options and flags, the name to be
-looked up, an optional query type and class and any query options that
-should be applied to that query.
+In this case, each
+\fIquery\fR
+argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
 .PP
-A global set of query options, which should be applied to all queries,
-can also be supplied. These global query options must precede the
-first tuple of name, class, type, options, flags, and query options
-supplied on the command line. Any global query options (except
-the \fB+[no]cmd\fR option) can be
-overridden by a query-specific set of query options. For example:
+A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
+\fB+[no]cmd\fR
+option) can be overridden by a query\-specific set of query options. For example:
 .sp
 .nf
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-.sp
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
 .fi
-shows how \fBdig\fR could be used from the command line
-to make three lookups: an ANY query for www.isc.org, a
-reverse lookup of 127.0.0.1 and a query for the NS records of
-isc.org.
-A global query option of \fI+qr\fR is applied, so
-that \fBdig\fR shows the initial query it made for each
-lookup. The final query has a local query option of
-\fI+noqr\fR which means that \fBdig\fR
+.sp
+shows how
+\fBdig\fR
+could be used from the command line to make three lookups: an ANY query for
+www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org. A global query option of
+\fI+qr\fR
+is applied, so that
+\fBdig\fR
+shows the initial query it made for each lookup. The final query has a local query option of
+\fI+noqr\fR
+which means that
+\fBdig\fR
 will not print the initial query when it looks up the NS records for
 isc.org.
 .SH "FILES"
@@ -363,8 +372,8 @@ isc.org.
 .PP
 \fBhost\fR(1),
 \fBnamed\fR(8),
-\fBdnssec-keygen\fR(8),
-\fIRFC1035\fR.
-.SH "BUGS"
+\fBdnssec\-keygen\fR(8),
+RFC1035.
+.SH "BUGS "
 .PP
-There are probably too many query options. 
+There are probably too many query options.

bin/dig/dig.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.157.2.16 2004/06/07 03:59:08 marka Exp $ */
+/* $Id: dig.c,v 1.157.2.20 2005/07/04 03:22:02 marka Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
@@ -42,10 +42,6 @@
 
 #include <dig/dig.h>
 
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern dig_serverlist_t server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
 #define ADD_STRING(b, s) { 				\
 	if (strlen(s) >= isc_buffer_availablelength(b)) \
  		return (ISC_R_NOSPACE); 		\
@@ -53,33 +49,14 @@ extern ISC_LIST(dig_searchlist_t) search_list;
 		isc_buffer_putstr(b, s); 		\
 }
 
+#define DIG_MAX_ADDRESSES 20
 
-extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
-	usesearch, qr;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern dns_messageid_t id;
-extern int sendcount;
-extern int ndots;
-extern int tries;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_sockaddr_t bind_address;
-extern char keynametext[MXNAME];
-extern char keyfile[MXNAME];
-extern char keysecret[MXNAME];
-extern dns_tsigkey_t *key;
-extern isc_boolean_t validated;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern isc_boolean_t free_now;
 dig_lookup_t *default_lookup = NULL;
 
-extern isc_boolean_t debugging, memdebugging;
 static char *batchname = NULL;
 static FILE *batchfp = NULL;
 static char *argv0;
+static int addresscount = 0;
 
 static char domainopt[DNS_NAME_MAXTEXT];
 
@@ -126,8 +103,6 @@ static const char *rcodetext[] = {
 	"BADVERS"
 };
 
-extern char *progname;
-
 static void
 print_usage(FILE *fp) {
 	fputs(
@@ -506,6 +481,7 @@ buftoosmall:
 			}
 		}
 	}
+
 	if (headers && query->lookup->comments && !short_form)
 		printf("\n");
 
@@ -540,6 +516,15 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 		remaining = sizeof(lookup->cmdline) -
 			    strlen(lookup->cmdline) - 1;
 		strncat(lookup->cmdline, "\n", remaining);
+		if (first && addresscount != 0) {
+			snprintf(append, sizeof(append),
+				 "; (%d server%s found)\n",
+				 addresscount,
+				 addresscount > 1 ? "s" : "");
+			remaining = sizeof(lookup->cmdline) -
+				    strlen(lookup->cmdline) - 1;
+			strncat(lookup->cmdline, append, remaining);
+		}
 		if (first) {
 			snprintf(append, sizeof (append), 
 				 ";; global options: %s %s\n",
@@ -750,7 +735,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			lookup->ns_search_only = state;
 			if (state) {
 				lookup->trace_root = ISC_TRUE;
-				lookup->recurse = ISC_FALSE;
+				lookup->recurse = ISC_TRUE;
 				lookup->identify = ISC_TRUE;
 				lookup->stats = ISC_FALSE;
 				lookup->comments = ISC_FALSE;
@@ -874,9 +859,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
  */
 static isc_boolean_t
 dash_option(char *option, char *next, dig_lookup_t **lookup,
-	    isc_boolean_t *open_type_class,
-		isc_boolean_t *firstarg,
-		int argc, char **argv)
+	    isc_boolean_t *open_type_class)
 {
 	char cmd, *value, *ptr;
 	isc_result_t result;
@@ -1025,11 +1008,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 			if (!(*lookup)->rdclassset)
 				(*lookup)->rdclass = dns_rdataclass_in;
 			(*lookup)->new_search = ISC_TRUE;
-			if (*lookup && *firstarg)
-			{
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, *lookup, link);
 		} else {
 			fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1070,13 +1048,35 @@ preparse_args(int argc, char **argv) {
 }
 
 
+static void
+getaddresses(dig_lookup_t *lookup, const char *host) {
+	isc_result_t result;
+	isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+	isc_netaddr_t netaddr;
+	int count, i;
+	dig_server_t *srv;
+	char tmp[ISC_NETADDR_FORMATSIZE];
+
+	result = get_addresses(host, 0, sockaddrs, DIG_MAX_ADDRESSES, &count);   
+	if (result != ISC_R_SUCCESS)
+		fatal("couldn't get address for '%s': %s",
+		      host, isc_result_totext(result));
+
+	for (i = 0; i < count; i++) {
+		isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+		isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+		srv = make_server(tmp, host);
+		ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+	}
+	addresscount = count;
+}
+
 static void
 parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 	   int argc, char **argv) {
 	isc_result_t result;
 	isc_textregion_t tr;
 	isc_boolean_t firstarg = ISC_TRUE;
-	dig_server_t *srv = NULL;
 	dig_lookup_t *lookup = NULL;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
@@ -1152,24 +1152,20 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		if (strncmp(rv[0], "%", 1) == 0)
 			break;
 		if (strncmp(rv[0], "@", 1) == 0) {
-			srv = make_server(&rv[0][1]);
-			ISC_LIST_APPEND(lookup->my_server_list,
-					srv, link);
+			getaddresses(lookup, &rv[0][1]);
 		} else if (rv[0][0] == '+') {
 			plus_option(&rv[0][1], is_batchfile,
 				    lookup);
 		} else if (rv[0][0] == '-') {
 			if (rc <= 1) {
 				if (dash_option(&rv[0][1], NULL,
-						&lookup, &open_type_class,
-						&firstarg, argc, argv)) {
+						&lookup, &open_type_class)) {
 					rc--;
 					rv++;
 				}
 			} else {
 				if (dash_option(&rv[0][1], rv[1],
-						&lookup, &open_type_class,
-						&firstarg, argc, argv)) {
+						&lookup, &open_type_class)) {
 					rc--;
 					rv++;
 				}
@@ -1239,10 +1235,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			if (!config_only) {
 				lookup = clone_lookup(default_lookup,
 						      ISC_TRUE);
-				if (firstarg) {
-					printgreeting(argc, argv, lookup);
-					firstarg = ISC_FALSE;
-				}
 				strncpy(lookup->textname, rv[0], 
 					sizeof(lookup->textname));
 				lookup->textname[sizeof(lookup->textname)-1]=0;
@@ -1309,6 +1301,9 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			firstarg = ISC_FALSE;
 		}
 		ISC_LIST_APPEND(lookup_list, lookup, link);
+	} else if (!config_only && firstarg) {
+			printgreeting(argc, argv, lookup);
+			firstarg = ISC_FALSE;
 	}
 }
 

bin/dig/dig.docbook

@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.4.2.8 2004/03/09 06:09:12 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.4.2.11 2005/05/12 21:35:06 sra Exp $ -->
 
 <refentry>
 
@@ -30,6 +32,20 @@
 <refmiscinfo>BIND9</refmiscinfo>
 </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
 <refnamediv>
 <refname>dig</refname>
 <refpurpose>DNS lookup utility</refpurpose>
@@ -38,7 +54,7 @@
 <refsynopsisdiv>
 <cmdsynopsis>
 <command>dig</command>
-<arg choice=opt>@server</arg>
+<arg choice="opt">@server</arg>
 <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
 <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
 <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
@@ -47,10 +63,10 @@
 <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
 <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
 <arg><option>-y <replaceable class="parameter">name:key</replaceable></option></arg>
-<arg choice=opt>name</arg>
-<arg choice=opt>type</arg>
-<arg choice=opt>class</arg>
-<arg choice=opt rep=repeat>queryopt</arg>
+<arg choice="opt">name</arg>
+<arg choice="opt">type</arg>
+<arg choice="opt">class</arg>
+<arg choice="opt" rep="repeat">queryopt</arg>
 </cmdsynopsis>
 
 <cmdsynopsis>
@@ -60,8 +76,8 @@
 
 <cmdsynopsis>
 <command>dig</command>
-<arg choice=opt rep=repeat>global-queryopt</arg>
-<arg choice=opt rep=repeat>query</arg>
+<arg choice="opt" rep="repeat">global-queryopt</arg>
+<arg choice="opt" rep="repeat">query</arg>
 </cmdsynopsis>
 </refsynopsisdiv>
 
@@ -101,7 +117,7 @@ NS query for "." (the root).
 <para>
 It is possible to set per user defaults for <command>dig</command> via
 <filename>${HOME}/.digrc</filename>.  This file is read and any options in it
-are applied before the command line arguements.
+are applied before the command line arguments.
 </para>
 
 </refsect1>
@@ -478,6 +494,7 @@ The default is to not display malformed answers.
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
 in the OPT record in the additional section of the query.
 </para>
+</listitem></varlistentry>
 
 </variablelist>
 

bin/dig/dighost.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.221.2.22 2004/04/15 06:53:18 marka Exp $ */
+/* $Id: dighost.c,v 1.221.2.29 2005/10/14 01:37:48 marka Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -50,6 +50,7 @@
 #include <isc/app.h>
 #include <isc/base64.h>
 #include <isc/entropy.h>
+#include <isc/file.h>
 #include <isc/lang.h>
 #include <isc/netaddr.h>
 #include <isc/netdb.h>
@@ -78,9 +79,9 @@ extern int h_errno;
 #endif
 #endif
 
-ISC_LIST(dig_lookup_t) lookup_list;
+dig_lookuplist_t lookup_list;
 dig_serverlist_t server_list;
-ISC_LIST(dig_searchlist_t) search_list;
+dig_searchlistlist_t search_list;
 
 isc_boolean_t
 	have_ipv4 = ISC_FALSE,
@@ -318,13 +319,15 @@ check_result(isc_result_t result, const char *msg) {
 	}
 }
 
+#define DIG_MAX_ADDRESSES 20
+
 /*
  * Create a server structure, which is part of the lookup structure.
  * This is little more than a linked list of servers to query in hopes
  * of finding the answer the user is looking for
  */
 dig_server_t *
-make_server(const char *servname) {
+make_server(const char *servname, const char *userarg) {
 	dig_server_t *srv;
 
 	REQUIRE(servname != NULL);
@@ -335,11 +338,56 @@ make_server(const char *servname) {
 		fatal("Memory allocation failure in %s:%d",
 		      __FILE__, __LINE__);
 	strncpy(srv->servername, servname, MXNAME);
+	strncpy(srv->userarg, userarg, MXNAME);
 	srv->servername[MXNAME-1] = 0;
+	srv->userarg[MXNAME-1] = 0;
 	ISC_LINK_INIT(srv, link);
 	return (srv);
 }
 
+void
+flush_server_list(void) {
+	dig_server_t *s, *ps;
+
+	debug("flush_server_list()");
+	s = ISC_LIST_HEAD(server_list);
+	while (s != NULL) {
+		ps = s;
+		s = ISC_LIST_NEXT(s, link);
+		ISC_LIST_DEQUEUE(server_list, ps, link);
+		isc_mem_free(mctx, ps);
+	}
+}
+
+void
+set_nameserver(char *opt) {
+	isc_result_t result;
+	isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+	isc_netaddr_t netaddr;
+	int count, i;
+	dig_server_t *srv;
+	char tmp[ISC_NETADDR_FORMATSIZE];
+
+	if (opt == NULL)
+		return;
+
+	result = get_addresses(opt, 0, sockaddrs, DIG_MAX_ADDRESSES, &count);
+	if (result != ISC_R_SUCCESS)
+		fatal("couldn't get address for '%s': %s",
+		      opt, isc_result_totext(result));
+
+      flush_server_list();
+
+      for (i = 0; i < count; i++) {
+            isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+            isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+            srv = make_server(tmp, opt);
+            if (srv == NULL)
+                  fatal("memory allocation failure");
+            ISC_LIST_APPEND(server_list, srv, link);
+      }
+}          
+
 /*
  * Produce a cloned server list.  The dest list must have already had
  * ISC_LIST_INIT applied.
@@ -351,7 +399,7 @@ clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
 	debug("clone_server_list()");
 	srv = ISC_LIST_HEAD(src);
 	while (srv != NULL) {
-		newsrv = make_server(srv->servername);
+		newsrv = make_server(srv->servername, srv->userarg);
 		ISC_LINK_INIT(newsrv, link);
 		ISC_LIST_ENQUEUE(*dest, newsrv, link);
 		srv = ISC_LIST_NEXT(srv, link);
@@ -634,7 +682,7 @@ setup_system(void) {
 				debug("got a nameserver line");
 				ptr = next_token(&input, " \t\r\n");
 				if (ptr != NULL) {
-					srv = make_server(ptr);
+					srv = make_server(ptr, ptr);
 					ISC_LIST_APPEND(server_list, srv, link);
 				}
 			} else if (strcasecmp(ptr, "options") == 0) {
@@ -679,7 +727,7 @@ setup_system(void) {
 		ndots = 1;
 
 	if (server_list.head == NULL) {
-		srv = make_server("127.0.0.1");
+		srv = make_server("127.0.0.1", "127.0.0.1");
 		ISC_LIST_APPEND(server_list, srv, link);
 	}
 
@@ -1021,6 +1069,13 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
 		name = NULL;
 		dns_message_currentname(msg, section, &name);
 
+		if (section == DNS_SECTION_AUTHORITY) {
+			rdataset = NULL;
+			result = dns_message_findtype(name, dns_rdatatype_soa,
+						      0, &rdataset);
+			if (result == ISC_R_SUCCESS)
+				return (0);
+		}
 		rdataset = NULL;
 		result = dns_message_findtype(name, dns_rdatatype_ns, 0,
 					      &rdataset);
@@ -1065,8 +1120,10 @@ followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section)
 				lookup->ns_search_only =
 					query->lookup->ns_search_only;
 				lookup->trace_root = ISC_FALSE;
+				if (lookup->ns_search_only)
+					lookup->recurse = ISC_FALSE;
 			}
-			srv = make_server(namestr);
+			srv = make_server(namestr, namestr);
 			debug("adding server %s", srv->servername);
 			ISC_LIST_APPEND(lookup->my_server_list, srv, link);
 			dns_rdata_reset(&rdata);
@@ -1430,6 +1487,7 @@ setup_lookup(dig_lookup_t *lookup) {
 		query->first_rr_serial = 0;
 		query->second_rr_serial = 0;
 		query->servname = serv->servername;
+		query->userarg = serv->userarg;
 		query->rr_count = 0;
 		ISC_LINK_INIT(query, link);
 		ISC_LIST_INIT(query->recvlist);
@@ -1695,7 +1753,7 @@ send_udp(dig_query_t *query) {
  */
 static void
 connect_timeout(isc_task_t *task, isc_event_t *event) {
-	dig_lookup_t *l=NULL, *n;
+	dig_lookup_t *l=NULL;
 	dig_query_t *query=NULL, *cq;
 
 	UNUSED(task);
@@ -1731,7 +1789,7 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
 			debug("making new TCP request, %d tries left",
 			      l->retries);
 			l->retries--;
-			n = requeue_lookup(l, ISC_TRUE);
+			requeue_lookup(l, ISC_TRUE);
 			cancel_lookup(l);
 			check_next_lookup(l);
 		}
@@ -2498,77 +2556,160 @@ recv_done(isc_task_t *task, isc_event_t *event) {
  */
 void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr) {
+	int count;
+	isc_result_t result;
+
+	result = get_addresses(host, port, sockaddr, 1, &count);
+	if (result != ISC_R_SUCCESS)
+		fatal("couldn't get address for '%s': %s",
+		      host, isc_result_totext(result));
+	INSIST(count == 1);
+}
+
+isc_result_t
+get_addresses(const char *hostname, in_port_t port,
+	     isc_sockaddr_t *addrs, int addrsize, int *addrcount)
+{
 	struct in_addr in4;
 	struct in6_addr in6;
+	isc_boolean_t have_ipv4, have_ipv6;
+	int i;
+
 #ifdef USE_GETADDRINFO
-	struct addrinfo *res = NULL, hints;
+	struct addrinfo *ai = NULL, *tmpai, hints;
 	int result;
 #else
 	struct hostent *he;
 #endif
 
-	debug("get_address()");
+	REQUIRE(hostname != NULL);
+	REQUIRE(addrs != NULL);
+	REQUIRE(addrcount != NULL);
+	REQUIRE(addrsize > 0);
 
-	if (inet_pton(AF_INET6, host, &in6) == 1) {
-		if (!have_ipv6)
-			fatal("Protocol family INET6 not supported '%s'", host);
-		isc_sockaddr_fromin6(sockaddr, &in6, port);
-	} else if (inet_pton(AF_INET, host, &in4) == 1) {
+	have_ipv4 = ISC_TF(isc_net_probeipv4() == ISC_R_SUCCESS);
+	have_ipv6 = ISC_TF(isc_net_probeipv6() == ISC_R_SUCCESS);
+
+	/*
+	 * Try IPv4, then IPv6.  In order to handle the extended format
+	 * for IPv6 scoped addresses (address%scope_ID), we'll use a local
+	 * working buffer of 128 bytes.  The length is an ad-hoc value, but
+	 * should be enough for this purpose; the buffer can contain a string
+	 * of at least 80 bytes for scope_ID in addition to any IPv6 numeric
+	 * addresses (up to 46 bytes), the delimiter character and the
+	 * terminating NULL character.
+	 */
+	if (inet_pton(AF_INET, hostname, &in4) == 1) {
 		if (have_ipv4)
-			isc_sockaddr_fromin(sockaddr, &in4, port);
+			isc_sockaddr_fromin(&addrs[0], &in4, port);
 		else
-			isc_sockaddr_v6fromin(sockaddr, &in4, port);
-	} else {
+			isc_sockaddr_v6fromin(&addrs[0], &in4, port);
+		*addrcount = 1;
+		return (ISC_R_SUCCESS);
+	} else if (inet_pton(AF_INET6, hostname, &in6) == 1) {
+
+		if (!have_ipv6)
+			return (ISC_R_FAMILYNOSUPPORT);
+		isc_sockaddr_fromin6(&addrs[0], &in6, port);
+		*addrcount = 1;
+		return (ISC_R_SUCCESS);
+	}
 #ifdef USE_GETADDRINFO
-		memset(&hints, 0, sizeof(hints));
-		if (specified_source)
-			hints.ai_family = isc_sockaddr_pf(&bind_address);
-		else if (!have_ipv6)
-			hints.ai_family = PF_INET;
-		else if (!have_ipv4)
-			hints.ai_family = PF_INET6;
-		else {
-			hints.ai_family = PF_UNSPEC;
+	memset(&hints, 0, sizeof(hints));
+	if (!have_ipv6)
+		hints.ai_family = PF_INET;
+	else if (!have_ipv4)
+		hints.ai_family = PF_INET6;
+	else {
+		hints.ai_family = PF_UNSPEC;
 #ifdef AI_ADDRCONFIG
-			hints.ai_flags = AI_ADDRCONFIG;
+		hints.ai_flags = AI_ADDRCONFIG;
 #endif
-		}
-		debug ("before getaddrinfo()");
-		isc_app_block();
+	}
+	hints.ai_socktype = SOCK_STREAM;
 #ifdef AI_ADDRCONFIG
- again:
+	again:
 #endif
-		result = getaddrinfo(host, NULL, &hints, &res);
+	result = getaddrinfo(hostname, NULL, &hints, &ai);
+	switch (result) {
+	case 0:
+		break;
+	case EAI_NONAME:
+#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
+	case EAI_NODATA:
+#endif
+		return (ISC_R_NOTFOUND);
 #ifdef AI_ADDRCONFIG
-		if (result == EAI_BADFLAGS &&
-		    (hints.ai_flags & AI_ADDRCONFIG) != 0) {
+	case EAI_BADFLAGS:
+		if ((hints.ai_flags & AI_ADDRCONFIG) != 0) {
 			hints.ai_flags &= ~AI_ADDRCONFIG;
 			goto again;
 		}
 #endif
-		isc_app_unblock();
-		if (result != 0) {
-			fatal("Couldn't find server '%s': %s",
-			      host, gai_strerror(result));
-		}
-		memcpy(&sockaddr->type.sa, res->ai_addr, res->ai_addrlen);
-		sockaddr->length = res->ai_addrlen;
-		isc_sockaddr_setport(sockaddr, port);
-		freeaddrinfo(res);
-#else
-		debug ("before gethostbyname()");
-		isc_app_block();
-		he = gethostbyname(host);
-		isc_app_unblock();
-		if (he == NULL)
-			fatal("Couldn't find server '%s' (h_errno=%d)",
-			      host, h_errno);
-		INSIST(he->h_addrtype == AF_INET);
-		isc_sockaddr_fromin(sockaddr,
-				    (struct in_addr *)(he->h_addr_list[0]),
-				    port);
-#endif
+	default:
+		return (ISC_R_FAILURE);
 	}
+	for (tmpai = ai, i = 0;
+		tmpai != NULL && i < addrsize;
+		tmpai = tmpai->ai_next)
+	{
+		if (tmpai->ai_family != AF_INET &&
+		    tmpai->ai_family != AF_INET6)
+			continue;
+		if (tmpai->ai_family == AF_INET) {
+			struct sockaddr_in *sin;
+			sin = (struct sockaddr_in *)tmpai->ai_addr;
+			isc_sockaddr_fromin(&addrs[i], &sin->sin_addr, port);
+		} else {
+			struct sockaddr_in6 *sin6;
+			sin6 = (struct sockaddr_in6 *)tmpai->ai_addr;
+			isc_sockaddr_fromin6(&addrs[i], &sin6->sin6_addr,
+					     port);
+		}
+		i++;
+
+	}
+	freeaddrinfo(ai);
+	*addrcount = i;
+#else
+	he = gethostbyname(hostname);
+	if (he == NULL) {
+		switch (h_errno) {
+		case HOST_NOT_FOUND:
+#ifdef NO_DATA
+		case NO_DATA:
+#endif
+#if defined(NO_ADDRESS) && (!defined(NO_DATA) || (NO_DATA != NO_ADDRESS))
+		case NO_ADDRESS:
+#endif
+			return (ISC_R_NOTFOUND);
+		default:
+			return (ISC_R_FAILURE);
+		}
+	}
+	if (he->h_addrtype != AF_INET && he->h_addrtype != AF_INET6)
+		return (ISC_R_NOTFOUND);
+	for (i = 0; i < addrsize; i++) {
+		if (he->h_addrtype == AF_INET) {
+			struct in_addr *inp;
+			inp = (struct in_addr *)(he->h_addr_list[i]);
+			if (inp == NULL)
+				break;
+			isc_sockaddr_fromin(&addrs[i], inp, port);
+		} else {
+			struct in6_addr *in6p;
+			in6p = (struct in6_addr *)(he->h_addr_list[i]);
+			if (in6p == NULL)
+				break;
+			isc_sockaddr_fromin6(&addrs[i], in6p, port);
+		}
+	}
+	*addrcount = i;
+#endif
+	if (*addrcount == 0)
+		return (ISC_R_NOTFOUND);
+	else
+		return (ISC_R_SUCCESS);
 }
 
 /*

bin/dig/host.1

@@ -1,126 +1,169 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.11.2.2 2004/03/15 04:44:38 marka Exp $
+.\" $Id: host.1,v 1.11.2.5 2005/10/13 02:23:26 marka Exp $
 .\"
-.TH "HOST" "1" "Jun 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 host \- DNS lookup utility
-.SH SYNOPSIS
-.sp
-\fBhost\fR [ \fB-aCdlnrTwv\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-N \fIndots\fB\fR ]  [ \fB-R \fInumber\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-W \fIwait\fB\fR ]  \fBname\fR [ \fBserver\fR ] 
+.SH "SYNOPSIS"
+.HP 5
+\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] {name} [server]
 .SH "DESCRIPTION"
 .PP
 \fBhost\fR
-is a simple utility for performing DNS lookups.
-It is normally used to convert names to IP addresses and vice versa.
-When no arguments or options are given,
+is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
 \fBhost\fR
 prints a short summary of its command line arguments and options.
 .PP
-\fIname\fR is the domain name that is to be looked
-up. It can also be a dotted-decimal IPv4 address or a colon-delimited
-IPv6 address, in which case \fBhost\fR will by default
-perform a reverse lookup for that address.
-\fIserver\fR is an optional argument which is either
-the name or IP address of the name server that \fBhost\fR
+\fIname\fR
+is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
+\fBhost\fR
+will by default perform a reverse lookup for that address.
+\fIserver\fR
+is an optional argument which is either the name or IP address of the name server that
+\fBhost\fR
 should query instead of the server or servers listed in
 \fI/etc/resolv.conf\fR.
 .PP
-The \fB-a\fR (all) option is equivalent to setting the
-\fB-v\fR option and asking \fBhost\fR to make
-a query of type ANY.
+The
+\fB\-a\fR
+(all) option is equivalent to setting the
+\fB\-v\fR
+option and asking
+\fBhost\fR
+to make a query of type ANY.
 .PP
-When the \fB-C\fR option is used, \fBhost\fR
+When the
+\fB\-C\fR
+option is used,
+\fBhost\fR
 will attempt to display the SOA records for zone
-\fIname\fR from all the listed authoritative name
-servers for that zone. The list of name servers is defined by the NS
-records that are found for the zone.
+\fIname\fR
+from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
 .PP
-The \fB-c\fR option instructs to make a DNS query of class
-\fIclass\fR. This can be used to lookup Hesiod or
-Chaosnet class resource records. The default class is IN (Internet).
+The
+\fB\-c\fR
+option instructs to make a DNS query of class
+\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
 .PP
-Verbose output is generated by \fBhost\fR when the
-\fB-d\fR or \fB-v\fR option is used. The two
-options are equivalent. They have been provided for backwards
-compatibility. In previous versions, the \fB-d\fR option
-switched on debugging traces and \fB-v\fR enabled verbose
-output.
+Verbose output is generated by
+\fBhost\fR
+when the
+\fB\-d\fR
+or
+\fB\-v\fR
+option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
+\fB\-d\fR
+option switched on debugging traces and
+\fB\-v\fR
+enabled verbose output.
 .PP
-List mode is selected by the \fB-l\fR option. This makes
-\fBhost\fR perform a zone transfer for zone
-\fIname\fR. The argument is provided for
-compatibility with older implementations. This option is equivalent
-to making a query of type AXFR.
+List mode is selected by the
+\fB\-l\fR
+option. This makes
+\fBhost\fR
+perform a zone transfer for zone
+\fIname\fR. The argument is provided for compatibility with older implementations. This option is equivalent to making a query of type AXFR.
 .PP
-The \fB-n\fR
-option specifies that reverse lookups of IPv6 addresses should
-use the IP6.INT domain and "nibble" labels as defined in RFC1886.
-The default is to use IP6.ARPA and binary labels as defined in RFC2874.
+The
+\fB\-n\fR
+option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain and "nibble" labels as defined in RFC1886. The default is to use IP6.ARPA and binary labels as defined in RFC2874.
 .PP
-The \fB-N\fR option sets the number of dots that have to be
-in \fIname\fR for it to be considered absolute. The
-default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is
-present. Names with fewer dots are interpreted as relative names and
-will be searched for in the domains listed in the \fBsearch\fR
-or \fBdomain\fR directive in
+The
+\fB\-N\fR
+option sets the number of dots that have to be in
+\fIname\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
 \fI/etc/resolv.conf\fR.
 .PP
 The number of UDP retries for a lookup can be changed with the
-\fB-R\fR option. \fInumber\fR indicates
-how many times \fBhost\fR will repeat a query that does
-not get answered. The default number of retries is 1. If
-\fInumber\fR is negative or zero, the number of
-retries will default to 1.
+\fB\-R\fR
+option.
+\fInumber\fR
+indicates how many times
+\fBhost\fR
+will repeat a query that does not get answered. The default number of retries is 1. If
+\fInumber\fR
+is negative or zero, the number of retries will default to 1.
 .PP
-Non-recursive queries can be made via the \fB-r\fR option.
-Setting this option clears the \fBRD\fR \(em recursion
-desired \(em bit in the query which \fBhost\fR makes.
-This should mean that the name server receiving the query will not
-attempt to resolve \fIname\fR. The
-\fB-r\fR option enables \fBhost\fR to mimic
-the behaviour of a name server by making non-recursive queries and
-expecting to receive answers to those queries that are usually
-referrals to other name servers.
+Non\-recursive queries can be made via the
+\fB\-r\fR
+option. Setting this option clears the
+\fBRD\fR
+\(em recursion desired \(em bit in the query which
+\fBhost\fR
+makes. This should mean that the name server receiving the query will not attempt to resolve
+\fIname\fR. The
+\fB\-r\fR
+option enables
+\fBhost\fR
+to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
 .PP
-By default \fBhost\fR uses UDP when making queries. The
-\fB-T\fR option makes it use a TCP connection when querying
-the name server. TCP will be automatically selected for queries that
-require it, such as zone transfer (AXFR) requests.
+By default
+\fBhost\fR
+uses UDP when making queries. The
+\fB\-T\fR
+option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
 .PP
-The \fB-t\fR option is used to select the query type.
-\fItype\fR can be any recognised query type: CNAME,
-NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
-\fBhost\fR automatically selects an appropriate query
-type. By default it looks for A records, but if the
-\fB-C\fR option was given, queries will be made for SOA
-records, and if \fIname\fR is a dotted-decimal IPv4
-address or colon-delimited IPv6 address, \fBhost\fR will
-query for PTR records.
+The
+\fB\-t\fR
+option is used to select the query type.
+\fItype\fR
+can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+\fBhost\fR
+automatically selects an appropriate query type. By default it looks for A records, but if the
+\fB\-C\fR
+option was given, queries will be made for SOA records, and if
+\fIname\fR
+is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
+\fBhost\fR
+will query for PTR records.
 .PP
 The time to wait for a reply can be controlled through the
-\fB-W\fR and \fB-w\fR options. The
-\fB-W\fR option makes \fBhost\fR wait for
-\fIwait\fR seconds. If \fIwait\fR
+\fB\-W\fR
+and
+\fB\-w\fR
+options. The
+\fB\-W\fR
+option makes
+\fBhost\fR
+wait for
+\fIwait\fR
+seconds. If
+\fIwait\fR
 is less than one, the wait interval is set to one second. When the
-\fB-w\fR option is used, \fBhost\fR will
-effectively wait forever for a reply. The time to wait for a response
-will be set to the number of seconds given by the hardware's maximum
-value for an integer quantity.
+\fB\-w\fR
+option is used,
+\fBhost\fR
+will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
 .SH "FILES"
 .PP
 \fI/etc/resolv.conf\fR

bin/dig/host.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.76.2.6 2004/03/09 06:09:13 marka Exp $ */
+/* $Id: host.c,v 1.76.2.10 2005/07/04 03:22:04 marka Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
@@ -39,20 +39,6 @@
 
 #include <dig/dig.h>
 
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern ISC_LIST(dig_server_t) server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
-extern isc_boolean_t usesearch;
-extern isc_boolean_t debugging;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern int ndots;
-extern int tries;
-extern char *progname;
-extern isc_task_t *global_task;
-extern int fatalexit;
-
 static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
 static isc_boolean_t list_addresses = ISC_TRUE;
 static dns_rdatatype_t list_type = dns_rdatatype_a;
@@ -207,7 +193,7 @@ show_usage(void) {
 	fputs(
 "Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time]\n"
 "            [-R number] hostname [server]\n"
-"       -a is equivalent to -v -t *\n"
+"       -a is equivalent to -v -t ANY\n"
 "       -c specifies query class for non-IN data\n"
 "       -C compares SOA records on authoritative nameservers\n"
 "       -d is equivalent to -v\n"
@@ -438,7 +424,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		char sockstr[ISC_SOCKADDR_FORMATSIZE];
 
 		printf("Using domain server:\n");
-		printf("Name: %s\n", query->servname);
+		printf("Name: %s\n", query->userarg);
 		isc_sockaddr_format(&query->sockaddr, sockstr,
 				    sizeof(sockstr));
 		printf("Address: %s\n", sockstr);
@@ -550,7 +536,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 static void
 parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	char hostname[MXNAME];
-	dig_server_t *srv;
 	dig_lookup_t *lookup;
 	int c;
 	char store[MXNAME];
@@ -677,9 +662,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 	hostname[sizeof(hostname)-1]=0;
 	if (argc > isc_commandline_index + 1) {
-		srv = make_server(argv[isc_commandline_index+1]);
-		debug("server is %s", srv->servername);
-		ISC_LIST_APPEND(server_list, srv, link);
+		set_nameserver(argv[isc_commandline_index+1]);
+		debug("server is %s", argv[isc_commandline_index+1]);
 		listed_server = ISC_TRUE;
 	}
 

bin/dig/host.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.2.2.3 2004/03/09 06:09:13 marka Exp $ -->
+<!-- $Id: host.docbook,v 1.2.2.5 2005/05/12 21:35:06 sra Exp $ -->
 
 <refentry>
 
@@ -30,6 +32,21 @@
 <refmiscinfo>BIND9</refmiscinfo>
 </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
 <refnamediv>
 <refname>host</refname>
 <refpurpose>DNS lookup utility</refpurpose>
@@ -44,8 +61,8 @@
   <arg><option>-R <replaceable class="parameter">number</replaceable></option></arg>
   <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
   <arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
-  <arg choice=req>name</arg>
-  <arg choice=opt>server</arg>
+  <arg choice="req">name</arg>
+  <arg choice="opt">server</arg>
 </cmdsynopsis>
 </refsynopsisdiv>
 

bin/dig/host.html

@@ -1,443 +1,164 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: host.html,v 1.4.2.2 2004/03/15 04:44:38 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->host</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
->host</A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN8"
-></A
-><H2
->Name</H2
->host&nbsp;--&nbsp;DNS lookup utility</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN11"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->host</B
->  [<TT
-CLASS="OPTION"
->-aCdlnrTwv</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-N <TT
-CLASS="REPLACEABLE"
-><I
->ndots</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-R <TT
-CLASS="REPLACEABLE"
-><I
->number</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->type</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-W <TT
-CLASS="REPLACEABLE"
-><I
->wait</I
-></TT
-></TT
->] {name} [server]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN33"
-></A
-><H2
->DESCRIPTION</H2
-><P
-><B
-CLASS="COMMAND"
->host</B
->
+<!-- $Id: host.html,v 1.4.2.11 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>host</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>host &#8212; DNS lookup utility</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] {name} [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524461"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">host</strong></span>
 is a simple utility for performing DNS lookups.
 It is normally used to convert names to IP addresses and vice versa.
 When no arguments or options are given,
-<B
-CLASS="COMMAND"
->host</B
->
-prints a short summary of its command line arguments and options.</P
-><P
-><TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
-> is the domain name that is to be looked
+<span><strong class="command">host</strong></span>
+prints a short summary of its command line arguments and options.
+</p>
+<p>
+<em class="parameter"><code>name</code></em> is the domain name that is to be looked
 up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
-IPv6 address, in which case <B
-CLASS="COMMAND"
->host</B
-> will by default
+IPv6 address, in which case <span><strong class="command">host</strong></span> will by default
 perform a reverse lookup for that address.
-<TT
-CLASS="PARAMETER"
-><I
->server</I
-></TT
-> is an optional argument which is either
-the name or IP address of the name server that <B
-CLASS="COMMAND"
->host</B
->
+<em class="parameter"><code>server</code></em> is an optional argument which is either
+the name or IP address of the name server that <span><strong class="command">host</strong></span>
 should query instead of the server or servers listed in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-><P
->The <TT
-CLASS="OPTION"
->-a</TT
-> (all) option is equivalent to setting the
-<TT
-CLASS="OPTION"
->-v</TT
-> option and asking <B
-CLASS="COMMAND"
->host</B
-> to make
-a query of type ANY.</P
-><P
->When the <TT
-CLASS="OPTION"
->-C</TT
-> option is used, <B
-CLASS="COMMAND"
->host</B
->
+<code class="filename">/etc/resolv.conf</code>.
+</p>
+<p>
+The <code class="option">-a</code> (all) option is equivalent to setting the
+<code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
+a query of type ANY.
+</p>
+<p>
+When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
 will attempt to display the SOA records for zone
-<TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
-> from all the listed authoritative name
+<em class="parameter"><code>name</code></em> from all the listed authoritative name
 servers for that zone.  The list of name servers is defined by the NS
-records that are found for the zone.</P
-><P
->The <TT
-CLASS="OPTION"
->-c</TT
-> option instructs to make a DNS query of class
-<TT
-CLASS="PARAMETER"
-><I
->class</I
-></TT
->.  This can be used to lookup Hesiod or
-Chaosnet class resource records.  The default class is IN (Internet).</P
-><P
->Verbose output is generated by <B
-CLASS="COMMAND"
->host</B
-> when the
-<TT
-CLASS="OPTION"
->-d</TT
-> or <TT
-CLASS="OPTION"
->-v</TT
-> option is used.  The two
+records that are found for the zone.
+</p>
+<p>
+The <code class="option">-c</code> option instructs to make a DNS query of class
+<em class="parameter"><code>class</code></em>.  This can be used to lookup Hesiod or
+Chaosnet class resource records.  The default class is IN (Internet).
+</p>
+<p>
+Verbose output is generated by <span><strong class="command">host</strong></span> when the
+<code class="option">-d</code> or <code class="option">-v</code> option is used.  The two
 options are equivalent.  They have been provided for backwards
-compatibility.  In previous versions, the <TT
-CLASS="OPTION"
->-d</TT
-> option
-switched on debugging traces and <TT
-CLASS="OPTION"
->-v</TT
-> enabled verbose
-output.</P
-><P
->List mode is selected by the <TT
-CLASS="OPTION"
->-l</TT
-> option.  This makes
-<B
-CLASS="COMMAND"
->host</B
-> perform a zone transfer for zone
-<TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
->.  The argument is provided for
+compatibility.  In previous versions, the <code class="option">-d</code> option
+switched on debugging traces and <code class="option">-v</code> enabled verbose
+output.
+</p>
+<p>
+List mode is selected by the <code class="option">-l</code> option.  This makes
+<span><strong class="command">host</strong></span> perform a zone transfer for zone
+<em class="parameter"><code>name</code></em>.  The argument is provided for
 compatibility with older implementations.  This option is equivalent
-to making a query of type AXFR.</P
-><P
->The <TT
-CLASS="OPTION"
->-n</TT
->
+to making a query of type AXFR.
+</p>
+<p>
+The <code class="option">-n</code>
 option specifies that reverse lookups of IPv6 addresses should
 use the IP6.INT domain and "nibble" labels as defined in RFC1886.
-The default is to use IP6.ARPA and binary labels as defined in RFC2874.</P
-><P
->The <TT
-CLASS="OPTION"
->-N</TT
-> option sets the number of dots that have to be
-in <TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
-> for it to be considered absolute.  The
+The default is to use IP6.ARPA and binary labels as defined in RFC2874.
+</p>
+<p>
+The <code class="option">-N</code> option sets the number of dots that have to be
+in <em class="parameter"><code>name</code></em> for it to be considered absolute.  The
 default value is that defined using the ndots statement in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->, or 1 if no ndots statement is
+<code class="filename">/etc/resolv.conf</code>, or 1 if no ndots statement is
 present.  Names with fewer dots are interpreted as relative names and
-will be searched for in the domains listed in the <SPAN
-CLASS="TYPE"
->search</SPAN
->
-or <SPAN
-CLASS="TYPE"
->domain</SPAN
-> directive in
-<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.</P
-><P
->The number of UDP retries for a lookup can be changed with the
-<TT
-CLASS="OPTION"
->-R</TT
-> option.  <TT
-CLASS="PARAMETER"
-><I
->number</I
-></TT
-> indicates
-how many times <B
-CLASS="COMMAND"
->host</B
-> will repeat a query that does
+will be searched for in the domains listed in the <span class="type">search</span>
+or <span class="type">domain</span> directive in
+<code class="filename">/etc/resolv.conf</code>.
+</p>
+<p>
+The number of UDP retries for a lookup can be changed with the
+<code class="option">-R</code> option.  <em class="parameter"><code>number</code></em> indicates
+how many times <span><strong class="command">host</strong></span> will repeat a query that does
 not get answered.  The default number of retries is 1.  If
-<TT
-CLASS="PARAMETER"
-><I
->number</I
-></TT
-> is negative or zero, the number of
-retries will default to 1.</P
-><P
->Non-recursive queries can be made via the <TT
-CLASS="OPTION"
->-r</TT
-> option.
-Setting this option clears the <SPAN
-CLASS="TYPE"
->RD</SPAN
-> &mdash; recursion
-desired &mdash; bit in the query which <B
-CLASS="COMMAND"
->host</B
-> makes.
+<em class="parameter"><code>number</code></em> is negative or zero, the number of
+retries will default to 1.
+</p>
+<p>
+Non-recursive queries can be made via the <code class="option">-r</code> option.
+Setting this option clears the <span class="type">RD</span> &#8212; recursion
+desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
 This should mean that the name server receiving the query will not
-attempt to resolve <TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
->.  The
-<TT
-CLASS="OPTION"
->-r</TT
-> option enables <B
-CLASS="COMMAND"
->host</B
-> to mimic
+attempt to resolve <em class="parameter"><code>name</code></em>.  The
+<code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic
 the behaviour of a name server by making non-recursive queries and
 expecting to receive answers to those queries that are usually
-referrals to other name servers.</P
-><P
->By default <B
-CLASS="COMMAND"
->host</B
-> uses UDP when making queries.  The
-<TT
-CLASS="OPTION"
->-T</TT
-> option makes it use a TCP connection when querying
+referrals to other name servers.
+</p>
+<p>
+By default <span><strong class="command">host</strong></span> uses UDP when making queries.  The
+<code class="option">-T</code> option makes it use a TCP connection when querying
 the name server.  TCP will be automatically selected for queries that
-require it, such as zone transfer (AXFR) requests.</P
-><P
->The <TT
-CLASS="OPTION"
->-t</TT
-> option is used to select the query type.
-<TT
-CLASS="PARAMETER"
-><I
->type</I
-></TT
-> can be any recognised query type: CNAME,
+require it, such as zone transfer (AXFR) requests.
+</p>
+<p>
+The <code class="option">-t</code> option is used to select the query type.
+<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME,
 NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
-<B
-CLASS="COMMAND"
->host</B
-> automatically selects an appropriate query
+<span><strong class="command">host</strong></span> automatically selects an appropriate query
 type.  By default it looks for A records, but if the
-<TT
-CLASS="OPTION"
->-C</TT
-> option was given, queries will be made for SOA
-records, and if <TT
-CLASS="PARAMETER"
-><I
->name</I
-></TT
-> is a dotted-decimal IPv4
-address or colon-delimited IPv6 address, <B
-CLASS="COMMAND"
->host</B
-> will
-query for PTR records.</P
-><P
->The time to wait for a reply can be controlled through the
-<TT
-CLASS="OPTION"
->-W</TT
-> and <TT
-CLASS="OPTION"
->-w</TT
-> options.  The
-<TT
-CLASS="OPTION"
->-W</TT
-> option makes <B
-CLASS="COMMAND"
->host</B
-> wait for
-<TT
-CLASS="PARAMETER"
-><I
->wait</I
-></TT
-> seconds.  If <TT
-CLASS="PARAMETER"
-><I
->wait</I
-></TT
->
+<code class="option">-C</code> option was given, queries will be made for SOA
+records, and if <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
+address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
+query for PTR records.
+</p>
+<p>
+The time to wait for a reply can be controlled through the
+<code class="option">-W</code> and <code class="option">-w</code> options.  The
+<code class="option">-W</code> option makes <span><strong class="command">host</strong></span> wait for
+<em class="parameter"><code>wait</code></em> seconds.  If <em class="parameter"><code>wait</code></em>
 is less than one, the wait interval is set to one second.  When the
-<TT
-CLASS="OPTION"
->-w</TT
-> option is used, <B
-CLASS="COMMAND"
->host</B
-> will
+<code class="option">-w</code> option is used, <span><strong class="command">host</strong></span> will
 effectively wait forever for a reply.  The time to wait for a response
 will be set to the number of seconds given by the hardware's maximum
-value for an integer quantity.</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN105"
-></A
-><H2
->FILES</H2
-><P
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN109"
-></A
-><H2
->SEE ALSO</H2
-><P
-><SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dig</SPAN
->(1)</SPAN
->,
-<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->.</P
-></DIV
-></BODY
-></HTML
->
+value for an integer quantity.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525461"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525474"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+</p>
+</div>
+</div></body>
+</html>

bin/dig/include/dig/dig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.71.2.7 2004/03/09 06:09:14 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.12 2005/07/04 03:22:05 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -35,7 +35,7 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#define MXSERV 6
+#define MXSERV 20
 #define MXNAME (DNS_NAME_MAXTEXT+1)
 #define MXRD 32
 #define BUFSIZE 512
@@ -66,14 +66,6 @@
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
-#define ROOTNS 1
-/*
- * Set the number of root servers to ask for information when running in
- * trace mode.
- * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
- * be 1.
- */
-
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
@@ -158,6 +150,7 @@ struct dig_query {
 	isc_uint32_t second_rr_serial;
 	isc_uint32_t rr_count;
 	char *servname;
+	char *userarg;
 	isc_bufferlist_t sendlist,
 		recvlist,
 		lengthlist;
@@ -175,6 +168,7 @@ struct dig_query {
 
 struct dig_server {
 	char servername[MXNAME];
+	char userarg[MXNAME];
 	ISC_LINK(dig_server_t) link;
 };
 
@@ -183,12 +177,52 @@ struct dig_searchlist {
 	ISC_LINK(dig_searchlist_t) link;
 };
 
+typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
+typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
+
+/*
+ * Externals from dighost.c
+ */
+
+extern dig_lookuplist_t lookup_list;
+extern dig_serverlist_t server_list;
+extern dig_searchlistlist_t search_list;
+
+extern isc_boolean_t have_ipv4, have_ipv6, specified_source,
+        usesearch, qr;
+extern in_port_t port;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern dns_messageid_t id;
+extern int sendcount;
+extern int ndots;
+extern int tries;  
+extern int lookup_counter;
+extern int exitcode;
+extern isc_sockaddr_t bind_address;
+extern char keynametext[MXNAME];
+extern char keyfile[MXNAME];
+extern char keysecret[MXNAME];
+extern dns_tsigkey_t *key;
+extern isc_boolean_t validated;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *global_task;
+extern isc_boolean_t free_now;
+extern isc_boolean_t debugging, memdebugging;
+
+extern char *progname;
+extern int fatalexit;
+
 /*
  * Routines in dighost.c.
  */
 void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
+isc_result_t
+get_addresses(const char *hostname, in_port_t port,
+             isc_sockaddr_t *addrs, int addrsize, int *addrcount);
+
 isc_result_t
 get_reverse(char *reverse, char *value, isc_boolean_t ip6int,
 	    isc_boolean_t strict);
@@ -229,11 +263,17 @@ requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 dig_lookup_t *
 make_empty_lookup(void);
 
+void
+flush_server_list(void);
+
+void
+set_nameserver(char *opt);
+
 dig_lookup_t *
 clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_server_t *
-make_server(const char *servname);
+make_server(const char *servname, const char *userarg);
 
 void
 clone_server_list(dig_serverlist_t src,

bin/dig/nslookup.1

@@ -0,0 +1,181 @@
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: nslookup.1,v 1.1.4.6 2006/01/06 01:46:37 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+nslookup \- query Internet name servers interactively
+.SH "SYNOPSIS"
+.HP 9
+\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
+.SH "DESCRIPTION"
+.PP
+\fBNslookup\fR
+is a program to query Internet domain name servers.
+\fBNslookup\fR
+has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
+.SH "ARGUMENTS"
+.PP
+Interactive mode is entered in the following cases:
+.TP 3
+1.
+when no arguments are given (the default name server will be used)
+.TP
+2.
+when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
+.PP
+Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
+.PP
+Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
+.IP .sp .nf nslookup \-query=hinfo \-timeout=10 .fi
+.SH "INTERACTIVE COMMANDS"
+.TP
+host [server]
+Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
+.sp
+To look up a host not in the current domain, append a period to the name.
+.TP
+\fBserver\fR \fIdomain\fR
+.TP
+\fBlserver\fR \fIdomain\fR
+Change the default server to
+\fIdomain\fR;
+\fBlserver\fR
+uses the initial server to look up information about
+\fIdomain\fR, while
+\fBserver\fR
+uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
+.TP
+\fBroot\fR
+not implemented
+.TP
+\fBfinger\fR
+not implemented
+.TP
+\fBls\fR
+not implemented
+.TP
+\fBview\fR
+not implemented
+.TP
+\fBhelp\fR
+not implemented
+.TP
+\fB?\fR
+not implemented
+.TP
+\fBexit\fR
+Exits the program.
+.TP
+\fBset\fR \fIkeyword\fR\fI[=value]\fR
+This command is used to change state information that affects the lookups. Valid keywords are:
+.RS
+.TP
+\fBall\fR
+Prints the current values of the frequently used options to
+\fBset\fR. Information about the current default server and host is also printed.
+.TP
+\fBclass=\fR\fIvalue\fR
+Change the query class to one of:
+.RS
+.TP
+\fBIN\fR
+the Internet class
+.TP
+\fBCH\fR
+the Chaos class
+.TP
+\fBHS\fR
+the Hesiod class
+.TP
+\fBANY\fR
+wildcard
+.RE
+.IP
+The class specifies the protocol group of the information.
+.sp
+(Default = IN; abbreviation = cl)
+.TP
+\fB\fI[no]\fR\fR\fBdebug\fR
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.sp
+(Default = nodebug; abbreviation =
+[no]deb)
+.TP
+\fB\fI[no]\fR\fR\fBd2\fR
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
+.sp
+(Default = nod2)
+.TP
+\fBdomain=\fR\fIname\fR
+Sets the search list to
+\fIname\fR.
+.TP
+\fB\fI[no]\fR\fR\fBsearch\fR
+If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
+.sp
+(Default = search)
+.TP
+\fBport=\fR\fIvalue\fR
+Change the default TCP/UDP name server port to
+\fIvalue\fR.
+.sp
+(Default = 53; abbreviation = po)
+.TP
+\fBquerytype=\fR\fIvalue\fR
+.TP
+\fBtype=\fR\fIvalue\fR
+Change the type of the information query.
+.sp
+(Default = A; abbreviations = q, ty)
+.TP
+\fB\fI[no]\fR\fR\fBrecurse\fR
+Tell the name server to query other servers if it does not have the information.
+.sp
+(Default = recurse; abbreviation = [no]rec)
+.TP
+\fBretry=\fR\fInumber\fR
+Set the number of retries to number.
+.TP
+\fBtimeout=\fR\fInumber\fR
+Change the initial timeout interval for waiting for a reply to number seconds.
+.TP
+\fB\fI[no]\fR\fR\fBvc\fR
+Always use a virtual circuit when sending requests to the server.
+.sp
+(Default = novc)
+.RE
+.IP
+.SH "FILES"
+.PP
+\fI/etc/resolv.conf\fR
+.SH "SEE ALSO"
+.PP
+\fBdig\fR(1),
+\fBhost\fR(1),
+\fBnamed\fR(8).
+.SH "AUTHOR"
+.PP
+Andrew Cherenson

bin/dig/nslookup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.90.2.7 2004/06/07 03:59:08 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.11 2005/07/12 05:47:53 marka Exp $ */
 
 #include <config.h>
 
@@ -43,26 +43,8 @@
 
 #include <dig/dig.h>
 
-extern ISC_LIST(dig_lookup_t) lookup_list;
-extern ISC_LIST(dig_server_t) server_list;
-extern ISC_LIST(dig_searchlist_t) search_list;
-
-extern isc_boolean_t have_ipv6, usesearch, qr, debugging;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern dns_messageid_t id;
-extern int sendcount;
-extern int ndots;
-extern int tries;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern char *progname;
-
 static isc_boolean_t short_form = ISC_TRUE,
-	tcpmode = ISC_FALSE, deprecation_msg = ISC_TRUE,
+	tcpmode = ISC_FALSE,
 	identify = ISC_FALSE, stats = ISC_TRUE,
 	comments = ISC_TRUE, section_question = ISC_TRUE,
 	section_answer = ISC_TRUE, section_authority = ISC_TRUE,
@@ -394,7 +376,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	debug("printmessage()");
 
 	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
-	printf("Server:\t\t%s\n", query->servname);
+	printf("Server:\t\t%s\n", query->userarg);
 	printf("Address:\t%s\n", servtext);
 	
 	puts("");
@@ -453,7 +435,7 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 		get_address(srv->servername, port, &sockaddr);
 		isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
 		printf("Default server: %s\nAddress: %s\n",
-			srv->servername, sockstr);
+			srv->userarg, sockstr);
 		if (!full)
 			return;
 		srv = ISC_LIST_NEXT(srv, link);
@@ -596,7 +578,7 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "nosearch",5) == 0) {
 		usesearch = ISC_FALSE;
 	} else if (strncasecmp(opt, "sil",3) == 0) {
-		deprecation_msg = ISC_FALSE;
+		/* deprecation_msg = ISC_FALSE; */
 	} else {
 		printf("*** Invalid option: %s\n", opt);	
 	}
@@ -664,39 +646,6 @@ addlookup(char *opt) {
 	debug("looking up %s", lookup->textname);
 }
 
-static void
-flush_server_list(void) {
-	dig_server_t *s, *ps;
-
-	debug("flush_server_list()");
-	s = ISC_LIST_HEAD(server_list);
-	while (s != NULL) {
-		ps = s;
-		s = ISC_LIST_NEXT(s, link);
-		ISC_LIST_DEQUEUE(server_list, ps, link);
-		isc_mem_free(mctx, ps);
-	}
-}
-
-/*
- * This works on the global server list, instead of on a per-lookup
- * server list, since the change is persistent.
- */
-static void
-setsrv(char *opt) {
-	dig_server_t *srv;
-
-	if (opt == NULL)
-		return;
-
-	flush_server_list();
-	srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
-	if (srv == NULL)
-		fatal("memory allocation failure");
-	safecpy(srv->servername, opt, sizeof(srv->servername));
-	ISC_LIST_INITANDAPPEND(server_list, srv, link);
-}
-
 static void
 get_next_command(void) {
 	char *buf;
@@ -725,7 +674,9 @@ get_next_command(void) {
 		setoption(arg);
 	else if ((strcasecmp(ptr, "server") == 0) ||
 		 (strcasecmp(ptr, "lserver") == 0)) {
-		setsrv(arg);
+		isc_app_block();
+		set_nameserver(arg);
+		isc_app_unblock();
 		show_settings(ISC_TRUE, ISC_TRUE);
 	} else if (strcasecmp(ptr, "exit") == 0) {
 		in_use = ISC_FALSE;
@@ -767,7 +718,7 @@ parse_args(int argc, char **argv) {
 				addlookup(argv[0]);
 			}
 			else
-				setsrv(argv[0]);
+				set_nameserver(argv[0]);
 		}
 	}
 }
@@ -851,12 +802,6 @@ main(int argc, char **argv) {
 
 	parse_args(argc, argv);
 
-	if (deprecation_msg) {
-		fputs(
-"Note:  nslookup is deprecated and may be removed from future releases.\n"
-"Consider using the `dig' or `host' programs instead.  Run nslookup with\n"
-"the `-sil[ent]' option to prevent this message from appearing.\n", stderr);
-	}
 	setup_system();
 	if (domainopt[0] != '\0')
 		set_search_domain(domainopt);

bin/dig/nslookup.docbook

@@ -0,0 +1,331 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: nslookup.docbook,v 1.3.4.7 2006/01/06 00:01:41 marka Exp $ -->
+
+<!--
+ - Copyright (c) 1985, 1989
+ -    The Regents of the University of California.  All rights reserved.
+ - 
+ - Redistribution and use in source and binary forms, with or without
+ - modification, are permitted provided that the following conditions
+ - are met:
+ - 1. Redistributions of source code must retain the above copyright
+ -    notice, this list of conditions and the following disclaimer.
+ - 2. Redistributions in binary form must reproduce the above copyright
+ -    notice, this list of conditions and the following disclaimer in the
+ -    documentation and/or other materials provided with the distribution.
+ - 3. All advertising materials mentioning features or use of this software
+ -    must display the following acknowledgement:
+ -     This product includes software developed by the University of
+ -     California, Berkeley and its contributors.
+ - 4. Neither the name of the University nor the names of its contributors
+ -    may be used to endorse or promote products derived from this software
+ -    without specific prior written permission.
+ - 
+ - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ - ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ - SUCH DAMAGE.
+-->
+
+<refentry>
+
+<refentryinfo>
+<date>Jun 30, 2000</date>
+</refentryinfo>
+
+<refmeta>
+<refentrytitle>nslookup</refentrytitle>
+<manvolnum>1</manvolnum>
+<refmiscinfo>BIND9</refmiscinfo>
+</refmeta>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+  </docinfo>
+
+<refnamediv>
+<refname>nslookup</refname>
+<refpurpose>query Internet name servers interactively</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+<cmdsynopsis>
+  <command>nslookup</command>
+  <arg><option>-option</option></arg>
+  <arg choice="opt">name | -</arg>
+  <arg choice="opt">server</arg>
+</cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+<title>DESCRIPTION</title>
+<para>
+<command>Nslookup</command>
+is a program to query Internet domain name servers.  <command>Nslookup</command>
+has two modes: interactive and non-interactive.  Interactive mode allows
+the user to query name servers for information about various hosts and
+domains or to print a list of hosts in a domain.  Non-interactive mode is
+used to print just the name and requested information for a host or
+domain.
+</para>
+</refsect1>
+
+<refsect1>
+<title>ARGUMENTS</title>
+<para>
+Interactive mode is entered in the following cases:
+<orderedlist numeration="loweralpha">
+<listitem>
+<para>
+when no arguments are given (the default name server will be used)
+</para>
+</listitem>
+<listitem>
+<para>
+when the first argument is a hyphen (-) and the second argument is
+the host name or Internet address of a name server.
+</para>
+</listitem>
+</orderedlist>
+</para>
+
+<para>
+Non-interactive mode is used when the name or Internet address of the
+host to be looked up is given as the first argument. The optional second
+argument specifies the host name or address of a name server.
+</para>
+
+<para>
+Options can also be specified on the command line if they precede the
+arguments and are prefixed with a hyphen.  For example, to
+change the default query type to host information, and the initial timeout to 10 seconds, type:
+<informalexample>
+<programlisting>
+nslookup -query=hinfo  -timeout=10
+</programlisting>
+</informalexample>
+</para>
+
+</refsect1>
+
+<refsect1>
+<title>INTERACTIVE COMMANDS</title>
+<variablelist>
+<varlistentry><term>host <optional>server</optional></term>
+<listitem><para>
+Look up information for host using the current default server or
+using server, if specified.  If host is an Internet address and
+the query type is A or PTR, the name of the host is returned.
+If host is a name and does not have a trailing period, the
+search list is used to qualify the name.
+</para>
+
+<para>
+To look up a host not in the current domain, append a period to
+the name.
+</para></listitem></varlistentry>
+
+<varlistentry><term><constant>server</constant> <replaceable class="parameter">domain</replaceable></term>
+<listitem><para></para></listitem></varlistentry>
+<varlistentry><term><constant>lserver</constant> <replaceable class="parameter">domain</replaceable></term>
+<listitem><para>
+Change the default server to <replaceable>domain</replaceable>; <constant>lserver</constant> uses the initial
+server to look up information about <replaceable>domain</replaceable>, while <constant>server</constant> uses
+the current default server.  If an authoritative answer can't be
+found, the names of servers that might have the answer are
+returned.
+</para></listitem></varlistentry>
+
+<varlistentry><term><constant>root</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>finger</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>ls</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>view</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>help</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>?</constant></term>
+<listitem><para>not implemented</para></listitem></varlistentry>
+
+<varlistentry><term><constant>exit</constant></term>
+<listitem><para>Exits the program.</para></listitem></varlistentry>
+
+<varlistentry><term><constant>set</constant> <replaceable>keyword<optional>=value</optional></replaceable></term>
+<listitem><para>This command is used to change state information that affects
+the lookups.  Valid keywords are:
+ <variablelist>
+  <varlistentry><term><constant>all</constant></term>
+  <listitem>
+  <para>Prints the current values of the frequently used
+  options to <command>set</command>.  Information about the  current default
+  server and host is also printed.
+  </para>
+  </listitem>
+  </varlistentry>
+
+  <varlistentry><term><constant>class=</constant><replaceable>value</replaceable></term>
+  <listitem><para>
+   Change the query class to one of:
+   <variablelist>
+    <varlistentry><term><constant>IN</constant></term>
+    <listitem><para>the Internet class</para></listitem></varlistentry>
+    <varlistentry><term><constant>CH</constant></term>
+    <listitem><para>the Chaos class</para></listitem></varlistentry>
+    <varlistentry><term><constant>HS</constant></term>
+    <listitem><para>the Hesiod class</para></listitem></varlistentry>
+    <varlistentry><term><constant>ANY</constant></term>
+    <listitem><para>wildcard</para></listitem></varlistentry>
+   </variablelist>
+   The class specifies the protocol group of the information.
+   </para><para>
+   (Default = IN; abbreviation = cl)
+   </para></listitem>
+  </varlistentry>
+
+  <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
+  <listitem><para>
+  Turn debugging mode on.  A lot more information is
+  printed about the packet sent to the server and the
+  resulting answer.
+  </para><para>
+  (Default = nodebug; abbreviation = <optional>no</optional>deb)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
+  <listitem><para>
+  Turn debugging mode on.  A lot more information is
+  printed about the packet sent to the server and the
+  resulting answer.
+  </para><para>
+  (Default = nod2)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant>domain=</constant><replaceable>name</replaceable></term>
+  <listitem><para>
+  Sets the search list to <replaceable>name</replaceable>.
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>search</constant></term>
+  <listitem><para>
+  If the lookup request contains at least one period but
+  doesn't end with a trailing period, append the domain
+  names in the domain search list to the request until an
+  answer is received.
+  </para><para>
+  (Default = search)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant>port=</constant><replaceable>value</replaceable></term>
+  <listitem><para>
+  Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
+  </para><para>
+  (Default = 53; abbreviation = po)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant>querytype=</constant><replaceable>value</replaceable></term>
+  <listitem><para></para></listitem></varlistentry>
+
+  <varlistentry><term><constant>type=</constant><replaceable>value</replaceable></term>
+  <listitem><para>
+  Change the type of the information query.
+  </para><para>
+  (Default = A; abbreviations = q, ty)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>recurse</constant></term>
+  <listitem><para>
+  Tell the name server to query other servers if it does not have the
+  information.
+  </para><para>
+  (Default = recurse; abbreviation = [no]rec)
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant>retry=</constant><replaceable>number</replaceable></term>
+  <listitem><para>
+  Set the number of retries to number.
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant>timeout=</constant><replaceable>number</replaceable></term>
+  <listitem><para>
+  Change the initial timeout interval for waiting for a
+  reply to number seconds.
+  </para></listitem></varlistentry>
+
+  <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>vc</constant></term>
+  <listitem><para>
+  Always use a virtual circuit when sending requests to the server.
+  </para><para>
+  (Default = novc)
+  </para></listitem></varlistentry>
+
+  </variablelist>
+</para></listitem></varlistentry>
+</variablelist>
+</refsect1>
+
+<refsect1>
+<title>FILES</title>
+<para>
+<filename>/etc/resolv.conf</filename>
+</para>
+</refsect1>
+
+<refsect1>
+<title>SEE ALSO</title>
+<para>
+<citerefentry>
+<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
+</citerefentry>,
+<citerefentry>
+<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
+</citerefentry>,
+<citerefentry>
+<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+</citerefentry>.
+</para>
+</refsect1>
+
+<refsect1>
+<title>Author</title>
+<para>
+Andrew Cherenson
+</para>
+</refsect1>
+</refentry>

bin/dig/nslookup.html

@@ -0,0 +1,264 @@
+<!--
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: nslookup.html,v 1.1.4.12 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nslookup</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462969"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p>nslookup &#8212; query Internet name servers interactively</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525224"></a><h2>DESCRIPTION</h2>
+<p>
+<span><strong class="command">Nslookup</strong></span>
+is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
+has two modes: interactive and non-interactive.  Interactive mode allows
+the user to query name servers for information about various hosts and
+domains or to print a list of hosts in a domain.  Non-interactive mode is
+used to print just the name and requested information for a host or
+domain.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525241"></a><h2>ARGUMENTS</h2>
+<p>
+Interactive mode is entered in the following cases:
+</p>
+<div class="orderedlist"><ol type="a">
+<li><p>
+when no arguments are given (the default name server will be used)
+</p></li>
+<li><p>
+when the first argument is a hyphen (-) and the second argument is
+the host name or Internet address of a name server.
+</p></li>
+</ol></div>
+<p>
+</p>
+<p>
+Non-interactive mode is used when the name or Internet address of the
+host to be looked up is given as the first argument. The optional second
+argument specifies the host name or address of a name server.
+</p>
+<p>
+Options can also be specified on the command line if they precede the
+arguments and are prefixed with a hyphen.  For example, to
+change the default query type to host information, and the initial timeout to 10 seconds, type:
+</p>
+<div class="informalexample"><pre class="programlisting">
+nslookup -query=hinfo  -timeout=10
+</pre></div>
+<p>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525284"></a><h2>INTERACTIVE COMMANDS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dd>
+<p>
+Look up information for host using the current default server or
+using server, if specified.  If host is an Internet address and
+the query type is A or PTR, the name of the host is returned.
+If host is a name and does not have a trailing period, the
+search list is used to qualify the name.
+</p>
+<p>
+To look up a host not in the current domain, append a period to
+the name.
+</p>
+</dd>
+<dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
+<dd><p>
+Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
+server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
+the current default server.  If an authoritative answer can't be
+found, the names of servers that might have the answer are
+returned.
+</p></dd>
+<dt><span class="term"><code class="constant">root</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">finger</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">ls</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">view</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">help</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">?</code></span></dt>
+<dd><p>not implemented</p></dd>
+<dt><span class="term"><code class="constant">exit</code></span></dt>
+<dd><p>Exits the program.</p></dd>
+<dt><span class="term"><code class="constant">set</code> <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
+<dd>
+<p>This command is used to change state information that affects
+the lookups.  Valid keywords are:
+ </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">all</code></span></dt>
+<dd><p>Prints the current values of the frequently used
+  options to <span><strong class="command">set</strong></span>.  Information about the  current default
+  server and host is also printed.
+  </p></dd>
+<dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+   Change the query class to one of:
+   </p>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="constant">IN</code></span></dt>
+<dd><p>the Internet class</p></dd>
+<dt><span class="term"><code class="constant">CH</code></span></dt>
+<dd><p>the Chaos class</p></dd>
+<dt><span class="term"><code class="constant">HS</code></span></dt>
+<dd><p>the Hesiod class</p></dd>
+<dt><span class="term"><code class="constant">ANY</code></span></dt>
+<dd><p>wildcard</p></dd>
+</dl></div>
+<p>
+   The class specifies the protocol group of the information.
+   </p>
+<p>
+   (Default = IN; abbreviation = cl)
+   </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
+<dd>
+<p>
+  Turn debugging mode on.  A lot more information is
+  printed about the packet sent to the server and the
+  resulting answer.
+  </p>
+<p>
+  (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
+<dd>
+<p>
+  Turn debugging mode on.  A lot more information is
+  printed about the packet sent to the server and the
+  resulting answer.
+  </p>
+<p>
+  (Default = nod2)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
+<dd><p>
+  Sets the search list to <em class="replaceable"><code>name</code></em>.
+  </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
+<dd>
+<p>
+  If the lookup request contains at least one period but
+  doesn't end with a trailing period, append the domain
+  names in the domain search list to the request until an
+  answer is received.
+  </p>
+<p>
+  (Default = search)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+  Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
+  </p>
+<p>
+  (Default = 53; abbreviation = po)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd><p></p></dd>
+<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
+<dd>
+<p>
+  Change the type of the information query.
+  </p>
+<p>
+  (Default = A; abbreviations = q, ty)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
+<dd>
+<p>
+  Tell the name server to query other servers if it does not have the
+  information.
+  </p>
+<p>
+  (Default = recurse; abbreviation = [no]rec)
+  </p>
+</dd>
+<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+  Set the number of retries to number.
+  </p></dd>
+<dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
+<dd><p>
+  Change the initial timeout interval for waiting for a
+  reply to number seconds.
+  </p></dd>
+<dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
+<dd>
+<p>
+  Always use a virtual circuit when sending requests to the server.
+  </p>
+<p>
+  (Default = novc)
+  </p>
+</dd>
+</dl></div>
+<p>
+</p>
+</dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525741"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/resolv.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525754"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525789"></a><h2>Author</h2>
+<p>
+Andrew Cherenson
+</p>
+</div>
+</div></body>
+</html>

bin/dig/win32/dig.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dig/win32/dig.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dig/win32/host.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dig/win32/host.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dig/win32/nslookup.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dig/win32/nslookup.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dnssec/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.19.2.2 2004/03/09 06:09:14 marka Exp $
+# $Id: Makefile.in,v 1.19.2.5 2005/05/02 00:25:33 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -65,19 +65,20 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 @BIND9_MAKE_RULES@
 
 dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
 dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
 
 dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
 
 dnssec-signzone.@O@: dnssec-signzone.c
-	${LIBTOOL_MODE_COMPILE} ${PURIFY} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" -c $<
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+		-c ${srcdir}/dnssec-signzone.c
 
 dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/dnssec/dnssec-keygen.8

@@ -1,168 +1,159 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.19.2.2 2004/06/03 05:21:09 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.2.5 2005/10/13 02:23:28 marka Exp $
 .\"
-.TH "DNSSEC-KEYGEN" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-keygen \- DNSSEC key generation tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-keygen\fR \fB-a \fIalgorithm\fB\fR \fB-b \fIkeysize\fB\fR \fB-n \fInametype\fB\fR [ \fB-c \fIclass\fB\fR ]  [ \fB-e\fR ]  [ \fB-g \fIgenerator\fB\fR ]  [ \fB-h\fR ]  [ \fB-p \fIprotocol\fB\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-s \fIstrength\fB\fR ]  [ \fB-t \fItype\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBname\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keygen \- DNSSEC key generation tool
+.SH "SYNOPSIS"
+.HP 14
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
-\fBdnssec-keygen\fR generates keys for DNSSEC
-(Secure DNS), as defined in RFC 2535. It can also generate
-keys for use with TSIG (Transaction Signatures), as
-defined in RFC 2845.
+\fBdnssec\-keygen\fR
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
 .TP
-\fB-a \fIalgorithm\fB\fR
+\-a \fIalgorithm\fR
 Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR must be one of RSAMD5 or RSA,
-DSA, DH (Diffie Hellman), or HMAC-MD5. These values
-are case insensitive.
-
-Note that for DNSSEC, DSA is a mandatory to implement algorithm,
-and RSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+\fBalgorithm\fR
+must be one of RSAMD5 or RSA, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+.sp
+Note that for DNSSEC, DSA is a mandatory to implement algorithm, and RSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
 .TP
-\fB-b \fIkeysize\fB\fR
-Specifies the number of bits in the key. The choice of key
-size depends on the algorithm used. RSA keys must be between
-512 and 2048 bits. Diffie Hellman keys must be between
-128 and 4096 bits. DSA keys must be between 512 and 1024
-bits and an exact multiple of 64. HMAC-MD5 keys must be
-between 1 and 512 bits.
+\-b \fIkeysize\fR
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
 .TP
-\fB-n \fInametype\fB\fR
+\-n \fInametype\fR
 Specifies the owner type of the key. The value of
-\fBnametype\fR must either be ZONE (for a DNSSEC
-zone key), HOST or ENTITY (for a key associated with a host),
-or USER (for a key associated with a user). These values are
-case insensitive.
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key), HOST or ENTITY (for a key associated with a host), or USER (for a key associated with a user). These values are case insensitive.
 .TP
-\fB-c \fIclass\fB\fR
-Indicates that the DNS record containing the key should have
-the specified class. If not specified, class IN is used.
+\-c \fIclass\fR
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
 .TP
-\fB-e\fR
+\-e
 If generating an RSA key, use a large exponent.
 .TP
-\fB-g \fIgenerator\fB\fR
-If generating a Diffie Hellman key, use this generator.
-Allowed values are 2 and 5. If no generator
-is specified, a known prime from RFC 2539 will be used
-if possible; otherwise the default is 2.
+\-g \fIgenerator\fR
+If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
 .TP
-\fB-h\fR
+\-h
 Prints a short summary of the options and arguments to
-\fBdnssec-keygen\fR.
+\fBdnssec\-keygen\fR.
 .TP
-\fB-p \fIprotocol\fB\fR
-Sets the protocol value for the generated key. The protocol
-is a number between 0 and 255. The default is 2 (email) for
-keys of type USER and 3 (DNSSEC) for all other key types.
-Other possible values for this argument are listed in
-RFC 2535 and its successors.
+\-p \fIprotocol\fR
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 2 (email) for keys of type USER and 3 (DNSSEC) for all other key types. Other possible values for this argument are listed in RFC 2535 and its successors.
 .TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
 .TP
-\fB-s \fIstrength\fB\fR
-Specifies the strength value of the key. The strength is
-a number between 0 and 15, and currently has no defined
-purpose in DNSSEC.
+\-s \fIstrength\fR
+Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
 .TP
-\fB-t \fItype\fB\fR
-Indicates the use of the key. \fBtype\fR must be
-one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
-is AUTHCONF. AUTH refers to the ability to authenticate
-data, and CONF the ability to encrypt data.
+\-t \fItype\fR
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
 .TP
-\fB-v \fIlevel\fB\fR
+\-v \fIlevel\fR
 Sets the debugging level.
 .SH "GENERATED KEYS"
 .PP
-When \fBdnssec-keygen\fR completes successfully,
-it prints a string of the form \fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for
-the key it has generated. These strings can be used as arguments
-to \fBdnssec-makekeyset\fR.
-.TP 0.2i
+When
+\fBdnssec\-keygen\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key it has generated. These strings can be used as arguments to
+\fBdnssec\-makekeyset\fR.
+.TP 3
 \(bu
-\fInnnn\fR is the key name.
-.TP 0.2i
+\fInnnn\fR
+is the key name.
+.TP
 \(bu
-\fIaaa\fR is the numeric representation of the
-algorithm.
-.TP 0.2i
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP
 \(bu
-\fIiiiii\fR is the key identifier (or footprint).
+\fIiiiii\fR
+is the key identifier (or footprint).
 .PP
-\fBdnssec-keygen\fR creates two file, with names based
-on the printed string. \fIKnnnn.+aaa+iiiii.key\fR
+\fBdnssec\-keygen\fR
+creates two file, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
 contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR contains the private
-key.
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
 .PP
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
 .PP
-The \fI.key\fR file contains a DNS KEY record that
-can be inserted into a zone file (directly or with a $INCLUDE
-statement).
-.PP
-.PP
-The \fI.private\fR file contains algorithm specific
-fields. For obvious security reasons, this file does not have
-general read permission.
-.PP
-.PP
-Both \fI.key\fR and \fI.private\fR
-files are generated for symmetric encryption algorithm such as
-HMAC-MD5, even though the public and private key are equivalent.
+The
+\fI.private\fR
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
 .PP
+Both
+\fI.key\fR
+and
+\fI.private\fR
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
-To generate a 768-bit DSA key for the domain
-\fBexample.com\fR, the following command would be
-issued:
+To generate a 768\-bit DSA key for the domain
+\fBexample.com\fR, the following command would be issued:
 .PP
-\fBdnssec-keygen -a DSA -b 768 -n ZONE example.com\fR
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
 .PP
 The command would print a string of the form:
 .PP
 \fBKexample.com.+003+26160\fR
 .PP
-In this example, \fBdnssec-keygen\fR creates
-the files \fIKexample.com.+003+26160.key\fR and
+In this example,
+\fBdnssec\-keygen\fR
+creates the files
+\fIKexample.com.+003+26160.key\fR
+and
 \fIKexample.com.+003+26160.private\fR
 .SH "SEE ALSO"
 .PP
-\fBdnssec-makekeyset\fR(8),
-\fBdnssec-signkey\fR(8),
-\fBdnssec-signzone\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR,
-\fIRFC 2845\fR,
-\fIRFC 2539\fR.
+\fBdnssec\-makekeyset\fR(8),
+\fBdnssec\-signkey\fR(8),
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535,
+RFC 2845,
+RFC 2539.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/dnssec/dnssec-keygen.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.3.2.2 2004/06/03 02:25:50 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.3.2.4 2005/05/12 21:35:07 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,19 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>dnssec-keygen</application></refname>
     <refpurpose>DNSSEC key generation tool</refpurpose>

bin/dnssec/dnssec-keygen.html

@@ -1,575 +1,220 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: dnssec-keygen.html,v 1.5.2.3 2004/06/03 05:21:10 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->dnssec-keygen</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-keygen</SPAN
->&nbsp;--&nbsp;DNSSEC key generation tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-keygen</B
->  {-a <TT
-CLASS="REPLACEABLE"
-><I
->algorithm</I
-></TT
->} {-b <TT
-CLASS="REPLACEABLE"
-><I
->keysize</I
-></TT
->} {-n <TT
-CLASS="REPLACEABLE"
-><I
->nametype</I
-></TT
->} [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e</TT
->] [<TT
-CLASS="OPTION"
->-g <TT
-CLASS="REPLACEABLE"
-><I
->generator</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p <TT
-CLASS="REPLACEABLE"
-><I
->protocol</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->strength</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->type</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {name}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> generates keys for DNSSEC
+<!-- $Id: dnssec-keygen.html,v 1.5.2.11 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-keygen</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525185"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
 	(Secure DNS), as defined in RFC 2535.  It can also generate
 	keys for use with TSIG (Transaction Signatures), as
 	defined in RFC 2845.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN52"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a <TT
-CLASS="REPLACEABLE"
-><I
->algorithm</I
-></TT
-></DT
-><DD
-><P
->	      Selects the cryptographic algorithm.  The value of
-	      <TT
-CLASS="OPTION"
->algorithm</TT
-> must be one of RSAMD5 or RSA,
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525197"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
+<dd>
+<p>
+	      Selects the cryptographic algorithm.  The value of
+	      <code class="option">algorithm</code> must be one of RSAMD5 or RSA,
 	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
 	      are case insensitive.
-	  </P
-><P
->	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
+	  </p>
+<p>
+	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
 	      and RSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </P
-></DD
-><DT
->-b <TT
-CLASS="REPLACEABLE"
-><I
->keysize</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the number of bits in the key.  The choice of key
+	  </p>
+</dd>
+<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
+<dd><p>
+	       Specifies the number of bits in the key.  The choice of key
 	       size depends on the algorithm used.  RSA keys must be between
 	       512 and 2048 bits.  Diffie Hellman keys must be between
 	       128 and 4096 bits.  DSA keys must be between 512 and 1024
 	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
 	       between 1 and 512 bits.
-	  </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->nametype</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the owner type of the key.  The value of
-	       <TT
-CLASS="OPTION"
->nametype</TT
-> must either be ZONE (for a DNSSEC
+	  </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
+<dd><p>
+	       Specifies the owner type of the key.  The value of
+	       <code class="option">nametype</code> must either be ZONE (for a DNSSEC
 	       zone key), HOST or ENTITY (for a key associated with a host),
 	       or USER (for a key associated with a user).  These values are
 	       case insensitive.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Indicates that the DNS record containing the key should have
+	  </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	       Indicates that the DNS record containing the key should have
 	       the specified class.  If not specified, class IN is used.
-	  </P
-></DD
-><DT
->-e</DT
-><DD
-><P
->	       If generating an RSA key, use a large exponent.
-	  </P
-></DD
-><DT
->-g <TT
-CLASS="REPLACEABLE"
-><I
->generator</I
-></TT
-></DT
-><DD
-><P
->	       If generating a Diffie Hellman key, use this generator.
+	  </p></dd>
+<dt><span class="term">-e</span></dt>
+<dd><p>
+	       If generating an RSA key, use a large exponent.
+	  </p></dd>
+<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
+<dd><p>
+	       If generating a Diffie Hellman key, use this generator.
 	       Allowed values are 2 and 5.  If no generator
 	       is specified, a known prime from RFC 2539 will be used
 	       if possible; otherwise the default is 2.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.
-	  </P
-></DD
-><DT
->-p <TT
-CLASS="REPLACEABLE"
-><I
->protocol</I
-></TT
-></DT
-><DD
-><P
->	       Sets the protocol value for the generated key.  The protocol
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-keygen</strong></span>.
+	  </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
+<dd><p>
+	       Sets the protocol value for the generated key.  The protocol
 	       is a number between 0 and 255.  The default is 2 (email) for
 	       keys of type USER and 3 (DNSSEC) for all other key types.
 	       Other possible values for this argument are listed in
 	       RFC 2535 and its successors.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
 	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
 	       the name of a character device or file containing random
 	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+	       <code class="filename">keyboard</code> indicates that keyboard
 	       input should be used.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->strength</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the strength value of the key.  The strength is
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
+<dd><p>
+	       Specifies the strength value of the key.  The strength is
 	       a number between 0 and 15, and currently has no defined
 	       purpose in DNSSEC.
-	  </P
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->type</I
-></TT
-></DT
-><DD
-><P
->	       Indicates the use of the key.  <TT
-CLASS="OPTION"
->type</TT
-> must be
+	  </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
+<dd><p>
+	       Indicates the use of the key.  <code class="option">type</code> must be
 	       one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
 	       is AUTHCONF.  AUTH refers to the ability to authenticate
 	       data, and CONF the ability to encrypt data.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN121"
-></A
-><H2
->GENERATED KEYS</H2
-><P
->        When <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> completes successfully,
-	it prints a string of the form <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii</TT
->
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+	       Sets the debugging level.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525501"></a><h2>GENERATED KEYS</h2>
+<p>
+        When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
+	it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
 	to the standard output.  This is an identification string for
 	the key it has generated.  These strings can be used as arguments
-	to <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.
-    </P
-><P
-></P
-><UL
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->nnnn</TT
-> is the key name.
-        </P
-></LI
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->aaa</TT
-> is the numeric representation of the
+	to <span><strong class="command">dnssec-makekeyset</strong></span>.
+    </p>
+<div class="itemizedlist"><ul type="disc">
+<li><p>
+          <code class="filename">nnnn</code> is the key name.
+        </p></li>
+<li><p>
+          <code class="filename">aaa</code> is the numeric representation of the
           algorithm.
-        </P
-></LI
-><LI
-><P
->          <TT
-CLASS="FILENAME"
->iiiii</TT
-> is the key identifier (or footprint).
-        </P
-></LI
-></UL
-><P
->        <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates two file, with names based
-	on the printed string.  <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.key</TT
->
+        </p></li>
+<li><p>
+          <code class="filename">iiiii</code> is the key identifier (or footprint).
+        </p></li>
+</ul></div>
+<p>
+        <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based
+	on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
 	contains the public key, and
-	<TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii.private</TT
-> contains the private
+	<code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private
 	key.
-    </P
-><P
->        The <TT
-CLASS="FILENAME"
->.key</TT
-> file contains a DNS KEY record that
+    </p>
+<p>
+        The <code class="filename">.key</code> file contains a DNS KEY record that
 	can be inserted into a zone file (directly or with a $INCLUDE
 	statement).
-    </P
-><P
->        The <TT
-CLASS="FILENAME"
->.private</TT
-> file contains algorithm specific
+    </p>
+<p>
+        The <code class="filename">.private</code> file contains algorithm specific
 	fields.  For obvious security reasons, this file does not have
 	general read permission.
-    </P
-><P
->        Both <TT
-CLASS="FILENAME"
->.key</TT
-> and <TT
-CLASS="FILENAME"
->.private</TT
->
+    </p>
+<p>
+        Both <code class="filename">.key</code> and <code class="filename">.private</code>
 	files are generated for symmetric encryption algorithm such as
 	HMAC-MD5, even though the public and private key are equivalent.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN148"
-></A
-><H2
->EXAMPLE</H2
-><P
->        To generate a 768-bit DSA key for the domain
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->, the following command would be
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525593"></a><h2>EXAMPLE</h2>
+<p>
+        To generate a 768-bit DSA key for the domain
+	<strong class="userinput"><code>example.com</code></strong>, the following command would be
 	issued:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-keygen -a DSA -b 768 -n ZONE example.com</B
-></TT
->
-    </P
-><P
->        The command would print a string of the form:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-keygen</B
-> creates
-	the files <TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.key</TT
-> and
-	<TT
-CLASS="FILENAME"
->Kexample.com.+003+26160.private</TT
->
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN161"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signzone</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2845</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2539</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN177"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
+    </p>
+<p>
+        The command would print a string of the form:
+    </p>
+<p>
+        <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
+	the files <code class="filename">Kexample.com.+003+26160.key</code> and
+	<code class="filename">Kexample.com.+003+26160.private</code>
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525639"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+      <em class="citetitle">RFC 2535</em>,
+      <em class="citetitle">RFC 2845</em>,
+      <em class="citetitle">RFC 2539</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525691"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssec-makekeyset.8

@@ -1,113 +1,115 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-makekeyset.8,v 1.16.2.4 2004/06/03 05:21:10 marka Exp $
+.\" $Id: dnssec-makekeyset.8,v 1.16.2.7 2005/10/13 02:23:28 marka Exp $
 .\"
-.TH "DNSSEC-MAKEKEYSET" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-makekeyset \- DNSSEC zone signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-makekeyset\fR [ \fB-a\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-h\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-t\fIttl\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBkey\fR\fI...\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-MAKEKEYSET" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-makekeyset \- DNSSEC zone signing tool
+.SH "SYNOPSIS"
+.HP 18
+\fBdnssec\-makekeyset\fR [\fB\-a\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-h\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-t\fR\fIttl\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {key...}
 .SH "DESCRIPTION"
 .PP
-\fBdnssec-makekeyset\fR generates a key set from one
-or more keys created by \fBdnssec-keygen\fR. It creates
-a file containing a KEY record for each key, and self-signs the key
-set with each zone key. The output file is of the form
-\fIkeyset-nnnn.\fR, where \fInnnn\fR
+\fBdnssec\-makekeyset\fR
+generates a key set from one or more keys created by
+\fBdnssec\-keygen\fR. It creates a file containing a KEY record for each key, and self\-signs the key set with each zone key. The output file is of the form
+\fIkeyset\-nnnn.\fR, where
+\fInnnn\fR
 is the zone name.
 .SH "OPTIONS"
 .TP
-\fB-a\fR
+\-a
 Verify all generated signatures.
 .TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
+\-s \fIstart\-time\fR
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
 .TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time relative to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
+\-e \fIend\-time\fR
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
 .TP
-\fB-h\fR
+\-h
 Prints a short summary of the options and arguments to
-\fBdnssec-makekeyset\fR.
+\fBdnssec\-makekeyset\fR.
 .TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
+\-p
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
 .TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
 .TP
-\fB-t \fIttl\fB\fR
-Specify the TTL (time to live) of the KEY and SIG records.
-The default is 3600 seconds.
+\-t \fIttl\fR
+Specify the TTL (time to live) of the KEY and SIG records. The default is 3600 seconds.
 .TP
-\fB-v \fIlevel\fB\fR
+\-v \fIlevel\fR
 Sets the debugging level.
 .TP
-\fBkey\fR
-The list of keys to be included in the keyset file. These keys
-are expressed in the form \fIKnnnn.+aaa+iiiii\fR
-as generated by \fBdnssec-keygen\fR.
+key
+The list of keys to be included in the keyset file. These keys are expressed in the form
+\fIKnnnn.+aaa+iiiii\fR
+as generated by
+\fBdnssec\-keygen\fR.
 .SH "EXAMPLE"
 .PP
 The following command generates a keyset containing the DSA key for
-\fBexample.com\fR generated in the
-\fBdnssec-keygen\fR man page.
+\fBexample.com\fR
+generated in the
+\fBdnssec\-keygen\fR
+man page.
 .PP
-\fBdnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160\fR
+\fBdnssec\-makekeyset \-t 86400 \-s 20000701120000 \-e +2592000 Kexample.com.+003+26160\fR
 .PP
-In this example, \fBdnssec-makekeyset\fR creates
-the file \fIkeyset-example.com.\fR. This file
-contains the specified key and a self-generated signature.
+In this example,
+\fBdnssec\-makekeyset\fR
+creates the file
+\fIkeyset\-example.com.\fR. This file contains the specified key and a self\-generated signature.
 .PP
-The DNS administrator for \fBexample.com\fR could
-send \fIkeyset-example.com.\fR to the DNS
-administrator for \fB.com\fR for signing, if the
-\&.com zone is DNSSEC-aware and the administrators of the two zones
-have some mechanism for authenticating each other and exchanging
-the keys and signatures securely.
+The DNS administrator for
+\fBexample.com\fR
+could send
+\fIkeyset\-example.com.\fR
+to the DNS administrator for
+\fB.com\fR
+for signing, if the .com zone is DNSSEC\-aware and the administrators of the two zones have some mechanism for authenticating each other and exchanging the keys and signatures securely.
 .SH "SEE ALSO"
 .PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-signkey\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR.
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signkey\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/dnssec/dnssec-makekeyset.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-makekeyset.c,v 1.52.2.2 2004/03/09 06:09:15 marka Exp $ */
+/* $Id: dnssec-makekeyset.c,v 1.52.2.4 2005/06/08 00:12:17 marka Exp $ */
 
 #include <config.h>
 
@@ -24,6 +24,7 @@
 
 #include <isc/commandline.h>
 #include <isc/entropy.h>
+#include <isc/hash.h>
 #include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/util.h>
@@ -211,6 +212,11 @@ main(int argc, char *argv[]) {
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
+
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create hash context");
+
 	result = dst_lib_init(mctx, ectx, eflags);
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst: %s",
@@ -455,6 +461,7 @@ main(int argc, char *argv[]) {
 	}
 
 	cleanup_logging(&log);
+	isc_hash_destroy();
 	cleanup_entropy(&ectx);
 
 	isc_mem_free(mctx, output);

bin/dnssec/dnssec-makekeyset.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-makekeyset.docbook,v 1.2.2.5 2004/06/03 02:25:50 marka Exp $ -->
+<!-- $Id: dnssec-makekeyset.docbook,v 1.2.2.7 2005/05/12 21:35:07 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>dnssec-makekeyset</application></refname>
     <refpurpose>DNSSEC zone signing tool</refpurpose>

bin/dnssec/dnssec-makekeyset.html

@@ -1,407 +1,153 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: dnssec-makekeyset.html,v 1.4.2.4 2004/06/03 05:21:11 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->dnssec-makekeyset</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-makekeyset</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-makekeyset</SPAN
->&nbsp;--&nbsp;DNSSEC zone signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t</TT
-><TT
-CLASS="REPLACEABLE"
-><I
->ttl</I
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {key...}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN38"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> generates a key set from one
-	or more keys created by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.  It creates
+<!-- $Id: dnssec-makekeyset.html,v 1.4.2.13 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-makekeyset</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-makekeyset</span> &#8212; DNSSEC zone signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-makekeyset</code>  [<code class="option">-a</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code><em class="replaceable"><code>ttl</code></em>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {key...}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524466"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-makekeyset</strong></span> generates a key set from one
+	or more keys created by <span><strong class="command">dnssec-keygen</strong></span>.  It creates
 	a file containing a KEY record for each key, and self-signs the key
 	set with each zone key.  The output file is of the form
-	<TT
-CLASS="FILENAME"
->keyset-nnnn.</TT
->, where <TT
-CLASS="FILENAME"
->nnnn</TT
->
+	<code class="filename">keyset-nnnn.</code>, where <code class="filename">nnnn</code>
 	is the zone name.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN45"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524489"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+	      Verify all generated signatures.
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
+	       If no <code class="option">start-time</code> is specified, the current
 	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
+	  </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <code class="option">start-time</code>, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
 	       the start time.  A time relative to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
+	       indicated with now+N.  If no <code class="option">end-time</code> is
 	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-makekeyset</strong></span>.
+	  </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+	       Use pseudo-random data when signing the zone.  This is faster,
 	       but less secure, than using real random data.  This option
 	       may be useful when signing large zones or when the entropy
 	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
 	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
 	       the name of a character device or file containing random
 	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+	       <code class="filename">keyboard</code> indicates that keyboard
 	       input should be used.
-	  </P
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->ttl</I
-></TT
-></DT
-><DD
-><P
->	       Specify the TTL (time to live) of the KEY and SIG records.
+	  </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+	       Specify the TTL (time to live) of the KEY and SIG records.
 	       The default is 3600 seconds.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	       The list of keys to be included in the keyset file.  These keys
-	       are expressed in the form <TT
-CLASS="FILENAME"
->Knnnn.+aaa+iiiii</TT
->
-	       as generated by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN98"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The following command generates a keyset containing the DSA key for
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> generated in the
-	<B
-CLASS="COMMAND"
->dnssec-keygen</B
-> man page.
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->keyset-example.com.</TT
->.  This file
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+	       Sets the debugging level.
+	  </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+	       The list of keys to be included in the keyset file.  These keys
+	       are expressed in the form <code class="filename">Knnnn.+aaa+iiiii</code>
+	       as generated by <span><strong class="command">dnssec-keygen</strong></span>.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525351"></a><h2>EXAMPLE</h2>
+<p>
+        The following command generates a keyset containing the DSA key for
+	<strong class="userinput"><code>example.com</code></strong> generated in the
+	<span><strong class="command">dnssec-keygen</strong></span> man page.
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</code></strong>
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-makekeyset</strong></span> creates
+	the file <code class="filename">keyset-example.com.</code>.  This file
 	contains the specified key and a self-generated signature.
-    </P
-><P
->        The DNS administrator for <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> could
-	send <TT
-CLASS="FILENAME"
->keyset-example.com.</TT
-> to the DNS
-	administrator for <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
-> for signing, if the
+    </p>
+<p>
+        The DNS administrator for <strong class="userinput"><code>example.com</code></strong> could
+	send <code class="filename">keyset-example.com.</code> to the DNS
+	administrator for <strong class="userinput"><code>.com</code></strong> for signing, if the
 	.com zone is DNSSEC-aware and the administrators of the two zones
 	have some mechanism for authenticating each other and exchanging
 	the keys and signatures securely.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN112"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN123"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525397"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+      <em class="citetitle">RFC 2535</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525433"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssec-signkey.8

@@ -1,108 +1,115 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signkey.8,v 1.18.2.3 2004/06/03 05:21:11 marka Exp $
+.\" $Id: dnssec-signkey.8,v 1.18.2.6 2005/10/13 02:23:28 marka Exp $
 .\"
-.TH "DNSSEC-SIGNKEY" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-signkey \- DNSSEC key set signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-signkey\fR [ \fB-a\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-h\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBkeyset\fR \fBkey\fR\fI...\fR
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-SIGNKEY" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signkey \- DNSSEC key set signing tool
+.SH "SYNOPSIS"
+.HP 15
+\fBdnssec\-signkey\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-h\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {keyset} {key...}
 .SH "DESCRIPTION"
 .PP
-\fBdnssec-signkey\fR signs a keyset. Typically
-the keyset will be for a child zone, and will have been generated
-by \fBdnssec-makekeyset\fR. The child zone's keyset
-is signed with the zone keys for its parent zone. The output file
-is of the form \fIsignedkey-nnnn.\fR, where
-\fInnnn\fR is the zone name.
+\fBdnssec\-signkey\fR
+signs a keyset. Typically the keyset will be for a child zone, and will have been generated by
+\fBdnssec\-makekeyset\fR. The child zone's keyset is signed with the zone keys for its parent zone. The output file is of the form
+\fIsignedkey\-nnnn.\fR, where
+\fInnnn\fR
+is the zone name.
 .SH "OPTIONS"
 .TP
-\fB-a\fR
+\-a
 Verify all generated signatures.
 .TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
 Specifies the DNS class of the key sets.
 .TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
+\-s \fIstart\-time\fR
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
 .TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time relative to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
+\-e \fIend\-time\fR
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
 .TP
-\fB-h\fR
+\-h
 Prints a short summary of the options and arguments to
-\fBdnssec-signkey\fR.
+\fBdnssec\-signkey\fR.
 .TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
+\-p
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
 .TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
 .TP
-\fB-v \fIlevel\fB\fR
+\-v \fIlevel\fR
 Sets the debugging level.
 .TP
-\fBkeyset\fR
+keyset
 The file containing the child's keyset.
 .TP
-\fBkey\fR
+key
 The keys used to sign the child's keyset.
 .SH "EXAMPLE"
 .PP
-The DNS administrator for a DNSSEC-aware \fB.com\fR
+The DNS administrator for a DNSSEC\-aware
+\fB.com\fR
 zone would use the following command to sign the
-\fIkeyset\fR file for \fBexample.com\fR
-created by \fBdnssec-makekeyset\fR with a key generated
-by \fBdnssec-keygen\fR:
+\fIkeyset\fR
+file for
+\fBexample.com\fR
+created by
+\fBdnssec\-makekeyset\fR
+with a key generated by
+\fBdnssec\-keygen\fR:
 .PP
-\fBdnssec-signkey keyset-example.com. Kcom.+003+51944\fR
+\fBdnssec\-signkey keyset\-example.com. Kcom.+003+51944\fR
 .PP
-In this example, \fBdnssec-signkey\fR creates
-the file \fIsignedkey-example.com.\fR, which
-contains the \fBexample.com\fR keys and the
-signatures by the \fB.com\fR keys.
+In this example,
+\fBdnssec\-signkey\fR
+creates the file
+\fIsignedkey\-example.com.\fR, which contains the
+\fBexample.com\fR
+keys and the signatures by the
+\fB.com\fR
+keys.
 .SH "SEE ALSO"
 .PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-makekeyset\fR(8),
-\fBdnssec-signzone\fR(8).
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-makekeyset\fR(8),
+\fBdnssec\-signzone\fR(8).
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/dnssec/dnssec-signkey.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Portions Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signkey.c,v 1.50.2.4 2004/03/09 06:09:15 marka Exp $ */
+/* $Id: dnssec-signkey.c,v 1.50.2.6 2005/06/08 00:12:17 marka Exp $ */
 
 #include <config.h>
 
@@ -25,6 +25,7 @@
 #include <isc/string.h>
 #include <isc/commandline.h>
 #include <isc/entropy.h>
+#include <isc/hash.h>
 #include <isc/mem.h>
 #include <isc/util.h>
 
@@ -244,6 +245,11 @@ main(int argc, char *argv[]) {
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
+
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create hash context");
+
 	result = dst_lib_init(mctx, ectx, eflags);
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst: %s", 
@@ -462,6 +468,7 @@ main(int argc, char *argv[]) {
 	cleanup_logging(&log);
 
 	isc_mem_free(mctx, output);
+	isc_hash_destroy();
 	cleanup_entropy(&ectx);
 	dst_lib_destroy();
 	if (verbose > 10)

bin/dnssec/dnssec-signkey.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signkey.docbook,v 1.2.2.4 2004/06/03 02:25:51 marka Exp $ -->
+<!-- $Id: dnssec-signkey.docbook,v 1.2.2.6 2005/05/12 21:35:08 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>dnssec-signkey</application></refname>
     <refpurpose>DNSSEC key set signing tool</refpurpose>

bin/dnssec/dnssec-signkey.html

@@ -1,407 +1,148 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: dnssec-signkey.html,v 1.4.2.3 2004/06/03 05:21:11 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->dnssec-signkey</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-signkey</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-signkey</SPAN
->&nbsp;--&nbsp;DNSSEC key set signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-signkey</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {keyset} {key...}</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN39"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-signkey</B
-> signs a keyset.  Typically
+<!-- $Id: dnssec-signkey.html,v 1.4.2.12 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-signkey</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-signkey</span> &#8212; DNSSEC key set signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signkey</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyset} {key...}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524471"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-signkey</strong></span> signs a keyset.  Typically
 	the keyset will be for a child zone, and will have been generated
-	by <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
->.  The child zone's keyset
+	by <span><strong class="command">dnssec-makekeyset</strong></span>.  The child zone's keyset
 	is signed with the zone keys for its parent zone.  The output file
-	is of the form <TT
-CLASS="FILENAME"
->signedkey-nnnn.</TT
->, where
-	<TT
-CLASS="FILENAME"
->nnnn</TT
-> is the zone name.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN46"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the DNS class of the key sets.
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
+	is of the form <code class="filename">signedkey-nnnn.</code>, where
+	<code class="filename">nnnn</code> is the zone name.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524493"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+	      Verify all generated signatures.
+	  </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	       Specifies the DNS class of the key sets.
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
+	       If no <code class="option">start-time</code> is specified, the current
 	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
+	  </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <code class="option">start-time</code>, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
 	       the start time.  A time relative to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
+	       indicated with now+N.  If no <code class="option">end-time</code> is
 	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-signkey</B
->.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-signkey</strong></span>.
+	  </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+	       Use pseudo-random data when signing the zone.  This is faster,
 	       but less secure, than using real random data.  This option
 	       may be useful when signing large zones or when the entropy
 	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
 	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
 	       the name of a character device or file containing random
 	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+	       <code class="filename">keyboard</code> indicates that keyboard
 	       input should be used.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->keyset</DT
-><DD
-><P
->	        The file containing the child's keyset.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	        The keys used to sign the child's keyset.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN101"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The DNS administrator for a DNSSEC-aware <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
->
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+	       Sets the debugging level.
+	  </p></dd>
+<dt><span class="term">keyset</span></dt>
+<dd><p>
+	        The file containing the child's keyset.
+	  </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+	        The keys used to sign the child's keyset.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525365"></a><h2>EXAMPLE</h2>
+<p>
+        The DNS administrator for a DNSSEC-aware <strong class="userinput"><code>.com</code></strong>
 	zone would use the following command to sign the
-	<TT
-CLASS="FILENAME"
->keyset</TT
-> file for <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->
-	created by <B
-CLASS="COMMAND"
->dnssec-makekeyset</B
-> with a key generated
-	by <B
-CLASS="COMMAND"
->dnssec-keygen</B
->:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-signkey keyset-example.com. Kcom.+003+51944</B
-></TT
->
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-signkey</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->signedkey-example.com.</TT
->, which
-	contains the <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
-> keys and the
-	signatures by the <TT
-CLASS="USERINPUT"
-><B
->.com</B
-></TT
-> keys.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN116"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signzone</SPAN
->(8)</SPAN
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN128"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+	<code class="filename">keyset</code> file for <strong class="userinput"><code>example.com</code></strong>
+	created by <span><strong class="command">dnssec-makekeyset</strong></span> with a key generated
+	by <span><strong class="command">dnssec-keygen</strong></span>:
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-signkey keyset-example.com. Kcom.+003+51944</code></strong>
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-signkey</strong></span> creates
+	the file <code class="filename">signedkey-example.com.</code>, which
+	contains the <strong class="userinput"><code>example.com</code></strong> keys and the
+	signatures by the <strong class="userinput"><code>.com</code></strong> keys.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525417"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525456"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssec-signzone.8

@@ -1,155 +1,148 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.4 2004/06/03 05:21:12 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.8 2005/10/13 02:23:28 marka Exp $
 .\"
-.TH "DNSSEC-SIGNZONE" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
-dnssec-signzone \- DNSSEC zone signing tool
-.SH SYNOPSIS
-.sp
-\fBdnssec-signzone\fR [ \fB-a\fR ]  [ \fB-c \fIclass\fB\fR ]  [ \fB-d \fIdirectory\fB\fR ]  [ \fB-s \fIstart-time\fB\fR ]  [ \fB-e \fIend-time\fB\fR ]  [ \fB-f \fIoutput-file\fB\fR ]  [ \fB-h\fR ]  [ \fB-i \fIinterval\fB\fR ]  [ \fB-n \fInthreads\fB\fR ]  [ \fB-o \fIorigin\fB\fR ]  [ \fB-p\fR ]  [ \fB-r \fIrandomdev\fB\fR ]  [ \fB-t\fR ]  [ \fB-v \fIlevel\fB\fR ]  \fBzonefile\fR [ \fBkey\fR\fI...\fR ] 
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signzone \- DNSSEC zone signing tool
+.SH "SYNOPSIS"
+.HP 16
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-n\ \fR\fB\fInthreads\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
-\fBdnssec-signzone\fR signs a zone. It generates NXT
-and SIG records and produces a signed version of the zone. If there
-is a \fIsignedkey\fR file from the zone's parent,
-the parent's signatures will be incorporated into the generated
-signed zone file. The security status of delegations from the
-signed zone (that is, whether the child zones are secure or not) is
-determined by the presence or absence of a
-\fIsignedkey\fR file for each child zone.
+\fBdnssec\-signzone\fR
+signs a zone. It generates NXT and SIG records and produces a signed version of the zone. If there is a
+\fIsignedkey\fR
+file from the zone's parent, the parent's signatures will be incorporated into the generated signed zone file. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+\fIsignedkey\fR
+file for each child zone.
 .SH "OPTIONS"
 .TP
-\fB-a\fR
+\-a
 Verify all generated signatures.
 .TP
-\fB-c \fIclass\fB\fR
+\-c \fIclass\fR
 Specifies the DNS class of the zone.
 .TP
-\fB-d \fIdirectory\fB\fR
-Look for \fIsignedkey\fR files in
-\fBdirectory\fR as the directory 
+\-d \fIdirectory\fR
+Look for
+\fIsignedkey\fR
+files in
+\fBdirectory\fR
+as the directory
 .TP
-\fB-s \fIstart-time\fB\fR
-Specify the date and time when the generated SIG records
-become valid. This can be either an absolute or relative
-time. An absolute start time is indicated by a number
-in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-14:45:00 UTC on May 30th, 2000. A relative start time is
-indicated by +N, which is N seconds from the current time.
-If no \fBstart-time\fR is specified, the current
-time is used.
+\-s \fIstart\-time\fR
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
 .TP
-\fB-e \fIend-time\fB\fR
-Specify the date and time when the generated SIG records
-expire. As with \fBstart-time\fR, an absolute
-time is indicated in YYYYMMDDHHMMSS notation. A time relative
-to the start time is indicated with +N, which is N seconds from
-the start time. A time relative to the current time is
-indicated with now+N. If no \fBend-time\fR is
-specified, 30 days from the start time is used as a default.
+\-e \fIend\-time\fR
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
 .TP
-\fB-f \fIoutput-file\fB\fR
-The name of the output file containing the signed zone. The
-default is to append \fI.signed\fR to the
-input file.
+\-f \fIoutput\-file\fR
+The name of the output file containing the signed zone. The default is to append
+\fI.signed\fR
+to the input file.
 .TP
-\fB-h\fR
+\-h
 Prints a short summary of the options and arguments to
-\fBdnssec-signzone\fR.
+\fBdnssec\-signzone\fR.
 .TP
-\fB-i \fIinterval\fB\fR
-When a previously signed zone is passed as input, records
-may be resigned. The \fBinterval\fR option
-specifies the cycle interval as an offset from the current
-time (in seconds). If a SIG record expires after the
-cycle interval, it is retained. Otherwise, it is considered
-to be expiring soon, and it will be replaced.
-
-The default cycle interval is one quarter of the difference
-between the signature end and start times. So if neither
-\fBend-time\fR or \fBstart-time\fR
-are specified, \fBdnssec-signzone\fR generates
-signatures that are valid for 30 days, with a cycle
-interval of 7.5 days. Therefore, if any existing SIG records
-are due to expire in less than 7.5 days, they would be
-replaced.
+\-i \fIinterval\fR
+When a previously signed zone is passed as input, records may be resigned. The
+\fBinterval\fR
+option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
+.sp
+The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
+\fBend\-time\fR
+or
+\fBstart\-time\fR
+are specified,
+\fBdnssec\-signzone\fR
+generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing SIG records are due to expire in less than 7.5 days, they would be replaced.
 .TP
-\fB-n \fIncpus\fB\fR
-Specifies the number of threads to use. By default, one
-thread is started for each detected CPU.
+\-n \fIncpus\fR
+Specifies the number of threads to use. By default, one thread is started for each detected CPU.
 .TP
-\fB-o \fIorigin\fB\fR
-The zone origin. If not specified, the name of the zone file
-is assumed to be the origin.
+\-o \fIorigin\fR
+The zone origin. If not specified, the name of the zone file is assumed to be the origin.
 .TP
-\fB-p\fR
-Use pseudo-random data when signing the zone. This is faster,
-but less secure, than using real random data. This option
-may be useful when signing large zones or when the entropy
-source is limited.
+\-p
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
 .TP
-\fB-r \fIrandomdev\fB\fR
-Specifies the source of randomness. If the operating
-system does not provide a \fI/dev/random\fR
-or equivalent device, the default source of randomness
-is keyboard input. \fIrandomdev\fR specifies
-the name of a character device or file containing random
-data to be used instead of the default. The special value
-\fIkeyboard\fR indicates that keyboard
-input should be used.
+\-r \fIrandomdev\fR
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
 .TP
-\fB-t\fR
+\-t
 Print statistics at completion.
 .TP
-\fB-v \fIlevel\fB\fR
+\-v \fIlevel\fR
 Sets the debugging level.
 .TP
-\fBzonefile\fR
+zonefile
 The file containing the zone to be signed.
-Sets the debugging level.
 .TP
-\fBkey\fR
-The keys used to sign the zone. If no keys are specified, the
-default all zone keys that have private key files in the
-current directory.
+key
+The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
 .SH "EXAMPLE"
 .PP
-The following command signs the \fBexample.com\fR
-zone with the DSA key generated in the \fBdnssec-keygen\fR
+The following command signs the
+\fBexample.com\fR
+zone with the DSA key generated in the
+\fBdnssec\-keygen\fR
 man page. The zone's keys must be in the zone. If there are
-\fIsignedkey\fR files associated with this zone
-or any child zones, they must be in the current directory.
-\fBexample.com\fR, the following command would be
-issued:
+\fIsignedkey\fR
+files associated with this zone or any child zones, they must be in the current directory.
+\fBexample.com\fR, the following command would be issued:
 .PP
-\fBdnssec-signzone -o example.com db.example.com Kexample.com.+003+26160\fR
+\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
 .PP
 The command would print a string of the form:
 .PP
-In this example, \fBdnssec-signzone\fR creates
-the file \fIdb.example.com.signed\fR. This file
-should be referenced in a zone statement in a
-\fInamed.conf\fR file.
+In this example,
+\fBdnssec\-signzone\fR
+creates the file
+\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
+\fInamed.conf\fR
+file.
 .SH "SEE ALSO"
 .PP
-\fBdnssec-keygen\fR(8),
-\fBdnssec-signkey\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR,
-\fIRFC 2535\fR.
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signkey\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/dnssec/dnssec-signzone.c

@@ -1,5 +1,5 @@
 /*
- * Portions Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Portions Copyright (C) 1999-2001, 2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.139.2.5 2004/04/15 02:16:24 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.139.2.9 2005/10/14 01:37:48 marka Exp $ */
 
 #include <config.h>
 
@@ -28,6 +28,7 @@
 #include <isc/entropy.h>
 #include <isc/event.h>
 #include <isc/file.h>
+#include <isc/hash.h>
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/os.h>
@@ -1411,7 +1412,6 @@ loadzonepubkeys(dns_db_t *db) {
 	result = dns_rdataset_first(&rdataset);
 	check_result(result, "dns_rdataset_first");
 	while (result == ISC_R_SUCCESS) {
-		pubkey = NULL;
 		dns_rdata_reset(&rdata);
 		dns_rdataset_current(&rdataset, &rdata);
 		result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,
@@ -1457,9 +1457,9 @@ usage(void) {
 	fprintf(stderr, "\t-c class (IN)\n");
 	fprintf(stderr, "\t-d directory\n");
 	fprintf(stderr, "\t\tdirectory to find signedkey files (.)\n");
-	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+	fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
 	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
-	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+	fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
 	fprintf(stderr, "\t\tSIG end time  - absolute|from start|from now "
 				"(now + 30 days)\n");
 	fprintf(stderr, "\t-i interval:\n");
@@ -1621,6 +1621,11 @@ main(int argc, char *argv[]) {
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
+
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create hash context");
+
 	result = dst_lib_init(mctx, ectx, eflags);
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize dst");
@@ -1837,6 +1842,7 @@ main(int argc, char *argv[]) {
 
 	cleanup_logging(&log);
 	dst_lib_destroy();
+	isc_hash_destroy();
 	cleanup_entropy(&ectx);
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);

bin/dnssec/dnssec-signzone.docbook

@@ -1,7 +1,9 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.2.2.5 2004/06/03 02:25:51 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.2.2.8 2005/06/24 00:18:41 marka Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>dnssec-signzone</application></refname>
     <refpurpose>DNSSEC zone signing tool</refpurpose>
@@ -249,7 +265,6 @@
 	<listitem>
 	  <para>
 	       The file containing the zone to be signed.
-	       Sets the debugging level.
 	  </para>
 	</listitem>
       </varlistentry>

bin/dnssec/dnssec-signzone.html

@@ -1,556 +1,204 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2001, 2003  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: dnssec-signzone.html,v 1.4.2.4 2004/06/03 05:21:12 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->dnssec-signzone</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->dnssec-signzone</SPAN
->&nbsp;--&nbsp;DNSSEC zone signing tool</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->dnssec-signzone</B
->  [<TT
-CLASS="OPTION"
->-a</TT
->] [<TT
-CLASS="OPTION"
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-d <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-f <TT
-CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-h</TT
->] [<TT
-CLASS="OPTION"
->-i <TT
-CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-n <TT
-CLASS="REPLACEABLE"
-><I
->nthreads</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-o <TT
-CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-p</TT
->] [<TT
-CLASS="OPTION"
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-t</TT
->] [<TT
-CLASS="OPTION"
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></TT
->] {zonefile} [key...]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN56"
-></A
-><H2
->DESCRIPTION</H2
-><P
->        <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> signs a zone.  It generates NXT
+<!-- $Id: dnssec-signzone.html,v 1.4.2.13 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-signzone</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-h</code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {zonefile} [key...]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525198"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-signzone</strong></span> signs a zone.  It generates NXT
 	and SIG records and produces a signed version of the zone.  If there
-	is a <TT
-CLASS="FILENAME"
->signedkey</TT
-> file from the zone's parent,
+	is a <code class="filename">signedkey</code> file from the zone's parent,
 	the parent's signatures will be incorporated into the generated
 	signed zone file.  The security status of delegations from the
         signed zone (that is, whether the child zones are secure or not) is
         determined by the presence or absence of a
-	<TT
-CLASS="FILENAME"
->signedkey</TT
-> file for each child zone.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN62"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-a</DT
-><DD
-><P
->	      Verify all generated signatures.
-	  </P
-></DD
-><DT
->-c <TT
-CLASS="REPLACEABLE"
-><I
->class</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the DNS class of the zone.
-	  </P
-></DD
-><DT
->-d <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->	       Look for <TT
-CLASS="FILENAME"
->signedkey</TT
-> files in
-	       <TT
-CLASS="OPTION"
->directory</TT
-> as the directory 
-	  </P
-></DD
-><DT
->-s <TT
-CLASS="REPLACEABLE"
-><I
->start-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
+	<code class="filename">signedkey</code> file for each child zone.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525218"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+	      Verify all generated signatures.
+	  </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	       Specifies the DNS class of the zone.
+	  </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
+<dd><p>
+	       Look for <code class="filename">signedkey</code> files in
+	       <code class="option">directory</code> as the directory 
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
-	       If no <TT
-CLASS="OPTION"
->start-time</TT
-> is specified, the current
+	       If no <code class="option">start-time</code> is specified, the current
 	       time is used.
-	  </P
-></DD
-><DT
->-e <TT
-CLASS="REPLACEABLE"
-><I
->end-time</I
-></TT
-></DT
-><DD
-><P
->	       Specify the date and time when the generated SIG records
-	       expire.  As with <TT
-CLASS="OPTION"
->start-time</TT
->, an absolute
+	  </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <code class="option">start-time</code>, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
 	       the start time.  A time relative to the current time is
-	       indicated with now+N.  If no <TT
-CLASS="OPTION"
->end-time</TT
-> is
+	       indicated with now+N.  If no <code class="option">end-time</code> is
 	       specified, 30 days from the start time is used as a default.
-	  </P
-></DD
-><DT
->-f <TT
-CLASS="REPLACEABLE"
-><I
->output-file</I
-></TT
-></DT
-><DD
-><P
->	       The name of the output file containing the signed zone.  The
-	       default is to append <TT
-CLASS="FILENAME"
->.signed</TT
-> to the
+	  </p></dd>
+<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
+<dd><p>
+	       The name of the output file containing the signed zone.  The
+	       default is to append <code class="filename">.signed</code> to the
 	       input file.
-	  </P
-></DD
-><DT
->-h</DT
-><DD
-><P
->	       Prints a short summary of the options and arguments to
-	       <B
-CLASS="COMMAND"
->dnssec-signzone</B
->.
-	  </P
-></DD
-><DT
->-i <TT
-CLASS="REPLACEABLE"
-><I
->interval</I
-></TT
-></DT
-><DD
-><P
->	       When a previously signed zone is passed as input, records
-	       may be resigned.  The <TT
-CLASS="OPTION"
->interval</TT
-> option
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-signzone</strong></span>.
+	  </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+	       When a previously signed zone is passed as input, records
+	       may be resigned.  The <code class="option">interval</code> option
 	       specifies the cycle interval as an offset from the current
 	       time (in seconds).  If a SIG record expires after the
 	       cycle interval, it is retained.  Otherwise, it is considered
 	       to be expiring soon, and it will be replaced.
-	  </P
-><P
->	       The default cycle interval is one quarter of the difference
+	  </p>
+<p>
+	       The default cycle interval is one quarter of the difference
 	       between the signature end and start times.  So if neither
-	       <TT
-CLASS="OPTION"
->end-time</TT
-> or <TT
-CLASS="OPTION"
->start-time</TT
->
-	       are specified, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> generates
+	       <code class="option">end-time</code> or <code class="option">start-time</code>
+	       are specified, <span><strong class="command">dnssec-signzone</strong></span> generates
 	       signatures that are valid for 30 days, with a cycle
 	       interval of 7.5 days.  Therefore, if any existing SIG records
 	       are due to expire in less than 7.5 days, they would be
 	       replaced.
-	  </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->ncpus</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the number of threads to use.  By default, one
+	  </p>
+</dd>
+<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
+<dd><p>
+	       Specifies the number of threads to use.  By default, one
 	       thread is started for each detected CPU.
-	  </P
-></DD
-><DT
->-o <TT
-CLASS="REPLACEABLE"
-><I
->origin</I
-></TT
-></DT
-><DD
-><P
->	       The zone origin.  If not specified, the name of the zone file
+	  </p></dd>
+<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
+<dd><p>
+	       The zone origin.  If not specified, the name of the zone file
 	       is assumed to be the origin.
-	  </P
-></DD
-><DT
->-p</DT
-><DD
-><P
->	       Use pseudo-random data when signing the zone.  This is faster,
+	  </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+	       Use pseudo-random data when signing the zone.  This is faster,
 	       but less secure, than using real random data.  This option
 	       may be useful when signing large zones or when the entropy
 	       source is limited.
-	  </P
-></DD
-><DT
->-r <TT
-CLASS="REPLACEABLE"
-><I
->randomdev</I
-></TT
-></DT
-><DD
-><P
->	       Specifies the source of randomness.  If the operating
-	       system does not provide a <TT
-CLASS="FILENAME"
->/dev/random</TT
->
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
 	       or equivalent device, the default source of randomness
-	       is keyboard input.  <TT
-CLASS="FILENAME"
->randomdev</TT
-> specifies
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
 	       the name of a character device or file containing random
 	       data to be used instead of the default.  The special value
-	       <TT
-CLASS="FILENAME"
->keyboard</TT
-> indicates that keyboard
+	       <code class="filename">keyboard</code> indicates that keyboard
 	       input should be used.
-	  </P
-></DD
-><DT
->-t</DT
-><DD
-><P
->	       Print statistics at completion.
-	  </P
-></DD
-><DT
->-v <TT
-CLASS="REPLACEABLE"
-><I
->level</I
-></TT
-></DT
-><DD
-><P
->	       Sets the debugging level.
-	  </P
-></DD
-><DT
->zonefile</DT
-><DD
-><P
->	       The file containing the zone to be signed.
+	  </p></dd>
+<dt><span class="term">-t</span></dt>
+<dd><p>
+	       Print statistics at completion.
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
 	       Sets the debugging level.
-	  </P
-></DD
-><DT
->key</DT
-><DD
-><P
->	       The keys used to sign the zone.  If no keys are specified, the
+	  </p></dd>
+<dt><span class="term">zonefile</span></dt>
+<dd><p>
+	       The file containing the zone to be signed.
+	  </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+	       The keys used to sign the zone.  If no keys are specified, the
 	       default all zone keys that have private key files in the
 	       current directory.
-	  </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN154"
-></A
-><H2
->EXAMPLE</H2
-><P
->        The following command signs the <TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->
-	zone with the DSA key generated in the <B
-CLASS="COMMAND"
->dnssec-keygen</B
->
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525598"></a><h2>EXAMPLE</h2>
+<p>
+        The following command signs the <strong class="userinput"><code>example.com</code></strong>
+	zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
 	man page.  The zone's keys must be in the zone.  If there are
-	<TT
-CLASS="FILENAME"
->signedkey</TT
-> files associated with this zone
+	<code class="filename">signedkey</code> files associated with this zone
 	or any child zones, they must be in the current directory.
-	<TT
-CLASS="USERINPUT"
-><B
->example.com</B
-></TT
->, the following command would be
+	<strong class="userinput"><code>example.com</code></strong>, the following command would be
 	issued:
-    </P
-><P
->        <TT
-CLASS="USERINPUT"
-><B
->dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</B
-></TT
->
-    </P
-><P
->        The command would print a string of the form:
-    </P
-><P
->        In this example, <B
-CLASS="COMMAND"
->dnssec-signzone</B
-> creates
-	the file <TT
-CLASS="FILENAME"
->db.example.com.signed</TT
->.  This file
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-signzone -o example.com db.example.com Kexample.com.+003+26160</code></strong>
+    </p>
+<p>
+        The command would print a string of the form:
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-signzone</strong></span> creates
+	the file <code class="filename">db.example.com.signed</code>.  This file
 	should be referenced in a zone statement in a
-	<TT
-CLASS="FILENAME"
->named.conf</TT
-> file.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN168"
-></A
-><H2
->SEE ALSO</H2
-><P
->      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-keygen</SPAN
->(8)</SPAN
->,
-      <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
-      <I
-CLASS="CITETITLE"
->BIND 9 Administrator Reference Manual</I
->,
-      <I
-CLASS="CITETITLE"
->RFC 2535</I
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN179"
-></A
-><H2
->AUTHOR</H2
-><P
->        Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+	<code class="filename">named.conf</code> file.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525649"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+      <em class="citetitle">RFC 2535</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525685"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssectool.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.31.2.5 2004/03/09 06:09:16 marka Exp $ */
+/* $Id: dnssectool.c,v 1.31.2.7 2005/07/02 02:42:29 marka Exp $ */
 
 #include <config.h>
 
@@ -134,6 +134,8 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 	isc_log_t *log = NULL;
 	int level;
 
+	if (verbose < 0)
+		verbose = 0;
 	switch (verbose) {
 	case 0:
 		/*

bin/dnssec/win32/keygen.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dnssec/win32/keygen.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keygen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keygen.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dnssec/win32/makekeyset.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dnssec/win32/makekeyset.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\makekeyset.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\makekeyset.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dnssec/win32/nsupdate.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/lwres/win32/include/lwres" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dnssec/win32/signkey.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dnssec/win32/signkey.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/dnssec/win32/signzone.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"

bin/dnssec/win32/signzone.mak

@@ -43,7 +43,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -118,7 +118,7 @@ CLEAN :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MTd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/dns/sec/dst/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<

bin/named/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.74.2.2 2004/03/09 06:09:17 marka Exp $
+# $Id: Makefile.in,v 1.74.2.5 2004/09/06 21:42:06 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -81,9 +81,9 @@ SRCS =		aclconf.c client.c config.c control.c controlconf.c interfacemgr.c \
 		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
 		$(DBDRIVER_SRCS)
 
-MANPAGES =	named.8 lwresd.8
+MANPAGES =	named.8 lwresd.8 named.conf.5
 
-HTMLPAGES =	named.html lwresd.html
+HTMLPAGES =	named.html lwresd.html named.conf.html
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
@@ -100,7 +100,7 @@ config.@O@: config.c
 		-c ${srcdir}/config.c
 
 named: ${OBJS} ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
 
 lwresd: named
 	rm -f lwresd
@@ -116,9 +116,12 @@ clean distclean maintainer-clean::
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
 install:: named lwresd installdirs
 	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named ${DESTDIR}${sbindir}
 	(cd ${DESTDIR}${sbindir}; rm -f lwresd; @LN@ named lwresd)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+	${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
+	${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5

bin/named/aclconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.27.2.1 2004/03/09 06:09:17 marka Exp $ */
+/* $Id: aclconf.c,v 1.27.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -29,6 +29,8 @@
 
 #include <named/aclconf.h>
 
+#define LOOP_MAGIC ISC_MAGIC('L','O','O','P')
+
 void
 ns_aclconfctx_init(ns_aclconfctx_t *ctx) {
 	ISC_LIST_INIT(ctx->named_acl_cache);
@@ -50,10 +52,10 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) {
  * Find the definition of the named acl whose name is "name".
  */
 static isc_result_t
-get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
+get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) {
 	isc_result_t result;
-	cfg_obj_t *acls = NULL;
-	cfg_listelt_t *elt;
+	const cfg_obj_t *acls = NULL;
+	const cfg_listelt_t *elt;
 	
 	result = cfg_map_get(cctx, "acl", &acls);
 	if (result != ISC_R_SUCCESS)
@@ -61,7 +63,7 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
 	for (elt = cfg_list_first(acls);
 	     elt != NULL;
 	     elt = cfg_list_next(elt)) {
-		cfg_obj_t *acl = cfg_listelt_value(elt);
+		const cfg_obj_t *acl = cfg_listelt_value(elt);
 		const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
 		if (strcasecmp(aclname, name) == 0) {
 			*ret = cfg_tuple_get(acl, "value");
@@ -72,14 +74,15 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
 }
 
 static isc_result_t
-convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
+convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx, isc_mem_t *mctx,
 		  dns_acl_t **target)
 {
 	isc_result_t result;
-	cfg_obj_t *cacl = NULL;
+	const cfg_obj_t *cacl = NULL;
 	dns_acl_t *dacl;
-	char *aclname = cfg_obj_asstring(nameobj);
+	dns_acl_t loop;
+	const char *aclname = cfg_obj_asstring(nameobj);
 
 	/* Look for an already-converted version. */
 	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
@@ -87,6 +90,11 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 	     dacl = ISC_LIST_NEXT(dacl, nextincache))
 	{
 		if (strcasecmp(aclname, dacl->name) == 0) {
+			if (ISC_MAGIC_VALID(dacl, LOOP_MAGIC)) {
+				cfg_obj_log(nameobj, dns_lctx, ISC_LOG_ERROR,
+					    "acl loop detected: %s", aclname);
+				return (ISC_R_FAILURE);
+			}
 			dns_acl_attach(dacl, target);
 			return (ISC_R_SUCCESS);
 		}
@@ -98,7 +106,18 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 			    "undefined ACL '%s'", aclname);
 		return (result);
 	}
+	/*
+	 * Add a loop detection element.
+	 */
+	memset(&loop, 0, sizeof(loop));
+	ISC_LINK_INIT(&loop, nextincache);
+	DE_CONST(aclname, loop.name);
+	loop.magic = LOOP_MAGIC;
+	ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache);
 	result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl);
+	ISC_LIST_UNLINK(ctx->named_acl_cache, &loop, nextincache);
+	loop.magic = 0;
+	loop.name = NULL;
 	if (result != ISC_R_SUCCESS)
 		return (result);
 	dacl->name = isc_mem_strdup(dacl->mctx, aclname);
@@ -110,7 +129,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 }
 
 static isc_result_t
-convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
+convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 	dns_fixedname_t fixname;
@@ -133,8 +152,8 @@ convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
 }
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+		  const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx,
 		  isc_mem_t *mctx,
 		  dns_acl_t **target)
@@ -143,7 +162,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 	unsigned int count;
 	dns_acl_t *dacl = NULL;
 	dns_aclelement_t *de;
-	cfg_listelt_t *elt;
+	const cfg_listelt_t *elt;
 
 	REQUIRE(target != NULL && *target == NULL);
 
@@ -162,7 +181,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 	     elt != NULL;
 	     elt = cfg_list_next(elt))
 	{
-		cfg_obj_t *ce = cfg_listelt_value(elt);
+		const cfg_obj_t *ce = cfg_listelt_value(elt);
 		if (cfg_obj_istuple(ce)) {
 			/* This must be a negated element. */
 			ce = cfg_tuple_get(ce, "value");
@@ -194,7 +213,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 				goto cleanup;
 		} else if (cfg_obj_isstring(ce)) {
 			/* ACL name */
-			char *name = cfg_obj_asstring(ce);
+			const char *name = cfg_obj_asstring(ce);
 			if (strcasecmp(name, "localhost") == 0) {
 				de->type = dns_aclelementtype_localhost;
 			} else if (strcasecmp(name, "localnets") == 0) {

bin/named/client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.176.2.15 2004/04/28 14:17:03 marka Exp $ */
+/* $Id: client.c,v 1.176.2.22 2006/01/04 23:50:16 marka Exp $ */
 
 #include <config.h>
 
@@ -33,6 +33,7 @@
 #include <dns/dispatch.h>
 #include <dns/events.h>
 #include <dns/message.h>
+#include <dns/rcode.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdatalist.h>
@@ -161,6 +162,12 @@ struct ns_clientmgr {
  * Must be greater than any valid state.
  */
 
+/*
+ * Enable ns_client_dropport() by default.
+ */
+#ifndef NS_CLIENT_DROPPORT
+#define NS_CLIENT_DROPPORT 1
+#endif
 
 static void client_read(ns_client_t *client);
 static void client_accept(ns_client_t *client);
@@ -218,12 +225,19 @@ exit_check(ns_client_t *client) {
 	 *  - The client does not detach from the view until references is zero
 	 *  - references does not go to zero until the resolver has shut down
 	 *
+	 * Keep the view attached until any outstanding updates complete.
 	 */
-	if (client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
+	if (client->nupdates == 0 && 
+	    client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
 		dns_view_detach(&client->view);
 
 	if (client->state == NS_CLIENTSTATE_WORKING) {
 		INSIST(client->newstate <= NS_CLIENTSTATE_READING);
+		/*
+		 * Let the update processing complete.
+		 */
+		if (client->nupdates > 0)
+			return (ISC_TRUE);
 		/*
 		 * We are trying to abort request processing.
 		 */
@@ -519,6 +533,7 @@ ns_client_endrequest(ns_client_t *client) {
 	INSIST(client->nreads == 0);
 	INSIST(client->nsends == 0);
 	INSIST(client->nrecvs == 0);
+	INSIST(client->nupdates == 0);
 	INSIST(client->state == NS_CLIENTSTATE_WORKING);
 
 	CTRACE("endrequest");
@@ -915,6 +930,34 @@ ns_client_send(ns_client_t *client) {
 	ns_client_next(client, result);
 }
 
+#if NS_CLIENT_DROPPORT
+#define DROPPORT_NO		0
+#define DROPPORT_REQUEST	1
+#define DROPPORT_RESPONSE	2
+/*%
+ * ns_client_dropport determines if certain requests / responses
+ * should be dropped based on the port number.
+ *
+ * Returns:
+ * \li	0:	Don't drop.
+ * \li	1:	Drop request.
+ * \li	2:	Drop (error) response.
+ */
+static int
+ns_client_dropport(in_port_t port) {
+	switch (port) {
+	case 7: /* echo */
+	case 13: /* daytime */
+	case 19: /* chargen */
+	case 37: /* time */
+		return (DROPPORT_REQUEST);
+	case 464: /* kpasswd */
+		return (DROPPORT_RESPONSE);
+	}
+	return (DROPPORT_NO);
+}
+#endif
+
 void
 ns_client_error(ns_client_t *client, isc_result_t result) {
 	dns_rcode_t rcode;
@@ -927,6 +970,28 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
 	message = client->message;
 	rcode = dns_result_torcode(result);
 
+#if NS_CLIENT_DROPPORT
+	/*
+	 * Don't send FORMERR to ports on the drop port list.
+	 */
+	if (rcode == dns_rcode_formerr &&
+	    ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
+	    DROPPORT_NO) {
+		char buf[64];
+		isc_buffer_t b;
+
+		isc_buffer_init(&b, buf, sizeof(buf) - 1);
+		if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS)
+			isc_buffer_putstr(&b, "UNKNOWN RCODE");
+		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+			      "dropped error (%.*s) response: suspicious port",
+			      (int)isc_buffer_usedlength(&b), buf);
+		ns_client_next(client, ISC_R_SUCCESS);
+		return;
+	}
+#endif
+
 	/*
 	 * Message may be an in-progress reply that we had trouble
 	 * with, in which case QR will be set.  We need to clear QR before
@@ -1147,6 +1212,17 @@ client_request(isc_task_t *task, isc_event_t *event) {
 
 	isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 
+#if NS_CLIENT_DROPPORT
+	if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
+	    DROPPORT_REQUEST) {
+		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+			      "dropped request: suspicious port");
+		ns_client_next(client, ISC_R_SUCCESS);
+		goto cleanup;
+	}
+#endif
+
 	ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 		      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
 		      "%s request",
@@ -1493,8 +1569,7 @@ client_timeout(isc_task_t *task, isc_event_t *event) {
 }
 
 static isc_result_t
-client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
-{
+client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	ns_client_t *client;
 	isc_result_t result;
 
@@ -1569,6 +1644,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp)
 	client->nreads = 0;
 	client->nsends = 0;
 	client->nrecvs = 0;
+	client->nupdates = 0;
 	client->nctls = 0;
 	client->references = 0;
 	client->attributes = 0;
@@ -1827,7 +1903,7 @@ client_udprecv(ns_client_t *client) {
 				  client->task, client->recvevent, 0);
 	if (result != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "isc_socket_recv() failed: %s",
+				 "isc_socket_recv2() failed: %s",
 				 isc_result_totext(result));
 		/*
 		 * This cannot happen in the current implementation, since

bin/named/config.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.11.2.6 2004/04/19 23:15:38 marka Exp $ */
+/* $Id: config.c,v 1.11.2.9 2006/03/01 01:34:04 marka Exp $ */
 
 #include <config.h>
 
@@ -156,7 +156,7 @@ ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
 }
 
 isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj) {
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj) {
 	int i;
 
 	for (i = 0; ; i++) {
@@ -168,8 +168,8 @@ ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj) {
 }
 
 int
-ns_config_listcount(cfg_obj_t *list) {
-	cfg_listelt_t *e;
+ns_config_listcount(const cfg_obj_t *list) {
+	const cfg_listelt_t *e;
 	int i = 0;
 
 	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
@@ -179,9 +179,9 @@ ns_config_listcount(cfg_obj_t *list) {
 }
 
 isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		   dns_rdataclass_t *classp) {
-	char *str;
+	const char *str;
 	isc_textregion_t r;
 	isc_result_t result;
 
@@ -190,7 +190,7 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		return (ISC_R_SUCCESS);
 	}
 	str = cfg_obj_asstring(classobj);
-	r.base = str;
+	DE_CONST(str, r.base);
 	r.length = strlen(str);
 	result = dns_rdataclass_fromtext(classp, &r);
 	if (result != ISC_R_SUCCESS)
@@ -200,9 +200,9 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
 }
 
 dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
 	dns_zonetype_t ztype = dns_zone_none;
-	char *str;
+	const char *str;
 
 	str = cfg_obj_asstring(zonetypeobj);
 	if (strcasecmp(str, "master") == 0)
@@ -217,14 +217,14 @@ ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
 }
 
 isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
 		    in_port_t defport, isc_mem_t *mctx,
 		    isc_sockaddr_t **addrsp, isc_uint32_t *countp)
 {
 	int count, i = 0;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
-	cfg_listelt_t *element;
+	const cfg_obj_t *addrlist;
+	const cfg_obj_t *portobj;
+	const cfg_listelt_t *element;
 	isc_sockaddr_t *addrs;
 	in_port_t port;
 	isc_result_t result;
@@ -283,15 +283,15 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 }
 
 isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keysp,
-			  isc_uint32_t *countp)
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+			  dns_name_t ***keysp, isc_uint32_t *countp)
 {
 	isc_uint32_t count, i = 0;
 	isc_result_t result;
-	cfg_listelt_t *element;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
+	const cfg_listelt_t *element;
+	const cfg_obj_t *addrlist;
+	const cfg_obj_t *portobj;
 	in_port_t port;
 	dns_fixedname_t fname;
 	isc_sockaddr_t *addrs = NULL;
@@ -308,13 +308,14 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
 		if (val > ISC_UINT16_MAX) {
 			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
 				    "port '%u' out of range", val);
-			return (ISC_R_RANGE);
+			result = ISC_R_RANGE;
+			goto cleanup;
 		}
 		port = (in_port_t) val;
 	} else {
 		result = ns_config_getport(config, &port);
 		if (result != ISC_R_SUCCESS)
-			return (result);
+			goto cleanup;
 	}
 
 	result = ISC_R_NOMEMORY;
@@ -331,9 +332,9 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
 	     element != NULL;
 	     element = cfg_list_next(element), i++)
 	{
-		cfg_obj_t *addr;
-		cfg_obj_t *key;
-		char *keystr;
+		const cfg_obj_t *addr;
+		const cfg_obj_t *key;
+		const char *keystr;
 		isc_buffer_t b;
 
 		INSIST(i < count);
@@ -414,10 +415,10 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 }
 
 isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
-	cfg_obj_t *maps[3];
-	cfg_obj_t *options = NULL;
-	cfg_obj_t *portobj = NULL;
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
+	const cfg_obj_t *maps[3];
+	const cfg_obj_t *options = NULL;
+	const cfg_obj_t *portobj = NULL;
 	isc_result_t result;
 	int i;
 

bin/named/control.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.7.2.4 2004/04/06 01:38:47 marka Exp $ */
+/* $Id: control.c,v 1.7.2.6 2005/04/07 02:22:08 marka Exp $ */
 
 #include <config.h>
 
@@ -35,6 +35,9 @@
 #include <named/control.h>
 #include <named/log.h>
 #include <named/server.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
 
 static isc_boolean_t
 command_compare(const char *text, const char *command) {
@@ -56,6 +59,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	isccc_sexpr_t *data;
 	char *command;
 	isc_result_t result;
+#ifdef HAVE_LIBSCF
+	char *instance = NULL;
+#endif
 
 	data = isccc_alist_lookup(message, "_data");
 	if (data == NULL) {
@@ -88,10 +94,58 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	} else if (command_compare(command, NS_COMMAND_REFRESH)) {
 		result = ns_server_refreshcommand(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_HALT)) {
+#ifdef HAVE_LIBSCF
+		/*
+		 * If we are managed by smf(5), AND in chroot, then
+		 * we cannot connect to the smf repository, so just
+		 * return with an appropriate message back to rndc.
+		 */
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+			result = ns_smf_add_message(text);
+			return (result);
+		}
+		/*
+		 * If we are managed by smf(5) but not in chroot,
+		 * try to disable ourselves the smf way.
+		 */
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0) {
+			result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+			if (result == ISC_R_SUCCESS && instance != NULL) {
+				ns_server_flushonshutdown(ns_g_server,
+					ISC_FALSE);
+				result = ns_smf_disable(instance);
+			}
+			if (instance != NULL)
+				isc_mem_free(ns_g_mctx, instance);
+			return (result);
+		}
+		/*
+		 * If ns_smf_got_instance = 0, ns_smf_chroot
+		 * is not relevant and we fall through to
+		 * isc_app_shutdown below.
+		 */
+#endif
 		ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_STOP)) {
+#ifdef HAVE_LIBSCF
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
+			result = ns_smf_add_message(text);
+			return (result);
+		}
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0) {
+			result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+			if (result == ISC_R_SUCCESS && instance != NULL) {
+				ns_server_flushonshutdown(ns_g_server,
+					ISC_TRUE);
+				result = ns_smf_disable(instance);
+			}
+			if (instance != NULL)
+				isc_mem_free(ns_g_mctx, instance);
+			return (result);
+		}
+#endif
 		ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;

bin/named/controlconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.28.2.10 2004/03/09 06:09:18 marka Exp $ */
+/* $Id: controlconf.c,v 1.28.2.14 2006/03/01 01:34:05 marka Exp $ */
 
 #include <config.h>
 
@@ -362,6 +362,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	{
 		ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
 		ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
+		if (secret.rstart != NULL)
+			isc_mem_put(listener->mctx, secret.rstart,
+				    REGION_SIZE(secret));
 		secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
 		if (secret.rstart == NULL)
 			goto cleanup;
@@ -377,8 +380,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 			 */
 			if (request != NULL)
 				isccc_sexpr_free(&request);
-			isc_mem_put(listener->mctx, secret.rstart,
-				    REGION_SIZE(secret));
 		} else {
 			log_invalid(&conn->ccmsg, result);
 			goto cleanup;
@@ -655,10 +656,12 @@ ns_controls_shutdown(ns_controls_t *controls) {
 }
 
 static isc_result_t
-cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
-	cfg_listelt_t *element;
+cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
+	        const cfg_obj_t **objp)
+{
+	const cfg_listelt_t *element;
 	const char *str;
-	cfg_obj_t *obj;
+	const cfg_obj_t *obj;
 
 	for (element = cfg_list_first(keylist);
 	     element != NULL;
@@ -677,13 +680,13 @@ cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
 }
 
 static isc_result_t
-controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
+controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
 		       controlkeylist_t *keyids)
 {
-	cfg_listelt_t *element;
+	const cfg_listelt_t *element;
 	char *newstr = NULL;
 	const char *str;
-	cfg_obj_t *obj;
+	const cfg_obj_t *obj;
 	controlkey_t *key = NULL;
 
 	for (element = cfg_list_first(keylist);
@@ -718,11 +721,11 @@ controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
 }
 
 static void
-register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
+register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
 	      controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
 {
 	controlkey_t *keyid, *next;
-	cfg_obj_t *keydef;
+	const cfg_obj_t *keydef;
 	char secret[1024];
 	isc_buffer_t b;
 	isc_result_t result;
@@ -742,10 +745,10 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
 			ISC_LIST_UNLINK(*keyids, keyid, link);
 			free_controlkey(keyid, mctx);
 		} else {
-			cfg_obj_t *algobj = NULL;
-			cfg_obj_t *secretobj = NULL;
-			char *algstr = NULL;
-			char *secretstr = NULL;
+			const cfg_obj_t *algobj = NULL;
+			const cfg_obj_t *secretobj = NULL;
+			const char *algstr = NULL;
+			const char *secretstr = NULL;
 
 			(void)cfg_map_get(keydef, "algorithm", &algobj);
 			(void)cfg_map_get(keydef, "secret", &secretobj);
@@ -811,11 +814,11 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	isc_result_t result;
 	cfg_parser_t *pctx = NULL;
 	cfg_obj_t *config = NULL;
-	cfg_obj_t *key = NULL;
-	cfg_obj_t *algobj = NULL;
-	cfg_obj_t *secretobj = NULL;
-	char *algstr = NULL;
-	char *secretstr = NULL;
+	const cfg_obj_t *key = NULL;
+	const cfg_obj_t *algobj = NULL;
+	const cfg_obj_t *secretobj = NULL;
+	const char *algstr = NULL;
+	const char *secretstr = NULL;
 	controlkey_t *keyid = NULL;
 	char secret[1024];
 	isc_buffer_t b;
@@ -894,12 +897,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
  * valid or both are NULL.
  */
 static void
-get_key_info(cfg_obj_t *config, cfg_obj_t *control,
-	     cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp)
+get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
+	     const cfg_obj_t **global_keylistp,
+	     const cfg_obj_t **control_keylistp)
 {
 	isc_result_t result;
-	cfg_obj_t *control_keylist = NULL;
-	cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *global_keylist = NULL;
 
 	REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
 	REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
@@ -918,15 +922,15 @@ get_key_info(cfg_obj_t *config, cfg_obj_t *control,
 }
 
 static void
-update_listener(ns_controls_t *cp,
-		controllistener_t **listenerp, cfg_obj_t *control,
-		cfg_obj_t *config, isc_sockaddr_t *addr,
-		ns_aclconfctx_t *aclconfctx, const char *socktext)
+update_listener(ns_controls_t *cp, controllistener_t **listenerp,
+		const cfg_obj_t *control, const cfg_obj_t *config,
+		isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+		const char *socktext)
 {
 	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *global_keylist = NULL;
-	cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *allow;
+	const cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
 	dns_acl_t *new_acl = NULL;
 	controlkeylist_t keys;
 	isc_result_t result = ISC_R_SUCCESS;
@@ -983,18 +987,25 @@ update_listener(ns_controls_t *cp,
 		result = get_rndckey(listener->mctx, &listener->keys);
 	}
 
-	if (result != ISC_R_SUCCESS && global_keylist != NULL)
+	if (result != ISC_R_SUCCESS && global_keylist != NULL) {
 		/*
 		 * This message might be a little misleading since the
 		 * "new keys" might in fact be identical to the old ones,
 		 * but tracking whether they are identical just for the
 		 * sake of avoiding this message would be too much trouble.
 		 */
-		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-			    "couldn't install new keys for "
-			    "command channel %s: %s",
-			    socktext, isc_result_totext(result));
-
+		if (control != NULL)
+			cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+				    "couldn't install new keys for "
+				    "command channel %s: %s",
+				    socktext, isc_result_totext(result));
+		else
+			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+				      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+				      "couldn't install new keys for "
+				      "command channel %s: %s",
+				      socktext, isc_result_totext(result));
+	}
 
 	/*
 	 * Now, keep the old access list unless a new one can be made.
@@ -1011,26 +1022,33 @@ update_listener(ns_controls_t *cp,
 		dns_acl_detach(&listener->acl);
 		dns_acl_attach(new_acl, &listener->acl);
 		dns_acl_detach(&new_acl);
-	} else
 		/* XXXDCL say the old acl is still used? */
+	} else if (control != NULL)
 		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
 			    "couldn't install new acl for "
 			    "command channel %s: %s",
 			    socktext, isc_result_totext(result));
+	else
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+			      "couldn't install new acl for "
+			      "command channel %s: %s",
+			      socktext, isc_result_totext(result));
 
 	*listenerp = listener;
 }
 
 static void
 add_listener(ns_controls_t *cp, controllistener_t **listenerp,
-	     cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr,
-	     ns_aclconfctx_t *aclconfctx, const char *socktext)
+	     const cfg_obj_t *control, const cfg_obj_t *config,
+	     isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+	     const char *socktext)
 {
 	isc_mem_t *mctx = cp->server->mctx;
 	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *global_keylist = NULL;
-	cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *allow;
+	const cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
 	dns_acl_t *new_acl = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
 
@@ -1141,13 +1159,13 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 }
 
 isc_result_t
-ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
 		      ns_aclconfctx_t *aclconfctx)
 {
 	controllistener_t *listener;
 	controllistenerlist_t new_listeners;
-	cfg_obj_t *controlslist = NULL;
-	cfg_listelt_t *element, *element2;
+	const cfg_obj_t *controlslist = NULL;
+	const cfg_listelt_t *element, *element2;
 	char socktext[ISC_SOCKADDR_FORMATSIZE];
 
 	ISC_LIST_INIT(new_listeners);
@@ -1169,8 +1187,8 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 		for (element = cfg_list_first(controlslist);
 		     element != NULL;
 		     element = cfg_list_next(element)) {
-			cfg_obj_t *controls;
-			cfg_obj_t *inetcontrols = NULL;
+			const cfg_obj_t *controls;
+			const cfg_obj_t *inetcontrols = NULL;
 
 			controls = cfg_listelt_value(element);
 			(void)cfg_map_get(controls, "inet", &inetcontrols);
@@ -1180,9 +1198,9 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 			for (element2 = cfg_list_first(inetcontrols);
 			     element2 != NULL;
 			     element2 = cfg_list_next(element2)) {
-				cfg_obj_t *control;
-				cfg_obj_t *obj;
-				isc_sockaddr_t *addr;
+				const cfg_obj_t *control;
+				const cfg_obj_t *obj;
+				isc_sockaddr_t addr;
 
 				/*
 				 * The parser handles BIND 8 configuration file
@@ -1195,12 +1213,12 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 				control = cfg_listelt_value(element2);
 
 				obj = cfg_tuple_get(control, "address");
-				addr = cfg_obj_assockaddr(obj);
-				if (isc_sockaddr_getport(addr) == 0)
-					isc_sockaddr_setport(addr,
+				addr = *cfg_obj_assockaddr(obj);
+				if (isc_sockaddr_getport(&addr) == 0)
+					isc_sockaddr_setport(&addr,
 							     NS_CONTROL_PORT);
 
-				isc_sockaddr_format(addr, socktext,
+				isc_sockaddr_format(&addr, socktext,
 						    sizeof(socktext));
 
 				isc_log_write(ns_g_lctx,
@@ -1211,7 +1229,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 					      socktext);
 
 				update_listener(cp, &listener, control, config,
-						addr, aclconfctx, socktext);
+						&addr, aclconfctx, socktext);
 
 				if (listener != NULL)
 					/*
@@ -1225,7 +1243,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 					 * This is a new listener.
 					 */
 					add_listener(cp, &listener, control,
-						     config, addr, aclconfctx,
+						     config, &addr, aclconfctx,
 						     socktext);
 
 				if (listener != NULL)

bin/named/include/named/aclconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.h,v 1.12.2.1 2004/03/09 06:09:21 marka Exp $ */
+/* $Id: aclconf.h,v 1.12.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NS_ACLCONF_H
 #define NS_ACLCONF_H 1
@@ -49,8 +49,8 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx);
  */
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+		  const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx,
 		  isc_mem_t *mctx,
 		  dns_acl_t **target);

bin/named/include/named/client.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.60.2.3 2004/03/09 06:09:21 marka Exp $ */
+/* $Id: client.h,v 1.60.2.4 2004/07/23 02:57:01 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -91,6 +91,7 @@ struct ns_client {
 	int			nreads;
 	int			nsends;
 	int			nrecvs;
+	int			nupdates;
 	int			nctls;
 	int			references;
 	unsigned int		attributes;

bin/named/include/named/config.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h,v 1.4.2.1 2004/03/09 06:09:21 marka Exp $ */
+/* $Id: config.h,v 1.4.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_CONFIG_H
 #define NAMED_CONFIG_H 1
@@ -29,20 +29,20 @@ isc_result_t
 ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);
 
 isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj);
 
 int
-ns_config_listcount(cfg_obj_t *list);
+ns_config_listcount(const cfg_obj_t *list);
 
 isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		   dns_rdataclass_t *classp);
 
 dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj);
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj);
 
 isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
 		    in_port_t defport, isc_mem_t *mctx,
 		    isc_sockaddr_t **addrsp, isc_uint32_t *countp);
 
@@ -51,16 +51,16 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 		    isc_uint32_t count);
 
 isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keys,
-			  isc_uint32_t *countp);
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+			  dns_name_t ***keys, isc_uint32_t *countp);
 
 void
 ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 			  dns_name_t ***keys, isc_uint32_t count);
 
 isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp);
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp);
 
 isc_result_t
 ns_config_getkeyalgorithm(const char *str, dns_name_t **name);

bin/named/include/named/control.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.h,v 1.6.2.3 2004/03/09 06:09:21 marka Exp $ */
+/* $Id: control.h,v 1.6.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_CONTROL_H
 #define NAMED_CONTROL_H 1
@@ -61,7 +61,7 @@ ns_controls_destroy(ns_controls_t **ctrlsp);
  */
 
 isc_result_t
-ns_controls_configure(ns_controls_t *controls, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config,
 		      ns_aclconfctx_t *aclconfctx);
 /*
  * Configure zero or more command channels into 'controls'

bin/named/include/named/globals.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.59.2.1 2004/03/09 06:09:21 marka Exp $ */
+/* $Id: globals.h,v 1.59.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -73,7 +73,7 @@ EXTERN unsigned int		ns_g_debuglevel		INIT(0);
  * Current configuration information.
  */
 EXTERN cfg_obj_t *		ns_g_config		INIT(NULL);
-EXTERN cfg_obj_t *		ns_g_defaults		INIT(NULL);
+EXTERN const cfg_obj_t *	ns_g_defaults		INIT(NULL);
 EXTERN const char *		ns_g_conffile		INIT(NS_SYSCONFDIR
 							     "/named.conf");
 EXTERN const char *		ns_g_keyfile		INIT(NS_SYSCONFDIR

bin/named/include/named/logconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.10.2.1 2004/03/09 06:09:22 marka Exp $ */
+/* $Id: logconf.h,v 1.10.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1
@@ -23,7 +23,7 @@
 #include <isc/log.h>
 
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt);
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt);
 /*
  * Set up the logging configuration in '*logconf' according to
  * the named.conf data in 'logstmt'.

bin/named/include/named/lwresd.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.12.2.1 2004/03/09 06:09:22 marka Exp $ */
+/* $Id: lwresd.h,v 1.12.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1
@@ -56,7 +56,7 @@ struct ns_lwreslistener {
  * Configure lwresd.
  */
 isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config);
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config);
 
 isc_result_t
 ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
@@ -72,7 +72,8 @@ ns_lwresd_shutdown(void);
  * Manager functions
  */
 isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres, ns_lwresd_t **lwresdp);
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
+		      ns_lwresd_t **lwresdp);
 
 void
 ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp);

bin/named/include/named/ns_smf_globals.h

@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2005  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: ns_smf_globals.h,v 1.2.6.3 2005/05/13 01:21:56 marka Exp $ */
+
+#ifndef NS_SMF_GLOBALS_H
+#define NS_SMF_GLOBALS_H 1
+ 
+#include <libscf.h>
+ 
+#undef EXTERN
+#undef INIT
+#ifdef NS_MAIN
+#define EXTERN
+#define INIT(v) = (v)
+#else
+#define EXTERN extern
+#define INIT(v)
+#endif
+                
+EXTERN unsigned int	ns_smf_got_instance	INIT(0);
+EXTERN unsigned int	ns_smf_chroot		INIT(0);
+
+isc_result_t ns_smf_add_message(isc_buffer_t *text);
+isc_result_t ns_smf_get_instance(char **name, int debug, isc_mem_t *mctx);
+isc_result_t ns_smf_disable(const char *name);
+
+#undef EXTERN
+#undef INIT
+ 
+#endif /* NS_SMF_GLOBALS_H */

bin/named/include/named/server.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.58.2.3 2004/03/09 06:09:23 marka Exp $ */
+/* $Id: server.h,v 1.58.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
@@ -177,6 +177,6 @@ ns_server_status(ns_server_t *server, isc_buffer_t *text);
  * Maintain a list of dispatches that require reserved ports.
  */
 void
-ns_add_reserved_dispatch(ns_server_t *server, isc_sockaddr_t *addr);
+ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
 
 #endif /* NAMED_SERVER_H */

bin/named/include/named/sortlist.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sortlist.h,v 1.4.2.1 2004/03/09 06:09:23 marka Exp $ */
+/* $Id: sortlist.h,v 1.4.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_SORTLIST_H
 #define NAMED_SORTLIST_H 1
@@ -28,7 +28,7 @@
  * Type for callback functions that rank addresses.
  */
 typedef int 
-(*dns_addressorderfunc_t)(isc_netaddr_t *address, void *arg);
+(*dns_addressorderfunc_t)(const isc_netaddr_t *address, const void *arg);
 
 /*
  * Return value type for setup_sortlist.
@@ -40,7 +40,8 @@ typedef enum {
 } ns_sortlisttype_t;
 
 ns_sortlisttype_t
-ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp);
+ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr,
+		  const void **argp);
 /*
  * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
  *
@@ -55,14 +56,14 @@ ns_sortlist_setup(dns_acl_t *acl, isc_netaddr_t *clientaddr, void **argp);
  */
 
 int
-ns_sortlist_addrorder1(isc_netaddr_t *addr, void *arg);
+ns_sortlist_addrorder1(const isc_netaddr_t *addr, const void *arg);
 /*
  * Find the sort order of 'addr' in 'arg', the matching element
  * of a 1-element top-level sortlist statement.
  */
 
 int
-ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg);
+ns_sortlist_addrorder2(const isc_netaddr_t *addr, const void *arg);
 /*
  * Find the sort order of 'addr' in 'arg', a topology-like
  * ACL forming the second element in a 2-element top-level
@@ -72,7 +73,7 @@ ns_sortlist_addrorder2(isc_netaddr_t *addr, void *arg);
 void
 ns_sortlist_byaddrsetup(dns_acl_t *sortlist_acl, isc_netaddr_t *client_addr,
 			dns_addressorderfunc_t *orderp,
-			void **argp);
+			const void **argp);
 /*
  * Find the sortlist statement in 'acl' that applies to 'clientaddr', if any.
  * If a sortlist statement applies, return in '*orderp' a pointer to a function

bin/named/include/named/tkeyconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tkeyconf.h,v 1.9.2.1 2004/03/09 06:09:23 marka Exp $ */
+/* $Id: tkeyconf.h,v 1.9.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NS_TKEYCONF_H
 #define NS_TKEYCONF_H 1
@@ -28,8 +28,8 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_tkeyctx_fromconfig(cfg_obj_t *options, isc_mem_t *mctx, isc_entropy_t *ectx,
-		      dns_tkeyctx_t **tctxp);
+ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
+		      isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
 /*
  * 	Create a TKEY context and configure it, including the default DH key
  *	and default domain, according to 'options'.

bin/named/include/named/tsigconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tsigconf.h,v 1.9.2.1 2004/03/09 06:09:23 marka Exp $ */
+/* $Id: tsigconf.h,v 1.9.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NS_TSIGCONF_H
 #define NS_TSIGCONF_H 1
@@ -26,7 +26,7 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_tsigkeyring_fromconfig(cfg_obj_t *config, cfg_obj_t *vconfig,
+ns_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			  isc_mem_t *mctx, dns_tsig_keyring_t **ringp);
 /*
  * Create a TSIG key ring and configure it according to the 'key'

bin/named/include/named/zoneconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.h,v 1.16.2.3 2004/03/09 06:09:23 marka Exp $ */
+/* $Id: zoneconf.h,v 1.16.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NS_ZONECONF_H
 #define NS_ZONECONF_H 1
@@ -30,8 +30,9 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
-		  ns_aclconfctx_t *ac, dns_zone_t *zone);
+ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
+		  const cfg_obj_t *zconfig, ns_aclconfctx_t *ac,
+		  dns_zone_t *zone);
 /*
  * Configure or reconfigure a zone according to the named.conf
  * data in 'cctx' and 'czone'.
@@ -48,7 +49,7 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
  */
 
 isc_boolean_t
-ns_zone_reusable(dns_zone_t *zone, cfg_obj_t *zconfig);
+ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig);
 /*
  * If 'zone' can be safely reconfigured according to the configuration
  * data in 'zconfig', return ISC_TRUE.  If the configuration data is so

bin/named/interfacemgr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.59.2.6 2004/03/09 06:09:18 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.59.2.9 2006/01/04 23:50:16 marka Exp $ */
 
 #include <config.h>
 
@@ -348,9 +348,9 @@ ns_interface_setup(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr,
 	if (result != ISC_R_SUCCESS) {
 		/*
 		 * XXXRTH We don't currently have a way to easily stop dispatch
-		 * service, so we return currently return ISC_R_SUCCESS (the
-		 * UDP stuff will work even if TCP creation failed).  This will
-		 * be fixed later.
+		 * service, so we currently return ISC_R_SUCCESS (the UDP stuff
+		 * will work even if TCP creation failed).  This will be fixed
+		 * later.
 		 */
 		result = ISC_R_SUCCESS;
 	}
@@ -553,9 +553,8 @@ do_ipv4(ns_interfacemgr_t *mgr) {
 			 * See if the address matches the listen-on statement;
 			 * if not, ignore the interface.
 			 */
-			result = dns_acl_match(&listen_netaddr, NULL,
-					       le->acl, &mgr->aclenv,
-					       &match, NULL);
+			(void)dns_acl_match(&listen_netaddr, NULL, le->acl,
+					    &mgr->aclenv, &match, NULL);
 			if (match <= 0)
 				continue;
 

bin/named/logconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.30.2.5 2004/03/09 06:09:18 marka Exp $ */
+/* $Id: logconf.c,v 1.30.2.7 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -41,13 +41,13 @@
  * in 'ccat' and add it to 'lctx'.
  */
 static isc_result_t
-category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
+category_fromconf(const cfg_obj_t *ccat, isc_logconfig_t *lctx) {
 	isc_result_t result;
 	const char *catname;
 	isc_logcategory_t *category;
 	isc_logmodule_t *module;
-	cfg_obj_t *destinations = NULL;
-	cfg_listelt_t *element = NULL;
+	const cfg_obj_t *destinations = NULL;
+	const cfg_listelt_t *element = NULL;
 
 	catname = cfg_obj_asstring(cfg_tuple_get(ccat, "name"));
 	category = isc_log_categorybyname(ns_g_lctx, catname);
@@ -68,8 +68,8 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
 	     element != NULL;
 	     element = cfg_list_next(element))
 	{
-		cfg_obj_t *channel = cfg_listelt_value(element);
-		char *channelname = cfg_obj_asstring(channel);
+		const cfg_obj_t *channel = cfg_listelt_value(element);
+		const char *channelname = cfg_obj_asstring(channel);
 
 		result = isc_log_usechannel(lctx, channelname, category,
 					    module);
@@ -89,18 +89,18 @@ category_fromconf(cfg_obj_t *ccat, isc_logconfig_t *lctx) {
  * in 'cchan' and add it to 'lctx'.
  */
 static isc_result_t
-channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
+channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
 	isc_result_t result;
 	isc_logdestination_t dest;
 	unsigned int type;
 	unsigned int flags = 0;
 	int level;
 	const char *channelname;
-	cfg_obj_t *fileobj = NULL;
-	cfg_obj_t *syslogobj = NULL;
-	cfg_obj_t *nullobj = NULL;
-	cfg_obj_t *stderrobj = NULL;
-	cfg_obj_t *severity = NULL;
+	const cfg_obj_t *fileobj = NULL;
+	const cfg_obj_t *syslogobj = NULL;
+	const cfg_obj_t *nullobj = NULL;
+	const cfg_obj_t *stderrobj = NULL;
+	const cfg_obj_t *severity = NULL;
 	int i;
 
 	channelname = cfg_obj_asstring(cfg_map_getname(channel));
@@ -130,9 +130,10 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
 	type = ISC_LOG_TONULL;
 	
 	if (fileobj != NULL) {
-		cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
-		cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
-		cfg_obj_t *versionsobj = cfg_tuple_get(fileobj, "versions");
+		const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
+		const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
+		const cfg_obj_t *versionsobj =
+				 cfg_tuple_get(fileobj, "versions");
 		isc_int32_t versions = ISC_LOG_ROLLNEVER;
 		isc_offset_t size = 0;
 
@@ -157,7 +158,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
 		type = ISC_LOG_TOSYSLOG;
 
 		if (cfg_obj_isstring(syslogobj)) {
-			char *facilitystr = cfg_obj_asstring(syslogobj);
+			const char *facilitystr = cfg_obj_asstring(syslogobj);
 			(void)isc_syslog_facilityfromstring(facilitystr,
 							    &facility);
 		}
@@ -174,9 +175,9 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
 	 * Munge flags.
 	 */
 	{
-		cfg_obj_t *printcat = NULL;
-		cfg_obj_t *printsev = NULL;
-		cfg_obj_t *printtime = NULL;
+		const cfg_obj_t *printcat = NULL;
+		const cfg_obj_t *printsev = NULL;
+		const cfg_obj_t *printtime = NULL;
 
 		(void)cfg_map_get(channel, "print-category", &printcat);
 		(void)cfg_map_get(channel, "print-severity", &printsev);
@@ -193,7 +194,7 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
 	level = ISC_LOG_INFO;
 	if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) {
 		if (cfg_obj_isstring(severity)) {
-			char *str = cfg_obj_asstring(severity);
+			const char *str = cfg_obj_asstring(severity);
 			if (strcasecmp(str, "critical") == 0)
 				level = ISC_LOG_CRITICAL;
 			else if (strcasecmp(str, "error") == 0)
@@ -242,13 +243,14 @@ channel_fromconf(cfg_obj_t *channel, isc_logconfig_t *lctx) {
 }
 
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) {
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt) {
 	isc_result_t result;
-	cfg_obj_t *channels = NULL;
-	cfg_obj_t *categories = NULL;
-	cfg_listelt_t *element;
+	const cfg_obj_t *channels = NULL;
+	const cfg_obj_t *categories = NULL;
+	const cfg_listelt_t *element;
 	isc_boolean_t default_set = ISC_FALSE;
 	isc_boolean_t unmatched_set = ISC_FALSE;
+	const cfg_obj_t *catname;
 
 	CHECK(ns_log_setdefaultchannels(logconf));
 
@@ -257,7 +259,7 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) {
 	     element != NULL;
 	     element = cfg_list_next(element))
 	{
-		cfg_obj_t *channel = cfg_listelt_value(element);
+		const cfg_obj_t *channel = cfg_listelt_value(element);
 		CHECK(channel_fromconf(channel, logconf));
 	}
 
@@ -266,15 +268,15 @@ ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt) {
 	     element != NULL;
 	     element = cfg_list_next(element))
 	{
-		cfg_obj_t *category = cfg_listelt_value(element);
+		const cfg_obj_t *category = cfg_listelt_value(element);
 		CHECK(category_fromconf(category, logconf));
 		if (!default_set) {
-			cfg_obj_t *catname = cfg_tuple_get(category, "name");
+			catname = cfg_tuple_get(category, "name");
 			if (strcmp(cfg_obj_asstring(catname), "default") == 0)
 				default_set = ISC_TRUE;
 		}
 		if (!unmatched_set) {
-			cfg_obj_t *catname = cfg_tuple_get(category, "name");
+			catname = cfg_tuple_get(category, "name");
 			if (strcmp(cfg_obj_asstring(catname), "unmatched") == 0)
 				unmatched_set = ISC_TRUE;
 		}

bin/named/lwdgabn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.13.2.1 2004/03/09 06:09:18 marka Exp $ */
+/* $Id: lwdgabn.c,v 1.13.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -120,7 +120,7 @@ sort_addresses(ns_lwdclient_t *client) {
 	rankedaddress *addrs;
 	isc_netaddr_t remote;
 	dns_addressorderfunc_t order;
-	void *arg;
+	const void *arg;
 	ns_lwresd_t *lwresd = client->clientmgr->listener->manager;
 	unsigned int i;
 	isc_result_t result;

bin/named/lwdgrbn.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgrbn.c,v 1.11.2.1 2004/03/09 06:09:18 marka Exp $ */
+/* $Id: lwdgrbn.c,v 1.11.2.3 2006/01/04 23:50:16 marka Exp $ */
 
 #include <config.h>
 
@@ -358,7 +358,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 	client->sendlength = r.length;
 	result = ns_lwdclient_sendreply(client, &r);
 	if (result != ISC_R_SUCCESS)
-		goto out;
+		goto out2;
 
 	NS_LWDCLIENT_SETSEND(client);
 
@@ -378,7 +378,7 @@ lookup_done(isc_task_t *task, isc_event_t *event) {
 	if (grbn->siglen != NULL)
 		isc_mem_put(cm->mctx, grbn->siglen,
 			    grbn->nsigs * sizeof(lwres_uint16_t));
-
+ out2:
 	if (client->lookup != NULL)
 		dns_lookup_destroy(&client->lookup);
 	if (lwb.base != NULL)

bin/named/lwresd.8

@@ -1,135 +1,135 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwresd.8,v 1.13.2.2 2004/06/03 05:21:13 marka Exp $
+.\" $Id: lwresd.8,v 1.13.2.5 2005/10/13 02:23:29 marka Exp $
 .\"
-.TH "LWRESD" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "LWRESD" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 lwresd \- lightweight resolver daemon
-.SH SYNOPSIS
-.sp
-\fBlwresd\fR [ \fB-C \fIconfig-file\fB\fR ]  [ \fB-d \fIdebug-level\fB\fR ]  [ \fB-f\fR ]  [ \fB-g\fR ]  [ \fB-i \fIpid-file\fB\fR ]  [ \fB-n \fI#cpus\fB\fR ]  [ \fB-P \fIport\fB\fR ]  [ \fB-p \fIport\fB\fR ]  [ \fB-s\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-u \fIuser\fB\fR ]  [ \fB-v\fR ] 
+.SH "SYNOPSIS"
+.HP 7
+\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
 .SH "DESCRIPTION"
 .PP
-\fBlwresd\fR is the daemon providing name lookup
-services to clients that use the BIND 9 lightweight resolver
-library. It is essentially a stripped-down, caching-only name
-server that answers queries using the BIND 9 lightweight
-resolver protocol rather than the DNS protocol.
+\fBlwresd\fR
+is the daemon providing name lookup services to clients that use the BIND 9 lightweight resolver library. It is essentially a stripped\-down, caching\-only name server that answers queries using the BIND 9 lightweight resolver protocol rather than the DNS protocol.
 .PP
-\fBlwresd\fR listens for resolver queries on a
-UDP port on the IPv4 loopback interface, 127.0.0.1. This
-means that \fBlwresd\fR can only be used by
-processes running on the local machine. By default UDP port
-number 921 is used for lightweight resolver requests and
-responses.
+\fBlwresd\fR
+listens for resolver queries on a UDP port on the IPv4 loopback interface, 127.0.0.1. This means that
+\fBlwresd\fR
+can only be used by processes running on the local machine. By default UDP port number 921 is used for lightweight resolver requests and responses.
 .PP
-Incoming lightweight resolver requests are decoded by the
-server which then resolves them using the DNS protocol. When
-the DNS lookup completes, \fBlwresd\fR encodes
-the answers in the lightweight resolver format and returns
-them to the client that made the request.
+Incoming lightweight resolver requests are decoded by the server which then resolves them using the DNS protocol. When the DNS lookup completes,
+\fBlwresd\fR
+encodes the answers in the lightweight resolver format and returns them to the client that made the request.
 .PP
-If \fI/etc/resolv.conf\fR contains any
-\fBnameserver\fR entries, \fBlwresd\fR
-sends recursive DNS queries to those servers. This is similar
-to the use of forwarders in a caching name server. If no
-\fBnameserver\fR entries are present, or if
-forwarding fails, \fBlwresd\fR resolves the
-queries autonomously starting at the root name servers, using
-a built-in list of root server hints.
+If
+\fI/etc/resolv.conf\fR
+contains any
+\fBnameserver\fR
+entries,
+\fBlwresd\fR
+sends recursive DNS queries to those servers. This is similar to the use of forwarders in a caching name server. If no
+\fBnameserver\fR
+entries are present, or if forwarding fails,
+\fBlwresd\fR
+resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
 .SH "OPTIONS"
 .TP
-\fB-C \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
+\-C \fIconfig\-file\fR
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
 \fI/etc/resolv.conf\fR.
 .TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBlwresd\fR become
-more verbose as the debug level increases.
+\-d \fIdebug\-level\fR
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBlwresd\fR
+become more verbose as the debug level increases.
 .TP
-\fB-f\fR
+\-f
 Run the server in the foreground (i.e. do not daemonize).
 .TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
+\-g
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
 .TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBlwresd\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
+\-n \fI#cpus\fR
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBlwresd\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
 .TP
-\fB-P \fIport\fB\fR
+\-P \fIport\fR
 Listen for lightweight resolver queries on port
-\fIport\fR. If
-not specified, the default is port 921.
+\fIport\fR. If not specified, the default is port 921.
 .TP
-\fB-p \fIport\fB\fR
-Send DNS lookups to port \fIport\fR. If not
-specified, the default is port 53. This provides a
-way of testing the lightweight resolver daemon with a
-name server that listens for queries on a non-standard
-port number.
+\-p \fIport\fR
+Send DNS lookups to port
+\fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
 .TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR
+\-s
+Write memory usage statistics to
+\fIstdout\fR
 on exit.
-.sp
 .RS
 .B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.sp
 .TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
+\-t \fIdirectory\fR
+\fBchroot()\fR
+to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
 .RS
 .B "Warning:"
 This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot()\fR
+is defined allows a process with root privileges to escape a chroot jail.
 .RE
-.sp
 .TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
+\-u \fIuser\fR
+\fBsetuid()\fR
+to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
 .TP
-\fB-v\fR
+\-v
 Report the version number and exit.
 .SH "FILES"
 .TP
-\fB\fI/etc/resolv.conf\fB\fR
+\fI/etc/resolv.conf\fR
 The default configuration file.
 .TP
-\fB\fI/var/run/lwresd.pid\fB\fR
-The default process-id file.
+\fI/var/run/lwresd.pid\fR
+The default process\-id file.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),

bin/named/lwresd.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.37.2.3 2004/03/09 06:09:19 marka Exp $ */
+/* $Id: lwresd.c,v 1.37.2.6 2006/03/01 01:34:05 marka Exp $ */
 
 /*
  * Main program for the Lightweight Resolver Daemon.
@@ -285,14 +285,14 @@ ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
  * Handle lwresd manager objects
  */
 isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
+ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
 		     ns_lwresd_t **lwresdp)
 {
 	ns_lwresd_t *lwresd;
 	const char *vname;
 	dns_rdataclass_t vclass;
-	cfg_obj_t *obj, *viewobj, *searchobj;
-	cfg_listelt_t *element;
+	const cfg_obj_t *obj, *viewobj, *searchobj;
+	const cfg_listelt_t *element;
 	isc_result_t result;
 
 	INSIST(lwresdp != NULL && *lwresdp == NULL);
@@ -356,8 +356,8 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
 		     element != NULL;
 		     element = cfg_list_next(element))
 		{
-			cfg_obj_t *search;
-			char *searchstr;
+			const cfg_obj_t *search;
+			const char *searchstr;
 			isc_buffer_t namebuf;
 			dns_fixedname_t fname;
 			dns_name_t *name;
@@ -407,6 +407,7 @@ ns_lwdmanager_create(isc_mem_t *mctx, cfg_obj_t *lwres,
 		ns_lwsearchlist_detach(&lwresd->search);
 	if (lwresd->mctx != NULL)
 		isc_mem_detach(&lwresd->mctx);
+	isc_mem_put(mctx, lwresd, sizeof(ns_lwresd_t));
 	return (result);
 }
 
@@ -738,11 +739,11 @@ configure_listener(isc_sockaddr_t *address, ns_lwresd_t *lwresd,
 }
 
 isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, cfg_obj_t *config) {
-	cfg_obj_t *lwreslist = NULL;
-	cfg_obj_t *lwres = NULL;
-	cfg_obj_t *listenerslist = NULL;
-	cfg_listelt_t *element = NULL;
+ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config) {
+	const cfg_obj_t *lwreslist = NULL;
+	const cfg_obj_t *lwres = NULL;
+	const cfg_obj_t *listenerslist = NULL;
+	const cfg_listelt_t *element = NULL;
 	ns_lwreslistener_t *listener;
 	ns_lwreslistenerlist_t newlisteners;
 	isc_result_t result;

bin/named/lwresd.docbook

@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: lwresd.docbook,v 1.6.2.2 2004/06/03 02:25:52 marka Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.6.2.4 2005/05/12 21:35:10 sra Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,19 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>lwresd</application></refname>
     <refpurpose>lightweight resolver daemon</refpurpose>

bin/named/lwresd.html

@@ -1,541 +1,189 @@
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000, 2001  Internet Software Consortium.
- -
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
+ - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
- -
+ - 
  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-
-<!-- $Id: lwresd.html,v 1.4.2.3 2004/06/03 05:21:13 marka Exp $ -->
-
-<HTML
-><HEAD
-><TITLE
->lwresd</TITLE
-><META
-NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.73
-"></HEAD
-><BODY
-CLASS="REFENTRY"
-BGCOLOR="#FFFFFF"
-TEXT="#000000"
-LINK="#0000FF"
-VLINK="#840084"
-ALINK="#0000FF"
-><H1
-><A
-NAME="AEN1"
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
-></A
-></H1
-><DIV
-CLASS="REFNAMEDIV"
-><A
-NAME="AEN9"
-></A
-><H2
->Name</H2
-><SPAN
-CLASS="APPLICATION"
->lwresd</SPAN
->&nbsp;--&nbsp;lightweight resolver daemon</DIV
-><DIV
-CLASS="REFSYNOPSISDIV"
-><A
-NAME="AEN13"
-></A
-><H2
->Synopsis</H2
-><P
-><B
-CLASS="COMMAND"
->lwresd</B
->  [<TT
-CLASS="OPTION"
->-C <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-d <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-f</TT
->] [<TT
-CLASS="OPTION"
->-g</TT
->] [<TT
-CLASS="OPTION"
->-i <TT
-CLASS="REPLACEABLE"
-><I
->pid-file</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-n <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-P <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-p <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-s</TT
->] [<TT
-CLASS="OPTION"
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-u <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-></TT
->] [<TT
-CLASS="OPTION"
->-v</TT
->]</P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN48"
-></A
-><H2
->DESCRIPTION</H2
-><P
->	<B
-CLASS="COMMAND"
->lwresd</B
-> is the daemon providing name lookup
+<!-- $Id: lwresd.html,v 1.4.2.11 2006/04/23 10:10:08 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>lwresd</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code>  [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524485"></a><h2>DESCRIPTION</h2>
+<p>
+	<span><strong class="command">lwresd</strong></span> is the daemon providing name lookup
 	services to clients that use the BIND 9 lightweight resolver
 	library.  It is essentially a stripped-down, caching-only name
 	server that answers queries using the BIND 9 lightweight
 	resolver protocol rather than the DNS protocol.
-    </P
-><P
->	<B
-CLASS="COMMAND"
->lwresd</B
-> listens for resolver queries on a
+    </p>
+<p>
+	<span><strong class="command">lwresd</strong></span> listens for resolver queries on a
 	UDP port on the IPv4 loopback interface, 127.0.0.1.  This
-	means that <B
-CLASS="COMMAND"
->lwresd</B
-> can only be used by
+	means that <span><strong class="command">lwresd</strong></span> can only be used by
 	processes running on the local machine.  By default UDP port
 	number 921 is used for lightweight resolver requests and
 	responses.
-    </P
-><P
->	Incoming lightweight resolver requests are decoded by the
+    </p>
+<p>
+	Incoming lightweight resolver requests are decoded by the
 	server which then resolves them using the DNS protocol.  When
-	the DNS lookup completes, <B
-CLASS="COMMAND"
->lwresd</B
-> encodes
+	the DNS lookup completes, <span><strong class="command">lwresd</strong></span> encodes
 	the answers in the lightweight resolver format and returns
 	them to the client that made the request.
-    </P
-><P
->	If <TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-> contains any
-	<TT
-CLASS="OPTION"
->nameserver</TT
-> entries, <B
-CLASS="COMMAND"
->lwresd</B
->
+    </p>
+<p>
+	If <code class="filename">/etc/resolv.conf</code> contains any
+	<code class="option">nameserver</code> entries, <span><strong class="command">lwresd</strong></span>
 	sends recursive DNS queries to those servers.  This is similar
 	to the use of forwarders in a caching name server.  If no
-	<TT
-CLASS="OPTION"
->nameserver</TT
-> entries are present, or if
-	forwarding fails, <B
-CLASS="COMMAND"
->lwresd</B
-> resolves the
+	<code class="option">nameserver</code> entries are present, or if
+	forwarding fails, <span><strong class="command">lwresd</strong></span> resolves the
 	queries autonomously starting at the root name servers, using
 	a built-in list of root server hints.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN63"
-></A
-><H2
->OPTIONS</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
->-C <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-></DT
-><DD
-><P
->		Use <TT
-CLASS="REPLACEABLE"
-><I
->config-file</I
-></TT
-> as the
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525217"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
+<dd><p>
+		Use <em class="replaceable"><code>config-file</code></em> as the
 		configuration file instead of the default,
-		<TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
->.
-          </P
-></DD
-><DT
->-d <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
-></DT
-><DD
-><P
->		Set the daemon's debug level to <TT
-CLASS="REPLACEABLE"
-><I
->debug-level</I
-></TT
->.
-		Debugging traces from <B
-CLASS="COMMAND"
->lwresd</B
-> become
+		<code class="filename">/etc/resolv.conf</code>.
+          </p></dd>
+<dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
+<dd><p>
+		Set the daemon's debug level to <em class="replaceable"><code>debug-level</code></em>.
+		Debugging traces from <span><strong class="command">lwresd</strong></span> become
 		more verbose as the debug level increases.
-          </P
-></DD
-><DT
->-f</DT
-><DD
-><P
->		Run the server in the foreground (i.e. do not daemonize).
-          </P
-></DD
-><DT
->-g</DT
-><DD
-><P
->		Run the server in the foreground and force all logging
-		to <TT
-CLASS="FILENAME"
->stderr</TT
->.
-          </P
-></DD
-><DT
->-n <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-></DT
-><DD
-><P
->		Create <TT
-CLASS="REPLACEABLE"
-><I
->#cpus</I
-></TT
-> worker threads
+          </p></dd>
+<dt><span class="term">-f</span></dt>
+<dd><p>
+		Run the server in the foreground (i.e. do not daemonize).
+          </p></dd>
+<dt><span class="term">-g</span></dt>
+<dd><p>
+		Run the server in the foreground and force all logging
+		to <code class="filename">stderr</code>.
+          </p></dd>
+<dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
+<dd><p>
+		Create <em class="replaceable"><code>#cpus</code></em> worker threads
 		to take advantage of multiple CPUs.  If not specified,
-		<B
-CLASS="COMMAND"
->lwresd</B
-> will try to determine the
+		<span><strong class="command">lwresd</strong></span> will try to determine the
 		number of CPUs present and create one thread per CPU.
 		If it is unable to determine the number of CPUs, a
 		single worker thread will be created.
-          </P
-></DD
-><DT
->-P <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></DT
-><DD
-><P
->		Listen for lightweight resolver queries on port
-		<TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
->.  If
+          </p></dd>
+<dt><span class="term">-P <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+		Listen for lightweight resolver queries on port
+		<em class="replaceable"><code>port</code></em>.  If
 		not specified, the default is port 921.
-          </P
-></DD
-><DT
->-p <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
-></DT
-><DD
-><P
->		Send DNS lookups to port <TT
-CLASS="REPLACEABLE"
-><I
->port</I
-></TT
->.  If not
+          </p></dd>
+<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
+<dd><p>
+		Send DNS lookups to port <em class="replaceable"><code>port</code></em>.  If not
 		specified, the default is port 53.  This provides a
 		way of testing the lightweight resolver daemon with a
 		name server that listens for queries on a non-standard
 		port number.
-          </P
-></DD
-><DT
->-s</DT
-><DD
-><P
->		Write memory usage statistics to <TT
-CLASS="FILENAME"
->stdout</TT
->
+          </p></dd>
+<dt><span class="term">-s</span></dt>
+<dd>
+<p>
+		Write memory usage statistics to <code class="filename">stdout</code>
 		on exit.
-          </P
-><DIV
-CLASS="NOTE"
-><BLOCKQUOTE
-CLASS="NOTE"
-><P
-><B
->Note: </B
->		This option is mainly of interest to BIND 9 developers
+          </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+		This option is mainly of interest to BIND 9 developers
 		and may be removed or changed in a future release.
-	    </P
-></BLOCKQUOTE
-></DIV
-></DD
-><DT
->-t <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-></DT
-><DD
-><P
->		<TT
-CLASS="FUNCTION"
->chroot()</TT
-> to <TT
-CLASS="REPLACEABLE"
-><I
->directory</I
-></TT
-> after
+	    </p>
+</div>
+</dd>
+<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
+<dd>
+<p>
+		<code class="function">chroot()</code> to <em class="replaceable"><code>directory</code></em> after
 		processing the command line arguments, but before
 		reading the configuration file.
-          </P
-><DIV
-CLASS="WARNING"
-><P
-></P
-><TABLE
-CLASS="WARNING"
-BORDER="1"
-WIDTH="90%"
-><TR
-><TD
-ALIGN="CENTER"
-><B
->Warning</B
-></TD
-></TR
-><TR
-><TD
-ALIGN="LEFT"
-><P
->		This option should be used in conjunction with the
-		<TT
-CLASS="OPTION"
->-u</TT
-> option, as chrooting a process
+          </p>
+<div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Warning</h3>
+<p>
+		This option should be used in conjunction with the
+		<code class="option">-u</code> option, as chrooting a process
 		running as root doesn't enhance security on most
-		systems; the way <TT
-CLASS="FUNCTION"
->chroot()</TT
-> is
+		systems; the way <code class="function">chroot()</code> is
 		defined allows a process with root privileges to
 		escape a chroot jail.
-	    </P
-></TD
-></TR
-></TABLE
-></DIV
-></DD
-><DT
->-u <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-></DT
-><DD
-><P
->		<TT
-CLASS="FUNCTION"
->setuid()</TT
-> to <TT
-CLASS="REPLACEABLE"
-><I
->user</I
-></TT
-> after completing
+	    </p>
+</div>
+</dd>
+<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
+<dd><p>
+		<code class="function">setuid()</code> to <em class="replaceable"><code>user</code></em> after completing
 		privileged operations, such as creating sockets that
 		listen on privileged ports.
-          </P
-></DD
-><DT
->-v</DT
-><DD
-><P
->		Report the version number and exit.
-          </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN137"
-></A
-><H2
->FILES</H2
-><P
-></P
-><DIV
-CLASS="VARIABLELIST"
-><DL
-><DT
-><TT
-CLASS="FILENAME"
->/etc/resolv.conf</TT
-></DT
-><DD
-><P
->		The default configuration file.
-          </P
-></DD
-><DT
-><TT
-CLASS="FILENAME"
->/var/run/lwresd.pid</TT
-></DT
-><DD
-><P
->		The default process-id file.
-          </P
-></DD
-></DL
-></DIV
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN150"
-></A
-><H2
->SEE ALSO</H2
-><P
->	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->named</SPAN
->(8)</SPAN
->,
-	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->lwres</SPAN
->(3)</SPAN
->,
-	<SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->resolver</SPAN
->(5)</SPAN
->.
-    </P
-></DIV
-><DIV
-CLASS="REFSECT1"
-><A
-NAME="AEN162"
-></A
-><H2
->AUTHOR</H2
-><P
->	Internet Systems Consortium
-    </P
-></DIV
-></BODY
-></HTML
->
+          </p></dd>
+<dt><span class="term">-v</span></dt>
+<dd><p>
+		Report the version number and exit.
+          </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525485"></a><h2>FILES</h2>
+<div class="variablelist"><dl>
+<dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
+<dd><p>
+		The default configuration file.
+          </p></dd>
+<dt><span class="term"><code class="filename">/var/run/lwresd.pid</code></span></dt>
+<dd><p>
+		The default process-id file.
+          </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525525"></a><h2>SEE ALSO</h2>
+<p>
+	<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+	<span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
+	<span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525563"></a><h2>AUTHOR</h2>
+<p>
+	<span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/named/main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.119.2.10 2004/04/20 13:54:17 marka Exp $ */
+/* $Id: main.c,v 1.119.2.17 2006/01/06 00:01:41 marka Exp $ */
 
 #include <config.h>
 
@@ -59,6 +59,9 @@
 #include <named/server.h>
 #include <named/lwresd.h>
 #include <named/main.h>
+#ifdef HAVE_LIBSCF
+#include <named/ns_smf_globals.h>
+#endif
 
 /*
  * Include header files for database drivers here.
@@ -407,7 +410,7 @@ create_managers(void) {
 	result = isc_taskmgr_create(ns_g_mctx, ns_g_cpus, 0, &ns_g_taskmgr);
 	if (result != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "ns_taskmgr_create() failed: %s",
+				 "isc_taskmgr_create() failed: %s",
 				 isc_result_totext(result));
 		return (ISC_R_UNEXPECTED);
 	}
@@ -415,7 +418,7 @@ create_managers(void) {
 	result = isc_timermgr_create(ns_g_mctx, &ns_g_timermgr);
 	if (result != ISC_R_SUCCESS) {
 		UNEXPECTED_ERROR(__FILE__, __LINE__,
-				 "ns_timermgr_create() failed: %s",
+				 "isc_timermgr_create() failed: %s",
 				 isc_result_totext(result));
 		return (ISC_R_UNEXPECTED);
 	}
@@ -470,6 +473,9 @@ destroy_managers(void) {
 static void
 setup(void) {
 	isc_result_t result;
+#ifdef HAVE_LIBSCF
+	char *instance = NULL;
+#endif
 
 	/*
 	 * Get the user and group information before changing the root
@@ -485,6 +491,18 @@ setup(void) {
 
 	ns_os_opendevnull();
 
+#ifdef HAVE_LIBSCF
+	/* Check if named is under smf control, before chroot. */
+	result = ns_smf_get_instance(&instance, 0, ns_g_mctx);
+	/* We don't care about instance, just check if we got one. */
+	if (result == ISC_R_SUCCESS)
+		ns_smf_got_instance = 1;
+	else
+		ns_smf_got_instance = 0;
+	if (instance != NULL)
+		isc_mem_free(ns_g_mctx, instance);
+#endif /* HAVE_LIBSCF */
+
 	ns_os_chroot(ns_g_chrootdir);
 
 	/*
@@ -512,6 +530,15 @@ setup(void) {
 	if (!ns_g_foreground)
 		ns_os_daemonize();
 
+	/*
+	 * We call isc_app_start() here as some versions of FreeBSD's fork()
+	 * destroys all the signal handling it sets up.
+	 */
+	result = isc_app_start();
+	if (result != ISC_R_SUCCESS)
+		ns_main_earlyfatal("isc_app_start() failed: %s",
+				   isc_result_totext(result));
+
 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
 		      ISC_LOG_NOTICE, "starting BIND %s%s", ns_g_version,
 		      saved_command_line);
@@ -572,6 +599,69 @@ cleanup(void) {
 	ns_log_shutdown();
 }
 
+#ifdef HAVE_LIBSCF
+/*
+ * Get FMRI for the named process.
+ */
+isc_result_t
+ns_smf_get_instance(char **ins_name, int debug, isc_mem_t *mctx) {
+	scf_handle_t *h = NULL;
+	int namelen;
+	char *instance;
+
+	REQUIRE(ins_name != NULL && *ins_name == NULL);
+
+	if ((h = scf_handle_create(SCF_VERSION)) == NULL) {
+		if (debug)
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "scf_handle_create() failed: %s",
+			 		 scf_strerror(scf_error()));
+		return (ISC_R_FAILURE);
+	}
+
+	if (scf_handle_bind(h) == -1) {
+		if (debug)
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "scf_handle_bind() failed: %s",
+					 scf_strerror(scf_error()));
+		scf_handle_destroy(h);
+		return (ISC_R_FAILURE);
+	}
+
+	if ((namelen = scf_myname(h, NULL, 0)) == -1) {
+		if (debug)
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "scf_myname() failed: %s",
+					 scf_strerror(scf_error()));
+		scf_handle_destroy(h);
+		return (ISC_R_FAILURE);
+	}
+
+	if ((instance = isc_mem_allocate(mctx, namelen + 1)) == NULL) {
+		UNEXPECTED_ERROR(__FILE__, __LINE__,
+				 "ns_smf_get_instance memory "
+				 "allocation failed: %s",
+				 isc_result_totext(ISC_R_NOMEMORY));
+		scf_handle_destroy(h);
+		return (ISC_R_FAILURE);
+	}
+
+	if (scf_myname(h, instance, namelen + 1) == -1) {
+		if (debug)
+			UNEXPECTED_ERROR(__FILE__, __LINE__,
+					 "scf_myname() failed: %s",
+					 scf_strerror(scf_error()));
+		scf_handle_destroy(h);
+		isc_mem_free(mctx, instance);
+		return (ISC_R_FAILURE);
+	}
+
+	scf_handle_destroy(h);
+	*ins_name = instance;
+	return (ISC_R_SUCCESS);
+}
+#endif /* HAVE_LIBSCF */
+
 int
 main(int argc, char *argv[]) {
 	isc_result_t result;
@@ -600,11 +690,6 @@ main(int argc, char *argv[]) {
 
 	ns_os_init(program_name);
 
-	result = isc_app_start();
-	if (result != ISC_R_SUCCESS)
-		ns_main_earlyfatal("isc_app_start() failed: %s",
-				   isc_result_totext(result));
-
 	result = isc_mem_create(0, 0, &ns_g_mctx);
 	if (result != ISC_R_SUCCESS)
 		ns_main_earlyfatal("isc_mem_create() failed: %s",

bin/named/named.8

@@ -1,167 +1,169 @@
-.\" Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000, 2001  Internet Software Consortium.
-.\"
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
+.\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
-.\"
+.\" 
 .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.8,v 1.17.2.2 2004/06/03 05:21:13 marka Exp $
+.\" $Id: named.8,v 1.17.2.7 2006/01/18 04:58:58 marka Exp $
 .\"
-.TH "NAMED" "8" "June 30, 2000" "BIND9" ""
-.SH NAME
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "NAMED" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 named \- Internet domain name server
-.SH SYNOPSIS
-.sp
-\fBnamed\fR [ \fB-c \fIconfig-file\fB\fR ]  [ \fB-d \fIdebug-level\fB\fR ]  [ \fB-f\fR ]  [ \fB-g\fR ]  [ \fB-n \fI#cpus\fB\fR ]  [ \fB-p \fIport\fB\fR ]  [ \fB-s\fR ]  [ \fB-t \fIdirectory\fB\fR ]  [ \fB-u \fIuser\fB\fR ]  [ \fB-v\fR ]  [ \fB-x \fIcache-file\fB\fR ] 
+.SH "SYNOPSIS"
+.HP 6
+\fBnamed\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
 .SH "DESCRIPTION"
 .PP
-\fBnamed\fR is a Domain Name System (DNS) server,
-part of the BIND 9 distribution from ISC. For more
-information on the DNS, see RFCs 1033, 1034, and 1035.
+\fBnamed\fR
+is a Domain Name System (DNS) server, part of the BIND 9 distribution from ISC. For more information on the DNS, see RFCs 1033, 1034, and 1035.
 .PP
-When invoked without arguments, \fBnamed\fR will
-read the default configuration file
-\fI/etc/named.conf\fR, read any initial
-data, and listen for queries.
+When invoked without arguments,
+\fBnamed\fR
+will read the default configuration file
+\fI/etc/named.conf\fR, read any initial data, and listen for queries.
 .SH "OPTIONS"
 .TP
-\fB-c \fIconfig-file\fB\fR
-Use \fIconfig-file\fR as the
-configuration file instead of the default,
-\fI/etc/named.conf\fR. To
-ensure that reloading the configuration file continues
-to work after the server has changed its working
-directory due to to a possible
-\fBdirectory\fR option in the configuration
-file, \fIconfig-file\fR should be
-an absolute pathname.
+\-c \fIconfig\-file\fR
+Use
+\fIconfig\-file\fR
+as the configuration file instead of the default,
+\fI/etc/named.conf\fR. To ensure that reloading the configuration file continues to work after the server has changed its working directory due to to a possible
+\fBdirectory\fR
+option in the configuration file,
+\fIconfig\-file\fR
+should be an absolute pathname.
 .TP
-\fB-d \fIdebug-level\fB\fR
-Set the daemon's debug level to \fIdebug-level\fR.
-Debugging traces from \fBnamed\fR become
-more verbose as the debug level increases.
+\-d \fIdebug\-level\fR
+Set the daemon's debug level to
+\fIdebug\-level\fR. Debugging traces from
+\fBnamed\fR
+become more verbose as the debug level increases.
 .TP
-\fB-f\fR
+\-f
 Run the server in the foreground (i.e. do not daemonize).
 .TP
-\fB-g\fR
-Run the server in the foreground and force all logging
-to \fIstderr\fR.
+\-g
+Run the server in the foreground and force all logging to
+\fIstderr\fR.
 .TP
-\fB-n \fI#cpus\fB\fR
-Create \fI#cpus\fR worker threads
-to take advantage of multiple CPUs. If not specified,
-\fBnamed\fR will try to determine the
-number of CPUs present and create one thread per CPU.
-If it is unable to determine the number of CPUs, a
-single worker thread will be created.
+\-n \fI#cpus\fR
+Create
+\fI#cpus\fR
+worker threads to take advantage of multiple CPUs. If not specified,
+\fBnamed\fR
+will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
 .TP
-\fB-p \fIport\fB\fR
-Listen for queries on port \fIport\fR. If not
-specified, the default is port 53.
+\-p \fIport\fR
+Listen for queries on port
+\fIport\fR. If not specified, the default is port 53.
 .TP
-\fB-s\fR
-Write memory usage statistics to \fIstdout\fR on exit.
-.sp
+\-s
+Write memory usage statistics to
+\fIstdout\fR
+on exit.
 .RS
 .B "Note:"
-This option is mainly of interest to BIND 9 developers
-and may be removed or changed in a future release.
+This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.sp
 .TP
-\fB-t \fIdirectory\fB\fR
-\fBchroot()\fR to \fIdirectory\fR after
-processing the command line arguments, but before
-reading the configuration file.
-.sp
+\-t \fIdirectory\fR
+\fBchroot()\fR
+to
+\fIdirectory\fR
+after processing the command line arguments, but before reading the configuration file.
 .RS
 .B "Warning:"
 This option should be used in conjunction with the
-\fB-u\fR option, as chrooting a process
-running as root doesn't enhance security on most
-systems; the way \fBchroot()\fR is
-defined allows a process with root privileges to
-escape a chroot jail.
+\fB\-u\fR
+option, as chrooting a process running as root doesn't enhance security on most systems; the way
+\fBchroot()\fR
+is defined allows a process with root privileges to escape a chroot jail.
 .RE
-.sp
 .TP
-\fB-u \fIuser\fB\fR
-\fBsetuid()\fR to \fIuser\fR after completing
-privileged operations, such as creating sockets that
-listen on privileged ports.
-.sp
+\-u \fIuser\fR
+\fBsetuid()\fR
+to
+\fIuser\fR
+after completing privileged operations, such as creating sockets that listen on privileged ports.
 .RS
 .B "Note:"
-On Linux, \fBnamed\fR uses the kernel's
-capability mechanism to drop all root privileges
-except the ability to \fBbind()\fR to a
-privileged port and set process resource limits.
-Unfortunately, this means that the \fB-u\fR
-option only works when \fBnamed\fR is run
-on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
-later, since previous kernels did not allow privileges
-to be retained after \fBsetuid()\fR.
+On Linux,
+\fBnamed\fR
+uses the kernel's capability mechanism to drop all root privileges except the ability to
+\fBbind()\fR
+to a privileged port and set process resource limits. Unfortunately, this means that the
+\fB\-u\fR
+option only works when
+\fBnamed\fR
+is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
+\fBsetuid()\fR.
 .RE
-.sp
 .TP
-\fB-v\fR
+\-v
 Report the version number and exit.
 .TP
-\fB-x \fIcache-file\fB\fR
-Load data from \fIcache-file\fR into the
-cache of the default view.
-.sp
+\-x \fIcache\-file\fR
+Load data from
+\fIcache\-file\fR
+into the cache of the default view.
 .RS
 .B "Warning:"
-This option must not be used. It is only of interest
-to BIND 9 developers and may be removed or changed in a
-future release.
+This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.sp
 .SH "SIGNALS"
 .PP
-In routine operation, signals should not be used to control
-the nameserver; \fBrndc\fR should be used
-instead.
+In routine operation, signals should not be used to control the nameserver;
+\fBrndc\fR
+should be used instead.
 .TP
-\fBSIGHUP\fR
+SIGHUP
 Force a reload of the server.
 .TP
-\fBSIGINT, SIGTERM\fR
+SIGINT, SIGTERM
 Shut down the server.
 .PP
 The result of sending any other signals to the server is undefined.
-.PP
 .SH "CONFIGURATION"
 .PP
-The \fBnamed\fR configuration file is too complex
-to describe in detail here. A complete description is
-provided in the \fIBIND 9 Administrator Reference
-Manual\fR.
+The
+\fBnamed\fR
+configuration file is too complex to describe in detail here. A complete description is provided in the
+BIND 9 Administrator Reference Manual.
 .SH "FILES"
 .TP
-\fB\fI/etc/named.conf\fB\fR
+\fI/etc/named.conf\fR
 The default configuration file.
 .TP
-\fB\fI/var/run/named.pid\fB\fR
-The default process-id file.
+\fI/var/run/named.pid\fR
+The default process\-id file.
 .SH "SEE ALSO"
 .PP
-\fIRFC 1033\fR,
-\fIRFC 1034\fR,
-\fIRFC 1035\fR,
+RFC 1033,
+RFC 1034,
+RFC 1035,
 \fBrndc\fR(8),
 \fBlwresd\fR(8),
-\fIBIND 9 Administrator Reference Manual\fR.
+\fBnamed.conf\fR(5),
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium

bin/named/named.conf.5

@@ -0,0 +1,372 @@
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: named.conf.5,v 1.1.6.8 2006/05/17 02:37:45 marka Exp $
+.\"
+.hy 0
+.ad l
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "\\FINAMED.CONF\\FR" "5" "Aug 13, 2004" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named.conf \- configuration file for named
+.SH "SYNOPSIS"
+.HP 11
+\fBnamed.conf\fR
+.SH "DESCRIPTION"
+.PP
+\fInamed.conf\fR
+is the configuration file for
+\fBnamed\fR. Statements are enclosed in braces and terminated with a semi\-colon. Clauses in the statements are also semi\-colon terminated. The usual comment styles are supported:
+.PP
+C style: /* */
+.PP
+C++ style: // to end of line
+.PP
+Unix style: # to end of line
+.SH "ACL"
+.sp
+.nf
+acl \fIstring\fR { \fIaddress_match_element\fR; ... };
+.fi
+.SH "KEY"
+.sp
+.nf
+key \fIdomain_name\fR {
+	algorithm \fIstring\fR;
+	secret \fIstring\fR;
+};
+.fi
+.SH "SERVER"
+.sp
+.nf
+server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
+	bogus \fIboolean\fR;
+	edns \fIboolean\fR;
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
+	keys \fIserver_key\fR;
+	transfers \fIinteger\fR;
+	transfer\-format ( many\-answers | one\-answer );
+	transfer\-source ( \fIipv4_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	support\-ixfr \fIboolean\fR; // obsolete
+};
+.fi
+.SH "TRUSTED\-KEYS"
+.sp
+.nf
+trusted\-keys {
+	\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... 
+};
+.fi
+.SH "CONTROLS"
+.sp
+.nf
+controls {
+	inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ]
+		allow { \fIaddress_match_element\fR; ... }
+		[ keys { \fIstring\fR; ... } ];
+	unix \fIunsupported\fR; // not implemented
+};
+.fi
+.SH "LOGGING"
+.sp
+.nf
+logging {
+	channel \fIstring\fR {
+		file \fIlog_file\fR;
+		syslog \fIoptional_facility\fR;
+		null;
+		stderr;
+		severity \fIlog_severity\fR;
+		print\-time \fIboolean\fR;
+		print\-severity \fIboolean\fR;
+		print\-category \fIboolean\fR;
+	};
+	category \fIstring\fR { \fIstring\fR; ... };
+};
+.fi
+.SH "LWRES"
+.sp
+.nf
+lwres {
+	listen\-on [ port \fIinteger\fR ] {
+		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+	};
+	view \fIstring\fR \fIoptional_class\fR;
+	search { \fIstring\fR; ... };
+	ndots \fIinteger\fR;
+};
+.fi
+.SH "OPTIONS"
+.sp
+.nf
+options {
+	blackhole { \fIaddress_match_element\fR; ... };
+	coresize \fIsize\fR;
+	datasize \fIsize\fR;
+	directory \fIquoted_string\fR;
+	dump\-file \fIquoted_string\fR;
+	files \fIsize\fR;
+	heartbeat\-interval \fIinteger\fR;
+	host\-statistics \fIboolean\fR; // not implemented
+	host\-statistics\-max \fInumber\fR; // not implemented
+	interface\-interval \fIinteger\fR;
+	listen\-on [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+	listen\-on\-v6 [ port \fIinteger\fR ] { \fIaddress_match_element\fR; ... };
+	match\-mapped\-addresses \fIboolean\fR;
+	memstatistics\-file \fIquoted_string\fR; // not implemented
+	pid\-file \fIquoted_string\fR;
+	port \fIinteger\fR;
+	random\-device \fIquoted_string\fR;
+	recursive\-clients \fIinteger\fR;
+	serial\-query\-rate \fIinteger\fR;
+	stacksize \fIsize\fR;
+	statistics\-file \fIquoted_string\fR;
+	statistics\-interval \fIinteger\fR; // not yet implemented
+	tcp\-clients \fIinteger\fR;
+	tkey\-dhkey \fIquoted_string\fR \fIinteger\fR;
+	tkey\-gssapi\-credential \fIquoted_string\fR;
+	tkey\-domain \fIquoted_string\fR;
+	transfers\-per\-ns \fIinteger\fR;
+	transfers\-in \fIinteger\fR;
+	transfers\-out \fIinteger\fR;
+	use\-ixfr \fIboolean\fR;
+	version \fIquoted_string\fR;
+	allow\-recursion { \fIaddress_match_element\fR; ... };
+	sortlist { \fIaddress_match_element\fR; ... };
+	topology { \fIaddress_match_element\fR; ... }; // not implemented
+	auth\-nxdomain \fIboolean\fR; // default changed
+	minimal\-responses \fIboolean\fR;
+	recursion \fIboolean\fR;
+	rrset\-order {
+		[ class \fIstring\fR ] [ type \fIstring\fR ]
+		[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+	}; // not implemented
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
+	rfc2308\-type1 \fIboolean\fR; // not yet implemented
+	additional\-from\-auth \fIboolean\fR;
+	additional\-from\-cache \fIboolean\fR;
+	query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+	query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+	cleaning\-interval \fIinteger\fR;
+	min\-roots \fIinteger\fR; // not implemented
+	lame\-ttl \fIinteger\fR;
+	max\-ncache\-ttl \fIinteger\fR;
+	max\-cache\-ttl \fIinteger\fR;
+	transfer\-format ( many\-answers | one\-answer );
+	max\-cache\-size \fIsize_no_default\fR;
+	check\-names ( master | slave | response )
+		( fail | warn | ignore ); // not implemented
+	cache\-file \fIquoted_string\fR;
+	root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+	dialup \fIdialuptype\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+	notify \fInotifytype\fR;
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+		[ port \fIinteger\fR ]; ... };
+	allow\-notify { \fIaddress_match_element\fR; ... };
+	forward ( first | only );
+	forwarders [ port \fIinteger\fR ] {
+		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+	};
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	zone\-statistics \fIboolean\fR;
+	allow\-v6\-synthesis { \fIaddress_match_element\fR; ... };
+	deallocate\-on\-exit \fIboolean\fR; // obsolete
+	fake\-iquery \fIboolean\fR; // obsolete
+	fetch\-glue \fIboolean\fR; // obsolete
+	has\-old\-clients \fIboolean\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
+	multiple\-cnames \fIboolean\fR; // obsolete
+	named\-xfer \fIquoted_string\fR; // obsolete
+	serial\-queries \fIinteger\fR; // obsolete
+	treat\-cr\-as\-space \fIboolean\fR; // obsolete
+	use\-id\-pool \fIboolean\fR; // obsolete
+};
+.fi
+.SH "VIEW"
+.sp
+.nf
+view \fIstring\fR \fIoptional_class\fR {
+	match\-clients { \fIaddress_match_element\fR; ... };
+	match\-destinations { \fIaddress_match_element\fR; ... };
+	match\-recursive\-only \fIboolean\fR;
+	key \fIstring\fR {
+		algorithm \fIstring\fR;
+		secret \fIstring\fR;
+	};
+	zone \fIstring\fR \fIoptional_class\fR {
+		...
+	};
+	server ( \fIipv4_address\fR | \fIipv6_address\fR ) {
+		...
+	};
+	trusted\-keys {
+		\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
+	};
+	allow\-recursion { \fIaddress_match_element\fR; ... };
+	sortlist { \fIaddress_match_element\fR; ... };
+	topology { \fIaddress_match_element\fR; ... }; // not implemented
+	auth\-nxdomain \fIboolean\fR; // default changed
+	minimal\-responses \fIboolean\fR;
+	recursion \fIboolean\fR;
+	rrset\-order {
+		[ class \fIstring\fR ] [ type \fIstring\fR ]
+		[ name \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; ...
+	}; // not implemented
+	provide\-ixfr \fIboolean\fR;
+	request\-ixfr \fIboolean\fR;
+	rfc2308\-type1 \fIboolean\fR; // not yet implemented
+	additional\-from\-auth \fIboolean\fR;
+	additional\-from\-cache \fIboolean\fR;
+	query\-source [ address ( \fIipv4_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+	query\-source\-v6 [ address ( \fIipv6_address\fR | * ) ] [ port ( \fIinteger\fR | * ) ];
+	cleaning\-interval \fIinteger\fR;
+	min\-roots \fIinteger\fR; // not implemented
+	lame\-ttl \fIinteger\fR;
+	max\-ncache\-ttl \fIinteger\fR;
+	max\-cache\-ttl \fIinteger\fR;
+	transfer\-format ( many\-answers | one\-answer );
+	max\-cache\-size \fIsize_no_default\fR;
+	check\-names ( master | slave | response )
+		( fail | warn | ignore );
+	cache\-file \fIquoted_string\fR;
+	suppress\-initial\-notify \fIboolean\fR; // not yet implemented
+	root\-delegation\-only [ exclude { \fIquoted_string\fR; ... } ];
+	dialup \fIdialuptype\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+	notify \fInotifytype\fR;
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+		[ port \fIinteger\fR ]; ... };
+	allow\-notify { \fIaddress_match_element\fR; ... };
+	forward ( first | only );
+	forwarders [ port \fIinteger\fR ] {
+		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+	};
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	zone\-statistics \fIboolean\fR;
+	allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
+	fetch\-glue \fIboolean\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
+};
+.fi
+.SH "ZONE"
+.sp
+.nf
+zone \fIstring\fR \fIoptional_class\fR {
+	type ( master | slave | stub | hint |
+		forward | delegation\-only );
+	file \fIquoted_string\fR;
+	masters [ port \fIinteger\fR ] {
+		( \fIipv4_address\fR [port \fIinteger\fR] |
+		\fIipv6_address\fR [ port \fIinteger\fR ] ) [ key \fIstring\fR ]; ...
+	};
+	database \fIstring\fR;
+	delegation\-only \fIboolean\fR;
+	check\-names ( fail | warn | ignore );
+	dialup \fIdialuptype\fR;
+	allow\-query { \fIaddress_match_element\fR; ... };
+	allow\-transfer { \fIaddress_match_element\fR; ... };
+	allow\-update { \fIaddress_match_element\fR; ... };
+	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
+	update\-policy {
+		( grant | deny ) \fIstring\fR
+		( name | subdomain | wildcard | self ) \fIstring\fR
+		\fIrrtypelist\fR; ...
+	};
+	notify \fInotifytype\fR;
+	notify\-source ( \fIipv4_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	notify\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR | * ) ];
+	also\-notify [ port \fIinteger\fR ] { ( \fIipv4_address\fR | \fIipv6_address\fR )
+		[ port \fIinteger\fR ]; ... };
+	allow\-notify { \fIaddress_match_element\fR; ... };
+	forward ( first | only );
+	forwarders [ port \fIinteger\fR ] {
+		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; ...
+	};
+	max\-transfer\-time\-in \fIinteger\fR;
+	max\-transfer\-time\-out \fIinteger\fR;
+	max\-transfer\-idle\-in \fIinteger\fR;
+	max\-transfer\-idle\-out \fIinteger\fR;
+	max\-retry\-time \fIinteger\fR;
+	min\-retry\-time \fIinteger\fR;
+	max\-refresh\-time \fIinteger\fR;
+	min\-refresh\-time \fIinteger\fR;
+	sig\-validity\-interval \fIinteger\fR;
+	transfer\-source ( \fIipv4_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	transfer\-source\-v6 ( \fIipv6_address\fR | * )
+		[ port ( \fIinteger\fR | * ) ];
+	zone\-statistics \fIboolean\fR;
+	ixfr\-base \fIquoted_string\fR; // obsolete
+	ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
+	maintain\-ixfr\-base \fIboolean\fR; // obsolete
+	max\-ixfr\-log\-size \fIsize\fR; // obsolete
+	pubkey \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; // obsolete
+};
+.fi
+.SH "FILES"
+.PP
+\fI/etc/named.conf\fR
+.SH "SEE ALSO"
+.PP
+\fBnamed\fR(8),
+\fBrndc\fR(8),
+\fBBIND 9 Adminstrators Reference Manual\fR().

bin/named/named.conf.docbook

@@ -0,0 +1,473 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: named.conf.docbook,v 1.1.6.6 2006/05/17 00:34:34 marka Exp $ -->
+
+<refentry>
+  <refentryinfo>
+    <date>Aug 13, 2004</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><filename>named.conf</filename></refentrytitle>
+    <manvolnum>5</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+  </docinfo>
+
+  <refnamediv>
+    <refname><filename>named.conf</filename></refname>
+    <refpurpose>configuration file for named</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>named.conf</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para>
+	<filename>named.conf</filename> is the configuration file for
+	<command>named</command>.  Statements are enclosed
+	in braces and terminated with a semi-colon.  Clauses in
+	the statements are also semi-colon terminated.  The usual
+	comment styles are supported:
+    </para>
+    <para>
+	C style: /* */
+    </para>
+    <para>
+	C++ style: // to end of line
+    </para>
+    <para>
+	Unix style: # to end of line
+    </para>
+  </refsect1>
+
+<refsect1>
+<title>ACL</title>
+<literallayout>
+acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
+
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>KEY</title>
+<literallayout>
+key <replaceable>domain_name</replaceable> {
+	algorithm <replaceable>string</replaceable>;
+	secret <replaceable>string</replaceable>;
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>SERVER</title>
+<literallayout>
+server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) {
+	bogus <replaceable>boolean</replaceable>;
+	edns <replaceable>boolean</replaceable>;
+	provide-ixfr <replaceable>boolean</replaceable>;
+	request-ixfr <replaceable>boolean</replaceable>;
+	keys <replaceable>server_key</replaceable>;
+	transfers <replaceable>integer</replaceable>;
+	transfer-format ( many-answers | one-answer );
+	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+	support-ixfr <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>TRUSTED-KEYS</title>
+<literallayout>
+trusted-keys {
+	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ... 
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>CONTROLS</title>
+<literallayout>
+controls {
+	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>
+		allow { <replaceable>address_match_element</replaceable>; ... }
+		<optional> keys { <replaceable>string</replaceable>; ... } </optional>;
+	unix <replaceable>unsupported</replaceable>; // not implemented
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>LOGGING</title>
+<literallayout>
+logging {
+	channel <replaceable>string</replaceable> {
+		file <replaceable>log_file</replaceable>;
+		syslog <replaceable>optional_facility</replaceable>;
+		null;
+		stderr;
+		severity <replaceable>log_severity</replaceable>;
+		print-time <replaceable>boolean</replaceable>;
+		print-severity <replaceable>boolean</replaceable>;
+		print-category <replaceable>boolean</replaceable>;
+	};
+	category <replaceable>string</replaceable> { <replaceable>string</replaceable>; ... };
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>LWRES</title>
+<literallayout>
+lwres {
+	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
+		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+	};
+	view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>;
+	search { <replaceable>string</replaceable>; ... };
+	ndots <replaceable>integer</replaceable>;
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>OPTIONS</title>
+<literallayout>
+options {
+	blackhole { <replaceable>address_match_element</replaceable>; ... };
+	coresize <replaceable>size</replaceable>;
+	datasize <replaceable>size</replaceable>;
+	directory <replaceable>quoted_string</replaceable>;
+	dump-file <replaceable>quoted_string</replaceable>;
+	files <replaceable>size</replaceable>;
+	heartbeat-interval <replaceable>integer</replaceable>;
+	host-statistics <replaceable>boolean</replaceable>; // not implemented
+	host-statistics-max <replaceable>number</replaceable>; // not implemented
+	interface-interval <replaceable>integer</replaceable>;
+	listen-on <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+	listen-on-v6 <optional> port <replaceable>integer</replaceable> </optional> { <replaceable>address_match_element</replaceable>; ... };
+	match-mapped-addresses <replaceable>boolean</replaceable>;
+	memstatistics-file <replaceable>quoted_string</replaceable>; // not implemented
+	pid-file <replaceable>quoted_string</replaceable>;
+	port <replaceable>integer</replaceable>;
+	random-device <replaceable>quoted_string</replaceable>;
+	recursive-clients <replaceable>integer</replaceable>;
+	serial-query-rate <replaceable>integer</replaceable>;
+	stacksize <replaceable>size</replaceable>;
+	statistics-file <replaceable>quoted_string</replaceable>;
+	statistics-interval <replaceable>integer</replaceable>; // not yet implemented
+	tcp-clients <replaceable>integer</replaceable>;
+	tkey-dhkey <replaceable>quoted_string</replaceable> <replaceable>integer</replaceable>;
+	tkey-gssapi-credential <replaceable>quoted_string</replaceable>;
+	tkey-domain <replaceable>quoted_string</replaceable>;
+	transfers-per-ns <replaceable>integer</replaceable>;
+	transfers-in <replaceable>integer</replaceable>;
+	transfers-out <replaceable>integer</replaceable>;
+	use-ixfr <replaceable>boolean</replaceable>;
+	version <replaceable>quoted_string</replaceable>;
+	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+	sortlist { <replaceable>address_match_element</replaceable>; ... };
+	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+	minimal-responses <replaceable>boolean</replaceable>;
+	recursion <replaceable>boolean</replaceable>;
+	rrset-order {
+		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+	}; // not implemented
+	provide-ixfr <replaceable>boolean</replaceable>;
+	request-ixfr <replaceable>boolean</replaceable>;
+	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+	additional-from-auth <replaceable>boolean</replaceable>;
+	additional-from-cache <replaceable>boolean</replaceable>;
+	query-source <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	query-source-v6 <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	cleaning-interval <replaceable>integer</replaceable>;
+	min-roots <replaceable>integer</replaceable>; // not implemented
+	lame-ttl <replaceable>integer</replaceable>;
+	max-ncache-ttl <replaceable>integer</replaceable>;
+	max-cache-ttl <replaceable>integer</replaceable>;
+	transfer-format ( many-answers | one-answer );
+	max-cache-size <replaceable>size_no_default</replaceable>;
+	check-names ( master | slave | response )
+		( fail | warn | ignore ); // not implemented
+	cache-file <replaceable>quoted_string</replaceable>;
+	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+
+	dialup <replaceable>dialuptype</replaceable>;
+
+	allow-query { <replaceable>address_match_element</replaceable>; ... };
+	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+
+	notify <replaceable>notifytype</replaceable>;
+	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+		<optional> port <replaceable>integer</replaceable> </optional>; ... };
+	allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+	forward ( first | only );
+	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+	};
+
+	max-transfer-time-in <replaceable>integer</replaceable>;
+	max-transfer-time-out <replaceable>integer</replaceable>;
+	max-transfer-idle-in <replaceable>integer</replaceable>;
+	max-transfer-idle-out <replaceable>integer</replaceable>;
+	max-retry-time <replaceable>integer</replaceable>;
+	min-retry-time <replaceable>integer</replaceable>;
+	max-refresh-time <replaceable>integer</replaceable>;
+	min-refresh-time <replaceable>integer</replaceable>;
+	sig-validity-interval <replaceable>integer</replaceable>;
+
+	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+	zone-statistics <replaceable>boolean</replaceable>;
+
+	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... };
+	deallocate-on-exit <replaceable>boolean</replaceable>; // obsolete
+	fake-iquery <replaceable>boolean</replaceable>; // obsolete
+	fetch-glue <replaceable>boolean</replaceable>; // obsolete
+	has-old-clients <replaceable>boolean</replaceable>; // obsolete
+	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+	multiple-cnames <replaceable>boolean</replaceable>; // obsolete
+	named-xfer <replaceable>quoted_string</replaceable>; // obsolete
+	serial-queries <replaceable>integer</replaceable>; // obsolete
+	treat-cr-as-space <replaceable>boolean</replaceable>; // obsolete
+	use-id-pool <replaceable>boolean</replaceable>; // obsolete
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>VIEW</title>
+<literallayout>
+view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+	match-clients { <replaceable>address_match_element</replaceable>; ... };
+	match-destinations { <replaceable>address_match_element</replaceable>; ... };
+	match-recursive-only <replaceable>boolean</replaceable>;
+
+	key <replaceable>string</replaceable> {
+		algorithm <replaceable>string</replaceable>;
+		secret <replaceable>string</replaceable>;
+	};
+
+	zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+		...
+	};
+
+	server ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) {
+		...
+	};
+
+	trusted-keys {
+		<replaceable>string</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; ...
+	};
+
+	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
+	sortlist { <replaceable>address_match_element</replaceable>; ... };
+	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
+	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
+	minimal-responses <replaceable>boolean</replaceable>;
+	recursion <replaceable>boolean</replaceable>;
+	rrset-order {
+		<optional> class <replaceable>string</replaceable> </optional> <optional> type <replaceable>string</replaceable> </optional>
+		<optional> name <replaceable>quoted_string</replaceable> </optional> <replaceable>string</replaceable> <replaceable>string</replaceable>; ...
+	}; // not implemented
+	provide-ixfr <replaceable>boolean</replaceable>;
+	request-ixfr <replaceable>boolean</replaceable>;
+	rfc2308-type1 <replaceable>boolean</replaceable>; // not yet implemented
+	additional-from-auth <replaceable>boolean</replaceable>;
+	additional-from-cache <replaceable>boolean</replaceable>;
+	query-source <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	query-source-v6 <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	cleaning-interval <replaceable>integer</replaceable>;
+	min-roots <replaceable>integer</replaceable>; // not implemented
+	lame-ttl <replaceable>integer</replaceable>;
+	max-ncache-ttl <replaceable>integer</replaceable>;
+	max-cache-ttl <replaceable>integer</replaceable>;
+	transfer-format ( many-answers | one-answer );
+	max-cache-size <replaceable>size_no_default</replaceable>;
+	check-names ( master | slave | response )
+		( fail | warn | ignore );
+	cache-file <replaceable>quoted_string</replaceable>;
+	suppress-initial-notify <replaceable>boolean</replaceable>; // not yet implemented
+	root-delegation-only <optional> exclude { <replaceable>quoted_string</replaceable>; ... } </optional>;
+
+	dialup <replaceable>dialuptype</replaceable>;
+
+	allow-query { <replaceable>address_match_element</replaceable>; ... };
+	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+
+	notify <replaceable>notifytype</replaceable>;
+	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+		<optional> port <replaceable>integer</replaceable> </optional>; ... };
+	allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+	forward ( first | only );
+	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+	};
+
+	max-transfer-time-in <replaceable>integer</replaceable>;
+	max-transfer-time-out <replaceable>integer</replaceable>;
+	max-transfer-idle-in <replaceable>integer</replaceable>;
+	max-transfer-idle-out <replaceable>integer</replaceable>;
+	max-retry-time <replaceable>integer</replaceable>;
+	min-retry-time <replaceable>integer</replaceable>;
+	max-refresh-time <replaceable>integer</replaceable>;
+	min-refresh-time <replaceable>integer</replaceable>;
+	sig-validity-interval <replaceable>integer</replaceable>;
+
+	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+	zone-statistics <replaceable>boolean</replaceable>;
+
+	allow-v6-synthesis { <replaceable>address_match_element</replaceable>; ... }; // obsolete
+	fetch-glue <replaceable>boolean</replaceable>; // obsolete
+	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>ZONE</title>
+<literallayout>
+zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
+	type ( master | slave | stub | hint |
+		forward | delegation-only );
+	file <replaceable>quoted_string</replaceable>;
+
+	masters <optional> port <replaceable>integer</replaceable> </optional> {
+		( <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
+		<replaceable>ipv6_address</replaceable> <optional> port <replaceable>integer</replaceable> </optional> ) <optional> key <replaceable>string</replaceable> </optional>; ...
+	};
+
+	database <replaceable>string</replaceable>;
+	delegation-only <replaceable>boolean</replaceable>;
+	check-names ( fail | warn | ignore );
+	dialup <replaceable>dialuptype</replaceable>;
+
+	allow-query { <replaceable>address_match_element</replaceable>; ... };
+	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
+	allow-update { <replaceable>address_match_element</replaceable>; ... };
+	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
+	update-policy {
+		( grant | deny ) <replaceable>string</replaceable>
+		( name | subdomain | wildcard | self ) <replaceable>string</replaceable>
+		<replaceable>rrtypelist</replaceable>; ...
+	};
+
+	notify <replaceable>notifytype</replaceable>;
+	notify-source ( <replaceable>ipv4_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	notify-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	also-notify <optional> port <replaceable>integer</replaceable> </optional> { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> )
+		<optional> port <replaceable>integer</replaceable> </optional>; ... };
+	allow-notify { <replaceable>address_match_element</replaceable>; ... };
+
+	forward ( first | only );
+	forwarders <optional> port <replaceable>integer</replaceable> </optional> {
+		( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) <optional> port <replaceable>integer</replaceable> </optional>; ...
+	};
+
+	max-transfer-time-in <replaceable>integer</replaceable>;
+	max-transfer-time-out <replaceable>integer</replaceable>;
+	max-transfer-idle-in <replaceable>integer</replaceable>;
+	max-transfer-idle-out <replaceable>integer</replaceable>;
+	max-retry-time <replaceable>integer</replaceable>;
+	min-retry-time <replaceable>integer</replaceable>;
+	max-refresh-time <replaceable>integer</replaceable>;
+	min-refresh-time <replaceable>integer</replaceable>;
+	sig-validity-interval <replaceable>integer</replaceable>;
+
+	transfer-source ( <replaceable>ipv4_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+	transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * )
+		<optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
+
+	zone-statistics <replaceable>boolean</replaceable>;
+
+	ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
+	ixfr-tmp-file <replaceable>quoted_string</replaceable>; // obsolete
+	maintain-ixfr-base <replaceable>boolean</replaceable>; // obsolete
+	max-ixfr-log-size <replaceable>size</replaceable>; // obsolete
+	pubkey <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>integer</replaceable> <replaceable>quoted_string</replaceable>; // obsolete
+};
+</literallayout>
+</refsect1>
+
+<refsect1>
+<title>FILES</title>
+<para>
+<filename>/etc/named.conf</filename>
+</para>
+</refsect1>
+
+<refsect1>
+<title>SEE ALSO</title>
+<para>
+<citerefentry>
+<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
+</citerefentry>,
+<citerefentry>
+<refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
+</citerefentry>,
+<citerefentry>
+<refentrytitle>BIND 9 Adminstrators Reference Manual</refentrytitle>
+</citerefentry>.
+</para>
+</refsect1>
+
+</refentry>
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->

bin/named/named.conf.html

@@ -0,0 +1,430 @@
+<!--
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: named.conf.html,v 1.1.6.13 2006/05/17 02:37:45 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>named.conf</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2462968"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524457"></a><h2>DESCRIPTION</h2>
+<p>
+	<code class="filename">named.conf</code> is the configuration file for
+	<span><strong class="command">named</strong></span>.  Statements are enclosed
+	in braces and terminated with a semi-colon.  Clauses in
+	the statements are also semi-colon terminated.  The usual
+	comment styles are supported:
+    </p>
+<p>
+	C style: /* */
+    </p>
+<p>
+	C++ style: // to end of line
+    </p>
+<p>
+	Unix style: # to end of line
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2524486"></a><h2>ACL</h2>
+<div class="literallayout"><p><br>
+acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525185"></a><h2>KEY</h2>
+<div class="literallayout"><p><br>
+key <em class="replaceable"><code>domain_name</code></em> {<br>
+	algorithm <em class="replaceable"><code>string</code></em>;<br>
+	secret <em class="replaceable"><code>string</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525204"></a><h2>SERVER</h2>
+<div class="literallayout"><p><br>
+server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
+	bogus <em class="replaceable"><code>boolean</code></em>;<br>
+	edns <em class="replaceable"><code>boolean</code></em>;<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	keys <em class="replaceable"><code>server_key</code></em>;<br>
+	transfers <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	support-ixfr <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525261"></a><h2>TRUSTED-KEYS</h2>
+<div class="literallayout"><p><br>
+trusted-keys {<br>
+	<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525287"></a><h2>CONTROLS</h2>
+<div class="literallayout"><p><br>
+controls {<br>
+	inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>]<br>
+		allow { <em class="replaceable"><code>address_match_element</code></em>; ... }<br>
+		[<span class="optional"> keys { <em class="replaceable"><code>string</code></em>; ... } </span>];<br>
+	unix <em class="replaceable"><code>unsupported</code></em>; // not implemented<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525322"></a><h2>LOGGING</h2>
+<div class="literallayout"><p><br>
+logging {<br>
+	channel <em class="replaceable"><code>string</code></em> {<br>
+		file <em class="replaceable"><code>log_file</code></em>;<br>
+		syslog <em class="replaceable"><code>optional_facility</code></em>;<br>
+		null;<br>
+		stderr;<br>
+		severity <em class="replaceable"><code>log_severity</code></em>;<br>
+		print-time <em class="replaceable"><code>boolean</code></em>;<br>
+		print-severity <em class="replaceable"><code>boolean</code></em>;<br>
+		print-category <em class="replaceable"><code>boolean</code></em>;<br>
+	};<br>
+	category <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>; ... };<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525361"></a><h2>LWRES</h2>
+<div class="literallayout"><p><br>
+lwres {<br>
+	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+	};<br>
+	view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em>;<br>
+	search { <em class="replaceable"><code>string</code></em>; ... };<br>
+	ndots <em class="replaceable"><code>integer</code></em>;<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525402"></a><h2>OPTIONS</h2>
+<div class="literallayout"><p><br>
+options {<br>
+	blackhole { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	coresize <em class="replaceable"><code>size</code></em>;<br>
+	datasize <em class="replaceable"><code>size</code></em>;<br>
+	directory <em class="replaceable"><code>quoted_string</code></em>;<br>
+	dump-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	files <em class="replaceable"><code>size</code></em>;<br>
+	heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
+	host-statistics <em class="replaceable"><code>boolean</code></em>; // not implemented<br>
+	host-statistics-max <em class="replaceable"><code>number</code></em>; // not implemented<br>
+	interface-interval <em class="replaceable"><code>integer</code></em>;<br>
+	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	listen-on-v6 [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
+	memstatistics-file <em class="replaceable"><code>quoted_string</code></em>; // not implemented<br>
+	pid-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	port <em class="replaceable"><code>integer</code></em>;<br>
+	random-device <em class="replaceable"><code>quoted_string</code></em>;<br>
+	recursive-clients <em class="replaceable"><code>integer</code></em>;<br>
+	serial-query-rate <em class="replaceable"><code>integer</code></em>;<br>
+	stacksize <em class="replaceable"><code>size</code></em>;<br>
+	statistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	statistics-interval <em class="replaceable"><code>integer</code></em>; // not yet implemented<br>
+	tcp-clients <em class="replaceable"><code>integer</code></em>;<br>
+	tkey-dhkey <em class="replaceable"><code>quoted_string</code></em> <em class="replaceable"><code>integer</code></em>;<br>
+	tkey-gssapi-credential <em class="replaceable"><code>quoted_string</code></em>;<br>
+	tkey-domain <em class="replaceable"><code>quoted_string</code></em>;<br>
+	transfers-per-ns <em class="replaceable"><code>integer</code></em>;<br>
+	transfers-in <em class="replaceable"><code>integer</code></em>;<br>
+	transfers-out <em class="replaceable"><code>integer</code></em>;<br>
+	use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	version <em class="replaceable"><code>quoted_string</code></em>;<br>
+	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+	recursion <em class="replaceable"><code>boolean</code></em>;<br>
+	rrset-order {<br>
+		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+	}; // not implemented<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+	query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	check-names ( master | slave | response )<br>
+		( fail | warn | ignore ); // not implemented<br>
+	cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+	};<br>
+<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	deallocate-on-exit <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	fake-iquery <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	has-old-clients <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+	multiple-cnames <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	named-xfer <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	serial-queries <em class="replaceable"><code>integer</code></em>; // obsolete<br>
+	treat-cr-as-space <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	use-id-pool <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2525824"></a><h2>VIEW</h2>
+<div class="literallayout"><p><br>
+view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+	match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	key <em class="replaceable"><code>string</code></em> {<br>
+		algorithm <em class="replaceable"><code>string</code></em>;<br>
+		secret <em class="replaceable"><code>string</code></em>;<br>
+	};<br>
+<br>
+	zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+		...<br>
+	};<br>
+<br>
+	server ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) {<br>
+		...<br>
+	};<br>
+<br>
+	trusted-keys {<br>
+		<em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; ...<br>
+	};<br>
+<br>
+	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
+	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
+	minimal-responses <em class="replaceable"><code>boolean</code></em>;<br>
+	recursion <em class="replaceable"><code>boolean</code></em>;<br>
+	rrset-order {<br>
+		[<span class="optional"> class <em class="replaceable"><code>string</code></em> </span>] [<span class="optional"> type <em class="replaceable"><code>string</code></em> </span>]<br>
+		[<span class="optional"> name <em class="replaceable"><code>quoted_string</code></em> </span>] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ...<br>
+	}; // not implemented<br>
+	provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
+	rfc2308-type1 <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	additional-from-auth <em class="replaceable"><code>boolean</code></em>;<br>
+	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
+	query-source [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	query-source-v6 [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
+	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
+	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
+	transfer-format ( many-answers | one-answer );<br>
+	max-cache-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	check-names ( master | slave | response )<br>
+		( fail | warn | ignore );<br>
+	cache-file <em class="replaceable"><code>quoted_string</code></em>;<br>
+	suppress-initial-notify <em class="replaceable"><code>boolean</code></em>; // not yet implemented<br>
+	root-delegation-only [<span class="optional"> exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } </span>];<br>
+<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+	};<br>
+<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	allow-v6-synthesis { <em class="replaceable"><code>address_match_element</code></em>; ... }; // obsolete<br>
+	fetch-glue <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526296"></a><h2>ZONE</h2>
+<div class="literallayout"><p><br>
+zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
+	type ( master | slave | stub | hint |<br>
+		forward | delegation-only );<br>
+	file <em class="replaceable"><code>quoted_string</code></em>;<br>
+<br>
+	masters [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
+		<em class="replaceable"><code>ipv6_address</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] ) [<span class="optional"> key <em class="replaceable"><code>string</code></em> </span>]; ...<br>
+	};<br>
+<br>
+	database <em class="replaceable"><code>string</code></em>;<br>
+	delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
+	check-names ( fail | warn | ignore );<br>
+	dialup <em class="replaceable"><code>dialuptype</code></em>;<br>
+<br>
+	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+	update-policy {<br>
+		( grant | deny ) <em class="replaceable"><code>string</code></em><br>
+		( name | subdomain | wildcard | self ) <em class="replaceable"><code>string</code></em><br>
+		<em class="replaceable"><code>rrtypelist</code></em>; ...<br>
+	};<br>
+<br>
+	notify <em class="replaceable"><code>notifytype</code></em>;<br>
+	notify-source ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	notify-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	also-notify [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> )<br>
+		[<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ... };<br>
+	allow-notify { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
+<br>
+	forward ( first | only );<br>
+	forwarders [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
+		( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>]; ...<br>
+	};<br>
+<br>
+	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
+	max-transfer-idle-out <em class="replaceable"><code>integer</code></em>;<br>
+	max-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
+	max-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
+	sig-validity-interval <em class="replaceable"><code>integer</code></em>;<br>
+<br>
+	transfer-source ( <em class="replaceable"><code>ipv4_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+	transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
+		[<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
+<br>
+	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
+<br>
+	ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	ixfr-tmp-file <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+	maintain-ixfr-base <em class="replaceable"><code>boolean</code></em>; // obsolete<br>
+	max-ixfr-log-size <em class="replaceable"><code>size</code></em>; // obsolete<br>
+	pubkey <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
+};<br>
+</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526528"></a><h2>FILES</h2>
+<p>
+<code class="filename">/etc/named.conf</code>
+</p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2526540"></a><h2>SEE ALSO</h2>
+<p>
+<span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+<span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
+<span class="citerefentry"><span class="refentrytitle">BIND 9 Adminstrators Reference Manual</span></span>.
+</p>
+</div>
+</div></body>
+</html>

bin/named/named.docbook

@@ -1,6 +1,8 @@
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.docbook,v 1.5.2.2 2004/06/03 02:25:52 marka Exp $ -->
+<!-- $Id: named.docbook,v 1.5.2.6 2006/01/17 23:49:29 marka Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -29,6 +31,20 @@
     <refmiscinfo>BIND9</refmiscinfo>
   </refmeta>
 
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
   <refnamediv>
     <refname><application>named</application></refname>
     <refpurpose>Internet domain name server</refpurpose>
@@ -326,6 +342,10 @@
 	  <refentrytitle>lwresd</refentrytitle>
 	  <manvolnum>8</manvolnum>
         </citerefentry>,
+	<citerefentry>
+	  <refentrytitle>named.conf</refentrytitle>
+	  <manvolnum>5</manvolnum>
+	</citerefentry>,
 	<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>
   </refsect1>