2305. [security] inet_network() buffer overflow. CVE-2008-0122.

record returned to caller when a cache update is
                        rejected due to a more credible answer existing.
                        [RT #17017]

.cvsignore

@@ -6,4 +6,3 @@ config.status
 libtool
 isc-config.sh
 configure.lineno
-autom4te.cache

COPYRIGHT

@@ -1,7 +1,7 @@
-Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
-Permission to use, copy, modify, and distribute this software for any
+Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.6.2.2.8.3 2005/01/10 23:51:37 marka Exp $
+$Id: COPYRIGHT,v 1.6.2.8 2007/08/28 07:18:12 tbox Exp $
 
 Portions Copyright (C) 1996-2001  Nominum, Inc.
 

EXCLUDED

@@ -160,3 +160,26 @@
 			Use --enable-getifaddrs=glibc to force the use of
 			this version under linux machines.
 
+1502.   [bug]           nsupdate: adjust timeouts for UPDATE requests over TCP.
+
+1517.   [port]          Support for IPv6 interface scanning on HP/UX and
+                        TrueUNIX 5.1.
+
+1519.   [bug]           dnssec-signzone:nsec_setbit() computed the wrong
+                        length of the new bitmap.
+
+1521.   [bug]           dns_view_createresolver() failed to check the
+                        result from isc_mem_create(). [RT# 9294]
+
+1548.   [bug]           When parsing APL records it was possible to silently
+                        accept out of range ADDRESSFAMILY values. [RT# 9979]
+
+1554.   [bug]           dig, host, nslookup failed when no nameservers
+                        were specified in /etc/resolv.conf. [RT #8232]
+
+1560.   [port]          FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
+                        and EAI_NONAME to the same value.
+
+1565.   [bug]           CD flag should be copied to outgoing queries unless
+                        the query is under a secure entry point in which case
+                        CD should be set.

FAQ

@@ -1,29 +1,43 @@
 Frequently Asked Questions about BIND 9
 
+Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+
+Copyright © 2000-2003 Internet Software Consortium.
+
 -------------------------------------------------------------------------------
 
 Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
 
-A: Linux threads do not fully implement the Posix threads (pthreads) standard.
-   In particular, setuid() operates only on the current thread, not the full
-   process. Because of this limitation, BIND 9 cannot use setuid() on Linux as
-   it can on all other supported platforms. setuid() cannot be called before
-   creating threads, since the server does not start listening on reserved
-   ports until after threads have started.
+A: Linux threads do not fully implement the Posix threads (pthreads) standard. In
+   particular, setuid() operates only on the current thread, not the full process.
+   Because of this limitation, BIND 9 cannot use setuid() on Linux as it can on
+   all other supported platforms. setuid() cannot be called before creating
+   threads, since the server does not start listening on reserved ports until
+   after threads have started.
 
    In the 2.2.18 or 2.3.99-pre3 and newer kernels, the ability to preserve
    capabilities across a setuid() call is present. This allows BIND 9 to call
-   setuid() early, while retaining the ability to bind reserved ports. This is
-   a Linux-specific hack.
+   setuid() early, while retaining the ability to bind reserved ports. This is a
+   Linux-specific hack.
 
-   On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less
-   of a security risk than a root process that has not dropped privileges.
+   On a 2.2 kernel, BIND 9 does drop many root privileges, so it should be less of
+   a security risk than a root process that has not dropped privileges.
 
    If Linux threads ever work correctly, this restriction will go away.
 
    Configuring BIND9 with the --disable-threads option (the default) causes a
    non-threaded version to be built, which will allow -u to be used.
 
+Q: Why do I get the following errors:
+
+   general: errno2result.c:109: unexpected error:
+   general: unable to convert errno to isc_result: 14: Bad address
+   client: UDP client handler shutting down due to fatal receive error: unexpected error
+
+A: This is the result of a Linux kernel bug.
+
+   See: http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=2
+
 Q: Why does named log the warning message "no TTL specified - using SOA MINTTL
    instead"?
 
@@ -40,44 +54,47 @@ A: Your zone file is illegal according to RFC1035. It must either have a line
 Q: Why do I see 5 (or more) copies of named on Linux?
 
 A: Linux threads each show up as a process under ps. The approximate number of
-   threads running is n+4, where n is the number of CPUs. Note that the amount
-   of memory used is not cumulative; if each process is using 10M of memory,
-   only a total of 10M is used.
+   threads running is n+4, where n is the number of CPUs. Note that the amount of
+   memory used is not cumulative; if each process is using 10M of memory, only a
+   total of 10M is used.
+
+   Newer versions of Linux's ps command hide the individual threads and require -L
+   to display them.
 
 Q: Why does BIND 9 log "permission denied" errors accessing its configuration
    files or zones on my Linux system even though it is running as root?
 
-A: On Linux, BIND 9 drops most of its root privileges on startup. This
-   including the privilege to open files owned by other users. Therefore, if
-   the server is running as root, the configuration files and zone files should
-   also be owned by root.
+A: On Linux, BIND 9 drops most of its root privileges on startup. This including
+   the privilege to open files owned by other users. Therefore, if the server is
+   running as root, the configuration files and zone files should also be owned by
+   root.
 
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file
-   bar: ran out of space"?
+Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar:
+   ran out of space"?
 
-A: This is often caused by TXT records with missing close quotes. Check that
-   all TXT records containing quoted strings have both open and close quotes.
+A: This is often caused by TXT records with missing close quotes. Check that all
+   TXT records containing quoted strings have both open and close quotes.
 
-Q: How do I produce a usable core file from a multithreaded named on Linux?
+Q: How do I produce a usable core file from a multi-threaded named on Linux?
 
-A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
+A: If the Linux kernel is 2.4.7 or newer, multi-threaded core dumps are usable
    (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
    apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
-   kernel. This patch will cause multithreaded programs to dump the correct
+   kernel. This patch will cause multi-threaded programs to dump the correct
    thread.
 
 Q: How do I restrict people from looking up the server version?
 
-A: Put a "version" option containing something other than the real version in
-   the "options" section of named.conf. Note doing this will not prevent
-   attacks and may impede people trying to diagnose problems with your server.
-   Also it is possible to "fingerprint" nameservers to determine their version.
+A: Put a "version" option containing something other than the real version in the
+   "options" section of named.conf. Note doing this will not prevent attacks and
+   may impede people trying to diagnose problems with your server. Also it is
+   possible to "fingerprint" nameservers to determine their version.
 
 Q: How do I restrict only remote users from looking up the server version?
 
-A: The following view statement will intercept lookups as the internal view
-   that holds the version information will be matched last. The caveats of the
-   previous answer still apply, of course.
+A: The following view statement will intercept lookups as the internal view that
+   holds the version information will be matched last. The caveats of the previous
+   answer still apply, of course.
 
    view "chaos" chaos {
            match-clients { <those to be refused>; };
@@ -91,48 +108,45 @@ A: The following view statement will intercept lookups as the internal view
 Q: What do "no source of entropy found" or "could not open entropy source foo"
    mean?
 
-A: The server requires a source of entropy to perform certain operations,
-   mostly DNSSEC related. These messages indicate that you have no source of
-   entropy. On systems with /dev/random or an equivalent, it is used by
-   default. A source of entropy can also be defined using the random-device
-   option in named.conf.
+A: The server requires a source of entropy to perform certain operations, mostly
+   DNSSEC related. These messages indicate that you have no source of entropy. On
+   systems with /dev/random or an equivalent, it is used by default. A source of
+   entropy can also be defined using the random-device option in named.conf.
 
 Q: I installed BIND 9 and restarted named, but it's still BIND 8. Why?
 
 A: BIND 9 is installed under /usr/local by default. BIND 8 is often installed
    under /usr. Check that the correct named is running.
 
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers.
-   I'm sure I have the keys set up correctly, but the server is rejecting the
-   TSIG. Why?
+Q: I'm trying to use TSIG to authenticate dynamic updates or zone transfers. I'm
+   sure I have the keys set up correctly, but the server is rejecting the TSIG.
+   Why?
 
-A: This may be a clock skew problem. Check that the the clocks on the client
-   and server are properly synchronised (e.g., using ntp).
+A: This may be a clock skew problem. Check that the the clocks on the client and
+   server are properly synchronised (e.g., using ntp).
 
 Q: I'm trying to compile BIND 9, and "make" is failing due to files not being
    found. Why?
 
 A: Using a parallel or distributed "make" to build BIND 9 is not supported, and
-   doesn't work. If you are using one of these, use normal make or gmake
-   instead.
+   doesn't work. If you are using one of these, use normal make or gmake instead.
 
-Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging
-   error messages like "notify to 10.0.0.1#53 failed: unexpected end of input".
-   What's wrong?
+Q: I have a BIND 9 master and a BIND 8.2.3 slave, and the master is logging error
+   messages like "notify to 10.0.0.1#53 failed: unexpected end of input". What's
+   wrong?
 
-A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in
-   BIND 8.2.4. It can be safely ignored - the notify has been acted on by the
-   slave despite the error message.
+A: This error message is caused by a known bug in BIND 8.2.3 and is fixed in BIND
+   8.2.4. It can be safely ignored - the notify has been acted on by the slave
+   despite the error message.
 
 Q: I keep getting log messages like the following. Why?
 
    Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN': update
-   failed: 'RRset exists (value dependent)' prerequisite not satisfied
-   (NXRRSET)
+   failed: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
 
-A: DNS updates allow the update request to test to see if certain conditions
-   are met prior to proceeding with the update. The message above is saying
-   that conditions were not met and the update is not proceeding. See doc/rfc/
+A: DNS updates allow the update request to test to see if certain conditions are
+   met prior to proceeding with the update. The message above is saying that
+   conditions were not met and the update is not proceeding. See doc/rfc/
    rfc2136.txt for more details on prerequisites.
 
 Q: I keep getting log messages like the following. Why?
@@ -140,11 +154,11 @@ Q: I keep getting log messages like the following. Why?
    Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
 
 A: Someone is trying to update your DNS data using the RFC2136 Dynamic Update
-   protocol. Windows 2000 machines have a habit of sending dynamic update
-   requests to DNS servers without being specifically configured to do so. If
-   the update requests are coming from a Windows 2000 machine, see http://
-   support.microsoft.com/support/kb/articles/q246/8/04.asp for information
-   about how to turn them off.
+   protocol. Windows 2000 machines have a habit of sending dynamic update requests
+   to DNS servers without being specifically configured to do so. If the update
+   requests are coming from a Windows 2000 machine, see http://
+   support.microsoft.com/support/kb/articles/q246/8/04.asp for information about
+   how to turn them off.
 
 Q: I see a log message like the following. Why?
 
@@ -152,59 +166,59 @@ Q: I see a log message like the following. Why?
 
 A: You are most likely running named as a non-root user, and that user does not
    have permission to write in /var/run. The common ways of fixing this are to
-   create a /var/run/named directory owned by the named user and set pid-file
-   to "/var/run/named/named.pid", or set pid-file to "named.pid", which will
-   put the file in the directory specified by the directory option (which, in
-   this case, must be writable by the named user).
+   create a /var/run/named directory owned by the named user and set pid-file to "
+   /var/run/named/named.pid", or set pid-file to "named.pid", which will put the
+   file in the directory specified by the directory option (which, in this case,
+   must be writable by the named user).
 
-Q: When I do a "dig . ns", many of the A records for the root servers are
-   missing. Why?
+Q: When I do a "dig . ns", many of the A records for the root servers are missing.
+   Why?
 
-A: This is normal and harmless. It is a somewhat confusing side effect of the
-   way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to
-   avoid promoting glue into answers.
+A: This is normal and harmless. It is a somewhat confusing side effect of the way
+   BIND 9 does RFC2181 trust ranking and of the efforts BIND 9 makes to avoid
+   promoting glue into answers.
 
-   When BIND 9 first starts up and primes its cache, it receives the root
-   server addresses as additional data in an authoritative response from a root
-   server, and these records are eligible for inclusion as additional data in
-   responses. Subsequently it receives a subset of the root server addresses as
-   additional data in a non-authoritative (referral) response from a root
-   server. This causes the addresses to now be considered non-authoritative
-   (glue) data, which is not eligible for inclusion in responses.
+   When BIND 9 first starts up and primes its cache, it receives the root server
+   addresses as additional data in an authoritative response from a root server,
+   and these records are eligible for inclusion as additional data in responses.
+   Subsequently it receives a subset of the root server addresses as additional
+   data in a non-authoritative (referral) response from a root server. This causes
+   the addresses to now be considered non-authoritative (glue) data, which is not
+   eligible for inclusion in responses.
 
    The server does have a complete set of root server addresses cached at all
    times, it just may not include all of them as additional data, depending on
-   whether they were last received as answers or as glue. You can always look
-   up the addresses with explicit queries like "dig a.root-servers.net A".
+   whether they were last received as answers or as glue. You can always look up
+   the addresses with explicit queries like "dig a.root-servers.net A".
 
 Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail. Why?
 
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS
-   messages larger than 16K are not handled properly. This can be worked around
-   by setting the option "transfer-format one-answer;". Also check whether your
-   zone contains domain names with embedded spaces or other special characters,
-   like "John\032Doe\213s\032Computer", since such names have been known to
-   cause Windows 2000 slaves to incorrectly reject the zone.
+A: This may be caused by a bug in the Windows 2000 DNS server where DNS messages
+   larger than 16K are not handled properly. This can be worked around by setting
+   the option "transfer-format one-answer;". Also check whether your zone contains
+   domain names with embedded spaces or other special characters, like "John\
+   032Doe\213s\032Computer", since such names have been known to cause Windows
+   2000 slaves to incorrectly reject the zone.
 
 Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
 
-A: A zone can be updated either by editing zone files and reloading the server
-   or by dynamic update, but not both. If you have enabled dynamic update for a
-   zone using the "allow-update" option, you are not supposed to edit the zone
-   file by hand, and the server will not attempt to reload it.
+A: A zone can be updated either by editing zone files and reloading the server or
+   by dynamic update, but not both. If you have enabled dynamic update for a zone
+   using the "allow-update" option, you are not supposed to edit the zone file by
+   hand, and the server will not attempt to reload it.
 
 Q: I can query the nameserver from the nameserver but not from other machines.
    Why?
 
-A: This is usually the result of the firewall configuration stopping the
-   queries and / or the replies.
+A: This is usually the result of the firewall configuration stopping the queries
+   and / or the replies.
 
 Q: How can I make a server a slave for both an internal and an external view at
-   the same time? When I tried, both views on the slave were transferred from
-   the same view on the master.
+   the same time? When I tried, both views on the slave were transferred from the
+   same view on the master.
 
-A: You will need to give the master and slave multiple IP addresses and use
-   those to make sure you reach the correct view on the other machine.
+A: You will need to give the master and slave multiple IP addresses and use those
+   to make sure you reach the correct view on the other machine.
 
    Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
        internal:
@@ -232,8 +246,8 @@ A: You will need to give the master and slave multiple IP addresses and use
            transfer-source 10.0.1.4;
            query-source address 10.0.1.4;
 
-   You put the external address on the alias so that all the other dns clients
-   on these boxes see the internal view by default.
+   You put the external address on the alias so that all the other dns clients on
+   these boxes see the internal view by default.
 
 A: BIND 9.3 and later: Use TSIG to select the appropriate view.
 
@@ -248,7 +262,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view.
            };
            view "external" {
                    match-clients { key external; any; };
-                   server 10.0.0.2 { keys external; };
+                   server 10.0.1.2 { keys external; };
                    recursion no;
                    ...
            };
@@ -264,7 +278,7 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view.
            };
            view "external" {
                    match-clients { key external; any; };
-                   server 10.0.0.1 { keys external; };
+                   server 10.0.1.1 { keys external; };
                    recursion no;
                    ...
            };
@@ -272,8 +286,8 @@ A: BIND 9.3 and later: Use TSIG to select the appropriate view.
 Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
 
 A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
-   certain interrupts as a source of random events. You can make this permanent
-   by setting rand_irqs in /etc/rc.conf.
+   certain interrupts as a source of random events. You can make this permanent by
+   setting rand_irqs in /etc/rc.conf.
 
    /etc/rc.conf
    rand_irqs="3 14 15"
@@ -283,26 +297,33 @@ A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to use
 Q: Why is named listening on UDP port other than 53?
 
 A: Named uses a system selected port to make queries of other nameservers. This
-   behaviour can be overridden by using query-source to lock down the port and/
-   or address. See also notify-source and transfer-source.
+   behaviour can be overridden by using query-source to lock down the port and/or
+   address. See also notify-source and transfer-source.
 
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME and
-   other data" when transferring a zone. What does this mean?
+Q: I get error messages like "multiple RRs of singleton type" and "CNAME and other
+   data" when transferring a zone. What does this mean?
 
 A: These indicate a malformed master zone. You can identify the exact records
-   involved by transferring the zone using dig then running named-checkzone on
-   it.
+   involved by transferring the zone using dig then running named-checkzone on it.
 
    dig axfr example.com @master-server > tmp
    named-checkzone example.com tmp
 
-Q: I get error messages like "named.conf:99: unexpected end of input" where 99
-   is the last line of named.conf.
+   A CNAME record cannot exist with the same name as another record except for the
+   DNSSEC records which prove its existence (NSEC).
+
+   RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
+   should be present; this ensures that the data for a canonical name and its
+   aliases cannot be different. This rule also insures that a cached CNAME can be
+   used without checking with an authoritative server for other RR types."
+
+Q: I get error messages like "named.conf:99: unexpected end of input" where 99 is
+   the last line of named.conf.
 
 A: Some text editors (notepad and wordpad) fail to put a line title indication
-   (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding"
-   a blank line to the end of the file. Named expects to see EOF immediately
-   after EOL and treats text files where this is not met as truncated.
+   (e.g. CR/LF) on the last line of a text file. This can be fixed by "adding" a
+   blank line to the end of the file. Named expects to see EOF immediately after
+   EOL and treats text files where this is not met as truncated.
 
 Q: I get warning messages like "zone example.com/IN: refresh: failure trying
    master 1.2.3.4#53: timed out".
@@ -311,15 +332,15 @@ A: Check that you can make UDP queries from the slave to the master
 
    dig +norec example.com soa @1.2.3.4
 
-   You could be generating queries faster than the slave can cope with. Lower
-   the serial query rate.
+   You could be generating queries faster than the slave can cope with. Lower the
+   serial query rate.
 
    serial-query-rate 5; // default 20
 
 Q: How do I share a dynamic zone between multiple views?
 
-A: You choose one view to be master and the second a slave and transfer the
-   zone between views.
+A: You choose one view to be master and the second a slave and transfer the zone
+   between views.
 
    Master 10.0.1.1:
            key "external" {
@@ -362,14 +383,14 @@ Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
    file primaries/wireless.ietf56.ietf.org: no owner".
 
 A: This error is produced when a line in the master file contains leading white
-   space (tab/space) but the is no current record owner name to inherit the
-   name from. Usually this is the result of putting white space before a
-   comment. Forgeting the "@" for the SOA record or indenting the master file.
+   space (tab/space) but the is no current record owner name to inherit the name
+   from. Usually this is the result of putting white space before a comment.
+   Forgetting the "@" for the SOA record or indenting the master file.
 
 Q: Why are my logs in GMT (UTC).
 
-A: You are running chrooted (-t) and have not supplied local timzone
-   information in the chroot area.
+A: You are running chrooted (-t) and have not supplied local timezone information
+   in the chroot area.
 
    FreeBSD: /etc/localtime
    Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
@@ -387,23 +408,23 @@ Q: I get "rndc: connect failed: connection refused" when I try to run rndc.
 
 A: This is usually a configuration error.
 
-   First ensure that named is running and no errors are being reported at
-   startup (/var/log/messages or equivalent). Running "named -g <usual
-   arguments>" from a title can help at this point.
+   First ensure that named is running and no errors are being reported at startup
+   (/var/log/messages or equivalent). Running "named -g <usual arguments>" from a
+   title can help at this point.
 
    Secondly ensure that named is configured to use rndc either by "rndc-confgen
-   -a", rndc-confgen or manually. The Administrators Reference manual has
-   details on how to do this.
+   -a", rndc-confgen or manually. The Administrators Reference manual has details
+   on how to do this.
 
    Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /etc/
    rndc.conf for the default server. Update /etc/rndc.conf if necessary so that
    the default server listed in /etc/rndc.conf matches the addresses used in
    named.conf. "localhost" has two address (127.0.0.1 and ::1).
 
-   If you use "rndc-confgen -a" and named is running with -t or -u ensure that
-   /etc/rndc.conf has the correct ownership and that a copy is in the chroot
-   area. You can do this by re-running "rndc-confgen -a" with appropriate -t
-   and -u arguments.
+   If you use "rndc-confgen -a" and named is running with -t or -u ensure that /
+   etc/rndc.conf has the correct ownership and that a copy is in the chroot area.
+   You can do this by re-running "rndc-confgen -a" with appropriate -t and -u
+   arguments.
 
 Q: I don't get RRSIG's returned when I use "dig +dnssec".
 
@@ -411,12 +432,11 @@ A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
 
 Q: I get "Error 1067" when starting named under Windows.
 
-A: This is the service manager saying that named exited. You need to examine
-   the Application log in the EventViewer to find out why.
+A: This is the service manager saying that named exited. You need to examine the
+   Application log in the EventViewer to find out why.
 
-   Common causes are that you failed to create "named.conf" (usually "C:\
-   windows\dns\etc\named.conf") or failed to specify the directory in
-   named.conf.
+   Common causes are that you failed to create "named.conf" (usually "C:\windows\
+   dns\etc\named.conf") or failed to specify the directory in named.conf.
 
    options {
            Directory "C:\windows\dns\etc";
@@ -431,11 +451,11 @@ A: These indicate a filesystem permission error preventing named creating /
 
    "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
 
-   Named needs write permission on the directory containing the file. Named
-   writes the new cache file to a temporary file then renames it to the name
-   specified in named.conf to ensure that the contents are always complete.
-   This is to prevent named loading a partial zone in the event of power
-   failure or similar interrupting the write of the master file.
+   Named needs write permission on the directory containing the file. Named writes
+   the new cache file to a temporary file then renames it to the name specified in
+   named.conf to ensure that the contents are always complete. This is to prevent
+   named loading a partial zone in the event of power failure or similar
+   interrupting the write of the master file.
 
    Note file names are relative to the directory specified in options and any
    chroot directory ([<chroot dir>/][<options dir>]).
@@ -454,7 +474,7 @@ A: These indicate a filesystem permission error preventing named creating /
            masters { 192.168.4.12; };
    };
 
-Q: How do I intergrate BIND 9 and Solaris SMF
+Q: How do I integrate BIND 9 and Solaris SMF
 
 A: Sun has a blog entry describing how to do this.
 
@@ -467,7 +487,7 @@ A: No. The rules for glue (copies of the *address* records in the parent zones)
 
    You would have to add both the CNAME and address records (A/AAAA) as glue to
    the parent zone and have CNAMEs be followed when doing additional section
-   processing to make it work. No namesever implementation supports either of
+   processing to make it work. No nameserver implementation supports either of
    these requirements.
 
 Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
@@ -475,14 +495,14 @@ Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
 A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
    using then you have failed to follow RFC 1918 usage rules and are leaking
    queries to the Internet. You should establish your own zones for these
-   addresses to prevent you quering the Internet's name servers for these
+   addresses to prevent you querying the Internet's name servers for these
    addresses. Please see http://as112.net/ for details of the problems you are
    causing and the counter measures that have had to be deployed.
 
    If you are not using these private addresses then a client has queried for
    them. You can just ignore the messages, get the offending client to stop
-   sending you these messages as they are most probably leaking them or setup
-   your own zones empty zones to serve answers to these queries.
+   sending you these messages as they are most probably leaking them or setup your
+   own zones empty zones to serve answers to these queries.
 
    zone "10.IN-ADDR.ARPA" {
            type master;
@@ -515,3 +535,187 @@ A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
 
    Future versions of named are likely to do this automatically.
 
+Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
+
+   Why can't named update slave zone database files?
+
+   Why can't named create DDNS journal files or update the master zones from
+   journals?
+
+   Why can't named create custom log files?
+
+A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
+
+   Red Hat have adopted the National Security Agency's SELinux security policy (
+   see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
+   are more secure than running named in a chroot and make use of the bind-chroot
+   environment unnecessary .
+
+   By default, named is not allowed by the SELinux policy to write, create or
+   delete any files EXCEPT in these directories:
+
+   $ROOTDIR/var/named/slaves
+   $ROOTDIR/var/named/data
+   $ROOTDIR/var/tmp
+
+
+   where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is installed.
+
+   The SELinux policy particularly does NOT allow named to modify the $ROOTDIR/var
+   /named directory, the default location for master zone database files.
+
+   SELinux policy overrules file access permissions - so even if all the files
+   under /var/named have ownership named:named and mode rw-rw-r--, named will
+   still not be able to write or create files except in the directories above,
+   with SELinux in Enforcing mode.
+
+   So, to allow named to update slave or DDNS zone files, it is best to locate
+   them in $ROOTDIR/var/named/slaves, with named.conf zone statements such as:
+
+   zone "slave.zone." IN {
+           type slave;
+           file "slaves/slave.zone.db";
+           ...
+   };
+   zone "ddns.zone." IN  {
+           type master;
+           allow-updates {...};
+           file "slaves/ddns.zone.db";
+   };
+
+
+   To allow named to create its cache dump and statistics files, for example, you
+   could use named.conf options statements such as:
+
+   options {
+           ...
+           dump-file "/var/named/data/cache_dump.db";
+           statistics-file "/var/named/data/named_stats.txt";
+           ...
+   };
+
+
+   You can also tell SELinux to allow named to update any zone database files, by
+   setting the SELinux tunable boolean parameter 'named_write_master_zones=1',
+   using the system-config-securitylevel GUI, using the 'setsebool' command, or in
+   /etc/selinux/targeted/booleans.
+
+   You can disable SELinux protection for named entirely by setting the
+   'named_disable_trans=1' SELinux tunable boolean parameter.
+
+   The SELinux named policy defines these SELinux contexts for named:
+
+   named_zone_t : for zone database files       - $ROOTDIR/var/named/*
+   named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
+   named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
+
+
+   If you want to retain use of the SELinux policy for named, and put named files
+   in different locations, you can do so by changing the context of the custom
+   file locations .
+
+   To create a custom configuration file location, e.g. '/root/named.conf', to use
+   with the 'named -c' option, do:
+
+   # chcon system_u:object_r:named_conf_t /root/named.conf
+
+
+   To create a custom modifiable named data location, e.g. '/var/log/named' for a
+   log file, do:
+
+   # chcon system_u:object_r:named_cache_t /var/log/named
+
+
+   To create a custom zone file location, e.g. /root/zones/, do:
+
+   # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
+
+
+   See these man-pages for more information : selinux(8), named_selinux(8), chcon
+   (1), setsebool(8)
+
+Q: I want to forward all DNS queries from my caching nameserver to another server.
+   But there are some domains which have to be served locally, via rbldnsd.
+
+   How do I achieve this ?
+
+A: options {
+           forward only;
+           forwarders { <ip.of.primary.nameserver>; };
+   };
+
+   zone "sbl-xbl.spamhaus.org" {
+           type forward; forward only;
+           forwarders { <ip.of.rbldns.server> port 530; };
+   };
+
+   zone "list.dsbl.org" {
+           type forward; forward only;
+           forwarders { <ip.of.rbldns.server> port 530; };
+   };
+
+
+Q: Will named be affected by the 2007 changes to daylight savings rules in the US.
+
+A: No, so long as the machines internal clock (as reported by "date -u") remains
+   at UTC. The only visible change if you fail to upgrade your OS, if you are in a
+   affected area, will be that log messages will be a hour out during the period
+   where the old rules do not match the new rules.
+
+   For most OS's this change just means that you need to update the conversion
+   rules from UTC to local time. Normally this involves updating a file in /etc
+   (which sets the default timezone for the machine) and possibly a directory
+   which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
+   When updating the OS do not forget to update any chroot areas as well. See your
+   OS's documentation for more details.
+
+   The local timezone conversion rules can also be done on a individual basis by
+   setting the TZ environment variable appropriately. See your OS's documentation
+   for more details.
+
+Q: Why do we get the following warning at run time:
+
+   kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT
+
+A: The early Linux kernels broke sendto() by having it return that a ICMP
+   unreachable had be received for non connected UDP sockets. This made non
+   connected UDP sockets work like connected UDP socket which is fine when you are
+   only talking to one destination. Named however talks to multiple destinations
+   and it caused problems.
+
+   Rather than fix sendto() to just have BSD behaviour they added SO_BSDCOMPAT to
+   turn BSD behaviour on/off on a per socket basis.
+
+   Later they decided to make BSD behaviour the default and to aggressively track
+   down applications that used SO_BSDCOMPAT by issuing a warning. This is the sort
+   of things vendors do in alpha/beta stages of a release so that their code is
+   clean. They then turn the warning *off* for release code.
+
+   We still have customers that have kernels that require SO_BSDCOMPAT to operate.
+   We therefore cannot remove the setsockopt(SO_BSDCOMPAT) call.
+
+   Now most/all portable applications that use SO_BSDCOMPAT use it conditionally
+   manner so just removing SO_BSDCOMPAT from the header file would be safe as long
+   as the binary was not to be moved between systems. BIND's use is conditional.
+
+   In short, the Linux developers should either, remove the #define for
+   SO_BSDCOMPAT, and/or remove the warning.
+
+Q: Isn't "make install" supposed to generate a default named.conf?
+
+A: Short Answer: No.
+
+   Long Answer: There really isn't a default configuration which fits any site
+   perfectly. There are lots of decisions that need to be made and there is no
+   consensus on what the defaults should be. For example FreeBSD uses /etc/namedb
+   as the location where the configuration files for named are stored. Others use
+   /var/named.
+
+   What addresses to listen on? For a laptop on the move a lot you may only want
+   to listen on the loop back interfaces.
+
+   Who do you offer recursive service to? Is there are firewall to consider? If so
+   is it stateless or stateful. Are you directly on the Internet? Are you on a
+   private network? Are you on a NAT'd network? The answers to all these questions
+   change how you configure even a caching name server.
+

FAQ.xml

@@ -1,10 +1,11 @@
+<?xml-stylesheet href="common.css" type="text/css"?>
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -17,10 +18,26 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: FAQ.xml,v 1.4.6.2 2005/09/06 02:58:40 marka Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.8.9 2007/08/28 07:18:12 tbox Exp $ -->
 
 <article class="faq">
   <title>Frequently Asked Questions about BIND 9</title>
+  <articleinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2002</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </articleinfo>
   <qandaset defaultlabel='qanda'>
     <qandaentry>
       <question>
@@ -64,6 +81,26 @@
       </answer>
     </qandaentry>
 
+    <qandaentry>
+      <question>
+	<para>
+	  Why do I get the following errors:
+<programlisting>general: errno2result.c:109: unexpected error:
+general: unable to convert errno to isc_result: 14: Bad address
+client: UDP client handler shutting down due to fatal receive error: unexpected error</programlisting>
+	</para>
+      </question>
+      <answer>
+	<para>
+	  This is the result of a Linux kernel bug.
+	</para>
+	<para>
+	  See:
+	  <ulink url="http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2">http://marc.theaimsgroup.com/?l=linux-netdev&amp;m=113081708031466&amp;w=2</ulink>
+	</para>
+      </answer>
+    </qandaentry>
+
     <qandaentry>
       <question>
 	<para>
@@ -105,6 +142,10 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
 	  is not cumulative; if each process is using 10M of memory,
 	  only a total of 10M is used.
 	</para>
+	<para>
+	  Newer versions of Linux's ps command hide the individual threads
+	  and require -L to display them.
+	</para>
       </answer>
     </qandaentry>
 
@@ -146,17 +187,17 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
     <qandaentry>
       <question>
 	<para>
-	How do I produce a usable core file from a multithreaded
+	How do I produce a usable core file from a multi-threaded
 	named on Linux?
 	</para>
       </question>
       <answer>
 	<para>
-	If the Linux kernel is 2.4.7 or newer, multithreaded core
+	If the Linux kernel is 2.4.7 or newer, multi-threaded core
 	dumps are usable (that is, the correct thread is dumped).
 	Otherwise, if using a 2.2 kernel, apply the kernel patch
 	found in contrib/linux/coredump-patch and rebuild the kernel.
-	This patch will cause multithreaded programs to dump the
+	This patch will cause multi-threaded programs to dump the
 	correct thread.
 	</para>
       </answer>
@@ -516,7 +557,7 @@ Master 10.0.1.1:
 	};
 	view "external" {
 		match-clients { key external; any; };
-		server 10.0.0.2 { keys external; };
+		server 10.0.1.2 { keys external; };
 		recursion no;
 		...
 	};
@@ -532,7 +573,7 @@ Slave 10.0.1.2:
 	};
 	view "external" {
 		match-clients { key external; any; };
-		server 10.0.0.1 { keys external; };
+		server 10.0.1.1 { keys external; };
 		recursion no;
 		...
 	};</programlisting>
@@ -602,6 +643,17 @@ rand_irqs="3 14 15"</programlisting>
 dig axfr example.com @master-server &gt; tmp
 named-checkzone example.com tmp</programlisting>
 	</informalexample>
+	<para>
+	  A CNAME record cannot exist with the same name as another record
+	  except for the DNSSEC records which prove its existence (NSEC).
+	</para>
+	<para>
+	  RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
+	  no other data should be present; this ensures that the data for a
+	  canonical name and its aliases cannot be different.  This rule also
+	  insures that a cached CNAME can be used without checking with an
+	  authoritative server for other RR types.</quote>
+	</para>
       </answer>
     </qandaentry>
 
@@ -717,7 +769,7 @@ Master 10.0.1.1:
 	  contains leading white space (tab/space) but the is no
 	  current record owner name to inherit the name from.  Usually
 	  this is the result of putting white space before a comment.
-	  Forgeting the "@" for the SOA record or indenting the master
+	  Forgetting the "@" for the SOA record or indenting the master
 	  file.
 	</para>
       </answer>
@@ -731,7 +783,7 @@ Master 10.0.1.1:
       </question>
       <answer>
 	<para>
-	  You are running chrooted (-t) and have not supplied local timzone
+	  You are running chrooted (-t) and have not supplied local timezone
 	  information in the chroot area.
 	</para>
 	<simplelist>
@@ -894,7 +946,7 @@ zone "example.net" {
     <qandaentry>
       <question>
 	<para>
-	  How do I intergrate BIND 9 and Solaris SMF
+	  How do I integrate BIND 9 and Solaris SMF
 	</para>
       </question>
       <answer>
@@ -926,7 +978,7 @@ zone "example.net" {
 	  You would have to add both the CNAME and address records
 	  (A/AAAA) as glue to the parent zone and have CNAMEs be
 	  followed when doing additional section processing to make
-	  it work.  No namesever implementation supports either of
+	  it work.  No nameserver implementation supports either of
 	  these requirements.
 	</para>
       </answer>
@@ -945,7 +997,7 @@ zone "example.net" {
 	  space you are using then you have failed to follow RFC 1918
 	  usage rules and are leaking queries to the Internet.  You
 	  should establish your own zones for these addresses to prevent
-	  you quering the Internet's name servers for these addresses.
+	  you querying the Internet's name servers for these addresses.
 	  Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
 	  for details of the problems you are causing and the counter
 	  measures that have had to be deployed.
@@ -986,9 +1038,318 @@ empty:
 	       1 3600 1200 604800 10800 )
 @ 10800 IN NS &lt;name-of-server&gt;.</programlisting>
 	</informalexample>
+	<para>
 	<note>
 	  Future versions of named are likely to do this automatically.
 	</note>
+	</para>
+      </answer>
+    </qandaentry>
+
+    <qandaentry>
+      <question>
+	<para>
+	   I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
+	</para>
+	<para>
+	  Why can't named update slave zone database files?
+	</para>
+	<para>
+	  Why can't named create DDNS journal files or update
+	  the master zones from journals?
+	</para>
+	<para>
+	  Why can't named create custom log files?
+	</para>
+      </question>
+
+      <answer>
+	<para>
+	  Red Hat Security Enhanced Linux (SELinux) policy security
+	  protections :
+	</para>
+
+	<para>
+	   Red Hat have adopted the National Security Agency's
+	   SELinux security policy ( see http://www.nsa.gov/selinux
+	   ) and recommendations for BIND security , which are more
+	   secure than running named in a chroot and make use of
+	   the bind-chroot environment unnecessary .
+	</para>
+
+	<para>
+	  By default, named is not allowed by the SELinux policy
+	  to write, create or delete any files EXCEPT in these
+	  directories:
+	  <informalexample>
+	    <programlisting>
+$ROOTDIR/var/named/slaves
+$ROOTDIR/var/named/data
+$ROOTDIR/var/tmp
+	    </programlisting>
+	  </informalexample>
+	  where $ROOTDIR may be set in /etc/sysconfig/named if
+	  bind-chroot is installed.
+	</para>
+
+	<para>
+	  The SELinux policy particularly does NOT allow named to modify
+	  the $ROOTDIR/var/named directory, the default location for master
+	  zone database files.
+	</para>
+
+	<para>
+	  SELinux policy overrules file access permissions - so
+	  even if all the files under /var/named have ownership
+	  named:named and mode rw-rw-r--, named will still not be
+	  able to write or create files except in the directories
+	  above, with SELinux in Enforcing mode.
+	</para>
+  
+	<para>
+	  So, to allow named to update slave or DDNS zone files,
+	  it is best to locate them in $ROOTDIR/var/named/slaves,
+	  with named.conf zone statements such as:
+	  <informalexample>
+	    <programlisting>
+zone "slave.zone." IN {
+	type slave;
+	file "slaves/slave.zone.db";
+	...
+};   
+zone "ddns.zone." IN  {
+	type master;
+	allow-updates {...};
+	file "slaves/ddns.zone.db";
+};
+	    </programlisting>
+	  </informalexample>
+	</para>
+
+	<para>
+	  To allow named to create its cache dump and statistics
+	  files, for example, you could use named.conf options
+	  statements such as:
+	  <informalexample>
+	    <programlisting>
+options {
+	...
+	dump-file "/var/named/data/cache_dump.db";
+	statistics-file "/var/named/data/named_stats.txt";
+	...
+};
+	    </programlisting>
+	  </informalexample>
+	</para>
+
+	<para>
+	  You can also tell SELinux to allow named to update any
+	  zone database files, by setting the SELinux tunable boolean
+	  parameter 'named_write_master_zones=1', using the
+	  system-config-securitylevel GUI, using the 'setsebool'
+	  command, or in /etc/selinux/targeted/booleans.
+	</para>
+  
+	<para>
+	  You can disable SELinux protection for named entirely by
+	  setting the 'named_disable_trans=1' SELinux tunable boolean
+	  parameter.
+	</para>
+    
+	<para>
+	  The SELinux named policy defines these SELinux contexts for named:
+	  <informalexample>
+	    <programlisting>
+named_zone_t : for zone database files       - $ROOTDIR/var/named/*
+named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
+named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
+	    </programlisting>
+	  </informalexample>
+	</para>
+   
+	<para>
+	  If you want to retain use of the SELinux policy for named,
+	  and put named files in different locations, you can do
+	  so by changing the context of the custom file locations
+	  .
+	</para>
+
+	<para>
+	  To create a custom configuration file location, e.g.
+	  '/root/named.conf', to use with the 'named -c' option,
+	  do:
+	  <informalexample>
+	    <programlisting>
+# chcon system_u:object_r:named_conf_t /root/named.conf
+	    </programlisting>
+	  </informalexample>
+	</para>
+  
+	<para>
+	  To create a custom modifiable named data location, e.g.
+	  '/var/log/named' for a log file, do:
+	  <informalexample>
+	    <programlisting>
+# chcon system_u:object_r:named_cache_t /var/log/named
+	    </programlisting>
+	  </informalexample>
+	</para>
+   
+	<para>
+   To create a custom zone file location, e.g. /root/zones/, do:
+	  <informalexample>
+	    <programlisting>
+# chcon system_u:object_r:named_zone_t /root/zones/{.,*}
+	    </programlisting>
+	  </informalexample>
+	</para>
+  
+	<para>
+	  See these man-pages for more information : selinux(8),
+	  named_selinux(8), chcon(1), setsebool(8)
+	</para>
+      </answer>
+    </qandaentry>
+
+    <qandaentry>
+      <question>
+	<para>
+	  I want to forward all DNS queries from my caching nameserver to
+	  another server. But there are some domains which have to be
+	  served locally, via rbldnsd.
+	</para>
+	<para>
+	  How do I achieve this ?
+	</para>
+      </question>
+      <answer>
+        <programlisting>
+options {
+	forward only;
+	forwarders { &lt;ip.of.primary.nameserver&gt;; };
+};
+
+zone "sbl-xbl.spamhaus.org" {
+	type forward; forward only;
+	forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
+};
+
+zone "list.dsbl.org" {
+	type forward; forward only;
+	forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
+};
+        </programlisting>
+      </answer>
+    </qandaentry>
+
+    <qandaentry>
+      <question>
+	<para>
+	  Will named be affected by the 2007 changes to daylight savings
+	  rules in the US.
+	</para>
+      </question>
+      <answer>
+	<para>
+	  No, so long as the machines internal clock (as reported
+	  by "date -u") remains at UTC.  The only visible change
+	  if you fail to upgrade your OS, if you are in a affected
+	  area, will be that log messages will be a hour out during
+	  the period where the old rules do not match the new rules.
+	</para>
+	<para>
+	  For most OS's this change just means that you need to
+	  update the conversion rules from UTC to local time.
+	  Normally this involves updating a file in /etc (which
+	  sets the default timezone for the machine) and possibly
+	  a directory which has all the conversion rules for the
+	  world (e.g. /usr/share/zoneinfo).  When updating the OS
+	  do not forget to update any chroot areas as well.
+	  See your OS's documentation for more details.
+	</para>
+	<para>
+	  The local timezone conversion rules can also be done on
+	  a individual basis by setting the TZ environment variable
+	  appropriately.  See your OS's documentation for more
+	  details.
+	</para>
+      </answer>
+    </qandaentry>
+
+    <qandaentry>
+      <question>
+	<para>
+	  Why do we get the following warning at run time:
+<programlisting>kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT</programlisting>
+	</para>
+      </question>
+      <answer>
+	<para>
+          The early Linux kernels broke sendto() by having it return     
+          that a ICMP unreachable had be received for non connected
+          UDP sockets.  This made non connected UDP sockets work like
+          connected UDP socket which is fine when you are only talking
+          to one destination.  Named however talks to multiple
+          destinations and it caused problems.
+	</para>
+	<para>
+          Rather than fix sendto() to just have BSD behaviour they added
+          SO_BSDCOMPAT to turn BSD behaviour on/off on a per socket basis.
+	</para>
+	<para>
+          Later they decided to make BSD behaviour the default and
+          to aggressively track down applications that used SO_BSDCOMPAT
+          by issuing a warning.  This is the sort of things vendors
+          do in alpha/beta stages of a release so that their code is
+          clean.  They then turn the warning *off* for release code.
+	</para>
+	<para>
+          We still have customers that have kernels that require
+          SO_BSDCOMPAT to operate.  We therefore cannot remove the
+          setsockopt(SO_BSDCOMPAT) call.
+	</para>
+	<para>
+          Now most/all portable applications that use SO_BSDCOMPAT use it
+          conditionally manner so just removing SO_BSDCOMPAT from the
+          header file would be safe as long as the binary was not to
+          be moved between systems.  BIND's use is conditional.
+	</para>
+	<para>
+	  In short, the Linux developers should either, remove the #define for
+	  SO_BSDCOMPAT, and/or remove the warning.
+	</para>
+      </answer>
+    </qandaentry>
+
+    <qandaentry>
+      <question>
+	<para>
+	  Isn't "make install"  supposed to generate a default named.conf?
+	</para>
+      </question>
+      <answer>
+	<para>
+	  Short Answer: No. 
+	</para>
+	<para>
+	  Long Answer: There really isn't a default configuration which fits
+	  any site perfectly.  There are lots of decisions that need to
+	  be made and there is no consensus on what the defaults should be.
+	  For example FreeBSD uses /etc/namedb as the location where the
+	  configuration files for named are stored.  Others use /var/named.
+	</para>
+	<para>
+	  What addresses to listen on?  For a laptop on the move a lot
+	  you may only want to listen on the loop back interfaces.
+	</para>
+	<para>
+	  Who do you offer recursive service to?  Is there are firewall
+	  to consider?  If so is it stateless or stateful.  Are you
+	  directly on the Internet?  Are you on a private network? Are
+	  you on a NAT'd network? The answers
+	  to all these questions change how you configure even a
+	  caching name server.
+	</para>
       </answer>
     </qandaentry>
 

Makefile.in

@@ -1,5 +1,5 @@
-# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002  Internet Software Consortium.
+# Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 1998-2001, 2003  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.41.2.2.2.2 2004/03/08 04:04:12 marka Exp $
+# $Id: Makefile.in,v 1.41.2.5 2006/05/19 00:03:59 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -44,7 +44,8 @@ maintainer-clean::
 	rm -f configure
 
 installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
+	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
+	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
 
 install:: isc-config.sh installdirs
 	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}

README

@@ -28,7 +28,7 @@ BIND 9
 
 
 	BIND version 9 development has been underwritten by the following
-	organizations:
+	organisations:
 
 		Sun Microsystems, Inc.
 		Hewlett Packard
@@ -43,58 +43,73 @@ BIND 9
 		Nominum, Inc.
 
 
-BIND 9.3.2
+BIND 9.2.9
 
-        BIND 9.3.2 is a maintenance release, containing fixes for
-        a number of bugs in 9.3.1.
+	BIND 9.2.9 is the final maintenance release for BIND 9.2.
+	BIND 9.2.9 contains fixes for a number of bugs in 9.2.8.
+	
+BIND 9.2.8
 
-        libbind: corresponds to that from BIND 8.4.7-REL.
+	BIND 9.2.9 is a security release for BIND 9.2.
 
-BIND 9.3.1
+BIND 9.2.7
 
-        BIND 9.3.1 is a maintenance release, containing fixes for
-        a number of bugs in 9.3.0.
+	BIND 9.2.7 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.6.
 
-        libbind: corresponds to that from BIND 8.4.6-REL.
+BIND 9.2.6
 
-BIND 9.3.0
+	BIND 9.2.6 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.5.
 
-	BIND 9.3.0 has a number of new features over 9.2,
-	including:
+	libbind: corresponds to that from BIND 8.4.7-REL.
 
-	DNSSEC is now DS based (RFC 3658).
-	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
+BIND 9.2.5
 
-	DNSSEC lookaside validation.
+	BIND 9.2.5 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.4.
 
-	check-names is now implemented.
-	rrset-order in more complete.
+	libbind: corresponds to that from BIND 8.4.6-REL.
 
-	IPv4/IPv6 transition support, dual-stack-servers.
-
-	IXFR deltas can now be generated when loading master files,
-	ixfr-from-differences.
-
-	It is now possible to specify the size of a journal, max-journal-size.
-
-	It is now possible to define a named set of master servers to be
-	used in masters clause, masters.
-
-	The advertised EDNS UDP size can now be set, edns-udp-size.
-
-	allow-v6-synthesis has been obsoleted.
-
-	NOTE:
-	* Zones containing MD and MF will now be rejected.
-	* dig, nslookup name. now report "Not Implemented" as
-	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
-	  that are looking for NOTIMPL.
+BIND 9.2.4
 
+	BIND 9.2.4 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.3.
+	
 	libbind: corresponds to that from BIND 8.4.5.
 
+BIND 9.2.3
+	
+	BIND 9.2.3 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.2.
+
+	A new zone type delegation-only is now supported.
+	A new view option root-delegation-only is now supported.
+
+	libbind: corresponds to that from BIND 8.4.0.
+
+BIND 9.2.2
+
+	BIND 9.2.2 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.1 but no new features.  RFC 2535
+	style DNSSEC is disabled as it is incompatible with the
+	forthcoming DS style DNSSEC.
+
+	libbind: from BIND 8.3.3. [CERT CA-2002-19]
+	Minimum OpenSSL version now 0.9.6e. [CERT CA-2002-23]
+
+BIND 9.2.1
+
+	BIND 9.2.1 is a maintenance release, containing fixes for
+	a number of bugs in 9.2.0 but no new features.
+
+	NOTE: dig, nslookup name. now report "Not Implemented" as
+	NOTIMP rather than NOTIMPL.  This will have impact on scripts
+	that are looking for NOTIMPL.
+
 BIND 9.2.0
 
-	BIND 9.2.0 has a number of new features over 9.1,
+	BIND 9.2.0 introduces a number of new features over 9.1,
 	including:
 
 	  - The size of the cache can now be limited using the
@@ -148,8 +163,8 @@ BIND 9.2.0
 
 	BIND 9.2 is capable of acting as an authoritative server
 	for DNSSEC secured zones.  This functionality is believed to
-	be stable and complete except for lacking support for
-	verifications involving wildcard records in secure zones.
+	be stable and complete except for lacking support for wildcard
+	records in secure zones.
 
 	When acting as a caching server, BIND 9.2 can be configured
 	to perform DNSSEC secure resolution on behalf of its clients.
@@ -173,14 +188,16 @@ BIND 9.2.0
 		This is due to a bug in "/dev/random" and impacts the
 		server's DNSSEC support.
 
-		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
-		OS X 10.2 (Darwin 6.0) reports errors like
+		OS X 10.1.4 (Darwin 5.4) reports errors like
 		"fcntl(3, F_SETFL, 4): Operation not supported by device".
 		This is due to a bug in "/dev/random" and impacts the
 		server's DNSSEC support.
 
 		--with-libtool does not work on AIX.
 
+		--with-libtool does not work on SunOS 4.  configure
+		requires "printf" which is not available.
+
 	A bug in the Windows 2000 DNS server can cause zone transfers
 	from a BIND 9 server to a W2K server to fail.  For details,
 	see the "Zone Transfers" section in doc/misc/migration.
@@ -196,13 +213,13 @@ Building
 
 	We've had successful builds and tests on the following systems:
 
-		COMPAQ Tru64 UNIX 5.1B
-		FreeBSD 4.10, 5.2.1
-		HP-UX 11.11
-		NetBSD 1.5
-		Slackware Linux 8.1
-		Solaris 8, 9, 9 (x86)
-		Windows NT/2000/XP/2003
+                COMPAQ Tru64 UNIX 5.1B
+                FreeBSD 4.10, 5.2.1
+                HP-UX 11.11
+                NetBSD 1.5
+                Slackware Linux 8.1
+                Solaris 8, 9, 9 (x86)
+                Windows NT/2000/XP/2003
 
 	Additionally, we have unverified reports of success building
 	previous versions of BIND 9 from users of the following systems:
@@ -212,11 +229,11 @@ Building
 		Slackware Linux 7.x, 8.0
 	        Red Hat Linux 7.1
 		Debian GNU/Linux 2.2 and 3.0
-		Mandrake 8.1
-		OpenBSD 2.6, 2.8, 2.9
+		OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8
 		UnixWare 7.1.1
 		HP-UX 10.20
 		BSD/OS 4.2
+		OpenUNIX 8
 		Mac OS X 10.1, 10.3.8
 
 	To build, just
@@ -235,7 +252,7 @@ Building
 
 	    CFLAGS
 		C compiler flags.  Defaults to include -g and/or -O2
-		as supported by the compiler.  
+		as supported by the compiler.
 
 	    STD_CINCLUDES
 		System header file directories.	 Can be used to specify
@@ -247,15 +264,29 @@ Building
 		Defaults to empty string.
 
 		Possible settings:
-		Change the default syslog facility of named/lwresd.
-		  -DISC_FACILITY=LOG_LOCAL0	
-		Enable DNSSEC signature chasing support in dig.
-		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-				    -DDIG_SIGCHASE_BU=1)
+		-DISC_RFC2535
+			Enable support RFC 2535 style DNSSEC.  This
+			is incompatable with the upcoming DS support
+			and SHOULD NOT be set unless you are currently
+			making use of it.
+		-DNS_CLIENT_DROPPORT=0
+			Disable dropping queries from particular well
+			known ports.
 
 	    LDFLAGS
 		Linker flags. Defaults to empty string.
 
+	The following need to be set when cross compiling.
+
+	    BUILD_CC
+		The native C compiler.
+	    BUILD_CFLAGS (optional)
+	    BUILD_CPPFLAGS (optional)
+		Possible Settings:
+		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
+	    BUILD_LDFLAGS (optional)
+	    BUILD_LIBS (optional)
+
 	To build shared libraries, specify "--with-libtool" on the
 	configure command line.
 
@@ -308,8 +339,9 @@ Building
 	compiler (e.g. the various BSD systems, Linux).
 	
 	Known compiler issues:
-	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
-	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
+	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86
+	  if the optimiser is enabled.  Use -O0 to disable the optimiser.
+	* gcc ultrasparc generates incorrect code at -02.
 	* gcc-3.3.5 powerpc generates incorrect code at -02.
 	* Irix, MipsPRO 7.4.1m is known to cause problems.
 
@@ -318,7 +350,6 @@ Building
 	on your system, and some require Perl; see bin/tests/system/README
 	for details.
 
-
 Documentation
 
 	The BIND 9 Administrator Reference Manual is included with the
@@ -344,13 +375,17 @@ Bug Reports and Mailing Lists
 
 		bind9-bugs@isc.org
 
+	Configuration questions should be sent to the BIND 9 Users
+	mailing list.  Compilation questions should be sent to the
+	BIND 9 Users mailing list.
+
 	To join the BIND Users mailing list, send mail to
 
 		bind-users-request@isc.org
-
+ 
 	archives of which can be found via
 
-		http://www.isc.org/ops/lists/
+		http://www.isc.org/ml-archives/
 
 	If you're planning on making changes to the BIND 9 source
 	code, you might want to join the BIND Workers mailing list.

acconfig.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
+ * Copyright (C) 1999-2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.35.2.4.2.10 2004/12/04 06:50:02 marka Exp $ */
+/* $Id: acconfig.h,v 1.35.2.10 2004/12/04 06:44:36 marka Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -53,9 +53,6 @@
 /* define if catgets() is available */
 #undef HAVE_CATGETS
 
-/* define if getifaddrs() exists */
-#undef HAVE_GETIFADDRS
-
 /* define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
 #undef HAVE_IFLIST_SYSCTL
 
@@ -134,12 +131,6 @@ int sigwait(const unsigned int *set, int *sig);
 /* define if you have strerror in the C library. */
 #undef HAVE_STRERROR
 
-/* Define if you are running under Compaq TruCluster. */
-#undef HAVE_TRUCLUSTER
-
-/* Define if OpenSSL includes DSA support */
-#undef HAVE_OPENSSL_DSA
-
 /* Define to the length type used by the socket API (socklen_t, size_t, int). */
 #undef ISC_SOCKADDR_LEN_T
 

bin/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.22.208.1 2004/03/06 10:21:10 marka Exp $
+# $Id: Makefile.in,v 1.22.2.1 2004/03/09 06:09:08 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/Makefile.in

@@ -1,5 +1,5 @@
 # Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2003  Internet Software Consortium.
+# Copyright (C) 2000-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.15.2.3.8.6 2004/07/20 07:01:48 marka Exp $
+# $Id: Makefile.in,v 1.15.2.6 2004/07/20 07:00:09 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,30 +21,27 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
-CINCLUDES =	${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${ISC_INCLUDES}
+CINCLUDES =	${DNS_INCLUDES} ${ISCCFG_INCLUDES} ${ISC_INCLUDES}
 
 CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
 LIBS =		@LIBS@
 
 SUBDIRS =
 
 # Alphabetically
-TARGETS =	named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
+TARGETS =	named-checkconf named-checkzone
 
 # Alphabetically
 SRCS =		named-checkconf.c named-checkzone.c check-tool.c
@@ -58,24 +55,21 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 @BIND9_MAKE_RULES@
 
 named-checkconf.@O@: named-checkconf.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/named-checkconf.c
 
 named-checkzone.@O@: named-checkzone.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/named-checkzone.c
 
-named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
-		${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
-	${DNSLIBS} ${ISCLIBS} ${LIBS}
+named-checkconf: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
+		 ${ISCCFGDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ named-checkconf.@O@ \
+	check-tool.@O@ ${ISCCFGLIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
 
-named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	named-checkzone.@O@ check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+named-checkzone: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ named-checkzone.@O@ \
+	check-tool.@O@ ${DNSLIBS} ${ISCLIBS} ${LIBS}
 
 doc man:: ${MANOBJS}
 
@@ -86,9 +80,9 @@ installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
-install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
+install:: named-checkconf named-checkzone installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf ${DESTDIR}${sbindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone ${DESTDIR}${sbindir}
 	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
 
 clean distclean::

bin/check/check-tool.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,44 +15,18 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.4.12.7 2004/11/30 01:15:40 marka Exp $ */
+/* $Id: check-tool.c,v 1.4.2.1 2004/03/09 06:09:08 marka Exp $ */
 
 #include <config.h>
 
 #include <stdio.h>
-#include <string.h>
 
 #include "check-tool.h"
 #include <isc/util.h>
 
-#include <isc/buffer.h>
 #include <isc/log.h>
-#include <isc/region.h>
-#include <isc/stdio.h>
 #include <isc/types.h>
 
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-#define CHECK(r) \
-        do { \
-		result = (r); \
-                if (result != ISC_R_SUCCESS) \
-                        goto cleanup; \
-        } while (0)   
-
-static const char *dbtype[] = { "rbt" };
-
-int debug = 0;
-isc_boolean_t nomerge = ISC_TRUE;
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS | 
-			    DNS_ZONEOPT_MANYERRORS |
-			    DNS_ZONEOPT_CHECKNAMES;
-
 isc_result_t
 setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
@@ -76,87 +50,3 @@ setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	*logp = log;
 	return (ISC_R_SUCCESS);
 }
-
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  const char *classname, dns_zone_t **zonep)
-{
-	isc_result_t result;
-	dns_rdataclass_t rdclass;
-	isc_textregion_t region;
-	isc_buffer_t buffer;
-	dns_fixedname_t fixorigin;
-	dns_name_t *origin;
-	dns_zone_t *zone = NULL;
-
-	REQUIRE(zonep == NULL || *zonep == NULL);
-
-	if (debug)
-		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
-			zonename, filename, classname);
-
-	CHECK(dns_zone_create(&zone, mctx));
-
-	dns_zone_settype(zone, dns_zone_master);
-
-	isc_buffer_init(&buffer, zonename, strlen(zonename));
-	isc_buffer_add(&buffer, strlen(zonename));
-	dns_fixedname_init(&fixorigin);
-	origin = dns_fixedname_name(&fixorigin);
-	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
-			        ISC_FALSE, NULL));
-	CHECK(dns_zone_setorigin(zone, origin));
-	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
-	CHECK(dns_zone_setfile(zone, filename));
-
-	DE_CONST(classname, region.base);
-	region.length = strlen(classname);
-	CHECK(dns_rdataclass_fromtext(&rdclass, &region));
-
-	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, zone_options, ISC_TRUE);
-	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
-
-	CHECK(dns_zone_load(zone));
-	if (zonep != NULL){
-		*zonep = zone;
-		zone = NULL;
-	}
-
- cleanup:
-	if (zone != NULL)
-		dns_zone_detach(&zone);
-	return (result);
-}
-
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename)
-{
-	isc_result_t result;
-	FILE *output = stdout;
-
-	if (debug) {
-		if (filename != NULL)
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
-				zonename, filename);
-		else
-			fprintf(stderr, "dumping \"%s\"\n", zonename);
-	}
-
-	if (filename != NULL) {
-		result = isc_stdio_open(filename, "w+", &output);
-
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "could not open output "
-				"file \"%s\" for writing\n", filename);
-			return (ISC_R_FAILURE);
-		}
-	}
-
-	result = dns_zone_fulldumptostream(zone, output);
-
-	if (filename != NULL)
-		(void)isc_stdio_close(output);
-
-	return (result);
-}

bin/check/check-tool.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.2.12.5 2004/03/08 04:04:13 marka Exp $ */
+/* $Id: check-tool.h,v 1.2.2.1 2004/03/09 06:09:09 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -23,24 +23,12 @@
 #include <isc/lang.h>
 
 #include <isc/types.h>
-#include <dns/types.h>
 
 ISC_LANG_BEGINDECLS
 
 isc_result_t
 setup_logging(isc_mem_t *mctx, isc_log_t **logp);
 
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  const char *classname, dns_zone_t **zonep);
-
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename);
-
-extern int debug;
-extern isc_boolean_t nomerge;
-extern unsigned int zone_options;
-
 ISC_LANG_ENDDECLS
 
 #endif

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,60 +13,66 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.11.12.6 2005/05/12 23:56:53 sra Exp $
+.\" $Id: named-checkconf.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "NAMED-CHECKCONF" 8 "June 14, 2000" "" ""
-.SH NAME
-named-checkconf \- named configuration file syntax checking tool
+.\"     Title: named\-checkconf
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 14, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fIdirectory\fR\fR] {filename} [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
 .SH "DESCRIPTION"
 .PP
- \fBnamed\-checkconf\fR checks the syntax, but not the semantics, of a named configuration file\&.
+\fBnamed\-checkconf\fR
+checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
-.TP
+.PP
 \-t \fIdirectory\fR
-chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
-.TP
+.RS 4
+Chroot to
+\fIdirectory\fR
+so that include directives in the configuration file are processed as if run by a similarly chrooted named.
+.RE
+.PP
 \-v
-Print the version of the \fBnamed\-checkconf\fR program and exit\&.
-.TP
-\-z
-Perform a check load the master zonefiles found in \fInamed\&.conf\fR\&.
-.TP
-\-j
-When loading a zonefile read the journal if it exists\&.
-.TP
+.RS 4
+Print the version of the
+\fBnamed\-checkconf\fR
+program and exit.
+.RE
+.PP
 filename
-The name of the configuration file to be checked\&. If not specified, it defaults to \fI/etc/named\&.conf\fR\&.
+.RS 4
+The name of the configuration file to be checked. If not specified, it defaults to
+\fI/etc/named.conf\fR.
+.RE
 .SH "RETURN VALUES"
 .PP
- \fBnamed\-checkconf\fR returns an exit status of 1 if errors were detected and 0 otherwise\&.
+\fBnamed\-checkconf\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
- \fBnamed\fR(8), BIND 9 Administrator Reference Manual\&.
+\fBnamed\fR(8),
+\fBnamed\-checkzone\fR(8),
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
- Internet Systems Consortium 
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br

bin/check/named-checkconf.c

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.12.12.9 2005/03/03 06:33:38 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.12.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -25,44 +25,29 @@
 
 #include <isc/commandline.h>
 #include <isc/dir.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
 #include <isc/log.h>
 #include <isc/mem.h>
 #include <isc/result.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/result.h>
+#include <isccfg/cfg.h>
+#include <isccfg/check.h>
 
 #include "check-tool.h"
 
 isc_log_t *logc = NULL;
 
-#define CHECK(r)\
-	do { \
-		result = (r); \
-		if (result != ISC_R_SUCCESS) \
-			goto cleanup; \
-	} while (0)
-
 static void
 usage(void) {
-        fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] "
-		"[named.conf]\n");
+        fprintf(stderr, "usage: named-checkconf [-v] [-t directory] [named.conf]\n");
         exit(1);
 }
 
 static isc_result_t
-directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
+directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
 	isc_result_t result;
-	char *directory;
+	const char *directory;
 
 	REQUIRE(strcasecmp("directory", clausename) == 0);
 
@@ -76,7 +61,7 @@ directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
 	result = isc_dir_chdir(directory);
 	if (result != ISC_R_SUCCESS) {
 		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n",
+			    "change directory to '%s' failed: %s",
 			    directory, isc_result_totext(result));
 		return (result);
 	}
@@ -84,119 +69,6 @@ directory_callback(const char *clausename, cfg_obj_t *obj, void *arg) {
 	return (ISC_R_SUCCESS);
 }
 
-static isc_result_t
-configure_zone(const char *vclass, const char *view, cfg_obj_t *zconfig,
-	       isc_mem_t *mctx)
-{
-	isc_result_t result;
-	const char *zclass;
-	const char *zname;
-	const char *zfile;
-	cfg_obj_t *zoptions = NULL;
-	cfg_obj_t *classobj = NULL;
-	cfg_obj_t *typeobj = NULL;
-	cfg_obj_t *fileobj = NULL;
-	cfg_obj_t *dbobj = NULL;
-
-	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
-	classobj = cfg_tuple_get(zconfig, "class");
-        if (!cfg_obj_isstring(classobj))
-                zclass = vclass;
-        else
-		zclass = cfg_obj_asstring(classobj);
-	zoptions = cfg_tuple_get(zconfig, "options");
-	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL)
-		return (ISC_R_FAILURE);
-	if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
-		return (ISC_R_SUCCESS);
-        cfg_map_get(zoptions, "database", &dbobj);
-        if (dbobj != NULL)
-                return (ISC_R_SUCCESS);
-	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj == NULL)
-		return (ISC_R_FAILURE);
-	zfile = cfg_obj_asstring(fileobj);
-	result = load_zone(mctx, zname, zfile, zclass, NULL);
-	if (result != ISC_R_SUCCESS)
-		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
-			dns_result_totext(result));
-	return(result);
-}
-
-static isc_result_t
-configure_view(const char *vclass, const char *view, cfg_obj_t *config,
-	       cfg_obj_t *vconfig, isc_mem_t *mctx)
-{
-	cfg_listelt_t *element;
-	cfg_obj_t *voptions;
-	cfg_obj_t *zonelist;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	voptions = NULL;
-	if (vconfig != NULL)
-		voptions = cfg_tuple_get(vconfig, "options");
-
-	zonelist = NULL;
-	if (voptions != NULL)
-		(void)cfg_map_get(voptions, "zone", &zonelist);
-	else
-		(void)cfg_map_get(config, "zone", &zonelist);
-
-	for (element = cfg_list_first(zonelist);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-	return (result);
-}
-
-
-static isc_result_t
-load_zones_fromconfig(cfg_obj_t *config, isc_mem_t *mctx) {
-	cfg_listelt_t *element;
-	cfg_obj_t *classobj;
-	cfg_obj_t *views;
-	cfg_obj_t *vconfig;
-	const char *vclass;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	views = NULL;
-
-	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		const char *vname;
-
-		vclass = "IN";
-		vconfig = cfg_listelt_value(element);
-		if (vconfig != NULL) {
-			classobj = cfg_tuple_get(vconfig, "class");
-			if (cfg_obj_isstring(classobj))
-				vclass = cfg_obj_asstring(classobj);
-		}
-		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
-		tresult = configure_view(vclass, vname, config, vconfig, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-
-	if (views == NULL) {
-		tresult = configure_view("IN", "_default", config, NULL, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-	return (result);
-}
-
 int
 main(int argc, char **argv) {
 	int c;
@@ -206,19 +78,9 @@ main(int argc, char **argv) {
 	isc_mem_t *mctx = NULL;
 	isc_result_t result;
 	int exit_status = 0;
-	isc_entropy_t *ectx = NULL;
-	isc_boolean_t load_zones = ISC_FALSE;
-	
-	while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) {
+
+	while ((c = isc_commandline_parse(argc, argv, "t:v")) != EOF) {
 		switch (c) {
-		case 'd':
-			debug++;
-			break;
-
-		case 'j':
-			nomerge = ISC_FALSE;
-			break;
-
 		case 't':
 			result = isc_dir_chroot(isc_commandline_argument);
 			if (result != ISC_R_SUCCESS) {
@@ -238,10 +100,6 @@ main(int argc, char **argv) {
 			printf(VERSION "\n");
 			exit(0);
 
-		case 'z':
-			load_zones = ISC_TRUE;
-			break;
-
 		default:
 			usage();
 		}
@@ -256,12 +114,6 @@ main(int argc, char **argv) {
 
 	RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
-
-	dns_result_register();
-
 	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
 
 	cfg_parser_setcallback(parser, directory_callback, NULL);
@@ -270,27 +122,16 @@ main(int argc, char **argv) {
 	    ISC_R_SUCCESS)
 		exit(1);
 
-	result = bind9_check_namedconf(config, logc, mctx);
+	result = cfg_check_namedconf(config, logc, mctx);
 	if (result != ISC_R_SUCCESS)
 		exit_status = 1;
 
-	if (result == ISC_R_SUCCESS && load_zones) {
-		dns_log_init(logc);
-                dns_log_setcontext(logc);
-		result = load_zones_fromconfig(config, mctx);
-		if (result != ISC_R_SUCCESS)
-			exit_status = 1;
-	}
-
 	cfg_obj_destroy(parser, &config);
 
 	cfg_parser_destroy(&parser);
 
 	isc_log_destroy(&logc);
 
-	isc_hash_destroy();
-	isc_entropy_detach(&ectx);
-
 	isc_mem_destroy(&mctx);
 
 	return (exit_status);

bin/check/named-checkconf.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.3.2.1.8.7 2005/05/12 21:35:56 sra Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.3.2.10 2007/08/28 07:18:12 tbox Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -35,6 +35,7 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -54,10 +55,8 @@
     <cmdsynopsis>
       <command>named-checkconf</command>
       <arg><option>-v</option></arg>
-      <arg><option>-j</option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg choice="req">filename</arg>
-      <arg><option>-z</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -77,7 +76,7 @@
         <term>-t <replaceable class="parameter">directory</replaceable></term>
 	<listitem>
 	  <para>
-	      chroot to <filename>directory</filename> so that include
+	      Chroot to <filename>directory</filename> so that include
 	      directives in the configuration file are processed as if
 	      run by a similarly chrooted named.
 	  </para>
@@ -94,25 +93,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-z</term>
-	<listitem>
-	  <para>
-	      Perform a check load the master zonefiles found in
-	      <filename>named.conf</filename>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j</term>
-	<listitem>
-	  <para>
-	      When loading a zonefile read the journal if it exists.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>filename</term>
 	<listitem>
@@ -142,6 +122,9 @@
         <refentrytitle>named</refentrytitle>
 	<manvolnum>8</manvolnum>
       </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>
   </refsect1>

bin/check/named-checkconf.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,36 +14,36 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkconf.html,v 1.5.2.1.4.10 2005/07/18 02:36:43 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.5.2.19 2007/06/20 02:25:45 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514548"></a><h2>DESCRIPTION</h2>
+<a name="id2543363"></a><h2>DESCRIPTION</h2>
 <p>
         <span><strong class="command">named-checkconf</strong></span> checks the syntax, but not
 	the semantics, of a named configuration file.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514561"></a><h2>OPTIONS</h2>
+<a name="id2543376"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-	      chroot to <code class="filename">directory</code> so that include
+	      Chroot to <code class="filename">directory</code> so that include
 	      directives in the configuration file are processed as if
 	      run by a similarly chrooted named.
 	  </p></dd>
@@ -52,15 +52,6 @@
 	      Print the version of the <span><strong class="command">named-checkconf</strong></span>
 	      program and exit.
 	  </p></dd>
-<dt><span class="term">-z</span></dt>
-<dd><p>
-	      Perform a check load the master zonefiles found in
-	      <code class="filename">named.conf</code>.
-	  </p></dd>
-<dt><span class="term">-j</span></dt>
-<dd><p>
-	      When loading a zonefile read the journal if it exists.
-	  </p></dd>
 <dt><span class="term">filename</span></dt>
 <dd><p>
 	       The name of the configuration file to be checked.  If not
@@ -69,21 +60,22 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514721"></a><h2>RETURN VALUES</h2>
+<a name="id2543438"></a><h2>RETURN VALUES</h2>
 <p>
         <span><strong class="command">named-checkconf</strong></span> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514733"></a><h2>SEE ALSO</h2>
+<a name="id2543451"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514825"></a><h2>AUTHOR</h2>
+<a name="id2543483"></a><h2>AUTHOR</h2>
 <p>
         <span class="corpauthor">Internet Systems Consortium</span>
     </p>

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,84 +13,88 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.11.2.1.8.7 2005/05/12 23:56:53 sra Exp $
+.\" $Id: named-checkzone.8,v 1.11.2.10 2007/06/20 02:25:45 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "NAMED-CHECKZONE" 8 "June 13, 2000" "" ""
-.SH NAME
-named-checkzone \- zone file validity checking tool
+.\"     Title: named\-checkzone
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 13, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+named\-checkzone \- zone file validity checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-k\ \fImode\fR\fR] [\fB\-n\ \fImode\fR\fR] [\fB\-o\ \fIfilename\fR\fR] [\fB\-t\ \fIdirectory\fR\fR] [\fB\-w\ \fIdirectory\fR\fR] [\fB\-D\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
- \fBnamed\-checkzone\fR checks the syntax and integrity of a zone file\&. It performs the same checks as \fBnamed\fR does when loading a zone\&. This makes\fBnamed\-checkzone\fR useful for checking zone files before configuring them into a name server\&.
+\fBnamed\-checkzone\fR
+checks the syntax and integrity of a zone file. It performs the same checks as
+\fBnamed\fR
+does when loading a zone. This makes
+\fBnamed\-checkzone\fR
+useful for checking zone files before configuring them into a name server.
 .SH "OPTIONS"
-.TP
+.PP
 \-d
-Enable debugging\&.
-.TP
+.RS 4
+Enable debugging.
+.RE
+.PP
 \-q
-Quiet mode \- exit code only\&.
-.TP
+.RS 4
+Quiet mode \- exit code only.
+.RE
+.PP
 \-v
-Print the version of the \fBnamed\-checkzone\fR program and exit\&.
-.TP
+.RS 4
+Print the version of the
+\fBnamed\-checkzone\fR
+program and exit.
+.RE
+.PP
 \-j
-When loading the zone file read the journal if it exists\&.
-.TP
+.RS 4
+When loading the zone file read the journal if it exists.
+.RE
+.PP
 \-c \fIclass\fR
-Specify the class of the zone\&. If not specified "IN" is assumed\&.
-.TP
-\-k \fImode\fR
-Perform \fB"check\-name"\fR checks with the specified failure mode\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
-.TP
-\-n \fImode\fR
-Specify whether NS records should be checked to see if they are addresses\&. Possible modes are \fB"fail"\fR, \fB"warn"\fR (default) and \fB"ignore"\fR\&.
-.TP
-\-o \fIfilename\fR
-Write zone output to \fIfilename\fR\&.
-.TP
-\-t \fIdirectory\fR
-chroot to \fIdirectory\fR so that include directives in the configuration file are processed as if run by a similarly chrooted named\&.
-.TP
-\-w \fIdirectory\fR
-chdir to \fIdirectory\fR so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in \fInamed\&.conf\fR\&.
-.TP
-\-D
-Dump zone file in canonical format\&.
-.TP
+.RS 4
+Specify the class of the zone. If not specified "IN" is assumed.
+.RE
+.PP
 zonename
-The domain name of the zone being checked\&.
-.TP
+.RS 4
+The domain name of the zone being checked.
+.RE
+.PP
 filename
-The name of the zone file\&.
+.RS 4
+The name of the zone file.
+.RE
 .SH "RETURN VALUES"
 .PP
- \fBnamed\-checkzone\fR returns an exit status of 1 if errors were detected and 0 otherwise\&.
+\fBnamed\-checkzone\fR
+returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
- \fBnamed\fR(8), RFC 1035, BIND 9 Administrator Reference Manual\&.
+\fBnamed\fR(8),
+\fBnamed\-checkconf\fR(8),
+RFC 1035,
+BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
- Internet Systems Consortium 
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2002 Internet Software Consortium.
+.br

bin/check/named-checkzone.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
+ * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.13.2.3.8.11 2004/10/25 01:36:06 marka Exp $ */
+/* $Id: named-checkzone.c,v 1.13.2.5 2004/10/25 01:45:25 marka Exp $ */
 
 #include <config.h>
 
@@ -23,7 +23,6 @@
 
 #include <isc/app.h>
 #include <isc/commandline.h>
-#include <isc/dir.h>
 #include <isc/entropy.h>
 #include <isc/hash.h>
 #include <isc/log.h>
@@ -44,13 +43,14 @@
 
 #include "check-tool.h"
 
+static int debug = 0;
+isc_boolean_t nomerge = ISC_TRUE;
 static int quiet = 0;
 static isc_mem_t *mctx = NULL;
 static isc_entropy_t *ectx = NULL;
 dns_zone_t *zone = NULL;
 dns_zonetype_t zonetype = dns_zone_master;
-static int dumpzone = 0;
-static const char *output_filename;
+static const char *dbtype[] = { "rbt" };
 
 #define ERRRET(result, function) \
 	do { \
@@ -65,12 +65,58 @@ static const char *output_filename;
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: named-checkzone [-djqvD] [-c class] [-o output] "
-		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
-		"[-n (ignore|warn|fail)] zonename filename\n");
+		"usage: named-checkzone [-djqv] [-c class] zonename filename \n");
 	exit(1);
 }
 
+static isc_result_t
+setup(char *zonename, char *filename, char *classname) {
+	isc_result_t result;
+	dns_rdataclass_t rdclass;
+	isc_textregion_t region;
+	isc_buffer_t buffer;
+	dns_fixedname_t fixorigin;
+	dns_name_t *origin;
+
+	if (debug)
+		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
+			zonename, filename, classname);
+	result = dns_zone_create(&zone, mctx);
+	ERRRET(result, "dns_zone_new");
+
+	dns_zone_settype(zone, zonetype);
+
+	isc_buffer_init(&buffer, zonename, strlen(zonename));
+	isc_buffer_add(&buffer, strlen(zonename));
+	dns_fixedname_init(&fixorigin);
+	result = dns_name_fromtext(dns_fixedname_name(&fixorigin),
+			  	   &buffer, dns_rootname, ISC_FALSE, NULL);
+	ERRRET(result, "dns_name_fromtext");
+	origin = dns_fixedname_name(&fixorigin);
+
+	result = dns_zone_setorigin(zone, origin);
+	ERRRET(result, "dns_zone_setorigin");
+
+	result = dns_zone_setdbtype(zone, 1, (const char * const *) dbtype);
+	ERRRET(result, "dns_zone_setdatabase");
+
+	result = dns_zone_setfile(zone, filename);
+	ERRRET(result, "dns_zone_setdatabase");
+
+	region.base = classname;
+	region.length = strlen(classname);
+	result = dns_rdataclass_fromtext(&rdclass, &region);
+	ERRRET(result, "dns_rdataclass_fromtext");
+
+	dns_zone_setclass(zone, rdclass);
+	dns_zone_setoption(zone, DNS_ZONEOPT_MANYERRORS, ISC_TRUE);
+	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
+
+	result = dns_zone_load(zone);
+
+	return (result);
+}
+
 static void
 destroy(void) {
 	if (zone != NULL)
@@ -86,14 +132,12 @@ main(int argc, char **argv) {
 	isc_result_t result;
 	char classname_in[] = "IN";
 	char *classname = classname_in;
-	const char *workdir = NULL;
 
-	while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:D")) != EOF) {
+	while ((c = isc_commandline_parse(argc, argv, "c:djqsv")) != EOF) {
 		switch (c) {
 		case 'c':
 			classname = isc_commandline_argument;
 			break;
-
 		case 'd':
 			debug++;
 			break;
@@ -101,84 +145,17 @@ main(int argc, char **argv) {
 		case 'j':
 			nomerge = ISC_FALSE;
 			break;
-
-		case 'n':
-			if (!strcmp(isc_commandline_argument, "ignore"))
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
-						  DNS_ZONEOPT_FATALNS);
-			else if (!strcmp(isc_commandline_argument, "warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS;
-				zone_options &= ~DNS_ZONEOPT_FATALNS;
-			} else if (!strcmp(isc_commandline_argument, "fail"))
-				zone_options |= DNS_ZONEOPT_CHECKNS|
-					        DNS_ZONEOPT_FATALNS;
-			break;
-
-		case 'k':
-			if (!strcmp(isc_commandline_argument, "warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES;
-				zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES |
-						DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (!strcmp(isc_commandline_argument,
-					   "ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
-						  DNS_ZONEOPT_CHECKNAMESFAIL);
-			}
-			break;
-
 		case 'q':
 			quiet++;
 			break;
-
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s: %s\n",
-					isc_commandline_argument,
-					isc_result_totext(result));
-				exit(1);
-			}
-			result = isc_dir_chdir("/");
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chdir: %s\n",
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
-
-		case 'o':
-			output_filename = isc_commandline_argument;
-			break;
-
 		case 'v':
 			printf(VERSION "\n");
 			exit(0);
-
-		case 'w':
-			workdir = isc_commandline_argument;
-			break;
-
-		case 'D':
-			dumpzone++;
-			break;
-
 		default:
 			usage();
 		}
 	}
 
-	if (workdir != NULL) {
-		result = isc_dir_chdir(workdir);
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
-				workdir, isc_result_totext(result));
-			exit(1);
-		}
-	}
-
 	if (isc_commandline_index + 2 > argc)
 		usage();
 
@@ -196,12 +173,7 @@ main(int argc, char **argv) {
 
 	origin = argv[isc_commandline_index++];
 	filename = argv[isc_commandline_index++];
-	result = load_zone(mctx, origin, filename, classname, &zone);
-
-	if (result == ISC_R_SUCCESS && dumpzone) {
-		result = dump_zone(origin, zone, output_filename);
-	}
-
+	result = setup(origin, filename, classname);
 	if (!quiet && result == ISC_R_SUCCESS)
 		fprintf(stdout, "OK\n");
 	destroy();

bin/check/named-checkzone.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.3.2.2.8.11 2005/05/12 21:35:57 sra Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.3.2.10 2007/08/28 07:18:12 tbox Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -35,6 +35,7 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -58,12 +59,6 @@
       <arg><option>-q</option></arg>
       <arg><option>-v</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-D</option></arg>
       <arg choice="req">zonename</arg>
       <arg choice="req">filename</arg>
     </cmdsynopsis>
@@ -130,71 +125,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-k <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	      Perform <command>"check-name"</command> checks with the specified failure mode.
-	      Possible modes are <command>"fail"</command>,
-	      <command>"warn"</command> (default) and
-	      <command>"ignore"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	      Specify whether NS records should be checked to see if they
-	      are addresses.  Possible modes are <command>"fail"</command>,
-	      <command>"warn"</command> (default) and
-	      <command>"ignore"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-o <replaceable class="parameter">filename</replaceable></term>
-        <listitem>
-          <para>
-	      Write zone output to <filename>filename</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-              chroot to <filename>directory</filename> so that include
-              directives in the configuration file are processed as if
-              run by a similarly chrooted named.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-w <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-              chdir to <filename>directory</filename> so that relative
-	      filenames in master file $INCLUDE directives work.  This
-	      is similar to the directory clause in
-	      <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D</term>
-	<listitem>
-	  <para>
-	      Dump zone file in canonical format.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>zonename</term>
 	<listitem>
@@ -232,6 +162,9 @@
         <refentrytitle>named</refentrytitle>
 	<manvolnum>8</manvolnum>
       </citerefentry>,
+      <citerefentry>
+        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
+      </citerefentry>,
       <citetitle>RFC 1035</citetitle>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>

bin/check/named-checkzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,25 +14,25 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.5.2.2.4.12 2005/07/18 02:36:43 marka Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.5.2.18 2007/06/20 02:25:45 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><span class="application">named-checkzone</span> &#8212; zone file validity checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514673"></a><h2>DESCRIPTION</h2>
+<a name="id2543381"></a><h2>DESCRIPTION</h2>
 <p>
         <span><strong class="command">named-checkzone</strong></span> checks the syntax and integrity of
 	a zone file.  It performs the same checks as <span><strong class="command">named</strong></span>
@@ -42,7 +42,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514693"></a><h2>OPTIONS</h2>
+<a name="id2543401"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -65,41 +65,6 @@
 <dd><p>
 	      Specify the class of the zone.  If not specified "IN" is assumed.
 	  </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-	      Perform <span><strong class="command">"check-name"</strong></span> checks with the specified failure mode.
-	      Possible modes are <span><strong class="command">"fail"</strong></span>,
-	      <span><strong class="command">"warn"</strong></span> (default) and
-	      <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-	      Specify whether NS records should be checked to see if they
-	      are addresses.  Possible modes are <span><strong class="command">"fail"</strong></span>,
-	      <span><strong class="command">"warn"</strong></span> (default) and
-	      <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
-	      Write zone output to <code class="filename">filename</code>.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-              chroot to <code class="filename">directory</code> so that include
-              directives in the configuration file are processed as if
-              run by a similarly chrooted named.
-          </p></dd>
-<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-              chdir to <code class="filename">directory</code> so that relative
-	      filenames in master file $INCLUDE directives work.  This
-	      is similar to the directory clause in
-	      <code class="filename">named.conf</code>.
-          </p></dd>
-<dt><span class="term">-D</span></dt>
-<dd><p>
-	      Dump zone file in canonical format.
-	  </p></dd>
 <dt><span class="term">zonename</span></dt>
 <dd><p>
 	       The domain name of the zone being checked.
@@ -111,22 +76,23 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515006"></a><h2>RETURN VALUES</h2>
+<a name="id2543512"></a><h2>RETURN VALUES</h2>
 <p>
         <span><strong class="command">named-checkzone</strong></span> returns an exit status of 1 if
 	errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515019"></a><h2>SEE ALSO</h2>
+<a name="id2543525"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515046"></a><h2>AUTHOR</h2>
+<a name="id2543560"></a><h2>AUTHOR</h2>
 <p>
         <span class="corpauthor">Internet Systems Consortium</span>
     </p>

bin/check/win32/checktool.dsp

@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=checktool - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "checktool.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "checktool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "checktool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "checktool - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /out:"Release/checktool.lib"
+
+!ELSEIF  "$(CFG)" == "checktool - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /debug out:"Debug/checktool.lib"
+
+!ENDIF 
+
+# Begin Target
+
+# Name "checktool - Win32 Release"
+# Name "checktool - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\check-tool.c
+# End Source File
+# End Group
+# End Target
+# End Project

bin/check/win32/checktool.dsw

@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/check/win32/namedcheckconf.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,10 +88,6 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
-SOURCE="..\check-tool.c"
-# End Source File
-# Begin Source File
-
 SOURCE="..\named-checkconf.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckconf.mak

@@ -25,8 +25,80 @@ NULL=
 NULL=nul
 !ENDIF 
 
-CPP=cl.exe
-RSC=rc.exe
+!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
 
 !IF  "$(CFG)" == "namedcheckconf - Win32 Release"
 
@@ -36,21 +108,10 @@ INTDIR=.\Release
 OutDir=.\Release
 # End Custom Macros
 
-!IF "$(RECURSE)" == "0" 
-
 ALL : "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
 
-!ELSE 
 
-ALL : "libdns - Win32 Release" "libisccfg - Win32 Release" "libisc - Win32 Release" "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN" "libdns - Win32 ReleaseCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\check-tool.obj"
 	-@erase "$(INTDIR)\check-tool.sbr"
 	-@erase "$(INTDIR)\named-checkconf.obj"
@@ -58,100 +119,13 @@ CLEAN :
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "$(OUTDIR)\namedcheckconf.bsc"
 	-@erase "..\..\..\Build\Release\named-checkconf.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib  ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkconf.pdb" /machine:I386 /out:"../../../Build/Release/named-checkconf.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib"
-
-"..\..\..\Build\Release\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ELSE 
-
-ALL : "libdns - Win32 Debug" "libisccfg - Win32 Debug" "libisc - Win32 Debug" "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN" "libdns - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkconf.obj"
-	-@erase "$(INTDIR)\named-checkconf.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\named-checkconf.pdb"
-	-@erase "$(OUTDIR)\namedcheckconf.bsc"
-	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
-	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib  ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkconf.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib"
-
-"..\..\..\Build\Debug\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF 
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -183,6 +157,116 @@ LINK32_OBJS= \
    $(CPP_PROJ) $< 
 <<
 
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\check-tool.sbr" \
+	"$(INTDIR)\named-checkconf.sbr"
+
+"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkconf.pdb" /machine:I386 /out:"../../../Build/Release/named-checkconf.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\check-tool.obj" \
+	"$(INTDIR)\named-checkconf.obj"
+
+"..\..\..\Build\Release\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\check-tool.obj"
+	-@erase "$(INTDIR)\check-tool.sbr"
+	-@erase "$(INTDIR)\named-checkconf.obj"
+	-@erase "$(INTDIR)\named-checkconf.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\named-checkconf.pdb"
+	-@erase "$(OUTDIR)\namedcheckconf.bsc"
+	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
+	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\check-tool.sbr" \
+	"$(INTDIR)\named-checkconf.sbr"
+
+"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkconf.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\check-tool.obj" \
+	"$(INTDIR)\named-checkconf.obj"
+
+"..\..\..\Build\Debug\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
 
 !IF "$(NO_EXTERNAL_DEPS)" != "1"
 !IF EXISTS("namedcheckconf.dep")
@@ -206,84 +290,42 @@ SOURCE="..\named-checkconf.c"
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
 
 !ENDIF 
 
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisccfg - Win32 Release" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisccfg - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisccfg - Win32 Debug" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisccfg - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/check/win32/namedcheckzone.dsp

@@ -42,8 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
-# SUBTRACT CPP /Fr
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -51,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -76,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -89,10 +88,6 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
-SOURCE="..\check-tool.c"
-# End Source File
-# Begin Source File
-
 SOURCE="..\named-checkzone.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckzone.mak

@@ -25,36 +25,107 @@ NULL=
 NULL=nul
 !ENDIF 
 
+!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
 !IF  "$(CFG)" == "namedcheckzone - Win32 Release"
 
 OUTDIR=.\Release
 INTDIR=.\Release
+# Begin Custom Macros
+OutDir=.\Release
+# End Custom Macros
 
-!IF "$(RECURSE)" == "0" 
+ALL : "..\..\..\Build\Release\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
 
-ALL : "..\..\..\Build\Release\named-checkzone.exe"
 
-!ELSE 
-
-ALL : "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\named-checkzone.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\check-tool.obj"
+	-@erase "$(INTDIR)\check-tool.sbr"
 	-@erase "$(INTDIR)\named-checkzone.obj"
+	-@erase "$(INTDIR)\named-checkzone.sbr"
 	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(OUTDIR)\namedcheckzone.bsc"
 	-@erase "..\..\..\Build\Release\named-checkzone.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
 CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -90,19 +161,25 @@ RSC=rc.exe
 BSC32=bscmake.exe
 BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc" 
 BSC32_SBRS= \
-	
+	"$(INTDIR)\check-tool.sbr" \
+	"$(INTDIR)\named-checkzone.sbr"
+
+"$(OUTDIR)\namedcheckzone.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
 LINK32=link.exe
 LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" /machine:I386 /out:"../../../Build/Release/named-checkzone.exe" 
 LINK32_OBJS= \
 	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib"
+	"$(INTDIR)\named-checkzone.obj"
 
 "..\..\..\Build\Release\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -112,21 +189,10 @@ INTDIR=.\Debug
 OutDir=.\Debug
 # End Custom Macros
 
-!IF "$(RECURSE)" == "0" 
-
 ALL : "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
 
-!ELSE 
 
-ALL : "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\check-tool.obj"
 	-@erase "$(INTDIR)\check-tool.sbr"
 	-@erase "$(INTDIR)\named-checkzone.obj"
@@ -137,6 +203,7 @@ CLEAN :
 	-@erase "$(OUTDIR)\namedcheckzone.bsc"
 	-@erase "..\..\..\Build\Debug\named-checkzone.exe"
 	-@erase "..\..\..\Build\Debug\named-checkzone.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -190,14 +257,13 @@ LINK32=link.exe
 LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept 
 LINK32_OBJS= \
 	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib"
+	"$(INTDIR)\named-checkzone.obj"
 
 "..\..\..\Build\Debug\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -214,92 +280,34 @@ LINK32_OBJS= \
 !IF "$(CFG)" == "namedcheckzone - Win32 Release" || "$(CFG)" == "namedcheckzone - Win32 Debug"
 SOURCE="..\check-tool.c"
 
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-
-"$(INTDIR)\check-tool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-
 "$(INTDIR)\check-tool.obj"	"$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
-!ENDIF 
-
 SOURCE="..\named-checkzone.c"
 
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-
-"$(INTDIR)\named-checkzone.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-
 "$(INTDIR)\named-checkzone.obj"	"$(INTDIR)\named-checkzone.sbr" : $(SOURCE) "$(INTDIR)"
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
 
 !ENDIF 
 
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dig/Makefile.in

@@ -1,5 +1,5 @@
 # Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.25.12.12 2004/08/18 23:25:57 marka Exp $
+# $Id: Makefile.in,v 1.25.2.4 2004/08/18 23:22:52 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,35 +21,26 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISC_INCLUDES} ${LWRES_INCLUDES}
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES}
 
 CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
-		${LWRESDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
-		${ISCCFGLIBS} @LIBS@
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 SUBDIRS =
 
-TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+TARGETS =	dig host nslookup
 
 OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
 
@@ -65,17 +56,14 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 
@@ -89,13 +77,8 @@ installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
-install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		dig@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		host@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		nslookup@EXEEXT@ ${DESTDIR}${bindir}
-	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
-		done
+install:: dig host nslookup installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} dig ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} host ${DESTDIR}${bindir}
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} nslookup ${DESTDIR}${bindir}
+	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; done

bin/dig/dig.1

@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,223 +13,453 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.14.2.4.2.9 2005/08/30 02:34:59 marka Exp $
+.\" $Id: dig.1,v 1.14.2.17 2007/05/16 06:57:45 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "DIG" 1 "Jun 30, 2000" "" ""
-.SH NAME
+.\"     Title: dig
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: Jun 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "DIG" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 dig \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP 4
-\fBdig\fR [@server] [\fB\-b\ \fIaddress\fR\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-f\ \fIfilename\fR\fR] [\fB\-k\ \fIfilename\fR\fR] [\fB\-p\ \fIport#\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-x\ \fIaddr\fR\fR] [\fB\-y\ \fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fIname:key\fR\fR] [name] [type] [class] [queryopt...]
 .HP 4
 \fBdig\fR [\fB\-h\fR]
 .HP 4
 \fBdig\fR [global\-queryopt...] [query...]
 .SH "DESCRIPTION"
 .PP
- \fBdig\fR (domain information groper) is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use \fBdig\fR to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than \fBdig\fR\&.
+\fBdig\fR
+(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
+\fBdig\fR
+to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
+\fBdig\fR.
 .PP
-Although \fBdig\fR is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file\&. A brief summary of its command\-line arguments and options is printed when the \fB\-h\fR option is given\&. Unlike earlier versions, the BIND9 implementation of \fBdig\fR allows multiple lookups to be issued from the command line\&.
+Although
+\fBdig\fR
+is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
+\fB\-h\fR
+option is given. Unlike earlier versions, the BIND 9 implementation of
+\fBdig\fR
+allows multiple lookups to be issued from the command line.
 .PP
-Unless it is told to query a specific name server, \fBdig\fR will try each of the servers listed in \fI/etc/resolv\&.conf\fR\&.
+Unless it is told to query a specific name server,
+\fBdig\fR
+will try each of the servers listed in
+\fI/etc/resolv.conf\fR.
 .PP
-When no command line arguments or options are given, will perform an NS query for "\&." (the root)\&.
+When no command line arguments or options are given, will perform an NS query for "." (the root).
 .PP
-It is possible to set per\-user defaults for \fBdig\fR via \fI${HOME}/\&.digrc\fR\&. This file is read and any options in it are applied before the command line arguments\&.
+It is possible to set per user defaults for
+\fBdig\fR
+via
+\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
+.PP
+The IN and CH class names overlap with the IN and CH top level domains names. Either use the
+\fB\-t\fR
+and
+\fB\-c\fR
+options to specify the type and class or use "IN." and "CH." when looking up these top level domains.
 .SH "SIMPLE USAGE"
 .PP
-A typical invocation of \fBdig\fR looks like: 
+A typical invocation of
+\fBdig\fR
+looks like:
+.sp
+.RS 4
 .nf
  dig @server name type 
 .fi
- where: 
-.TP
+.RE
+.sp
+where:
+.PP
 \fBserver\fR
-is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied \fIserver\fR argument is a hostname, \fBdig\fR resolves that name before querying that name server\&. If no \fIserver\fR argument is provided, \fBdig\fR consults \fI/etc/resolv\&.conf\fR and queries the name servers listed there\&. The reply from the name server that responds is displayed\&.
-.TP
+.RS 4
+is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
+\fIserver\fR
+argument is a hostname,
+\fBdig\fR
+resolves that name before querying that name server. If no
+\fIserver\fR
+argument is provided,
+\fBdig\fR
+consults
+\fI/etc/resolv.conf\fR
+and queries the name servers listed there. The reply from the name server that responds is displayed.
+.RE
+.PP
 \fBname\fR
-is the name of the resource record that is to be looked up\&.
-.TP
+.RS 4
+is the name of the resource record that is to be looked up.
+.RE
+.PP
 \fBtype\fR
-indicates what type of query is required -- ANY, A, MX, SIG, etc\&. \fItype\fR can be any valid query type\&. If no \fItype\fR argument is supplied, \fBdig\fR will perform a lookup for an A record\&.
+.RS 4
+indicates what type of query is required \(em ANY, A, MX, SIG, etc.
+\fItype\fR
+can be any valid query type. If no
+\fItype\fR
+argument is supplied,
+\fBdig\fR
+will perform a lookup for an A record.
+.RE
 .SH "OPTIONS"
 .PP
-The \fB\-b\fR option sets the source IP address of the query to \fIaddress\fR\&. This must be a valid address on one of the host's network interfaces or "0\&.0\&.0\&.0" or "::"\&. An optional port may be specified by appending "#<port>"
+The
+\fB\-b\fR
+option sets the source IP address of the query to
+\fIaddress\fR. This must be a valid address on one of the host's network interfaces.
 .PP
-The default query class (IN for internet) is overridden by the \fB\-c\fR option\&. \fIclass\fR is any valid class, such as HS for Hesiod records or CH for CHAOSNET records\&.
+The default query class (IN for internet) is overridden by the
+\fB\-c\fR
+option.
+\fIclass\fR
+is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
 .PP
-The \fB\-f\fR option makes \fBdig \fR operate in batch mode by reading a list of lookup requests to process from the file \fIfilename\fR\&. The file contains a number of queries, one per line\&. Each entry in the file should be organised in the same way they would be presented as queries to \fBdig\fR using the command\-line interface\&.
+The
+\fB\-f\fR
+option makes
+\fBdig \fR
+operate in batch mode by reading a list of lookup requests to process from the file
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
+\fBdig\fR
+using the command\-line interface.
 .PP
-If a non\-standard port number is to be queried, the \fB\-p\fR option is used\&. \fIport#\fR is the port number that \fBdig\fR will send its queries instead of the standard DNS port number 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
+If a non\-standard port number is to be queried, the
+\fB\-p\fR
+option is used.
+\fIport#\fR
+is the port number that
+\fBdig\fR
+will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
 .PP
-The \fB\-4\fR option forces \fBdig\fR to only use IPv4 query transport\&. The \fB\-6\fR option forces \fBdig\fR to only use IPv6 query transport\&.
+The
+\fB\-t\fR
+option sets the query type to
+\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+\fB\-x\fR
+option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
+\fItype\fR
+is set to
+ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
+\fIN\fR.
 .PP
-The \fB\-t\fR option sets the query type to \fItype\fR\&. It can be any valid query type which is supported in BIND9\&. The default query type "A", unless the \fB\-x\fR option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, \fItype\fR is set to ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was \fIN\fR\&.
+Reverse lookups \(em mapping addresses to names \(em are simplified by the
+\fB\-x\fR
+option.
+\fIaddr\fR
+is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
+\fIname\fR,
+\fIclass\fR
+and
+\fItype\fR
+arguments.
+\fBdig\fR
+automatically performs a lookup for a name like
+11.12.13.10.in\-addr.arpa
+and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using the IP6.ARPA domain and binary labels as defined in RFC2874. To use the older RFC1886 method using the IP6.INT domain and "nibble" labels, specify the
+\fB\-n\fR
+(nibble) option.
 .PP
-Reverse lookups \- mapping addresses to names \- are simplified by the \fB\-x\fR option\&. \fIaddr\fR is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When this option is used, there is no need to provide the \fIname\fR, \fIclass\fR and \fItype\fR arguments\&. \fBdig\fR automatically performs a lookup for a name like 11\&.12\&.13\&.10\&.in\-addr\&.arpa and sets the query type and class to PTR and IN respectively\&. By default, IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&. To use the older RFC1886 method using the IP6\&.INT domain specify the \fB\-i\fR option\&. Bit string labels (RFC2874) are now experimental and are not attempted\&.
-.PP
-To sign the DNS queries sent by \fBdig\fR and their responses using transaction signatures (TSIG), specify a TSIG key file using the \fB\-k\fR option\&. You can also specify the TSIG key itself on the command line using the \fB\-y\fR option; \fIname\fR is the name of the TSIG key and \fIkey\fR is the actual key\&. The key is a base\-64 encoded string, typically generated by \fBdnssec\-keygen\fR(8)\&. Caution should be taken when using the \fB\-y\fR option on multi\-user systems as the key can be visible in the output from \fBps\fR(1 ) or in the shell's history file\&. When using TSIG authentication with \fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate \fBkey\fR and \fBserver\fR statements in \fInamed\&.conf\fR\&.
+To sign the DNS queries sent by
+\fBdig\fR
+and their responses using transaction signatures (TSIG), specify a TSIG key file using the
+\fB\-k\fR
+option. You can also specify the TSIG key itself on the command line using the
+\fB\-y\fR
+option;
+\fIname\fR
+is the name of the TSIG key and
+\fIkey\fR
+is the actual key. The key is a base\-64 encoded string, typically generated by
+\fBdnssec\-keygen\fR(8). Caution should be taken when using the
+\fB\-y\fR
+option on multi\-user systems as the key can be visible in the output from
+\fBps\fR(1 )
+or in the shell's history file. When using TSIG authentication with
+\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
+\fBkey\fR
+and
+\fBserver\fR
+statements in
+\fInamed.conf\fR.
 .SH "QUERY OPTIONS"
 .PP
- \fBdig\fR provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&.
+\fBdig\fR
+provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
+.PP
+Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
+no
+to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
+\fB+keyword=value\fR. The query options are:
 .PP
-Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string no to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form \fB+keyword=value\fR\&. The query options are: 
-.TP
 \fB+[no]tcp\fR
-Use [do not use] TCP when querying name servers\&. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used\&.
-.TP
+.RS 4
+Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.RE
+.PP
 \fB+[no]vc\fR
-Use [do not use] TCP when querying name servers\&. This alternate syntax to \fI+[no]tcp\fR is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
-.TP
+.RS 4
+Use [do not use] TCP when querying name servers. This alternate syntax to
+\fI+[no]tcp\fR
+is provided for backwards compatibility. The "vc" stands for "virtual circuit".
+.RE
+.PP
 \fB+[no]ignore\fR
-Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
-.TP
+.RS 4
+Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
+.RE
+.PP
 \fB+domain=somename\fR
-Set the search list to contain the single domain \fIsomename\fR, as if specified in a \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR, and enable search list processing as if the \fI+search\fR option were given\&.
-.TP
+.RS 4
+Set the search list to contain the single domain
+\fIsomename\fR, as if specified in a
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR, and enable search list processing as if the
+\fI+search\fR
+option were given.
+.RE
+.PP
 \fB+[no]search\fR
-Use [do not use] the search list defined by the searchlist or domain directive in \fIresolv\&.conf\fR (if any)\&. The search list is not used by default\&.
-.TP
+.RS 4
+Use [do not use] the search list defined by the searchlist or domain directive in
+\fIresolv.conf\fR
+(if any). The search list is not used by default.
+.RE
+.PP
 \fB+[no]defname\fR
-Deprecated, treated as a synonym for \fI+[no]search\fR 
-.TP
+.RS 4
+Deprecated, treated as a synonym for
+\fI+[no]search\fR
+.RE
+.PP
 \fB+[no]aaonly\fR
-Sets the "aa" flag in the query\&.
-.TP
-\fB+[no]aaflag\fR
-A synonym for \fI+[no]aaonly\fR\&.
-.TP
+.RS 4
+This option does nothing. It is provided for compatibility with old versions of
+\fBdig\fR
+where it set an unimplemented resolver flag.
+.RE
+.PP
 \fB+[no]adflag\fR
-Set [do not set] the AD (authentic data) bit in the query\&. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness\&.
-.TP
+.RS 4
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
+.RE
+.PP
 \fB+[no]cdflag\fR
-Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&.
-.TP
-\fB+[no]cl\fR
-Display [do not display] the CLASS when printing the record\&.
-.TP
-\fB+[no]ttlid\fR
-Display [do not display] the TTL when printing the record\&.
-.TP
+.RS 4
+Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
+.RE
+.PP
 \fB+[no]recurse\fR
-Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means \fBdig\fR normally sends recursive queries\&. Recursion is automatically disabled when the \fI+nssearch\fR or \fI+trace\fR query options are used\&.
-.TP
+.RS 4
+Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
+\fBdig\fR
+normally sends recursive queries. Recursion is automatically disabled when the
+\fI+nssearch\fR
+or
+\fI+trace\fR
+query options are used.
+.RE
+.PP
 \fB+[no]nssearch\fR
-When this option is set, \fBdig\fR attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
-.TP
+.RS 4
+When this option is set,
+\fBdig\fR
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
+.RE
+.PP
 \fB+[no]trace\fR
-Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled, \fBdig\fR makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&.
-.TP
+.RS 4
+Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
+\fBdig\fR
+makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
+.RE
+.PP
 \fB+[no]cmd\fR
-toggles the printing of the initial comment in the output identifying the version of \fBdig\fR and the query options that have been applied\&. This comment is printed by default\&.
-.TP
+.RS 4
+Toggles the printing of the initial comment in the output identifying the version of
+\fBdig\fR
+and the query options that have been applied. This comment is printed by default.
+.RE
+.PP
 \fB+[no]short\fR
-Provide a terse answer\&. The default is to print the answer in a verbose form\&.
-.TP
+.RS 4
+Provide a terse answer. The default is to print the answer in a verbose form.
+.RE
+.PP
 \fB+[no]identify\fR
-Show [or do not show] the IP address and port number that supplied the answer when the \fI+short\fR option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
-.TP
+.RS 4
+Show [or do not show] the IP address and port number that supplied the answer when the
+\fI+short\fR
+option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
+.RE
+.PP
 \fB+[no]comments\fR
-Toggle the display of comment lines in the output\&. The default is to print comments\&.
-.TP
+.RS 4
+Toggle the display of comment lines in the output. The default is to print comments.
+.RE
+.PP
 \fB+[no]stats\fR
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behaviour is to print the query statistics\&.
-.TP
+.RS 4
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
+.RE
+.PP
 \fB+[no]qr\fR
-Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
-.TP
+.RS 4
+Print [do not print] the query as it is sent. By default, the query is not printed.
+.RE
+.PP
 \fB+[no]question\fR
-Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
-.TP
+.RS 4
+Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
+.RE
+.PP
 \fB+[no]answer\fR
-Display [do not display] the answer section of a reply\&. The default is to display it\&.
-.TP
+.RS 4
+Display [do not display] the answer section of a reply. The default is to display it.
+.RE
+.PP
 \fB+[no]authority\fR
-Display [do not display] the authority section of a reply\&. The default is to display it\&.
-.TP
+.RS 4
+Display [do not display] the authority section of a reply. The default is to display it.
+.RE
+.PP
 \fB+[no]additional\fR
-Display [do not display] the additional section of a reply\&. The default is to display it\&.
-.TP
+.RS 4
+Display [do not display] the additional section of a reply. The default is to display it.
+.RE
+.PP
 \fB+[no]all\fR
-Set or clear all display flags\&.
-.TP
+.RS 4
+Set or clear all display flags.
+.RE
+.PP
 \fB+time=T\fR
-Sets the timeout for a query to \fIT\fR seconds\&. The default time out is 5 seconds\&. An attempt to set \fIT\fR to less than 1 will result in a query timeout of 1 second being applied\&.
-.TP
+.RS 4
+Sets the timeout for a query to
+\fIT\fR
+seconds. The default timeout is 5 seconds. An attempt to set
+\fIT\fR
+to less than 1 will result in a query timeout of 1 second being applied.
+.RE
+.PP
 \fB+tries=T\fR
-Sets the number of times to try UDP queries to server to \fIT\fR instead of the default, 3\&. If \fIT\fR is less than or equal to zero, the number of tries is silently rounded up to 1\&.
-.TP
-\fB+retry=T\fR
-Sets the number of times to retry UDP queries to server to \fIT\fR instead of the default, 2\&. Unlike \fI+tries\fR, this does not include the initial query\&.
-.TP
+.RS 4
+Sets the number of times to retry UDP queries to server to
+\fIT\fR
+instead of the default, 3. If
+\fIT\fR
+is less than or equal to zero, the number of retries is silently rounded up to 1.
+.RE
+.PP
 \fB+ndots=D\fR
-Set the number of dots that have to appear in \fIname\fR to \fID\fR for it to be considered absolute\&. The default value is that defined using the ndots statement in \fI/etc/resolv\&.conf\fR, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the \fBsearch\fR or \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR\&.
-.TP
+.RS 4
+Set the number of dots that have to appear in
+\fIname\fR
+to
+\fID\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR.
+.RE
+.PP
 \fB+bufsize=B\fR
-Set the UDP message buffer size advertised using EDNS0 to \fIB\fR bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&.
-.TP
+.RS 4
+Set the UDP message buffer size advertised using EDNS0 to
+\fIB\fR
+bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately.
+.RE
+.PP
 \fB+[no]multiline\fR
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the \fBdig\fR output\&.
-.TP
+.RS 4
+Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
+\fBdig\fR
+output.
+.RE
+.PP
 \fB+[no]fail\fR
-Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behaviour\&.
-.TP
+.RS 4
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
+.RE
+.PP
 \fB+[no]besteffort\fR
-Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
-.TP
+.RS 4
+Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
+.RE
+.PP
 \fB+[no]dnssec\fR
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&.
-.TP
-\fB+[no]sigchase\fR
-Chase DNSSEC signature chains\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
-.TP
-\fB+trusted\-key=####\fR
-Specifies a file containing trusted keys to be used with \fB+sigchase\fR\&. Each DNSKEY record must be on its own line\&.
-If not specified \fBdig\fR will look for \fI/etc/trusted\-key\&.key\fR then \fItrusted\-key\&.key\fR in the current directory\&.
-Requires dig be compiled with \-DDIG_SIGCHASE\&.
-.TP
-\fB+[no]topdown\fR
-When chasing DNSSEC signature chains perform a top down validation\&. Requires dig be compiled with \-DDIG_SIGCHASE\&.
+.RS 4
+Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
+.RE
 .SH "MULTIPLE QUERIES"
 .PP
-The BIND 9 implementation of \fBdig \fR supports specifying multiple queries on the command line (in addition to supporting the \fB\-f\fR batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&.
+The BIND 9 implementation of
+\fBdig \fR
+supports specifying multiple queries on the command line (in addition to supporting the
+\fB\-f\fR
+batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
 .PP
-In this case, each \fIquery\fR argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
+In this case, each
+\fIquery\fR
+argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
 .PP
-A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except the \fB+[no]cmd\fR option) can be overridden by a query\-specific set of query options\&. For example: 
+A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
+\fB+[no]cmd\fR
+option) can be overridden by a query\-specific set of query options. For example:
+.sp
+.RS 4
 .nf
-dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr
+dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
 .fi
- shows how \fBdig\fR could be used from the command line to make three lookups: an ANY query for www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of isc\&.org\&. A global query option of \fI+qr\fR is applied, so that \fBdig\fR shows the initial query it made for each lookup\&. The final query has a local query option of \fI+noqr\fR which means that \fBdig\fR will not print the initial query when it looks up the NS records for isc\&.org\&.
+.RE
+.sp
+shows how
+\fBdig\fR
+could be used from the command line to make three lookups: an ANY query for
+www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
+isc.org. A global query option of
+\fI+qr\fR
+is applied, so that
+\fBdig\fR
+shows the initial query it made for each lookup. The final query has a local query option of
+\fI+noqr\fR
+which means that
+\fBdig\fR
+will not print the initial query when it looks up the NS records for
+isc.org.
 .SH "FILES"
 .PP
- \fI/etc/resolv\&.conf\fR 
+\fI/etc/resolv.conf\fR
 .PP
- \fI${HOME}/\&.digrc\fR 
+\fI${HOME}/.digrc\fR
 .SH "SEE ALSO"
 .PP
- \fBhost\fR(1), \fBnamed\fR(8), \fBdnssec\-keygen\fR(8), RFC1035\&.
-.SH "BUGS "
+\fBhost\fR(1),
+\fBnamed\fR(8),
+\fBdnssec\-keygen\fR(8),
+RFC1035.
+.SH "BUGS"
 .PP
-There are probably too many query options\&.
+There are probably too many query options.
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br

bin/dig/dig.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
+ - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.4.2.7.4.12 2005/08/30 00:50:29 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.4.2.19 2007/08/28 07:18:12 tbox Exp $ -->
 
 <refentry>
 
@@ -36,12 +36,13 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
       <year>2000</year>
       <year>2001</year>
-      <year>2002</year>
       <year>2003</year>
       <holder>Internet Software Consortium.</holder>
     </copyright>
@@ -64,8 +65,6 @@
 <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
 <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
 <arg><option>-y <replaceable class="parameter">name:key</replaceable></option></arg>
-<arg><option>-4</option></arg>
-<arg><option>-6</option></arg>
 <arg choice="opt">name</arg>
 <arg choice="opt">type</arg>
 <arg choice="opt">class</arg>
@@ -101,7 +100,7 @@ Although <command>dig</command> is normally used with command-line
 arguments, it also has a batch mode of operation for reading lookup
 requests from a file.  A brief summary of its command-line arguments
 and options is printed when the <option>-h</option> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
 <command>dig</command> allows multiple lookups to be issued from the
 command line.
 </para>
@@ -118,11 +117,18 @@ NS query for "." (the root).
 </para>
 
 <para>
-It is possible to set per-user defaults for <command>dig</command> via
+It is possible to set per user defaults for <command>dig</command> via
 <filename>${HOME}/.digrc</filename>.  This file is read and any options in it
 are applied before the command line arguments.
 </para>
 
+     <para>
+       The IN and CH class names overlap with the IN and CH top level
+       domains names.  Either use the <option>-t</option> and
+       <option>-c</option> options to specify the type and class or
+       use "IN." and "CH." when looking up these top level domains.
+     </para>
+
 </refsect1>
 
 <refsect1>
@@ -172,21 +178,20 @@ ANY, A, MX, SIG, etc.
 <para>
 The <option>-b</option> option sets the source IP address of the query
 to <parameter>address</parameter>.  This must be a valid address on
-one of the host's network interfaces or "0.0.0.0" or "::".  An optional port
-may be specified by appending "#&lt;port&gt;"
+one of the host's network interfaces.
 </para>
 
 <para>
 The default query class (IN for internet) is overridden by the
 <option>-c</option> option.  <parameter>class</parameter> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
 </para>
 
 <para>
 The <option>-f</option> option makes <command>dig </command> operate
 in batch mode by reading a list of lookup requests to process from the
 file <parameter>filename</parameter>.  The file contains a number of
-queries, one per line.  Each entry in the file should be organised in
+queries, one per line.  Each entry in the file should be organized in
 the same way they would be presented as queries to
 <command>dig</command> using the command-line interface.
 </para>
@@ -200,16 +205,10 @@ to test a name server that has been configured to listen for queries
 on a non-standard port number.
 </para>
 
-<para>
-The <option>-4</option> option forces <command>dig</command> to only
-use IPv4 query transport.  The <option>-6</option> option forces
-<command>dig</command> to only use IPv6 query transport.
-</para>
-
 <para>
 The <option>-t</option> option sets the query type to
 <parameter>type</parameter>.  It can be any valid query type which is
-supported in BIND9.  The default query type "A", unless the
+supported in BIND 9.  The default query type is "A", unless the
 <option>-x</option> option is supplied to indicate a reverse lookup.
 A zone transfer can be requested by specifying a type of AXFR.  When
 an incremental zone transfer (IXFR) is required,
@@ -220,7 +219,7 @@ since the serial number in the zone's SOA record was
 </para>
 
 <para>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
 <option>-x</option> option.  <parameter>addr</parameter> is an IPv4
 address in dotted-decimal notation, or a colon-delimited IPv6 address.
 When this option is used, there is no need to provide the
@@ -229,10 +228,9 @@ When this option is used, there is no need to provide the
 automatically performs a lookup for a name like
 <literal>11.12.13.10.in-addr.arpa</literal> and sets the query type and
 class to PTR and IN respectively.  By default, IPv6 addresses are
-looked up using nibble format under the IP6.ARPA domain.
-To use the older RFC1886 method using the IP6.INT domain 
-specify the <option>-i</option> option.  Bit string labels (RFC2874)
-are now experimental and are not attempted.
+looked up using the IP6.ARPA domain and binary labels as defined in
+RFC2874.  To use the older RFC1886 method using the IP6.INT domain and
+"nibble" labels, specify the <option>-n</option> (nibble) option.
 </para>
 
 <para>
@@ -283,7 +281,7 @@ The query options are:
 <varlistentry><term><option>+[no]tcp</option></term>
 <listitem><para>
 Use [do not use] TCP when querying name servers.  The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
 which case a TCP connection is used.
 </para></listitem></varlistentry>
 
@@ -323,12 +321,9 @@ Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
 
 <varlistentry><term><option>+[no]aaonly</option></term>
 <listitem><para>
-Sets the "aa" flag in the query.
-</para></listitem></varlistentry>
-
-<varlistentry><term><option>+[no]aaflag</option></term>
-<listitem><para>
-A synonym for <parameter>+[no]aaonly</parameter>.
+This option does nothing.  It is provided for compatibility with old
+versions of <command>dig</command> where it set an unimplemented
+resolver flag.
 </para></listitem></varlistentry>
 
 <varlistentry><term><option>+[no]adflag</option></term>
@@ -345,16 +340,6 @@ Set [do not set] the CD (checking disabled) bit in the query.  This
 requests the server to not perform DNSSEC validation of responses.
 </para></listitem></varlistentry>
 
-<varlistentry><term><option>+[no]cl</option></term>
-<listitem><para>
-Display [do not display] the CLASS when printing the record.
-</para></listitem></varlistentry>
-
-<varlistentry><term><option>+[no]ttlid</option></term>
-<listitem><para>
-Display [do not display] the TTL when printing the record.
-</para></listitem></varlistentry>
-
 <varlistentry><term><option>+[no]recurse</option></term>
 <listitem><para>
 Toggle the setting of the RD (recursion desired) bit in the query.
@@ -384,7 +369,7 @@ resolve the lookup.
 
 <varlistentry><term><option>+[no]cmd</option></term>
 <listitem><para>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
 the version of <command>dig</command> and the query options that have
 been applied.  This comment is printed by default.
 </para></listitem></varlistentry>
@@ -412,7 +397,7 @@ print comments.
 <varlistentry><term><option>+[no]stats</option></term>
 <listitem><para>
 This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on.  The default behaviour is
+was made, the size of the reply and so on.  The default behavior is
 to print the query statistics.
 </para></listitem></varlistentry>
 
@@ -455,25 +440,17 @@ Set or clear all display flags.
 <listitem><para>
 
 Sets the timeout for a query to
-<parameter>T</parameter> seconds.  The default time out is 5 seconds.
+<parameter>T</parameter> seconds.  The default timeout is 5 seconds.
 An attempt to set <parameter>T</parameter> to less than 1 will result
 in a query timeout of 1 second being applied.
 </para></listitem></varlistentry>
 
 <varlistentry><term><option>+tries=T</option></term>
 <listitem><para>
-Sets the number of times to try UDP queries to server to
+Sets the number of times to retry UDP queries to server to
 <parameter>T</parameter> instead of the default, 3.  If
 <parameter>T</parameter> is less than or equal to zero, the number of
-tries is silently rounded up to 1.
-</para></listitem></varlistentry>
-
-<varlistentry><term><option>+retry=T</option></term>
-<listitem><para>
-Sets the number of times to retry UDP queries to server to
-<parameter>T</parameter> instead of the default, 2.  Unlike
-<parameter>+tries</parameter>, this does not include the initial
-query.
+retries is silently rounded up to 1.
 </para></listitem></varlistentry>
 
 <varlistentry><term><option>+ndots=D</option></term>
@@ -503,59 +480,30 @@ Print records like the SOA records in a verbose multi-line
 format with human-readable comments.  The default is to print
 each record on a single line, to facilitate machine parsing 
 of the <command>dig</command> output.
-</para></listitem></varlistentry>
+</para>
+</listitem></varlistentry>
 
 <varlistentry><term><option>+[no]fail</option></term>
 <listitem><para>
 Do not try the next server if you receive a SERVFAIL.  The default is
 to not try the next server which is the reverse of normal stub resolver
-behaviour.
-</para></listitem></varlistentry>
+behavior.
+</para>
 
+</listitem></varlistentry>
 <varlistentry><term><option>+[no]besteffort</option></term>
 <listitem><para>
 Attempt to display the contents of messages which are malformed.
 The default is to not display malformed answers.
-</para></listitem></varlistentry>
+</para>
 
+</listitem></varlistentry>
 <varlistentry><term><option>+[no]dnssec</option></term>
 <listitem><para>
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
 in the OPT record in the additional section of the query.
-</para></listitem></varlistentry>
-
-<varlistentry><term><option>+[no]sigchase</option></term>
-<listitem><para>
-Chase DNSSEC signature chains.  Requires dig be compiled with
--DDIG_SIGCHASE.
-</para></listitem></varlistentry>
-
-	<varlistentry>
-	  <term><option>+trusted-key=####</option></term>
-	  <listitem>
-	    <para>
-	      Specifies a file containing trusted keys to be used with
-	      <option>+sigchase</option>.  Each DNSKEY record must be
-	      on its own line.
-	    </para>
-	    <para>
-	      If not specified <command>dig</command> will look for
-	      <filename>/etc/trusted-key.key</filename> then
-	      <filename>trusted-key.key</filename> in the current directory.
-	    </para>
-	    <para>
-	      Requires dig be compiled with -DDIG_SIGCHASE.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-<varlistentry><term><option>+[no]topdown</option></term>
-<listitem><para>
-When chasing DNSSEC signature chains perform a top down validation.
-Requires dig be compiled with -DDIG_SIGCHASE.
-</para></listitem></varlistentry>
-
-
+</para>
+</listitem></varlistentry>
 
 </variablelist>
 

bin/dig/dig.html

@@ -1,6 +1,6 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -14,27 +14,27 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.6.2.4.2.12 2005/08/30 02:34:59 marka Exp $ -->
+<!-- $Id: dig.html,v 1.6.2.23 2007/05/16 06:57:45 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>dig &#8212; DNS lookup utility</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>name:key</code></em></code>] [name] [type] [class] [queryopt...]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [<code class="option">-h</code>]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514727"></a><h2>DESCRIPTION</h2>
+<a name="id2543474"></a><h2>DESCRIPTION</h2>
 <p>
 <span><strong class="command">dig</strong></span> (domain information groper) is a flexible tool
 for interrogating DNS name servers.  It performs DNS lookups and
@@ -49,7 +49,7 @@ Although <span><strong class="command">dig</strong></span> is normally used with
 arguments, it also has a batch mode of operation for reading lookup
 requests from a file.  A brief summary of its command-line arguments
 and options is printed when the <code class="option">-h</code> option is given.
-Unlike earlier versions, the BIND9 implementation of
+Unlike earlier versions, the BIND 9 implementation of
 <span><strong class="command">dig</strong></span> allows multiple lookups to be issued from the
 command line.
 </p>
@@ -63,13 +63,19 @@ When no command line arguments or options are given, will perform an
 NS query for "." (the root).
 </p>
 <p>
-It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
+It is possible to set per user defaults for <span><strong class="command">dig</strong></span> via
 <code class="filename">${HOME}/.digrc</code>.  This file is read and any options in it
 are applied before the command line arguments.
 </p>
+<p>
+       The IN and CH class names overlap with the IN and CH top level
+       domains names.  Either use the <code class="option">-t</code> and
+       <code class="option">-c</code> options to specify the type and class or
+       use "IN." and "CH." when looking up these top level domains.
+     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514786"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543542"></a><h2>SIMPLE USAGE</h2>
 <p>
 A typical invocation of <span><strong class="command">dig</strong></span> looks like:
 </p>
@@ -107,23 +113,22 @@ ANY, A, MX, SIG, etc.
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514865"></a><h2>OPTIONS</h2>
+<a name="id2543621"></a><h2>OPTIONS</h2>
 <p>
 The <code class="option">-b</code> option sets the source IP address of the query
 to <em class="parameter"><code>address</code></em>.  This must be a valid address on
-one of the host's network interfaces or "0.0.0.0" or "::".  An optional port
-may be specified by appending "#&lt;port&gt;"
+one of the host's network interfaces.
 </p>
 <p>
 The default query class (IN for internet) is overridden by the
 <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is any valid
-class, such as HS for Hesiod records or CH for CHAOSNET records.
+class, such as HS for Hesiod records or CH for Chaosnet records.
 </p>
 <p>
 The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span> operate
 in batch mode by reading a list of lookup requests to process from the
 file <em class="parameter"><code>filename</code></em>.  The file contains a number of
-queries, one per line.  Each entry in the file should be organised in
+queries, one per line.  Each entry in the file should be organized in
 the same way they would be presented as queries to
 <span><strong class="command">dig</strong></span> using the command-line interface.
 </p>
@@ -136,14 +141,9 @@ to test a name server that has been configured to listen for queries
 on a non-standard port number.
 </p>
 <p>
-The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span> to only
-use IPv4 query transport.  The <code class="option">-6</code> option forces
-<span><strong class="command">dig</strong></span> to only use IPv6 query transport.
-</p>
-<p>
 The <code class="option">-t</code> option sets the query type to
 <em class="parameter"><code>type</code></em>.  It can be any valid query type which is
-supported in BIND9.  The default query type "A", unless the
+supported in BIND 9.  The default query type is "A", unless the
 <code class="option">-x</code> option is supplied to indicate a reverse lookup.
 A zone transfer can be requested by specifying a type of AXFR.  When
 an incremental zone transfer (IXFR) is required,
@@ -153,7 +153,7 @@ since the serial number in the zone's SOA record was
 <em class="parameter"><code>N</code></em>.
 </p>
 <p>
-Reverse lookups - mapping addresses to names - are simplified by the
+Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
 <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is an IPv4
 address in dotted-decimal notation, or a colon-delimited IPv6 address.
 When this option is used, there is no need to provide the
@@ -162,10 +162,9 @@ When this option is used, there is no need to provide the
 automatically performs a lookup for a name like
 <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the query type and
 class to PTR and IN respectively.  By default, IPv6 addresses are
-looked up using nibble format under the IP6.ARPA domain.
-To use the older RFC1886 method using the IP6.INT domain 
-specify the <code class="option">-i</code> option.  Bit string labels (RFC2874)
-are now experimental and are not attempted.
+looked up using the IP6.ARPA domain and binary labels as defined in
+RFC2874.  To use the older RFC1886 method using the IP6.INT domain and
+"nibble" labels, specify the <code class="option">-n</code> (nibble) option.
 </p>
 <p>
 To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and their
@@ -188,7 +187,7 @@ being used.  In BIND, this is done by providing appropriate
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515116"></a><h2>QUERY OPTIONS</h2>
+<a name="id2543786"></a><h2>QUERY OPTIONS</h2>
 <p>
 <span><strong class="command">dig</strong></span> provides a number of query options which affect
 the way in which lookups are made and the results displayed.  Some of
@@ -209,7 +208,7 @@ The query options are:
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd><p>
 Use [do not use] TCP when querying name servers.  The default
-behaviour is to use UDP unless an AXFR or IXFR query is requested, in
+behavior is to use UDP unless an AXFR or IXFR query is requested, in
 which case a TCP connection is used.
 </p></dd>
 <dt><span class="term"><code class="option">+[no]vc</code></span></dt>
@@ -243,11 +242,9 @@ Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</co
 </p></dd>
 <dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
 <dd><p>
-Sets the "aa" flag in the query.
-</p></dd>
-<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
-<dd><p>
-A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
+This option does nothing.  It is provided for compatibility with old
+versions of <span><strong class="command">dig</strong></span> where it set an unimplemented
+resolver flag.
 </p></dd>
 <dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
 <dd><p>
@@ -261,14 +258,6 @@ completeness.
 Set [do not set] the CD (checking disabled) bit in the query.  This
 requests the server to not perform DNSSEC validation of responses.
 </p></dd>
-<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
-<dd><p>
-Display [do not display] the CLASS when printing the record.
-</p></dd>
-<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
-<dd><p>
-Display [do not display] the TTL when printing the record.
-</p></dd>
 <dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
 <dd><p>
 Toggle the setting of the RD (recursion desired) bit in the query.
@@ -295,7 +284,7 @@ resolve the lookup.
 </p></dd>
 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
 <dd><p>
-toggles the printing of the initial comment in the output identifying
+Toggles the printing of the initial comment in the output identifying
 the version of <span><strong class="command">dig</strong></span> and the query options that have
 been applied.  This comment is printed by default.
 </p></dd>
@@ -319,7 +308,7 @@ print comments.
 <dt><span class="term"><code class="option">+[no]stats</code></span></dt>
 <dd><p>
 This query option toggles the printing of statistics: when the query
-was made, the size of the reply and so on.  The default behaviour is
+was made, the size of the reply and so on.  The default behavior is
 to print the query statistics.
 </p></dd>
 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -355,23 +344,16 @@ Set or clear all display flags.
 <dd><p>
 
 Sets the timeout for a query to
-<em class="parameter"><code>T</code></em> seconds.  The default time out is 5 seconds.
+<em class="parameter"><code>T</code></em> seconds.  The default timeout is 5 seconds.
 An attempt to set <em class="parameter"><code>T</code></em> to less than 1 will result
 in a query timeout of 1 second being applied.
 </p></dd>
 <dt><span class="term"><code class="option">+tries=T</code></span></dt>
 <dd><p>
-Sets the number of times to try UDP queries to server to
+Sets the number of times to retry UDP queries to server to
 <em class="parameter"><code>T</code></em> instead of the default, 3.  If
 <em class="parameter"><code>T</code></em> is less than or equal to zero, the number of
-tries is silently rounded up to 1.
-</p></dd>
-<dt><span class="term"><code class="option">+retry=T</code></span></dt>
-<dd><p>
-Sets the number of times to retry UDP queries to server to
-<em class="parameter"><code>T</code></em> instead of the default, 2.  Unlike
-<em class="parameter"><code>+tries</code></em>, this does not include the initial
-query.
+retries is silently rounded up to 1.
 </p></dd>
 <dt><span class="term"><code class="option">+ndots=D</code></span></dt>
 <dd><p>
@@ -402,7 +384,7 @@ of the <span><strong class="command">dig</strong></span> output.
 <dd><p>
 Do not try the next server if you receive a SERVFAIL.  The default is
 to not try the next server which is the reverse of normal stub resolver
-behaviour.
+behavior.
 </p></dd>
 <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
 <dd><p>
@@ -414,39 +396,13 @@ The default is to not display malformed answers.
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO)
 in the OPT record in the additional section of the query.
 </p></dd>
-<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
-<dd><p>
-Chase DNSSEC signature chains.  Requires dig be compiled with
--DDIG_SIGCHASE.
-</p></dd>
-<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
-<dd>
-<p>
-	      Specifies a file containing trusted keys to be used with
-	      <code class="option">+sigchase</code>.  Each DNSKEY record must be
-	      on its own line.
-	    </p>
-<p>
-	      If not specified <span><strong class="command">dig</strong></span> will look for
-	      <code class="filename">/etc/trusted-key.key</code> then
-	      <code class="filename">trusted-key.key</code> in the current directory.
-	    </p>
-<p>
-	      Requires dig be compiled with -DDIG_SIGCHASE.
-	    </p>
-</dd>
-<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
-<dd><p>
-When chasing DNSSEC signature chains perform a top down validation.
-Requires dig be compiled with -DDIG_SIGCHASE.
-</p></dd>
 </dl></div>
 <p>
 
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515852"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2544354"></a><h2>MULTIPLE QUERIES</h2>
 <p>
 The BIND 9 implementation of <span><strong class="command">dig </strong></span> supports
 specifying multiple queries on the command line (in addition to
@@ -487,7 +443,7 @@ will not print the initial query when it looks up the NS records for
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515911"></a><h2>FILES</h2>
+<a name="id2544481"></a><h2>FILES</h2>
 <p>
 <code class="filename">/etc/resolv.conf</code>
 </p>
@@ -496,7 +452,7 @@ will not print the initial query when it looks up the NS records for
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515930"></a><h2>SEE ALSO</h2>
+<a name="id2544500"></a><h2>SEE ALSO</h2>
 <p>
 <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
 <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -505,7 +461,7 @@ will not print the initial query when it looks up the NS records for
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515969"></a><h2>BUGS </h2>
+<a name="id2544606"></a><h2>BUGS </h2>
 <p>
 There are probably too many query options. 
 </p>

bin/dig/host.1

@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,69 +13,169 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.11.2.1.4.6 2005/05/13 02:43:18 marka Exp $
+.\" $Id: host.1,v 1.11.2.9 2007/05/09 03:32:21 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "HOST" 1 "Jun 30, 2000" "" ""
-.SH NAME
+.\"     Title: host
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: Jun 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 host \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP 5
-\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-N\ \fIndots\fR\fR] [\fB\-R\ \fInumber\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-W\ \fIwait\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
+\fBhost\fR [\fB\-aCdlnrTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] {name} [server]
 .SH "DESCRIPTION"
 .PP
- \fBhost\fR is a simple utility for performing DNS lookups\&. It is normally used to convert names to IP addresses and vice versa\&. When no arguments or options are given, \fBhost\fR prints a short summary of its command line arguments and options\&.
+\fBhost\fR
+is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
+\fBhost\fR
+prints a short summary of its command line arguments and options.
 .PP
- \fIname\fR is the domain name that is to be looked up\&. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case \fBhost\fR will by default perform a reverse lookup for that address\&. \fIserver\fR is an optional argument which is either the name or IP address of the name server that \fBhost\fR should query instead of the server or servers listed in \fI/etc/resolv\&.conf\fR\&.
+\fIname\fR
+is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
+\fBhost\fR
+will by default perform a reverse lookup for that address.
+\fIserver\fR
+is an optional argument which is either the name or IP address of the name server that
+\fBhost\fR
+should query instead of the server or servers listed in
+\fI/etc/resolv.conf\fR.
 .PP
-The \fB\-a\fR (all) option is equivalent to setting the \fB\-v\fR option and asking \fBhost\fR to make a query of type ANY\&.
+The
+\fB\-a\fR
+(all) option is equivalent to setting the
+\fB\-v\fR
+option and asking
+\fBhost\fR
+to make a query of type ANY.
 .PP
-When the \fB\-C\fR option is used, \fBhost\fR will attempt to display the SOA records for zone \fIname\fR from all the listed authoritative name servers for that zone\&. The list of name servers is defined by the NS records that are found for the zone\&.
+When the
+\fB\-C\fR
+option is used,
+\fBhost\fR
+will attempt to display the SOA records for zone
+\fIname\fR
+from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
 .PP
-The \fB\-c\fR option instructs to make a DNS query of class \fIclass\fR\&. This can be used to lookup Hesiod or Chaosnet class resource records\&. The default class is IN (Internet)\&.
+The
+\fB\-c\fR
+option instructs to make a DNS query of class
+\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
 .PP
-Verbose output is generated by \fBhost\fR when the \fB\-d\fR or \fB\-v\fR option is used\&. The two options are equivalent\&. They have been provided for backwards compatibility\&. In previous versions, the \fB\-d\fR option switched on debugging traces and \fB\-v\fR enabled verbose output\&.
+Verbose output is generated by
+\fBhost\fR
+when the
+\fB\-d\fR
+or
+\fB\-v\fR
+option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
+\fB\-d\fR
+option switched on debugging traces and
+\fB\-v\fR
+enabled verbose output.
 .PP
-List mode is selected by the \fB\-l\fR option\&. This makes \fBhost\fR perform a zone transfer for zone \fIname\fR\&. Transfer the zone printing out the NS, PTR and address records (A/AAAA)\&. If combined with \fB\-a\fR all records will be printed\&.
+List mode is selected by the
+\fB\-l\fR
+option. This makes
+\fBhost\fR
+perform a zone transfer for zone
+\fIname\fR. The argument is provided for compatibility with older implementations. This option is equivalent to making a query of type AXFR.
 .PP
-The \fB\-i\fR option specifies that reverse lookups of IPv6 addresses should use the IP6\&.INT domain as defined in RFC1886\&. The default is to use IP6\&.ARPA\&.
+The
+\fB\-n\fR
+option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain and "nibble" labels as defined in RFC1886. The default is to use IP6.ARPA and binary labels as defined in RFC2874.
 .PP
-The \fB\-N\fR option sets the number of dots that have to be in \fIname\fR for it to be considered absolute\&. The default value is that defined using the ndots statement in \fI/etc/resolv\&.conf\fR, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the \fBsearch\fR or \fBdomain\fR directive in \fI/etc/resolv\&.conf\fR\&.
+The
+\fB\-N\fR
+option sets the number of dots that have to be in
+\fIname\fR
+for it to be considered absolute. The default value is that defined using the ndots statement in
+\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
+\fBsearch\fR
+or
+\fBdomain\fR
+directive in
+\fI/etc/resolv.conf\fR.
 .PP
-The number of UDP retries for a lookup can be changed with the \fB\-R\fR option\&. \fInumber\fR indicates how many times \fBhost\fR will repeat a query that does not get answered\&. The default number of retries is 1\&. If \fInumber\fR is negative or zero, the number of retries will default to 1\&.
+The number of UDP retries for a lookup can be changed with the
+\fB\-R\fR
+option.
+\fInumber\fR
+indicates how many times
+\fBhost\fR
+will repeat a query that does not get answered. The default number of retries is 1. If
+\fInumber\fR
+is negative or zero, the number of retries will default to 1.
 .PP
-Non\-recursive queries can be made via the \fB\-r\fR option\&. Setting this option clears the \fBRD\fR -- recursion desired -- bit in the query which \fBhost\fR makes\&. This should mean that the name server receiving the query will not attempt to resolve \fIname\fR\&. The \fB\-r\fR option enables \fBhost\fR to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers\&.
+Non\-recursive queries can be made via the
+\fB\-r\fR
+option. Setting this option clears the
+\fBRD\fR
+\(em recursion desired \(em bit in the query which
+\fBhost\fR
+makes. This should mean that the name server receiving the query will not attempt to resolve
+\fIname\fR. The
+\fB\-r\fR
+option enables
+\fBhost\fR
+to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
 .PP
-By default \fBhost\fR uses UDP when making queries\&. The \fB\-T\fR option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&.
+By default
+\fBhost\fR
+uses UDP when making queries. The
+\fB\-T\fR
+option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
 .PP
-The \fB\-4\fR option forces \fBhost\fR to only use IPv4 query transport\&. The \fB\-6\fR option forces \fBhost\fR to only use IPv6 query transport\&.
+The
+\fB\-t\fR
+option is used to select the query type.
+\fItype\fR
+can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+\fBhost\fR
+automatically selects an appropriate query type. By default it looks for A records, but if the
+\fB\-C\fR
+option was given, queries will be made for SOA records, and if
+\fIname\fR
+is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
+\fBhost\fR
+will query for PTR records.
 .PP
-The \fB\-t\fR option is used to select the query type\&. \fItype\fR can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc\&. When no query type is specified, \fBhost\fR automatically selects an appropriate query type\&. By default it looks for A records, but if the \fB\-C\fR option was given, queries will be made for SOA records, and if \fIname\fR is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address, \fBhost\fR will query for PTR records\&. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e\&.g\&. \-t IXFR=12345678)\&.
-.PP
-The time to wait for a reply can be controlled through the \fB\-W\fR and \fB\-w\fR options\&. The \fB\-W\fR option makes \fBhost\fR wait for \fIwait\fR seconds\&. If \fIwait\fR is less than one, the wait interval is set to one second\&. When the \fB\-w\fR option is used, \fBhost\fR will effectively wait forever for a reply\&. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity\&.
+The time to wait for a reply can be controlled through the
+\fB\-W\fR
+and
+\fB\-w\fR
+options. The
+\fB\-W\fR
+option makes
+\fBhost\fR
+wait for
+\fIwait\fR
+seconds. If
+\fIwait\fR
+is less than one, the wait interval is set to one second. When the
+\fB\-w\fR
+option is used,
+\fBhost\fR
+will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
 .SH "FILES"
 .PP
- \fI/etc/resolv\&.conf\fR 
+\fI/etc/resolv.conf\fR
 .SH "SEE ALSO"
 .PP
- \fBdig\fR(1), \fBnamed\fR(8)\&.
+\fBdig\fR(1),
+\fBnamed\fR(8).
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000\-2003 Internet Software Consortium.
+.br

bin/dig/host.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,19 +15,18 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.76.2.5.2.13 2005/07/04 03:29:45 marka Exp $ */
+/* $Id: host.c,v 1.76.2.13 2007/08/28 07:18:13 tbox Exp $ */
 
 #include <config.h>
+#include <stdlib.h>
 #include <limits.h>
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
-#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 #include <isc/task.h>
-#include <isc/stdlib.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -41,8 +40,6 @@
 #include <dig/dig.h>
 
 static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
-static isc_boolean_t default_lookups = ISC_TRUE;
-static int seen_error = -1;
 static isc_boolean_t list_addresses = ISC_TRUE;
 static dns_rdatatype_t list_type = dns_rdatatype_a;
 
@@ -85,40 +82,123 @@ static const char *rcodetext[] = {
 	"BADVERS"
 };
 
-struct rtype {
-	unsigned int type;
-	const char *text;
-};
+static const char *rtypetext[] = {
+	"zero",				/* 0 */
+	"has address",			/* 1 */
+	"name server",			/* 2 */
+	"MD",				/* 3 */
+	"MF",				/* 4 */
+	"is an alias for",		/* 5 */
+	"SOA",				/* 6 */
+	"MB",				/* 7 */
+	"MG",				/* 8 */
+	"MR",				/* 9 */
+	"NULL",				/* 10 */
+	"has well known services",	/* 11 */
+	"domain name pointer",		/* 12 */
+	"host information",		/* 13 */
+	"MINFO",			/* 14 */
+	"mail is handled by",	       	/* 15 */
+	"text",				/* 16 */
+	"RP",				/* 17 */
+	"AFSDB",			/* 18 */
+	"x25 address",			/* 19 */
+	"isdn address",			/* 20 */
+	"RT",				/* 21 */
+	"NSAP",				/* 22 */
+	"NSAP_PTR",			/* 23 */
+	"has signature",		/* 24 */
+	"has key",			/* 25 */
+	"PX",				/* 26 */
+	"GPOS",				/* 27 */
+	"has AAAA address",		/* 28 */
+	"LOC",				/* 29 */
+	"has next record",		/* 30 */
+	"EID",				/* 31 */
+	"NIMLOC",			/* 32 */
+	"SRV",				/* 33 */
+	"ATMA",				/* 34 */
+	"NAPTR",			/* 35 */
+	"KX",				/* 36 */
+	"CERT",				/* 37 */
+	"has v6 address",		/* 38 */
+	"DNAME",			/* 39 */
+	"has optional information",	/* 41 */
+	"has 42 record",       		/* 42 */
+	"has 43 record",       		/* 43 */
+	"has 44 record",       		/* 44 */
+	"has 45 record",       		/* 45 */
+	"has 46 record",       		/* 46 */
+	"has 47 record",       		/* 47 */
+	"has 48 record",       		/* 48 */
+	"has 49 record",       		/* 49 */
+	"has 50 record",       		/* 50 */
+	"has 51 record",       		/* 51 */
+	"has 52 record",       		/* 52 */
+	"has 53 record",       		/* 53 */
+	"has 54 record",       		/* 54 */
+	"has 55 record",       		/* 55 */
+	"has 56 record",       		/* 56 */
+	"has 57 record",       		/* 57 */
+	"has 58 record",       		/* 58 */
+	"has 59 record",       		/* 59 */
+	"has 60 record",       		/* 60 */
+	"has 61 record",       		/* 61 */
+	"has 62 record",       		/* 62 */
+	"has 63 record",       		/* 63 */
+	"has 64 record",       		/* 64 */
+	"has 65 record",       		/* 65 */
+	"has 66 record",       		/* 66 */
+	"has 67 record",       		/* 67 */
+	"has 68 record",       		/* 68 */
+	"has 69 record",       		/* 69 */
+	"has 70 record",       		/* 70 */
+	"has 71 record",       		/* 71 */
+	"has 72 record",       		/* 72 */
+	"has 73 record",       		/* 73 */
+	"has 74 record",       		/* 74 */
+	"has 75 record",       		/* 75 */
+	"has 76 record",       		/* 76 */
+	"has 77 record",       		/* 77 */
+	"has 78 record",       		/* 78 */
+	"has 79 record",       		/* 79 */
+	"has 80 record",       		/* 80 */
+	"has 81 record",       		/* 81 */
+	"has 82 record",       		/* 82 */
+	"has 83 record",       		/* 83 */
+	"has 84 record",       		/* 84 */
+	"has 85 record",       		/* 85 */
+	"has 86 record",       		/* 86 */
+	"has 87 record",       		/* 87 */
+	"has 88 record",       		/* 88 */
+	"has 89 record",       		/* 89 */
+	"has 90 record",       		/* 90 */
+	"has 91 record",       		/* 91 */
+	"has 92 record",       		/* 92 */
+	"has 93 record",       		/* 93 */
+	"has 94 record",       		/* 94 */
+	"has 95 record",       		/* 95 */
+	"has 96 record",       		/* 96 */
+	"has 97 record",       		/* 97 */
+	"has 98 record",       		/* 98 */
+	"has 99 record",       		/* 99 */
+	"UINFO",			/* 100 */
+	"UID",				/* 101 */
+	"GID",				/* 102 */
+	"UNSPEC"};			/* 103 */
 
-struct rtype rtypes[] = {
-	{ 1, 	"has address" },
-	{ 2, 	"name server" },
-	{ 5, 	"is an alias for" },
-	{ 11,	"has well known services" },
-	{ 12,	"domain name pointer" },
-	{ 13,	"host information" },
-	{ 15,	"mail is handled by" },
-	{ 16,	"descriptive text" },
-	{ 19,	"x25 address" },
-	{ 20,	"ISDN address" },
-	{ 24,	"has signature" },
-	{ 25,	"has key" },
-	{ 28,	"has IPv6 address" },
-	{ 29,	"location" },
-	{ 0, NULL }
-};
 
 static void
 show_usage(void) {
 	fputs(
-"Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n"
+"Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time]\n"
 "            [-R number] hostname [server]\n"
-"       -a is equivalent to -v -t *\n"
+"       -a is equivalent to -v -t ANY\n"
 "       -c specifies query class for non-IN data\n"
 "       -C compares SOA records on authoritative nameservers\n"
 "       -d is equivalent to -v\n"
 "       -l lists all hosts in a domain, using AXFR\n"
-"       -i IP6.INT reverse lookups\n"
+"       -i Use the old IN6.INT form of IPv6 reverse lookup\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
 "       -r disables recursive processing\n"
 "       -R specifies number of retries for UDP packets\n"
@@ -126,9 +206,7 @@ show_usage(void) {
 "       -T enables TCP/IP mode\n"
 "       -v enables verbose output\n"
 "       -w specifies to wait forever for a reply\n"
-"       -W specifies how long to wait for a reply\n"
-"       -4 use IPv4 query transport only\n"
-"       -6 use IPv6 query transport only\n", stderr);
+"       -W specifies how long to wait for a reply\n", stderr);
 	exit(1);
 }
 
@@ -138,14 +216,17 @@ dighost_shutdown(void) {
 }
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(int bytes, isc_sockaddr_t *from, dig_query_t *query)
+{
 	isc_time_t now;
+	isc_result_t result;
 	int diff;
 
 	if (!short_form) {
 		char fromtext[ISC_SOCKADDR_FORMATSIZE];
 		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
-		TIME_NOW(&now);
+		result = isc_time_now(&now);
+		check_result(result, "isc_time_now");
 		diff = (int) isc_time_microdiff(&now, &query->time_sent);
 		printf("Received %u bytes from %s in %d ms\n",
 		       bytes, fromtext, diff/1000);
@@ -194,18 +275,8 @@ say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	printf("\n");
 	isc_buffer_free(&b);
 }
-#ifdef DIG_SIGCHASE
-/* Just for compatibility : not use in host program */
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target)
-{
-  UNUSED(owner_name);
-  UNUSED(rdataset);
-  UNUSED(target);
-  return(ISC_FALSE);
-}
-#endif
+
+
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
 	     const char *section_name, isc_boolean_t headers,
@@ -221,6 +292,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	char t[4096];
 	isc_boolean_t first;
 	isc_boolean_t no_rdata;
+	const char *rtt;
 
 	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = ISC_TRUE;
@@ -278,27 +350,15 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
-					struct rtype *t;
-					const char *rtt;
-					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE
-						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
-
-					for (t = rtypes; t->text != NULL; t++) {
-						if (t->type == rdata.type) {
-							rtt = t->text;
-							goto found;
-						}
-					}
-
-					dns_rdatatype_format(rdata.type,
-							     typebuf,
-							     sizeof(typebuf));
-					snprintf(typebuf2, sizeof(typebuf2),
-						 "has %s record", typebuf);
-					rtt = typebuf2;
-				found:
+					if (rdata.type <= 103)
+						rtt = rtypetext[rdata.type];
+					else if (rdata.type == 249)
+						rtt = "key";
+					else if (rdata.type == 250)
+						rtt = "signature";
+					else
+						rtt = "unknown";
 					say_message(print_name, rtt,
 						    &rdata, query);
 					dns_rdata_reset(&rdata);
@@ -357,16 +417,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	dns_rdataset_t *opt, *tsig = NULL;
 	dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
-	int force_error;
 
 	UNUSED(headers);
 
-	/*
-	 * We get called multiple times.
-	 * Preserve any existing error status.
-	 */
-	force_error = (seen_error == 1) ? 1 : 0;
-	seen_error = 1;
 	if (listed_server) {
 		char sockstr[ISC_SOCKADDR_FORMATSIZE];
 
@@ -381,42 +434,12 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (msg->rcode != 0) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		printf("Host %s not found: %d(%s)\n", namestr,
-		       msg->rcode, rcodetext[msg->rcode]);
+		printf("Host %s not found: %d(%s)\n",
+		       (msg->rcode != dns_rcode_nxdomain) ? namestr :
+		       query->lookup->textname, msg->rcode,
+		       rcodetext[msg->rcode]);
 		return (ISC_R_SUCCESS);
 	}
-
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dig_lookup_t *lookup;
-
-		/* Add AAAA and MX lookups. */
-
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, ISC_FALSE);
-		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
-			lookup->rdtype = dns_rdatatype_aaaa;
-                        lookup->rdtypeset = ISC_TRUE;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-		lookup = clone_lookup(query->lookup, ISC_FALSE);
-		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
-			lookup->rdtype = dns_rdatatype_mx;
-                        lookup->rdtypeset = ISC_TRUE;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-	}
-
 	if (!short_form) {
 		printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
 		       opcodetext[msg->opcode], rcodetext[msg->rcode],
@@ -509,16 +532,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (!short_form)
 		printf("\n");
 
-	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char typestr[DNS_RDATATYPE_FORMATSIZE];
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		dns_rdatatype_format(query->lookup->rdtype, typestr,
-				     sizeof(typestr));
-		printf("%s has no %s record\n", namestr, typestr);
-	}
-	seen_error = force_error;
 	return (result);
 }
 
@@ -532,13 +545,12 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	isc_result_t result = ISC_R_SUCCESS;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
-	isc_uint32_t serial = 0;
 
 	UNUSED(is_batchfile);
 
 	lookup = make_empty_lookup();
 
-	while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dni46"))
+	while ((c = isc_commandline_parse(argc, argv, "ilvwrdt:c:aTCN:R:W:Dn"))
 	       != EOF) {
 		switch (c) {
 		case 'l':
@@ -555,41 +567,27 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			lookup->recurse = ISC_FALSE;
 			break;
 		case 't':
-			if (strncasecmp(isc_commandline_argument,
-					"ixfr=", 5) == 0) {
-				rdtype = dns_rdatatype_ixfr;
-				/* XXXMPA add error checking */
-				serial = strtoul(isc_commandline_argument + 5,
-						 NULL, 10);
-				result = ISC_R_SUCCESS;
-			} else {
-				tr.base = isc_commandline_argument;
-				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(&rdtype,
+			tr.base = isc_commandline_argument;
+			tr.length = strlen(isc_commandline_argument);
+			result = dns_rdatatype_fromtext(&rdtype,
 						   (isc_textregion_t *)&tr);
-			}
 
 			if (result != ISC_R_SUCCESS) {
 				fatalexit = 2;
 				fatal("invalid type: %s\n",
 				      isc_commandline_argument);
-			}
+			} 
 			if (!lookup->rdtypeset ||
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
-			lookup->rdtypeset = ISC_TRUE;
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
 				short_form = ISC_FALSE;
 				lookup->tcp_mode = ISC_TRUE;
-			} else if (rdtype == dns_rdatatype_ixfr) {
-				lookup->ixfr_serial = serial;
-				list_type = rdtype;
 			} else
 				list_type = rdtype;
 			list_addresses = ISC_FALSE;
-			default_lookups = ISC_FALSE;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
@@ -605,7 +603,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				lookup->rdclass = rdclass;
 				lookup->rdclassset = ISC_TRUE;
 			}
-			default_lookups = ISC_FALSE;
 			break;
 		case 'a':
 			if (!lookup->rdtypeset ||
@@ -615,13 +612,11 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			list_addresses = ISC_FALSE;
 			lookup->rdtypeset = ISC_TRUE;
 			short_form = ISC_FALSE;
-			default_lookups = ISC_FALSE;
 			break;
 		case 'i':
 			lookup->ip6_int = ISC_TRUE;
 			break;
 		case 'n':
-			/* deprecated */
 			break;
 		case 'w':
 			/*
@@ -636,9 +631,9 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				timeout = 1;
 			break;
 		case 'R':
-			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2)
-				tries = 2;
+			tries = atoi(isc_commandline_argument);
+			if (tries < 1)
+				tries = 1;
 			break;
 		case 'T':
 			lookup->tcp_mode = ISC_TRUE;
@@ -652,7 +647,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			lookup->ns_search_only = ISC_TRUE;
 			lookup->trace_root = ISC_TRUE;
 			lookup->identify_previous_line = ISC_TRUE;
-			default_lookups = ISC_FALSE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",
@@ -662,28 +656,11 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 		case 'D':
 			debugging = ISC_TRUE;
 			break;
-		case '4':
-			if (have_ipv4) {
-				isc_net_disableipv6();
-				have_ipv6 = ISC_FALSE;
-			} else
-				fatal("can't find IPv4 networking");
-			break;
-		case '6':
-			if (have_ipv6) {
-				isc_net_disableipv4();
-				have_ipv4 = ISC_FALSE;
-			} else
-				fatal("can't find IPv6 networking");
-			break;
 		}
 	}
-
-	lookup->retries = tries;
-
-	if (isc_commandline_index >= argc)
+	if (isc_commandline_index >= argc) {
 		show_usage();
-
+	}
 	strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 	hostname[sizeof(hostname)-1]=0;
 	if (argc > isc_commandline_index + 1) {
@@ -693,13 +670,12 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	}
 
 	lookup->pending = ISC_FALSE;
-	if (get_reverse(store, sizeof(store), hostname,
-			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
+	if (get_reverse(store, hostname, lookup->ip6_int, ISC_TRUE)			     == ISC_R_SUCCESS)
+	{
 		strncpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->textname[sizeof(lookup->textname)-1] = 0;
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = ISC_TRUE;
-		default_lookups = ISC_FALSE;
 	} else {
 		strncpy(lookup->textname, hostname, sizeof(lookup->textname));
 		lookup->textname[sizeof(lookup->textname)-1]=0;
@@ -714,8 +690,6 @@ int
 main(int argc, char **argv) {
 	isc_result_t result;
 
-	tries = 2;
-
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
@@ -735,6 +709,6 @@ main(int argc, char **argv) {
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();
-	return ((seen_error == 0) ? 0 : 1);
+	return (0);
 }
 

bin/dig/host.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002  Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.2.2.2.4.7 2005/05/13 01:22:32 marka Exp $ -->
+<!-- $Id: host.docbook,v 1.2.2.9 2007/08/28 07:18:13 tbox Exp $ -->
 
 <refentry>
 
@@ -36,12 +36,14 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
       <year>2000</year>
       <year>2001</year>
       <year>2002</year>
+      <year>2003</year>
       <holder>Internet Software Consortium.</holder>
     </copyright>
   </docinfo>
@@ -60,8 +62,6 @@
   <arg><option>-R <replaceable class="parameter">number</replaceable></option></arg>
   <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
   <arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
-  <arg><option>-4</option></arg>
-  <arg><option>-6</option></arg>
   <arg choice="req">name</arg>
   <arg choice="opt">server</arg>
 </cmdsynopsis>
@@ -121,16 +121,16 @@ output.
 <para>
 List mode is selected by the <option>-l</option> option.  This makes
 <command>host</command> perform a zone transfer for zone
-<parameter>name</parameter>.  Transfer the zone printing out the NS, PTR
-and address records (A/AAAA).  If combined with <option>-a</option>
-all records will be printed.  
+<parameter>name</parameter>.  The argument is provided for
+compatibility with older implementations.  This option is equivalent
+to making a query of type AXFR.
 </para>
 
 <para>
-The <option>-i</option>
+The <option>-n</option>
 option specifies that reverse lookups of IPv6 addresses should
-use the IP6.INT domain as defined in RFC1886.
-The default is to use IP6.ARPA.
+use the IP6.INT domain and "nibble" labels as defined in RFC1886.
+The default is to use IP6.ARPA and binary labels as defined in RFC2874.
 </para>
 
 <para>
@@ -160,7 +160,7 @@ desired &mdash; bit in the query which <command>host</command> makes.
 This should mean that the name server receiving the query will not
 attempt to resolve <parameter>name</parameter>.  The
 <option>-r</option> option enables <command>host</command> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
 expecting to receive answers to those queries that are usually
 referrals to other name servers.
 </para>
@@ -172,24 +172,16 @@ the name server.  TCP will be automatically selected for queries that
 require it, such as zone transfer (AXFR) requests.
 </para>
 
-<para>
-The <option>-4</option> option forces <command>host</command> to only
-use IPv4 query transport.  The <option>-6</option> option forces
-<command>host</command> to only use IPv6 query transport.
-</para>
-
 <para>
 The <option>-t</option> option is used to select the query type.
-<parameter>type</parameter> can be any recognised query type: CNAME,
+<parameter>type</parameter> can be any recognized query type: CNAME,
 NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
 <command>host</command> automatically selects an appropriate query
 type.  By default it looks for A records, but if the
 <option>-C</option> option was given, queries will be made for SOA
 records, and if <parameter>name</parameter> is a dotted-decimal IPv4
 address or colon-delimited IPv6 address, <command>host</command> will
-query for PTR records.  If a query type of IXFR is chosen the starting
-serial number can be specified by appending an equal followed by the
-starting serial number (e.g. -t IXFR=12345678).
+query for PTR records.
 </para>
 
 <para>

bin/dig/host.html

@@ -1,6 +1,6 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -14,25 +14,25 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: host.html,v 1.4.2.1.4.10 2005/07/18 02:36:44 marka Exp $ -->
+<!-- $Id: host.html,v 1.4.2.16 2007/05/09 03:32:21 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>host &#8212; DNS lookup utility</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
+<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514584"></a><h2>DESCRIPTION</h2>
+<a name="id2543402"></a><h2>DESCRIPTION</h2>
 <p>
 <span><strong class="command">host</strong></span>
 is a simple utility for performing DNS lookups.
@@ -79,15 +79,15 @@ output.
 <p>
 List mode is selected by the <code class="option">-l</code> option.  This makes
 <span><strong class="command">host</strong></span> perform a zone transfer for zone
-<em class="parameter"><code>name</code></em>.  Transfer the zone printing out the NS, PTR
-and address records (A/AAAA).  If combined with <code class="option">-a</code>
-all records will be printed.  
+<em class="parameter"><code>name</code></em>.  The argument is provided for
+compatibility with older implementations.  This option is equivalent
+to making a query of type AXFR.
 </p>
 <p>
-The <code class="option">-i</code>
+The <code class="option">-n</code>
 option specifies that reverse lookups of IPv6 addresses should
-use the IP6.INT domain as defined in RFC1886.
-The default is to use IP6.ARPA.
+use the IP6.INT domain and "nibble" labels as defined in RFC1886.
+The default is to use IP6.ARPA and binary labels as defined in RFC2874.
 </p>
 <p>
 The <code class="option">-N</code> option sets the number of dots that have to be
@@ -114,7 +114,7 @@ desired &#8212; bit in the query which <span><strong class="command">host</stron
 This should mean that the name server receiving the query will not
 attempt to resolve <em class="parameter"><code>name</code></em>.  The
 <code class="option">-r</code> option enables <span><strong class="command">host</strong></span> to mimic
-the behaviour of a name server by making non-recursive queries and
+the behavior of a name server by making non-recursive queries and
 expecting to receive answers to those queries that are usually
 referrals to other name servers.
 </p>
@@ -125,22 +125,15 @@ the name server.  TCP will be automatically selected for queries that
 require it, such as zone transfer (AXFR) requests.
 </p>
 <p>
-The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
-use IPv4 query transport.  The <code class="option">-6</code> option forces
-<span><strong class="command">host</strong></span> to only use IPv6 query transport.
-</p>
-<p>
 The <code class="option">-t</code> option is used to select the query type.
-<em class="parameter"><code>type</code></em> can be any recognised query type: CNAME,
+<em class="parameter"><code>type</code></em> can be any recognized query type: CNAME,
 NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
 <span><strong class="command">host</strong></span> automatically selects an appropriate query
 type.  By default it looks for A records, but if the
 <code class="option">-C</code> option was given, queries will be made for SOA
 records, and if <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
 address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
-query for PTR records.  If a query type of IXFR is chosen the starting
-serial number can be specified by appending an equal followed by the
-starting serial number (e.g. -t IXFR=12345678).
+query for PTR records.
 </p>
 <p>
 The time to wait for a reply can be controlled through the
@@ -155,13 +148,13 @@ value for an integer quantity.
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514992"></a><h2>FILES</h2>
+<a name="id2543651"></a><h2>FILES</h2>
 <p>
 <code class="filename">/etc/resolv.conf</code>
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515004"></a><h2>SEE ALSO</h2>
+<a name="id2543664"></a><h2>SEE ALSO</h2>
 <p>
 <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
 <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.

bin/dig/include/dig/dig.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2003  Internet Software Consortium.
+ * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.71.2.6.2.11 2005/07/04 03:29:45 marka Exp $ */
+/* $Id: dig.h,v 1.71.2.19 2007/08/28 07:18:13 tbox Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -66,27 +66,11 @@
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
-/*
- * Defaults for the sigchase suboptions.  Consolidated here because
- * these control the layout of dig_lookup_t (among other things).
- */
-#ifdef DIG_SIGCHASE
-#ifndef DIG_SIGCHASE_BU
-#define DIG_SIGCHASE_BU 1
-#endif
-#ifndef DIG_SIGCHASE_TD
-#define DIG_SIGCHASE_TD 1
-#endif
-#endif
-
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
-#ifdef DIG_SIGCHASE
-typedef struct dig_message dig_message_t;
-#endif
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
@@ -116,29 +100,14 @@ struct dig_lookup {
 		section_additional,
 		servfail_stops,
 		new_search,
+		need_search,
+		done_as_is,
 		besteffort,
 		dnssec;
-#ifdef DIG_SIGCHASE
-isc_boolean_t	sigchase;
-#if DIG_SIGCHASE_TD
- 	isc_boolean_t do_topdown,
-	        trace_root_sigchase,
-	        rdtype_sigchaseset,
-	        rdclass_sigchaseset;
-	/* Name we are going to validate RRset */
-  	char textnamesigchase[MXNAME];
-#endif
-#endif
-	
 	char textname[MXNAME]; /* Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
-#if DIG_SIGCHASE_TD
-        dns_rdatatype_t rdtype_sigchase;
-        dns_rdatatype_t qrdtype_sigchase;
-        dns_rdataclass_t rdclass_sigchase;
-#endif
 	dns_rdataclass_t rdclass;
 	isc_boolean_t rdtypeset;
 	isc_boolean_t rdclassset;
@@ -146,7 +115,7 @@ isc_boolean_t	sigchase;
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
-	isc_buffer_t sendbuf;
+	isc_buffer_t renderbuf;
 	char *sendspace;
 	dns_name_t *name;
 	isc_timer_t *timer;
@@ -173,6 +142,8 @@ isc_boolean_t	sigchase;
 struct dig_query {
 	dig_lookup_t *lookup;
 	isc_boolean_t waiting_connect,
+		pending_free,
+		waiting_senddone,
 		first_pass,
 		first_soa_rcvd,
 		second_rr_rcvd,
@@ -181,7 +152,6 @@ struct dig_query {
 		warn_id;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
-	isc_uint32_t msg_count;
 	isc_uint32_t rr_count;
 	char *servname;
 	char *userarg;
@@ -198,6 +168,7 @@ struct dig_query {
 	ISC_LINK(dig_query_t) link;
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
+	isc_buffer_t sendbuf;
 };
 
 struct dig_server {
@@ -210,12 +181,6 @@ struct dig_searchlist {
 	char origin[MXNAME];
 	ISC_LINK(dig_searchlist_t) link;
 };
-#ifdef DIG_SIGCHASE
-struct dig_message {
-	        dns_message_t *msg;
-		ISC_LINK(dig_message_t) link;
-};
-#endif
 
 typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
 typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
@@ -236,15 +201,13 @@ extern isc_mem_t *mctx;
 extern dns_messageid_t id;
 extern int sendcount;
 extern int ndots;
+extern int tries;  
 extern int lookup_counter;
 extern int exitcode;
 extern isc_sockaddr_t bind_address;
 extern char keynametext[MXNAME];
 extern char keyfile[MXNAME];
 extern char keysecret[MXNAME];
-#ifdef DIG_SIGCHASE
-extern char trustedkey[MXNAME];
-#endif
 extern dns_tsigkey_t *key;
 extern isc_boolean_t validated;
 extern isc_taskmgr_t *taskmgr;
@@ -253,7 +216,6 @@ extern isc_boolean_t free_now;
 extern isc_boolean_t debugging, memdebugging;
 
 extern char *progname;
-extern int tries;
 extern int fatalexit;
 
 /*
@@ -263,7 +225,11 @@ void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
 isc_result_t
-get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
+get_addresses(const char *hostname, in_port_t port,
+             isc_sockaddr_t *addrs, int addrsize, int *addrcount);
+
+isc_result_t
+get_reverse(char *reverse, char *value, isc_boolean_t ip6int,
 	    isc_boolean_t strict);
 
 void
@@ -278,6 +244,9 @@ check_result(isc_result_t result, const char *msg);
 void
 setup_lookup(dig_lookup_t *lookup);
 
+void
+destroy_lookup(dig_lookup_t *lookup);
+
 void
 do_lookup(dig_lookup_t *lookup);
 
@@ -302,18 +271,18 @@ requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 dig_lookup_t *
 make_empty_lookup(void);
 
-dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
-
-dig_server_t *
-make_server(const char *servname, const char *userarg);
-
 void
 flush_server_list(void);
 
 void
 set_nameserver(char *opt);
 
+dig_lookup_t *
+clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
+
+dig_server_t *
+make_server(const char *servname, const char *userarg);
+
 void
 clone_server_list(dig_serverlist_t src,
 		  dig_serverlist_t *dest);
@@ -327,19 +296,9 @@ destroy_libs(void);
 void
 set_search_domain(char *domain);
 
-#ifdef DIG_SIGCHASE
-void
-clean_trustedkey(void);
-#endif
-
 /*
  * Routines to be defined in dig.c, host.c, and nslookup.c.
  */
-#ifdef DIG_SIGCHASE
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target);
-#endif
 
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
@@ -364,14 +323,6 @@ dighost_shutdown(void);
 char *
 next_token(char **stringp, const char *delim);
 
-#ifdef DIG_SIGCHASE
-/* Chasing functions */
-dns_rdataset_t *
-chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
-void
-chase_sig(dns_message_t *msg);
-#endif
-
 ISC_LANG_ENDDECLS
 
 #endif

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,157 +12,234 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.1.6.4 2005/05/13 02:43:18 marka Exp $
+.\" $Id: nslookup.1,v 1.1.4.12 2007/05/16 06:57:45 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "NSLOOKUP" 1 "Jun 30, 2000" "" ""
-.SH NAME
+.\"     Title: nslookup
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: Jun 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
 nslookup \- query Internet name servers interactively
 .SH "SYNOPSIS"
 .HP 9
 \fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
 .SH "DESCRIPTION"
 .PP
- \fBNslookup\fR is a program to query Internet domain name servers\&. \fBNslookup\fR has two modes: interactive and non\-interactive\&. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain\&. Non\-interactive mode is used to print just the name and requested information for a host or domain\&.
+\fBNslookup\fR
+is a program to query Internet domain name servers.
+\fBNslookup\fR
+has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
 .SH "ARGUMENTS"
 .PP
-Interactive mode is entered in the following cases: 
-.TP 3
+Interactive mode is entered in the following cases:
+.TP 4
 1.
 when no arguments are given (the default name server will be used)
-.TP
+.TP 4
 2.
-when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server\&.
-.LP
+when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
+.sp
+.RE
 .PP
-Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument\&. The optional second argument specifies the host name or address of a name server\&.
+Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
-Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen\&. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type: .IP .nf nslookup \-query=hinfo \-timeout=10 .fi 
+Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
+.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
 .SH "INTERACTIVE COMMANDS"
-.TP
-host [server]
-Look up information for host using the current default server or using server, if specified\&. If host is an Internet address and the query type is A or PTR, the name of the host is returned\&. If host is a name and does not have a trailing period, the search list is used to qualify the name\&.
-To look up a host not in the current domain, append a period to the name\&.
-.TP
+.PP
+\fBhost\fR [server]
+.RS 4
+Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
+.sp
+To look up a host not in the current domain, append a period to the name.
+.RE
+.PP
 \fBserver\fR \fIdomain\fR
-.TP
+.RS 4
+.RE
+.PP
 \fBlserver\fR \fIdomain\fR
-Change the default server to \fIdomain\fR; \fBlserver\fR uses the initial server to look up information about \fIdomain\fR, while \fBserver\fR uses the current default server\&. If an authoritative answer can't be found, the names of servers that might have the answer are returned\&.
-.TP
+.RS 4
+Change the default server to
+\fIdomain\fR;
+\fBlserver\fR
+uses the initial server to look up information about
+\fIdomain\fR, while
+\fBserver\fR
+uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
+.RE
+.PP
 \fBroot\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fBfinger\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fBls\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fBview\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fBhelp\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fB?\fR
+.RS 4
 not implemented
-.TP
+.RE
+.PP
 \fBexit\fR
-Exits the program\&.
-.TP
-\fBset\fR \fIkeyword[=value]\fR
-This command is used to change state information that affects the lookups\&. Valid keywords are: 
-.RS
-.TP
+.RS 4
+Exits the program.
+.RE
+.PP
+\fBset\fR \fIkeyword\fR\fI[=value]\fR
+.RS 4
+This command is used to change state information that affects the lookups. Valid keywords are:
+.RS 4
+.PP
 \fBall\fR
-Prints the current values of the frequently used options to \fBset\fR\&. Information about the current default server and host is also printed\&.
-.TP
+.RS 4
+Prints the current values of the frequently used options to
+\fBset\fR. Information about the current default server and host is also printed.
+.RE
+.PP
 \fBclass=\fR\fIvalue\fR
-Change the query class to one of: 
-.RS
-.TP
+.RS 4
+Change the query class to one of:
+.RS 4
+.PP
 \fBIN\fR
+.RS 4
 the Internet class
-.TP
+.RE
+.PP
 \fBCH\fR
+.RS 4
 the Chaos class
-.TP
+.RE
+.PP
 \fBHS\fR
+.RS 4
 the Hesiod class
-.TP
+.RE
+.PP
 \fBANY\fR
+.RS 4
 wildcard
 .RE
-.IP
- The class specifies the protocol group of the information\&.
+.RE
+.IP "" 4
+The class specifies the protocol group of the information.
+.sp
 (Default = IN; abbreviation = cl)
-.TP
-\fB\fI[no]\fRdebug\fR
-Turn debugging mode on\&. A lot more information is printed about the packet sent to the server and the resulting answer\&.
-(Default = nodebug; abbreviation = [no]deb)
-.TP
-\fB\fI[no]\fRd2\fR
-Turn debugging mode on\&. A lot more information is printed about the packet sent to the server and the resulting answer\&.
+.RE
+.PP
+\fB\fI[no]\fR\fR\fBdebug\fR
+.RS 4
+Turn on or off the display of the full response packet and any intermediate response packets when searching.
+.sp
+(Default = nodebug; abbreviation =
+[no]deb)
+.RE
+.PP
+\fB\fI[no]\fR\fR\fBd2\fR
+.RS 4
+Turn debugging mode on or off. This displays more about what nslookup is doing.
+.sp
 (Default = nod2)
-.TP
+.RE
+.PP
 \fBdomain=\fR\fIname\fR
-Sets the search list to \fIname\fR\&.
-.TP
-\fB\fI[no]\fRsearch\fR
-If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&.
+.RS 4
+Sets the search list to
+\fIname\fR.
+.RE
+.PP
+\fB\fI[no]\fR\fR\fBsearch\fR
+.RS 4
+If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
+.sp
 (Default = search)
-.TP
+.RE
+.PP
 \fBport=\fR\fIvalue\fR
-Change the default TCP/UDP name server port to \fIvalue\fR\&.
+.RS 4
+Change the default TCP/UDP name server port to
+\fIvalue\fR.
+.sp
 (Default = 53; abbreviation = po)
-.TP
+.RE
+.PP
 \fBquerytype=\fR\fIvalue\fR
-.TP
+.RS 4
+.RE
+.PP
 \fBtype=\fR\fIvalue\fR
-Change the top of the information query\&.
+.RS 4
+Change the type of the information query.
+.sp
 (Default = A; abbreviations = q, ty)
-.TP
-\fB\fI[no]\fRrecurse\fR
-Tell the name server to query other servers if it does not have the information\&.
+.RE
+.PP
+\fB\fI[no]\fR\fR\fBrecurse\fR
+.RS 4
+Tell the name server to query other servers if it does not have the information.
+.sp
 (Default = recurse; abbreviation = [no]rec)
-.TP
+.RE
+.PP
 \fBretry=\fR\fInumber\fR
-Set the number of retries to number\&.
-.TP
+.RS 4
+Set the number of retries to number.
+.RE
+.PP
 \fBtimeout=\fR\fInumber\fR
-Change the initial timeout interval for waiting for a reply to number seconds\&.
-.TP
-\fB\fI[no]\fRvc\fR
-Always use a virtual circuit when sending requests to the server\&.
+.RS 4
+Change the initial timeout interval for waiting for a reply to number seconds.
+.RE
+.PP
+\fB\fI[no]\fR\fR\fBvc\fR
+.RS 4
+Always use a virtual circuit when sending requests to the server.
+.sp
 (Default = novc)
 .RE
-.IP
+.RE
+.IP "" 4
+.RE
 .SH "FILES"
 .PP
- \fI/etc/resolv\&.conf\fR 
+\fI/etc/resolv.conf\fR
 .SH "SEE ALSO"
 .PP
- \fBdig\fR(1), \fBhost\fR(1), \fBnamed\fR(8)\&.
+\fBdig\fR(1),
+\fBhost\fR(1),
+\fBnamed\fR(8).
 .SH "AUTHOR"
 .PP
 Andrew Cherenson
+.SH "COPYRIGHT"
+Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
+.br

bin/dig/nslookup.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.90.2.4.2.10 2005/07/12 05:47:42 marka Exp $ */
+/* $Id: nslookup.c,v 1.90.2.16 2007/08/28 07:18:13 tbox Exp $ */
 
 #include <config.h>
 
@@ -25,7 +25,6 @@
 #include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/event.h>
-#include <isc/parseint.h>
 #include <isc/string.h>
 #include <isc/timer.h>
 #include <isc/util.h>
@@ -120,8 +119,7 @@ static const char *rtypetext[] = {
 	"v6 address = ",		/* 38 */
 	"dname = ",			/* 39 */
 	"rtype_40 = ",			/* 40 */
-	"optional = "			/* 41 */
-};
+	"optional = "};			/* 41 */
 
 #define N_KNOWN_RRTYPES (sizeof(rtypetext) / sizeof(rtypetext[0]))
 
@@ -176,18 +174,7 @@ printa(dns_rdata_t *rdata) {
 	printf("Address: %.*s\n", (int)isc_buffer_usedlength(&b),
 	       (char *)isc_buffer_base(&b));
 }
-#ifdef DIG_SIGCHASE
-/* Just for compatibility : not use in host program */
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target)
-{
-	UNUSED(owner_name);
-	UNUSED(rdataset);
-	UNUSED(target);
-	return(ISC_FALSE);
-}
-#endif
+
 static void
 printrdata(dns_rdata_t *rdata) {
 	isc_result_t result;
@@ -409,8 +396,9 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		char nametext[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name,
 				nametext, sizeof(nametext));
-		printf("** server can't find %s: %s\n", nametext,
-		       rcodetext[msg->rcode]);
+		printf("** server can't find %s: %s\n",
+		       (msg->rcode != dns_rcode_nxdomain) ? nametext :
+		       query->lookup->textname, rcodetext[msg->rcode]);
 		debug("returning with rcode == 0");
 		return (ISC_R_SUCCESS);
 	}
@@ -516,46 +504,7 @@ safecpy(char *dest, char *src, int size) {
 	strncpy(dest, src, size);
 	dest[size-1] = 0;
 }
-
-static isc_result_t
-parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
-	   const char *desc) {
-	isc_uint32_t n;
-	isc_result_t result = isc_parse_uint32(&n, value, 10);
-	if (result == ISC_R_SUCCESS && n > max)
-		result = ISC_R_RANGE;
-	if (result != ISC_R_SUCCESS) {
-		printf("invalid %s '%s': %s\n", desc,
-		       value, isc_result_totext(result));
-		return result;
-	}
-	*uip = n;
-	return (ISC_R_SUCCESS);
-}
-
-static void
-set_port(const char *value) {
-	isc_uint32_t n;
-	isc_result_t result = parse_uint(&n, value, 65535, "port");
-	if (result == ISC_R_SUCCESS)
-		port = (isc_uint16_t) n;
-}
-
-static void
-set_timeout(const char *value) {
-	isc_uint32_t n;
-	isc_result_t result = parse_uint(&n, value, UINT_MAX, "timeout");
-	if (result == ISC_R_SUCCESS)
-		timeout = n;
-}
-
-static void
-set_tries(const char *value) {
-	isc_uint32_t n;
-	isc_result_t result = parse_uint(&n, value, INT_MAX, "tries");
-	if (result == ISC_R_SUCCESS)
-		tries = n;
-}
+	
 
 static void
 setoption(char *opt) {
@@ -594,21 +543,21 @@ setoption(char *opt) {
 		set_search_domain(domainopt);
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "port=", 5) == 0) {
-		set_port(&opt[5]);
+		port = atoi(&opt[5]);
 	} else if (strncasecmp(opt, "po=", 3) == 0) {
-		set_port(&opt[3]);
+		port = atoi(&opt[3]);
 	} else if (strncasecmp(opt, "timeout=", 8) == 0) {
-		set_timeout(&opt[8]);
+		timeout = atoi(&opt[8]);
 	} else if (strncasecmp(opt, "t=", 2) == 0) {
-		set_timeout(&opt[2]);
+		timeout = atoi(&opt[2]);
  	} else if (strncasecmp(opt, "rec", 3) == 0) {
 		recurse = ISC_TRUE;
 	} else if (strncasecmp(opt, "norec", 5) == 0) {
 		recurse = ISC_FALSE;
 	} else if (strncasecmp(opt, "retry=", 6) == 0) {
-		set_tries(&opt[6]);
+		tries = atoi(&opt[6]);
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
-		set_tries(&opt[4]);
+		tries = atoi(&opt[4]);
  	} else if (strncasecmp(opt, "def", 3) == 0) {
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "nodef", 5) == 0) {
@@ -625,11 +574,11 @@ setoption(char *opt) {
 		debugging = ISC_TRUE;
 	} else if (strncasecmp(opt, "nod2", 4) == 0) {
 		debugging = ISC_FALSE;
-	} else if (strncasecmp(opt, "search", 3) == 0) {
+	} else if (strncasecmp(opt, "search",3) == 0) {
 		usesearch = ISC_TRUE;
-	} else if (strncasecmp(opt, "nosearch", 5) == 0) {
+	} else if (strncasecmp(opt, "nosearch",5) == 0) {
 		usesearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "sil", 3) == 0) {
+	} else if (strncasecmp(opt, "sil",3) == 0) {
 		/* deprecation_msg = ISC_FALSE; */
 	} else {
 		printf("*** Invalid option: %s\n", opt);	
@@ -661,8 +610,9 @@ addlookup(char *opt) {
 		rdclass = dns_rdataclass_in;
 	}
 	lookup = make_empty_lookup();
-	if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
-	    == ISC_R_SUCCESS) {
+	if (get_reverse(store, opt, lookup->ip6_int, ISC_TRUE)
+	    == ISC_R_SUCCESS)
+	{
 		safecpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = ISC_TRUE;
@@ -708,6 +658,7 @@ get_next_command(void) {
 	if (buf == NULL)
 		fatal("memory allocation failure");
 	fputs("> ", stderr);
+	fflush(stderr);
 	isc_app_block();
 	ptr = fgets(buf, COMMSIZE, stdin);
 	isc_app_unblock();
@@ -733,13 +684,15 @@ get_next_command(void) {
 		in_use = ISC_FALSE;
 		goto cleanup;
 	} else if (strcasecmp(ptr, "help") == 0 ||
-		   strcasecmp(ptr, "?") == 0) {
+		   strcasecmp(ptr, "?") == 0)
+	{
 		printf("The '%s' command is not yet implemented.\n", ptr);
 		goto cleanup;
 	} else if (strcasecmp(ptr, "finger") == 0 ||
 		   strcasecmp(ptr, "root") == 0 ||
 		   strcasecmp(ptr, "ls") == 0 ||
-		   strcasecmp(ptr, "view") == 0) {
+		   strcasecmp(ptr, "view") == 0)
+	{
 		printf("The '%s' command is not implemented.\n", ptr);
 		goto cleanup;
 	} else

bin/dig/nslookup.docbook

@@ -1,10 +1,10 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.3.6.5 2005/05/13 01:22:33 marka Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.3.4.13 2007/08/28 07:18:13 tbox Exp $ -->
 
 <!--
  - Copyright (c) 1985, 1989
@@ -68,6 +68,8 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2006</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -140,7 +142,7 @@ nslookup -query=hinfo  -timeout=10
 <refsect1>
 <title>INTERACTIVE COMMANDS</title>
 <variablelist>
-<varlistentry><term>host <optional>server</optional></term>
+<varlistentry><term><constant>host</constant> <optional>server</optional></term>
 <listitem><para>
 Look up information for host using the current default server or
 using server, if specified.  If host is an Internet address and
@@ -220,18 +222,16 @@ the lookups.  Valid keywords are:
 
   <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>debug</constant></term>
   <listitem><para>
-  Turn debugging mode on.  A lot more information is
-  printed about the packet sent to the server and the
-  resulting answer.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
   </para><para>
   (Default = nodebug; abbreviation = <optional>no</optional>deb)
   </para></listitem></varlistentry>
 
   <varlistentry><term><constant><replaceable><optional>no</optional></replaceable>d2</constant></term>
   <listitem><para>
-  Turn debugging mode on.  A lot more information is
-  printed about the packet sent to the server and the
-  resulting answer.
+		    Turn debugging mode on or off.  This displays more about
+		    what nslookup is doing.
   </para><para>
   (Default = nod2)
   </para></listitem></varlistentry>
@@ -263,7 +263,7 @@ the lookups.  Valid keywords are:
 
   <varlistentry><term><constant>type=</constant><replaceable>value</replaceable></term>
   <listitem><para>
-  Change the top of the information query.
+  Change the type of the information query.
   </para><para>
   (Default = A; abbreviations = q, ty)
   </para></listitem></varlistentry>

bin/dig/nslookup.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nslookup.html,v 1.1.6.7 2005/07/18 02:36:44 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.4.19 2007/05/16 06:57:45 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456976"></a><div class="titlepage"></div>
+<a name="id2476276"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514587"></a><h2>DESCRIPTION</h2>
+<a name="id2543346"></a><h2>DESCRIPTION</h2>
 <p>
 <span><strong class="command">Nslookup</strong></span>
 is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
@@ -43,7 +43,7 @@ domain.
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514604"></a><h2>ARGUMENTS</h2>
+<a name="id2543363"></a><h2>ARGUMENTS</h2>
 <p>
 Interactive mode is entered in the following cases:
 </p>
@@ -75,9 +75,9 @@ nslookup -query=hinfo  -timeout=10
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514647"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2543405"></a><h2>INTERACTIVE COMMANDS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
+<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
 <dd>
 <p>
 Look up information for host using the current default server or
@@ -151,9 +151,8 @@ the lookups.  Valid keywords are:
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
 <p>
-  Turn debugging mode on.  A lot more information is
-  printed about the packet sent to the server and the
-  resulting answer.
+		    Turn on or off the display of the full response packet and
+		    any intermediate response packets when searching.
   </p>
 <p>
   (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -162,9 +161,8 @@ the lookups.  Valid keywords are:
 <dt><span class="term"><code class="constant"><em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
 <p>
-  Turn debugging mode on.  A lot more information is
-  printed about the packet sent to the server and the
-  resulting answer.
+		    Turn debugging mode on or off.  This displays more about
+		    what nslookup is doing.
   </p>
 <p>
   (Default = nod2)
@@ -200,7 +198,7 @@ the lookups.  Valid keywords are:
 <dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
 <dd>
 <p>
-  Change the top of the information query.
+  Change the type of the information query.
   </p>
 <p>
   (Default = A; abbreviations = q, ty)
@@ -241,13 +239,13 @@ the lookups.  Valid keywords are:
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515241"></a><h2>FILES</h2>
+<a name="id2543797"></a><h2>FILES</h2>
 <p>
 <code class="filename">/etc/resolv.conf</code>
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515254"></a><h2>SEE ALSO</h2>
+<a name="id2543810"></a><h2>SEE ALSO</h2>
 <p>
 <span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
 <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
@@ -255,7 +253,7 @@ the lookups.  Valid keywords are:
 </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515289"></a><h2>Author</h2>
+<a name="id2543845"></a><h2>Author</h2>
 <p>
 Andrew Cherenson
 </p>

bin/dig/win32/dig.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,18 +90,10 @@ LINK32=link.exe
 
 SOURCE=..\dig.c
 # End Source File
-# Begin Source File
-
-SOURCE=..\dighost.c
-# End Source File
 # End Group
 # Begin Group "Header Files"
 
 # PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\include\dig\dig.h
-# End Source File
 # End Group
 # Begin Group "Resource Files"
 

bin/dig/win32/dig.mak

@@ -25,122 +25,101 @@ NULL=
 NULL=nul
 !ENDIF 
 
-CPP=cl.exe
-RSC=rc.exe
+!IF  "$(CFG)" == "dig - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
 
 !IF  "$(CFG)" == "dig - Win32 Release"
 
 OUTDIR=.\Release
 INTDIR=.\Release
 
-!IF "$(RECURSE)" == "0" 
-
 ALL : "..\..\..\Build\Release\dig.exe"
 
-!ELSE 
 
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\dig.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\dig.obj"
 	-@erase "$(INTDIR)\dighost.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dig.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dig.obj" \
-	"$(INTDIR)\dighost.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dig.obj"
-	-@erase "$(INTDIR)\dig.sbr"
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dig.bsc"
-	-@erase "$(OUTDIR)\dig.pdb"
-	-@erase "..\..\..\Build\Debug\dig.exe"
-	-@erase "..\..\..\Build\Debug\dig.ilk"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dig.sbr" \
-	"$(INTDIR)\dighost.sbr"
-
-"$(OUTDIR)\dig.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dig.obj" \
-	"$(INTDIR)\dighost.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF 
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -172,6 +151,109 @@ LINK32_OBJS= \
    $(CPP_PROJ) $< 
 <<
 
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\dig.obj" \
+	"$(INTDIR)\dighost.obj"
+
+"..\..\..\Build\Release\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dig.obj"
+	-@erase "$(INTDIR)\dig.sbr"
+	-@erase "$(INTDIR)\dighost.obj"
+	-@erase "$(INTDIR)\dighost.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\dig.bsc"
+	-@erase "$(OUTDIR)\dig.pdb"
+	-@erase "..\..\..\Build\Debug\dig.exe"
+	-@erase "..\..\..\Build\Debug\dig.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\dig.sbr" \
+	"$(INTDIR)\dighost.sbr"
+
+"$(OUTDIR)\dig.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\dig.obj" \
+	"$(INTDIR)\dighost.obj"
+
+"..\..\..\Build\Debug\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
 
 !IF "$(NO_EXTERNAL_DEPS)" != "1"
 !IF EXISTS("dig.dep")
@@ -219,110 +301,24 @@ SOURCE=..\dighost.c
 
 !ENDIF 
 
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
 
 !ENDIF 
 
-!IF  "$(CFG)" == "dig - Win32 Release"
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dig/win32/dighost.dsp

@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=dighost - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "dighost.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "dighost - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /out:"Release/dighost.lib"
+
+!ELSEIF  "$(CFG)" == "dighost - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /debug out:"Debug/dighost.lib"
+
+!ENDIF 
+
+# Begin Target
+
+# Name "dighost - Win32 Release"
+# Name "dighost - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\dighost.c
+# End Source File
+# End Group
+# End Target
+# End Project

bin/dig/win32/dighost.dsw

@@ -3,7 +3,7 @@ Microsoft Developer Studio Workspace File, Format Version 6.00
 
 ###############################################################################
 
-Project: "libbind9"=.\libbind9.dsp - Package Owner=<4>
+Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
 
 Package=<5>
 {{{

bin/dig/win32/host.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,10 +88,6 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
-SOURCE=..\dighost.c
-# End Source File
-# Begin Source File
-
 SOURCE=..\host.c
 # End Source File
 # End Group

bin/dig/win32/host.mak

@@ -25,122 +25,101 @@ NULL=
 NULL=nul
 !ENDIF 
 
-CPP=cl.exe
-RSC=rc.exe
+!IF  "$(CFG)" == "host - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
 
 !IF  "$(CFG)" == "host - Win32 Release"
 
 OUTDIR=.\Release
 INTDIR=.\Release
 
-!IF "$(RECURSE)" == "0" 
-
 ALL : "..\..\..\Build\Release\host.exe"
 
-!ELSE 
 
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\host.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\dighost.obj"
 	-@erase "$(INTDIR)\host.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\host.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\host.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\host.obj"
-	-@erase "$(INTDIR)\host.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\host.bsc"
-	-@erase "$(OUTDIR)\host.pdb"
-	-@erase "..\..\..\Build\Debug\host.exe"
-	-@erase "..\..\..\Build\Debug\host.ilk"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dighost.sbr" \
-	"$(INTDIR)\host.sbr"
-
-"$(OUTDIR)\host.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\host.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF 
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -172,6 +151,109 @@ LINK32_OBJS= \
    $(CPP_PROJ) $< 
 <<
 
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\dighost.obj" \
+	"$(INTDIR)\host.obj"
+
+"..\..\..\Build\Release\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "host - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dighost.obj"
+	-@erase "$(INTDIR)\dighost.sbr"
+	-@erase "$(INTDIR)\host.obj"
+	-@erase "$(INTDIR)\host.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\host.bsc"
+	-@erase "$(OUTDIR)\host.pdb"
+	-@erase "..\..\..\Build\Debug\host.exe"
+	-@erase "..\..\..\Build\Debug\host.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\dighost.sbr" \
+	"$(INTDIR)\host.sbr"
+
+"$(OUTDIR)\host.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\dighost.obj" \
+	"$(INTDIR)\host.obj"
+
+"..\..\..\Build\Debug\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
 
 !IF "$(NO_EXTERNAL_DEPS)" != "1"
 !IF EXISTS("host.dep")
@@ -219,110 +301,24 @@ SOURCE=..\host.c
 
 !ENDIF 
 
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
 
 !ENDIF 
 
-!IF  "$(CFG)" == "host - Win32 Release"
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dig/win32/nslookup.dsp

@@ -42,7 +42,7 @@ RSC=rc.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
 # ADD BASE RSC /l 0x409 /d "NDEBUG"
 # ADD RSC /l 0x409 /d "NDEBUG"
 BSC32=bscmake.exe
@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
 
 !ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
 
@@ -66,7 +66,7 @@ LINK32=link.exe
 # PROP Ignore_Export_Lib 0
 # PROP Target_Dir ""
 # ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
 # SUBTRACT CPP /X /u /YX
 # ADD BASE RSC /l 0x409 /d "_DEBUG"
 # ADD RSC /l 0x409 /d "_DEBUG"
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,10 +88,6 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
-SOURCE=..\dighost.c
-# End Source File
-# Begin Source File
-
 SOURCE=..\nslookup.c
 # End Source File
 # End Group

bin/dig/win32/nslookup.mak

@@ -25,122 +25,101 @@ NULL=
 NULL=nul
 !ENDIF 
 
-CPP=cl.exe
-RSC=rc.exe
+!IF  "$(CFG)" == "nslookup - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
 
 !IF  "$(CFG)" == "nslookup - Win32 Release"
 
 OUTDIR=.\Release
 INTDIR=.\Release
 
-!IF "$(RECURSE)" == "0" 
-
 ALL : "..\..\..\Build\Release\nslookup.exe"
 
-!ELSE 
 
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\nslookup.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
 CLEAN :
-!ENDIF 
 	-@erase "$(INTDIR)\dighost.obj"
 	-@erase "$(INTDIR)\nslookup.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\nslookup.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
 
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\nslookup.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\nslookup.obj"
-	-@erase "$(INTDIR)\nslookup.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\nslookup.bsc"
-	-@erase "$(OUTDIR)\nslookup.pdb"
-	-@erase "..\..\..\Build\Debug\nslookup.exe"
-	-@erase "..\..\..\Build\Debug\nslookup.ilk"
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dighost.sbr" \
-	"$(INTDIR)\nslookup.sbr"
-
-"$(OUTDIR)\nslookup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\nslookup.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-
-!ENDIF 
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
 
 .c{$(INTDIR)}.obj::
    $(CPP) @<<
@@ -172,6 +151,109 @@ LINK32_OBJS= \
    $(CPP_PROJ) $< 
 <<
 
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\dighost.obj" \
+	"$(INTDIR)\nslookup.obj"
+
+"..\..\..\Build\Release\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dighost.obj"
+	-@erase "$(INTDIR)\dighost.sbr"
+	-@erase "$(INTDIR)\nslookup.obj"
+	-@erase "$(INTDIR)\nslookup.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\nslookup.bsc"
+	-@erase "$(OUTDIR)\nslookup.pdb"
+	-@erase "..\..\..\Build\Debug\nslookup.exe"
+	-@erase "..\..\..\Build\Debug\nslookup.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\dighost.sbr" \
+	"$(INTDIR)\nslookup.sbr"
+
+"$(OUTDIR)\nslookup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\dighost.obj" \
+	"$(INTDIR)\nslookup.obj"
+
+"..\..\..\Build\Debug\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+    $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
 
 !IF "$(NO_EXTERNAL_DEPS)" != "1"
 !IF EXISTS("nslookup.dep")
@@ -219,110 +301,24 @@ SOURCE=..\nslookup.c
 
 !ENDIF 
 
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
 
 !ENDIF 
 
-!IF  "$(CFG)" == "nslookup - Win32 Release"
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
 
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
 
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
 
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dnssec/Makefile.in

@@ -1,5 +1,5 @@
 # Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
+# Copyright (C) 2000, 2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.19.12.12 2005/05/02 00:25:54 marka Exp $
+# $Id: Makefile.in,v 1.19.2.5 2005/05/02 00:25:33 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,14 +21,14 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" 
+CDEFINES =
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
@@ -39,31 +39,46 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@
+TARGETS =	dnssec-keygen \
+		dnssec-makekeyset \
+		dnssec-signkey \
+		dnssec-signzone
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-keygen.c dnssec-signzone.c dnssectool.c
+SRCS =		dnssec-keygen.c dnssec-makekeyset.c \
+		dnssec-signkey.c dnssec-signzone.c \
+		dnssectool.c
 
-MANPAGES =	dnssec-keygen.8 dnssec-signzone.8
+MANPAGES =	dnssec-keygen.8 \
+		dnssec-makekeyset.8 \
+		dnssec-signkey.8 \
+		dnssec-signzone.8
 
-HTMLPAGES =	dnssec-keygen.html dnssec-signzone.html
+HTMLPAGES =	dnssec-keygen.html \
+		dnssec-makekeyset.html \
+		dnssec-signkey.html \
+		dnssec-signzone.html
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-keygen.@O@ ${OBJS} ${LIBS}
+dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
+
+dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
+
+dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
 
 dnssec-signzone.@O@: dnssec-signzone.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-c ${srcdir}/dnssec-signzone.c
 
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-signzone.@O@ ${OBJS} ${LIBS}
+dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 doc man:: ${MANOBJS}
 

bin/dnssec/dnssec-keygen.8

@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,118 +13,179 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.19.12.8 2005/08/30 02:35:00 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.19.2.9 2007/05/09 03:32:21 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "DNSSEC-KEYGEN" 8 "June 30, 2000" "" ""
-.SH NAME
-dnssec-keygen \- DNSSEC key generation tool
+.\"     Title: dnssec\-keygen
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP 14
-\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fIflag\fR\fR] [\fB\-g\ \fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fIprotocol\fR\fR] [\fB\-r\ \fIrandomdev\fR\fR] [\fB\-s\ \fIstrength\fR\fR] [\fB\-t\ \fItype\fR\fR] [\fB\-v\ \fIlevel\fR\fR] {name}
+\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
 .SH "DESCRIPTION"
 .PP
- \fBdnssec\-keygen\fR generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>\&. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845\&.
+\fBdnssec\-keygen\fR
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
-.TP
+.PP
 \-a \fIalgorithm\fR
-Selects the cryptographic algorithm\&. The value of \fBalgorithm\fR must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5\&. These values are case insensitive\&.
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended\&. For TSIG, HMAC\-MD5 is mandatory\&.
-Note 2: HMAC\-MD5 and DH automatically set the \-k flag\&.
-.TP
+.RS 4
+Selects the cryptographic algorithm. The value of
+\fBalgorithm\fR
+must be one of RSAMD5 or RSA, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
+.sp
+Note that for DNSSEC, DSA is a mandatory to implement algorithm, and RSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
+.RE
+.PP
 \-b \fIkeysize\fR
-Specifies the number of bits in the key\&. The choice of key size depends on the algorithm used\&. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits\&. Diffie Hellman keys must be between 128 and 4096 bits\&. DSA keys must be between 512 and 1024 bits and an exact multiple of 64\&. HMAC\-MD5 keys must be between 1 and 512 bits\&.
-.TP
+.RS 4
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.RE
+.PP
 \-n \fInametype\fR
-Specifies the owner type of the key\&. The value of \fBnametype\fR must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY)\&. These values are case insensitive\&.
-.TP
+.RS 4
+Specifies the owner type of the key. The value of
+\fBnametype\fR
+must either be ZONE (for a DNSSEC zone key), HOST or ENTITY (for a key associated with a host), or USER (for a key associated with a user). These values are case insensitive.
+.RE
+.PP
 \-c \fIclass\fR
-Indicates that the DNS record containing the key should have the specified class\&. If not specified, class IN is used\&.
-.TP
+.RS 4
+Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
+.RE
+.PP
 \-e
-If generating an RSAMD5/RSASHA1 key, use a large exponent\&.
-.TP
-\-f \fIflag\fR
-Set the specified flag in the flag field of the KEY/DNSKEY record\&. The only recognized flag is KSK (Key Signing Key) DNSKEY\&.
-.TP
+.RS 4
+If generating an RSA key, use a large exponent.
+.RE
+.PP
 \-g \fIgenerator\fR
-If generating a Diffie Hellman key, use this generator\&. Allowed values are 2 and 5\&. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2\&.
-.TP
+.RS 4
+If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
+.RE
+.PP
 \-h
-Prints a short summary of the options and arguments to \fBdnssec\-keygen\fR\&.
-.TP
-\-k
-Generate KEY records rather than DNSKEY records\&.
-.TP
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-keygen\fR.
+.RE
+.PP
 \-p \fIprotocol\fR
-Sets the protocol value for the generated key\&. The protocol is a number between 0 and 255\&. The default is 3 (DNSSEC)\&. Other possible values for this argument are listed in RFC 2535 and its successors\&.
-.TP
+.RS 4
+Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 2 (email) for keys of type USER and 3 (DNSSEC) for all other key types. Other possible values for this argument are listed in RFC 2535 and its successors.
+.RE
+.PP
 \-r \fIrandomdev\fR
-Specifies the source of randomness\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&.
-.TP
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
 \-s \fIstrength\fR
-Specifies the strength value of the key\&. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC\&.
-.TP
+.RS 4
+Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
+.RE
+.PP
 \-t \fItype\fR
-Indicates the use of the key\&. \fBtype\fR must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF\&. The default is AUTHCONF\&. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data\&.
-.TP
+.RS 4
+Indicates the use of the key.
+\fBtype\fR
+must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
+.RE
+.PP
 \-v \fIlevel\fR
-Sets the debugging level\&.
+.RS 4
+Sets the debugging level.
+.RE
 .SH "GENERATED KEYS"
 .PP
-When \fBdnssec\-keygen\fR completes successfully, it prints a string of the form \fIKnnnn\&.+aaa+iiiii\fR to the standard output\&. This is an identification string for the key it has generated\&.
-.TP 3
+When
+\fBdnssec\-keygen\fR
+completes successfully, it prints a string of the form
+\fIKnnnn.+aaa+iiiii\fR
+to the standard output. This is an identification string for the key it has generated. These strings can be used as arguments to
+\fBdnssec\-makekeyset\fR.
+.TP 4
 \(bu
- \fInnnn\fR is the key name\&.
-.TP
+\fInnnn\fR
+is the key name.
+.TP 4
 \(bu
- \fIaaa\fR is the numeric representation of the algorithm\&.
-.TP
+\fIaaa\fR
+is the numeric representation of the algorithm.
+.TP 4
 \(bu
- \fIiiiii\fR is the key identifier (or footprint)\&.
-.LP
+\fIiiiii\fR
+is the key identifier (or footprint).
 .PP
- \fBdnssec\-keygen\fR creates two file, with names based on the printed string\&. \fIKnnnn\&.+aaa+iiiii\&.key\fR contains the public key, and\fIKnnnn\&.+aaa+iiiii\&.private\fR contains the private key\&.
+\fBdnssec\-keygen\fR
+creates two files, with names based on the printed string.
+\fIKnnnn.+aaa+iiiii.key\fR
+contains the public key, and
+\fIKnnnn.+aaa+iiiii.private\fR
+contains the private key.
 .PP
-The \fI\&.key\fR file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement)\&.
+The
+\fI.key\fR
+file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
 .PP
-The \fI\&.private\fR file contains algorithm specific fields\&. For obvious security reasons, this file does not have general read permission\&.
+The
+\fI.private\fR
+file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
 .PP
-Both \fI\&.key\fR and \fI\&.private\fR files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent\&.
+Both
+\fI.key\fR
+and
+\fI.private\fR
+files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
-To generate a 768\-bit DSA key for the domain\fBexample\&.com\fR, the following command would be issued:
+To generate a 768\-bit DSA key for the domain
+\fBexample.com\fR, the following command would be issued:
 .PP
- \fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example\&.com\fR 
+\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
 .PP
 The command would print a string of the form:
 .PP
- \fBKexample\&.com\&.+003+26160\fR 
+\fBKexample.com.+003+26160\fR
 .PP
-In this example, \fBdnssec\-keygen\fR creates the files \fIKexample\&.com\&.+003+26160\&.key\fR and\fIKexample\&.com\&.+003+26160\&.private\fR 
+In this example,
+\fBdnssec\-keygen\fR
+creates the files
+\fIKexample.com.+003+26160.key\fR
+and
+\fIKexample.com.+003+26160.private\fR.
 .SH "SEE ALSO"
 .PP
- \fBdnssec\-signzone\fR(8), BIND 9 Administrator Reference Manual, RFC 2535, RFC 2845, RFC 2539\&.
+\fBdnssec\-makekeyset\fR(8),
+\fBdnssec\-signkey\fR(8),
+\fBdnssec\-signzone\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535,
+RFC 2845,
+RFC 2539.
 .SH "AUTHOR"
 .PP
- Internet Systems Consortium 
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001 Internet Software Consortium.
+.br

bin/dnssec/dnssec-keygen.c

@@ -1,9 +1,9 @@
 /*
- * Portions Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 2000-2003  Internet Software Consortium.
+ * Portions Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 1999-2001  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.48.2.1.10.11 2004/06/11 01:17:34 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.48.2.5 2007/08/28 07:18:13 tbox Exp $ */
 
 #include <config.h>
 
@@ -47,8 +47,6 @@
 const char *program = "dnssec-keygen";
 int verbose;
 
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5";
-
 static isc_boolean_t
 dsa_size_ok(int size) {
 	return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
@@ -59,33 +57,28 @@ usage(void) {
 	fprintf(stderr, "Usage:\n");
 	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
 		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
+	fprintf(stderr, "    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5"
+		"\n");
 	fprintf(stderr, "    -b key size, in bits:\n");
-	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);
+	fprintf(stderr, "        RSA:\t\t[512..%d]\n", MAX_RSA);
 	fprintf(stderr, "        DH:\t\t[128..4096]\n");
 	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
 	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
+	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER\n");
 	fprintf(stderr, "    name: owner of the key\n");
 	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -c <class> (default: IN)\n");
-	fprintf(stderr, "    -e use large exponent (RSAMD5/RSASHA1 only)\n");
-	fprintf(stderr, "    -f keyflag: KSK\n");
-	fprintf(stderr, "    -g <generator> use specified generator "
-		"(DH only)\n");
-	fprintf(stderr, "    -t <type>: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -p <protocol>: "
-	       "default: 3 [dnssec]\n");
-	fprintf(stderr, "    -s <strength> strength value this key signs DNS "
-		"records with (default: 0)\n");
-	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
+	fprintf(stderr, "    -c class (default: IN)\n");
+	fprintf(stderr, "    -e use large exponent (RSA only)\n");
+	fprintf(stderr, "    -g use specified generator (DH only)\n");
+	fprintf(stderr, "    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
+	       "(default: AUTHCONF)\n");
+	fprintf(stderr, "    -p protocol value "
+	       "(default: 2 [email] for USER, 3 [dnssec] otherwise)\n");
+	fprintf(stderr, "    -s strength value this key signs DNS records "
+		"with (default: 0)\n");
+	fprintf(stderr, "    -r randomdev (a file containing random data)\n");
+	fprintf(stderr, "    -v verbose level\n");
 	fprintf(stderr, "Output:\n");
 	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
 		"K<name>+<alg>+<id>.private\n");
@@ -97,11 +90,12 @@ int
 main(int argc, char **argv) {
 	char		*algname = NULL, *nametype = NULL, *type = NULL;
 	char		*classname = NULL;
-	char		*endp;
+	char		*randomfile = NULL;
+	char		*prog, *endp;
 	dst_key_t	*key = NULL, *oldkey;
 	dns_fixedname_t	fname;
 	dns_name_t	*name;
-	isc_uint16_t	flags = 0, ksk = 0;
+	isc_uint16_t	flags = 0;
 	dns_secalg_t	alg;
 	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
@@ -114,17 +108,23 @@ main(int argc, char **argv) {
 	isc_log_t	*log = NULL;
 	isc_entropy_t	*ectx = NULL;
 	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
+
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+	if ((prog = strrchr(argv[0],'/')) == NULL)
+		prog = isc_mem_strdup(mctx, argv[0]);
+	else
+		prog = isc_mem_strdup(mctx, ++prog);
+	if (prog == NULL)
+		fatal("out of memory");
 
 	if (argc == 1)
 		usage();
 
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
 	dns_result_register();
 
 	while ((ch = isc_commandline_parse(argc, argv,
-					   "a:b:c:ef:g:kn:t:p:s:r:v:h")) != -1)
+					   "a:b:c:eg:n:t:p:s:hr:v:")) != -1)
 	{
 	    switch (ch) {
 		case 'a':
@@ -141,27 +141,21 @@ main(int argc, char **argv) {
 		case 'e':
 			rsa_exp = 1;
 			break;
-		case 'f':
-			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
-				ksk = DNS_KEYFLAG_KSK;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
 		case 'g':
 			generator = strtol(isc_commandline_argument,
 					   &endp, 10);
 			if (*endp != '\0' || generator <= 0)
 				fatal("-g requires a positive number");
 			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
 		case 'n':
 			nametype = isc_commandline_argument;
+			if (nametype == NULL)
+				fatal("out of memory");
 			break;
 		case 't':
 			type = isc_commandline_argument;
+			if (type == NULL)
+				fatal("out of memory");
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
@@ -177,7 +171,7 @@ main(int argc, char **argv) {
 				      "[0..15]");
 			break;
 		case 'r':
-			setup_entropy(mctx, isc_commandline_argument, &ectx);
+			randomfile = isc_commandline_argument;
 			break;
 		case 'v':
 			endp = NULL;
@@ -195,8 +189,7 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
+	setup_entropy(mctx, randomfile, &ectx);
 	ret = dst_lib_init(mctx, ectx,
 			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (ret != ISC_R_SUCCESS)
@@ -211,20 +204,19 @@ main(int argc, char **argv) {
 
 	if (algname == NULL)
 		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "HMAC-MD5") == 0) {
-		options |= DST_TYPE_KEY;
+	if (strcasecmp(algname, "RSA") == 0)
+		alg = DNS_KEYALG_RSA;
+	else if (strcasecmp(algname, "HMAC-MD5") == 0)
 		alg = DST_ALG_HMACMD5;
-	} else {
+	else {
 		r.base = algname;
 		r.length = strlen(algname);
 		ret = dns_secalg_fromtext(&alg, &r);
 		if (ret != ISC_R_SUCCESS)
 			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
 	}
 
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+	if (type != NULL) {
 		if (strcasecmp(type, "NOAUTH") == 0)
 			flags |= DNS_KEYTYPE_NOAUTH;
 		else if (strcasecmp(type, "NOCONF") == 0)
@@ -244,8 +236,7 @@ main(int argc, char **argv) {
 		fatal("key size not specified (-b option)");
 
 	switch (alg) {
-	case DNS_KEYALG_RSAMD5:
-	case DNS_KEYALG_RSASHA1:
+	case DNS_KEYALG_RSA:
 		if (size != 0 && (size < 512 || size > MAX_RSA))
 			fatal("RSA key size %d out of range", size);
 		break;
@@ -255,7 +246,7 @@ main(int argc, char **argv) {
 		break;
 	case DNS_KEYALG_DSA:
 		if (size != 0 && !dsa_size_ok(size))
-			fatal("invalid DSS key size: %d", size);
+			fatal("Invalid DSS key size: %d", size);
 		break;
 	case DST_ALG_HMACMD5:
 		if (size < 1 || size > 512)
@@ -263,53 +254,49 @@ main(int argc, char **argv) {
 		break;
 	}
 
-	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1) &&
-	    rsa_exp != 0)
-		fatal("specified RSA exponent for a non-RSA key");
+	if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
+		fatal("specified RSA exponent without RSA");
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
-		fatal("specified DH generator for a non-DH key");
+		fatal("specified DH generator without DH");
 
 	if (nametype == NULL)
 		fatal("no nametype specified");
 	if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
+	else if (strcasecmp(nametype, "host") == 0 ||
+		 strcasecmp(nametype, "entity") == 0)
+		flags |= DNS_KEYOWNER_ENTITY;
+	else if (strcasecmp(nametype, "user") == 0)
+		flags |= DNS_KEYOWNER_USER;
+	else
+		fatal("invalid nametype %s", nametype);
+
+	if (classname != NULL) {
+		r.base = classname;
+		r.length = strlen(classname);
+		ret = dns_rdataclass_fromtext(&rdclass, &r);
+		if (ret != ISC_R_SUCCESS)
+			fatal("unknown class %s",classname);
+	} else 
+		rdclass = dns_rdataclass_in;
+
+	flags |= signatory;
+
+	if (protocol == -1) {
+		if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
+			protocol = DNS_KEYPROTO_EMAIL;
 		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
-		flags |= ksk;
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
+			protocol = DNS_KEYPROTO_DNSSEC;
+	}
 
 	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
 		if (size > 0)
-			fatal("specified null key with non-zero size");
+			fatal("Specified null key with non-zero size");
 		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
+			fatal("Specified null key with signing authority");
 	}
 
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5))
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
 	dns_fixedname_init(&fname);
 	name = dns_fixedname_name(&fname);
 	isc_buffer_init(&buf, argv[isc_commandline_index],
@@ -317,12 +304,11 @@ main(int argc, char **argv) {
 	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
 	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
 	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
+		fatal("Invalid key name %s: %s", argv[isc_commandline_index],
 		      isc_result_totext(ret));
 
 	switch(alg) {
-	case DNS_KEYALG_RSAMD5:
-	case DNS_KEYALG_RSASHA1:
+	case DNS_KEYALG_RSA:
 		param = rsa_exp;
 		break;
 	case DNS_KEYALG_DH:
@@ -351,8 +337,8 @@ main(int argc, char **argv) {
 		if (ret != ISC_R_SUCCESS) {
 			char namestr[DNS_NAME_FORMATSIZE];
 			char algstr[ALG_FORMATSIZE];
-			dns_name_format(name, namestr, sizeof(namestr));
-			alg_format(alg, algstr, sizeof(algstr));
+			dns_name_format(name, namestr, sizeof namestr);
+			alg_format(alg, algstr, sizeof algstr);
 			fatal("failed to generate key %s/%s: %s\n",
 			      namestr, algstr, isc_result_totext(ret));
 			exit(-1);
@@ -391,10 +377,10 @@ main(int argc, char **argv) {
 		fatal("cannot generate a null key when a key with id 0 "
 		      "already exists");
 
-	ret = dst_key_tofile(key, options, NULL);
+	ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL);
 	if (ret != ISC_R_SUCCESS) {
 		char keystr[KEY_FORMATSIZE];
-		key_format(key, keystr, sizeof(keystr));
+		key_format(key, keystr, sizeof keystr);
 		fatal("failed to write key %s: %s\n", keystr,
 		      isc_result_totext(ret));
 	}
@@ -402,6 +388,7 @@ main(int argc, char **argv) {
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
 	printf("%s\n", filename);
+	isc_mem_free(mctx, prog);
 	dst_key_free(&key);
 
 	cleanup_logging(&log);

bin/dnssec/dnssec-keygen.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.3.12.9 2005/08/30 01:41:41 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.3.2.8 2007/08/28 07:18:13 tbox Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -35,13 +35,12 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
       <year>2000</year>
       <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
       <holder>Internet Software Consortium.</holder>
     </copyright>
   </docinfo>
@@ -59,10 +58,8 @@
       <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-e</option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
       <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
       <arg><option>-h</option></arg>
-      <arg><option>-k</option></arg>
       <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
@@ -76,7 +73,7 @@
     <title>DESCRIPTION</title>
     <para>
         <command>dnssec-keygen</command> generates keys for DNSSEC
-	(Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;.  It can also generate
+	(Secure DNS), as defined in RFC 2535.  It can also generate
 	keys for use with TSIG (Transaction Signatures), as
 	defined in RFC 2845.
     </para>
@@ -91,16 +88,13 @@
 	<listitem>
 	  <para>
 	      Selects the cryptographic algorithm.  The value of
-	      <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+	      <option>algorithm</option> must be one of RSAMD5 or RSA,
 	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
 	      are case insensitive.
 	  </para>
 	  <para>
-	      Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
-	      and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </para>
-	  <para>
-	      Note 2: HMAC-MD5 and DH automatically set the -k flag.
+	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
+	      and RSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -110,7 +104,7 @@
 	<listitem>
 	  <para>
 	       Specifies the number of bits in the key.  The choice of key
-	       size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be between
+	       size depends on the algorithm used.  RSA keys must be between
 	       512 and 2048 bits.  Diffie Hellman keys must be between
 	       128 and 4096 bits.  DSA keys must be between 512 and 1024
 	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
@@ -125,8 +119,8 @@
 	  <para>
 	       Specifies the owner type of the key.  The value of
 	       <option>nametype</option> must either be ZONE (for a DNSSEC
-	       zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
-	       USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).  These values are
+	       zone key), HOST or ENTITY (for a key associated with a host),
+	       or USER (for a key associated with a user).  These values are
 	       case insensitive.
 	  </para>
 	</listitem>
@@ -146,17 +140,7 @@
         <term>-e</term>
 	<listitem>
 	  <para>
-	       If generating an RSAMD5/RSASHA1 key, use a large exponent.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-	<listitem>
-	  <para>
-		Set the specified flag in the flag field of the KEY/DNSKEY record.
-		The only recognized flag is KSK (Key Signing Key) DNSKEY.
+	       If generating an RSA key, use a large exponent.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -183,21 +167,13 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-k</term>
-	<listitem>
-	  <para>
-	       Generate KEY records rather than DNSKEY records.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-p <replaceable class="parameter">protocol</replaceable></term>
 	<listitem>
 	  <para>
 	       Sets the protocol value for the generated key.  The protocol
-	       is a number between 0 and 255.  The default is 3 (DNSSEC).
+	       is a number between 0 and 255.  The default is 2 (email) for
+	       keys of type USER and 3 (DNSSEC) for all other key types.
 	       Other possible values for this argument are listed in
 	       RFC 2535 and its successors.
 	  </para>
@@ -261,7 +237,8 @@
         When <command>dnssec-keygen</command> completes successfully,
 	it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
 	to the standard output.  This is an identification string for
-	the key it has generated.
+	the key it has generated.  These strings can be used as arguments
+	to <command>dnssec-makekeyset</command>.
     </para>
     <itemizedlist>
       <listitem>
@@ -282,7 +259,7 @@
       </listitem>
     </itemizedlist>
     <para>
-        <command>dnssec-keygen</command> creates two file, with names based
+        <command>dnssec-keygen</command> creates two files, with names based
 	on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
 	contains the public key, and
 	<filename>Knnnn.+aaa+iiiii.private</filename> contains the private
@@ -294,13 +271,13 @@
 	statement).
     </para>
     <para>
-        The <filename>.private</filename> file contains algorithm specific
+        The <filename>.private</filename> file contains algorithm-specific
 	fields.  For obvious security reasons, this file does not have
 	general read permission.
     </para>
     <para>
         Both <filename>.key</filename> and <filename>.private</filename>
-	files are generated for symmetric encryption algorithm such as
+	files are generated for symmetric encryption algorithms such as
 	HMAC-MD5, even though the public and private key are equivalent.
     </para>
   </refsect1>
@@ -324,13 +301,21 @@
     <para>
         In this example, <command>dnssec-keygen</command> creates
 	the files <filename>Kexample.com.+003+26160.key</filename> and
-	<filename>Kexample.com.+003+26160.private</filename>
+	<filename>Kexample.com.+003+26160.private</filename>.
     </para>
   </refsect1>
 
   <refsect1>
     <title>SEE ALSO</title>
     <para>
+      <citerefentry>
+        <refentrytitle>dnssec-makekeyset</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>dnssec-signkey</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
       <citerefentry>
         <refentrytitle>dnssec-signzone</refentrytitle>
 	<manvolnum>8</manvolnum>

bin/dnssec/dnssec-keygen.html

@@ -1,6 +1,6 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -14,55 +14,52 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.12 2005/08/30 02:35:01 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.5.2.16 2007/05/09 03:32:21 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514707"></a><h2>DESCRIPTION</h2>
+<a name="id2543443"></a><h2>DESCRIPTION</h2>
 <p>
         <span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC
-	(Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;.  It can also generate
+	(Secure DNS), as defined in RFC 2535.  It can also generate
 	keys for use with TSIG (Transaction Signatures), as
 	defined in RFC 2845.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514720"></a><h2>OPTIONS</h2>
+<a name="id2543456"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
 	      Selects the cryptographic algorithm.  The value of
-	      <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
+	      <code class="option">algorithm</code> must be one of RSAMD5 or RSA,
 	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
 	      are case insensitive.
 	  </p>
 <p>
-	      Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
-	      and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
-	  </p>
-<p>
-	      Note 2: HMAC-MD5 and DH automatically set the -k flag.
+	      Note that for DNSSEC, DSA is a mandatory to implement algorithm,
+	      and RSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
 	  </p>
 </dd>
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
 <dd><p>
 	       Specifies the number of bits in the key.  The choice of key
-	       size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be between
+	       size depends on the algorithm used.  RSA keys must be between
 	       512 and 2048 bits.  Diffie Hellman keys must be between
 	       128 and 4096 bits.  DSA keys must be between 512 and 1024
 	       bits and an exact multiple of 64.  HMAC-MD5 keys must be
@@ -72,8 +69,8 @@
 <dd><p>
 	       Specifies the owner type of the key.  The value of
 	       <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-	       zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
-	       USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).  These values are
+	       zone key), HOST or ENTITY (for a key associated with a host),
+	       or USER (for a key associated with a user).  These values are
 	       case insensitive.
 	  </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
@@ -83,12 +80,7 @@
 	  </p></dd>
 <dt><span class="term">-e</span></dt>
 <dd><p>
-	       If generating an RSAMD5/RSASHA1 key, use a large exponent.
-	  </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-		Set the specified flag in the flag field of the KEY/DNSKEY record.
-		The only recognized flag is KSK (Key Signing Key) DNSKEY.
+	       If generating an RSA key, use a large exponent.
 	  </p></dd>
 <dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
 <dd><p>
@@ -102,14 +94,11 @@
 	       Prints a short summary of the options and arguments to
 	       <span><strong class="command">dnssec-keygen</strong></span>.
 	  </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-	       Generate KEY records rather than DNSKEY records.
-	  </p></dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
 <dd><p>
 	       Sets the protocol value for the generated key.  The protocol
-	       is a number between 0 and 255.  The default is 3 (DNSSEC).
+	       is a number between 0 and 255.  The default is 2 (email) for
+	       keys of type USER and 3 (DNSSEC) for all other key types.
 	       Other possible values for this argument are listed in
 	       RFC 2535 and its successors.
 	  </p></dd>
@@ -144,12 +133,13 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515125"></a><h2>GENERATED KEYS</h2>
+<a name="id2543691"></a><h2>GENERATED KEYS</h2>
 <p>
         When <span><strong class="command">dnssec-keygen</strong></span> completes successfully,
 	it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
 	to the standard output.  This is an identification string for
-	the key it has generated.
+	the key it has generated.  These strings can be used as arguments
+	to <span><strong class="command">dnssec-makekeyset</strong></span>.
     </p>
 <div class="itemizedlist"><ul type="disc">
 <li><p>
@@ -164,7 +154,7 @@
         </p></li>
 </ul></div>
 <p>
-        <span><strong class="command">dnssec-keygen</strong></span> creates two file, with names based
+        <span><strong class="command">dnssec-keygen</strong></span> creates two files, with names based
 	on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
 	contains the public key, and
 	<code class="filename">Knnnn.+aaa+iiiii.private</code> contains the private
@@ -176,18 +166,18 @@
 	statement).
     </p>
 <p>
-        The <code class="filename">.private</code> file contains algorithm specific
+        The <code class="filename">.private</code> file contains algorithm-specific
 	fields.  For obvious security reasons, this file does not have
 	general read permission.
     </p>
 <p>
         Both <code class="filename">.key</code> and <code class="filename">.private</code>
-	files are generated for symmetric encryption algorithm such as
+	files are generated for symmetric encryption algorithms such as
 	HMAC-MD5, even though the public and private key are equivalent.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515213"></a><h2>EXAMPLE</h2>
+<a name="id2543783"></a><h2>EXAMPLE</h2>
 <p>
         To generate a 768-bit DSA key for the domain
 	<strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -205,12 +195,14 @@
 <p>
         In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
 	the files <code class="filename">Kexample.com.+003+26160.key</code> and
-	<code class="filename">Kexample.com.+003+26160.private</code>
+	<code class="filename">Kexample.com.+003+26160.private</code>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515259"></a><h2>SEE ALSO</h2>
+<a name="id2543829"></a><h2>SEE ALSO</h2>
 <p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2535</em>,
@@ -219,7 +211,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515292"></a><h2>AUTHOR</h2>
+<a name="id2543881"></a><h2>AUTHOR</h2>
 <p>
         <span class="corpauthor">Internet Systems Consortium</span>
     </p>

bin/dnssec/dnssec-makekeyset.8

@@ -0,0 +1,141 @@
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-makekeyset.8,v 1.16.2.9 2006/12/12 01:42:53 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: dnssec\-makekeyset
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "DNSSEC\-MAKEKEYSET" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-makekeyset \- DNSSEC zone signing tool
+.SH "SYNOPSIS"
+.HP 18
+\fBdnssec\-makekeyset\fR [\fB\-a\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-h\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-t\fR\fIttl\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {key...}
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-makekeyset\fR
+generates a key set from one or more keys created by
+\fBdnssec\-keygen\fR. It creates a file containing a KEY record for each key, and self\-signs the key set with each zone key. The output file is of the form
+\fIkeyset\-nnnn.\fR, where
+\fInnnn\fR
+is the zone name.
+.SH "OPTIONS"
+.PP
+\-a
+.RS 4
+Verify all generated signatures.
+.RE
+.PP
+\-s \fIstart\-time\fR
+.RS 4
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
+.RE
+.PP
+\-e \fIend\-time\fR
+.RS 4
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-makekeyset\fR.
+.RE
+.PP
+\-p
+.RS 4
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+.RE
+.PP
+\-r \fIrandomdev\fR
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-t \fIttl\fR
+.RS 4
+Specify the TTL (time to live) of the KEY and SIG records. The default is 3600 seconds.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.PP
+key
+.RS 4
+The list of keys to be included in the keyset file. These keys are expressed in the form
+\fIKnnnn.+aaa+iiiii\fR
+as generated by
+\fBdnssec\-keygen\fR.
+.RE
+.SH "EXAMPLE"
+.PP
+The following command generates a keyset containing the DSA key for
+\fBexample.com\fR
+generated in the
+\fBdnssec\-keygen\fR
+man page.
+.PP
+\fBdnssec\-makekeyset \-t 86400 \-s 20000701120000 \-e +2592000 Kexample.com.+003+26160\fR
+.PP
+In this example,
+\fBdnssec\-makekeyset\fR
+creates the file
+\fIkeyset\-example.com.\fR. This file contains the specified key and a self\-generated signature.
+.PP
+The DNS administrator for
+\fBexample.com\fR
+could send
+\fIkeyset\-example.com.\fR
+to the DNS administrator for
+\fB.com\fR
+for signing, if the .com zone is DNSSEC\-aware and the administrators of the two zones have some mechanism for authenticating each other and exchanging the keys and signatures securely.
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signkey\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535.
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br

bin/dnssec/dnssec-makekeyset.c

@@ -0,0 +1,473 @@
+/*
+ * Portions Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-makekeyset.c,v 1.52.2.4 2005/06/08 00:12:17 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+#include <dns/time.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+#define BUFSIZE 2048
+
+const char *program = "dnssec-makekeyset";
+int verbose;
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t starttime = 0, endtime = 0, now;
+static int ttl = -1;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+
+static keylist_t keylist;
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-a\n");
+	fprintf(stderr, "\t\tverify generated signatures\n");
+	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
+	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+	fprintf(stderr, "\t\tSIG end time  - "
+			     "absolute|from start|from now (now + 30 days)\n");
+	fprintf(stderr, "\t-t ttl\n");
+	fprintf(stderr, "\t-p\n");
+	fprintf(stderr, "\t\tuse pseudorandom data (faster but less secure)\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Output:\n");
+	fprintf(stderr, "\tkeyset (keyset-<name>)\n");
+	exit(0);
+}
+
+static isc_boolean_t
+zonekey_on_list(dst_key_t *key) {
+	keynode_t *keynode;
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		if (dst_key_compare(keynode->key, key))
+			return (ISC_TRUE);
+	}
+	return (ISC_FALSE);
+}
+
+static isc_boolean_t
+rdata_on_list(dns_rdata_t *rdata, dns_rdatalist_t *list) {
+	dns_rdata_t *trdata;
+	for (trdata = ISC_LIST_HEAD(list->rdata);
+	     trdata != NULL;
+	     trdata = ISC_LIST_NEXT(trdata, link))
+	{
+		if (dns_rdata_compare(trdata, rdata) == 0)
+			return (ISC_TRUE);
+	}
+	return (ISC_FALSE);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char *startstr = NULL, *endstr = NULL;
+	char *randomfile = NULL;
+	dns_fixedname_t fdomain;
+	dns_name_t *domain = NULL;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata;
+	dns_rdatalist_t rdatalist, sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	dns_name_t *savedname = NULL;
+	unsigned int eflags;
+	isc_boolean_t pseudorandom = ISC_FALSE;
+	isc_boolean_t tryverify = ISC_FALSE;
+
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create memory context: %s",
+		      isc_result_totext(result));
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "as:e:t:r:v:ph")) != -1)
+	{
+		switch (ch) {
+		case 'a':
+			tryverify = ISC_TRUE;
+			break;
+		case 's':
+			startstr = isc_commandline_argument;
+			break;
+
+		case 'e':
+			endstr = isc_commandline_argument;
+			break;
+
+		case 't':
+			endp = NULL;
+			ttl = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("TTL must be numeric");
+			break;
+
+		case 'r':
+			randomfile = isc_commandline_argument;
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'p':
+			pseudorandom = ISC_TRUE;
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 1)
+		usage();
+
+	setup_entropy(mctx, randomfile, &ectx);
+	eflags = ISC_ENTROPY_BLOCKING;
+	if (!pseudorandom)
+		eflags |= ISC_ENTROPY_GOODONLY;
+
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create hash context");
+
+	result = dst_lib_init(mctx, ectx, eflags);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst: %s",
+		      isc_result_totext(result));
+
+	isc_stdtime_get(&now);
+
+	if (startstr != NULL)
+		starttime = strtotime(startstr, now, now);
+	else
+		starttime = now;
+
+	if (endstr != NULL)
+		endtime = strtotime(endstr, now, starttime);
+	else
+		endtime = starttime + (30 * 24 * 60 * 60);
+
+	if (ttl == -1) {
+		ttl = 3600;
+		fprintf(stderr, "%s: TTL not specified, assuming 3600\n",
+			program);
+	}
+
+	setup_logging(verbose, mctx, &log);
+
+	dns_rdatalist_init(&rdatalist);
+	rdatalist.rdclass = 0;
+	rdatalist.type = dns_rdatatype_key;
+	rdatalist.covers = 0;
+	rdatalist.ttl = ttl;
+
+	ISC_LIST_INIT(keylist);
+
+	for (i = 0; i < argc; i++) {
+		char namestr[DNS_NAME_FORMATSIZE];
+		isc_buffer_t namebuf;
+
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PUBLIC,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("error loading key from %s: %s", argv[i],
+			      isc_result_totext(result));
+		if (rdatalist.rdclass == 0)
+			rdatalist.rdclass = dst_key_class(key);
+
+		isc_buffer_init(&namebuf, namestr, sizeof namestr);
+		result = dns_name_tofilenametext(dst_key_name(key),
+						 ISC_FALSE,
+						 &namebuf);
+		check_result(result, "dns_name_tofilenametext");
+		isc_buffer_putuint8(&namebuf, 0);
+		
+		if (savedname == NULL) {
+			savedname = isc_mem_get(mctx, sizeof(dns_name_t));
+			if (savedname == NULL)
+				fatal("out of memory");
+			dns_name_init(savedname, NULL);
+			result = dns_name_dup(dst_key_name(key), mctx,
+					      savedname);
+			if (result != ISC_R_SUCCESS)
+				fatal("out of memory");
+		} else {
+			char savednamestr[DNS_NAME_FORMATSIZE];
+			dns_name_format(savedname, savednamestr,
+					sizeof savednamestr);
+			if (!dns_name_equal(savedname, dst_key_name(key)) != 0)
+				fatal("all keys must have the same owner - %s "
+				      "and %s do not match",
+				      savednamestr, namestr);
+		}
+		if (output == NULL) {
+			output = isc_mem_allocate(mctx,
+						  strlen("keyset-") +
+						  strlen(namestr) + 1);
+			if (output == NULL)
+				fatal("out of memory");
+			strcpy(output, "keyset-");
+			strcat(output, namestr);
+		}
+		if (domain == NULL) {
+			dns_fixedname_init(&fdomain);
+			domain = dns_fixedname_name(&fdomain);
+			dns_name_copy(dst_key_name(key), domain, NULL);
+		}
+		if (dst_key_iszonekey(key)) {
+			dst_key_t *zonekey = NULL;
+			result = dst_key_fromnamedfile(argv[i],
+						       DST_TYPE_PUBLIC |
+						       DST_TYPE_PRIVATE,
+						       mctx, &zonekey);
+			if (result != ISC_R_SUCCESS)
+				fatal("failed to read private key %s: %s",
+				      argv[i], isc_result_totext(result));
+			if (!zonekey_on_list(zonekey)) {
+				keynode = isc_mem_get(mctx,
+						      sizeof (keynode_t));
+				if (keynode == NULL)
+					fatal("out of memory");
+				keynode->key = zonekey;
+				ISC_LIST_INITANDAPPEND(keylist, keynode, link);
+			} else
+				dst_key_free(&zonekey);
+		}
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		dns_rdata_init(rdata);
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dst_key_todns(key, &b);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to convert key %s to a DNS KEY: %s",
+			      argv[i], isc_result_totext(result));
+		isc_buffer_usedregion(&b, &r);
+		dns_rdata_fromregion(rdata, rdatalist.rdclass,
+				     dns_rdatatype_key, &r);
+		if (!rdata_on_list(rdata, &rdatalist))
+			ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
+		else {
+			isc_mem_put(mctx, data, BUFSIZE);
+			isc_mem_put(mctx, rdata, sizeof *rdata);
+		}
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&rdataset);
+	result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+	check_result(result, "dns_rdatalist_tordataset()");
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = rdatalist.rdclass;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = ttl;
+
+	if (ISC_LIST_EMPTY(keylist))
+		fprintf(stderr,
+			"%s: no private zone key found; not self-signing\n",
+			program);
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		dns_rdata_init(rdata);
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, keynode->key,
+					 &starttime, &endtime, mctx, &b,
+					 rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS) {
+			char keystr[KEY_FORMATSIZE];
+			key_format(keynode->key, keystr, sizeof keystr);
+			fatal("failed to sign keyset with key %s: %s",
+			      keystr, isc_result_totext(result));
+		}
+		if (tryverify) {
+			result = dns_dnssec_verify(domain, &rdataset,
+						   keynode->key, ISC_TRUE,
+						   mctx, rdata);
+			if (result != ISC_R_SUCCESS) {
+				char keystr[KEY_FORMATSIZE];
+				key_format(keynode->key, keystr, sizeof keystr);
+				fatal("signature from key '%s' failed to "
+				      "verify: %s",
+				      keystr, isc_result_totext(result));
+			}
+		}
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dns_rdataset_init(&sigrdataset);
+		result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
+		check_result(result, "dns_rdatalist_tordataset()");
+	}
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+			       rdataset.rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS) {
+		char domainstr[DNS_NAME_FORMATSIZE];
+		dns_name_format(domain, domainstr, sizeof domainstr);
+		fatal("failed to create a database for %s", domainstr);
+	}
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_TRUE, &node);
+	check_result(result, "dns_db_findnode()");
+
+	dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
+	if (!ISC_LIST_EMPTY(keylist))
+		dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
+				   NULL);
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS) {
+		char domainstr[DNS_NAME_FORMATSIZE];
+		dns_name_format(domain, domainstr, sizeof domainstr);
+		fatal("failed to write database for %s to %s",
+		      domainstr, output);
+	}
+
+	printf("%s\n", output);
+
+	dns_db_detach(&db);
+
+	dns_rdataset_disassociate(&rdataset);
+	while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(rdatalist.rdata);
+		ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	if (savedname != NULL) {
+		dns_name_free(savedname, mctx);
+		isc_mem_put(mctx, savedname, sizeof(dns_name_t));
+	}
+
+	cleanup_logging(&log);
+	isc_hash_destroy();
+	cleanup_entropy(&ectx);
+
+	isc_mem_free(mctx, output);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-makekeyset.docbook

@@ -0,0 +1,249 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-makekeyset.docbook,v 1.2.2.7 2005/05/12 21:35:07 sra Exp $ -->
+
+<refentry>
+  <refentryinfo>
+    <date>June 30, 2000</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><application>dnssec-makekeyset</application></refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
+  <refnamediv>
+    <refname><application>dnssec-makekeyset</application></refname>
+    <refpurpose>DNSSEC zone signing tool</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>dnssec-makekeyset</command>
+      <arg><option>-a</option></arg>
+      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
+      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
+      <arg><option>-h</option></arg>
+      <arg><option>-p</option></arg>
+      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+      <arg><option>-t</option><replaceable class="parameter">ttl</replaceable></arg>
+      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+      <arg choice="req" rep="repeat">key</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para>
+        <command>dnssec-makekeyset</command> generates a key set from one
+	or more keys created by <command>dnssec-keygen</command>.  It creates
+	a file containing a KEY record for each key, and self-signs the key
+	set with each zone key.  The output file is of the form
+	<filename>keyset-nnnn.</filename>, where <filename>nnnn</filename>
+	is the zone name.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>OPTIONS</title>
+
+    <variablelist>
+      <varlistentry>
+        <term>-a</term>
+	<listitem>
+	  <para>
+	      Verify all generated signatures.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s <replaceable class="parameter">start-time</replaceable></term>
+	<listitem>
+	  <para>
+	       Specify the date and time when the generated SIG records
+	       become valid.  This can be either an absolute or relative
+	       time.  An absolute start time is indicated by a number
+	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+	       14:45:00 UTC on May 30th, 2000.  A relative start time is
+	       indicated by +N, which is N seconds from the current time.
+	       If no <option>start-time</option> is specified, the current
+	       time is used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-e <replaceable class="parameter">end-time</replaceable></term>
+	<listitem>
+	  <para>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <option>start-time</option>, an absolute
+	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+	       to the start time is indicated with +N, which is N seconds from
+	       the start time.  A time relative to the current time is
+	       indicated with now+N.  If no <option>end-time</option> is
+	       specified, 30 days from the start time is used as a default.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-h</term>
+	<listitem>
+	  <para>
+	       Prints a short summary of the options and arguments to
+	       <command>dnssec-makekeyset</command>.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p</term>
+	<listitem>
+	  <para>
+	       Use pseudo-random data when signing the zone.  This is faster,
+	       but less secure, than using real random data.  This option
+	       may be useful when signing large zones or when the entropy
+	       source is limited.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
+	<listitem>
+	  <para>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <filename>/dev/random</filename>
+	       or equivalent device, the default source of randomness
+	       is keyboard input.  <filename>randomdev</filename> specifies
+	       the name of a character device or file containing random
+	       data to be used instead of the default.  The special value
+	       <filename>keyboard</filename> indicates that keyboard
+	       input should be used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-t <replaceable class="parameter">ttl</replaceable></term>
+	<listitem>
+	  <para>
+	       Specify the TTL (time to live) of the KEY and SIG records.
+	       The default is 3600 seconds.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-v <replaceable class="parameter">level</replaceable></term>
+	<listitem>
+	  <para>
+	       Sets the debugging level.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>key</term>
+	<listitem>
+	  <para>
+	       The list of keys to be included in the keyset file.  These keys
+	       are expressed in the form <filename>Knnnn.+aaa+iiiii</filename>
+	       as generated by <command>dnssec-keygen</command>.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>EXAMPLE</title>
+    <para>
+        The following command generates a keyset containing the DSA key for
+	<userinput>example.com</userinput> generated in the
+	<command>dnssec-keygen</command> man page.
+    </para>
+    <para>
+        <userinput>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</userinput>
+    </para>
+    <para>
+        In this example, <command>dnssec-makekeyset</command> creates
+	the file <filename>keyset-example.com.</filename>.  This file
+	contains the specified key and a self-generated signature.
+    </para>
+    <para>
+        The DNS administrator for <userinput>example.com</userinput> could
+	send <filename>keyset-example.com.</filename> to the DNS
+	administrator for <userinput>.com</userinput> for signing, if the
+	.com zone is DNSSEC-aware and the administrators of the two zones
+	have some mechanism for authenticating each other and exchanging
+	the keys and signatures securely.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>dnssec-keygen</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>dnssec-signkey</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
+      <citetitle>RFC 2535</citetitle>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>AUTHOR</title>
+    <para>
+        <corpauthor>Internet Systems Consortium</corpauthor>
+    </para>
+  </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->

bin/dnssec/dnssec-makekeyset.html

@@ -0,0 +1,153 @@
+<!--
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dnssec-makekeyset.html,v 1.4.2.16 2007/01/26 23:26:58 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-makekeyset</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2476275"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-makekeyset</span> &#8212; DNSSEC zone signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-makekeyset</code>  [<code class="option">-a</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code><em class="replaceable"><code>ttl</code></em>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {key...}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543403"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-makekeyset</strong></span> generates a key set from one
+	or more keys created by <span><strong class="command">dnssec-keygen</strong></span>.  It creates
+	a file containing a KEY record for each key, and self-signs the key
+	set with each zone key.  The output file is of the form
+	<code class="filename">keyset-nnnn.</code>, where <code class="filename">nnnn</code>
+	is the zone name.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543427"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+	      Verify all generated signatures.
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       become valid.  This can be either an absolute or relative
+	       time.  An absolute start time is indicated by a number
+	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+	       14:45:00 UTC on May 30th, 2000.  A relative start time is
+	       indicated by +N, which is N seconds from the current time.
+	       If no <code class="option">start-time</code> is specified, the current
+	       time is used.
+	  </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <code class="option">start-time</code>, an absolute
+	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+	       to the start time is indicated with +N, which is N seconds from
+	       the start time.  A time relative to the current time is
+	       indicated with now+N.  If no <code class="option">end-time</code> is
+	       specified, 30 days from the start time is used as a default.
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-makekeyset</strong></span>.
+	  </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+	       Use pseudo-random data when signing the zone.  This is faster,
+	       but less secure, than using real random data.  This option
+	       may be useful when signing large zones or when the entropy
+	       source is limited.
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
+	       or equivalent device, the default source of randomness
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
+	       the name of a character device or file containing random
+	       data to be used instead of the default.  The special value
+	       <code class="filename">keyboard</code> indicates that keyboard
+	       input should be used.
+	  </p></dd>
+<dt><span class="term">-t <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+	       Specify the TTL (time to live) of the KEY and SIG records.
+	       The default is 3600 seconds.
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+	       Sets the debugging level.
+	  </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+	       The list of keys to be included in the keyset file.  These keys
+	       are expressed in the form <code class="filename">Knnnn.+aaa+iiiii</code>
+	       as generated by <span><strong class="command">dnssec-keygen</strong></span>.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543606"></a><h2>EXAMPLE</h2>
+<p>
+        The following command generates a keyset containing the DSA key for
+	<strong class="userinput"><code>example.com</code></strong> generated in the
+	<span><strong class="command">dnssec-keygen</strong></span> man page.
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-makekeyset -t 86400 -s 20000701120000 -e +2592000 Kexample.com.+003+26160</code></strong>
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-makekeyset</strong></span> creates
+	the file <code class="filename">keyset-example.com.</code>.  This file
+	contains the specified key and a self-generated signature.
+    </p>
+<p>
+        The DNS administrator for <strong class="userinput"><code>example.com</code></strong> could
+	send <code class="filename">keyset-example.com.</code> to the DNS
+	administrator for <strong class="userinput"><code>.com</code></strong> for signing, if the
+	.com zone is DNSSEC-aware and the administrators of the two zones
+	have some mechanism for authenticating each other and exchanging
+	the keys and signatures securely.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543652"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
+      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
+      <em class="citetitle">RFC 2535</em>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543688"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssec-signkey.8

@@ -0,0 +1,143 @@
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+.\" 
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\" 
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" $Id: dnssec-signkey.8,v 1.18.2.8 2006/12/12 01:42:53 marka Exp $
+.\"
+.hy 0
+.ad l
+.\"     Title: dnssec\-signkey
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "DNSSEC\-SIGNKEY" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signkey \- DNSSEC key set signing tool
+.SH "SYNOPSIS"
+.HP 15
+\fBdnssec\-signkey\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-h\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {keyset} {key...}
+.SH "DESCRIPTION"
+.PP
+\fBdnssec\-signkey\fR
+signs a keyset. Typically the keyset will be for a child zone, and will have been generated by
+\fBdnssec\-makekeyset\fR. The child zone's keyset is signed with the zone keys for its parent zone. The output file is of the form
+\fIsignedkey\-nnnn.\fR, where
+\fInnnn\fR
+is the zone name.
+.SH "OPTIONS"
+.PP
+\-a
+.RS 4
+Verify all generated signatures.
+.RE
+.PP
+\-c \fIclass\fR
+.RS 4
+Specifies the DNS class of the key sets.
+.RE
+.PP
+\-s \fIstart\-time\fR
+.RS 4
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
+.RE
+.PP
+\-e \fIend\-time\fR
+.RS 4
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
+.RE
+.PP
+\-h
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-signkey\fR.
+.RE
+.PP
+\-p
+.RS 4
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+.RE
+.PP
+\-r \fIrandomdev\fR
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
+\-v \fIlevel\fR
+.RS 4
+Sets the debugging level.
+.RE
+.PP
+keyset
+.RS 4
+The file containing the child's keyset.
+.RE
+.PP
+key
+.RS 4
+The keys used to sign the child's keyset.
+.RE
+.SH "EXAMPLE"
+.PP
+The DNS administrator for a DNSSEC\-aware
+\fB.com\fR
+zone would use the following command to sign the
+\fIkeyset\fR
+file for
+\fBexample.com\fR
+created by
+\fBdnssec\-makekeyset\fR
+with a key generated by
+\fBdnssec\-keygen\fR:
+.PP
+\fBdnssec\-signkey keyset\-example.com. Kcom.+003+51944\fR
+.PP
+In this example,
+\fBdnssec\-signkey\fR
+creates the file
+\fIsignedkey\-example.com.\fR, which contains the
+\fBexample.com\fR
+keys and the signatures by the
+\fB.com\fR
+keys.
+.SH "SEE ALSO"
+.PP
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-makekeyset\fR(8),
+\fBdnssec\-signzone\fR(8).
+.SH "AUTHOR"
+.PP
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br

bin/dnssec/dnssec-signkey.c

@@ -0,0 +1,478 @@
+/*
+ * Portions Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-signkey.c,v 1.50.2.6 2005/06/08 00:12:17 marka Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/string.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+#include <dns/rdatastruct.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-signkey";
+int verbose;
+
+#define BUFSIZE 2048
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	isc_boolean_t verified;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t starttime = 0, endtime = 0, now;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static keylist_t keylist;
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keyset keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-a\n");
+	fprintf(stderr, "\t\tverify generated signatures\n");
+	fprintf(stderr, "\t-c class (IN)\n");
+	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+	fprintf(stderr, "\t\tSIG start time - absolute|offset (from keyset)\n");
+	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+	fprintf(stderr, "\t\tSIG end time  - absolute|from start|from now "
+		"(from keyset)\n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+	fprintf(stderr, "\t-p\n");
+	fprintf(stderr, "\t\tuse pseudorandom data (faster but less secure)\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keyset:\n");
+	fprintf(stderr, "\tfile with keyset to be signed (keyset-<name>)\n");
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+
+	fprintf(stderr, "\n");
+	fprintf(stderr, "Output:\n");
+	fprintf(stderr, "\tsigned keyset (signedkey-<name>)\n");
+	exit(0);
+}
+
+static void
+loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
+	dst_key_t *key;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	keynode_t *keynode;
+	isc_result_t result;
+
+	ISC_LIST_INIT(keylist);
+	result = dns_rdataset_first(rdataset);
+	check_result(result, "dns_rdataset_first");
+	for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) {
+		dns_rdata_reset(&rdata);
+		dns_rdataset_current(rdataset, &rdata);
+		key = NULL;
+		result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			continue;
+		if (!dst_key_iszonekey(key))
+			continue;
+		keynode = isc_mem_get(mctx, sizeof (keynode_t));
+		if (keynode == NULL)
+			fatal("out of memory");
+		keynode->key = key;
+		keynode->verified = ISC_FALSE;
+		ISC_LIST_INITANDAPPEND(keylist, keynode, link);
+	}
+	if (result != ISC_R_NOMORE)
+		fatal("failure traversing key list");
+}
+
+static dst_key_t *
+findkey(dns_rdata_sig_t *sig) {
+	keynode_t *keynode;
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		if (dst_key_id(keynode->key) == sig->keyid &&
+		    dst_key_alg(keynode->key) == sig->algorithm) {
+			keynode->verified = ISC_TRUE;
+			return (keynode->key);
+		}
+	}
+	fatal("signature generated by non-zone or missing key");
+	return (NULL);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char *startstr = NULL, *endstr = NULL, *classname = NULL;
+	char tdomain[1025];
+	dns_fixedname_t fdomain;
+	dns_name_t *domain;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	char *randomfile = NULL;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dns_dbiterator_t *dbiter;
+	dns_rdatasetiter_t *rdsiter;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata;
+	dns_rdata_t sigrdata = DNS_RDATA_INIT;
+	dns_rdatalist_t sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset, newsigrdataset;
+	dns_rdata_sig_t sig;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_textregion_t tr;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	isc_boolean_t pseudorandom = ISC_FALSE;
+	unsigned int eflags;
+	dns_rdataclass_t rdclass;
+	static isc_boolean_t tryverify = ISC_FALSE;
+
+	result = isc_mem_create(0, 0, &mctx);
+	check_result(result, "isc_mem_create()");
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "ac:s:e:pr:v:h")) != -1)
+	{
+		switch (ch) {
+		case 'a':
+			tryverify = ISC_TRUE;
+			break;
+		case 'c':
+			classname = isc_commandline_argument;
+			break;
+
+		case 's':
+			startstr = isc_commandline_argument;
+			break;
+						
+		case 'e':
+			endstr = isc_commandline_argument;
+			break;
+
+		case 'p':
+			pseudorandom = ISC_TRUE;
+			break;
+
+		case 'r':
+			randomfile = isc_commandline_argument;
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 2)
+		usage();
+
+	if (classname != NULL) {
+		tr.base = classname;
+		tr.length = strlen(classname);
+		result = dns_rdataclass_fromtext(&rdclass, &tr);
+		if (result != ISC_R_SUCCESS)
+			fatal("unknown class %s",classname);
+	} else
+		rdclass = dns_rdataclass_in;
+
+	setup_entropy(mctx, randomfile, &ectx);
+	eflags = ISC_ENTROPY_BLOCKING;
+	if (!pseudorandom)
+		eflags |= ISC_ENTROPY_GOODONLY;
+
+	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not create hash context");
+
+	result = dst_lib_init(mctx, ectx, eflags);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst: %s", 
+		      isc_result_totext(result));
+
+	isc_stdtime_get(&now);
+
+	if ((startstr == NULL || endstr == NULL) &&
+	    !(startstr == NULL && endstr == NULL))
+		fatal("if -s or -e is specified, both must be");
+
+	setup_logging(verbose, mctx, &log);
+
+	if (strlen(argv[0]) < 8U || strncmp(argv[0], "keyset-", 7) != 0)
+		fatal("keyset file '%s' must start with keyset-", argv[0]);
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	check_result(result, "dns_db_create()");
+
+	result = dns_db_load(db, argv[0]);
+	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+		fatal("failed to load database from '%s': %s", argv[0],
+		      isc_result_totext(result));
+
+	dns_fixedname_init(&fdomain);
+	domain = dns_fixedname_name(&fdomain);
+
+	dbiter = NULL;
+	result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
+	check_result(result, "dns_db_createiterator()");
+
+	result = dns_dbiterator_first(dbiter);
+	check_result(result, "dns_dbiterator_first()");
+	while (result == ISC_R_SUCCESS) {
+		node = NULL;
+		dns_dbiterator_current(dbiter, &node, domain);
+		rdsiter = NULL;
+		result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
+		check_result(result, "dns_db_allrdatasets()");
+		result = dns_rdatasetiter_first(rdsiter);
+		dns_rdatasetiter_destroy(&rdsiter);
+		if (result == ISC_R_SUCCESS)
+			break;
+		dns_db_detachnode(db, &node);
+		result = dns_dbiterator_next(dbiter);
+	}
+	dns_dbiterator_destroy(&dbiter);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to find data in keyset file");
+
+	isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
+	result = dns_name_tofilenametext(domain, ISC_FALSE, &b);
+	check_result(result, "dns_name_tofilenametext()");
+	isc_buffer_putuint8(&b, 0);
+
+	output = isc_mem_allocate(mctx,
+				  strlen("signedkey-") + strlen(tdomain) + 1);
+	if (output == NULL)
+		fatal("out of memory");
+	strcpy(output, "signedkey-");
+	strcat(output, tdomain);
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	dns_rdataset_init(&rdataset);
+	dns_rdataset_init(&sigrdataset);
+	result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,
+				     0, &rdataset, &sigrdataset);
+	if (result != ISC_R_SUCCESS) {
+		char domainstr[DNS_NAME_FORMATSIZE];
+		dns_name_format(domain, domainstr, sizeof domainstr);
+		fatal("failed to find rdataset '%s KEY': %s",
+		      domainstr, isc_result_totext(result));
+	}
+
+	loadkeys(domain, &rdataset);
+
+	if (!dns_rdataset_isassociated(&sigrdataset))
+		fatal("no SIG KEY set present");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	do {
+		dns_rdataset_current(&sigrdataset, &sigrdata);
+		result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+		check_result(result, "dns_rdata_tostruct()");
+		key = findkey(&sig);
+		result = dns_dnssec_verify(domain, &rdataset, key,
+					   ISC_TRUE, mctx, &sigrdata);
+		if (result != ISC_R_SUCCESS) {
+			char keystr[KEY_FORMATSIZE];
+			key_format(key, keystr, sizeof keystr);
+			fatal("signature by key '%s' did not verify: %s",
+			      keystr, isc_result_totext(result));
+		}
+		dns_rdata_reset(&sigrdata);
+		dns_rdata_freestruct(&sig);
+		result = dns_rdataset_next(&sigrdataset);
+	} while (result == ISC_R_SUCCESS);
+
+	if (startstr != NULL) {
+		starttime = strtotime(startstr, now, now);
+		endtime = strtotime(endstr, now, starttime);
+	} else {
+		starttime = sig.timesigned;
+		endtime = sig.timeexpire;
+	}
+
+
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+		if (!keynode->verified)
+			fatal("Not all zone keys self signed the key set");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	dns_rdataset_current(&sigrdataset, &sigrdata);
+	result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+	check_result(result, "dns_rdata_tostruct()");
+
+	dns_rdataset_disassociate(&sigrdataset);
+
+	argc -= 1;
+	argv += 1;
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = rdataset.rdclass;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = rdataset.ttl;
+
+	for (i = 0; i < argc; i++) {
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i],
+					       DST_TYPE_PUBLIC |
+					       DST_TYPE_PRIVATE,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to read key %s from disk: %s",
+			      argv[i], isc_result_totext(result));
+
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		dns_rdata_init(rdata);
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, key,
+					 &starttime, &endtime,
+					 mctx, &b, rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS) {
+			char keystr[KEY_FORMATSIZE];
+			key_format(key, keystr, sizeof keystr);
+			fatal("key '%s' failed to sign data: %s",
+			      keystr, isc_result_totext(result));
+		}
+		if (tryverify) {
+			result = dns_dnssec_verify(domain, &rdataset, key,
+						   ISC_TRUE, mctx, rdata);
+			if (result != ISC_R_SUCCESS) {
+				char keystr[KEY_FORMATSIZE];
+				key_format(key, keystr, sizeof keystr);
+				fatal("signature from key '%s' failed to "
+				      "verify: %s",
+				      keystr, isc_result_totext(result));
+			}
+		}
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&newsigrdataset);
+	result = dns_rdatalist_tordataset(&sigrdatalist, &newsigrdataset);
+	check_result (result, "dns_rdatalist_tordataset()");
+
+	dns_db_addrdataset(db, node, version, 0, &newsigrdataset, 0, NULL);
+	check_result (result, "dns_db_addrdataset()");
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to write database to '%s': %s",
+		      output, isc_result_totext(result));
+
+	printf("%s\n", output);
+
+	dns_rdataset_disassociate(&rdataset);
+	dns_rdataset_disassociate(&newsigrdataset);
+
+	dns_rdata_freestruct(&sig);
+
+	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+
+	dns_db_detach(&db);
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	cleanup_logging(&log);
+
+	isc_mem_free(mctx, output);
+	isc_hash_destroy();
+	cleanup_entropy(&ectx);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-signkey.docbook

@@ -0,0 +1,253 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+	       [<!ENTITY mdash "&#8212;">]>
+<!--
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+ -
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ -
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+
+<!-- $Id: dnssec-signkey.docbook,v 1.2.2.6 2005/05/12 21:35:08 sra Exp $ -->
+
+<refentry>
+  <refentryinfo>
+    <date>June 30, 2000</date>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle><application>dnssec-signkey</application></refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo>BIND9</refmiscinfo>
+  </refmeta>
+
+  <docinfo>
+    <copyright>
+      <year>2004</year>
+      <year>2005</year>
+      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
+    </copyright>
+    <copyright>
+      <year>2000</year>
+      <year>2001</year>
+      <year>2003</year>
+      <holder>Internet Software Consortium.</holder>
+    </copyright>
+  </docinfo>
+
+  <refnamediv>
+    <refname><application>dnssec-signkey</application></refname>
+    <refpurpose>DNSSEC key set signing tool</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>dnssec-signkey</command>
+      <arg><option>-a</option></arg>
+      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
+      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
+      <arg><option>-h</option></arg>
+      <arg><option>-p</option></arg>
+      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+      <arg choice="req">keyset</arg>
+      <arg choice="req" rep="repeat">key</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1>
+    <title>DESCRIPTION</title>
+    <para>
+        <command>dnssec-signkey</command> signs a keyset.  Typically
+	the keyset will be for a child zone, and will have been generated
+	by <command>dnssec-makekeyset</command>.  The child zone's keyset
+	is signed with the zone keys for its parent zone.  The output file
+	is of the form <filename>signedkey-nnnn.</filename>, where
+	<filename>nnnn</filename> is the zone name.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>OPTIONS</title>
+
+    <variablelist>
+      <varlistentry>
+        <term>-a</term>
+	<listitem>
+	  <para>
+	      Verify all generated signatures.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-c <replaceable class="parameter">class</replaceable></term>
+	<listitem>
+	  <para>
+	       Specifies the DNS class of the key sets.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-s <replaceable class="parameter">start-time</replaceable></term>
+	<listitem>
+	  <para>
+	       Specify the date and time when the generated SIG records
+	       become valid.  This can be either an absolute or relative
+	       time.  An absolute start time is indicated by a number
+	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+	       14:45:00 UTC on May 30th, 2000.  A relative start time is
+	       indicated by +N, which is N seconds from the current time.
+	       If no <option>start-time</option> is specified, the current
+	       time is used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-e <replaceable class="parameter">end-time</replaceable></term>
+	<listitem>
+	  <para>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <option>start-time</option>, an absolute
+	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+	       to the start time is indicated with +N, which is N seconds from
+	       the start time.  A time relative to the current time is
+	       indicated with now+N.  If no <option>end-time</option> is
+	       specified, 30 days from the start time is used as a default.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-h</term>
+	<listitem>
+	  <para>
+	       Prints a short summary of the options and arguments to
+	       <command>dnssec-signkey</command>.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-p</term>
+	<listitem>
+	  <para>
+	       Use pseudo-random data when signing the zone.  This is faster,
+	       but less secure, than using real random data.  This option
+	       may be useful when signing large zones or when the entropy
+	       source is limited.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
+	<listitem>
+	  <para>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <filename>/dev/random</filename>
+	       or equivalent device, the default source of randomness
+	       is keyboard input.  <filename>randomdev</filename> specifies
+	       the name of a character device or file containing random
+	       data to be used instead of the default.  The special value
+	       <filename>keyboard</filename> indicates that keyboard
+	       input should be used.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-v <replaceable class="parameter">level</replaceable></term>
+	<listitem>
+	  <para>
+	       Sets the debugging level.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>keyset</term>
+	  <listitem>
+	    <para>
+	        The file containing the child's keyset.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>key</term>
+	  <listitem>
+	    <para>
+	        The keys used to sign the child's keyset.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+    </variablelist>
+  </refsect1>
+
+  <refsect1>
+    <title>EXAMPLE</title>
+    <para>
+        The DNS administrator for a DNSSEC-aware <userinput>.com</userinput>
+	zone would use the following command to sign the
+	<filename>keyset</filename> file for <userinput>example.com</userinput>
+	created by <command>dnssec-makekeyset</command> with a key generated
+	by <command>dnssec-keygen</command>:
+    </para>
+    <para>
+        <userinput>dnssec-signkey keyset-example.com. Kcom.+003+51944</userinput>
+    </para>
+    <para>
+        In this example, <command>dnssec-signkey</command> creates
+	the file <filename>signedkey-example.com.</filename>, which
+	contains the <userinput>example.com</userinput> keys and the
+	signatures by the <userinput>.com</userinput> keys.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+        <refentrytitle>dnssec-keygen</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>dnssec-makekeyset</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+        <refentrytitle>dnssec-signzone</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>AUTHOR</title>
+    <para>
+        <corpauthor>Internet Systems Consortium</corpauthor>
+    </para>
+  </refsect1>
+
+</refentry>
+
+<!--
+ - Local variables:
+ - mode: sgml
+ - End:
+-->

bin/dnssec/dnssec-signkey.html

@@ -0,0 +1,148 @@
+<!--
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
+ - 
+ - Permission to use, copy, modify, and distribute this software for any
+ - purpose with or without fee is hereby granted, provided that the above
+ - copyright notice and this permission notice appear in all copies.
+ - 
+ - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ - PERFORMANCE OF THIS SOFTWARE.
+-->
+<!-- $Id: dnssec-signkey.html,v 1.4.2.15 2007/01/26 23:26:58 marka Exp $ -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dnssec-signkey</title>
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+</head>
+<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
+<a name="id2476275"></a><div class="titlepage"></div>
+<div class="refnamediv">
+<h2>Name</h2>
+<p><span class="application">dnssec-signkey</span> &#8212; DNSSEC key set signing tool</p>
+</div>
+<div class="refsynopsisdiv">
+<h2>Synopsis</h2>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signkey</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-h</code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {keyset} {key...}</p></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543409"></a><h2>DESCRIPTION</h2>
+<p>
+        <span><strong class="command">dnssec-signkey</strong></span> signs a keyset.  Typically
+	the keyset will be for a child zone, and will have been generated
+	by <span><strong class="command">dnssec-makekeyset</strong></span>.  The child zone's keyset
+	is signed with the zone keys for its parent zone.  The output file
+	is of the form <code class="filename">signedkey-nnnn.</code>, where
+	<code class="filename">nnnn</code> is the zone name.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543431"></a><h2>OPTIONS</h2>
+<div class="variablelist"><dl>
+<dt><span class="term">-a</span></dt>
+<dd><p>
+	      Verify all generated signatures.
+	  </p></dd>
+<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
+<dd><p>
+	       Specifies the DNS class of the key sets.
+	  </p></dd>
+<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       become valid.  This can be either an absolute or relative
+	       time.  An absolute start time is indicated by a number
+	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
+	       14:45:00 UTC on May 30th, 2000.  A relative start time is
+	       indicated by +N, which is N seconds from the current time.
+	       If no <code class="option">start-time</code> is specified, the current
+	       time is used.
+	  </p></dd>
+<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
+<dd><p>
+	       Specify the date and time when the generated SIG records
+	       expire.  As with <code class="option">start-time</code>, an absolute
+	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+	       to the start time is indicated with +N, which is N seconds from
+	       the start time.  A time relative to the current time is
+	       indicated with now+N.  If no <code class="option">end-time</code> is
+	       specified, 30 days from the start time is used as a default.
+	  </p></dd>
+<dt><span class="term">-h</span></dt>
+<dd><p>
+	       Prints a short summary of the options and arguments to
+	       <span><strong class="command">dnssec-signkey</strong></span>.
+	  </p></dd>
+<dt><span class="term">-p</span></dt>
+<dd><p>
+	       Use pseudo-random data when signing the zone.  This is faster,
+	       but less secure, than using real random data.  This option
+	       may be useful when signing large zones or when the entropy
+	       source is limited.
+	  </p></dd>
+<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
+<dd><p>
+	       Specifies the source of randomness.  If the operating
+	       system does not provide a <code class="filename">/dev/random</code>
+	       or equivalent device, the default source of randomness
+	       is keyboard input.  <code class="filename">randomdev</code> specifies
+	       the name of a character device or file containing random
+	       data to be used instead of the default.  The special value
+	       <code class="filename">keyboard</code> indicates that keyboard
+	       input should be used.
+	  </p></dd>
+<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
+<dd><p>
+	       Sets the debugging level.
+	  </p></dd>
+<dt><span class="term">keyset</span></dt>
+<dd><p>
+	        The file containing the child's keyset.
+	  </p></dd>
+<dt><span class="term">key</span></dt>
+<dd><p>
+	        The keys used to sign the child's keyset.
+	  </p></dd>
+</dl></div>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543620"></a><h2>EXAMPLE</h2>
+<p>
+        The DNS administrator for a DNSSEC-aware <strong class="userinput"><code>.com</code></strong>
+	zone would use the following command to sign the
+	<code class="filename">keyset</code> file for <strong class="userinput"><code>example.com</code></strong>
+	created by <span><strong class="command">dnssec-makekeyset</strong></span> with a key generated
+	by <span><strong class="command">dnssec-keygen</strong></span>:
+    </p>
+<p>
+        <strong class="userinput"><code>dnssec-signkey keyset-example.com. Kcom.+003+51944</code></strong>
+    </p>
+<p>
+        In this example, <span><strong class="command">dnssec-signkey</strong></span> creates
+	the file <code class="filename">signedkey-example.com.</code>, which
+	contains the <strong class="userinput"><code>example.com</code></strong> keys and the
+	signatures by the <strong class="userinput"><code>.com</code></strong> keys.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543672"></a><h2>SEE ALSO</h2>
+<p>
+      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-makekeyset</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>.
+    </p>
+</div>
+<div class="refsect1" lang="en">
+<a name="id2543710"></a><h2>AUTHOR</h2>
+<p>
+        <span class="corpauthor">Internet Systems Consortium</span>
+    </p>
+</div>
+</div></body>
+</html>

bin/dnssec/dnssec-signzone.8

@@ -1,5 +1,5 @@
-.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
+.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -13,112 +13,176 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.23.2.1.4.9 2005/06/26 00:05:50 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.23.2.12 2007/05/09 03:32:21 marka Exp $
 .\"
 .hy 0
 .ad l
-.\"Generated by db2man.xsl. Don't modify this, modify the source.
-.de Sh \" Subsection
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.TH "DNSSEC-SIGNZONE" 8 "June 30, 2000" "" ""
-.SH NAME
-dnssec-signzone \- DNSSEC zone signing tool
+.\"     Title: dnssec\-signzone
+.\"    Author: 
+.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
+.\"    Manual: BIND9
+.\"    Source: BIND9
+.\"
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.SH "NAME"
+dnssec\-signzone \- DNSSEC zone signing tool
 .SH "SYNOPSIS"
 .HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fIclass\fR\fR] [\fB\-d\ \fIdirectory\fR\fR] [\fB\-e\ \fIend\-time\fR\fR] [\fB\-f\ \fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fIkey\fR\fR] [\fB\-l\ \fIdomain\fR\fR] [\fB\-i\ \fIinterval\fR\fR] [\fB\-n\ \fInthreads\fR\fR] [\fB\-o\ \fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fIrandomdev\fR\fR] [\fB\-s\ \fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-n\ \fR\fB\fInthreads\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
- \fBdnssec\-signzone\fR signs a zone\&. It generates NSEC and RRSIG records and produces a signed version of the zone\&. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a\fIkeyset\fR file for each child zone\&.
+\fBdnssec\-signzone\fR
+signs a zone. It generates NXT and SIG records and produces a signed version of the zone. If there is a
+\fIsignedkey\fR
+file from the zone's parent, the parent's signatures will be incorporated into the generated signed zone file. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+\fIsignedkey\fR
+file for each child zone.
 .SH "OPTIONS"
-.TP
+.PP
 \-a
-Verify all generated signatures\&.
-.TP
+.RS 4
+Verify all generated signatures.
+.RE
+.PP
 \-c \fIclass\fR
-Specifies the DNS class of the zone\&.
-.TP
-\-k \fIkey\fR
-Treat specified key as a key signing key ignoring any key flags\&. This option may be specified multiple times\&.
-.TP
-\-l \fIdomain\fR
-Generate a DLV set in addition to the key (DNSKEY) and DS sets\&. The domain is appended to the name of the records\&.
-.TP
+.RS 4
+Specifies the DNS class of the zone.
+.RE
+.PP
 \-d \fIdirectory\fR
-Look for \fIkeyset\fR files in \fBdirectory\fR as the directory
-.TP
-\-g
-Generate DS records for child zones from keyset files\&. Existing DS records will be removed\&.
-.TP
+.RS 4
+Look for
+\fIsignedkey\fR
+files in
+\fBdirectory\fR
+as the directory
+.RE
+.PP
 \-s \fIstart\-time\fR
-Specify the date and time when the generated RRSIG records become valid\&. This can be either an absolute or relative time\&. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000\&. A relative start time is indicated by +N, which is N seconds from the current time\&. If no \fBstart\-time\fR is specified, the current time minus 1 hour (to allow for clock skew) is used\&.
-.TP
+.RS 4
+Specify the date and time when the generated SIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
+\fBstart\-time\fR
+is specified, the current time is used.
+.RE
+.PP
 \-e \fIend\-time\fR
-Specify the date and time when the generated RRSIG records expire\&. As with \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation\&. A time relative to the start time is indicated with +N, which is N seconds from the start time\&. A time relative to the current time is indicated with now+N\&. If no \fBend\-time\fR is specified, 30 days from the start time is used as a default\&.
-.TP
+.RS 4
+Specify the date and time when the generated SIG records expire. As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBend\-time\fR
+is specified, 30 days from the start time is used as a default.
+.RE
+.PP
 \-f \fIoutput\-file\fR
-The name of the output file containing the signed zone\&. The default is to append \fI\&.signed\fR to the input file\&.
-.TP
+.RS 4
+The name of the output file containing the signed zone. The default is to append
+\fI.signed\fR
+to the input filename.
+.RE
+.PP
 \-h
-Prints a short summary of the options and arguments to \fBdnssec\-signzone\fR\&.
-.TP
+.RS 4
+Prints a short summary of the options and arguments to
+\fBdnssec\-signzone\fR.
+.RE
+.PP
 \-i \fIinterval\fR
-When a previously signed zone is passed as input, records may be resigned\&. The \fBinterval\fR option specifies the cycle interval as an offset from the current time (in seconds)\&. If a RRSIG record expires after the cycle interval, it is retained\&. Otherwise, it is considered to be expiring soon, and it will be replaced\&.
-The default cycle interval is one quarter of the difference between the signature end and start times\&. So if neither \fBend\-time\fR or \fBstart\-time\fR are specified, \fBdnssec\-signzone\fR generates signatures that are valid for 30 days, with a cycle interval of 7\&.5 days\&. Therefore, if any existing RRSIG records are due to expire in less than 7\&.5 days, they would be replaced\&.
-.TP
+.RS 4
+When a previously\-signed zone is passed as input, records may be resigned. The
+\fBinterval\fR
+option specifies the cycle interval as an offset from the current time (in seconds). If a SIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
+.sp
+The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
+\fBend\-time\fR
+or
+\fBstart\-time\fR
+are specified,
+\fBdnssec\-signzone\fR
+generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing SIG records are due to expire in less than 7.5 days, they would be replaced.
+.RE
+.PP
 \-n \fIncpus\fR
-Specifies the number of threads to use\&. By default, one thread is started for each detected CPU\&.
-.TP
+.RS 4
+Specifies the number of threads to use. By default, one thread is started for each detected CPU.
+.RE
+.PP
 \-o \fIorigin\fR
-The zone origin\&. If not specified, the name of the zone file is assumed to be the origin\&.
-.TP
+.RS 4
+The zone origin. If not specified, the name of the zone file is assumed to be the origin.
+.RE
+.PP
 \-p
-Use pseudo\-random data when signing the zone\&. This is faster, but less secure, than using real random data\&. This option may be useful when signing large zones or when the entropy source is limited\&.
-.TP
+.RS 4
+Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
+.RE
+.PP
 \-r \fIrandomdev\fR
-Specifies the source of randomness\&. If the operating system does not provide a \fI/dev/random\fR or equivalent device, the default source of randomness is keyboard input\&. \fIrandomdev\fR specifies the name of a character device or file containing random data to be used instead of the default\&. The special value \fIkeyboard\fR indicates that keyboard input should be used\&.
-.TP
+.RS 4
+Specifies the source of randomness. If the operating system does not provide a
+\fI/dev/random\fR
+or equivalent device, the default source of randomness is keyboard input.
+\fIrandomdev\fR
+specifies the name of a character device or file containing random data to be used instead of the default. The special value
+\fIkeyboard\fR
+indicates that keyboard input should be used.
+.RE
+.PP
 \-t
-Print statistics at completion\&.
-.TP
+.RS 4
+Print statistics at completion.
+.RE
+.PP
 \-v \fIlevel\fR
-Sets the debugging level\&.
-.TP
-\-z
-Ignore KSK flag on key when determining what to sign\&.
-.TP
+.RS 4
+Sets the debugging level.
+.RE
+.PP
 zonefile
-The file containing the zone to be signed\&.
-.TP
+.RS 4
+The file containing the zone to be signed.
+.RE
+.PP
 key
-The keys used to sign the zone\&. If no keys are specified, the default all zone keys that have private key files in the current directory\&.
+.RS 4
+Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
+.RE
 .SH "EXAMPLE"
 .PP
-The following command signs the \fBexample\&.com\fR zone with the DSA key generated in the \fBdnssec\-keygen\fR man page\&. The zone's keys must be in the zone\&. If there are\fIkeyset\fR files associated with child zones, they must be in the current directory\&.\fBexample\&.com\fR, the following command would be issued:
+The following command signs the
+\fBexample.com\fR
+zone with the DSA key generated in the
+\fBdnssec\-keygen\fR
+man page. The zone's keys must be in the zone. If there are
+\fIsignedkey\fR
+files associated with this zone or any child zones, they must be in the current directory.
+\fBexample.com\fR, the following command would be issued:
 .PP
- \fBdnssec\-signzone \-o example\&.com db\&.example\&.com Kexample\&.com\&.+003+26160\fR 
+\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
 .PP
 The command would print a string of the form:
 .PP
-In this example, \fBdnssec\-signzone\fR creates the file \fIdb\&.example\&.com\&.signed\fR\&. This file should be referenced in a zone statement in a\fInamed\&.conf\fR file\&.
+In this example,
+\fBdnssec\-signzone\fR
+creates the file
+\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
+\fInamed.conf\fR
+file.
 .SH "SEE ALSO"
 .PP
- \fBdnssec\-keygen\fR(8), BIND 9 Administrator Reference Manual, RFC 2535\&.
+\fBdnssec\-keygen\fR(8),
+\fBdnssec\-signkey\fR(8),
+BIND 9 Administrator Reference Manual,
+RFC 2535.
 .SH "AUTHOR"
 .PP
- Internet Systems Consortium 
+Internet Systems Consortium
+.SH "COPYRIGHT"
+Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.br
+Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
+.br

bin/dnssec/dnssec-signzone.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
-               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and distribute this software for any
+ - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.2.2.2.4.11 2005/06/24 00:18:15 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.2.2.12 2007/08/28 07:18:13 tbox Exp $ -->
 
 <refentry>
   <refentryinfo>
@@ -35,12 +35,12 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
+      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
       <year>2000</year>
       <year>2001</year>
-      <year>2002</year>
       <year>2003</year>
       <holder>Internet Software Consortium.</holder>
     </copyright>
@@ -57,21 +57,17 @@
       <arg><option>-a</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
       <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
-      <arg><option>-g</option></arg>
       <arg><option>-h</option></arg>
-      <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">nthreads</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
       <arg><option>-p</option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
       <arg><option>-t</option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-z</option></arg>
       <arg choice="req">zonefile</arg>
       <arg rep="repeat">key</arg>
     </cmdsynopsis>
@@ -80,12 +76,14 @@
   <refsect1>
     <title>DESCRIPTION</title>
     <para>
-        <command>dnssec-signzone</command> signs a zone.  It generates
-	NSEC and RRSIG records and produces a signed version of the
-	zone. The security status of delegations from the signed zone
-	(that is, whether the child zones are secure or not) is
-	determined by the presence or absence of a
-	<filename>keyset</filename> file for each child zone.
+        <command>dnssec-signzone</command> signs a zone.  It generates NXT
+	and SIG records and produces a signed version of the zone.  If there
+	is a <filename>signedkey</filename> file from the zone's parent,
+	the parent's signatures will be incorporated into the generated
+	signed zone file.  The security status of delegations from the
+        signed zone (that is, whether the child zones are secure or not) is
+        determined by the presence or absence of a
+	<filename>signedkey</filename> file for each child zone.
     </para>
   </refsect1>
 
@@ -111,58 +109,28 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-k <replaceable class="parameter">key</replaceable></term>
-	<listitem>
-	  <para>
-	       Treat specified key as a key signing key ignoring any
-	       key flags.  This option may be specified multiple times.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">domain</replaceable></term>
-	<listitem>
-	  <para>
-		Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-		The domain is appended to the name of the records.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-d <replaceable class="parameter">directory</replaceable></term>
 	<listitem>
 	  <para>
-	       Look for <filename>keyset</filename> files in
+	       Look for <filename>signedkey</filename> files in
 	       <option>directory</option> as the directory 
 	  </para>
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-g</term>
-	<listitem>
-	  <para>
-		Generate DS records for child zones from keyset files.
-		Existing DS records will be removed.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-s <replaceable class="parameter">start-time</replaceable></term>
 	<listitem>
 	  <para>
-	       Specify the date and time when the generated RRSIG records
+	       Specify the date and time when the generated SIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
 	       If no <option>start-time</option> is specified, the current
-	       time minus 1 hour (to allow for clock skew) is used.
+	       time is used.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -171,7 +139,7 @@
         <term>-e <replaceable class="parameter">end-time</replaceable></term>
 	<listitem>
 	  <para>
-	       Specify the date and time when the generated RRSIG records
+	       Specify the date and time when the generated SIG records
 	       expire.  As with <option>start-time</option>, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
@@ -188,7 +156,7 @@
 	  <para>
 	       The name of the output file containing the signed zone.  The
 	       default is to append <filename>.signed</filename> to the
-	       input file.
+	       input filename.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -207,10 +175,10 @@
         <term>-i <replaceable class="parameter">interval</replaceable></term>
 	<listitem>
 	  <para>
-	       When a previously signed zone is passed as input, records
+	       When a previously-signed zone is passed as input, records
 	       may be resigned.  The <option>interval</option> option
 	       specifies the cycle interval as an offset from the current
-	       time (in seconds).  If a RRSIG record expires after the
+	       time (in seconds).  If a SIG record expires after the
 	       cycle interval, it is retained.  Otherwise, it is considered
 	       to be expiring soon, and it will be replaced.
 	  </para>
@@ -220,7 +188,7 @@
 	       <option>end-time</option> or <option>start-time</option>
 	       are specified, <command>dnssec-signzone</command> generates
 	       signatures that are valid for 30 days, with a cycle
-	       interval of 7.5 days.  Therefore, if any existing RRSIG records
+	       interval of 7.5 days.  Therefore, if any existing SIG records
 	       are due to expire in less than 7.5 days, they would be
 	       replaced.
 	  </para>
@@ -293,15 +261,6 @@
 	</listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-z</term>
-	<listitem>
-	  <para>
-	       Ignore KSK flag on key when determining what to sign.
-	  </para>
-	</listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>zonefile</term>
 	<listitem>
@@ -315,9 +274,11 @@
         <term>key</term>
 	<listitem>
 	  <para>
-	       The keys used to sign the zone.  If no keys are specified, the
-	       default all zone keys that have private key files in the
-	       current directory.
+	    Specify which keys should be used to sign the zone.  If
+	    no keys are specified, then the zone will be examined
+	    for DNSKEY records at the zone apex.  If these are found and
+	    there are matching private keys, in the current directory,
+	    then these will be used for signing.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -331,8 +292,8 @@
         The following command signs the <userinput>example.com</userinput>
 	zone with the DSA key generated in the <command>dnssec-keygen</command>
 	man page.  The zone's keys must be in the zone.  If there are
-	<filename>keyset</filename> files associated with child zones,
-	they must be in the current directory.
+	<filename>signedkey</filename> files associated with this zone
+	or any child zones, they must be in the current directory.
 	<userinput>example.com</userinput>, the following command would be
 	issued:
     </para>
@@ -357,6 +318,10 @@
         <refentrytitle>dnssec-keygen</refentrytitle>
 	<manvolnum>8</manvolnum>
       </citerefentry>,
+      <citerefentry>
+        <refentrytitle>dnssec-signkey</refentrytitle>
+	<manvolnum>8</manvolnum>
+      </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
       <citetitle>RFC 2535</citetitle>.
     </para>

bin/dnssec/dnssec-signzone.html

@@ -1,6 +1,6 @@
 <!--
- - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
+ - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -14,36 +14,38 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.4.2.1.4.13 2005/07/18 02:36:45 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.4.2.18 2007/05/09 03:32:21 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.68.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2456972"></a><div class="titlepage"></div>
+<a name="id2476275"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-h</code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nthreads</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514730"></a><h2>DESCRIPTION</h2>
+<a name="id2543457"></a><h2>DESCRIPTION</h2>
 <p>
-        <span><strong class="command">dnssec-signzone</strong></span> signs a zone.  It generates
-	NSEC and RRSIG records and produces a signed version of the
-	zone. The security status of delegations from the signed zone
-	(that is, whether the child zones are secure or not) is
-	determined by the presence or absence of a
-	<code class="filename">keyset</code> file for each child zone.
+        <span><strong class="command">dnssec-signzone</strong></span> signs a zone.  It generates NXT
+	and SIG records and produces a signed version of the zone.  If there
+	is a <code class="filename">signedkey</code> file from the zone's parent,
+	the parent's signatures will be incorporated into the generated
+	signed zone file.  The security status of delegations from the
+        signed zone (that is, whether the child zones are secure or not) is
+        determined by the presence or absence of a
+	<code class="filename">signedkey</code> file for each child zone.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2514746"></a><h2>OPTIONS</h2>
+<a name="id2543476"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -53,40 +55,25 @@
 <dd><p>
 	       Specifies the DNS class of the zone.
 	  </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
-<dd><p>
-	       Treat specified key as a key signing key ignoring any
-	       key flags.  This option may be specified multiple times.
-	  </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-		Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-		The domain is appended to the name of the records.
-	  </p></dd>
 <dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-	       Look for <code class="filename">keyset</code> files in
+	       Look for <code class="filename">signedkey</code> files in
 	       <code class="option">directory</code> as the directory 
 	  </p></dd>
-<dt><span class="term">-g</span></dt>
-<dd><p>
-		Generate DS records for child zones from keyset files.
-		Existing DS records will be removed.
-	  </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
 <dd><p>
-	       Specify the date and time when the generated RRSIG records
+	       Specify the date and time when the generated SIG records
 	       become valid.  This can be either an absolute or relative
 	       time.  An absolute start time is indicated by a number
 	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
 	       14:45:00 UTC on May 30th, 2000.  A relative start time is
 	       indicated by +N, which is N seconds from the current time.
 	       If no <code class="option">start-time</code> is specified, the current
-	       time minus 1 hour (to allow for clock skew) is used.
+	       time is used.
 	  </p></dd>
 <dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
 <dd><p>
-	       Specify the date and time when the generated RRSIG records
+	       Specify the date and time when the generated SIG records
 	       expire.  As with <code class="option">start-time</code>, an absolute
 	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
 	       to the start time is indicated with +N, which is N seconds from
@@ -98,7 +85,7 @@
 <dd><p>
 	       The name of the output file containing the signed zone.  The
 	       default is to append <code class="filename">.signed</code> to the
-	       input file.
+	       input filename.
 	  </p></dd>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -108,10 +95,10 @@
 <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
 <dd>
 <p>
-	       When a previously signed zone is passed as input, records
+	       When a previously-signed zone is passed as input, records
 	       may be resigned.  The <code class="option">interval</code> option
 	       specifies the cycle interval as an offset from the current
-	       time (in seconds).  If a RRSIG record expires after the
+	       time (in seconds).  If a SIG record expires after the
 	       cycle interval, it is retained.  Otherwise, it is considered
 	       to be expiring soon, and it will be replaced.
 	  </p>
@@ -121,7 +108,7 @@
 	       <code class="option">end-time</code> or <code class="option">start-time</code>
 	       are specified, <span><strong class="command">dnssec-signzone</strong></span> generates
 	       signatures that are valid for 30 days, with a cycle
-	       interval of 7.5 days.  Therefore, if any existing RRSIG records
+	       interval of 7.5 days.  Therefore, if any existing SIG records
 	       are due to expire in less than 7.5 days, they would be
 	       replaced.
 	  </p>
@@ -162,30 +149,28 @@
 <dd><p>
 	       Sets the debugging level.
 	  </p></dd>
-<dt><span class="term">-z</span></dt>
-<dd><p>
-	       Ignore KSK flag on key when determining what to sign.
-	  </p></dd>
 <dt><span class="term">zonefile</span></dt>
 <dd><p>
 	       The file containing the zone to be signed.
 	  </p></dd>
 <dt><span class="term">key</span></dt>
 <dd><p>
-	       The keys used to sign the zone.  If no keys are specified, the
-	       default all zone keys that have private key files in the
-	       current directory.
+	    Specify which keys should be used to sign the zone.  If
+	    no keys are specified, then the zone will be examined
+	    for DNSKEY records at the zone apex.  If these are found and
+	    there are matching private keys, in the current directory,
+	    then these will be used for signing.
 	  </p></dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515254"></a><h2>EXAMPLE</h2>
+<a name="id2543858"></a><h2>EXAMPLE</h2>
 <p>
         The following command signs the <strong class="userinput"><code>example.com</code></strong>
 	zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
 	man page.  The zone's keys must be in the zone.  If there are
-	<code class="filename">keyset</code> files associated with child zones,
-	they must be in the current directory.
+	<code class="filename">signedkey</code> files associated with this zone
+	or any child zones, they must be in the current directory.
 	<strong class="userinput"><code>example.com</code></strong>, the following command would be
 	issued:
     </p>
@@ -203,15 +188,16 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515304"></a><h2>SEE ALSO</h2>
+<a name="id2543908"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
+      <span class="citerefentry"><span class="refentrytitle">dnssec-signkey</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2535</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2515331"></a><h2>AUTHOR</h2>
+<a name="id2543944"></a><h2>AUTHOR</h2>
 <p>
         <span class="corpauthor">Internet Systems Consortium</span>
     </p>

bin/dnssec/dnssectool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.31.2.3.2.6 2005/07/02 02:42:43 marka Exp $ */
+/* $Id: dnssectool.c,v 1.31.2.7 2005/07/02 02:42:29 marka Exp $ */
 
 #include <config.h>
 
@@ -23,8 +23,6 @@
 
 #include <isc/buffer.h>
 #include <isc/entropy.h>
-#include <isc/list.h>
-#include <isc/mem.h>
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
@@ -33,7 +31,6 @@
 #include <dns/log.h>
 #include <dns/name.h>
 #include <dns/rdatastruct.h>
-#include <dns/rdataclass.h>
 #include <dns/rdatatype.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
@@ -44,15 +41,7 @@
 extern int verbose;
 extern const char *program;
 
-typedef struct entropysource entropysource_t;
-
-struct entropysource {
-	isc_entropysource_t *source;
-	isc_mem_t *mctx;
-	ISC_LINK(entropysource_t) link;
-};
-
-static ISC_LIST(entropysource_t) sources;
+static isc_entropysource_t *source = NULL;
 static fatalcallback_t *fatalcallback = NULL;
 
 void
@@ -118,12 +107,12 @@ alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
 }
 
 void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
+sig_format(dns_rdata_sig_t *sig, char *cp, unsigned int size) {
 	char namestr[DNS_NAME_FORMATSIZE];
 	char algstr[DNS_NAME_FORMATSIZE];
 
-	dns_name_format(&sig->signer, namestr, sizeof(namestr));
-	alg_format(sig->algorithm, algstr, sizeof(algstr));
+	dns_name_format(&sig->signer, namestr, sizeof namestr);
+	alg_format(sig->algorithm, algstr, sizeof algstr);
 	snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
 }
 
@@ -132,8 +121,8 @@ key_format(const dst_key_t *key, char *cp, unsigned int size) {
 	char namestr[DNS_NAME_FORMATSIZE];
 	char algstr[DNS_NAME_FORMATSIZE];
 
-	dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
-	alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof(algstr));
+	dns_name_format(dst_key_name(key), namestr, sizeof namestr);
+	alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof algstr);
 	snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
 }
 
@@ -211,8 +200,6 @@ cleanup_logging(isc_log_t **logp) {
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	isc_result_t result;
-	isc_entropysource_t *source = NULL;
-	entropysource_t *elt;
 	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
 
 	REQUIRE(ectx != NULL);
@@ -221,7 +208,6 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 		result = isc_entropy_create(mctx, ectx);
 		if (result != ISC_R_SUCCESS)
 			fatal("could not create entropy object");
-		ISC_LIST_INIT(sources);
 	}
 
 	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
@@ -235,32 +221,17 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	if (result != ISC_R_SUCCESS)
 		fatal("could not initialize entropy source: %s",
 		      isc_result_totext(result));
-
-	if (source != NULL) {
-		elt = isc_mem_get(mctx, sizeof(*elt));
-		if (elt == NULL)
-			fatal("out of memory");
-		elt->source = source;
-		elt->mctx = mctx;
-		ISC_LINK_INIT(elt, link);
-		ISC_LIST_APPEND(sources, elt, link);
-	}
 }
 
 void
 cleanup_entropy(isc_entropy_t **ectx) {
-	entropysource_t *source;
-	while (!ISC_LIST_EMPTY(sources)) {
-		source = ISC_LIST_HEAD(sources);
-		ISC_LIST_UNLINK(sources, source, link);
-		isc_entropy_destroysource(&source->source);
-		isc_mem_put(source->mctx, source, sizeof(*source));
-	}
+	if (source != NULL)
+		isc_entropy_destroysource(&source);
 	isc_entropy_detach(ectx);
 }
 
 isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
+strtotime(char *str, isc_int64_t now, isc_int64_t base) {
 	isc_int64_t val, offset;
 	isc_result_t result;
 	char *endp;
@@ -289,19 +260,3 @@ strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
 
 	return ((isc_stdtime_t) val);
 }
-
-dns_rdataclass_t
-strtoclass(const char *str) {
-	isc_textregion_t r;
-	dns_rdataclass_t rdclass;
-	isc_result_t ret;
-
-	if (str == NULL)
-		return dns_rdataclass_in;
-	DE_CONST(str, r.base);
-	r.length = strlen(str);
-	ret = dns_rdataclass_fromtext(&rdclass, &r);
-	if (ret != ISC_R_SUCCESS)
-		fatal("unknown class %s", str);
-	return (rdclass);
-}

bin/dnssec/dnssectool.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
+ * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.15.12.3 2004/03/08 04:04:18 marka Exp $ */
+/* $Id: dnssectool.h,v 1.15.2.1 2004/03/09 06:09:16 marka Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
@@ -48,7 +48,7 @@ alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
 #define ALG_FORMATSIZE 10
 
 void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
+sig_format(dns_rdata_sig_t *sig, char *cp, unsigned int size);
 #define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
 
 void
@@ -68,9 +68,6 @@ void
 cleanup_entropy(isc_entropy_t **ectx);
 
 isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base);
-
-dns_rdataclass_t
-strtoclass(const char *str);
+strtotime(char *str, isc_int64_t now, isc_int64_t base);
 
 #endif /* DNSSEC_DNSSECTOOL_H */

bin/dnssec/win32/dnssectool.dsp

@@ -0,0 +1,113 @@
+# Microsoft Developer Studio Project File - Name="dnssectool" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
+
+CFG=dnssectool - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "dnssectool.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "dnssectool.mak" CFG="dnssectool - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "dnssectool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE "dnssectool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+MTL=midl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "dnssectool - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /out:"Release/dnssectool.lib"
+
+!ELSEIF  "$(CFG)" == "dnssectool - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
+# SUBTRACT CPP /X
+# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 
+# ADD LINK32 /debug out:"Debug/dnssectool.lib"
+
+!ENDIF 
+
+# Begin Target
+
+# Name "dnssectool - Win32 Release"
+# Name "dnssectool - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# Begin Group "Main Dns Lib"
+
+# PROP Default_Filter "c"
+# Begin Source File
+
+SOURCE=..\dnssectool.c
+# End Source File
+# End Group
+# End Target
+# End Project

bin/dnssec/win32/dnssectool.dsw

@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "dighost"=".\dnssectool.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/dnssec/win32/keygen.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
 
 !ELSEIF  "$(CFG)" == "keygen - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,10 +90,6 @@ LINK32=link.exe
 
 SOURCE="..\dnssec-keygen.c"
 # End Source File
-# Begin Source File
-
-SOURCE=..\dnssectool.c
-# End Source File
 # End Group
 # Begin Group "Header Files"
 

bin/dnssec/win32/keygen.mak

@@ -25,6 +25,81 @@ NULL=
 NULL=nul
 !ENDIF 
 
+!IF  "$(CFG)" == "keygen - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
 !IF  "$(CFG)" == "keygen - Win32 Release"
 
 OUTDIR=.\Release
@@ -38,6 +113,7 @@ CLEAN :
 	-@erase "$(INTDIR)\dnssectool.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dnssec-keygen.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -90,6 +166,7 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "keygen - Win32 Debug"
 
@@ -113,6 +190,7 @@ CLEAN :
 	-@erase "$(OUTDIR)\keygen.bsc"
 	-@erase "..\..\..\Build\Debug\dnssec-keygen.exe"
 	-@erase "..\..\..\Build\Debug\dnssec-keygen.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -172,6 +250,7 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -225,3 +304,21 @@ SOURCE=..\dnssectool.c
 
 !ENDIF 
 
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dnssec/win32/makekeyset.dsp

@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="makekeyset" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=makekeyset - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "makekeyset.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "makekeyset.mak" CFG="makekeyset - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "makekeyset - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "makekeyset - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "makekeyset - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-makekeyset.exe"
+
+!ELSEIF  "$(CFG)" == "makekeyset - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-makekeyset.exe" /pdbtype:sept
+
+!ENDIF 
+
+# Begin Target
+
+# Name "makekeyset - Win32 Release"
+# Name "makekeyset - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-makekeyset.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project

bin/dnssec/win32/makekeyset.dsw

@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "makekeyset"=".\makekeyset.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/dnssec/win32/makekeyset.mak

@@ -0,0 +1,343 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on makekeyset.dsp
+!IF "$(CFG)" == ""
+CFG=makekeyset - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to makekeyset - Win32 Debug.
+!ENDIF 
+
+!IF "$(CFG)" != "makekeyset - Win32 Release" && "$(CFG)" != "makekeyset - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "makekeyset.mak" CFG="makekeyset - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "makekeyset - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "makekeyset - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+!IF  "$(CFG)" == "makekeyset - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF  "$(CFG)" == "makekeyset - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-makekeyset.exe"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dnssec-makekeyset.obj"
+	-@erase "$(INTDIR)\dnssectool.obj"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "..\..\..\Build\Release\dnssec-makekeyset.exe"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\makekeyset.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\makekeyset.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-makekeyset.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-makekeyset.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\dnssec-makekeyset.obj" \
+	"$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-makekeyset.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+  $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "makekeyset - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-makekeyset.exe" "$(OUTDIR)\makekeyset.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dnssec-makekeyset.obj"
+	-@erase "$(INTDIR)\dnssec-makekeyset.sbr"
+	-@erase "$(INTDIR)\dnssectool.obj"
+	-@erase "$(INTDIR)\dnssectool.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\dnssec-makekeyset.pdb"
+	-@erase "$(OUTDIR)\makekeyset.bsc"
+	-@erase "..\..\..\Build\Debug\dnssec-makekeyset.exe"
+	-@erase "..\..\..\Build\Debug\dnssec-makekeyset.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\makekeyset.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\dnssec-makekeyset.sbr" \
+	"$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\makekeyset.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-makekeyset.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-makekeyset.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\dnssec-makekeyset.obj" \
+	"$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-makekeyset.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+  $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("makekeyset.dep")
+!INCLUDE "makekeyset.dep"
+!ELSE 
+!MESSAGE Warning: cannot find "makekeyset.dep"
+!ENDIF 
+!ENDIF 
+
+
+!IF "$(CFG)" == "makekeyset - Win32 Release" || "$(CFG)" == "makekeyset - Win32 Debug"
+SOURCE="..\dnssec-makekeyset.c"
+
+!IF  "$(CFG)" == "makekeyset - Win32 Release"
+
+
+"$(INTDIR)\dnssec-makekeyset.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "makekeyset - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-makekeyset.obj"	"$(INTDIR)\dnssec-makekeyset.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+SOURCE=..\dnssectool.c
+
+!IF  "$(CFG)" == "makekeyset - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "makekeyset - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+
+!ENDIF 
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
+

bin/dnssec/win32/signkey.dsp

@@ -0,0 +1,103 @@
+# Microsoft Developer Studio Project File - Name="signkey" - Package Owner=<4>
+# Microsoft Developer Studio Generated Build File, Format Version 6.00
+# ** DO NOT EDIT **
+
+# TARGTYPE "Win32 (x86) Console Application" 0x0103
+
+CFG=signkey - Win32 Debug
+!MESSAGE This is not a valid makefile. To build this project using NMAKE,
+!MESSAGE use the Export Makefile command and run
+!MESSAGE 
+!MESSAGE NMAKE /f "signkey.mak".
+!MESSAGE 
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "signkey.mak" CFG="signkey - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "signkey - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "signkey - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+
+# Begin Project
+# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
+CPP=cl.exe
+RSC=rc.exe
+
+!IF  "$(CFG)" == "signkey - Win32 Release"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 0
+# PROP BASE Output_Dir "Release"
+# PROP BASE Intermediate_Dir "Release"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 0
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
+# ADD BASE RSC /l 0x409 /d "NDEBUG"
+# ADD RSC /l 0x409 /d "NDEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signkey.exe"
+
+!ELSEIF  "$(CFG)" == "signkey - Win32 Debug"
+
+# PROP BASE Use_MFC 0
+# PROP BASE Use_Debug_Libraries 1
+# PROP BASE Output_Dir "Debug"
+# PROP BASE Intermediate_Dir "Debug"
+# PROP BASE Target_Dir ""
+# PROP Use_MFC 0
+# PROP Use_Debug_Libraries 1
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
+# PROP Ignore_Export_Lib 0
+# PROP Target_Dir ""
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
+# SUBTRACT CPP /X /YX
+# ADD BASE RSC /l 0x409 /d "_DEBUG"
+# ADD RSC /l 0x409 /d "_DEBUG"
+BSC32=bscmake.exe
+# ADD BASE BSC32 /nologo
+# ADD BSC32 /nologo
+LINK32=link.exe
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signkey.exe" /pdbtype:sept
+
+!ENDIF 
+
+# Begin Target
+
+# Name "signkey - Win32 Release"
+# Name "signkey - Win32 Debug"
+# Begin Group "Source Files"
+
+# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
+# Begin Source File
+
+SOURCE="..\dnssec-signkey.c"
+# End Source File
+# End Group
+# Begin Group "Header Files"
+
+# PROP Default_Filter "h;hpp;hxx;hm;inl"
+# End Group
+# Begin Group "Resource Files"
+
+# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
+# End Group
+# End Target
+# End Project

bin/dnssec/win32/signkey.dsw

@@ -0,0 +1,29 @@
+Microsoft Developer Studio Workspace File, Format Version 6.00
+# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
+
+###############################################################################
+
+Project: "signkey"=".\signkey.dsp" - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+}}}
+
+###############################################################################
+
+Global:
+
+Package=<5>
+{{{
+}}}
+
+Package=<3>
+{{{
+}}}
+
+###############################################################################
+

bin/dnssec/win32/signkey.mak

@@ -0,0 +1,342 @@
+# Microsoft Developer Studio Generated NMAKE File, Based on signkey.dsp
+!IF "$(CFG)" == ""
+CFG=signkey - Win32 Debug
+!MESSAGE No configuration specified. Defaulting to signkey - Win32 Debug.
+!ENDIF 
+
+!IF "$(CFG)" != "signkey - Win32 Release" && "$(CFG)" != "signkey - Win32 Debug"
+!MESSAGE Invalid configuration "$(CFG)" specified.
+!MESSAGE You can specify a configuration when running NMAKE
+!MESSAGE by defining the macro CFG on the command line. For example:
+!MESSAGE 
+!MESSAGE NMAKE /f "signkey.mak" CFG="signkey - Win32 Debug"
+!MESSAGE 
+!MESSAGE Possible choices for configuration are:
+!MESSAGE 
+!MESSAGE "signkey - Win32 Release" (based on "Win32 (x86) Console Application")
+!MESSAGE "signkey - Win32 Debug" (based on "Win32 (x86) Console Application")
+!MESSAGE 
+!ERROR An invalid configuration is specified.
+!ENDIF 
+
+!IF "$(OS)" == "Windows_NT"
+NULL=
+!ELSE 
+NULL=nul
+!ENDIF 
+
+!IF  "$(CFG)" == "signkey - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
+!IF  "$(CFG)" == "signkey - Win32 Release"
+
+OUTDIR=.\Release
+INTDIR=.\Release
+
+ALL : "..\..\..\Build\Release\dnssec-signkey.exe"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dnssec-signkey.obj"
+	-@erase "$(INTDIR)\dnssectool.obj"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "..\..\..\Build\Release\dnssec-signkey.exe"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\signkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\signkey.bsc" 
+BSC32_SBRS= \
+	
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-signkey.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-signkey.exe" 
+LINK32_OBJS= \
+	"$(INTDIR)\dnssec-signkey.obj" \
+	"$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Release\dnssec-signkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+  $(_VC_MANIFEST_EMBED_EXE)
+
+!ELSEIF  "$(CFG)" == "signkey - Win32 Debug"
+
+OUTDIR=.\Debug
+INTDIR=.\Debug
+# Begin Custom Macros
+OutDir=.\Debug
+# End Custom Macros
+
+ALL : "..\..\..\Build\Debug\dnssec-signkey.exe" "$(OUTDIR)\signkey.bsc"
+
+
+CLEAN :
+	-@erase "$(INTDIR)\dnssec-signkey.obj"
+	-@erase "$(INTDIR)\dnssec-signkey.sbr"
+	-@erase "$(INTDIR)\dnssectool.obj"
+	-@erase "$(INTDIR)\dnssectool.sbr"
+	-@erase "$(INTDIR)\vc60.idb"
+	-@erase "$(INTDIR)\vc60.pdb"
+	-@erase "$(OUTDIR)\dnssec-signkey.pdb"
+	-@erase "$(OUTDIR)\signkey.bsc"
+	-@erase "..\..\..\Build\Debug\dnssec-signkey.exe"
+	-@erase "..\..\..\Build\Debug\dnssec-signkey.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
+
+"$(OUTDIR)" :
+    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
+
+CPP=cl.exe
+CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
+
+.c{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.obj::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.c{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cpp{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+.cxx{$(INTDIR)}.sbr::
+   $(CPP) @<<
+   $(CPP_PROJ) $< 
+<<
+
+RSC=rc.exe
+BSC32=bscmake.exe
+BSC32_FLAGS=/nologo /o"$(OUTDIR)\signkey.bsc" 
+BSC32_SBRS= \
+	"$(INTDIR)\dnssec-signkey.sbr" \
+	"$(INTDIR)\dnssectool.sbr"
+
+"$(OUTDIR)\signkey.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
+    $(BSC32) @<<
+  $(BSC32_FLAGS) $(BSC32_SBRS)
+<<
+
+LINK32=link.exe
+LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-signkey.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signkey.exe" /pdbtype:sept 
+LINK32_OBJS= \
+	"$(INTDIR)\dnssec-signkey.obj" \
+	"$(INTDIR)\dnssectool.obj"
+
+"..\..\..\Build\Debug\dnssec-signkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
+    $(LINK32) @<<
+  $(LINK32_FLAGS) $(LINK32_OBJS)
+<<
+  $(_VC_MANIFEST_EMBED_EXE)
+
+!ENDIF 
+
+
+!IF "$(NO_EXTERNAL_DEPS)" != "1"
+!IF EXISTS("signkey.dep")
+!INCLUDE "signkey.dep"
+!ELSE 
+!MESSAGE Warning: cannot find "signkey.dep"
+!ENDIF 
+!ENDIF 
+
+
+!IF "$(CFG)" == "signkey - Win32 Release" || "$(CFG)" == "signkey - Win32 Debug"
+SOURCE="..\dnssec-signkey.c"
+
+!IF  "$(CFG)" == "signkey - Win32 Release"
+
+
+"$(INTDIR)\dnssec-signkey.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "signkey - Win32 Debug"
+
+
+"$(INTDIR)\dnssec-signkey.obj"	"$(INTDIR)\dnssec-signkey.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+SOURCE=..\dnssectool.c
+
+!IF  "$(CFG)" == "signkey - Win32 Release"
+
+
+"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "signkey - Win32 Debug"
+
+
+"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ENDIF 
+
+
+!ENDIF 
+
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/dnssec/win32/signzone.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
+# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
 
 !ELSEIF  "$(CFG)" == "signzone - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,9 +90,6 @@ LINK32=link.exe
 
 SOURCE="..\dnssec-signzone.c"
 # End Source File
-# Begin Source File
-
-SOURCE=..\dnssectool.c
 # End Source File
 # End Group
 # Begin Group "Header Files"

bin/dnssec/win32/signzone.mak

@@ -25,6 +25,81 @@ NULL=
 NULL=nul
 !ENDIF 
 
+!IF  "$(CFG)" == "signzone - Win32 Release"
+_VC_MANIFEST_INC=0
+_VC_MANIFEST_BASENAME=__VC80
+!ELSE
+_VC_MANIFEST_INC=1
+_VC_MANIFEST_BASENAME=__VC80.Debug
+!ENDIF
+
+####################################################
+# Specifying name of temporary resource file used only in incremental builds:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
+!else
+_VC_MANIFEST_AUTO_RES=
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
+
+!endif
+
+####################################################
+# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+#MT_SPECIAL_RETURN=1090650113
+#MT_SPECIAL_SWITCH=-notify_resource_update
+MT_SPECIAL_RETURN=0
+MT_SPECIAL_SWITCH=
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
+if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
+rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
+link $** /out:$@ $(LFLAGS)
+
+!else
+
+_VC_MANIFEST_EMBED_EXE= \
+if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
+
+!endif
+####################################################
+# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
+
+!if "$(_VC_MANIFEST_INC)" == "1"
+
+_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
+    $(_VC_MANIFEST_BASENAME).auto.rc \
+    $(_VC_MANIFEST_BASENAME).auto.manifest
+
+!else
+
+_VC_MANIFEST_CLEAN=
+
+!endif
+
 !IF  "$(CFG)" == "signzone - Win32 Release"
 
 OUTDIR=.\Release
@@ -38,6 +113,7 @@ CLEAN :
 	-@erase "$(INTDIR)\dnssectool.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dnssec-signzone.exe"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -90,6 +166,7 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "signzone - Win32 Debug"
 
@@ -113,6 +190,7 @@ CLEAN :
 	-@erase "$(OUTDIR)\signzone.bsc"
 	-@erase "..\..\..\Build\Debug\dnssec-signzone.exe"
 	-@erase "..\..\..\Build\Debug\dnssec-signzone.ilk"
+	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -172,6 +250,7 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
+    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -225,3 +304,21 @@ SOURCE=..\dnssectool.c
 
 !ENDIF 
 
+####################################################
+# Commands to generate initial empty manifest file and the RC file
+# that references it, and for generating the .res file:
+
+$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
+
+$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
+    type <<$@
+#include <winuser.h>
+1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
+<< KEEP
+
+$(_VC_MANIFEST_BASENAME).auto.manifest :
+    type <<$@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+</assembly>
+<< KEEP

bin/named/Makefile.in

@@ -1,5 +1,5 @@
 # Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002  Internet Software Consortium.
+# Copyright (C) 1998-2001  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.74.12.11 2004/09/06 21:47:25 marka Exp $
+# $Id: Makefile.in,v 1.74.2.5 2004/09/06 21:42:06 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,7 +21,7 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
 #
 # Add database drivers here.
@@ -32,39 +32,36 @@ DBDRIVER_INCLUDES =
 DBDRIVER_LIBS =
 
 CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
-		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
+		${LWRES_INCLUDES} ${DNS_INCLUDES} \
 		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
 		${DBDRIVER_INCLUDES}
 
 CDEFINES =
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@ @DNS_GSSAPI_LIBS@
 ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCLIBS =	../../lib/isccc/libisccc.@A@
 ISCLIBS =	../../lib/isc/libisc.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
-DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
+DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} \
 		${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
+LIBS =		${LWRESLIBS} ${DNSLIBS} \
 		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} ${DBDRIVER_LIBS} @LIBS@
 
 SUBDIRS =	unix
 
-TARGETS =	named@EXEEXT@ lwresd@EXEEXT@
+TARGETS =	named lwresd
 
-OBJS =		aclconf.@O@ builtin.@O@ client.@O@ config.@O@ control.@O@ \
-		controlconf.@O@ interfacemgr.@O@ \
+OBJS =		aclconf.@O@ client.@O@ config.@O@ control.@O@ controlconf.@O@ interfacemgr.@O@ \
 		listenlist.@O@ log.@O@ logconf.@O@ main.@O@ notify.@O@ \
 		query.@O@ server.@O@ sortlist.@O@ \
 		tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
@@ -75,8 +72,7 @@ OBJS =		aclconf.@O@ builtin.@O@ client.@O@ config.@O@ control.@O@ \
 
 UOBJS =		unix/os.@O@
 
-SRCS =		aclconf.c builtin.c client.c config.c control.c \
-		controlconf.c interfacemgr.c \
+SRCS =		aclconf.c client.c config.c control.c controlconf.c interfacemgr.c \
 		listenlist.c log.c logconf.c main.c notify.c \
 		query.c server.c sortlist.c \
 		tkeyconf.c tsigconf.c update.c xfrout.c \
@@ -94,24 +90,21 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 @BIND9_MAKE_RULES@
 
 main.@O@: main.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
 		-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
 
 config.@O@: config.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
 		-c ${srcdir}/config.c
 
-named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	${OBJS} ${UOBJS} ${LIBS}
+named: ${OBJS} ${UOBJS} ${DEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
 
-lwresd@EXEEXT@: named@EXEEXT@
-	rm -f lwresd@EXEEXT@
-	@LN@ named@EXEEXT@ lwresd@EXEEXT@
+lwresd: named
+	rm -f lwresd
+	@LN@ named lwresd
 
 doc man:: ${MANOBJS}
 
@@ -119,17 +112,16 @@ docclean manclean maintainer-clean::
 	rm -f ${MANOBJS}
 
 clean distclean maintainer-clean::
-	rm -f ${TARGETS} ${OBJS}
+	rm -f ${TARGETS}
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
 
-install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
-	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
+install:: named lwresd installdirs
+	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named ${DESTDIR}${sbindir}
+	(cd ${DESTDIR}${sbindir}; rm -f lwresd; @LN@ named lwresd)
 	${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
 	${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
 	${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
-

bin/named/aclconf.c

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.c,v 1.27.12.5 2005/03/17 03:58:25 marka Exp $ */
+/* $Id: aclconf.c,v 1.27.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #include <config.h>
 
@@ -23,8 +23,6 @@
 #include <isc/string.h>		/* Required for HP/UX (and others?) */
 #include <isc/util.h>
 
-#include <isccfg/namedconf.h>
-
 #include <dns/acl.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -54,10 +52,10 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx) {
  * Find the definition of the named acl whose name is "name".
  */
 static isc_result_t
-get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
+get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) {
 	isc_result_t result;
-	cfg_obj_t *acls = NULL;
-	cfg_listelt_t *elt;
+	const cfg_obj_t *acls = NULL;
+	const cfg_listelt_t *elt;
 	
 	result = cfg_map_get(cctx, "acl", &acls);
 	if (result != ISC_R_SUCCESS)
@@ -65,7 +63,7 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
 	for (elt = cfg_list_first(acls);
 	     elt != NULL;
 	     elt = cfg_list_next(elt)) {
-		cfg_obj_t *acl = cfg_listelt_value(elt);
+		const cfg_obj_t *acl = cfg_listelt_value(elt);
 		const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
 		if (strcasecmp(aclname, name) == 0) {
 			*ret = cfg_tuple_get(acl, "value");
@@ -76,15 +74,15 @@ get_acl_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
 }
 
 static isc_result_t
-convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
+convert_named_acl(const cfg_obj_t *nameobj, const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx, isc_mem_t *mctx,
 		  dns_acl_t **target)
 {
 	isc_result_t result;
-	cfg_obj_t *cacl = NULL;
+	const cfg_obj_t *cacl = NULL;
 	dns_acl_t *dacl;
 	dns_acl_t loop;
-	char *aclname = cfg_obj_asstring(nameobj);
+	const char *aclname = cfg_obj_asstring(nameobj);
 
 	/* Look for an already-converted version. */
 	for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
@@ -113,7 +111,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 	 */
 	memset(&loop, 0, sizeof(loop));
 	ISC_LINK_INIT(&loop, nextincache);
-	loop.name = aclname;
+	DE_CONST(aclname, loop.name);
 	loop.magic = LOOP_MAGIC;
 	ISC_LIST_APPEND(ctx->named_acl_cache, &loop, nextincache);
 	result = ns_acl_fromconfig(cacl, cctx, ctx, mctx, &dacl);
@@ -131,7 +129,7 @@ convert_named_acl(cfg_obj_t *nameobj, cfg_obj_t *cctx,
 }
 
 static isc_result_t
-convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
+convert_keyname(const cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
 	isc_result_t result;
 	isc_buffer_t buf;
 	dns_fixedname_t fixname;
@@ -154,8 +152,8 @@ convert_keyname(cfg_obj_t *keyobj, isc_mem_t *mctx, dns_name_t *dnsname) {
 }
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+		  const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx,
 		  isc_mem_t *mctx,
 		  dns_acl_t **target)
@@ -164,7 +162,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 	unsigned int count;
 	dns_acl_t *dacl = NULL;
 	dns_aclelement_t *de;
-	cfg_listelt_t *elt;
+	const cfg_listelt_t *elt;
 
 	REQUIRE(target != NULL && *target == NULL);
 
@@ -183,7 +181,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 	     elt != NULL;
 	     elt = cfg_list_next(elt))
 	{
-		cfg_obj_t *ce = cfg_listelt_value(elt);
+		const cfg_obj_t *ce = cfg_listelt_value(elt);
 		if (cfg_obj_istuple(ce)) {
 			/* This must be a negated element. */
 			ce = cfg_tuple_get(ce, "value");
@@ -215,7 +213,7 @@ ns_acl_fromconfig(cfg_obj_t *caml,
 				goto cleanup;
 		} else if (cfg_obj_isstring(ce)) {
 			/* ACL name */
-			char *name = cfg_obj_asstring(ce);
+			const char *name = cfg_obj_asstring(ce);
 			if (strcasecmp(name, "localhost") == 0) {
 				de->type = dns_aclelementtype_localhost;
 			} else if (strcasecmp(name, "localnets") == 0) {

bin/named/builtin.c

@@ -1,228 +0,0 @@
-/*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: builtin.c,v 1.4.106.4 2004/03/08 04:04:18 marka Exp $ */
-
-/*
- * The built-in "version", "hostname", "id" and "authors" databases.
- */
-
-#include <config.h>
-
-#include <string.h>
-#include <stdio.h>
-
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/util.h>
-
-#include <dns/sdb.h>
-#include <dns/result.h>
-
-#include <named/builtin.h>
-#include <named/globals.h>
-#include <named/server.h>
-#include <named/os.h>
-
-typedef struct builtin builtin_t;
-
-static isc_result_t do_version_lookup(dns_sdblookup_t *lookup);
-static isc_result_t do_hostname_lookup(dns_sdblookup_t *lookup);
-static isc_result_t do_authors_lookup(dns_sdblookup_t *lookup);
-static isc_result_t do_id_lookup(dns_sdblookup_t *lookup);
-
-/*
- * We can't use function pointers as the db_data directly
- * because ANSI C does not guarantee that function pointers
- * can safely be cast to void pointers and back.
- */
-
-struct builtin {
-	isc_result_t (*do_lookup)(dns_sdblookup_t *lookup);
-};
-
-static builtin_t version_builtin = { do_version_lookup };
-static builtin_t hostname_builtin = { do_hostname_lookup };
-static builtin_t authors_builtin = { do_authors_lookup };
-static builtin_t id_builtin = { do_id_lookup };
-
-static dns_sdbimplementation_t *builtin_impl;
-
-static isc_result_t
-builtin_lookup(const char *zone, const char *name, void *dbdata,
-	       dns_sdblookup_t *lookup)
-{
-	builtin_t *b = (builtin_t *) dbdata;
-
-	UNUSED(zone);
-
-	if (strcmp(name, "@") == 0)
-		return (b->do_lookup(lookup));
-	else
-		return (ISC_R_NOTFOUND);
-}
-
-static isc_result_t
-put_txt(dns_sdblookup_t *lookup, const char *text) {
-	unsigned char buf[256];
-	unsigned int len = strlen(text);
-	if (len > 255)
-		len = 255; /* Silently truncate */
-	buf[0] = len;
-	memcpy(&buf[1], text, len);
-	return (dns_sdb_putrdata(lookup, dns_rdatatype_txt, 0, buf, len + 1));
-}
-
-static isc_result_t
-do_version_lookup(dns_sdblookup_t *lookup) {
-	if (ns_g_server->version_set) {	
-		if (ns_g_server->version == NULL)
-			return (ISC_R_SUCCESS);
-		else
-			return (put_txt(lookup, ns_g_server->version));
-	} else {
-		return (put_txt(lookup, ns_g_version));
-	}
-}
-
-static isc_result_t
-do_hostname_lookup(dns_sdblookup_t *lookup) {
-	if (ns_g_server->hostname_set) {
-		if (ns_g_server->hostname == NULL)
-			return (ISC_R_SUCCESS);
-		else
-			return (put_txt(lookup, ns_g_server->hostname));
-	} else {
-		char buf[256];
-		isc_result_t result = ns_os_gethostname(buf, sizeof(buf));
-		if (result != ISC_R_SUCCESS)
-			return (result);
-		return (put_txt(lookup, buf));
-	}
-}
-
-static isc_result_t
-do_authors_lookup(dns_sdblookup_t *lookup) {
-	isc_result_t result;
-	const char **p;
-	static const char *authors[] = {
-		"Mark Andrews",
-		"James Brister",
-		"Ben Cottrell",
-		"Michael Graff",
-		"Andreas Gustafsson",
-		"Bob Halley",
-		"David Lawrence",
-		"Danny Mayer",
-		"Damien Neil",
-		"Matt Nelson",
-		"Michael Sawyer",
-		"Brian Wellington",
-		NULL
-	};
-
-	/*
-	 * If a version string is specified, disable the authors.bind zone.
-	 */
-	if (ns_g_server->version_set)
-		return (ISC_R_SUCCESS);
-
-	for (p = authors; *p != NULL; p++) {
-		result = put_txt(lookup, *p);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-do_id_lookup(dns_sdblookup_t *lookup) {
-
-	if (ns_g_server->server_usehostname) {
-		char buf[256];
-		isc_result_t result = ns_os_gethostname(buf, sizeof(buf));
-		if (result != ISC_R_SUCCESS)
-			return (result);
-		return (put_txt(lookup, buf));
-	}
-
-	if (ns_g_server->server_id == NULL)
-		return (ISC_R_SUCCESS);
-	else
-		return (put_txt(lookup, ns_g_server->server_id));
-}
-
-static isc_result_t
-builtin_authority(const char *zone, void *dbdata, dns_sdblookup_t *lookup) {
-	isc_result_t result;
-
-	UNUSED(zone);
-	UNUSED(dbdata);
-
-	result = dns_sdb_putsoa(lookup, "@", "hostmaster", 0);
-	if (result != ISC_R_SUCCESS)
-		return (ISC_R_FAILURE);
-	result = dns_sdb_putrr(lookup, "ns", 0, "@");
-	if (result != ISC_R_SUCCESS)
-		return (ISC_R_FAILURE);
-
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-builtin_create(const char *zone, int argc, char **argv,
-	       void *driverdata, void **dbdata)
-{
-	UNUSED(zone);
-	UNUSED(driverdata);
-	if (argc != 1)
-		return (DNS_R_SYNTAX);
-	if (strcmp(argv[0], "version") == 0)
-		*dbdata = &version_builtin;
-	else if (strcmp(argv[0], "hostname") == 0)
-		*dbdata = &hostname_builtin;
-	else if (strcmp(argv[0], "authors") == 0)
-		*dbdata = &authors_builtin;
-	else if (strcmp(argv[0], "id") == 0)
-		*dbdata = &id_builtin;
-	else
-		return (ISC_R_NOTIMPLEMENTED);
-	return (ISC_R_SUCCESS);
-}
-
-static dns_sdbmethods_t builtin_methods = {
-	builtin_lookup,
-	builtin_authority,
-	NULL,		/* allnodes */
-	builtin_create,
-	NULL		/* destroy */
-};
-
-isc_result_t
-ns_builtin_init(void) {
-	RUNTIME_CHECK(dns_sdb_register("_builtin", &builtin_methods, NULL,
-				       DNS_SDBFLAG_RELATIVEOWNER |
-				       DNS_SDBFLAG_RELATIVERDATA,
-				       ns_g_mctx, &builtin_impl)
-		      == ISC_R_SUCCESS);
-	return (ISC_R_SUCCESS);
-}
-
-void
-ns_builtin_deinit(void) {
-	dns_sdb_unregister(&builtin_impl);
-}

bin/named/client.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and distribute this software for any
+ * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.176.2.13.4.26 2005/07/27 02:53:14 marka Exp $ */
+/* $Id: client.c,v 1.176.2.29 2007/08/28 07:18:13 tbox Exp $ */
 
 #include <config.h>
 
@@ -34,7 +34,6 @@
 #include <dns/events.h>
 #include <dns/message.h>
 #include <dns/rcode.h>
-#include <dns/resolver.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
 #include <dns/rdatalist.h>
@@ -97,7 +96,6 @@ struct ns_clientmgr {
 	/* Locked by lock. */
 	isc_boolean_t			exiting;
 	client_list_t			active; 	/* Active clients */
-	client_list_t			recursing; 	/* Recursing clients */
 	client_list_t 			inactive;	/* To be recycled */
 };
 
@@ -153,7 +151,7 @@ struct ns_clientmgr {
 #define NS_CLIENTSTATE_WORKING  4
 /*
  * The client object has received a request and is working
- * on it.  It has a view, and it may have any of a non-reset OPT,
+ * on it.  It has a view, and it may  have any of a non-reset OPT,
  * recursion quota, and an outstanding write request.
  */
 
@@ -164,6 +162,12 @@ struct ns_clientmgr {
  * Must be greater than any valid state.
  */
 
+/*
+ * Enable ns_client_dropport() by default.
+ */
+#ifndef NS_CLIENT_DROPPORT
+#define NS_CLIENT_DROPPORT 1
+#endif
 
 static void client_read(ns_client_t *client);
 static void client_accept(ns_client_t *client);
@@ -176,33 +180,6 @@ static void client_start(isc_task_t *task, isc_event_t *event);
 static void client_request(isc_task_t *task, isc_event_t *event);
 static void ns_client_dumpmessage(ns_client_t *client, const char *reason);
 
-void
-ns_client_recursing(ns_client_t *client) {
-	REQUIRE(NS_CLIENT_VALID(client));
-
-	LOCK(&client->manager->lock);
-	ISC_LIST_UNLINK(*client->list, client, link);
-	ISC_LIST_APPEND(client->manager->recursing, client, link);
-	client->list = &client->manager->recursing;
-	UNLOCK(&client->manager->lock);
-}
-
-void
-ns_client_killoldestquery(ns_client_t *client) {
-	ns_client_t *oldest;
-	REQUIRE(NS_CLIENT_VALID(client));
-
-	LOCK(&client->manager->lock);
-	oldest = ISC_LIST_HEAD(client->manager->recursing);
-	if (oldest != NULL) {
-		ns_query_cancel(oldest);
-		ISC_LIST_UNLINK(*oldest->list, oldest, link);
-		ISC_LIST_APPEND(client->manager->active, oldest, link);
-		oldest->list = &client->manager->active;
-	}
-	UNLOCK(&client->manager->lock);
-}
-
 void
 ns_client_settimeout(ns_client_t *client, unsigned int seconds) {
 	isc_result_t result;
@@ -325,9 +302,9 @@ exit_check(ns_client_t *client) {
 			isc_quota_detach(&client->tcpquota);
 
 		if (client->timerset) {
-			(void)isc_timer_reset(client->timer,
-					      isc_timertype_inactive,
-					      NULL, NULL, ISC_TRUE);
+			(void) isc_timer_reset(client->timer,
+					       isc_timertype_inactive,
+					       NULL, NULL, ISC_TRUE);
 			client->timerset = ISC_FALSE;
 		}
 
@@ -460,8 +437,7 @@ exit_check(ns_client_t *client) {
 			client->list = NULL;
 			if (manager->exiting &&
 			    ISC_LIST_EMPTY(manager->active) &&
-			    ISC_LIST_EMPTY(manager->inactive) &&
-			    ISC_LIST_EMPTY(manager->recursing))
+			    ISC_LIST_EMPTY(manager->inactive))
 				destroy_manager = manager;
 		}
 		/*
@@ -550,6 +526,7 @@ client_shutdown(isc_task_t *task, isc_event_t *event) {
 	(void)exit_check(client);
 }
 
+
 static void
 ns_client_endrequest(ns_client_t *client) {
 	INSIST(client->naccepts == 0);
@@ -649,7 +626,7 @@ ns_client_next(ns_client_t *client, isc_result_t result) {
 
 	if (client->newstate > newstate)
 		client->newstate = newstate;
-	(void)exit_check(client);
+	(void) exit_check(client);
 }
 
 
@@ -779,8 +756,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 		sockflags |= ISC_SOCKFLAG_NORETRY;
 	}
 
-	if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0 &&
-	    (client->attributes & NS_CLIENTATTR_MULTICAST) == 0)
+	if ((client->attributes & NS_CLIENTATTR_PKTINFO) != 0)
 		pktinfo = &client->pktinfo;
 	else
 		pktinfo = NULL;
@@ -858,8 +834,6 @@ ns_client_send(ns_client_t *client) {
 	dns_compress_t cctx;
 	isc_boolean_t cleanup_cctx = ISC_FALSE;
 	unsigned char sendbuf[SEND_BUFFER_SIZE];
-	unsigned int dnssec_opts;
-	unsigned int preferred_glue;
 
 	REQUIRE(NS_CLIENT_VALID(client));
 
@@ -868,19 +842,6 @@ ns_client_send(ns_client_t *client) {
 	if ((client->attributes & NS_CLIENTATTR_RA) != 0)
 		client->message->flags |= DNS_MESSAGEFLAG_RA;
 
-	if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
-		dnssec_opts = 0;
-	else
-		dnssec_opts = DNS_MESSAGERENDER_OMITDNSSEC;
-
-	preferred_glue = 0;
-	if (client->view != NULL) {
-		if (client->view->preferred_glue == dns_rdatatype_a)
-			preferred_glue = DNS_MESSAGERENDER_PREFER_A;
-		else if (client->view->preferred_glue == dns_rdatatype_aaaa)
-			preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
-	}
-
 	/*
 	 * XXXRTH  The following doesn't deal with TCP buffer resizing.
 	 */
@@ -916,8 +877,7 @@ ns_client_send(ns_client_t *client) {
 		goto done;
 	result = dns_message_rendersection(client->message,
 					   DNS_SECTION_ANSWER,
-					   DNS_MESSAGERENDER_PARTIAL |
-					   dnssec_opts);
+					   DNS_MESSAGERENDER_PARTIAL);
 	if (result == ISC_R_NOSPACE) {
 		client->message->flags |= DNS_MESSAGEFLAG_TC;
 		goto renderend;
@@ -926,8 +886,7 @@ ns_client_send(ns_client_t *client) {
 		goto done;
 	result = dns_message_rendersection(client->message,
 					   DNS_SECTION_AUTHORITY,
-					   DNS_MESSAGERENDER_PARTIAL |
-					   dnssec_opts);
+					   DNS_MESSAGERENDER_PARTIAL);
 	if (result == ISC_R_NOSPACE) {
 		client->message->flags |= DNS_MESSAGEFLAG_TC;
 		goto renderend;
@@ -935,8 +894,7 @@ ns_client_send(ns_client_t *client) {
 	if (result != ISC_R_SUCCESS)
 		goto done;
 	result = dns_message_rendersection(client->message,
-					   DNS_SECTION_ADDITIONAL,
-					   preferred_glue | dnssec_opts);
+					   DNS_SECTION_ADDITIONAL, 0);
 	if (result != ISC_R_SUCCESS && result != ISC_R_NOSPACE)
 		goto done;
  renderend:
@@ -972,6 +930,34 @@ ns_client_send(ns_client_t *client) {
 	ns_client_next(client, result);
 }
 
+#if NS_CLIENT_DROPPORT
+#define DROPPORT_NO		0
+#define DROPPORT_REQUEST	1
+#define DROPPORT_RESPONSE	2
+/*%
+ * ns_client_dropport determines if certain requests / responses
+ * should be dropped based on the port number.
+ *
+ * Returns:
+ * \li	0:	Don't drop.
+ * \li	1:	Drop request.
+ * \li	2:	Drop (error) response.
+ */
+static int
+ns_client_dropport(in_port_t port) {
+	switch (port) {
+	case 7: /* echo */
+	case 13: /* daytime */
+	case 19: /* chargen */
+	case 37: /* time */
+		return (DROPPORT_REQUEST);
+	case 464: /* kpasswd */
+		return (DROPPORT_RESPONSE);
+	}
+	return (DROPPORT_NO);
+}
+#endif
+
 void
 ns_client_error(ns_client_t *client, isc_result_t result) {
 	dns_rcode_t rcode;
@@ -984,6 +970,28 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
 	message = client->message;
 	rcode = dns_result_torcode(result);
 
+#if NS_CLIENT_DROPPORT
+	/*
+	 * Don't send FORMERR to ports on the drop port list.
+	 */
+	if (rcode == dns_rcode_formerr &&
+	    ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) !=
+	    DROPPORT_NO) {
+		char buf[64];
+		isc_buffer_t b;
+
+		isc_buffer_init(&b, buf, sizeof(buf) - 1);
+		if (dns_rcode_totext(rcode, &b) != ISC_R_SUCCESS)
+			isc_buffer_putstr(&b, "UNKNOWN RCODE");
+		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+			      "dropped error (%.*s) response: suspicious port",
+			      (int)isc_buffer_usedlength(&b), buf);
+		ns_client_next(client, ISC_R_SUCCESS);
+		return;
+	}
+#endif
+
 	/*
 	 * Message may be an in-progress reply that we had trouble
 	 * with, in which case QR will be set.  We need to clear QR before
@@ -1044,9 +1052,6 @@ client_addopt(ns_client_t *client) {
 	dns_rdatalist_t *rdatalist;
 	dns_rdata_t *rdata;
 	isc_result_t result;
-	dns_view_t *view;
-	dns_resolver_t *resolver;
-	isc_uint16_t udpsize;
 
 	REQUIRE(client->opt == NULL);	/* XXXRTH free old. */
 
@@ -1070,21 +1075,19 @@ client_addopt(ns_client_t *client) {
 	/*
 	 * Set the maximum UDP buffer size.
 	 */
-	view = client->view;
-	resolver = (view != NULL) ? view->resolver : NULL;
-	if (resolver != NULL)
-		udpsize = dns_resolver_getudpsize(resolver);
-	else
-		udpsize = ns_g_udpsize;
-	rdatalist->rdclass = udpsize;
+	rdatalist->rdclass = RECV_BUFFER_SIZE;
 
 	/*
-	 * Set EXTENDED-RCODE, VERSION and Z to 0.
+	 * Set EXTENDED-RCODE, VERSION, and Z to 0.
 	 */
+#ifdef ISC_RFC2535
 	rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
+#else
+	rdatalist->ttl = 0;
+#endif
 
 	/*
-	 * No ENDS options in the default case.
+	 * No EDNS options in the default case.
 	 */
 	rdata->data = NULL;
 	rdata->length = 0;
@@ -1094,8 +1097,7 @@ client_addopt(ns_client_t *client) {
 
 	ISC_LIST_INIT(rdatalist->rdata);
 	ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
-	RUNTIME_CHECK(dns_rdatalist_tordataset(rdatalist, rdataset)
-		      == ISC_R_SUCCESS);
+	dns_rdatalist_tordataset(rdatalist, rdataset);
 
 	client->opt = rdataset;
 
@@ -1103,13 +1105,13 @@ client_addopt(ns_client_t *client) {
 }
 
 static inline isc_boolean_t
-allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl) {
+allowed(isc_netaddr_t *addr, dns_acl_t *acl) {
 	int match;
 	isc_result_t result;
 
 	if (acl == NULL)
 		return (ISC_TRUE);
-	result = dns_acl_match(addr, signer, acl, &ns_g_server->aclenv,
+	result = dns_acl_match(addr, NULL, acl, &ns_g_server->aclenv,
 			       &match, NULL);
 	if (result == ISC_R_SUCCESS && match > 0)
 		return (ISC_TRUE);
@@ -1125,7 +1127,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	ns_client_t *client;
 	isc_socketevent_t *sevent;
 	isc_result_t result;
-	isc_result_t sigresult = ISC_R_SUCCESS;
+	isc_result_t sigresult;
 	isc_buffer_t *buffer;
 	isc_buffer_t tbuffer;
 	dns_view_t *view;
@@ -1143,6 +1145,8 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	REQUIRE(NS_CLIENT_VALID(client));
 	REQUIRE(task == client->task);
 
+	UNUSED(task);
+
 	INSIST(client->recursionquota == NULL);
 
 	INSIST(client->state ==
@@ -1186,7 +1190,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		goto cleanup;
 	client->state = client->newstate = NS_CLIENTSTATE_WORKING;
 
-	isc_task_getcurrenttime(task, &client->requesttime);
+	isc_stdtime_get(&client->requesttime);
 	client->now = client->requesttime;
 
 	if (result != ISC_R_SUCCESS) {
@@ -1208,6 +1212,17 @@ client_request(isc_task_t *task, isc_event_t *event) {
 
 	isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 
+#if NS_CLIENT_DROPPORT
+	if (ns_client_dropport(isc_sockaddr_getport(&client->peeraddr)) ==
+	    DROPPORT_REQUEST) {
+		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
+			      "dropped request: suspicious port");
+		ns_client_next(client, ISC_R_SUCCESS);
+		goto cleanup;
+	}
+#endif
+
 	ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 		      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
 		      "%s request",
@@ -1233,15 +1248,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		}
 	}
 
-	/*
-	 * Silently drop multicast requests for the present.
-	 * XXXMPA look at when/if mDNS spec stabilizes.
-	 */
 	if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0) {
 		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(2),
-			      "dropping multicast request");
+			      "multicast request");
 		ns_client_next(client, DNS_R_REFUSED);
+		goto cleanup;
 	}
 
 	result = dns_message_peekheader(buffer, &id, &flags);
@@ -1271,6 +1283,14 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		}
 	}
 
+	/*
+	 * Hash the incoming request here as it is after
+	 * dns_dispatch_importrecv().
+	 */
+	dns_dispatch_hash(&client->now, sizeof(client->now));
+	dns_dispatch_hash(isc_buffer_base(buffer),
+			  isc_buffer_usedlength(buffer));
+
 	/*
 	 * It's a request.  Parse it.
 	 */
@@ -1298,10 +1318,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 
 	client->message->rcode = dns_rcode_noerror;
 
-	/* RFC1123 section 6.1.3.2 */
-	if ((client->attributes & NS_CLIENTATTR_MULTICAST) != 0)
-		client->message->flags &= ~DNS_MESSAGEFLAG_RD;
-
 	/*
 	 * Deal with EDNS.
 	 */
@@ -1336,7 +1352,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		}
 
 		/*
-		 * Do we understand this version of ENDS?
+		 * Do we understand this version of EDNS?
 		 *
 		 * XXXRTH need library support for this!
 		 */
@@ -1358,19 +1374,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	}
 
 	/*
-	 * Determine the destination address.  If the receiving interface is
-	 * bound to a specific address, we simply use it regardless of the
-	 * address family.  All IPv4 queries should fall into this case.
-	 * Otherwise, if this is a TCP query, get the address from the
-	 * receiving socket (this needs a system call and can be heavy).
-	 * For IPv6 UDP queries, we get this from the pktinfo structure (if
-	 * supported).
-	 * If all the attempts fail (this can happen due to memory shortage,
-	 * etc), we regard this as an error for safety. 
+	 * Determine the destination address.  For TCP/IPv6, we get this from
+	 * the receiving socket.  For UDP/IPv6, we get it from the pktinfo
+	 * structure (if supported).  For IPv4, we have to do with
+	 * the address of the interface where the request was received.
 	 */
-	if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
-		isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
-	else {
+	if (client->interface->addr.type.sa.sa_family == AF_INET6) {
 		result = ISC_R_FAILURE;
 
 		if (TCP_CLIENT(client)) {
@@ -1383,24 +1392,8 @@ client_request(isc_task_t *task, isc_event_t *event) {
 							 &destsockaddr);
 		}
 		if (result != ISC_R_SUCCESS &&
-		    client->interface->addr.type.sa.sa_family == AF_INET6 &&
 		    (client->attributes & NS_CLIENTATTR_PKTINFO) != 0) {
-			isc_uint32_t zone = 0;
-
-			/*
-			 * XXXJT technically, we should convert the receiving
-			 * interface ID to a proper scope zone ID.  However,
-			 * due to the fact there is no standard API for this,
-			 * we only handle link-local addresses and use the
-			 * interface index as link ID.  Despite the assumption,
-			 * it should cover most typical cases.
-			 */
-			if (IN6_IS_ADDR_LINKLOCAL(&client->pktinfo.ipi6_addr))
-				zone = (isc_uint32_t)client->pktinfo.ipi6_ifindex;
-
-			isc_netaddr_fromin6(&destaddr,
-					    &client->pktinfo.ipi6_addr);
-			isc_netaddr_setzone(&destaddr, zone);
+			isc_netaddr_fromin6(&destaddr, &client->pktinfo.ipi6_addr);
 			result = ISC_R_SUCCESS;
 		}
 		if (result != ISC_R_SUCCESS) {
@@ -1408,8 +1401,11 @@ client_request(isc_task_t *task, isc_event_t *event) {
 					 "failed to get request's "
 					 "destination: %s",
 					 isc_result_totext(result));
+			ns_client_next(client, ISC_R_SUCCESS);
 			goto cleanup;
 		}
+	} else {
+		isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
 	}
 
 	/*
@@ -1421,16 +1417,10 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		if (client->message->rdclass == view->rdclass ||
 		    client->message->rdclass == dns_rdataclass_any)
 		{
-			dns_name_t *tsig = NULL;
-			sigresult = dns_message_rechecksig(client->message,
-							   view);
-			if (sigresult == ISC_R_SUCCESS)
-				tsig = client->message->tsigname;
-				
-			if (allowed(&netaddr, tsig, view->matchclients) &&
-			    allowed(&destaddr, tsig, view->matchdestinations) &&
-			    !((client->message->flags & DNS_MESSAGEFLAG_RD)
-			      == 0 && view->matchrecursiveonly))
+			if (allowed(&netaddr, view->matchclients) &&
+			    allowed(&destaddr, view->matchdestinations) &&
+			    !((flags & DNS_MESSAGEFLAG_RD) == 0 &&
+			      view->matchrecursiveonly))
 			{
 				dns_view_attach(view, &client->view);
 				break;
@@ -1448,9 +1438,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		 */
 		isc_buffer_t b;
 		isc_region_t *r;
-
-		dns_message_resetsig(client->message);
-
 		r = dns_message_getrawmessage(client->message);
 		isc_buffer_init(&b, r->base, r->length);
 		isc_buffer_add(&b, r->length);
@@ -1476,6 +1463,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	 * not.  We do not log the lack of a signature unless we are
 	 * debugging.
 	 */
+	sigresult = dns_message_checksig(client->message, client->view);
 	client->signer = NULL;
 	dns_name_init(&client->signername, NULL);
 	result = dns_message_signer(client->message, &client->signername);
@@ -1493,29 +1481,11 @@ client_request(isc_task_t *task, isc_event_t *event) {
 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
 			      "request is signed by a nonauthoritative key");
 	} else {
-		char tsigrcode[64];
-		isc_buffer_t b;
-		dns_name_t *name = NULL;
-
-		isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
-		RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus,
-						   &b) == ISC_R_SUCCESS);
-		tsigrcode[isc_buffer_usedlength(&b)] = '\0';
 		/* There is a signature, but it is bad. */
-		if (dns_message_gettsig(client->message, &name) != NULL) {
-			char namebuf[DNS_NAME_FORMATSIZE];
-			dns_name_format(name, namebuf, sizeof(namebuf));
-			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
-				      "request has invalid signature: "
-				      "TSIG %s: %s (%s)", namebuf,
-				      isc_result_totext(result), tsigrcode);
-		} else {
-			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
-				      "request has invalid signature: %s (%s)",
-				      isc_result_totext(result), tsigrcode);
-		}
+		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+			      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
+			      "request has invalid signature: %s",
+			      isc_result_totext(result));
 		/*
 		 * Accept update messages signed by unknown keys so that
 		 * update forwarding works transparently through slaves
@@ -1537,17 +1507,17 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	ra = ISC_FALSE;
 	if (client->view->resolver != NULL &&
 	    client->view->recursion == ISC_TRUE &&
-	    ns_client_checkaclsilent(client, client->view->recursionacl,
+	    /* XXX this will log too much too early */
+	    ns_client_checkacl(client, "recursion available:",
+			       client->view->recursionacl,
+			       ISC_TRUE, ISC_LOG_DEBUG(1)) == ISC_R_SUCCESS &&
+	    ns_client_checkaclsilent(client, client->view->queryacl,
 				     ISC_TRUE) == ISC_R_SUCCESS)
 		ra = ISC_TRUE;
 
 	if (ra == ISC_TRUE)
 		client->attributes |= NS_CLIENTATTR_RA;
 
-	ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
-		      ISC_LOG_DEBUG(3), ra ? "recursion available" :
-		      			     "recursion not available");
-
 	/*
 	 * Dispatch the request.
 	 */
@@ -1605,7 +1575,7 @@ client_timeout(isc_task_t *task, isc_event_t *event) {
 
 	if (client->newstate > NS_CLIENTSTATE_READY)
 		client->newstate = NS_CLIENTSTATE_READY;
-	(void)exit_check(client);
+	(void) exit_check(client);
 }
 
 static isc_result_t
@@ -1623,7 +1593,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 
 	REQUIRE(clientp != NULL && *clientp == NULL);
 
-	client = isc_mem_get(manager->mctx, sizeof(*client));
+	client = isc_mem_get(manager->mctx, sizeof *client);
 	if (client == NULL)
 		return (ISC_R_NOMEMORY);
 
@@ -1763,7 +1733,7 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	isc_task_detach(&client->task);
 
  cleanup_client:
-	isc_mem_put(manager->mctx, client, sizeof(*client));
+	isc_mem_put(manager->mctx, client, sizeof *client);
 
 	return (result);
 }
@@ -1826,8 +1796,8 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 		client->state = NS_CLIENTSTATE_READING;
 		INSIST(client->recursionquota == NULL);
 
-		(void)isc_socket_getpeername(client->tcpsocket,
-					     &client->peeraddr);
+		(void) isc_socket_getpeername(client->tcpsocket,
+					      &client->peeraddr);
 		client->peeraddr_valid = ISC_TRUE;
 		ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 			   NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
@@ -1947,7 +1917,7 @@ client_udprecv(ns_client_t *client) {
 				 isc_result_totext(result));
 		/*
 		 * This cannot happen in the current implementation, since
-		 * isc_socket_recv2() cannot fail if flags == 0.
+		 * isc_socket_recv2() cannot fail if flags == 0A
 		 *
 		 * If this does fail, we just go idle.
 		 */
@@ -1979,7 +1949,7 @@ ns_client_detach(ns_client_t **clientp) {
 	ns_client_log(client, NS_LOGCATEGORY_CLIENT,
 		      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(10),
 		      "ns_client_detach: ref = %d", client->references);
-	(void)exit_check(client);
+	(void) exit_check(client);
 }
 
 isc_boolean_t
@@ -2018,13 +1988,12 @@ static void
 clientmgr_destroy(ns_clientmgr_t *manager) {
 	REQUIRE(ISC_LIST_EMPTY(manager->active));
 	REQUIRE(ISC_LIST_EMPTY(manager->inactive));
-	REQUIRE(ISC_LIST_EMPTY(manager->recursing));
 
 	MTRACE("clientmgr_destroy");
 
 	DESTROYLOCK(&manager->lock);
 	manager->magic = 0;
-	isc_mem_put(manager->mctx, manager, sizeof(*manager));
+	isc_mem_put(manager->mctx, manager, sizeof *manager);
 }
 
 isc_result_t
@@ -2034,7 +2003,7 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 	ns_clientmgr_t *manager;
 	isc_result_t result;
 
-	manager = isc_mem_get(mctx, sizeof(*manager));
+	manager = isc_mem_get(mctx, sizeof *manager);
 	if (manager == NULL)
 		return (ISC_R_NOMEMORY);
 
@@ -2048,7 +2017,6 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 	manager->exiting = ISC_FALSE;
 	ISC_LIST_INIT(manager->active);
 	ISC_LIST_INIT(manager->inactive);
-	ISC_LIST_INIT(manager->recursing);
 	manager->magic = MANAGER_MAGIC;
 
 	MTRACE("create");
@@ -2058,7 +2026,7 @@ ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 	return (ISC_R_SUCCESS);
 
  cleanup_manager:
-	isc_mem_put(manager->mctx, manager, sizeof(*manager));
+	isc_mem_put(manager->mctx, manager, sizeof *manager);
 
 	return (result);
 }
@@ -2079,11 +2047,6 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
 
 	manager->exiting = ISC_TRUE;
 
-	for (client = ISC_LIST_HEAD(manager->recursing);
-	     client != NULL;
-	     client = ISC_LIST_NEXT(client, link))
-		isc_task_shutdown(client->task);
-
 	for (client = ISC_LIST_HEAD(manager->active);
 	     client != NULL;
 	     client = ISC_LIST_NEXT(client, link))
@@ -2095,8 +2058,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp) {
 		isc_task_shutdown(client->task);
 
 	if (ISC_LIST_EMPTY(manager->active) &&
-	    ISC_LIST_EMPTY(manager->inactive) &&
-	    ISC_LIST_EMPTY(manager->recursing))
+	    ISC_LIST_EMPTY(manager->inactive))
 		need_destroy = ISC_TRUE;
 
 	UNLOCK(&manager->lock);
@@ -2249,25 +2211,23 @@ ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
 		snprintf(peerbuf, len, "@%p", client);
 }
 
-void
+static void
+ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
+	   isc_logmodule_t *module, int level, const char *fmt, va_list ap)
+     ISC_FORMAT_PRINTF(5, 0);
+
+static void
 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
 	   isc_logmodule_t *module, int level, const char *fmt, va_list ap)
 {
 	char msgbuf[2048];
 	char peerbuf[ISC_SOCKADDR_FORMATSIZE];
-	const char *name = "";
-	const char *sep = "";
 
 	vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
-	ns_client_name(client, peerbuf, sizeof(peerbuf));
-	if (client->view != NULL && strcmp(client->view->name, "_bind") != 0 &&
-	    strcmp(client->view->name, "_default") != 0) {
-		name = client->view->name;
-		sep = ": view ";
-	}
+	ns_client_name(client, peerbuf, sizeof peerbuf);
 
 	isc_log_write(ns_g_lctx, category, module, level,
-		      "client %s%s%s: %s", peerbuf, sep, name, msgbuf);
+		      "client %s: %s", peerbuf, msgbuf);
 }
 
 void
@@ -2285,18 +2245,15 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 }
 
 void
-ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
-		 dns_rdataclass_t rdclass, char *buf, size_t len) 
+ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
+		 char *buf, size_t len) 
 {
         char namebuf[DNS_NAME_FORMATSIZE];
-        char typebuf[DNS_RDATATYPE_FORMATSIZE];
         char classbuf[DNS_RDATACLASS_FORMATSIZE];
 
         dns_name_format(name, namebuf, sizeof(namebuf));
-        dns_rdatatype_format(type, typebuf, sizeof(typebuf));
         dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
-        (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
-		       classbuf);
+        (void)snprintf(buf, len, "%s '%s/%s'", msg, namebuf, classbuf);
 }
 
 static void
@@ -2333,34 +2290,3 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) {
 	if (buf != NULL)
 		isc_mem_put(client->mctx, buf, len);
 }
-
-void
-ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
-	ns_client_t *client;
-	char namebuf[DNS_NAME_FORMATSIZE];
-	char peerbuf[ISC_SOCKADDR_FORMATSIZE];
-	const char *name;
-	const char *sep;
-
-	REQUIRE(VALID_MANAGER(manager));
-	      
-	LOCK(&manager->lock);
-	client = ISC_LIST_HEAD(manager->recursing);
-	while (client != NULL) {
-		ns_client_name(client, peerbuf, sizeof(peerbuf));
-		if (client->view != NULL &&
-		    strcmp(client->view->name, "_bind") != 0 &&
-		    strcmp(client->view->name, "_default") != 0) {
-			name = client->view->name;
-			sep = ": view ";
-		} else {
-			name = "";
-			sep = "";
-		}
-		dns_name_format(client->query.qname, namebuf, sizeof(namebuf));
-		fprintf(f, "; client %s%s%s: '%s' requesttime %d\n",
-			peerbuf, sep, name, namebuf, client->requesttime);
-		client = ISC_LIST_NEXT(client, link);
-	}
-	UNLOCK(&manager->lock);
-}

bin/named/config.c

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001-2003  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.11.2.4.8.29 2004/10/05 02:52:26 marka Exp $ */
+/* $Id: config.c,v 1.11.2.9 2006/03/01 01:34:04 marka Exp $ */
 
 #include <config.h>
 
@@ -30,12 +30,11 @@
 #include <isc/sockaddr.h>
 #include <isc/util.h>
 
-#include <isccfg/namedconf.h>
+#include <isccfg/cfg.h>
 
 #include <dns/fixedname.h>
 #include <dns/name.h>
 #include <dns/rdataclass.h>
-#include <dns/rdatatype.h>
 #include <dns/tsig.h>
 #include <dns/zone.h>
 
@@ -67,7 +66,6 @@ options {\n\
 #	named-xfer <obsolete>;\n\
 #	pid-file \"" NS_LOCALSTATEDIR "/named.pid\"; /* or /lwresd.pid */\n\
 	port 53;\n\
-	recursing-file \"named.recursing\";\n\
 "
 #ifdef PATH_RANDOMDEV
 "\
@@ -79,11 +77,9 @@ options {\n\
 	rrset-order {order cyclic;};\n\
 	serial-queries 20;\n\
 	serial-query-rate 20;\n\
-	server-id none;\n\
 	statistics-file \"named.stats\";\n\
 	statistics-interval 60;\n\
 	tcp-clients 100;\n\
-	tcp-listen-queue 3;\n\
 #	tkey-dhkey <none>\n\
 #	tkey-gssapi-credential <none>\n\
 #	tkey-domain <none>\n\
@@ -93,13 +89,13 @@ options {\n\
 	treat-cr-as-space true;\n\
 	use-id-pool true;\n\
 	use-ixfr true;\n\
-	edns-udp-size 4096;\n\
+	version \""VERSION"\";\n\
 \n\
 	/* view */\n\
 	allow-notify {none;};\n\
 	allow-update-forwarding {none;};\n\
 	allow-recursion {any;};\n\
-#	allow-v6-synthesis <obsolete>;\n\
+	allow-v6-synthesis {none;};\n\
 #	sortlist <none>\n\
 #	topology <none>\n\
 	auth-nxdomain false;\n\
@@ -122,13 +118,11 @@ options {\n\
 	max-cache-ttl 604800; /* 1 week */\n\
 	transfer-format many-answers;\n\
 	max-cache-size 0;\n\
-	check-names master fail;\n\
-	check-names slave warn;\n\
+	check-names master ignore;\n\
+	check-names slave ignore;\n\
 	check-names response ignore;\n\
-	dnssec-enable no; /* Make yes for 9.4. */ \n\
-"
-
-"	/* zone */\n\
+\n\
+	/* zone */\n\
 	allow-query {any;};\n\
 	allow-transfer {any;};\n\
 	notify yes;\n\
@@ -140,8 +134,6 @@ options {\n\
 #	max-ixfr-log-size <obsolete>\n\
 	transfer-source *;\n\
 	transfer-source-v6 *;\n\
-	alt-transfer-source *;\n\
-	alt-transfer-source-v6 *;\n\
 	max-transfer-time-in 120;\n\
 	max-transfer-time-out 120;\n\
 	max-transfer-idle-in 60;\n\
@@ -150,41 +142,9 @@ options {\n\
 	min-retry-time 500;\n\
 	max-refresh-time 2419200; /* 4 weeks */\n\
 	min-refresh-time 300;\n\
-	multi-master no;\n\
 	sig-validity-interval 30; /* days */\n\
 	zone-statistics false;\n\
-	max-journal-size unlimited;\n\
-	ixfr-from-differences false;\n\
-};\n\
-"
-
-"#\n\
-#  Zones in the \"_bind\" view are NOT counted is the count of zones.\n\
-#\n\
-view \"_bind\" chaos {\n\
-	recursion no;\n\
-	notify no;\n\
-\n\
-	zone \"version.bind\" chaos {\n\
-		type master;\n\
-		database \"_builtin version\";\n\
-	};\n\
-\n\
-	zone \"hostname.bind\" chaos {\n\
-		type master;\n\
-		database \"_builtin hostname\";\n\
-	};\n\
-\n\
-	zone \"authors.bind\" chaos {\n\
-		type master;\n\
-		database \"_builtin authors\";\n\
-	};\n\
-	zone \"id.server\" chaos {\n\
-		type master;\n\
-		database \"_builtin id\";\n\
-	};\n\
-};\n\
-";
+};";
 
 isc_result_t
 ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
@@ -196,10 +156,10 @@ ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
 }
 
 isc_result_t
-ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) {
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj) {
 	int i;
 
-	for (i = 0;; i++) {
+	for (i = 0; ; i++) {
 		if (maps[i] == NULL)
 			return (ISC_R_NOTFOUND);
 		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
@@ -207,44 +167,9 @@ ns_config_get(cfg_obj_t **maps, const char *name, cfg_obj_t **obj) {
 	}
 }
 
-isc_result_t
-ns_checknames_get(cfg_obj_t **maps, const char *which, cfg_obj_t **obj) {
-	cfg_listelt_t *element;
-	cfg_obj_t *checknames;
-	cfg_obj_t *type;
-	cfg_obj_t *value;
-	int i;
-
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (ISC_R_NOTFOUND);
-		checknames = NULL;
-		if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
-			/*
-			 * Zone map entry is not a list.
-			 */
-			if (checknames != NULL && !cfg_obj_islist(checknames)) {
-				*obj = checknames;
-				return (ISC_R_SUCCESS);
-			}
-			for (element = cfg_list_first(checknames);
-			     element != NULL;
-			     element = cfg_list_next(element)) {
-				value = cfg_listelt_value(element);
-				type = cfg_tuple_get(value, "type");
-				if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
-					*obj = cfg_tuple_get(value, "mode");
-					return (ISC_R_SUCCESS);
-				}
-			}
-
-		}
-	}
-}
-
 int
-ns_config_listcount(cfg_obj_t *list) {
-	cfg_listelt_t *e;
+ns_config_listcount(const cfg_obj_t *list) {
+	const cfg_listelt_t *e;
 	int i = 0;
 
 	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
@@ -254,9 +179,9 @@ ns_config_listcount(cfg_obj_t *list) {
 }
 
 isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		   dns_rdataclass_t *classp) {
-	char *str;
+	const char *str;
 	isc_textregion_t r;
 	isc_result_t result;
 
@@ -265,7 +190,7 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		return (ISC_R_SUCCESS);
 	}
 	str = cfg_obj_asstring(classobj);
-	r.base = str;
+	DE_CONST(str, r.base);
 	r.length = strlen(str);
 	result = dns_rdataclass_fromtext(classp, &r);
 	if (result != ISC_R_SUCCESS)
@@ -274,31 +199,10 @@ ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
 	return (result);
 }
 
-isc_result_t
-ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype,
-		   dns_rdatatype_t *typep) {
-	char *str;
-	isc_textregion_t r;
-	isc_result_t result;
-
-	if (!cfg_obj_isstring(typeobj)) {
-		*typep = deftype;
-		return (ISC_R_SUCCESS);
-	}
-	str = cfg_obj_asstring(typeobj);
-	r.base = str;
-	r.length = strlen(str);
-	result = dns_rdatatype_fromtext(typep, &r);
-	if (result != ISC_R_SUCCESS)
-		cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR,
-			    "unknown type '%s'", str);
-	return (result);
-}
-
 dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
 	dns_zonetype_t ztype = dns_zone_none;
-	char *str;
+	const char *str;
 
 	str = cfg_obj_asstring(zonetypeobj);
 	if (strcasecmp(str, "master") == 0)
@@ -313,20 +217,19 @@ ns_config_getzonetype(cfg_obj_t *zonetypeobj) {
 }
 
 isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
 		    in_port_t defport, isc_mem_t *mctx,
 		    isc_sockaddr_t **addrsp, isc_uint32_t *countp)
 {
 	int count, i = 0;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
-	cfg_listelt_t *element;
+	const cfg_obj_t *addrlist;
+	const cfg_obj_t *portobj;
+	const cfg_listelt_t *element;
 	isc_sockaddr_t *addrs;
 	in_port_t port;
 	isc_result_t result;
 
 	INSIST(addrsp != NULL && *addrsp == NULL);
-	INSIST(countp != NULL);
 
 	addrlist = cfg_tuple_get(list, "addresses");
 	count = ns_config_listcount(addrlist);
@@ -379,197 +282,73 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 	*addrsp = NULL;
 }
 
-static isc_result_t
-get_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) {
-	isc_result_t result;
-	cfg_obj_t *masters = NULL;
-	cfg_listelt_t *elt;
-
-	result = cfg_map_get(cctx, "masters", &masters);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	for (elt = cfg_list_first(masters);
-	     elt != NULL;
-	     elt = cfg_list_next(elt)) {
-		cfg_obj_t *list;
-		const char *listname;
-
-		list = cfg_listelt_value(elt);
-		listname = cfg_obj_asstring(cfg_tuple_get(list, "name"));
-
-		if (strcasecmp(listname, name) == 0) {
-			*ret = list;
-			return (ISC_R_SUCCESS);
-		}
-	}
-	return (ISC_R_NOTFOUND);
-}
-
 isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keysp,
-			  isc_uint32_t *countp)
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+			  dns_name_t ***keysp, isc_uint32_t *countp)
 {
-	isc_uint32_t addrcount = 0, keycount = 0, i = 0;
-	isc_uint32_t listcount = 0, l = 0, j;
-	isc_uint32_t stackcount = 0, pushed = 0;
+	isc_uint32_t count, i = 0;
 	isc_result_t result;
-	cfg_listelt_t *element;
-	cfg_obj_t *addrlist;
-	cfg_obj_t *portobj;
+	const cfg_listelt_t *element;
+	const cfg_obj_t *addrlist;
+	const cfg_obj_t *portobj;
 	in_port_t port;
 	dns_fixedname_t fname;
 	isc_sockaddr_t *addrs = NULL;
 	dns_name_t **keys = NULL;
-	char **lists = NULL;
-	struct {
-		cfg_listelt_t *element;
-		in_port_t port;
-	} *stack = NULL;
 
-	REQUIRE(addrsp != NULL && *addrsp == NULL);
-	REQUIRE(keysp != NULL && *keysp == NULL);
-	REQUIRE(countp != NULL);
+	INSIST(addrsp != NULL && *addrsp == NULL);
 
- newlist:
 	addrlist = cfg_tuple_get(list, "addresses");
+	count = ns_config_listcount(addrlist);
+
 	portobj = cfg_tuple_get(list, "port");
 	if (cfg_obj_isuint32(portobj)) {
 		isc_uint32_t val = cfg_obj_asuint32(portobj);
 		if (val > ISC_UINT16_MAX) {
 			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
 				    "port '%u' out of range", val);
-			return (ISC_R_RANGE);
+			result = ISC_R_RANGE;
+			goto cleanup;
 		}
 		port = (in_port_t) val;
 	} else {
 		result = ns_config_getport(config, &port);
 		if (result != ISC_R_SUCCESS)
-			return (result);
+			goto cleanup;
 	}
 
 	result = ISC_R_NOMEMORY;
 
-	element = cfg_list_first(addrlist);
- resume:
-	for ( ;
+	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
+	if (addrs == NULL)
+		goto cleanup;
+
+	keys = isc_mem_get(mctx, count * sizeof(dns_name_t *));
+	if (keys == NULL)
+		goto cleanup;
+
+	for (element = cfg_list_first(addrlist);
 	     element != NULL;
-	     element = cfg_list_next(element))
+	     element = cfg_list_next(element), i++)
 	{
-		cfg_obj_t *addr;
-		cfg_obj_t *key;
-		char *keystr;
+		const cfg_obj_t *addr;
+		const cfg_obj_t *key;
+		const char *keystr;
 		isc_buffer_t b;
 
-		addr = cfg_tuple_get(cfg_listelt_value(element),
-				     "masterselement");
+		INSIST(i < count);
+
+		addr = cfg_tuple_get(cfg_listelt_value(element), "sockaddr");
 		key = cfg_tuple_get(cfg_listelt_value(element), "key");
 
-		if (!cfg_obj_issockaddr(addr)) {
-			char *listname = cfg_obj_asstring(addr);
-			isc_result_t tresult;
-
-			/* Grow lists? */
-			if (listcount == l) {
-				void * new;
-				isc_uint32_t newlen = listcount + 16;
-				size_t newsize, oldsize;
-
-				newsize = newlen * sizeof(*lists);
-				oldsize = listcount * sizeof(*lists);
-				new = isc_mem_get(mctx, newsize);
-				if (new == NULL)
-					goto cleanup;
-				if (listcount != 0) {
-					memcpy(new, lists, oldsize);
-					isc_mem_put(mctx, lists, oldsize);
-				}
-				lists = new;
-				listcount = newlen;
-			}
-			/* Seen? */
-			for (j = 0; j < l; j++)
-				if (strcasecmp(lists[j], listname) == 0)
-					break;
-			if (j < l)
-				continue;
-			tresult = get_masters_def(config, listname, &list);
-			if (tresult == ISC_R_NOTFOUND) {
-				cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
-                                    "masters \"%s\" not found", listname);
-
-				result = tresult;
-				goto cleanup;
-			}
-			if (tresult != ISC_R_SUCCESS)
-				goto cleanup;
-			lists[l++] = listname;
-			/* Grow stack? */
-			if (stackcount == pushed) {
-				void * new;
-				isc_uint32_t newlen = stackcount + 16;
-				size_t newsize, oldsize;
-
-				newsize = newlen * sizeof(*stack);
-				oldsize = stackcount * sizeof(*stack);
-				new = isc_mem_get(mctx, newsize);
-				if (new == NULL)
-					goto cleanup;
-				if (stackcount != 0) {
-					memcpy(new, stack, oldsize);
-					isc_mem_put(mctx, stack, oldsize);
-				}
-				stack = new;
-				stackcount = newlen;
-			}
-			/*
-			 * We want to resume processing this list on the
-			 * next element.
-			 */
-			stack[pushed].element = cfg_list_next(element);
-			stack[pushed].port = port;
-			pushed++;
-			goto newlist;
-		}
-
-		if (i == addrcount) {
-			void * new;
-			isc_uint32_t newlen = addrcount + 16;
-			size_t newsize, oldsize;
-
-			newsize = newlen * sizeof(isc_sockaddr_t);
-			oldsize = addrcount * sizeof(isc_sockaddr_t);
-			new = isc_mem_get(mctx, newsize);
-			if (new == NULL)
-				goto cleanup;
-			if (addrcount != 0) {
-				memcpy(new, addrs, oldsize);
-				isc_mem_put(mctx, addrs, oldsize);
-			}
-			addrs = new;
-			addrcount = newlen;
-
-			newsize = newlen * sizeof(dns_name_t *);
-			oldsize = keycount * sizeof(dns_name_t *);
-			new = isc_mem_get(mctx, newsize);
-			if (new == NULL)
-				goto cleanup;
-			if (keycount != 0) {
-				memcpy(new, keys, oldsize);
-				isc_mem_put(mctx, keys, oldsize);
-			}
-			keys = new;
-			keycount = newlen;
-		}
-
 		addrs[i] = *cfg_obj_assockaddr(addr);
 		if (isc_sockaddr_getport(&addrs[i]) == 0)
 			isc_sockaddr_setport(&addrs[i], port);
+
 		keys[i] = NULL;
-		if (!cfg_obj_isstring(key)) {
-			i++;
+		if (!cfg_obj_isstring(key))
 			continue;
-		}
 		keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
 		if (keys[i] == NULL)
 			goto cleanup;
@@ -587,75 +366,29 @@ ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
 				      keys[i]);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup;
-		i++;
 	}
-	if (pushed != 0) {
-		pushed--;
-		element = stack[pushed].element;
-		port = stack[pushed].port;
-		goto resume;
-	}
-	if (i < addrcount) {
-		void * new;
-		size_t newsize, oldsize;
-
-		newsize = i * sizeof(isc_sockaddr_t);
-		oldsize = addrcount * sizeof(isc_sockaddr_t);
-		if (i != 0) {
-			new = isc_mem_get(mctx, newsize);
-			if (new == NULL)
-				goto cleanup;
-			memcpy(new, addrs, newsize);
-			isc_mem_put(mctx, addrs, oldsize);
-		} else
-			new = NULL;
-		addrs = new;
-		addrcount = i;
-
-		newsize = i * sizeof(dns_name_t *);
-		oldsize = keycount * sizeof(dns_name_t *);
-		if (i != 0) {
-			new = isc_mem_get(mctx, newsize);
-			if (new == NULL)
-				goto cleanup;
-			memcpy(new, keys,  newsize);
-			isc_mem_put(mctx, keys, oldsize);
-		} else
-			new = NULL;
-		keys = new;
-		keycount = i;
-	}
-
-	if (lists != NULL)
-		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
-	if (stack != NULL)
-		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
-	
-	INSIST(keycount == addrcount);
+	INSIST(i == count);
 
 	*addrsp = addrs;
 	*keysp = keys;
-	*countp = addrcount;
+	*countp = count;
 
 	return (ISC_R_SUCCESS);
 
  cleanup:
 	if (addrs != NULL)
-		isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
+		isc_mem_put(mctx, addrs, count * sizeof(isc_sockaddr_t));
 	if (keys != NULL) {
-		for (j = 0; j <= i; j++) {
+		unsigned int j;
+		for (j = 0 ; j <= i; j++) {
 			if (keys[j] == NULL)
 				continue;
 			if (dns_name_dynamic(keys[j]))
 				dns_name_free(keys[j], mctx);
 			isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
 		}
-		isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
+		isc_mem_put(mctx, keys, count * sizeof(dns_name_t *));
 	}
-	if (lists != NULL)
-		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
-	if (stack != NULL)
-		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
 	return (result);
 }
 
@@ -682,14 +415,14 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 }
 
 isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
-	cfg_obj_t *maps[3];
-	cfg_obj_t *options = NULL;
-	cfg_obj_t *portobj = NULL;
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
+	const cfg_obj_t *maps[3];
+	const cfg_obj_t *options = NULL;
+	const cfg_obj_t *portobj = NULL;
 	isc_result_t result;
 	int i;
 
-	(void)cfg_map_get(config, "options", &options);
+	cfg_map_get(config, "options", &options);
 	i = 0;
 	if (options != NULL)
 		maps[i++] = options;

bin/named/control.c

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001-2003  Internet Software Consortium.
+ * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.7.2.2.2.14 2005/04/29 01:04:47 marka Exp $ */
+/* $Id: control.c,v 1.7.2.6 2005/04/07 02:22:08 marka Exp $ */
 
 #include <config.h>
 
@@ -24,7 +24,6 @@
 #include <isc/app.h>
 #include <isc/event.h>
 #include <isc/mem.h>
-#include <isc/timer.h>
 #include <isc/util.h>
 
 #include <dns/result.h>
@@ -35,7 +34,6 @@
 
 #include <named/control.h>
 #include <named/log.h>
-#include <named/os.h>
 #include <named/server.h>
 #ifdef HAVE_LIBSCF
 #include <named/ns_smf_globals.h>
@@ -62,7 +60,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	char *command;
 	isc_result_t result;
 #ifdef HAVE_LIBSCF
-	ns_smf_want_disable = 0;
+	char *instance = NULL;
 #endif
 
 	data = isccc_alist_lookup(message, "_data");
@@ -90,13 +88,11 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	 * Compare the 'command' parameter against all known control commands.
 	 */
 	if (command_compare(command, NS_COMMAND_RELOAD)) {
-		result = ns_server_reloadcommand(ns_g_server, command, text);
+		result = ns_server_reloadcommand(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_RECONFIG)) {
 		result = ns_server_reconfigcommand(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_REFRESH)) {
-		result = ns_server_refreshcommand(ns_g_server, command, text);
-	} else if (command_compare(command, NS_COMMAND_RETRANSFER)) {
-		result = ns_server_retransfercommand(ns_g_server, command);
+		result = ns_server_refreshcommand(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_HALT)) {
 #ifdef HAVE_LIBSCF
 		/*
@@ -112,8 +108,17 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		 * If we are managed by smf(5) but not in chroot,
 		 * try to disable ourselves the smf way.
 		 */
-		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
-			ns_smf_want_disable = 1;
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0) {
+			result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+			if (result == ISC_R_SUCCESS && instance != NULL) {
+				ns_server_flushonshutdown(ns_g_server,
+					ISC_FALSE);
+				result = ns_smf_disable(instance);
+			}
+			if (instance != NULL)
+				isc_mem_free(ns_g_mctx, instance);
+			return (result);
+		}
 		/*
 		 * If ns_smf_got_instance = 0, ns_smf_chroot
 		 * is not relevant and we fall through to
@@ -121,7 +126,6 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		 */
 #endif
 		ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
-		ns_os_shutdownmsg(command, text);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_STOP)) {
@@ -130,11 +134,19 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 			result = ns_smf_add_message(text);
 			return (result);
 		}
-		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0)
-			ns_smf_want_disable = 1;
+		if (ns_smf_got_instance == 1 && ns_smf_chroot == 0) {
+			result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
+			if (result == ISC_R_SUCCESS && instance != NULL) {
+				ns_server_flushonshutdown(ns_g_server,
+					ISC_TRUE);
+				result = ns_smf_disable(instance);
+			}
+			if (instance != NULL)
+				isc_mem_free(ns_g_mctx, instance);
+			return (result);
+		}
 #endif
 		ns_server_flushonshutdown(ns_g_server, ISC_TRUE);
-		ns_os_shutdownmsg(command, text);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
@@ -142,7 +154,7 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
 		result = ns_server_togglequerylog(ns_g_server);
 	} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
-		ns_server_dumpdb(ns_g_server, command);
+		ns_server_dumpdb(ns_g_server);
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_TRACE)) {
 		result = ns_server_setdebuglevel(ns_g_server, command);
@@ -152,17 +164,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_FLUSH)) {
 		result = ns_server_flushcache(ns_g_server, command);
-	} else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
-		result = ns_server_flushname(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_STATUS)) {
 		result = ns_server_status(ns_g_server, text);
-	} else if (command_compare(command, NS_COMMAND_FREEZE)) {
-		result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
-	} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
-		   command_compare(command, NS_COMMAND_THAW)) {
-		result = ns_server_freeze(ns_g_server, ISC_FALSE, command);
-	} else if (command_compare(command, NS_COMMAND_RECURSING)) {
-		result = ns_server_dumprecursing(ns_g_server);
 	} else if (command_compare(command, NS_COMMAND_NULL)) {
 		result = ISC_R_SUCCESS;
 	} else {

bin/named/controlconf.c

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001-2003  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,26 +15,29 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.28.2.9.2.6 2004/03/08 09:04:14 marka Exp $ */
+/* $Id: controlconf.c,v 1.28.2.15 2006/12/07 04:52:57 marka Exp $ */
 
 #include <config.h>
 
 #include <isc/base64.h>
 #include <isc/buffer.h>
 #include <isc/event.h>
+#include <isc/file.h>
+#include <isc/fsaccess.h>
 #include <isc/mem.h>
 #include <isc/net.h>
 #include <isc/netaddr.h>
+#include <isc/print.h>
 #include <isc/random.h>
 #include <isc/result.h>
+#include <isc/stdio.h>
 #include <isc/stdtime.h>
 #include <isc/string.h>
 #include <isc/timer.h>
 #include <isc/util.h>
 
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
+#include <isccfg/cfg.h>
+#include <isccfg/check.h>
 
 #include <isccc/alist.h>
 #include <isccc/cc.h>
@@ -45,8 +48,11 @@
 #include <isccc/symtab.h>
 #include <isccc/util.h>
 
+#include <dns/keyvalues.h>
 #include <dns/result.h>
 
+#include <dst/dst.h>
+
 #include <named/config.h>
 #include <named/control.h>
 #include <named/log.h>
@@ -356,6 +362,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	{
 		ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
 		ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
+		if (secret.rstart != NULL)
+			isc_mem_put(listener->mctx, secret.rstart,
+				    REGION_SIZE(secret));
 		secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
 		if (secret.rstart == NULL)
 			goto cleanup;
@@ -371,8 +380,6 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 			 */
 			if (request != NULL)
 				isccc_sexpr_free(&request);
-			isc_mem_put(listener->mctx, secret.rstart,
-				    REGION_SIZE(secret));
 		} else {
 			log_invalid(&conn->ccmsg, result);
 			goto cleanup;
@@ -649,10 +656,12 @@ ns_controls_shutdown(ns_controls_t *controls) {
 }
 
 static isc_result_t
-cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
-	cfg_listelt_t *element;
+cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
+	        const cfg_obj_t **objp)
+{
+	const cfg_listelt_t *element;
 	const char *str;
-	cfg_obj_t *obj;
+	const cfg_obj_t *obj;
 
 	for (element = cfg_list_first(keylist);
 	     element != NULL;
@@ -671,14 +680,14 @@ cfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
 }
 
 static isc_result_t
-controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
+controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
 		       controlkeylist_t *keyids)
 {
-	cfg_listelt_t *element;
+	const cfg_listelt_t *element;
 	char *newstr = NULL;
 	const char *str;
-	cfg_obj_t *obj;
-	controlkey_t *key = NULL;
+	const cfg_obj_t *obj;
+	controlkey_t *key;
 
 	for (element = cfg_list_first(keylist);
 	     element != NULL;
@@ -697,7 +706,6 @@ controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
 		key->secret.length = 0;
 		ISC_LINK_INIT(key, link);
 		ISC_LIST_APPEND(*keyids, key, link);
-		key = NULL;
 		newstr = NULL;
 	}
 	return (ISC_R_SUCCESS);
@@ -705,18 +713,16 @@ controlkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
  cleanup:
 	if (newstr != NULL)
 		isc_mem_free(mctx, newstr);
-	if (key != NULL)
-		isc_mem_put(mctx, key, sizeof(*key));
 	free_controlkeylist(keyids, mctx);
 	return (ISC_R_NOMEMORY);
 }
 
 static void
-register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
+register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
 	      controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
 {
 	controlkey_t *keyid, *next;
-	cfg_obj_t *keydef;
+	const cfg_obj_t *keydef;
 	char secret[1024];
 	isc_buffer_t b;
 	isc_result_t result;
@@ -736,10 +742,10 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
 			ISC_LIST_UNLINK(*keyids, keyid, link);
 			free_controlkey(keyid, mctx);
 		} else {
-			cfg_obj_t *algobj = NULL;
-			cfg_obj_t *secretobj = NULL;
-			char *algstr = NULL;
-			char *secretstr = NULL;
+			const cfg_obj_t *algobj = NULL;
+			const cfg_obj_t *secretobj = NULL;
+			const char *algstr = NULL;
+			const char *secretstr = NULL;
 
 			(void)cfg_map_get(keydef, "algorithm", &algobj);
 			(void)cfg_map_get(keydef, "secret", &secretobj);
@@ -805,11 +811,11 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	isc_result_t result;
 	cfg_parser_t *pctx = NULL;
 	cfg_obj_t *config = NULL;
-	cfg_obj_t *key = NULL;
-	cfg_obj_t *algobj = NULL;
-	cfg_obj_t *secretobj = NULL;
-	char *algstr = NULL;
-	char *secretstr = NULL;
+	const cfg_obj_t *key = NULL;
+	const cfg_obj_t *algobj = NULL;
+	const cfg_obj_t *secretobj = NULL;
+	const char *algstr = NULL;
+	const char *secretstr = NULL;
 	controlkey_t *keyid = NULL;
 	char secret[1024];
 	isc_buffer_t b;
@@ -829,7 +835,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	if (keyid->keyname == NULL) 
 		CHECK(ISC_R_NOMEMORY);
 
-	CHECK(bind9_check_key(key, ns_g_lctx));
+	CHECK(cfg_check_key(key, ns_g_lctx));
 
 	(void)cfg_map_get(key, "algorithm", &algobj);
 	(void)cfg_map_get(key, "secret", &secretobj);
@@ -888,12 +894,13 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
  * valid or both are NULL.
  */
 static void
-get_key_info(cfg_obj_t *config, cfg_obj_t *control,
-	     cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp)
+get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
+	     const cfg_obj_t **global_keylistp,
+	     const cfg_obj_t **control_keylistp)
 {
 	isc_result_t result;
-	cfg_obj_t *control_keylist = NULL;
-	cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *global_keylist = NULL;
 
 	REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
 	REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
@@ -912,15 +919,15 @@ get_key_info(cfg_obj_t *config, cfg_obj_t *control,
 }
 
 static void
-update_listener(ns_controls_t *cp,
-		controllistener_t **listenerp, cfg_obj_t *control,
-		cfg_obj_t *config, isc_sockaddr_t *addr,
-		ns_aclconfctx_t *aclconfctx, const char *socktext)
+update_listener(ns_controls_t *cp, controllistener_t **listenerp,
+		const cfg_obj_t *control, const cfg_obj_t *config,
+		isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+		const char *socktext)
 {
 	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *global_keylist = NULL;
-	cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *allow;
+	const cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
 	dns_acl_t *new_acl = NULL;
 	controlkeylist_t keys;
 	isc_result_t result = ISC_R_SUCCESS;
@@ -977,18 +984,25 @@ update_listener(ns_controls_t *cp,
 		result = get_rndckey(listener->mctx, &listener->keys);
 	}
 
-	if (result != ISC_R_SUCCESS && global_keylist != NULL)
+	if (result != ISC_R_SUCCESS && global_keylist != NULL) {
 		/*
 		 * This message might be a little misleading since the
 		 * "new keys" might in fact be identical to the old ones,
 		 * but tracking whether they are identical just for the
 		 * sake of avoiding this message would be too much trouble.
 		 */
-		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
-			    "couldn't install new keys for "
-			    "command channel %s: %s",
-			    socktext, isc_result_totext(result));
-
+		if (control != NULL)
+			cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
+				    "couldn't install new keys for "
+				    "command channel %s: %s",
+				    socktext, isc_result_totext(result));
+		else
+			isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+				      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+				      "couldn't install new keys for "
+				      "command channel %s: %s",
+				      socktext, isc_result_totext(result));
+	}
 
 	/*
 	 * Now, keep the old access list unless a new one can be made.
@@ -1005,26 +1019,33 @@ update_listener(ns_controls_t *cp,
 		dns_acl_detach(&listener->acl);
 		dns_acl_attach(new_acl, &listener->acl);
 		dns_acl_detach(&new_acl);
-	} else
 		/* XXXDCL say the old acl is still used? */
+	} else if (control != NULL)
 		cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
 			    "couldn't install new acl for "
 			    "command channel %s: %s",
 			    socktext, isc_result_totext(result));
+	else
+		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
+			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
+			      "couldn't install new acl for "
+			      "command channel %s: %s",
+			      socktext, isc_result_totext(result));
 
 	*listenerp = listener;
 }
 
 static void
 add_listener(ns_controls_t *cp, controllistener_t **listenerp,
-	     cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr,
-	     ns_aclconfctx_t *aclconfctx, const char *socktext)
+	     const cfg_obj_t *control, const cfg_obj_t *config,
+	     isc_sockaddr_t *addr, ns_aclconfctx_t *aclconfctx,
+	     const char *socktext)
 {
 	isc_mem_t *mctx = cp->server->mctx;
 	controllistener_t *listener;
-	cfg_obj_t *allow;
-	cfg_obj_t *global_keylist = NULL;
-	cfg_obj_t *control_keylist = NULL;
+	const cfg_obj_t *allow;
+	const cfg_obj_t *global_keylist = NULL;
+	const cfg_obj_t *control_keylist = NULL;
 	dns_acl_t *new_acl = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
 
@@ -1135,13 +1156,13 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 }
 
 isc_result_t
-ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
 		      ns_aclconfctx_t *aclconfctx)
 {
 	controllistener_t *listener;
 	controllistenerlist_t new_listeners;
-	cfg_obj_t *controlslist = NULL;
-	cfg_listelt_t *element, *element2;
+	const cfg_obj_t *controlslist = NULL;
+	const cfg_listelt_t *element, *element2;
 	char socktext[ISC_SOCKADDR_FORMATSIZE];
 
 	ISC_LIST_INIT(new_listeners);
@@ -1163,8 +1184,8 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 		for (element = cfg_list_first(controlslist);
 		     element != NULL;
 		     element = cfg_list_next(element)) {
-			cfg_obj_t *controls;
-			cfg_obj_t *inetcontrols = NULL;
+			const cfg_obj_t *controls;
+			const cfg_obj_t *inetcontrols = NULL;
 
 			controls = cfg_listelt_value(element);
 			(void)cfg_map_get(controls, "inet", &inetcontrols);
@@ -1174,9 +1195,9 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 			for (element2 = cfg_list_first(inetcontrols);
 			     element2 != NULL;
 			     element2 = cfg_list_next(element2)) {
-				cfg_obj_t *control;
-				cfg_obj_t *obj;
-				isc_sockaddr_t *addr;
+				const cfg_obj_t *control;
+				const cfg_obj_t *obj;
+				isc_sockaddr_t addr;
 
 				/*
 				 * The parser handles BIND 8 configuration file
@@ -1189,12 +1210,12 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 				control = cfg_listelt_value(element2);
 
 				obj = cfg_tuple_get(control, "address");
-				addr = cfg_obj_assockaddr(obj);
-				if (isc_sockaddr_getport(addr) == 0)
-					isc_sockaddr_setport(addr,
+				addr = *cfg_obj_assockaddr(obj);
+				if (isc_sockaddr_getport(&addr) == 0)
+					isc_sockaddr_setport(&addr,
 							     NS_CONTROL_PORT);
 
-				isc_sockaddr_format(addr, socktext,
+				isc_sockaddr_format(&addr, socktext,
 						    sizeof(socktext));
 
 				isc_log_write(ns_g_lctx,
@@ -1205,7 +1226,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 					      socktext);
 
 				update_listener(cp, &listener, control, config,
-						addr, aclconfctx, socktext);
+						&addr, aclconfctx, socktext);
 
 				if (listener != NULL)
 					/*
@@ -1219,7 +1240,7 @@ ns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
 					 * This is a new listener.
 					 */
 					add_listener(cp, &listener, control,
-						     config, addr, aclconfctx,
+						     config, &addr, aclconfctx,
 						     socktext);
 
 				if (listener != NULL)

bin/named/include/named/aclconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: aclconf.h,v 1.12.208.1 2004/03/06 10:21:23 marka Exp $ */
+/* $Id: aclconf.h,v 1.12.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NS_ACLCONF_H
 #define NS_ACLCONF_H 1
@@ -49,8 +49,8 @@ ns_aclconfctx_destroy(ns_aclconfctx_t *ctx);
  */
 
 isc_result_t
-ns_acl_fromconfig(cfg_obj_t *caml,
-		  cfg_obj_t *cctx,
+ns_acl_fromconfig(const cfg_obj_t *caml,
+		  const cfg_obj_t *cctx,
 		  ns_aclconfctx_t *ctx,
 		  isc_mem_t *mctx,
 		  dns_acl_t **target);

bin/named/include/named/builtin.h

@@ -1,29 +0,0 @@
-/*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: builtin.h,v 1.1.204.3 2004/03/08 04:04:20 marka Exp $ */
-
-#ifndef NAMED_BUILTIN_H
-#define NAMED_BUILTIN_H 1
-
-#include <isc/types.h>
-
-isc_result_t ns_builtin_init(void);
-
-void ns_builtin_deinit(void);
-
-#endif /* NAMED_BUILTIN_H */

bin/named/include/named/client.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
+ * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.60.2.2.10.10 2005/07/29 00:13:08 marka Exp $ */
+/* $Id: client.h,v 1.60.2.4 2004/07/23 02:57:01 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -68,13 +68,10 @@
 #include <isc/stdtime.h>
 #include <isc/quota.h>
 
-#include <dns/fixedname.h>
 #include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/rdatatype.h>
-#include <dns/tcpmsg.h>
 #include <dns/types.h>
-
+#include <dns/tcpmsg.h>
+#include <dns/fixedname.h>
 #include <named/types.h>
 #include <named/query.h>
 
@@ -157,8 +154,6 @@ struct ns_client {
 #define NS_CLIENTATTR_RA		0x02 /* Client gets recusive service */
 #define NS_CLIENTATTR_PKTINFO		0x04 /* pktinfo is valid */
 #define NS_CLIENTATTR_MULTICAST		0x08 /* recv'd from multicast */
-#define NS_CLIENTATTR_WANTDNSSEC	0x10 /* include dnssec records */
-
 
 /***
  *** Functions
@@ -310,34 +305,7 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 	      const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
 
 void
-ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
-	       isc_logmodule_t *module, int level, const char *fmt, va_list ap) ISC_FORMAT_PRINTF(5, 0);
-
-void
-ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
-		 dns_rdataclass_t rdclass, char *buf, size_t len);
-
-#define NS_CLIENT_ACLMSGSIZE(x) \
-	(DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE + \
-	 DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
-
-void
-ns_client_recursing(ns_client_t *client);
-/*%
- * Add client to end of recursing list.  If 'killoldest' is true
- * kill the oldest recursive client (list head). 
- */
-
-void
-ns_client_killoldestquery(ns_client_t *client);
-/*%
- * Kill the oldest recursive query (recursing list head).
- */
-
-void
-ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
-/*
- * Dump the outstanding recursive queries to 'f'.
- */
+ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
+                 char *buf, size_t len);
 
 #endif /* NAMED_CLIENT_H */

bin/named/include/named/config.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001, 2002  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h,v 1.4.12.4 2004/04/20 14:12:10 marka Exp $ */
+/* $Id: config.h,v 1.4.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_CONFIG_H
 #define NAMED_CONFIG_H 1
@@ -29,27 +29,20 @@ isc_result_t
 ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf);
 
 isc_result_t
-ns_config_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
-
-isc_result_t
-ns_checknames_get(cfg_obj_t **maps, const char* name, cfg_obj_t **obj);
+ns_config_get(const cfg_obj_t **maps, const char* name, const cfg_obj_t **obj);
 
 int
-ns_config_listcount(cfg_obj_t *list);
+ns_config_listcount(const cfg_obj_t *list);
 
 isc_result_t
-ns_config_getclass(cfg_obj_t *classobj, dns_rdataclass_t defclass,
+ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
 		   dns_rdataclass_t *classp);
 
-isc_result_t
-ns_config_gettype(cfg_obj_t *typeobj, dns_rdatatype_t deftype,
-		  dns_rdatatype_t *typep);
-
 dns_zonetype_t
-ns_config_getzonetype(cfg_obj_t *zonetypeobj);
+ns_config_getzonetype(const cfg_obj_t *zonetypeobj);
 
 isc_result_t
-ns_config_getiplist(cfg_obj_t *config, cfg_obj_t *list,
+ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
 		    in_port_t defport, isc_mem_t *mctx,
 		    isc_sockaddr_t **addrsp, isc_uint32_t *countp);
 
@@ -58,16 +51,16 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 		    isc_uint32_t count);
 
 isc_result_t
-ns_config_getipandkeylist(cfg_obj_t *config, cfg_obj_t *list, isc_mem_t *mctx,
-			  isc_sockaddr_t **addrsp, dns_name_t ***keys,
-			  isc_uint32_t *countp);
+ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
+			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
+			  dns_name_t ***keys, isc_uint32_t *countp);
 
 void
 ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 			  dns_name_t ***keys, isc_uint32_t count);
 
 isc_result_t
-ns_config_getport(cfg_obj_t *config, in_port_t *portp);
+ns_config_getport(const cfg_obj_t *config, in_port_t *portp);
 
 isc_result_t
 ns_config_getkeyalgorithm(const char *str, dns_name_t **name);

bin/named/include/named/control.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2001-2003  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.h,v 1.6.2.2.2.7 2004/09/03 03:43:32 marka Exp $ */
+/* $Id: control.h,v 1.6.2.5 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_CONTROL_H
 #define NAMED_CONTROL_H 1
@@ -36,19 +36,13 @@
 #define NS_COMMAND_RELOAD	"reload"
 #define NS_COMMAND_RECONFIG	"reconfig"
 #define NS_COMMAND_REFRESH	"refresh"
-#define NS_COMMAND_RETRANSFER	"retransfer"
 #define NS_COMMAND_DUMPSTATS	"stats"
 #define NS_COMMAND_QUERYLOG	"querylog"
 #define NS_COMMAND_DUMPDB	"dumpdb"
 #define NS_COMMAND_TRACE	"trace"
 #define NS_COMMAND_NOTRACE	"notrace"
 #define NS_COMMAND_FLUSH	"flush"
-#define NS_COMMAND_FLUSHNAME	"flushname"
 #define NS_COMMAND_STATUS	"status"
-#define NS_COMMAND_FREEZE	"freeze"
-#define NS_COMMAND_UNFREEZE	"unfreeze"
-#define NS_COMMAND_THAW		"thaw"
-#define NS_COMMAND_RECURSING	"recursing"
 #define NS_COMMAND_NULL		"null"
 
 isc_result_t
@@ -67,7 +61,7 @@ ns_controls_destroy(ns_controls_t **ctrlsp);
  */
 
 isc_result_t
-ns_controls_configure(ns_controls_t *controls, cfg_obj_t *config,
+ns_controls_configure(ns_controls_t *controls, const cfg_obj_t *config,
 		      ns_aclconfctx_t *aclconfctx);
 /*
  * Configure zero or more command channels into 'controls'

bin/named/include/named/globals.h

@@ -1,6 +1,6 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.59.68.5 2004/03/08 04:04:20 marka Exp $ */
+/* $Id: globals.h,v 1.59.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -45,8 +45,6 @@ EXTERN unsigned int		ns_g_cpus		INIT(0);
 EXTERN isc_taskmgr_t *		ns_g_taskmgr		INIT(NULL);
 EXTERN dns_dispatchmgr_t *	ns_g_dispatchmgr	INIT(NULL);
 EXTERN isc_entropy_t *		ns_g_entropy		INIT(NULL);
-EXTERN isc_entropy_t *		ns_g_fallbackentropy	INIT(NULL);
-
 /*
  * XXXRTH  We're going to want multiple timer managers eventually.  One
  *         for really short timers, another for client timers, and one
@@ -75,7 +73,7 @@ EXTERN unsigned int		ns_g_debuglevel		INIT(0);
  * Current configuration information.
  */
 EXTERN cfg_obj_t *		ns_g_config		INIT(NULL);
-EXTERN cfg_obj_t *		ns_g_defaults		INIT(NULL);
+EXTERN const cfg_obj_t *	ns_g_defaults		INIT(NULL);
 EXTERN const char *		ns_g_conffile		INIT(NS_SYSCONFDIR
 							     "/named.conf");
 EXTERN const char *		ns_g_keyfile		INIT(NS_SYSCONFDIR
@@ -86,7 +84,6 @@ EXTERN const char *		lwresd_g_resolvconffile	INIT("/etc"
 							     "/resolv.conf");
 EXTERN isc_boolean_t		ns_g_conffileset	INIT(ISC_FALSE);
 EXTERN isc_boolean_t		lwresd_g_useresolvconf	INIT(ISC_FALSE);
-EXTERN isc_uint16_t		ns_g_udpsize		INIT(4096);
 
 /*
  * Initial resource limits.
@@ -110,8 +107,6 @@ EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
 							    "/run/lwresd.pid");
 EXTERN const char *		ns_g_username		INIT(NULL);
 
-EXTERN int			ns_g_listen		INIT(3);
-
 #undef EXTERN
 #undef INIT
 

bin/named/include/named/interfacemgr.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.h,v 1.23.24.7 2004/04/29 01:31:22 marka Exp $ */
+/* $Id: interfacemgr.h,v 1.23.2.1 2004/03/09 06:09:21 marka Exp $ */
 
 #ifndef NAMED_INTERFACEMGR_H
 #define NAMED_INTERFACEMGR_H 1
@@ -65,8 +65,6 @@
 #define IFACE_MAGIC		ISC_MAGIC('I',':','-',')')
 #define NS_INTERFACE_VALID(t)	ISC_MAGIC_VALID(t, IFACE_MAGIC)
 
-#define NS_INTERFACEFLAG_ANYADDR	0x01U	/* bound to "any" address */
-
 struct ns_interface {
 	unsigned int		magic;		/* Magic number. */
 	ns_interfacemgr_t *	mgr;		/* Interface manager. */
@@ -74,7 +72,6 @@ struct ns_interface {
 	int			references;	/* Locked */
 	unsigned int		generation;     /* Generation number. */
 	isc_sockaddr_t		addr;           /* Address and port. */
-	unsigned int		flags;		/* Interface characteristics */
 	char 			name[32];	/* Null terminated. */
 	dns_dispatch_t *	udpdispatch;	/* UDP dispatcher. */
 	isc_socket_t *		tcpsocket;	/* TCP socket. */
@@ -123,20 +120,6 @@ ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose);
  * in named.conf.
  */
 
-void
-ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list,
-		       isc_boolean_t verbose);
-/*
- * Similar to ns_interfacemgr_scan(), but this function also tries to see the
- * need for an explicit listen-on when a list element in 'list' is going to
- * override an already-listening a wildcard interface.
- *
- * This function does not update localhost and localnets ACLs.
- *
- * This should be called once on server startup, after configuring views and
- * zones.
- */
-
 void
 ns_interfacemgr_setlistenon4(ns_interfacemgr_t *mgr, ns_listenlist_t *value);
 /*
@@ -167,7 +150,4 @@ ns_interface_shutdown(ns_interface_t *ifp);
  * May safely be called multiple times.
  */
 
-void
-ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr);
-
 #endif /* NAMED_INTERFACEMGR_H */

bin/named/include/named/listenlist.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */
+/* $Id: listenlist.h,v 1.10.2.1 2004/03/09 06:09:21 marka Exp $ */
 
 #ifndef NAMED_LISTENLIST_H
 #define NAMED_LISTENLIST_H 1

bin/named/include/named/log.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
+ * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.h,v 1.19.12.3 2004/03/08 04:04:21 marka Exp $ */
+/* $Id: log.h,v 1.19.2.1 2004/03/09 06:09:22 marka Exp $ */
 
 #ifndef NAMED_LOG_H
 #define NAMED_LOG_H 1
@@ -33,7 +33,6 @@
 #define NS_LOGCATEGORY_UPDATE		(&ns_g_categories[3])
 #define NS_LOGCATEGORY_QUERIES		(&ns_g_categories[4])
 #define NS_LOGCATEGORY_UNMATCHED	(&ns_g_categories[5])
-#define NS_LOGCATEGORY_UPDATE_SECURITY	(&ns_g_categories[6])
 
 /*
  * Backwards compatibility.

bin/named/include/named/logconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.10.208.1 2004/03/06 10:21:24 marka Exp $ */
+/* $Id: logconf.h,v 1.10.2.3 2006/03/02 00:37:17 marka Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1
@@ -23,7 +23,7 @@
 #include <isc/log.h>
 
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, cfg_obj_t *logstmt);
+ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt);
 /*
  * Set up the logging configuration in '*logconf' according to
  * the named.conf data in 'logstmt'.

bin/named/include/named/lwaddr.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.h,v 1.3.208.1 2004/03/06 10:21:24 marka Exp $ */
+/* $Id: lwaddr.h,v 1.3.2.1 2004/03/09 06:09:22 marka Exp $ */
 
 #include <lwres/lwres.h>
 #include <lwres/net.h>

bin/named/include/named/lwdclient.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.13.208.1 2004/03/06 10:21:24 marka Exp $ */
+/* $Id: lwdclient.h,v 1.13.2.1 2004/03/09 06:09:22 marka Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1